DWORD WINAPI EV_DebugThread(LPVOID lpStartAddress) { EV_fdFileIsDll=false; unsigned int EV_fdEntryPoint=0; EV_fdProcessInfo=0; EV_bpvp_set=false; DWORD EV_bytes_read=0; FILE_STATUS_INFO inFileStatus= {0}; IsPE32FileValidEx(EV_szFileName, UE_DEPTH_SURFACE, &inFileStatus); HANDLE hFile, fileMap; EV_fdEntryPoint=(long)GetPE32Data(EV_szFileName, 0, UE_OEP); StaticFileLoad(EV_szFileName, UE_ACCESS_READ, false, &hFile, &EV_bytes_read, &fileMap, &EV_va); StaticFileClose(hFile); EV_fdFileIsDll=inFileStatus.FileIsDLL; if(!EV_fdFileIsDll) { EV_fdProcessInfo=(LPPROCESS_INFORMATION)InitDebugEx(EV_szFileName, 0, 0, (void*)EV_cbEntry); } else { EV_fdProcessInfo=(LPPROCESS_INFORMATION)InitDLLDebug(EV_szFileName, false, 0, 0, (void*)EV_cbEntry); } if(EV_fdProcessInfo) { DebugLoop(); RemoveListDuplicates(EV_shared, IDC_LIST); return 0; } else { MessageBoxA(EV_shared, "Something went wrong during initialization...", "Error!", MB_ICONERROR); return 0; } return 1; }
void VF_Version(char* szFileName, char* szVersion, cbErrorMessage ErrorMessageCallback) { FILE_STATUS_INFO inFileStatus= {0}; g_szVersion=szVersion; g_fdFileIsDll=false; g_fdProcessInfo=0; g_ErrorMessageCallback=ErrorMessageCallback; IsPE32FileValidEx(szFileName, UE_DEPTH_SURFACE, &inFileStatus); if(inFileStatus.FileIs64Bit) { ErrorMessageCallback((char*)"64-bit files are not (yet) supported!", (char*)"Error!"); return; } HANDLE hFile, fileMap; ULONG_PTR va; DWORD bytes_read=0; StaticFileLoad(szFileName, UE_ACCESS_READ, false, &hFile, &bytes_read, &fileMap, &va); if(!IsArmadilloProtected(va)) { ErrorMessageCallback((char*)"Not armadillo protected...", (char*)"Error!"); return; } StaticFileClose(hFile); g_fdFileIsDll=inFileStatus.FileIsDLL; if(!g_fdFileIsDll) g_fdProcessInfo=(LPPROCESS_INFORMATION)InitDebugEx(szFileName, 0, 0, (void*)cbEntry); else g_fdProcessInfo=(LPPROCESS_INFORMATION)InitDLLDebug(szFileName, false, 0, 0, (void*)cbEntry); if(g_fdProcessInfo) DebugLoop(); else ErrorMessageCallback((char*)"Something went wrong during initialization...", (char*)"Error!"); }
bool IH_Debugger(char* szFileName, IH_InlineHelperData_t* ptrTargetData, cbStd EndingCallback, cbErrorMessage ErrorMessageCallback) { FILE_STATUS_INFO fileStatus= {0}; bool bFileIsDll; g_EndingCallback=EndingCallback; g_ErrorMessageCallback=ErrorMessageCallback; g_szFileName=szFileName; g_PtrTargetData=ptrTargetData; memset(g_PtrTargetData, 0, sizeof(IH_InlineHelperData_t)); IsPE32FileValidEx(szFileName, UE_DEPTH_SURFACE, &fileStatus); bFileIsDll=fileStatus.FileIsDLL; CreateThread(0, 0, IH_DebugThread, 0, 0, 0); return bFileIsDll; }
DWORD WINAPI IH_DebugThread(LPVOID lpStartAddress) //Thread for debugging { g_bFileIsDll=false; g_fdImageBase=0; g_fdEntryPoint=0; IH_fdProcessInfo=0; g_OutputDebugStringATotalCount=0; g_OutputDebugStringAMinorCount=0; DWORD IH_bytes_read=0; FILE_STATUS_INFO inFileStatus= {0}; IsPE32FileValidEx(g_szFileName, UE_DEPTH_SURFACE, &inFileStatus); if(inFileStatus.FileIs64Bit) { g_ErrorMessageCallback((char*)"64-bit files are not (yet) supported!", (char*)"Error!"); return 0; } HANDLE hFile, fileMap; ULONG_PTR va; //g_fdImageBase=(long)GetPE32Data(g_szFileName, 0, UE_IMAGEBASE); //g_PtrTargetData->ImageBase=g_fdImageBase; g_fdEntryPoint=(long)GetPE32Data(g_szFileName, 0, UE_OEP); StaticFileLoad(g_szFileName, UE_ACCESS_READ, false, &hFile, &IH_bytes_read, &fileMap, &va); g_fdEntrySectionNumber=GetPE32SectionNumberFromVA(va, g_fdEntryPoint+GetPE32Data(g_szFileName, 0, UE_IMAGEBASE)); g_PtrTargetData->EntrySectionNumber=g_fdEntrySectionNumber; StaticFileClose(hFile); g_fdEntrySectionSize= (long)GetPE32Data(g_szFileName, g_fdEntrySectionNumber, UE_SECTIONVIRTUALSIZE); g_fdEntrySectionOffset=(long)GetPE32Data(g_szFileName, g_fdEntrySectionNumber, UE_SECTIONVIRTUALOFFSET); g_bFileIsDll=inFileStatus.FileIsDLL; if(g_bFileIsDll==false) { IH_fdProcessInfo=(LPPROCESS_INFORMATION)InitDebugEx(g_szFileName, 0, 0, (void*)IH_cbEntryPoint); } else { IH_fdProcessInfo=(LPPROCESS_INFORMATION)InitDLLDebug(g_szFileName, false, 0, 0, (void*)IH_cbDllEntryPoint); } if(IH_fdProcessInfo) { DebugLoop(); return 0; } else { g_ErrorMessageCallback((char*)"Something went wrong during initialization...", (char*)"Error!"); return 0; } return 1; }
DWORD WINAPI CT_FindCertificates(void* lpvoid) { CT_created_log=false; CT_isdebugging=true; patched_magic_jump=false; fdProcessInfo=0; magic_value_addr=0; encrypted_cert_real=0; encrypted_cert_real_size=0; cert_func_count=0; if(CT_cert_data) { if(CT_cert_data->projectid) free2(CT_cert_data->projectid); if(CT_cert_data->customer_service) free2(CT_cert_data->customer_service); if(CT_cert_data->website) free2(CT_cert_data->website); if(CT_cert_data->unknown_string) free2(CT_cert_data->unknown_string); if(CT_cert_data->stolen_keys) free2(CT_cert_data->stolen_keys); if(CT_cert_data->intercepted_libs) free2(CT_cert_data->intercepted_libs); if(CT_cert_data->raw_data) free2(CT_cert_data->raw_data); if(CT_cert_data->encrypted_data) free2(CT_cert_data->encrypted_data); free2(CT_cert_data); } CT_cert_data=(CERT_DATA*)malloc2(sizeof(CERT_DATA)); memset(CT_cert_data, 0, sizeof(CERT_DATA)); InitVariables(program_dir, (CT_DATA*)CT_cert_data, StopDebug, 1, GetParent(CT_shared)); FILE_STATUS_INFO inFileStatus= {0}; CT_time1=GetTickCount(); IsPE32FileValidEx(CT_szFileName, UE_DEPTH_SURFACE, &inFileStatus); if(inFileStatus.FileIs64Bit) { MessageBoxA(CT_shared, "64-bit files are not (yet) supported!", "Error!", MB_ICONERROR); return 0; } HANDLE hFile, fileMap; ULONG_PTR va; DWORD bytes_read=0; StaticFileLoad(CT_szFileName, UE_ACCESS_READ, false, &hFile, &bytes_read, &fileMap, &va); if(!IsArmadilloProtected(va)) { InitVariables(program_dir, 0, StopDebug, 0, 0); CT_isdebugging=false; MessageBoxA(CT_shared, "Not armadillo protected...", "Error!", MB_ICONERROR); return 0; } StaticFileClose(hFile); fdFileIsDll=inFileStatus.FileIsDLL; if(!fdFileIsDll) fdProcessInfo=(LPPROCESS_INFORMATION)InitDebugEx(CT_szFileName, 0, 0, (void*)CT_cbEntry); else fdProcessInfo=(LPPROCESS_INFORMATION)InitDLLDebug(CT_szFileName, false, 0, 0, (void*)CT_cbEntry); if(fdProcessInfo) { EnableWindow(GetDlgItem(CT_shared, IDC_BTN_START), 0); DebugLoop(); InitVariables(program_dir, 0, StopDebug, 0, 0); CT_ParseCerts(); } else MessageBoxA(CT_shared, "Something went wrong during initialization...", "Error!", MB_ICONERROR); InitVariables(program_dir, 0, StopDebug, 0, 0); CT_isdebugging=false; return 0; }