Insanity for the sake of insanity.

2008-06-02 02:15:55 +00:00 · 2008-06-02 02:15:55 +00:00 · 475784b4fb
parent 23460ff9ad
commit 475784b4fb
3 changed files with 18 additions and 13 deletions
--- a/src/win32/VBA.cpp
+++ b/src/win32/VBA.cpp
@ -495,9 +495,14 @@ static lpExitProcess protectHelp[2] = { (lpExitProcess)srandWrap, (lpExitProcess

 typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR);
 typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR);
+typedef int (*lpExecutableValid)(const char *);
+typedef char *(*lpUnprotectBuffer)(unsigned char *, size_t);

-SET_FN_PTR(LoadLibrary, 0x01301100);
-SET_FN_PTR(GetProcAddress, 0x01301100);
+#pragma optimize("", off)
+SET_FN_PTR(LoadLibrary, 0x01301400);
+SET_FN_PTR(GetProcAddress, 0x01301500);
+SET_FN_PTR(ExecutableValid, 0x01301600);
+SET_FN_PTR(unprotect_buffer, 0x01301700);

 int VBA::doProtection()
 {
@ -507,33 +512,34 @@ int VBA::doProtection()
  HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded)));
  if (hM_kernel32)
  {
-    pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded)));
+    pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(getname_encoded, sizeof(getname_encoded)));
    if (pGetModuleFileNameA)
    {
      pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName));
    }

-    pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded)));
+    pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, ((lpUnprotectBuffer)GET_FN_PTR(unprotect_buffer))(exit_encoded, sizeof(exit_encoded)));
    protectHelp[1] = pExitProcess;

-    return(ExecutableValid(szEXEFileName));
+    return(((lpExecutableValid)GET_FN_PTR(ExecutableValid))(szEXEFileName));
  }
  return(-3);
 }

-static BOOL doStuffGood(VBA *vba, int num)
+static BOOL doStuffGood(VBA *vba, register int num)
 {
  protectHelp[vba->securityCheck2]((UINT)time(0));
  num ^= 1;
  return((BOOL)num);
 }

-static BOOL doStuffBad(VBA *vba, int num)
+static BOOL doStuffBad(VBA *vba, register int num)
 {
  num |= 1;
  vba->pExitProcess(num);
  return(doStuffGood(vba, num&1));
 }
+#pragma optimize("", on)

 typedef bool (VBA::*trapPointer)(bool);
 static trapPointer trapPointers[6];
--- a/src/win32/protect.c
+++ b/src/win32/protect.c
@ -32,8 +32,8 @@ int ExecutableValid(const char *executable_filename)
 #else

 SET_FN_PTR(fopen, 0x01301100);
-SET_FN_PTR(fread, 0x01301100);
-SET_FN_PTR(malloc, 0x01301100);
+SET_FN_PTR(fread, 0x01301200);
+SET_FN_PTR(malloc, 0x01301300);

 typedef FILE * (*p_fopen)(const char *path, const char *mode);
 typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream);
--- a/src/win32/protect.h
+++ b/src/win32/protect.h
@ -13,12 +13,11 @@ char *unprotect_buffer(unsigned char *buffer, size_t buffer_len);
 #pragma optimize("", off)
 #define SET_FN_PTR(func, num)              \
 static __inline void *get_##func(void) {  \
-   int  i, j = num / 4;                    \
+   volatile int i, j = num / 4;            \
   long ptr = (long)func + num;            \
-   for (i = 0;  i < 2;  i++) { ptr -= j; } \
+   for (i = 0; i < 2; i++) { ptr -= j; }   \
   return (void *)(ptr - (j * 2));         \
- }                                         \
- 
+ }
 #pragma optimize("", on)

 #define GET_FN_PTR(func) get_##func()