int command(
char *nBI,
char *command,
char *message,
int size)
{
mxml_node_t *xDoc;
mxml_node_t *messageNode;
mxml_node_t *innerNode[2];
xDoc = mxmlNewXML("1.0");
messageNode = mxmlNewElement(xDoc, "message");
innerNode[0] = mxmlNewElement(messageNode, "type");
mxmlNewText(innerNode[0], 0, "Command");
innerNode[1] = mxmlNewElement(messageNode, "Command");
mxmlNewText(innerNode[1], 0, command);
mxmlSaveString (xDoc, message, size, MXML_NO_CALLBACK);
mxmlDelete(xDoc);
return 0;
}
int logInMessage(
char *nBI,
char *name,
char *hostName,
char *message,
int size)
{
mxml_node_t *xDoc;
mxml_node_t *messageNode;
mxml_node_t *innerNode[4];
xDoc = mxmlNewXML("1.0");
messageNode = mxmlNewElement(xDoc, "message");
innerNode[0] = mxmlNewElement(messageNode, "type");
mxmlNewText(innerNode[0], 0, "Login");
innerNode[1] = mxmlNewElement(messageNode, "nBI");
mxmlNewText(innerNode[1], 0, nBi);
innerNode[2] = mxmlNewElement(messageNode, "name");
mxmlNewText(innerNode[2], 0, name);
innerNode[3] = mxmlNewElement(messageNode, "hostName");
mxmlNewText(innerNode[3], 0, hostName);
mxmlSaveString (xDoc, message, size, MXML_NO_CALLBACK);
mxmlDelete(xDoc);
return 0;
}
void HwmonDriver::writeEvents(mxml_node_t *root) const {
root = mxmlNewElement(root, "category");
mxmlElementSetAttr(root, "name", "hwmon");
char buf[1024];
for (HwmonCounter *counter = static_cast<HwmonCounter *>(getCounters()); counter != NULL; counter = static_cast<HwmonCounter *>(counter->getNext())) {
mxml_node_t *node = mxmlNewElement(root, "event");
mxmlElementSetAttr(node, "counter", counter->getName());
mxmlElementSetAttr(node, "title", counter->getTitle());
if (counter->isDuplicate()) {
mxmlElementSetAttrf(node, "name", "%s (0x%x)", counter->getLabel(), counter->getKey());
} else {
mxmlElementSetAttr(node, "name", counter->getLabel());
}
mxmlElementSetAttr(node, "display", counter->getDisplay());
mxmlElementSetAttr(node, "class", counter->getCounterClass());
mxmlElementSetAttr(node, "units", counter->getUnit());
if (counter->getModifier() != 1) {
mxmlElementSetAttrf(node, "modifier", "%d", counter->getModifier());
}
if (strcmp(counter->getDisplay(), "average") == 0 || strcmp(counter->getDisplay(), "maximum") == 0) {
mxmlElementSetAttr(node, "average_selection", "yes");
}
snprintf(buf, sizeof(buf), "libsensors %s sensor %s (%s)", counter->getTitle(), counter->getLabel(), counter->getName());
mxmlElementSetAttr(node, "description", buf);
}
}
void StreamlineSetup::sendCounters() {
mxml_node_t *xml;
mxml_node_t *counters;
xml = mxmlNewXML("1.0");
counters = mxmlNewElement(xml, "counters");
int count = 0;
for (Driver *driver = Driver::getHead(); driver != NULL; driver = driver->getNext()) {
count += driver->writeCounters(counters);
}
mxml_node_t *setup = mxmlNewElement(counters, "setup_warnings");
mxmlNewText(setup, 0, logg.getSetup());
if (count == 0) {
logg.logError("No counters found, this could be because /dev/gator/events can not be read or because perf is not working correctly");
handleException();
}
char* string = mxmlSaveAllocString(xml, mxmlWhitespaceCB);
sendString(string, RESPONSE_XML);
free(string);
mxmlDelete(xml);
}
int
WSAAPI
Hookedlisten(
SOCKET s,
int backlog
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "5");
// listen
XmlLogNode = mxmlNewElement( XmlIDLogNode, "listen_desc");
mxmlNewText( XmlLogNode, 0, "Shellcode attemp to listen on a port (possibly on previously bind address).");
// save
SaveXml( XmlLog );
}
return (listen_( s,backlog ));
}
int
WSAAPI
Hookedlisten(
SOCKET s,
int backlog
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlIDLogNode;
PXMLNODE XmlLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_LISTEN);
// listen
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
XmlLogNode = mxmlNewElement( XmlIDLogNode, "listen_desc");
mxmlNewText( XmlLogNode, 0, "Shellcode attemp to listen on a port (possibly on previously bind address).");
// save
SaveXml( XmlLog );
}
return (listen_( s,backlog ));
}
int
WSAAPI
Hookedbind(
SOCKET s,
const struct sockaddr *name,
int namelen
)
{
if ( DbgGetShellcodeFlag() == MCEDP_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlLogNode;
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)name;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
XmlLogNode = mxmlNewElement( XmlIDLogNode, "type");
mxmlNewText( XmlLogNode, 0, "6");
// bind
XmlLogNode = mxmlNewElement( XmlIDLogNode, "bind_ip");
mxmlNewText( XmlLogNode, 0, inet_ntoa(sdata->sin_addr));
XmlLogNode = mxmlNewElement( XmlIDLogNode, "bind_port");
mxmlNewText( XmlLogNode, 0, itoa(htons(sdata->sin_port),szPort, 10));
// save
SaveXml( XmlLog );
}
return (bind_(s, name, namelen));
}
XMLwrapper::XMLwrapper(){
ZERO(&parentstack,(int)sizeof(parentstack));
ZERO(&values,(int)sizeof(values));
minimal=true;
stackpos=0;
tree=mxmlNewElement(MXML_NO_PARENT,"?xml version=\"1.0\" encoding=\"UTF-8\"?");
/* for mxml 2.1 (and older)
tree=mxmlNewElement(MXML_NO_PARENT,"?xml");
mxmlElementSetAttr(tree,"version","1.0");
mxmlElementSetAttr(tree,"encoding","UTF-8");
*/
mxml_node_t *doctype=mxmlNewElement(tree,"!DOCTYPE");
mxmlElementSetAttr(doctype,"paulstretch-data",NULL);
node=root=mxmlNewElement(tree,"paulstretch-data");
mxmlElementSetAttr(root,"version-major","1");
mxmlElementSetAttr(root,"version-minor","0");
mxmlElementSetAttr(root,"paulstretch-author","Nasca Octavian Paul");
//make the empty branch that will contain the information parameters
info=addparams0("INFORMATION");
//save specifications
beginbranch("BASE_PARAMETERS");
endbranch();
};
/**
* Dumps all objects in an area into the xml node.
* @param area The refrence to the area.
* @param area_node The pointer to the xml node.
*/
void FileProcessor::saveArea_Objects(mxml_node_t* area_node, Area& area) {
for(ChildrenIterator iter = area.getChildBegin(); iter < area.getChildEnd(); iter++) {
Tagged* tagged = dynamic_cast<Tagged*>(*iter);
if(!tagged || tagged->isTempory()) {
continue;
}
Object* object = dynamic_cast<Object*>(tagged);
if(!object) {
continue;
}
Creature* creature = dynamic_cast<Creature*>(tagged);
RigidBody* rigid_body = dynamic_cast<RigidBody*>(tagged);
mxml_node_t *obj_node;
if(creature) {
obj_node = mxmlNewElement(area_node, "creature");
} else if (rigid_body) {
obj_node = mxmlNewElement(area_node, "rigidbody");
} else {
obj_node = mxmlNewElement(area_node, "object");
}
saveArea_Object(obj_node, object);
}
}
/**
* Dumps all tile in an area into the xml node.
* @param area The refrence to the area.
* @param area_node The pointer to the xml node.
*/
void FileProcessor::saveArea_Tiles(mxml_node_t* area_node, Area& area) {
mxml_node_t *tiles_node = mxmlNewElement(area_node, "tiles");
for(int y = 0; y < area.getHeight(); y++) {
for(int x = 0; x < area.getWidth(); x++) {
Tile* tile = area.getTile(x, y);
if(!tile) {
continue;
}
mxml_node_t *tile_node = mxmlNewElement(tiles_node, "tile");
mxmlElementSetAttrf(tile_node, "x", "%d", x);
mxmlElementSetAttrf(tile_node, "y", "%d", y);
const char* solid = "false";
if(area.getSolid(x, y)) {
solid = "true";
}
mxmlElementSetAttr(tile_node, "solid", solid);
const char* filename = tile->getFilename().c_str();
mxmlElementSetAttr(tile_node, "filename", filename);
mxmlElementSetAttrf(tile_node, "rotation", "%f", tile->getRotation());
}
}
}
int fmll_svm_net_save(const fmll_svm_net * svm_net, const char * fname_prefix)
{
int ret = 0;
const unsigned num = svm_net->num;
unsigned u;
char node_name[4096];
const fmll_svm ** svm = (const fmll_svm **) svm_net->svm;
mxml_node_t * sub_node, * node, * content_node, * main_node = NULL;
fmll_try;
fmll_throw_if(xml_create(TYPE_SVM_NET, & main_node, & content_node));
fmll_throw_if(xml_set_int(content_node, "num", num));
fmll_throw_null(node = mxmlNewElement(content_node, "SVM"));
for(u = 0; u < num; u++)
{
sprintf(node_name, "svm_%u", u);
fmll_throw_null(sub_node = mxmlNewElement(node, node_name));
fmll_throw_if(fmll_svm_save_main(svm[u], sub_node));
}
fmll_throw_if(xml_save(fname_prefix, main_node));
fmll_catch;
ret = -1;
fmll_finally;
xml_destroy(main_node);
return ret;
}
mxml_node_t* CapturedXML::getTree(bool includeTime) {
mxml_node_t *xml;
mxml_node_t *captured;
mxml_node_t *target;
int x;
xml = mxmlNewXML("1.0");
captured = mxmlNewElement(xml, "captured");
mxmlElementSetAttr(captured, "version", "1");
if (gSessionData->perf.isSetup()) {
mxmlElementSetAttr(captured, "type", "Perf");
}
mxmlElementSetAttrf(captured, "protocol", "%d", PROTOCOL_VERSION);
if (includeTime) { // Send the following only after the capture is complete
if (time(NULL) > 1267000000) { // If the time is reasonable (after Feb 23, 2010)
mxmlElementSetAttrf(captured, "created", "%lu", time(NULL)); // Valid until the year 2038
}
}
target = mxmlNewElement(captured, "target");
mxmlElementSetAttr(target, "name", gSessionData->mCoreName);
mxmlElementSetAttrf(target, "sample_rate", "%d", gSessionData->mSampleRate);
mxmlElementSetAttrf(target, "cores", "%d", gSessionData->mCores);
mxmlElementSetAttrf(target, "cpuid", "0x%x", gSessionData->mMaxCpuId);
if (!gSessionData->mOneShot && (gSessionData->mSampleRate > 0)) {
mxmlElementSetAttr(target, "supports_live", "yes");
}
if (gSessionData->mLocalCapture) {
mxmlElementSetAttr(target, "local_capture", "yes");
}
mxml_node_t *counters = NULL;
for (x = 0; x < MAX_PERFORMANCE_COUNTERS; x++) {
const Counter & counter = gSessionData->mCounters[x];
if (counter.isEnabled()) {
if (counters == NULL) {
counters = mxmlNewElement(captured, "counters");
}
mxml_node_t *const node = mxmlNewElement(counters, "counter");
mxmlElementSetAttrf(node, "key", "0x%x", counter.getKey());
mxmlElementSetAttr(node, "type", counter.getType());
if (counter.getEvent() != -1) {
mxmlElementSetAttrf(node, "event", "0x%x", counter.getEvent());
}
if (counter.getCount() > 0) {
mxmlElementSetAttrf(node, "count", "%d", counter.getCount());
}
if (counter.getCores() > 0) {
mxmlElementSetAttrf(node, "cores", "%d", counter.getCores());
}
}
}
return xml;
}
mxml_node_t *xpath_create(mxml_node_t *tree, const char *xpath, int num)
{
const char *delim = "/";
char *str, *saveptr, *token = NULL;
int j, level;
char haystack[256];
mxml_node_t *papa = tree;
mxml_node_t *node = NULL;
snprintf(haystack, sizeof(haystack), "%s", xpath);
for (level = 0, str = haystack; ; level++, str = NULL) {
token = strtok_r(str, delim, &saveptr);
if (token == NULL) {
break;
}
}
// printf("level is %d\n", level);
snprintf(haystack, sizeof(haystack), "%s", xpath);
for (j = 1, str = haystack; ; j++, str = NULL) {
token = strtok_r(str, delim, &saveptr);
if (token == NULL) {
break;
}
node = mxmlFindElement(papa, tree, token, NULL, NULL, MXML_DESCEND_FIRST);
if (node == NULL) {
// printf("crate %s\n", token);
papa = mxmlNewElement (papa, token);
continue;
}
if (num != 1 && j == (level-1)) {
int i;
for (i = 1; i < num; i++) {
node = mxmlFindElement(node, tree, token, NULL, NULL, MXML_NO_DESCEND);
if (node == NULL) {
break;
}
}
}
if (node == NULL) {
papa = mxmlNewElement (papa, token);
} else {
papa = node;
}
// printf("%d: %s\n", j, token);
}
if (NULL == node) {
return papa;
} else {
return NULL;
}
}
/**
* Extracts the service XML description given its internal structure
*
* @param _service_to_extract The Service that we want to extract
*
* @return The XML description of the service or NULL if failed
*/
char *
extract_service_xml(Service *_service_to_extract)
{
if(service_is_in_xml_file (_service_to_extract) == HPD_NO)
return NULL;
mxml_node_t *xml;
xml = mxmlNewXML("1.0");
mxml_node_t *new_service;
mxml_node_t *new_device;
mxml_node_t *new_parameter;
new_service = mxmlNewElement(xml, "service");
if(_service_to_extract->description != NULL) mxmlElementSetAttr(new_service, "desc", _service_to_extract->description);
if(_service_to_extract->ID != NULL) mxmlElementSetAttr(new_service, "id", _service_to_extract->ID);
mxmlElementSetAttr(new_service, "isActuator", _service_to_extract->isActuator ? "1" : "0");
if(_service_to_extract->value_url != NULL) mxmlElementSetAttr(new_service, "value_url", _service_to_extract->value_url);
if(_service_to_extract->type != NULL) mxmlElementSetAttr(new_service, "type", _service_to_extract->type);
if(_service_to_extract->unit != NULL) mxmlElementSetAttr(new_service, "unit", _service_to_extract->unit);
new_device = mxmlNewElement(new_service, "device");
if(_service_to_extract->device->description != NULL) mxmlElementSetAttr(new_device, "desc", _service_to_extract->device->description);
if(_service_to_extract->device->ID != NULL) mxmlElementSetAttr(new_device, "id", _service_to_extract->device->ID);
if(_service_to_extract->device->vendorID != NULL) mxmlElementSetAttr(new_device, "vendorid", _service_to_extract->device->vendorID);
if(_service_to_extract->device->productID != NULL) mxmlElementSetAttr(new_device, "productid", _service_to_extract->device->productID);
if(_service_to_extract->device->version != NULL) mxmlElementSetAttr(new_device, "version", _service_to_extract->device->version);
if(_service_to_extract->device->IP != NULL) mxmlElementSetAttr(new_device, "ip", _service_to_extract->device->IP);
if(_service_to_extract->device->port != NULL) mxmlElementSetAttr(new_device, "port", _service_to_extract->device->port);
if(_service_to_extract->device->location != NULL) mxmlElementSetAttr(new_device, "location", _service_to_extract->device->location);
if(_service_to_extract->device->type != NULL) mxmlElementSetAttr(new_device, "type", _service_to_extract->device->type);
Parameter *iterator = _service_to_extract->parameter;
if(iterator != NULL)
{
new_parameter = mxmlNewElement(new_service, "parameter");
if(iterator->ID != NULL) mxmlElementSetAttr(new_parameter, "id", iterator->ID);
if(iterator->max != NULL) mxmlElementSetAttr(new_parameter, "max", iterator->max);
if(iterator->min != NULL) mxmlElementSetAttr(new_parameter, "min", iterator->min);
if(iterator->scale != NULL) mxmlElementSetAttr(new_parameter, "scale", iterator->scale);
if(iterator->step != NULL) mxmlElementSetAttr(new_parameter, "step", iterator->step);
if(iterator->type != NULL) mxmlElementSetAttr(new_parameter, "type", iterator->type);
if(iterator->unit != NULL) mxmlElementSetAttr(new_parameter, "unit", iterator->unit);
if(iterator->values != NULL) mxmlElementSetAttr(new_parameter, "values", iterator->values);
}
char* return_string = mxmlSaveAllocString(xml, MXML_NO_CALLBACK);
mxmlDelete(xml);
return return_string;
}
void WaterTank_initXML(mxml_node_t* node, WaterTank* me, char* instancename)
{
// Add to tree
mxmlAdd(node, MXML_ADD_AFTER, NULL, me->_simdata);
// Add constanty things
mxmlElementSetAttrf(me->_simdata, "Name", "%s", instancename);
mxmlElementSetAttr(me->_simdata, "Type", "WaterTank");
me->_simevents = mxmlNewElement(me->_simdata,"Events");
me->_simvars = mxmlNewElement(me->_simdata,"Vars");
me->_simstates = mxmlNewElement(me->_simdata,"ECStates");
me->_simstate = mxmlNewElement(me->_simstates,"ECState");
me->_simtransitions = mxmlNewElement(me->_simdata,"ECTransitions");
}
int fmll_som_save(const fmll_som * som, const char * fname_prefix)
{
int ret = 0;
const unsigned num = som->num, map_dim = som->map_dim, dim = som->dim, * N = som->N;
const double ** w = (const double **) som->w;
char node_name[4096];
unsigned u, v;
mxml_node_t * sub_node, * node, * content_node, * main_node = NULL;
fmll_try;
fmll_throw_if(xml_create(TYPE_SOM, & main_node, & content_node));
fmll_throw_if(xml_set_int(content_node, "map_dim", map_dim));
fmll_throw_if(xml_set_int(content_node, "dim", dim));
fmll_throw_null(node = mxmlNewElement(content_node, "N"));
for(u = 0; u < map_dim; u++)
{
sprintf(node_name, "N_%u", u);
fmll_throw_if(xml_set_int(node, node_name, N[u]));
}
fmll_throw_null(node = mxmlNewElement(content_node, "W"));
for(u = 0; u < num; u++)
{
sprintf(node_name, "w_%u", u);
fmll_throw_null(sub_node = mxmlNewElement(node, node_name));
for(v = 0; v < dim; v++)
{
sprintf(node_name, "%u", v);
fmll_throw_if(xml_set_double(sub_node, node_name, w[u][v]));
}
}
fmll_throw_if(xml_save(fname_prefix, main_node));
fmll_catch;
ret = -1;
fmll_finally;
xml_destroy(main_node);
return ret;
}
static void createXMLController(unsigned int controller[], const char * name, const char * description)
{
item = mxmlNewElement(section, "controller");
mxmlElementSetAttr(item, "name", name);
mxmlElementSetAttr(item, "description", description);
// create buttons
for(int i=0; i < MAXJP; i++)
{
elem = mxmlNewElement(item, "button");
mxmlElementSetAttr(elem, "number", toStr(i));
mxmlElementSetAttr(elem, "assignment", toStr(controller[i]));
}
}
const char* set_keyvalue(const char* xmlstr, const char* catelog_name, const char* key_name, const char* value)
{
if ((!catelog_name) || (!key_name) || (!value))
{
DbgPrint("get_keyvalue input parameter error");
return (NULL);
}
mxml_node_t *xml;
if (xmlstr == NULL)
{
xml = mxmlNewXML("1.0");
}
else
{
xml = mxmlLoadString(NULL, xmlstr, MXML_TEXT_CALLBACK);
}
if (xml == NULL)
{
DbgPrint("xml load err: %s", xmlstr);
return (NULL);
}
mxml_node_t *catelog = mxmlFindElement(xml, xml, catelog_name, NULL, NULL, MXML_DESCEND);
if (catelog == NULL)
{
catelog = mxmlNewElement(xml, catelog_name);
}
mxml_node_t *node = mxmlFindElement(catelog,catelog,key_name,NULL,NULL,MXML_DESCEND);
if (node)
{
mxmlSetText(node, 0, value);
}
else
{
node = mxmlNewElement(catelog, key_name);
mxmlNewText(node, 0, value);
}
mxmlSetWrapMargin(2);
char* system_xmlstr = strdup_tls(mxmlSaveAllocString(xml, MXML_TEXT_CALLBACK));
mxmlDelete(xml);
return (system_xmlstr);
}
NTSTATUS
WINAPI
HookedNtSetInformationProcess(
HANDLE ProcessHandle,
ULONG ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength
)
{
if (ProcessInformationClass == ProcessExecuteFlags){
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "NtSetInformationProcess");
mxmlElementSetAttrf(XmlIDLogNode, "value", "0x%p", (*(ULONG_PTR *)ProcessInformation));
SaveXml( XmlLog );
if (PWNYPOT_REGCONFIG.GENERAL.ALLOW_MALWARE_EXEC)
{
DEBUG_PRINTF(LSHL, NULL, "HookedNtSetInformationProcess is called with ProcessExecuteFlags value: %p.\n", (*(ULONG_PTR *)ProcessInformation) );
return NtSetInformationProcess_(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength);
}
else
{
if (((*(ULONG_PTR *)ProcessInformation) & MEM_EXECUTE_OPTION_ENABLE) == 0x2 )
{
DEBUG_PRINTF(LSHL, NULL, "Stopping Process because it was trying to disable DEP.\n");
TerminateProcess(GetCurrentProcess(), STATUS_ACCESS_VIOLATION);
}
}
}
return 0;
}
/**
* Adds a specific device to the XML document
*
* @param device_to_add The device to add
*
* @return returns HPD_E_SUCCESS if successful and HPD_E_DEVICE_ALREADY_IN_XML or HPD_E_XML_ERROR if failed
*/
int
add_device_to_xml(Device *device_to_add)
{
if(device_is_in_xml_file (device_to_add) == HPD_YES)
return HPD_E_DEVICE_ALREADY_IN_XML;
mxml_node_t *devicelist;
mxml_node_t *new_device;
devicelist = mxmlFindElement(service_xml_file->xml_tree, service_xml_file->xml_tree, "devicelist", NULL, NULL, MXML_DESCEND);
if(devicelist == NULL)
{
printf("No \"devicelist\" in the XML file\n");
return HPD_E_XML_ERROR;
}
new_device = mxmlNewElement(devicelist, "device");
if(device_to_add->description != NULL) mxmlElementSetAttr(new_device, "desc", device_to_add->description);
if(device_to_add->ID != NULL) mxmlElementSetAttr(new_device, "id", device_to_add->ID);
if(device_to_add->vendorID != NULL) mxmlElementSetAttr(new_device, "vendorid", device_to_add->vendorID);
if(device_to_add->productID != NULL) mxmlElementSetAttr(new_device, "productid", device_to_add->productID);
if(device_to_add->version != NULL) mxmlElementSetAttr(new_device, "version", device_to_add->version);
if(device_to_add->IP != NULL) mxmlElementSetAttr(new_device, "ip", device_to_add->IP);
if(device_to_add->port != NULL) mxmlElementSetAttr(new_device, "port", device_to_add->port);
if(device_to_add->location != NULL) mxmlElementSetAttr(new_device, "location", device_to_add->location);
if(device_to_add->type != NULL) mxmlElementSetAttr(new_device, "type", device_to_add->type);
save_xml_tree ();
return HPD_E_SUCCESS;
}
mxml_node_t *PhpCreateSettingElement(
_Inout_ mxml_node_t *ParentNode,
_In_ PPH_STRINGREF SettingName,
_In_ PPH_STRINGREF SettingValue
)
{
mxml_node_t *settingNode;
mxml_node_t *textNode;
PPH_BYTES settingNameUtf8;
PPH_BYTES settingValueUtf8;
// Create the setting element.
settingNode = mxmlNewElement(ParentNode, "setting");
settingNameUtf8 = PhConvertUtf16ToUtf8Ex(SettingName->Buffer, SettingName->Length);
mxmlElementSetAttr(settingNode, "name", settingNameUtf8->Buffer);
PhDereferenceObject(settingNameUtf8);
// Set the value.
settingValueUtf8 = PhConvertUtf16ToUtf8Ex(SettingValue->Buffer, SettingValue->Length);
textNode = mxmlNewOpaque(settingNode, settingValueUtf8->Buffer);
PhDereferenceObject(settingValueUtf8);
return settingNode;
}
mxml_node_t *CreateObjectElement(
_Inout_ mxml_node_t *ParentNode,
_In_ PPH_STRINGREF Tag,
_In_ PPH_STRINGREF Name,
_In_ PPH_STRINGREF PriorityClass,
_In_ PPH_STRINGREF IoPriorityPlusOne,
_In_ PPH_STRINGREF Comment,
_In_ PPH_STRINGREF BackColor,
_In_ PPH_STRINGREF Collapse,
_In_ PPH_STRINGREF AffinityMask
)
{
mxml_node_t *objectNode;
mxml_node_t *textNode;
// Create the setting element.
objectNode = mxmlNewElement(ParentNode, "object");
// Set the attributes.
mxmlElementSetAttr(objectNode, "tag", StringRefToUtf8(Tag)->Buffer);
mxmlElementSetAttr(objectNode, "name", StringRefToUtf8(Name)->Buffer);
mxmlElementSetAttr(objectNode, "priorityclass", StringRefToUtf8(PriorityClass)->Buffer);
mxmlElementSetAttr(objectNode, "iopriorityplusone", StringRefToUtf8(IoPriorityPlusOne)->Buffer);
mxmlElementSetAttr(objectNode, "backcolor", StringRefToUtf8(BackColor)->Buffer);
mxmlElementSetAttr(objectNode, "collapse", StringRefToUtf8(Collapse)->Buffer);
mxmlElementSetAttr(objectNode, "affinity", StringRefToUtf8(AffinityMask)->Buffer);
// Set the value.
textNode = mxmlNewOpaque(objectNode, StringRefToUtf8(Comment)->Buffer);
return objectNode;
}
static void createXMLSetting(const char * name, const char * description, const char * value)
{
item = mxmlNewElement(section, "setting");
mxmlElementSetAttr(item, "name", name);
mxmlElementSetAttr(item, "value", value);
mxmlElementSetAttr(item, "description", description);
}
/**
* Extracts the device XML description given its internal structure
*
* @param device_to_extract The Device that we want to extract
*
* @return The XML description of the device or NULL if failed
*/
char *
extract_device_xml(Device *device_to_extract)
{
if(device_is_in_xml_file (device_to_extract) == HPD_NO)
return NULL;
mxml_node_t *xml;
xml = mxmlNewXML("1.0");
mxml_node_t *new_device;
new_device = mxmlNewElement(xml, "device");
if(device_to_extract->description != NULL) mxmlElementSetAttr(new_device, "desc", device_to_extract->description);
if(device_to_extract->ID != NULL) mxmlElementSetAttr(new_device, "id", device_to_extract->ID);
if(device_to_extract->vendorID != NULL) mxmlElementSetAttr(new_device, "vendorID", device_to_extract->vendorID);
if(device_to_extract->productID != NULL) mxmlElementSetAttr(new_device, "productID", device_to_extract->productID);
if(device_to_extract->version != NULL) mxmlElementSetAttr(new_device, "version", device_to_extract->version);
if(device_to_extract->IP != NULL) mxmlElementSetAttr(new_device, "ip", device_to_extract->IP);
if(device_to_extract->port != NULL) mxmlElementSetAttr(new_device, "port", device_to_extract->port);
if(device_to_extract->location != NULL) mxmlElementSetAttr(new_device, "location", device_to_extract->location);
if(device_to_extract->type != NULL) mxmlElementSetAttr(new_device, "type", device_to_extract->type);
char* return_string = mxmlSaveAllocString(xml, MXML_NO_CALLBACK);
mxmlDelete(xml);
return return_string;
}
static void createXMLPalette(gamePalette *p, bool overwrite, const char *newname = NULL)
{
if (!newname)
newname = p->gameName;
section = mxmlFindElement(xml, xml, "game", "name", newname, MXML_DESCEND);
if (section && !overwrite)
{
return;
}
else if (!section)
{
section = mxmlNewElement(data, "game");
}
mxmlElementSetAttr(section, "name", newname);
mxmlElementSetAttr(section, "use", "1");
item = mxmlFindNewElement(section, "bkgr");
mxmlElementSetAttr(item, "c0", toHex(p->palette[0]));
mxmlElementSetAttr(item, "c1", toHex(p->palette[1]));
mxmlElementSetAttr(item, "c2", toHex(p->palette[2]));
mxmlElementSetAttr(item, "c3", toHex(p->palette[3]));
item = mxmlFindNewElement(section, "wind");
mxmlElementSetAttr(item, "c0", toHex(p->palette[4]));
mxmlElementSetAttr(item, "c1", toHex(p->palette[5]));
mxmlElementSetAttr(item, "c2", toHex(p->palette[6]));
mxmlElementSetAttr(item, "c3", toHex(p->palette[7]));
item = mxmlFindNewElement(section, "obj0");
mxmlElementSetAttr(item, "c0", toHex(p->palette[8]));
mxmlElementSetAttr(item, "c1", toHex(p->palette[9]));
mxmlElementSetAttr(item, "c2", toHex(p->palette[10]));
item = mxmlFindNewElement(section, "obj1");
mxmlElementSetAttr(item, "c0", toHex(p->palette[11]));
mxmlElementSetAttr(item, "c1", toHex(p->palette[12]));
mxmlElementSetAttr(item, "c2", toHex(p->palette[13]));
}
int
WSAAPI
Hookedbind(
SOCKET s,
const struct sockaddr *name,
int namelen
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET )
{
PXMLNODE XmlIDLogNode;
CHAR szPort[20];
sockaddr_in *sdata;
sdata = (sockaddr_in *)name;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_BIND);
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "bind_ip", inet_ntoa(sdata->sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "bind_port", _itoa(htons(sdata->sin_port),szPort, 10));
// save
SaveXml( XmlLog );
}
return (bind_(s, name, namelen));
}
int
WSAAPI
Hookedrecv(
SOCKET s,
char *buf,
int len,
int flags
)
{
if ( DbgGetShellcodeFlag() == PWNYPOT_STATUS_SHELLCODE_FLAG_SET && len > 1)
{
CHAR szPort[20];
CHAR szUID[UID_SIZE];
sockaddr_in sdata;
int sock_len = sizeof(sockaddr);
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
// type
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_RECV);
getpeername( s, (sockaddr *)&sdata, &sock_len);
mxmlElementSetAttrf(XmlIDLogNode, "socket", "%d", s);
mxmlElementSetAttr(XmlIDLogNode, "recv_ip", inet_ntoa(sdata.sin_addr));
mxmlElementSetAttr(XmlIDLogNode, "recv_port", _itoa(htons(sdata.sin_port), szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "recv_datalen", _itoa(len, szPort, 10));
mxmlElementSetAttr(XmlIDLogNode, "data_uid", GenRandomStr(szUID, UID_SIZE-1));
HexDumpToFile((PBYTE)buf, len ,szUID);
// save
SaveXml( XmlLog );
}
return (recv_( s, buf, len, flags));
}
BOOL
WINAPI
HookedSetProcessDEPPolicy(
DWORD dwFlags
)
{
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "SetProcessDEPPolicy");
mxmlElementSetAttrf(XmlIDLogNode, "value", "%d", dwFlags);
if (PWNYPOT_REGCONFIG.GENERAL.ALLOW_MALWARE_EXEC)
{
SaveXml( XmlLog );
return SetProcessDEPPolicy_(dwFlags);
}
else
{
if (dwFlags == 0)
{
DEBUG_PRINTF(LSHL, NULL, "Stopping Process because it was trying to disable DEP.\n");
SaveXml( XmlLog );
TerminateProcess(GetCurrentProcess(), STATUS_ACCESS_VIOLATION);
}
}
return 0;
}
/**
* Dumps an Objects scripts into the XML node.
* @param obj_node XML node.
* @param object The object.
*/
void FileProcessor::saveArea_Script(mxml_node_t* obj_node, Object* object) {
if(strcmp(object->getScript(SCRIPT_ONUPDATE).c_str(), "") != 0) {
mxml_node_t *pos_node = mxmlNewElement(obj_node, "script");
mxmlElementSetAttr(pos_node, "type", "onupdate");
mxmlElementSetAttr(pos_node, "filename", object->getScript(SCRIPT_ONUPDATE).c_str());
}
}
VOID
NTAPI
HookedLdrHotPatchRoutine(
HotPatchBuffer * s_HotPatchBuffer
)
{
DEBUG_PRINTF(LSHL, NULL, "HookedLdrHotPatchRoutine called.\n");
PXMLNODE XmlIDLogNode;
XmlIDLogNode = mxmlNewElement( XmlShellcode, "row");
mxmlElementSetAttr(XmlIDLogNode, "type", ANALYSIS_TYPE_API);
mxmlElementSetAttr(XmlIDLogNode, "api", "LdrHotPatchRoutine");
mxmlElementSetAttrf(XmlIDLogNode, "value", "%ls,%ls", s_HotPatchBuffer->PatcherName, s_HotPatchBuffer->PatcheeName);
if (PWNYPOT_REGCONFIG.SHELLCODE.ALLOW_MALWARE_DOWNLOAD)
{
//mxmlElementSetAttr(XmlIDLogNode, "downloaded_dll", "1");
SaveXml( XmlLog );
LdrHotPatchRoutine_(s_HotPatchBuffer);
}
else {
//mxmlElementSetAttr(XmlIDLogNode, "downloaded_dll", "0");
SaveXml( XmlLog );
DEBUG_PRINTF(LSHL, NULL, "Denied downloading of library because of ALLOW_MALWARE_DOWNLOAD=0");
}
}