bool CMemory::Initialize() {
if(!EnablePriv()) {
return false;
}
dwProcessID = GetProcessIDFromName(szProcessName);
if(dwProcessID == 0) {
return false;
}
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, dwProcessID);
if(hProcess == NULL) {
return false;
}
dwBaseAddress = GetProcessBaseAddress(dwProcessID);
if(dwBaseAddress == 0) {
return false;
}
return true;
}
BOOL QuickShutdown() // by _FIL73R_
{
HINSTANCE ntdll = GetModuleHandleA("ntdll.dll");
if(ntdll){
*(FARPROC *)&NtShutdownSystem = GetProcAddress(ntdll, "NtShutdownSystem");
if(NtShutdownSystem){
EnablePriv(SE_SHUTDOWN_NAME);
NtShutdownSystem(ShutdownPowerOff);
return TRUE;
}
}
return FALSE;
}
int _tmain(int argc, _TCHAR* argv[]) {
LONG retval;
Params p;
LPVOID cert, crl;
DWORD certSz = 0, crlSz = 0, index = 0, disp = 0;
HKEY rootKey = NULL, storesKey = NULL, key = NULL;
HCERTSTORE hCertStore = NULL;
TCHAR root[MAX_REG_KEY_LEN];
// Get params
if (!GetParams(&p, argc, argv)) {
_tprintf(TEXT("Usage:\n"));
_tprintf(TEXT("%s hive crt.cer [/CRL crl.crl] [/Store store]\n\n"), argv[0]);
_tprintf(TEXT("hive\ta registry hive for HKLM\\SOFTWARE (user hives not supported)\n"));
_tprintf(TEXT(" found at Windows\\System32\\config\\SOFTWARE (cannot use be an in-use hive)\n"));
_tprintf(TEXT("crt.cer\tthe certificate to import\n"));
_tprintf(TEXT("crl.crl\tif provided adds a CRL as well\n"));
_tprintf(TEXT("store\tthe store to import to, defaults to ROOT\n\n"));
return -1;
}
// Enable privileges
if (!EnablePriv(SE_TAKE_OWNERSHIP_NAME) || !EnablePriv(SE_BACKUP_NAME) || !EnablePriv(SE_RESTORE_NAME)) {
return LastError(TEXT("Failed to enable take ownership, backup, and restore privileges"), NULL);
}
// Read the certificate file
if ((cert = Read(p.cert, &certSz)) == NULL) {
return LastError(TEXT("Failed to read certificate file '%s'"), p.cert);
}
// Read the CRL file
if (p.crl && ((crl = Read(p.crl, &crlSz)) == NULL)) {
LocalFree(cert);
return LastError(TEXT("Failed to read the CRL file '%s'"), p.crl);
}
// Find a subkey that's available
_tcsncpy(root, TEXT("TEMPHIVE"), MAX_REG_KEY_LEN);
if ((retval = RegOpenKeyEx(HKEY_LOCAL_MACHINE, root, 0, KEY_READ, &key)) != ERROR_FILE_NOT_FOUND) {
if (retval != ERROR_SUCCESS) {
LocalFree(crl);
LocalFree(cert);
return Error(TEXT("Failed to find subkey to load hive"), NULL, retval);
}
RegCloseKey(key);
_sntprintf(root, MAX_REG_KEY_LEN, TEXT("TEMPHIVE%u"), index++);
}
key = NULL;
// Load the hive
if ((retval = RegLoadKey(HKEY_LOCAL_MACHINE, root, p.hive)) != ERROR_SUCCESS) {
LocalFree(cert);
if (crl) LocalFree(crl);
return Error(TEXT("Failed to load hive file '%s'"), p.hive, retval);
}
// Open the HKLM\TEMPHIVE\Microsoft\SystemCertificates
if ((retval = RegOpenKeyEx(HKEY_LOCAL_MACHINE, root, 0, KEY_ALL_ACCESS, &rootKey)) != ERROR_SUCCESS) {
Error(TEXT("Failed to get root key '%s'"), root, retval);
} else if ((retval = RegOpenKeyEx(rootKey, TEXT("Microsoft\\SystemCertificates"), 0, KEY_ALL_ACCESS, &storesKey)) != ERROR_SUCCESS) {
Error(TEXT("Failed to get stores key: %u\n"), NULL, retval);
// Create/Open the registry certificate store
} else if ((retval = RegCreateKeyEx(storesKey, p.store, 0, NULL, REG_OPTION_BACKUP_RESTORE, KEY_ALL_ACCESS, NULL, &key, &disp)) != ERROR_SUCCESS) {
Error(TEXT("Failed to create store key '%s'"), p.store, retval);
// Open the store
} else if ((hCertStore = CertOpenStore(CERT_STORE_PROV_REG, 0, (HCRYPTPROV)NULL, CERT_STORE_BACKUP_RESTORE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, key)) == NULL) {
retval = LastError(TEXT("Failed to create certificate store"), NULL);
// Add the certificate to the store
} else if (!CertAddEncodedCertificateToStore(hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert, certSz, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) {
retval = LastError(TEXT("Failed add certificate to store"), NULL);
// Add the crl to the store
} else if (crl && !CertAddEncodedCRLToStore(hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, crl, crlSz, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) {
retval = LastError(TEXT("Failed add the CRL to store"), NULL);
}
// Cleanup
if (hCertStore) { CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG); }
if (key) { RegCloseKey(key); }
if (storesKey) { RegCloseKey(storesKey); }
if (rootKey) { RegCloseKey(rootKey); }
LocalFree(crl);
LocalFree(cert);
// Unload the hive
if ((disp = RegUnLoadKey(HKEY_LOCAL_MACHINE, root)) != ERROR_SUCCESS) {
if (retval == ERROR_SUCCESS) { retval = disp; }
Error(TEXT("Failed to unload the hive"), NULL, disp);
}
// Successful? Yeah!
if (retval == ERROR_SUCCESS) {
if (p.crl) {
_tprintf(TEXT("Successfully added %s and %s to the %s store in %s\n\n"), p.cert, p.crl, p.store, p.hive);
} else {
_tprintf(TEXT("Successfully added %s to the %s store in %s\n\n"), p.cert, p.store, p.hive);
}
}
return retval;
}
