int main(int argc, char **argv) {
if (argc==3 && _stricmp(argv[1], "hook")==0){
int threadid = atoi(argv[2]);
HMODULE hmodule = NULL;
HHOOK hhook = NULL;
if (!inject_dll(hmodule, hhook, threadid)){
printf("Injection failed.\n");
return 1;
}
printf("Press enter key to stop.");
getchar();
eject_dll(hmodule, hhook);
return 0;
}
else if ((argc==2||argc==3) && _stricmp(argv[1], "server")==0) {
int port = 3900;
if (argc==3) atoi(argv[2]);
thrift_server_start(port);
return 0;
}
printf("Usage:\n");
printf(" %s hook thread_id\n", argv[0]);
printf(" %s server [port_number]\n", argv[0]);
return 1;
}
/*
* Inject a DLL into another process via Reflective DLL Injection.
*/
DWORD ps_inject( DWORD dwPid, DLL_BUFFER * pDllBuffer )
{
DWORD dwResult = ERROR_ACCESS_DENIED;
DWORD dwPidArch = PROCESS_ARCH_UNKNOWN;
DWORD dwDllArch = PROCESS_ARCH_UNKNOWN;
LPVOID lpDllBuffer = NULL;
DWORD dwDllLenght = 0;
do
{
if( !pDllBuffer )
BREAK_WITH_ERROR( "[PS] ps_inject_dll. No Dll buffer specified", ERROR_INVALID_PARAMETER );
dwPidArch = ps_getarch( dwPid );
dprintf("before pid check, dwPidArch: %d", dwPidArch);
//dwPidArch = PROCESS_ARCH_X86;
if( dwPidArch == PROCESS_ARCH_X86 )
{
lpDllBuffer = pDllBuffer->lpPE32DllBuffer;
dwDllLenght = pDllBuffer->dwPE32DllLenght;
dprintf("ps_inject PID arch is x86");
}
else if( dwPidArch == PROCESS_ARCH_X64 )
{
lpDllBuffer = pDllBuffer->lpPE64DllBuffer;
dwDllLenght = pDllBuffer->dwPE64DllLenght;
dprintf("ps_inject PID arch is x64");
}
else
{
BREAK_WITH_ERROR( "[PS] ps_inject_dll. Unable to determine target pid arhitecture", ERROR_INVALID_DATA );
}
dwDllArch = ps_getarch_dll( lpDllBuffer );
if( dwDllArch == PROCESS_ARCH_UNKNOWN )
BREAK_WITH_ERROR( "[PS] ps_inject_dll. Unable to determine DLL arhitecture", ERROR_BAD_FORMAT );
if( dwDllArch != dwPidArch )
BREAK_WITH_ERROR( "[PS] ps_inject_dll. pid/dll architecture mixup", ERROR_BAD_ENVIRONMENT );
dwResult = inject_dll( dwPid, lpDllBuffer, dwDllLenght );
} while( 0 );
return dwResult;
}
static PyObject *
Py_reflective_inject_dll(PyObject *self, PyObject *args)
{
DWORD dwPid;
const char *lpDllBuffer;
DWORD dwDllLenght;
const char *cpCommandLine;
PyObject* py_is64bit;
int is64bits;
if (!PyArg_ParseTuple(args, "Is#O", &dwPid, &lpDllBuffer, &dwDllLenght, &py_is64bit))
return NULL;
is64bits = PyObject_IsTrue(py_is64bit);
if(is64bits){
is64bits=PROCESS_ARCH_X64;
}else{
is64bits=PROCESS_ARCH_X86;
}
if(inject_dll( dwPid, lpDllBuffer, dwDllLenght, NULL, is64bits) != ERROR_SUCCESS)
return NULL;
return PyBool_FromLong(1);
}
// TODO cleanup messy code
BOOL _CreateMap(VOID)
{
STARTUPINFOW si = { 0 };
PROCESS_INFORMATION pi = { 0 };
BOOL bRet = FALSE;
WCHAR cwd[MAX_PATH] = { 0 };
WCHAR rmgtmp[MAX_PATH] = { 0 };
char rmg_dll[MAX_PATH] = { 0 };
WCHAR h3maped_dir[MAX_PATH] = { 0 };
WCHAR h3maped_exe[MAX_PATH] = { 0 };
WCHAR gzip_utils_dest[MAX_PATH] = { 0 };
HKEY key = NULL;
char value[MAX_PATH] = { 0 };
DWORD value_length = sizeof(value)-1;
DWORD type = REG_SZ;
GetCurrentDirectoryW(sizeof(cwd)-1, cwd);
_snwprintf(rmgtmp, sizeof(rmgtmp) / sizeof(WCHAR)-1, L"%s\\data\\maps\\rmgtmp", cwd);
DeleteFileW(rmgtmp);
if (RegOpenKeyA(HKEY_CURRENT_USER, "Software\\h3minternals\\", &key) != ERROR_SUCCESS)
{
return FALSE;
}
value_length = sizeof(value);
memset(value, 0, sizeof(value));
if (ERROR_SUCCESS != RegQueryValueExA(key, "orig_maped_path", NULL, &type, (LPBYTE)value, &value_length))
{
char fail[64];
sprintf(fail, "fail %d", GetLastError());
OutputDebugStringA(fail);
}
_snwprintf(h3maped_dir, sizeof(h3maped_dir) / sizeof(WCHAR) - 1, L"%S", value);
_snwprintf(h3maped_exe, sizeof(h3maped_exe) / sizeof(WCHAR)-1, L"%s\\h3maped.exe", h3maped_dir);
_snwprintf(gzip_utils_dest, sizeof(gzip_utils_dest) / sizeof(WCHAR)-1, L"%s\\gzip_utils.dll", h3maped_dir);
if (FALSE == CopyFileW(L"gzip_utils.dll", gzip_utils_dest, FALSE))
{
MessageBoxA(0, "Failed to copy gzip_utils.dll to map editor path. Please copy this file manually.",
"Error", MB_ICONERROR);
}
OutputDebugStringW(L"anymap: orig_maped_path");
OutputDebugStringW(h3maped_exe);
value_length = sizeof(rmg_dll);
memset(rmg_dll, 0, sizeof(rmg_dll));
if (ERROR_SUCCESS != RegQueryValueExA(key, "maped_rmg_path", NULL, &type, (LPBYTE)rmg_dll, &value_length))
{
char fail[64];
sprintf(fail, "fail %d", GetLastError());
OutputDebugStringA(fail);
}
OutputDebugStringA("anymap: maped_rmg_path");
OutputDebugStringA(rmg_dll);
RegCloseKey(key);
si.cb = sizeof(si);
si.lpReserved = cwd;
if (FALSE == (bRet = CreateProcessW(NULL,
h3maped_exe,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
NULL,
&si,
&pi
)))
{
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return FALSE;
}
inject_dll(pi.hProcess, rmg_dll, 0);
ResumeThread(pi.hThread);
{
for (;;)
{
MSG msg;
if (0 != PeekMessageA(&msg, NULL, 0, 0, PM_REMOVE))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
if (WAIT_OBJECT_0 == WaitForSingleObject(pi.hThread, 50))
{
break;
}
}
}
SetForegroundWindowInternal(FindWindowA("SDL_app", TITLE));
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return TRUE;
}
