From 63337c083cd8beb3b7dca13bc605939cdbf71276 Mon Sep 17 00:00:00 2001 From: n-a-c-h Date: Wed, 28 May 2008 22:43:40 +0000 Subject: [PATCH] Making some things more annoying to notice. git-svn-id: https://svn.code.sf.net/p/vbam/code/trunk@545 a31d4220-a93d-0410-bf67-fe4944624d44 --- src/win32/VBA.cpp | 13 ++++++++++--- src/win32/protect.c | 14 +++++++++++--- src/win32/protect.h | 10 ++++++++++ 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/src/win32/VBA.cpp b/src/win32/VBA.cpp index ef4e3758..4d795190 100644 --- a/src/win32/VBA.cpp +++ b/src/win32/VBA.cpp @@ -492,21 +492,28 @@ static unsigned char getname_encoded[] = { 0xc8, 0x33, 0x3f, 0xdc, 0xdd, 0x21, 0 static unsigned char exit_encoded[] = { 0xca, 0xd2, 0xd5, 0xd9, 0x29, 0x27, 0x26, 0xdb, 0x20, 0x2d, 0x20, 0x00 }; static lpExitProcess protectHelp[2] = { (lpExitProcess)srandWrap, (lpExitProcess)0 }; + +typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR); +typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR); + +SET_FN_PTR(LoadLibrary, 0x01301100); +SET_FN_PTR(GetProcAddress, 0x01301100); + int VBA::doProtection() { char szEXEFileName[260]; *szEXEFileName = 0; - HMODULE hM_kernel32 = LoadLibrary(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded))); + HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded))); if (hM_kernel32) { - pGetModuleFileNameA = (lpGetModuleFileNameA)GetProcAddress(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded))); + pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded))); if (pGetModuleFileNameA) { pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName)); } - pExitProcess = (lpExitProcess)GetProcAddress(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded))); + pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded))); protectHelp[1] = pExitProcess; return(ExecutableValid(szEXEFileName)); diff --git a/src/win32/protect.c b/src/win32/protect.c index 165a575c..81e92556 100644 --- a/src/win32/protect.c +++ b/src/win32/protect.c @@ -31,6 +31,14 @@ int ExecutableValid(const char *executable_filename) #else +SET_FN_PTR(fopen, 0x01301100); +SET_FN_PTR(fread, 0x01301100); +SET_FN_PTR(malloc, 0x01301100); + +typedef FILE * (*p_fopen)(const char *path, const char *mode); +typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream); +typedef void * (*p_malloc)(size_t size); + static uint8_t *memmem(const uint8_t *haystack, size_t haystacklen, const uint8_t *needle, size_t needlelen) { if (needlelen) @@ -82,7 +90,7 @@ int ExecutableValid(const char *executable_filename) FILE *fp; int retval = 1; //Invalid - if ((fp = fopen(executable_filename, "rb"))) + if ((fp = ((p_fopen)GET_FN_PTR(fopen))(executable_filename, "rb"))) { size_t file_size; uint8_t *buffer; @@ -90,12 +98,12 @@ int ExecutableValid(const char *executable_filename) fseek(fp, 0, SEEK_END); file_size = ftell(fp); - if ((buffer = malloc(file_size))) //Mallocing the whole file? Oh Noes! + if ((buffer = ((p_malloc)GET_FN_PTR(malloc))(file_size))) //Mallocing the whole file? Oh Noes! { const uint8_t *p; rewind(fp); - fread(buffer, 1, file_size, fp); + ((p_fread)GET_FN_PTR(fread))(buffer, 1, file_size, fp); if ((p = memmem(buffer, file_size, (const uint8_t *)data, sizeof(data)))) { diff --git a/src/win32/protect.h b/src/win32/protect.h index 3cd156ec..0bd6cd13 100644 --- a/src/win32/protect.h +++ b/src/win32/protect.h @@ -10,6 +10,16 @@ extern "C" { int ExecutableValid(const char *executable_filename); char *unprotect_buffer(unsigned char *buffer, size_t buffer_len); +#define SET_FN_PTR(func, num) \ + static inline void *get_##func(void) { \ + int i, j = num / 4; \ + long ptr = (long)func + num; \ + for (i = 0; i < 2; i++) ptr -= j; \ + return (void *)(ptr - (j * 2)); \ + } + +#define GET_FN_PTR(func) get_##func() + #if defined(__cplusplus) } #endif