From a4379b27b4bbcc5069b467c2928e94433661de17 Mon Sep 17 00:00:00 2001 From: Tavis Ormandy Date: Sun, 1 Mar 2020 10:20:21 -0800 Subject: fix #75, we need to provide a valid certificate There were two problems, some missing syncapi functions and Microsoft now import SymCrypt and verify that the provided certificate chain is valid when doing authenticode verification. This means they don't just trust the system and we can say "everything is fine", they want to double check. An easy workaround is just to give them the root certificate they expect. --- peloader/winapi/Crypt.c | 44 +++++++++++++-- peloader/winapi/Threads.c | 22 ++++++++ peloader/winapi/rootcert.h | 130 +++++++++++++++++++++++++++++++++++++++++++++ peloader/winstrings.h | 1 + 4 files changed, 192 insertions(+), 5 deletions(-) create mode 100644 peloader/winapi/rootcert.h diff --git a/peloader/winapi/Crypt.c b/peloader/winapi/Crypt.c index 27eec18..7ed60ef 100644 --- a/peloader/winapi/Crypt.c +++ b/peloader/winapi/Crypt.c @@ -113,12 +113,25 @@ static NTSTATUS WINAPI BCryptGenRandom(PVOID phAlgorithm, PUCHAR pbBuffer, ULONG return STATUS_SUCCESS; } -static BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, PVOID pszX500, DWORD dwStrType, void *pvReserved, BYTE *pbEncoded, DWORD *pcbEncoded, PVOID ppszError) +static BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, + PVOID pszX500, + DWORD dwStrType, + void *pvReserved, + BYTE *pbEncoded, + DWORD *pcbEncoded, + PVOID ppszError) { uint16_t CertName[] = L"Totally Legitimate Certificate Name"; char *name = CreateAnsiFromWide(pszX500); - DebugLog("%u, %p [%s], %u, %p, %p, %p, %p", dwCertEncodingType, pszX500, name, dwStrType, pvReserved, pbEncoded, pcbEncoded, ppszError); + DebugLog("%u, %p [%s], %u, %p, %p, %p, %p", dwCertEncodingType, + pszX500, + name, + dwStrType, + pvReserved, + pbEncoded, + pcbEncoded, + ppszError); free(name); *pcbEncoded = sizeof(CertName); @@ -130,7 +143,11 @@ static BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, PVOID pszX500, DWORD return TRUE; } -static HANDLE WINAPI CertOpenStore(PCHAR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, PVOID hCryptProv, DWORD dwFlags, PVOID pvPara) +static HANDLE WINAPI CertOpenStore(PCHAR lpszStoreProvider, + DWORD dwMsgAndCertEncodingType, + PVOID hCryptProv, + DWORD dwFlags, + PVOID pvPara) { return (HANDLE) 'STOR'; } @@ -139,12 +156,26 @@ enum { CERT_FIND_SUBJECT_NAME = 131079, }; -static PVOID WINAPI CertFindCertificateInStore(HANDLE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, PVOID pvFindPara, PVOID pPrevCertContext) + + +#include "rootcert.h" + +static PVOID WINAPI CertFindCertificateInStore(HANDLE hCertStore, + DWORD dwCertEncodingType, + DWORD dwFindFlags, + DWORD dwFindType, + PVOID pvFindPara, + PVOID pPrevCertContext) { static CERT_INFO FakeInfo = {0}; static CERT_CONTEXT FakeCert = {0}; - DebugLog("%p, %u, %#x, %#x, %p, %p", hCertStore, dwCertEncodingType, dwFindFlags, dwFindType, pvFindPara, pPrevCertContext); + DebugLog("%p, %u, %#x, %#x, %p, %p", hCertStore, + dwCertEncodingType, + dwFindFlags, + dwFindType, + pvFindPara, + pPrevCertContext); switch (dwFindType) { case CERT_FIND_SUBJECT_NAME: { @@ -155,6 +186,9 @@ static PVOID WINAPI CertFindCertificateInStore(HANDLE hCertStore, DWORD dwCertEn DebugLog("FakeCert: %p", &FakeCert); + FakeCert.dwCertEncodingType = 1; + FakeCert.pbCertEncoded = RootCertificate; + FakeCert.cbCertEncoded = sizeof(RootCertificate); FakeCert.pCertInfo = &FakeInfo; FakeCert.pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId = "1.2.840.113549.1.1.1"; diff --git a/peloader/winapi/Threads.c b/peloader/winapi/Threads.c index bfd5a4d..ad2f512 100644 --- a/peloader/winapi/Threads.c +++ b/peloader/winapi/Threads.c @@ -44,6 +44,25 @@ static __stdcall void CloseThreadpoolTimer(PVOID pti) DebugLog("%p", pti); } +static __stdcall void InitializeConditionVariable(PVOID ConditionVariable) +{ + DebugLog("%p", ConditionVariable); +} + +static __stdcall BOOL SleepConditionVariableCS(PVOID ConditionVariable, + PVOID CriticalSection, + DWORD dwMilliseconds) +{ + DebugLog("%p %p %u", ConditionVariable, CriticalSection, dwMilliseconds); + return TRUE; +} + +static __stdcall void WakeAllConditionVariable(PVOID ConditionVariable) +{ + DebugLog("%p", ConditionVariable); +} + + static __stdcall PVOID CreateThreadpoolWait() { DebugLog(""); return NULL; } static __stdcall PVOID SetThreadpoolWait() { DebugLog(""); return NULL; } static __stdcall PVOID SubmitThreadpoolWork() { DebugLog(""); return NULL; } @@ -71,6 +90,9 @@ static __stdcall void WaitForThreadpoolWorkCallbacks(PVOID pwk, BOOL fCancelPend DECLARE_CRT_EXPORT("CreateThreadPoolWait", CreateThreadPoolWait); DECLARE_CRT_EXPORT("CreateThreadPool", CreateThreadPool); +DECLARE_CRT_EXPORT("InitializeConditionVariable", InitializeConditionVariable); +DECLARE_CRT_EXPORT("SleepConditionVariableCS", SleepConditionVariableCS); +DECLARE_CRT_EXPORT("WakeAllConditionVariable", WakeAllConditionVariable); DECLARE_CRT_EXPORT("CreateThreadpoolTimer", CreateThreadpoolTimer); DECLARE_CRT_EXPORT("CloseThreadpoolTimer", CloseThreadpoolTimer); diff --git a/peloader/winapi/rootcert.h b/peloader/winapi/rootcert.h new file mode 100644 index 0000000..5988e5f --- /dev/null +++ b/peloader/winapi/rootcert.h @@ -0,0 +1,130 @@ +// Microsoft Root Certificate Authority 2010 +static uint8_t RootCertificate[] = { + 0x30, 0x82, 0x05, 0xed, 0x30, 0x82, 0x03, 0xd5, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x10, 0x28, 0xcc, 0x3a, 0x25, 0xbf, 0xba, 0x44, 0xac, 0x44, + 0x9a, 0x9b, 0x58, 0x6b, 0x43, 0x39, 0xaa, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, + 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, + 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, + 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, + 0x36, 0x32, 0x33, 0x32, 0x31, 0x35, 0x37, 0x32, 0x34, 0x5a, 0x17, 0x0d, + 0x33, 0x35, 0x30, 0x36, 0x32, 0x33, 0x32, 0x32, 0x30, 0x34, 0x30, 0x31, + 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x82, 0x02, 0x22, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, + 0x02, 0x82, 0x02, 0x01, 0x00, 0xb9, 0x08, 0x9e, 0x28, 0xe4, 0xe4, 0xec, + 0x06, 0x4e, 0x50, 0x68, 0xb3, 0x41, 0xc5, 0x7b, 0xeb, 0xae, 0xb6, 0x8e, + 0xaf, 0x81, 0xba, 0x22, 0x44, 0x1f, 0x65, 0x34, 0x69, 0x4c, 0xbe, 0x70, + 0x40, 0x17, 0xf2, 0x16, 0x7b, 0xe2, 0x79, 0xfd, 0x86, 0xed, 0x0d, 0x39, + 0xf4, 0x1b, 0xa8, 0xad, 0x92, 0x90, 0x1e, 0xcb, 0x3d, 0x76, 0x8f, 0x5a, + 0xd9, 0xb5, 0x91, 0x10, 0x2e, 0x3c, 0x05, 0x8d, 0x8a, 0x6d, 0x24, 0x54, + 0xe7, 0x1f, 0xed, 0x56, 0xad, 0x83, 0xb4, 0x50, 0x9c, 0x15, 0xa5, 0x17, + 0x74, 0x88, 0x59, 0x20, 0xfc, 0x08, 0xc5, 0x84, 0x76, 0xd3, 0x68, 0xd4, + 0x6f, 0x28, 0x78, 0xce, 0x5c, 0xb8, 0xf3, 0x50, 0x90, 0x44, 0xff, 0xe3, + 0x63, 0x5f, 0xbe, 0xa1, 0x9a, 0x2c, 0x96, 0x15, 0x04, 0xd6, 0x07, 0xfe, + 0x1e, 0x84, 0x21, 0xe0, 0x42, 0x31, 0x11, 0xc4, 0x28, 0x36, 0x94, 0xcf, + 0x50, 0xa4, 0x62, 0x9e, 0xc9, 0xd6, 0xab, 0x71, 0x00, 0xb2, 0x5b, 0x0c, + 0xe6, 0x96, 0xd4, 0x0a, 0x24, 0x96, 0xf5, 0xff, 0xc6, 0xd5, 0xb7, 0x1b, + 0xd7, 0xcb, 0xb7, 0x21, 0x62, 0xaf, 0x12, 0xdc, 0xa1, 0x5d, 0x37, 0xe3, + 0x1a, 0xfb, 0x1a, 0x46, 0x98, 0xc0, 0x9b, 0xc0, 0xe7, 0x63, 0x1f, 0x2a, + 0x08, 0x93, 0x02, 0x7e, 0x1e, 0x6a, 0x8e, 0xf2, 0x9f, 0x18, 0x89, 0xe4, + 0x22, 0x85, 0xa2, 0xb1, 0x84, 0x57, 0x40, 0xff, 0xf5, 0x0e, 0xd8, 0x6f, + 0x9c, 0xed, 0xe2, 0x45, 0x31, 0x01, 0xcd, 0x17, 0xe9, 0x7f, 0xb0, 0x81, + 0x45, 0xe3, 0xaa, 0x21, 0x40, 0x26, 0xa1, 0x72, 0xaa, 0xa7, 0x4f, 0x3c, + 0x01, 0x05, 0x7e, 0xee, 0x83, 0x58, 0xb1, 0x5e, 0x06, 0x63, 0x99, 0x62, + 0x91, 0x78, 0x82, 0xb7, 0x0d, 0x93, 0x0c, 0x24, 0x6a, 0xb4, 0x1b, 0xdb, + 0x27, 0xec, 0x5f, 0x95, 0x04, 0x3f, 0x93, 0x4a, 0x30, 0xf5, 0x97, 0x18, + 0xb3, 0xa7, 0xf9, 0x19, 0xa7, 0x93, 0x33, 0x1d, 0x01, 0xc8, 0xdb, 0x22, + 0x52, 0x5c, 0xd7, 0x25, 0xc9, 0x46, 0xf9, 0xa2, 0xfb, 0x87, 0x59, 0x43, + 0xbe, 0x9b, 0x62, 0xb1, 0x8d, 0x2d, 0x86, 0x44, 0x1a, 0x46, 0xac, 0x78, + 0x61, 0x7e, 0x30, 0x09, 0xfa, 0xae, 0x89, 0xc4, 0x41, 0x2a, 0x22, 0x66, + 0x03, 0x91, 0x39, 0x45, 0x9c, 0xc7, 0x8b, 0x0c, 0xa8, 0xca, 0x0d, 0x2f, + 0xfb, 0x52, 0xea, 0x0c, 0xf7, 0x63, 0x33, 0x23, 0x9d, 0xfe, 0xb0, 0x1f, + 0xad, 0x67, 0xd6, 0xa7, 0x50, 0x03, 0xc6, 0x04, 0x70, 0x63, 0xb5, 0x2c, + 0xb1, 0x86, 0x5a, 0x43, 0xb7, 0xfb, 0xae, 0xf9, 0x6e, 0x29, 0x6e, 0x21, + 0x21, 0x41, 0x26, 0x06, 0x8c, 0xc9, 0xc3, 0xee, 0xb0, 0xc2, 0x85, 0x93, + 0xa1, 0xb9, 0x85, 0xd9, 0xe6, 0x32, 0x6c, 0x4b, 0x4c, 0x3f, 0xd6, 0x5d, + 0xa3, 0xe5, 0xb5, 0x9d, 0x77, 0xc3, 0x9c, 0xc0, 0x55, 0xb7, 0x74, 0x00, + 0xe3, 0xb8, 0x38, 0xab, 0x83, 0x97, 0x50, 0xe1, 0x9a, 0x42, 0x24, 0x1d, + 0xc6, 0xc0, 0xa3, 0x30, 0xd1, 0x1a, 0x5a, 0xc8, 0x52, 0x34, 0xf7, 0x73, + 0xf1, 0xc7, 0x18, 0x1f, 0x33, 0xad, 0x7a, 0xec, 0xcb, 0x41, 0x60, 0xf3, + 0x23, 0x94, 0x20, 0xc2, 0x48, 0x45, 0xac, 0x5c, 0x51, 0xc6, 0x2e, 0x80, + 0xc2, 0xe2, 0x77, 0x15, 0xbd, 0x85, 0x87, 0xed, 0x36, 0x9d, 0x96, 0x91, + 0xee, 0x00, 0xb5, 0xa3, 0x70, 0xec, 0x9f, 0xe3, 0x8d, 0x80, 0x68, 0x83, + 0x76, 0xba, 0xaf, 0x5d, 0x70, 0x52, 0x22, 0x16, 0xe2, 0x66, 0xfb, 0xba, + 0xb3, 0xc5, 0xc2, 0xf7, 0x3e, 0x2f, 0x77, 0xa6, 0xca, 0xde, 0xc1, 0xa6, + 0xc6, 0x48, 0x4c, 0xc3, 0x37, 0x51, 0x23, 0xd3, 0x27, 0xd7, 0xb8, 0x4e, + 0x70, 0x96, 0xf0, 0xa1, 0x44, 0x76, 0xaf, 0x78, 0xcf, 0x9a, 0xe1, 0x66, + 0x13, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x51, 0x30, 0x4f, 0x30, 0x0b, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, + 0x68, 0xd1, 0x3d, 0x94, 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, + 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, + 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + 0x00, 0xac, 0xa5, 0x96, 0x8c, 0xbf, 0xbb, 0xae, 0xa6, 0xf6, 0xd7, 0x71, + 0x87, 0x43, 0x31, 0x56, 0x88, 0xfd, 0x1c, 0x32, 0x71, 0x5b, 0x35, 0xb7, + 0xd4, 0xf0, 0x91, 0xf2, 0xaf, 0x37, 0xe2, 0x14, 0xf1, 0xf3, 0x02, 0x26, + 0x05, 0x3e, 0x16, 0x14, 0x7f, 0x14, 0xba, 0xb8, 0x4f, 0xfb, 0x89, 0xb2, + 0xb2, 0xe7, 0xd4, 0x09, 0xcc, 0x6d, 0xb9, 0x5b, 0x3b, 0x64, 0x65, 0x70, + 0x66, 0xb7, 0xf2, 0xb1, 0x5a, 0xdf, 0x1a, 0x02, 0xf3, 0xf5, 0x51, 0xb8, + 0x67, 0x6d, 0x79, 0xf3, 0xbf, 0x56, 0x7b, 0xe4, 0x84, 0xb9, 0x2b, 0x1e, + 0x9b, 0x40, 0x9c, 0x26, 0x34, 0xf9, 0x47, 0x18, 0x98, 0x69, 0xd8, 0x1c, + 0xd7, 0xb6, 0xd1, 0xbf, 0x8f, 0x61, 0xc2, 0x67, 0xc4, 0xb5, 0xef, 0x60, + 0x43, 0x8e, 0x10, 0x1b, 0x36, 0x49, 0xe4, 0x20, 0xca, 0xad, 0xa7, 0xc1, + 0xb1, 0x27, 0x65, 0x09, 0xf8, 0xcd, 0xf5, 0x5b, 0x2a, 0xd0, 0x84, 0x33, + 0xf3, 0xef, 0x1f, 0xf2, 0xf5, 0x9c, 0x0b, 0x58, 0x93, 0x37, 0xa0, 0x75, + 0xa0, 0xde, 0x72, 0xde, 0x6c, 0x75, 0x2a, 0x66, 0x22, 0xf5, 0x8c, 0x06, + 0x30, 0x56, 0x9f, 0x40, 0xb9, 0x30, 0xaa, 0x40, 0x77, 0x15, 0x82, 0xd7, + 0x8b, 0xec, 0xc0, 0xd3, 0xb2, 0xbd, 0x83, 0xc5, 0x77, 0x0c, 0x1e, 0xae, + 0xaf, 0x19, 0x53, 0xa0, 0x4d, 0x79, 0x71, 0x9f, 0x0f, 0xaf, 0x30, 0xce, + 0x67, 0xf9, 0xd6, 0x2c, 0xcc, 0x22, 0x41, 0x7a, 0x07, 0xf2, 0x97, 0x42, + 0x18, 0xce, 0x59, 0x79, 0x10, 0x55, 0xde, 0x6f, 0x10, 0xe4, 0xb8, 0xda, + 0x83, 0x66, 0x40, 0x16, 0x09, 0x68, 0x23, 0x5b, 0x97, 0x2e, 0x26, 0x9a, + 0x02, 0xbb, 0x57, 0x8c, 0xc5, 0xb8, 0xba, 0x69, 0x62, 0x32, 0x80, 0x89, + 0x9e, 0xa1, 0xfd, 0xc0, 0x92, 0x7c, 0x7b, 0x2b, 0x33, 0x19, 0x84, 0x2a, + 0x63, 0xc5, 0x00, 0x68, 0x62, 0xfa, 0x9f, 0x47, 0x8d, 0x99, 0x7a, 0x45, + 0x3a, 0xa7, 0xe9, 0xed, 0xee, 0x69, 0x42, 0xb5, 0xf3, 0x81, 0x9b, 0x47, + 0x56, 0x10, 0x7b, 0xfc, 0x70, 0x36, 0x84, 0x18, 0x73, 0xea, 0xef, 0xf9, + 0x97, 0x4d, 0x9e, 0x33, 0x23, 0xdd, 0x26, 0x0b, 0xba, 0x2a, 0xb7, 0x3f, + 0x44, 0xdc, 0x83, 0x27, 0xff, 0xbd, 0x61, 0x59, 0x2b, 0x11, 0xb7, 0xca, + 0x4f, 0xdb, 0xc5, 0x8b, 0x0c, 0x1c, 0x31, 0xae, 0x32, 0xf8, 0xf8, 0xb9, + 0x42, 0xf7, 0x7f, 0xdc, 0x61, 0x9a, 0x76, 0xb1, 0x5a, 0x04, 0xe1, 0x11, + 0x3d, 0x66, 0x45, 0xb7, 0x18, 0x71, 0xbe, 0xc9, 0x24, 0x85, 0xd6, 0xf3, + 0xd4, 0xba, 0x41, 0x34, 0x5d, 0x12, 0x2d, 0x25, 0xb9, 0x8d, 0xa6, 0x13, + 0x48, 0x6d, 0x4b, 0xb0, 0x07, 0x7d, 0x99, 0x93, 0x09, 0x61, 0x81, 0x74, + 0x57, 0x26, 0x8a, 0xab, 0x69, 0xe3, 0xe4, 0xd9, 0xc7, 0x88, 0xcc, 0x24, + 0xd8, 0xec, 0x52, 0x24, 0x5c, 0x1e, 0xbc, 0x91, 0x14, 0xe2, 0x96, 0xde, + 0xeb, 0x0a, 0xda, 0x9e, 0xdd, 0x5f, 0xb3, 0x5b, 0xdb, 0xd4, 0x82, 0xec, + 0xc6, 0x20, 0x50, 0x87, 0x25, 0x40, 0x3a, 0xfb, 0xc7, 0xee, 0xcd, 0xfe, + 0x33, 0xe5, 0x6e, 0xc3, 0x84, 0x09, 0x55, 0x03, 0x25, 0x39, 0xc0, 0xe9, + 0x35, 0x5d, 0x65, 0x31, 0xa8, 0xf6, 0xbf, 0xa0, 0x09, 0xcd, 0x29, 0xc7, + 0xb3, 0x36, 0x32, 0x2e, 0xdc, 0x95, 0xf3, 0x83, 0xc1, 0x5a, 0xcf, 0x8b, + 0x8d, 0xf6, 0xea, 0xb3, 0x21, 0xf8, 0xa4, 0xed, 0x1e, 0x31, 0x0e, 0xb6, + 0x4c, 0x11, 0xab, 0x60, 0x0b, 0xa4, 0x12, 0x23, 0x22, 0x17, 0xa3, 0x36, + 0x64, 0x82, 0x91, 0x04, 0x12, 0xe0, 0xab, 0x6f, 0x1e, 0xcb, 0x50, 0x05, + 0x61, 0xb4, 0x40, 0xff, 0x59, 0x86, 0x71, 0xd1, 0xd5, 0x33, 0x69, 0x7c, + 0xa9, 0x73, 0x8a, 0x38, 0xd7, 0x64, 0x0c, 0xf1, 0x69 +}; diff --git a/peloader/winstrings.h b/peloader/winstrings.h index 6f2b9f7..bf3f19b 100644 --- a/peloader/winstrings.h +++ b/peloader/winstrings.h @@ -3,5 +3,6 @@ size_t CountWideChars(void *wcharbuf); char * CreateAnsiFromWide(void *wcharbuf); +char *string_from_wchar(void *wcharbuf, size_t len); #endif -- cgit v1.2.3