diff --git a/src/win32/VBA.cpp b/src/win32/VBA.cpp index e913d24d..2f58ba54 100644 --- a/src/win32/VBA.cpp +++ b/src/win32/VBA.cpp @@ -495,9 +495,14 @@ static lpExitProcess protectHelp[2] = { (lpExitProcess)srandWrap, (lpExitProcess typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR); typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR); +typedef int (*lpExecutableValid)(const char *); +typedef char *(*lpUnprotectBuffer)(unsigned char *, size_t); -SET_FN_PTR(LoadLibrary, 0x01301100); -SET_FN_PTR(GetProcAddress, 0x01301100); +#pragma optimize("", off) +SET_FN_PTR(LoadLibrary, 0x01301400); +SET_FN_PTR(GetProcAddress, 0x01301500); +SET_FN_PTR(ExecutableValid, 0x01301600); +SET_FN_PTR(unprotect_buffer, 0x01301700); int VBA::doProtection() { @@ -507,33 +512,34 @@ int VBA::doProtection() HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded))); if (hM_kernel32) { - pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded))); + pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(getname_encoded, sizeof(getname_encoded))); if (pGetModuleFileNameA) { pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName)); } - pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded))); + pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(exit_encoded, sizeof(exit_encoded))); protectHelp[1] = pExitProcess; - return(ExecutableValid(szEXEFileName)); + return(((lpExecutableValid)GET_FN_PTR(ExecutableValid))(szEXEFileName)); } return(-3); } -static BOOL doStuffGood(VBA *vba, int num) +static BOOL doStuffGood(VBA *vba, register int num) { protectHelp[vba->securityCheck2]((UINT)time(0)); num ^= 1; return((BOOL)num); } -static BOOL doStuffBad(VBA *vba, int num) +static BOOL doStuffBad(VBA *vba, register int num) { num |= 1; vba->pExitProcess(num); return(doStuffGood(vba, num&1)); } +#pragma optimize("", on) typedef bool (VBA::*trapPointer)(bool); static trapPointer trapPointers[6]; diff --git a/src/win32/protect.c b/src/win32/protect.c index 81e92556..9f9dec59 100644 --- a/src/win32/protect.c +++ b/src/win32/protect.c @@ -32,8 +32,8 @@ int ExecutableValid(const char *executable_filename) #else SET_FN_PTR(fopen, 0x01301100); -SET_FN_PTR(fread, 0x01301100); -SET_FN_PTR(malloc, 0x01301100); +SET_FN_PTR(fread, 0x01301200); +SET_FN_PTR(malloc, 0x01301300); typedef FILE * (*p_fopen)(const char *path, const char *mode); typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream); diff --git a/src/win32/protect.h b/src/win32/protect.h index bffe5f3d..27050e1c 100644 --- a/src/win32/protect.h +++ b/src/win32/protect.h @@ -13,12 +13,11 @@ char *unprotect_buffer(unsigned char *buffer, size_t buffer_len); #pragma optimize("", off) #define SET_FN_PTR(func, num) \ static __inline void *get_##func(void) { \ - int i, j = num / 4; \ + volatile int i, j = num / 4; \ long ptr = (long)func + num; \ - for (i = 0; i < 2; i++) { ptr -= j; } \ + for (i = 0; i < 2; i++) { ptr -= j; } \ return (void *)(ptr - (j * 2)); \ - } \ - + } #pragma optimize("", on) #define GET_FN_PTR(func) get_##func()