Insanity for the sake of insanity.
This commit is contained in:
n-a-c-h
parent
23460ff9ad
commit
475784b4fb
|
|
@ -495,9 +495,14 @@ static lpExitProcess protectHelp[2] = { (lpExitProcess)srandWrap, (lpExitProcess
|
||||||
|
|
||||||
typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR);
|
typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR);
|
||||||
typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR);
|
typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR);
|
||||||
|
typedef int (*lpExecutableValid)(const char *);
|
||||||
|
typedef char *(*lpUnprotectBuffer)(unsigned char *, size_t);
|
||||||
|
|
||||||
SET_FN_PTR(LoadLibrary, 0x01301100);
|
#pragma optimize("", off)
|
||||||
SET_FN_PTR(GetProcAddress, 0x01301100);
|
SET_FN_PTR(LoadLibrary, 0x01301400);
|
||||||
|
SET_FN_PTR(GetProcAddress, 0x01301500);
|
||||||
|
SET_FN_PTR(ExecutableValid, 0x01301600);
|
||||||
|
SET_FN_PTR(unprotect_buffer, 0x01301700);
|
||||||
|
|
||||||
int VBA::doProtection()
|
int VBA::doProtection()
|
||||||
{
|
{
|
||||||
|
|
@ -507,33 +512,34 @@ int VBA::doProtection()
|
||||||
HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded)));
|
HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded)));
|
||||||
if (hM_kernel32)
|
if (hM_kernel32)
|
||||||
{
|
{
|
||||||
pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded)));
|
pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(getname_encoded, sizeof(getname_encoded)));
|
||||||
if (pGetModuleFileNameA)
|
if (pGetModuleFileNameA)
|
||||||
{
|
{
|
||||||
pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName));
|
pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName));
|
||||||
}
|
}
|
||||||
|
|
||||||
pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded)));
|
pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(exit_encoded, sizeof(exit_encoded)));
|
||||||
protectHelp[1] = pExitProcess;
|
protectHelp[1] = pExitProcess;
|
||||||
|
|
||||||
return(ExecutableValid(szEXEFileName));
|
return(((lpExecutableValid)GET_FN_PTR(ExecutableValid))(szEXEFileName));
|
||||||
}
|
}
|
||||||
return(-3);
|
return(-3);
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL doStuffGood(VBA *vba, int num)
|
static BOOL doStuffGood(VBA *vba, register int num)
|
||||||
{
|
{
|
||||||
protectHelp[vba->securityCheck2]((UINT)time(0));
|
protectHelp[vba->securityCheck2]((UINT)time(0));
|
||||||
num ^= 1;
|
num ^= 1;
|
||||||
return((BOOL)num);
|
return((BOOL)num);
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL doStuffBad(VBA *vba, int num)
|
static BOOL doStuffBad(VBA *vba, register int num)
|
||||||
{
|
{
|
||||||
num |= 1;
|
num |= 1;
|
||||||
vba->pExitProcess(num);
|
vba->pExitProcess(num);
|
||||||
return(doStuffGood(vba, num&1));
|
return(doStuffGood(vba, num&1));
|
||||||
}
|
}
|
||||||
|
#pragma optimize("", on)
|
||||||
|
|
||||||
typedef bool (VBA::*trapPointer)(bool);
|
typedef bool (VBA::*trapPointer)(bool);
|
||||||
static trapPointer trapPointers[6];
|
static trapPointer trapPointers[6];
|
||||||
|
|
|
||||||
|
|
@ -32,8 +32,8 @@ int ExecutableValid(const char *executable_filename)
|
||||||
#else
|
#else
|
||||||
|
|
||||||
SET_FN_PTR(fopen, 0x01301100);
|
SET_FN_PTR(fopen, 0x01301100);
|
||||||
SET_FN_PTR(fread, 0x01301100);
|
SET_FN_PTR(fread, 0x01301200);
|
||||||
SET_FN_PTR(malloc, 0x01301100);
|
SET_FN_PTR(malloc, 0x01301300);
|
||||||
|
|
||||||
typedef FILE * (*p_fopen)(const char *path, const char *mode);
|
typedef FILE * (*p_fopen)(const char *path, const char *mode);
|
||||||
typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream);
|
typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream);
|
||||||
|
|
|
||||||
|
|
@ -13,12 +13,11 @@ char *unprotect_buffer(unsigned char *buffer, size_t buffer_len);
|
||||||
#pragma optimize("", off)
|
#pragma optimize("", off)
|
||||||
#define SET_FN_PTR(func, num) \
|
#define SET_FN_PTR(func, num) \
|
||||||
static __inline void *get_##func(void) { \
|
static __inline void *get_##func(void) { \
|
||||||
int i, j = num / 4; \
|
volatile int i, j = num / 4; \
|
||||||
long ptr = (long)func + num; \
|
long ptr = (long)func + num; \
|
||||||
for (i = 0; i < 2; i++) { ptr -= j; } \
|
for (i = 0; i < 2; i++) { ptr -= j; } \
|
||||||
return (void *)(ptr - (j * 2)); \
|
return (void *)(ptr - (j * 2)); \
|
||||||
} \
|
}
|
||||||
|
|
||||||
#pragma optimize("", on)
|
#pragma optimize("", on)
|
||||||
|
|
||||||
#define GET_FN_PTR(func) get_##func()
|
#define GET_FN_PTR(func) get_##func()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue