diff --git a/dll/HEH/MinHook.h b/dll/HEH/MinHook.h deleted file mode 100644 index 492d83f..0000000 --- a/dll/HEH/MinHook.h +++ /dev/null @@ -1,185 +0,0 @@ -/* - * MinHook - The Minimalistic API Hooking Library for x64/x86 - * Copyright (C) 2009-2017 Tsuda Kageyu. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#pragma once - -#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__) - #error MinHook supports only x86 and x64 systems. -#endif - -#include - -// MinHook Error Codes. -typedef enum MH_STATUS -{ - // Unknown error. Should not be returned. - MH_UNKNOWN = -1, - - // Successful. - MH_OK = 0, - - // MinHook is already initialized. - MH_ERROR_ALREADY_INITIALIZED, - - // MinHook is not initialized yet, or already uninitialized. - MH_ERROR_NOT_INITIALIZED, - - // The hook for the specified target function is already created. - MH_ERROR_ALREADY_CREATED, - - // The hook for the specified target function is not created yet. - MH_ERROR_NOT_CREATED, - - // The hook for the specified target function is already enabled. - MH_ERROR_ENABLED, - - // The hook for the specified target function is not enabled yet, or already - // disabled. - MH_ERROR_DISABLED, - - // The specified pointer is invalid. It points the address of non-allocated - // and/or non-executable region. - MH_ERROR_NOT_EXECUTABLE, - - // The specified target function cannot be hooked. - MH_ERROR_UNSUPPORTED_FUNCTION, - - // Failed to allocate memory. - MH_ERROR_MEMORY_ALLOC, - - // Failed to change the memory protection. - MH_ERROR_MEMORY_PROTECT, - - // The specified module is not loaded. - MH_ERROR_MODULE_NOT_FOUND, - - // The specified function is not found. - MH_ERROR_FUNCTION_NOT_FOUND -} -MH_STATUS; - -// Can be passed as a parameter to MH_EnableHook, MH_DisableHook, -// MH_QueueEnableHook or MH_QueueDisableHook. -#define MH_ALL_HOOKS NULL - -#ifdef __cplusplus -extern "C" { -#endif - - // Initialize the MinHook library. You must call this function EXACTLY ONCE - // at the beginning of your program. - MH_STATUS WINAPI MH_Initialize(VOID); - - // Uninitialize the MinHook library. You must call this function EXACTLY - // ONCE at the end of your program. - MH_STATUS WINAPI MH_Uninitialize(VOID); - - // Creates a hook for the specified target function, in disabled state. - // Parameters: - // pTarget [in] A pointer to the target function, which will be - // overridden by the detour function. - // pDetour [in] A pointer to the detour function, which will override - // the target function. - // ppOriginal [out] A pointer to the trampoline function, which will be - // used to call the original target function. - // This parameter can be NULL. - MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); - - // Creates a hook for the specified API function, in disabled state. - // Parameters: - // pszModule [in] A pointer to the loaded module name which contains the - // target function. - // pszProcName [in] A pointer to the target function name, which will be - // overridden by the detour function. - // pDetour [in] A pointer to the detour function, which will override - // the target function. - // ppOriginal [out] A pointer to the trampoline function, which will be - // used to call the original target function. - // This parameter can be NULL. - MH_STATUS WINAPI MH_CreateHookApi( - LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); - - // Creates a hook for the specified API function, in disabled state. - // Parameters: - // pszModule [in] A pointer to the loaded module name which contains the - // target function. - // pszProcName [in] A pointer to the target function name, which will be - // overridden by the detour function. - // pDetour [in] A pointer to the detour function, which will override - // the target function. - // ppOriginal [out] A pointer to the trampoline function, which will be - // used to call the original target function. - // This parameter can be NULL. - // ppTarget [out] A pointer to the target function, which will be used - // with other functions. - // This parameter can be NULL. - MH_STATUS WINAPI MH_CreateHookApiEx( - LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); - - // Removes an already created hook. - // Parameters: - // pTarget [in] A pointer to the target function. - MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); - - // Enables an already created hook. - // Parameters: - // pTarget [in] A pointer to the target function. - // If this parameter is MH_ALL_HOOKS, all created hooks are - // enabled in one go. - MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); - - // Disables an already created hook. - // Parameters: - // pTarget [in] A pointer to the target function. - // If this parameter is MH_ALL_HOOKS, all created hooks are - // disabled in one go. - MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); - - // Queues to enable an already created hook. - // Parameters: - // pTarget [in] A pointer to the target function. - // If this parameter is MH_ALL_HOOKS, all created hooks are - // queued to be enabled. - MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); - - // Queues to disable an already created hook. - // Parameters: - // pTarget [in] A pointer to the target function. - // If this parameter is MH_ALL_HOOKS, all created hooks are - // queued to be disabled. - MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); - - // Applies all queued changes in one go. - MH_STATUS WINAPI MH_ApplyQueued(VOID); - - // Translates the MH_STATUS to its name as a string. - const char * WINAPI MH_StatusToString(MH_STATUS status); - -#ifdef __cplusplus -} -#endif diff --git a/dll/HEH/MinHook.lib b/dll/HEH/MinHook.lib deleted file mode 100644 index 749c13b..0000000 Binary files a/dll/HEH/MinHook.lib and /dev/null differ diff --git a/dll/HEH/dllmain.cpp b/dll/HEH/dllmain.cpp index 22f0c76..300c977 100644 --- a/dll/HEH/dllmain.cpp +++ b/dll/HEH/dllmain.cpp @@ -1,11 +1,9 @@ #define _CRT_SECURE_NO_WARNINGS -#include "MinHook.h" #include #include #include #include #include -#include "obfuscate.h" HANDLE p; void patch(PVOID address, int opCode, int bytes) { DWORD protectbak, dumbshit; @@ -19,16 +17,12 @@ void patchm(PVOID address, std::vector bytes, int size) { memcpy(address, bytes.data(), size); VirtualProtect(address, size, protectbak, &dumbshit); } -bool neger = true; void log(const char* msg) { - if (neger) { - time_t currentTime; - struct tm* localTime; - time(¤tTime); - localTime = localtime(¤tTime); - printf("[%02d:%02d:%02d] %s\n", localTime->tm_hour, localTime->tm_min, localTime->tm_sec, msg); - } - + time_t currentTime; + struct tm* localTime; + time(¤tTime); + localTime = localtime(¤tTime); + printf("[%02d:%02d:%02d] %s\n", localTime->tm_hour, localTime->tm_min, localTime->tm_sec, msg); } @@ -36,29 +30,29 @@ __declspec(dllexport) void lessgo(HMODULE hmod) { AllocConsole(); p = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId()); freopen("CONOUT$", "w", stdout); - DWORD64 mod = (DWORD64)LoadLibraryA(std::string(AY_OBFUSCATE("C:\\Ethereal\\Ethereal.dll")).c_str()); + DWORD64 mod = (DWORD64)LoadLibraryA(std::string("C:\\Ethereal\\Ethereal.dll").c_str()); std::stringstream ss; ss << std::hex << mod; patch((void*)(mod + 0x000000000004A980), 0xB8, 1); - log(AY_OBFUSCATE("Applied patch 1/10")); + log("Applied patch 1/10"); patch((void*)(mod + 0x000000000004A981), 0x01, 1); - log(AY_OBFUSCATE("Applied patch 2/10")); + log("Applied patch 2/10"); patch((void*)(mod + 0x000000000004A982), 0x00, 1); - log(AY_OBFUSCATE("Applied patch 3/10")); + log("Applied patch 3/10"); patch((void*)(mod + 0x000000000004A983), 0x00, 1); - log(AY_OBFUSCATE("Applied patch 4/10")); + log("Applied patch 4/10"); patch((void*)(mod + 0x000000000004A984), 0x00, 1); - log(AY_OBFUSCATE("Applied patch 5/10")); + log("Applied patch 5/10"); patch((void*)(mod + 0x000000000004A985), 0xC3, 1); - log(AY_OBFUSCATE("Applied patch 6/10")); + log("Applied patch 6/10"); patch((void*)(mod + 0x000000000004A986), 0x90, 1); - log(AY_OBFUSCATE("Applied patch 7/10")); + log("Applied patch 7/10"); patch((void*)(mod + 0x000000000004A987), 0x90, 1); - log(AY_OBFUSCATE("Applied patch 8/10")); + log("Applied patch 8/10"); patch((void*)(mod + 0x000000000004A988), 0x90, 1); - log(AY_OBFUSCATE("Applied patch 9/10")); + log("Applied patch 9/10"); patch((void*)(mod + 0x000000000004A989), 0x90, 1); - log(AY_OBFUSCATE("Applied patch 10/10")); + log("Applied patch 10/10"); while (FindWindowA(0, "Ethereal") == NULL) Sleep(100); HWND w = FindWindowA(0, "Ethereal"); diff --git a/dll/HEH/obfuscate.h b/dll/HEH/obfuscate.h deleted file mode 100644 index cf28e67..0000000 --- a/dll/HEH/obfuscate.h +++ /dev/null @@ -1,238 +0,0 @@ -#pragma once -/* --------------------------------- ABOUT ------------------------------------- - -Original Author: Adam Yaxley -Website: https://github.com/adamyaxley -License: See end of file - -Obfuscate -Guaranteed compile-time string literal obfuscation library for C++14 - -Usage: -Pass string literals into the AY_OBFUSCATE macro to obfuscate them at compile -time. AY_OBFUSCATE returns a reference to an ay::obfuscated_data object with the -following traits: - - Guaranteed obfuscation of string - The passed string is encrypted with a simple XOR cipher at compile-time to - prevent it being viewable in the binary image - - Global lifetime - The actual instantiation of the ay::obfuscated_data takes place inside a - lambda as a function level static - - Implicitly convertable to a char* - This means that you can pass it directly into functions that would normally - take a char* or a const char* - -Example: -const char* obfuscated_string = AY_OBFUSCATE("Hello World"); -std::cout << obfuscated_string << std::endl; - ------------------------------------------------------------------------------ */ - -// Workaround for __LINE__ not being constexpr when /ZI (Edit and Continue) is enabled in Visual Studio -// See: https://developercommunity.visualstudio.com/t/-line-cannot-be-used-as-an-argument-for-constexpr/195665 -#ifdef _MSC_VER -#define AY_CAT(X,Y) AY_CAT2(X,Y) -#define AY_CAT2(X,Y) X##Y -#define AY_LINE int(AY_CAT(__LINE__,U)) -#else -#define AY_LINE __LINE__ -#endif - -#ifndef AY_OBFUSCATE_DEFAULT_KEY - // The default 64 bit key to obfuscate strings with. - // This can be user specified by defining AY_OBFUSCATE_DEFAULT_KEY before - // including obfuscate.h -#define AY_OBFUSCATE_DEFAULT_KEY ay::generate_key(AY_LINE) -#endif - -namespace ay -{ - using size_type = unsigned long long; - using key_type = unsigned long long; - - // Generate a pseudo-random key that spans all 8 bytes - constexpr key_type generate_key(key_type seed) - { - // Use the MurmurHash3 64-bit finalizer to hash our seed - key_type key = seed; - key ^= (key >> 33); - key *= 0xff51afd7ed558ccd; - key ^= (key >> 33); - key *= 0xc4ceb9fe1a85ec53; - key ^= (key >> 33); - - // Make sure that a bit in each byte is set - key |= 0x0101010101010101ull; - - return key; - } - - // Obfuscates or deobfuscates data with key - constexpr void cipher(char* data, size_type size, key_type key) - { - // Obfuscate with a simple XOR cipher based on key - for (size_type i = 0; i < size; i++) - { - data[i] ^= char(key >> ((i % 8) * 8)); - } - } - - // Obfuscates a string at compile time - template - class obfuscator - { - public: - // Obfuscates the string 'data' on construction - constexpr obfuscator(const char* data) - { - // Copy data - for (size_type i = 0; i < N; i++) - { - m_data[i] = data[i]; - } - - // On construction each of the characters in the string is - // obfuscated with an XOR cipher based on key - cipher(m_data, N, KEY); - } - - constexpr const char* data() const - { - return &m_data[0]; - } - - constexpr size_type size() const - { - return N; - } - - constexpr key_type key() const - { - return KEY; - } - - private: - - char m_data[N]{}; - }; - - // Handles decryption and re-encryption of an encrypted string at runtime - template - class obfuscated_data - { - public: - obfuscated_data(const obfuscator& obfuscator) - { - // Copy obfuscated data - for (size_type i = 0; i < N; i++) - { - m_data[i] = obfuscator.data()[i]; - } - } - - ~obfuscated_data() - { - // Zero m_data to remove it from memory - for (size_type i = 0; i < N; i++) - { - m_data[i] = 0; - } - } - - // Returns a pointer to the plain text string, decrypting it if - // necessary - operator char* () - { - decrypt(); - return m_data; - } - - // Manually decrypt the string - void decrypt() - { - if (m_encrypted) - { - cipher(m_data, N, KEY); - m_encrypted = false; - } - } - - // Manually re-encrypt the string - void encrypt() - { - if (!m_encrypted) - { - cipher(m_data, N, KEY); - m_encrypted = true; - } - } - - // Returns true if this string is currently encrypted, false otherwise. - bool is_encrypted() const - { - return m_encrypted; - } - - private: - - // Local storage for the string. Call is_encrypted() to check whether or - // not the string is currently obfuscated. - char m_data[N]; - - // Whether data is currently encrypted - bool m_encrypted{ true }; - }; - - // This function exists purely to extract the number of elements 'N' in the - // array 'data' - template - constexpr auto make_obfuscator(const char(&data)[N]) - { - return obfuscator(data); - } -} - -// Obfuscates the string 'data' at compile-time and returns a reference to a -// ay::obfuscated_data object with global lifetime that has functions for -// decrypting the string and is also implicitly convertable to a char* -#define AY_OBFUSCATE(data) AY_OBFUSCATE_KEY(data, AY_OBFUSCATE_DEFAULT_KEY) - -// Obfuscates the string 'data' with 'key' at compile-time and returns a -// reference to a ay::obfuscated_data object with global lifetime that has -// functions for decrypting the string and is also implicitly convertable to a -// char* -#define AY_OBFUSCATE_KEY(data, key) \ - []() -> ay::obfuscated_data& { \ - static_assert(sizeof(decltype(key)) == sizeof(ay::key_type), "key must be a 64 bit unsigned integer"); \ - static_assert((key) >= (1ull << 56), "key must span all 8 bytes"); \ - constexpr auto n = sizeof(data)/sizeof(data[0]); \ - constexpr auto obfuscator = ay::make_obfuscator(data); \ - static auto obfuscated_data = ay::obfuscated_data(obfuscator); \ - return obfuscated_data; \ - }() - -/* -------------------------------- LICENSE ------------------------------------ - -Public Domain (http://www.unlicense.org) - -This is free and unencumbered software released into the public domain. - -Anyone is free to copy, modify, publish, use, compile, sell, or distribute this -software, either in source code form or as a compiled binary, for any purpose, -commercial or non-commercial, and by any means. - -In jurisdictions that recognize copyright laws, the author or authors of this -software dedicate any and all copyright interest in the software to the public -domain. We make this dedication for the benefit of the public at large and to -the detriment of our heirs and successors. We intend this dedication to be an -overt act of relinquishment in perpetuity of all present and future rights to -this software under copyright law. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF -CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - ------------------------------------------------------------------------------ */ \ No newline at end of file