int32_t env_hook_SHGetSpecialFolderPathA(struct emu_env *env, struct emu_env_hook *hook)
{
struct emu_cpu *c = emu_cpu_get(env->emu);
struct emu_memory *mem = emu_memory_get(env->emu);
uint32_t eip_save;
POP_DWORD(c, &eip_save);
/*
CopyBOOL SHGetSpecialFolderPath(
HWND hwndOwner,
__out LPTSTR lpszPath,
__in int csidl,
__in BOOL fCreate
);
*/
uint32_t hwnd;
POP_DWORD(c, &hwnd);
uint32_t buf;
POP_DWORD(c, &buf);
uint32_t csidl;
POP_DWORD(c, &csidl);
uint32_t fCreate;
POP_DWORD(c, &fCreate);
char buf255[255];
memset(buf255,0,254);
GetSHFolderName(csidl, (char*)&buf255);
emu_memory_write_block(mem,buf,buf255,strlen(buf255));
emu_cpu_reg32_set(c, eax, 0);
if ( env->profile != NULL )
{
emu_profile_function_add(env->profile, "SHGetSpecialFolderPath");
emu_profile_argument_add_int(env->profile, "HWND", "hwndOwner", hwnd);
emu_profile_argument_add_ptr(env->profile, "LPCSTR", "lpszPath", buf);
emu_profile_argument_add_string(env->profile, "", "", buf255);
emu_profile_argument_add_int(env->profile, "int", "csidl", csidl);
emu_profile_argument_add_int(env->profile, "BOOL", "fCreate", fCreate);
emu_profile_function_returnvalue_int_set(env->profile, "BOOL", c->reg[eax]);
}
emu_cpu_eip_set(c, eip_save);
return 0;
}
int32_t env_w32_hook__execv(struct emu_env *env, struct emu_env_hook *hook)
{
logDebug(env->emu, "Hook me Captain Cook!\n");
logDebug(env->emu, "%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);
struct emu_cpu *c = emu_cpu_get(env->emu);
uint32_t eip_save;
POP_DWORD(c, &eip_save);
/*
intptr_t _execv(
const char *cmdname,
const char *const *argv
);
intptr_t _wexecv(
const wchar_t *cmdname,
const wchar_t *const *argv
);
*/
uint32_t p_cmdname;
POP_DWORD(c, &p_cmdname);
struct emu_string *cmdname = emu_string_new();
emu_memory_read_string(c->mem, p_cmdname, cmdname, 512);
uint32_t p_argv;
POP_DWORD(c, &p_argv);
if ( env->profile != NULL )
{
emu_profile_function_add(env->profile, "_execv");
emu_profile_argument_add_ptr(env->profile, "const char *", "cmdname", p_cmdname);
emu_profile_argument_add_string(env->profile, "", "", emu_string_char(cmdname));
emu_profile_argument_add_ptr(env->profile, "const char *const *", "argv", p_argv);
emu_profile_argument_add_none(env->profile);
emu_profile_function_returnvalue_int_set(env->profile, "int ", 0);
}
emu_string_free(cmdname);
emu_cpu_eip_set(c, eip_save);
return 0;
}
int32_t instr_ret_c3(struct emu_cpu *c, struct emu_cpu_instruction *i)
{
/* C3
* Near return to calling procedure
* RET
*/
POP_DWORD(c, &c->eip);
return 0;
}
int32_t __stdcall new_user_hook_LoadLibraryA(struct emu_env_w32 *win, struct emu_env_w32_dll_export *ex)
{
/* LoadLibraryA(LPCTSTR lpFileName); */
struct emu_string *dllstr = emu_string_new();
uint32_t eip_save;
uint32_t dllname_ptr;
POP_DWORD(cpu, &eip_save);
POP_DWORD(cpu, &dllname_ptr);
emu_memory_read_string(mem, dllname_ptr, dllstr, 256);
char *dllname = emu_string_char(dllstr);
printf("%x\tLoadLibraryA(%s) = 0x7800000\t\n", cpu->eip , dllname);
printf("\t--> HOOK RAN OK returns to: %x\n", eip_save);
cpu->reg[eax] = 0x7800000;
emu_string_free(dllstr);
emu_cpu_eip_set(cpu, eip_save);
return 0;
}
int32_t instr_ret_c2(struct emu_cpu *c, struct emu_cpu_instruction *i)
{
/* C2
* Near return to calling procedure and pop imm16 bytes from stack
* iw RET imm16
*/
POP_DWORD(c, &c->eip);
#if BYTE_ORDER == BIG_ENDIAN
uint16_t val;
bcopy(i->imm16, &val, 2);
c->reg[esp] += val;
#else
c->reg[esp] += *i->imm16;
#endif
return 0;
}
int32_t env_w32_hook_fclose(struct emu_env *env, struct emu_env_hook *hook)
{
logDebug(env->emu, "Hook me Captain Cook!\n");
logDebug(env->emu, "%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);
struct emu_cpu *c = emu_cpu_get(env->emu);
uint32_t eip_save;
POP_DWORD(c, &eip_save);
/*
int _fcloseall( void );
int fclose( FILE *stream );
*/
uint32_t p_stream;
MEM_DWORD_READ(c, c->reg[esp], &p_stream);
logDebug(env->emu, "fclose(0x%08x)\n", p_stream);
emu_cpu_reg32_set(c, eax, 0);
if (env->profile != NULL)
{
emu_profile_function_add(env->profile, "fclose");
emu_profile_argument_add_ptr(env->profile, "FILE *", "stream", p_stream);
emu_profile_argument_add_none(env->profile);
emu_profile_function_returnvalue_int_set(env->profile, "int", 0);
}
emu_cpu_eip_set(c, eip_save);
return 0;
}
int32_t env_w32_hook_fwrite(struct emu_env *env, struct emu_env_hook *hook)
{
logDebug(env->emu, "Hook me Captain Cook!\n");
logDebug(env->emu, "%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);
struct emu_cpu *c = emu_cpu_get(env->emu);
uint32_t eip_save;
POP_DWORD(c, &eip_save);
/*
size_t fwrite( const void *buffer, size_t size, size_t count, FILE *stream );
*/
uint32_t p_buffer;
MEM_DWORD_READ(c, c->reg[esp], &p_buffer);
uint32_t size;
MEM_DWORD_READ(c, (c->reg[esp]+4), &size);
uint32_t count;
MEM_DWORD_READ(c, (c->reg[esp]+8), &count);
unsigned char *buffer = malloc(size*count);
emu_memory_read_block(emu_memory_get(env->emu), p_buffer, buffer, size*count);
uint32_t p_stream;
MEM_DWORD_READ(c, c->reg[esp]+12, &p_stream);
uint32_t returnvalue;
if ( hook->hook.win->userhook != NULL )
{
returnvalue = hook->hook.win->userhook(env, hook,
buffer,
size,
count,
p_stream);
}else
{
returnvalue = size*count;
}
logDebug(env->emu, "fwrite(0x%08x, %d, %d, 0x%08x)\n", p_buffer, size, count, p_stream);
emu_cpu_reg32_set(c, eax, returnvalue);
if ( env->profile != NULL )
{
emu_profile_function_add(env->profile, "fwrite");
emu_profile_function_returnvalue_int_set(env->profile, "size_t", returnvalue);
emu_profile_argument_add_ptr(env->profile, "const void *", "buffer", p_buffer);
emu_profile_argument_add_bytea(env->profile, "", "", buffer, size*count);
emu_profile_argument_add_int(env->profile, "size_t", "size", size);
emu_profile_argument_add_int(env->profile, "count_t", "count", count);
emu_profile_argument_add_ptr(env->profile, "FILE *", "stream", p_stream);
emu_profile_argument_add_none(env->profile);
}
free(buffer);
emu_cpu_eip_set(c, eip_save);
return 0;
}
int32_t env_w32_hook_fopen(struct emu_env *env, struct emu_env_hook *hook)
{
logDebug(env->emu, "Hook me Captain Cook!\n");
logDebug(env->emu, "%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);
struct emu_cpu *c = emu_cpu_get(env->emu);
uint32_t eip_save;
POP_DWORD(c, &eip_save);
/*
FILE *fopen( const char *filename, const char *mode );
FILE *_wfopen( const wchar_t *filename, const wchar_t *mode );
*/
uint32_t p_filename;
MEM_DWORD_READ(c, c->reg[esp], &p_filename);
struct emu_string *filename = emu_string_new();
emu_memory_read_string(c->mem, p_filename, filename, 512);
uint32_t p_mode;
MEM_DWORD_READ(c, c->reg[esp]+4, &p_mode);
struct emu_string *mode = emu_string_new();
emu_memory_read_string(c->mem, p_mode, mode, 512);
// printf("fopen(%s, %s)\n", emu_string_char(filename), (char *)mode->data);
uint32_t returnvalue;
if ( hook->hook.win->userhook != NULL )
{
returnvalue = hook->hook.win->userhook(env, hook,
emu_string_char(filename),
emu_string_char(mode));
}else
{
returnvalue = 0x89898989;
}
emu_cpu_reg32_set(c, eax, returnvalue);
if (env->profile != NULL)
{
emu_profile_function_add(env->profile, "fopen");
emu_profile_argument_add_ptr(env->profile, "const char *", "filename", p_filename);
emu_profile_argument_add_string(env->profile, "", "", emu_string_char(filename));
emu_profile_argument_add_ptr(env->profile, "const char *", "mode", p_mode);
emu_profile_argument_add_string(env->profile, "", "", emu_string_char(mode));
emu_profile_function_returnvalue_ptr_set(env->profile, "FILE *", returnvalue);
emu_profile_argument_add_none(env->profile);
}
emu_string_free(filename);
emu_string_free(mode);
emu_cpu_eip_set(c, eip_save);
return 0;
}
