/****************************************************************************** * FunctionName : strtmac *******************************************************************************/ void ICACHE_FLASH_ATTR strtomac(uint8 *s, uint8 *macaddr) { uint8 pbuf[4]; s = cmpcpystr(pbuf, s, 0, ':', 3); *macaddr++ = hextoul(pbuf); int i = 4; while(i--) { s = cmpcpystr(pbuf, s, ':', ':', 3); *macaddr++ = hextoul(pbuf); } s = cmpcpystr(pbuf, s, ':', ' ', 3); *macaddr++ = hextoul(pbuf); }
// bool convert_para_str(uint32 * dest, uint8 *s); uint32 ICACHE_FLASH_ATTR ahextoul(uint8 *s) { /* uint32 ret; if(!convert_para_str(&ret, s)) return 0; return ret; */ if((s[0]=='0') && ((s[1] | 0x20) =='x')) return hextoul(s+2); return atoi(s); }
/****************************************************************************** * FunctionName : ahextoul * Convert str in decimal/hex/bool format to uint32 ******************************************************************************/ uint32 ICACHE_FLASH_ATTR ahextoul(uint8 *s) { if((s[0]=='0') && ((s[1] | 0x20) =='x')) return hextoul(s+2); if(os_strncmp(s, "true", 4) == 0) return 1; return rom_atoi(s); }
/* * SfExtractDropper * * Purpose: * * Extract Sirefef/ZeroAccess from image resource. * * CNG variant * */ UINT SfExtractDropper( LPWSTR lpCommandLine ) { BOOL cond = FALSE, bSuccess = FALSE; ULONG c, uKey = 0, imagesz; WCHAR szInputFile[MAX_PATH + 1]; WCHAR szOutputFile[MAX_PATH + 1]; WCHAR szKey[MAX_PATH]; PVOID ImageBase = NULL, EncryptedData = NULL, DecryptedData = NULL; IStream *pImageStream = NULL; ULONG_PTR gdiplusToken = 0; GdiplusStartupInput input; GdiplusStartupOutput output; PVOID BitmapPtr = NULL; GdiPlusBitmapData BitmapData; GdiPlusRect rect; SIZE_T sz; PULONG ptr, i_ptr; //input file c = 0; RtlSecureZeroMemory(szInputFile, sizeof(szInputFile)); GetCommandLineParam(lpCommandLine, 1, (LPWSTR)&szInputFile, MAX_PATH, &c); if (c == 0) { SfcuiPrintText(g_ConOut, T_SFEXTRACTUSAGE, g_ConsoleOutput, FALSE); return (UINT)-1; } //output file c = 0; RtlSecureZeroMemory(&szOutputFile, sizeof(szOutputFile)); GetCommandLineParam(lpCommandLine, 2, (LPWSTR)&szOutputFile, MAX_PATH, &c); if (c == 0) { _strcpy(szOutputFile, TEXT("extracted.bin")); } //key c = 0; RtlSecureZeroMemory(&szKey, sizeof(szKey)); GetCommandLineParam(lpCommandLine, 3, (LPWSTR)&szKey, MAX_PATH, &c); if ((c == 0) || (c > 10)) { SfcuiPrintText(g_ConOut, T_SFEXTRACTUSAGE, g_ConsoleOutput, FALSE); return (UINT)-1; } c = 0; if (locase_w(szKey[1]) == 'x') { c = 2; } uKey = hextoul(&szKey[c]); do { ImageBase = SfuCreateFileMappingNoExec(szInputFile); if (ImageBase == NULL) break; c = 0; EncryptedData = SfLdrQueryResourceData(1, ImageBase, &c); if ((EncryptedData == NULL) || (c == 0)) break; pImageStream = SHCreateMemStream((BYTE *)EncryptedData, (UINT)c); if (pImageStream == NULL) break; RtlSecureZeroMemory(&input, sizeof(input)); RtlSecureZeroMemory(&output, sizeof(output)); input.GdiplusVersion = 1; if (GdiplusStartup(&gdiplusToken, &input, &output) != GdiplusOk) break; BitmapPtr = NULL; if (GdipCreateBitmapFromStream(pImageStream, &BitmapPtr) != GdiplusOk) break; RtlSecureZeroMemory(&rect, sizeof(rect)); if ( (GdipGetImageWidth(BitmapPtr, (UINT *)&rect.Width) == GdiplusOk) && (GdipGetImageHeight(BitmapPtr, (UINT *)&rect.Height) == GdiplusOk) ) { RtlSecureZeroMemory(&BitmapData, sizeof(BitmapData)); if (GdipBitmapLockBits(BitmapPtr, &rect, ImageLockModeRead, PixelFormat32bppARGB, &BitmapData) == GdiplusOk) { c = (rect.Width * rect.Height); imagesz = sizeof(ULONG) * c; sz = imagesz; DecryptedData = NULL; NtAllocateVirtualMemory(NtCurrentProcess(), &DecryptedData, 0, &sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if (DecryptedData) { i_ptr = (PULONG)BitmapData.Scan0; ptr = DecryptedData; while (c > 0) { *ptr = *i_ptr ^ uKey; ptr++; i_ptr++; c--; } bSuccess = (SfuWriteBufferToFile(szOutputFile, DecryptedData, imagesz, FALSE, FALSE) == imagesz); sz = 0; NtFreeVirtualMemory(NtCurrentProcess(), &DecryptedData, &sz, MEM_RELEASE); } GdipBitmapUnlockBits(BitmapPtr, &BitmapData); } } } while (cond); if (bSuccess == FALSE) { SfcuiPrintText(g_ConOut, T_SFEXTRACTFAIL, g_ConsoleOutput, FALSE); } else { SfcuiPrintText(g_ConOut, szOutputFile, g_ConsoleOutput, TRUE); SfcuiPrintText(g_ConOut, T_SFEXTRACTED, g_ConsoleOutput, TRUE); } if (BitmapPtr != NULL) { GdipDisposeImage(&BitmapPtr); } if (gdiplusToken != 0) { GdiplusShutdown(gdiplusToken); } if (pImageStream != NULL) { pImageStream->lpVtbl->Release(pImageStream); } if (ImageBase != NULL) { NtUnmapViewOfSection(NtCurrentProcess(), ImageBase); } return 0; }