diff options
author | Tavis Ormandy <taviso@gmail.com> | 2021-01-13 00:43:04 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-13 00:43:04 +0300 |
commit | 16ddcd4d17329e73507704c272d340eef801d957 (patch) | |
tree | 5555a4766b25c232bc05f6a8f10a4ca6590c2429 | |
parent | 9910ceda2e48955e72ab523a57a9aff75b125e47 (diff) | |
parent | 8585b6352e8c90460e2b78fe6a4d90c5674e85b8 (diff) |
Merge pull request #88 from cube0x8/additional_apis
Additional apis + some fix and improvement
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | peloader/winapi/Heap.c | 20 | ||||
-rw-r--r-- | peloader/winapi/Internal.c | 41 | ||||
-rw-r--r-- | peloader/winapi/LoadLibrary.c | 8 | ||||
-rw-r--r-- | peloader/winapi/Paths.c | 26 | ||||
-rw-r--r-- | peloader/winapi/Process.c | 23 | ||||
-rw-r--r-- | peloader/winapi/Wer.c | 21 | ||||
-rw-r--r-- | peloader/winnt_types.h | 118 |
8 files changed, 219 insertions, 40 deletions
@@ -7,3 +7,5 @@ mpclient avscript eicar.com +.gradle/ +.idea/ diff --git a/peloader/winapi/Heap.c b/peloader/winapi/Heap.c index d34bf07..5747232 100644 --- a/peloader/winapi/Heap.c +++ b/peloader/winapi/Heap.c @@ -51,6 +51,15 @@ STATIC BOOL WINAPI HeapFree(HANDLE hHeap, DWORD dwFlags, PVOID lpMem) return TRUE; } +STATIC BOOL WINAPI RtlFreeHeap(PVOID HeapHandle, ULONG Flags, PVOID BaseAddress) +{ + DebugLog("%p, %#x, %p", HeapHandle, Flags, BaseAddress); + + free(BaseAddress); + + return TRUE; +} + STATIC SIZE_T WINAPI HeapSize(HANDLE hHeap, DWORD dwFlags, PVOID lpMem) { return malloc_usable_size(lpMem); @@ -105,6 +114,15 @@ STATIC PVOID WINAPI RtlAllocateHeap(PVOID HeapHandle, return malloc(Size); } +STATIC NTSTATUS WINAPI RtlSetHeapInformation(PVOID Heap, + HEAP_INFORMATION_CLASS HeapInformationClass, + PVOID HeapInformation, + SIZE_T HeapInformationLength) +{ + DebugLog("%p, %d", Heap, HeapInformationLength); + return 0; +} + STATIC PVOID WINAPI GlobalAlloc(UINT uFlags, SIZE_T uBytes) { PVOID Buffer = malloc(uBytes); @@ -126,6 +144,8 @@ DECLARE_CRT_EXPORT("HeapCreate", HeapCreate); DECLARE_CRT_EXPORT("GetProcessHeap", GetProcessHeap); DECLARE_CRT_EXPORT("HeapAlloc", HeapAlloc); DECLARE_CRT_EXPORT("HeapFree", HeapFree); +DECLARE_CRT_EXPORT("RtlFreeHeap", RtlFreeHeap); +DECLARE_CRT_EXPORT("RtlSetHeapInformation", RtlSetHeapInformation); DECLARE_CRT_EXPORT("HeapSize", HeapSize); DECLARE_CRT_EXPORT("HeapReAlloc", HeapReAlloc); DECLARE_CRT_EXPORT("LocalAlloc", LocalAlloc); diff --git a/peloader/winapi/Internal.c b/peloader/winapi/Internal.c index 92f446c..e20dcb9 100644 --- a/peloader/winapi/Internal.c +++ b/peloader/winapi/Internal.c @@ -50,30 +50,50 @@ ULONG WINAPI EtwEventWrite(HANDLE RegHAndle, PVOID EventDescriptor, ULONG UserDa return 0; } -static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile, - ULONG Flags, - PUNICODE_STRING ModuleFilename, - PHANDLE ModuleHandle) +static NTSTATUS WINAPI LdrLoadDll(PWCHAR PathToFile, + ULONG Flags, + PUNICODE_STRING ModuleFilename, + PHANDLE ModuleHandle) { char *PathToFileA = CreateAnsiFromWide(PathToFile); + char *ModuleFilenameA = CreateAnsiFromWide(ModuleFilename->Buffer); - DebugLog("%p [%s], %p, %p, %#x", PathToFile, PathToFileA, ModuleFilename, ModuleHandle, Flags); + DebugLog("%p [%s], %p [%s], %p, %#x", PathToFile, PathToFileA, ModuleFilename, ModuleFilenameA, ModuleHandle, Flags); + + *ModuleHandle = (HANDLE) 'LOAD'; free(PathToFileA); + free(ModuleFilenameA); - return (HANDLE) 'LOAD'; + return 0; } -NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, - PANSI_STRING Name, - WORD Ordinal, - PVOID *Address) +static NTSTATUS WINAPI LdrUnloadDll(HANDLE ModuleHandle) { + DebugLog("%p", ModuleHandle); + + return 0; +} + +static NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, + PANSI_STRING Name, + WORD Ordinal, + PVOID *Address) { DebugLog("%p %s %hu %p", Module, Name->buf, Ordinal, Address); // Recognizable value to crash on. *Address = (PVOID) 'LDRZ'; + // Search if the requested function has been already exported. + ENTRY e = { Name->buf, NULL }, *ep; + hsearch_r(e, FIND, &ep, &crtexports); + + // If found, store the pointer and return. + if (ep != NULL) { + *Address = ep->data; + return 0; + } + if (strcmp(Name->buf, "EtwEventRegister") == 0) { *Address = EtwRegister; } @@ -91,4 +111,5 @@ DECLARE_CRT_EXPORT("RtlAcquirePebLock", RtlAcquirePebLock); DECLARE_CRT_EXPORT("RtlReleasePebLock", RtlReleasePebLock); DECLARE_CRT_EXPORT("LdrGetDllHandle", LdrGetDllHandle); DECLARE_CRT_EXPORT("LdrLoadDll", LdrLoadDll); +DECLARE_CRT_EXPORT("LdrUnloadDll", LdrUnloadDll); DECLARE_CRT_EXPORT("LdrGetProcedureAddress", LdrGetProcedureAddress); diff --git a/peloader/winapi/LoadLibrary.c b/peloader/winapi/LoadLibrary.c index ba796bd..cc95e05 100644 --- a/peloader/winapi/LoadLibrary.c +++ b/peloader/winapi/LoadLibrary.c @@ -77,7 +77,7 @@ static DWORD WINAPI GetModuleFileNameA(HANDLE hModule, PCHAR lpFilename, DWORD n { DebugLog("%p, %p, %u", hModule, lpFilename, nSize); - strncpy(lpFilename, "fakename.exe", nSize); + strncpy(lpFilename, "C:\\dummy\\fakename.exe", nSize); return strlen(lpFilename); } @@ -86,11 +86,11 @@ static DWORD WINAPI GetModuleFileNameW(HANDLE hModule, PWCHAR lpFilename, DWORD { DebugLog("%p, %p, %u", hModule, lpFilename, nSize); - if (nSize > strlen("fakename.exe")) { - memcpy(lpFilename, L"fakename.exe", sizeof(L"fakename.exe")); + if (nSize > strlen("C:\\dummy\\fakename.exe")) { + memcpy(lpFilename, L"C:\\dummy\\fakename.exe", sizeof(L"C:\\dummy\\fakename.exe")); } - return strlen("fakename.exe"); + return strlen("C:\\dummy\\fakename.exe"); } static HANDLE WINAPI GetModuleHandleA(PCHAR lpModuleName) diff --git a/peloader/winapi/Paths.c b/peloader/winapi/Paths.c index bab53d0..6cb00ea 100644 --- a/peloader/winapi/Paths.c +++ b/peloader/winapi/Paths.c @@ -42,6 +42,32 @@ UINT WINAPI GetDriveTypeW(PWCHAR lpRootPathName) return DRIVE_FIXED; } +DWORD WINAPI GetLongPathNameA(LPCSTR lpszShortPath, + LPSTR lpszLongPath, + DWORD cchBuffer) +{ + // For now we just return the 8.3 format path as the long path + if (cchBuffer > strlen(lpszShortPath)) { + memcpy(lpszLongPath, lpszShortPath, sizeof(lpszShortPath)); + } + + return strlen(lpszShortPath); +} + +DWORD WINAPI GetLongPathNameW(LPCWSTR lpszShortPath, + LPWSTR lpszLongPath, + DWORD cchBuffer) +{ + // For now we just return the 8.3 format path as the long path + if (cchBuffer > CountWideChars(lpszShortPath)) { + memcpy(lpszLongPath, lpszShortPath, CountWideChars(lpszShortPath) * sizeof(WCHAR)); + } + + return CountWideChars(lpszShortPath); +} + DECLARE_CRT_EXPORT("GetTempPathW", GetTempPathW); DECLARE_CRT_EXPORT("GetLogicalDrives", GetLogicalDrives); DECLARE_CRT_EXPORT("GetDriveTypeW", GetDriveTypeW); +DECLARE_CRT_EXPORT("GetLongPathNameA", GetLongPathNameA); +DECLARE_CRT_EXPORT("GetLongPathNameW", GetLongPathNameW); diff --git a/peloader/winapi/Process.c b/peloader/winapi/Process.c new file mode 100644 index 0000000..6f9b2f4 --- /dev/null +++ b/peloader/winapi/Process.c @@ -0,0 +1,23 @@ +#include <stdint.h> +#include <stddef.h> +#include <stdlib.h> +#include <stdbool.h> +#include <search.h> + +#include "winnt_types.h" +#include "pe_linker.h" +#include "ntoskernel.h" +#include "log.h" +#include "winexports.h" +#include "util.h" + +STATIC NTSTATUS WINAPI NtSetInformationProcess(HANDLE ProcessHandle, + PROCESS_INFORMATION_CLASS ProcessInformationClass, + PVOID ProcessInformation, + ULONG ProcessInformationLength) +{ + DebugLog("%p", ProcessHandle); + return 0; +} + +DECLARE_CRT_EXPORT("NtSetInformationProcess", NtSetInformationProcess); diff --git a/peloader/winapi/Wer.c b/peloader/winapi/Wer.c new file mode 100644 index 0000000..e4fb585 --- /dev/null +++ b/peloader/winapi/Wer.c @@ -0,0 +1,21 @@ +#include <stdint.h> +#include <stddef.h> +#include <stdbool.h> +#include <search.h> +#include <assert.h> + +#include "winnt_types.h" +#include "pe_linker.h" +#include "ntoskernel.h" +#include "log.h" +#include "winexports.h" +#include "util.h" + +HRESULT WINAPI WerRegisterMemoryBlock(PVOID pvAddress, + DWORD dwSize) +{ + DebugLog("%p, %d", pvAddress, dwSize); + return 0; +} + +DECLARE_CRT_EXPORT("WerRegisterMemoryBlock", WerRegisterMemoryBlock); diff --git a/peloader/winnt_types.h b/peloader/winnt_types.h index bf197fd..9ae9544 100644 --- a/peloader/winnt_types.h +++ b/peloader/winnt_types.h @@ -137,32 +137,39 @@ #define KI_USER_SHARED_DATA 0xffdf0000 #define MM_SHARED_USER_DATA_VA 0x7ffe0000 -typedef uint8_t BOOLEAN, BOOL; -typedef void *PVOID; -typedef uint8_t BYTE; -typedef uint8_t *PBYTE; -typedef uint8_t *LPBYTE; -typedef int8_t CHAR; -typedef char *PCHAR; -typedef uint8_t UCHAR; -typedef uint8_t *PUCHAR; -typedef uint16_t SHORT; -typedef uint16_t USHORT; -typedef uint16_t *PUSHORT; -typedef uint16_t WORD; -typedef int32_t INT; -typedef uint32_t UINT; -typedef uint32_t DWORD, *PDWORD; -typedef int32_t LONG; -typedef uint32_t ULONG; -typedef uint32_t *PULONG; -typedef int64_t LONGLONG; -typedef uint64_t ULONGLONG, *PULONGLONG; -typedef uint64_t ULONGULONG; -typedef uint64_t ULONG64; -typedef uint64_t QWORD, *PQWORD; -typedef uint16_t WCHAR, *PWCHAR; -typedef HANDLE *PHANDLE; +typedef uint8_t BOOLEAN, BOOL; +typedef void *PVOID; +typedef uint8_t BYTE; +typedef uint8_t *PBYTE; +typedef uint8_t *LPBYTE; +typedef int8_t CHAR; +typedef char *PCHAR; +typedef wchar_t WCHAR; +typedef CHAR *LPSTR; +typedef const char *LPCSTR; +typedef WCHAR *LPWSTR; +typedef const WCHAR *LPCWSTR; +typedef WCHAR *PWSTR; +typedef uint8_t UCHAR; +typedef uint8_t *PUCHAR; +typedef uint16_t SHORT; +typedef uint16_t USHORT; +typedef uint16_t *PUSHORT; +typedef uint16_t WORD; +typedef int32_t INT; +typedef uint32_t UINT; +typedef uint32_t DWORD, *PDWORD; +typedef int32_t LONG; +typedef uint32_t ULONG; +typedef uint32_t *PULONG; +typedef int64_t LONGLONG; +typedef uint64_t ULONGLONG, *PULONGLONG; +typedef uint64_t ULONGULONG; +typedef uint64_t ULONG64; +typedef uint64_t QWORD, *PQWORD; +typedef uint16_t WCHAR, *PWCHAR; +typedef HANDLE *PHANDLE; +typedef LONG HRESULT; typedef CHAR CCHAR; typedef SHORT CSHORT; @@ -1764,4 +1771,63 @@ static inline struct nt_list *InsertTailList(struct nt_list *head, #define FILE_EXISTS 0x00000004 #define FILE_DOES_NOT_EXIST 0x00000005 +typedef enum _PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessQuotaLimits = 1, + ProcessIoCounters = 2, + ProcessVmCounters = 3, + ProcessTimes = 4, + ProcessBasePriority = 5, + ProcessRaisePriority = 6, + ProcessDebugPort = 7, + ProcessExceptionPort = 8, + ProcessAccessToken = 9, + ProcessLdtInformation = 10, + ProcessLdtSize = 11, + ProcessDefaultHardErrorMode = 12, + ProcessIoPortHandlers = 13, + ProcessPooledUsageAndLimits = 14, + ProcessWorkingSetWatch = 15, + ProcessUserModeIOPL = 16, + ProcessEnableAlignmentFaultFixup = 17, + ProcessPriorityClass = 18, + ProcessWx86Information = 19, + ProcessHandleCount = 20, + ProcessAffinityMask = 21, + ProcessPriorityBoost = 22, + ProcessDeviceMap = 23, + ProcessSessionInformation = 24, + ProcessForegroundInformation = 25, + ProcessWow64Information = 26, + ProcessImageFileName = 27, + ProcessLUIDDeviceMapsEnabled = 28, + ProcessBreakOnTermination = 29, + ProcessDebugObjectHandle = 30, + ProcessDebugFlags = 31, + ProcessHandleTracing = 32, + ProcessExecuteFlags = 34, + ProcessTlsInformation = 35, + ProcessCookie = 36, + ProcessImageInformation = 37, + ProcessCycleTime = 38, + ProcessPagePriority = 39, + ProcessInstrumentationCallback = 40, + ProcessThreadStackAllocation = 41, + ProcessWorkingSetWatchEx = 42, + ProcessImageFileNameWin32 = 43, + ProcessImageFileMapping = 44, + ProcessAffinityUpdateMode = 45, + ProcessMemoryAllocationMode = 46, + ProcessGroupInformation = 47, + ProcessTokenVirtualizationEnabled = 48, + ProcessConsoleHostProcess = 49, + ProcessWindowInformation = 50, + MaxProcessInfoClass +} PROCESSINFOCLASS, PROCESS_INFORMATION_CLASS; + +typedef enum _HEAP_INFORMATION_CLASS { + HeapCompatibilityInformation, + HeapEnableTerminationOnCorruption +} HEAP_INFORMATION_CLASS; + #endif /* WINNT_TYPES_H */ |