Navigation

← Previous Changeset
Next Changeset →

Changeset 1330

Timestamp:

07/23/07 20:03:22 (1 year ago)

Author:

common

Message:

libemu

split the hooks in one file per dll, order by functions asc
new hooks on GetTickCount? & sendto for sqlslammer

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

libemu/trunk/include/emu/environment/win32/Makefile.am

r1246	r1330
7	7	include_HEADERS += emu_env_w32_dll_export_hooks.h
8	8	include_HEADERS += emu_env_w32_dll_export.h
	9	include_HEADERS += emu_env_w32_dll_export_kernel32_hooks.h
	10	include_HEADERS += emu_env_w32_dll_export_urlmon_hooks.h
	11	include_HEADERS += emu_env_w32_dll_export_ws2_32_hooks.h
9	12

libemu/trunk/include/emu/environment/win32/emu_env_w32_dll_export.h

r1324	r1330
44	44
45	45	struct emu_env_w32_dll_export *emu_env_w32_dll_export_new();
	46	void emu_env_w32_dll_export_copy(struct emu_env_w32_dll_export to, struct emu_env_w32_dll_export from);
46	47	void emu_env_w32_dll_export_free(struct emu_env_w32_dll_export *exp);
47		~~void emu_env_w32_dll_export_copy(struct emu_env_w32_dll_export to, struct emu_env_w32_dll_export from);~~
48
49		~~int32_t emu_env_w32_hook_GetProcAddress(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
50		~~int32_t emu_env_w32_hook_LoadLibrayA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
51		~~int32_t emu_env_w32_hook_WSAStartup(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
52		~~int32_t emu_env_w32_hook_WSASocketA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
53		~~int32_t emu_env_w32_hook_socket(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
54		~~int32_t emu_env_w32_hook_bind(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
55		~~int32_t emu_env_w32_hook_listen(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
56		~~int32_t emu_env_w32_hook_accept(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
57		~~int32_t emu_env_w32_hook_closesocket(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
58		~~int32_t emu_env_w32_hook_connect(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
59		~~int32_t emu_env_w32_hook_recv(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
60		~~int32_t emu_env_w32_hook_send(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
61		~~int32_t emu_env_w32_hook_CreateProcessA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
62		~~int32_t emu_env_w32_hook_WinExec(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
63		~~int32_t emu_env_w32_hook_WaitForSingleObject(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
64		~~int32_t emu_env_w32_hook_ExitProcess(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
65		~~int32_t emu_env_w32_hook_ExitThread(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
66
67		~~int32_t emu_env_w32_hook_CreateFileA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
68		~~int32_t emu_env_w32_hook_WriteFile(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
69		~~int32_t emu_env_w32_hook_CloseHandle(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
70		~~int32_t emu_env_w32_hook_DeleteFileA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
71
72		~~int32_t emu_env_w32_hook__lcreat(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
73		~~int32_t emu_env_w32_hook__hwrite(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
74		~~int32_t emu_env_w32_hook__lwrite(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
75		~~int32_t emu_env_w32_hook__lclose(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
76
77
78		~~int32_t emu_env_w32_hook_malloc(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
79		~~int32_t emu_env_w32_hook_memset(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
80		~~int32_t emu_env_w32_hook_fopen(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
81		~~int32_t emu_env_w32_hook_fwrite(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
82		~~int32_t emu_env_w32_hook_fclose(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
83
84		~~int32_t emu_env_w32_hook_URLDownloadToFileA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
85
86		~~int32_t emu_env_w32_hook_GetSystemDirectoryA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
87
88		~~int32_t emu_env_w32_hook_SetUnhandledExceptionFilter(struct emu_env_w32 env, struct emu_env_w32_dll_export ex);~~
89	48
90	49	extern struct emu_env_w32_dll_export kernel32_exports[];
…	…
94	53
95	54
96		~~#define HANDLE int32_t~~
97		~~#define DWORD uint32_t~~
98		~~#define WORD uint16_t~~
99
100		#define LPTSTR char *
101		#define LPBYTE char *
102
103		~~typedef struct _PROCESS_INFORMATION~~
104		{
105		~~HANDLE hProcess;~~
106		~~HANDLE hThread;~~
107		~~DWORD dwProcessId;~~
108		~~DWORD dwThreadId;~~
109		~~}PROCESS_INFORMATION, *LPPROCESS_INFORMATION;~~
110
111
112		~~typedef struct _STARTUPINFO {~~
113		~~DWORD cb;~~
114		~~LPTSTR lpReserved;~~
115		~~LPTSTR lpDesktop;~~
116		~~LPTSTR lpTitle;~~
117		~~DWORD dwX;~~
118		~~DWORD dwY;~~
119		~~DWORD dwXSize;~~
120		~~DWORD dwYSize;~~
121		~~DWORD dwXCountChars;~~
122		~~DWORD dwYCountChars;~~
123		~~DWORD dwFillAttribute;~~
124		~~DWORD dwFlags;~~
125		~~WORD wShowWindow;~~
126		~~WORD cbReserved2;~~
127		~~LPBYTE lpReserved2;~~
128		~~HANDLE hStdInput;~~
129		~~HANDLE hStdOutput;~~
130		~~HANDLE hStdError;~~
131		~~} STARTUPINFO,~~
132		*LPSTARTUPINFO;
133	55	#endif

libemu/trunk/include/emu/environment/win32/emu_env_w32_dll_export_hooks.h

r1324	r1330
31	31	#include <emu/emu.h>
32	32	#include <emu/environment/win32/emu_env_w32_dll_export.h>
	33	#include <emu/environment/win32/emu_env_w32_dll_export_kernel32_hooks.h>
	34	#include <emu/environment/win32/emu_env_w32_dll_export_urlmon_hooks.h>
	35	#include <emu/environment/win32/emu_env_w32_dll_export_ws2_32_hooks.h>
33	36
34	37
…	…
500	503	{"GetThreadSelectorEntry", 0x0005A1E8, NULL},
501	504	{"GetThreadTimes", 0x00062C9C, NULL},
502		{"GetTickCount", 0x0000929C, ~~NULL~~},
	505	{"GetTickCount", 0x0000929C, emu_env_w32_hook_GetTickCount},
503	506	{"GetTimeFormatA", 0x0003632D, NULL},
504	507	{"GetTimeFormatW", 0x00033FD3, NULL},
…	…
1008	1011	{"select", 0x00002DC0, NULL},
1009	1012	{"send", 0x0000428A, emu_env_w32_hook_send},
1010		{"sendto", 0x00002C69, ~~NULL~~},
	1013	{"sendto", 0x00002C69, emu_env_w32_hook_sendto},
1011	1014	{"setsockopt", 0x00003EA1, NULL},
1012	1015	{"shutdown", 0x00010BDE, NULL},

libemu/trunk/src/environment/win32/emu_env_w32_dll_export.c

r1324	r1330
37	37
38	38	#include <sys/types.h>
	39	#include <sys/wait.h>
39	40	#include <unistd.h>
40	41
…	…
70	71	}
71	72
72		~~int32_t emu_env_w32_hook_GetProcAddress(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
73		{
74		~~printf("Hook me Captain Cook!\n");~~
75		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
76	73
77		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
78
79		~~uint32_t eip_save;~~
80		~~POP_DWORD(c, &eip_save);~~
81
82		/*
83		~~FARPROC WINAPI GetProcAddress(~~
84		~~HMODULE hModule,~~
85		~~LPCSTR lpProcName~~
86		);
87		*/
88
89
90		~~uint32_t module;// = emu_cpu_reg32_get(c, esp);~~
91		~~POP_DWORD(c, &module);~~
92
93		~~printf("module ptr is %08x\n", module);~~
94
95		~~uint32_t p_procname;~~
96		~~POP_DWORD(c, &p_procname);~~
97
98		~~struct emu_string *procname = emu_string_new();~~
99		~~struct emu_memory *mem = emu_memory_get(env->emu);~~
100		~~emu_memory_read_string(mem, p_procname, procname, 256);~~
101
102
103		~~printf("procname name is '%s'\n", emu_string_char(procname));~~
104
105		~~int i;~~
106		~~for ( i=0; env->loaded_dlls[i] != NULL; i++ )~~
107		{
108		~~if ( env->loaded_dlls[i]->baseaddr == module )~~
109		{
110		~~printf("dll is %s %08x %08x \n", env->loaded_dlls[i]->dllname, module, env->loaded_dlls[i]->baseaddr);~~
111
112		~~struct emu_env_w32_dll *dll = env->loaded_dlls[i];~~
113		~~struct emu_hashtable_item ehi = emu_hashtable_search(dll->exports_by_fnname, (void )emu_string_char(procname));~~
114
115		~~struct emu_env_w32_dll_export ex = (struct emu_env_w32_dll_export )ehi->value;~~
116
117		~~if ( ehi == NULL )~~
118		{
119		~~break;~~
120		}
121		~~else~~
122		{
123		~~printf("found %s at addr %08x\n",emu_string_char(procname), dll->baseaddr + ex->virtualaddr );~~
124		~~emu_cpu_reg32_set(c, eax, dll->baseaddr + ex->virtualaddr);~~
125		~~break;~~
126		}
127		}
128		}
129
130		~~emu_string_free(procname);~~
131
132
133		~~emu_cpu_eip_set(c, eip_save);~~
134		~~return 0;~~
135		}
136
137
138
139
140		~~int32_t emu_env_w32_hook_LoadLibrayA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
141		{
142		~~printf("Hook me Captain Cook!\n");~~
143		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
144		~~/* HMODULE WINAPI LoadLibrary(LPCTSTR lpFileName); */~~
145
146		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
147
148		~~uint32_t eip_save;~~
149		~~POP_DWORD(c, &eip_save);~~
150
151		~~uint32_t dllname_ptr;// = emu_cpu_reg32_get(c, esp);~~
152
153		~~POP_DWORD(c, &dllname_ptr);~~
154
155		~~struct emu_string *dllstr = emu_string_new();~~
156		~~struct emu_memory *mem = emu_memory_get(env->emu);~~
157		~~emu_memory_read_string(mem, dllname_ptr, dllstr, 256);~~
158
159		~~char *dllname = emu_string_char(dllstr);~~
160
161		~~int i;~~
162		~~int found_dll = 0;~~
163		~~for (i=0; env->loaded_dlls[i] != NULL; i++)~~
164		{
165		~~if (strncasecmp(env->loaded_dlls[i]->dllname, dllname, strlen(env->loaded_dlls[i]->dllname)) == 0)~~
166		{
167		~~printf("found dll %s, baseaddr is %08x \n",env->loaded_dlls[i]->dllname,env->loaded_dlls[i]->baseaddr);~~
168		~~emu_cpu_reg32_set(c, eax, env->loaded_dlls[i]->baseaddr);~~
169		~~found_dll = 1;~~
170		}
171		}
172
173		~~if (found_dll == 0)~~
174		{
175		~~if (emu_env_w32_load_dll(env, dllname) == 0)~~
176		{
177		~~emu_cpu_reg32_set(c, eax, env->loaded_dlls[i]->baseaddr);~~
178		}
179		~~else~~
180		{
181		~~printf("error could not find %s\n", dllname);~~
182		~~emu_cpu_reg32_set(c, eax, 0x4711);~~
183		}
184		}
185
186		~~emu_string_free(dllstr);~~
187
188		~~emu_cpu_eip_set(c, eip_save);~~
189		~~return 0;~~
190		}
191
192		~~int32_t emu_env_w32_hook_WSAStartup(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
193		{
194		~~printf("Hook me Captain Cook!\n");~~
195		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
196
197		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
198
199		~~uint32_t eip_save;~~
200
201		~~POP_DWORD(c, &eip_save);~~
202
203		/*
204		~~int WSAStartup(~~
205		~~WORD wVersionRequested,~~
206		~~LPWSADATA lpWSAData~~
207		);
208		*/
209
210		~~uint32_t wsaversionreq;~~
211		~~POP_DWORD(c, &wsaversionreq);~~
212		~~printf("WSAStartup version %x\n", wsaversionreq);~~
213
214		~~uint32_t wsadata;~~
215		~~POP_DWORD(c, &wsadata);~~
216
217
218		~~emu_cpu_reg32_set(c, eax, 0x0);~~
219
220		~~emu_cpu_eip_set(c, eip_save);~~
221		~~return 0;~~
222		}
223
224
225
226		~~int32_t emu_env_w32_hook_WSASocketA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
227		{
228		~~printf("Hook me Captain Cook!\n");~~
229		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
230
231		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
232
233		~~uint32_t eip_save;~~
234
235		~~POP_DWORD(c, &eip_save);~~
236
237
238		~~/* SOCKET WSASocket(~~
239		~~int af,~~
240		~~int type,~~
241		~~int protocol,~~
242		~~LPWSAPROTOCOL_INFO lpProtocolInfo,~~
243		~~GROUP g,~~
244		~~DWORD dwFlags~~
245		~~); */~~
246
247		~~uint32_t af;~~
248		~~POP_DWORD(c, &af);~~
249
250		~~uint32_t type;~~
251		~~POP_DWORD(c, &type);~~
252
253		~~uint32_t protocol;~~
254		~~POP_DWORD(c, &protocol);~~
255
256		~~uint32_t protocolinfo;~~
257		~~POP_DWORD(c, &protocolinfo);~~
258
259		~~uint32_t group;~~
260		~~POP_DWORD(c, &group);~~
261
262		~~uint32_t flags;~~
263		~~POP_DWORD(c, &flags);~~
264
265		~~int s = socket(af, type, protocol);~~
266		~~printf("socket %i \n", s);~~
267		~~emu_cpu_reg32_set(c, eax, s);~~
268
269		~~emu_cpu_eip_set(c, eip_save);~~
270		~~return 0;~~
271		}
272
273
274		~~int32_t emu_env_w32_hook_socket(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
275		{
276		~~printf("Hook me Captain Cook!\n");~~
277		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
278
279		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
280
281		~~uint32_t eip_save;~~
282
283		~~POP_DWORD(c, &eip_save);~~
284		/*
285		~~SOCKET WSAAPI socket(~~
286		~~int af,~~
287		~~int type,~~
288		~~int protocol~~
289		);
290		*/
291
292		~~uint32_t af;~~
293		~~POP_DWORD(c, &af);~~
294
295		~~uint32_t type;~~
296		~~POP_DWORD(c, &type);~~
297
298		~~uint32_t protocol;~~
299		~~POP_DWORD(c, &protocol);~~
300
301		~~int s = socket(af, type, protocol);~~
302		~~printf("socket %i \n", s);~~
303		~~emu_cpu_reg32_set(c, eax, s);~~
304
305		~~emu_cpu_eip_set(c, eip_save);~~
306		~~return 0;~~
307		}
308
309
310		~~int32_t emu_env_w32_hook_bind(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
311		{
312		~~printf("Hook me Captain Cook!\n");~~
313		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
314
315		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
316
317		~~uint32_t eip_save;~~
318
319		~~POP_DWORD(c, &eip_save);~~
320
321
322		~~/*int bind(~~
323		~~SOCKET s,~~
324		~~const struct sockaddr* name,~~
325		~~int namelen~~
326		~~); */~~
327
328		~~uint32_t s;~~
329		~~POP_DWORD(c, &s);~~
330
331		~~uint32_t name;~~
332		~~POP_DWORD(c, &name);~~
333
334		~~uint32_t namelen;~~
335		~~POP_DWORD(c, &namelen);~~
336
337
338
339		~~struct sockaddr sa;~~
340		~~emu_memory_read_block(emu_memory_get(env->emu), name, &sa, sizeof(struct sockaddr));~~
341		~~printf("host %s port %i\n",~~
342		~~inet_ntoa((struct in_addr )&((struct sockaddr_in *)&sa)->sin_addr),~~
343		~~ntohs(((struct sockaddr_in *)&sa)->sin_port));~~
344
345		~~int retval = bind(s, &sa, sizeof(struct sockaddr));~~
346		~~emu_cpu_reg32_set(c, eax, retval);~~
347
348		~~emu_cpu_eip_set(c, eip_save);~~
349		~~return 0;~~
350		}
351
352		~~int32_t emu_env_w32_hook_listen(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
353		{
354		~~printf("Hook me Captain Cook!\n");~~
355		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
356
357		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
358
359		~~uint32_t eip_save;~~
360
361		~~POP_DWORD(c, &eip_save);~~
362
363		~~/*int listen(~~
364		~~SOCKET s,~~
365		~~int backlog~~
366		);
367		*/
368
369		~~uint32_t s;~~
370		~~POP_DWORD(c, &s);~~
371
372		~~uint32_t backlog;~~
373		~~POP_DWORD(c, &backlog);~~
374
375		~~int retval = listen(s, backlog);~~
376		~~emu_cpu_reg32_set(c, eax, retval);~~
377
378		~~emu_cpu_eip_set(c, eip_save);~~
379		~~return 0;~~
380		}
381
382		~~int32_t emu_env_w32_hook_accept(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
383		{
384		~~printf("Hook me Captain Cook!\n");~~
385		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
386
387		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
388
389		~~uint32_t eip_save;~~
390
391		~~POP_DWORD(c, &eip_save);~~
392
393		~~/*SOCKET accept(~~
394		~~SOCKET s,~~
395		~~struct sockaddr* addr,~~
396		~~int* addrlen~~
397		~~);*/~~
398
399		~~uint32_t s;~~
400		~~POP_DWORD(c, &s);~~
401
402		~~uint32_t addr;~~
403		~~POP_DWORD(c, &addr);~~
404
405		~~uint32_t addrlen;~~
406		~~POP_DWORD(c, &addrlen);~~
407
408		~~struct sockaddr sa;~~
409		~~socklen_t sasize = sizeof(struct sockaddr);~~
410		~~int a = accept(s, &sa, &sasize);~~
411		~~printf("accept %i \n", a);~~
412		~~emu_cpu_reg32_set(c, eax, a);~~
413
414		~~emu_cpu_eip_set(c, eip_save);~~
415		~~return 0;~~
416		}
417
418		~~int32_t emu_env_w32_hook_closesocket(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
419		{
420		~~printf("Hook me Captain Cook!\n");~~
421		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
422
423		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
424
425		~~uint32_t eip_save;~~
426
427		~~POP_DWORD(c, &eip_save);~~
428		/*
429		~~int closesocket(~~
430		~~SOCKET s~~
431		);
432		*/
433		~~uint32_t s;~~
434		~~POP_DWORD(c, &s);~~
435
436		~~close((int)s);~~
437
438		~~emu_cpu_reg32_set(c, eax, 0);~~
439
440		~~emu_cpu_eip_set(c, eip_save);~~
441		~~return 0;~~
442		}
443
444
445
446		~~int32_t emu_env_w32_hook_connect(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
447		{
448		~~printf("Hook me Captain Cook!\n");~~
449		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
450
451		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
452
453		~~uint32_t eip_save;~~
454
455		~~POP_DWORD(c, &eip_save);~~
456		/*
457		~~int connect(~~
458		~~SOCKET s,~~
459		~~const struct sockaddr* name,~~
460		~~int namelen~~
461		)
462		*/
463		~~uint32_t s;~~
464		~~POP_DWORD(c, &s);~~
465
466		~~uint32_t name;~~
467		~~POP_DWORD(c, &name);~~
468
469		~~uint32_t namelen;~~
470		~~POP_DWORD(c, &namelen);~~
471
472		~~struct sockaddr sa;~~
473		~~emu_memory_read_block(emu_memory_get(env->emu), name, &sa, sizeof(struct sockaddr));~~
474		~~printf("host %s port %i\n",~~
475		~~inet_ntoa((struct in_addr )&((struct sockaddr_in *)&sa)->sin_addr),~~
476		~~ntohs(((struct sockaddr_in *)&sa)->sin_port));~~
477
478		~~struct sockaddr_in si;~~
479		~~si.sin_port = htons(4444);~~
480		~~si.sin_family = AF_INET;~~
481		~~si.sin_addr.s_addr = inet_addr("127.0.0.1");~~
482
483		~~int retval = connect(s, (struct sockaddr *)&si, sizeof(struct sockaddr_in));~~
484		~~emu_cpu_reg32_set(c, eax, retval);~~
485
486		~~emu_cpu_eip_set(c, eip_save);~~
487		~~return 0;~~
488		}
489
490
491		~~int32_t emu_env_w32_hook_recv(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
492		{
493		~~printf("Hook me Captain Cook!\n");~~
494		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
495
496		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
497
498		~~uint32_t eip_save;~~
499
500		~~POP_DWORD(c, &eip_save);~~
501		/*
502		~~int recv(~~
503		~~SOCKET s,~~
504		~~char* buf,~~
505		~~int len,~~
506		~~int flags~~
507		);
508		*/
509		~~uint32_t s;~~
510		~~POP_DWORD(c, &s);~~
511
512		~~uint32_t buf;~~
513		~~POP_DWORD(c, &buf);~~
514
515		~~uint32_t len;~~
516		~~POP_DWORD(c, &len);~~
517
518		~~uint32_t flags;~~
519		~~POP_DWORD(c, &flags);~~
520
521		~~uint32_t xlen = len;~~
522		~~char buffer = (char )malloc(len);~~
523		~~len = recv(s, buffer, len, flags);~~
524		~~printf("recv(%i, 0x%08x, %i) == %i \n", s, buf, xlen, (int32_t)len);~~
525		~~if ((int32_t)len > 0)~~
526		~~emu_memory_write_block(emu_memory_get(env->emu), buf, buffer, len);~~
527		~~free(buffer);~~
528
529
530		~~emu_cpu_reg32_set(c, eax, len);~~
531
532		~~emu_cpu_eip_set(c, eip_save);~~
533		~~return 0;~~
534		}
535
536
537		~~int32_t emu_env_w32_hook_send(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
538		{
539		~~printf("Hook me Captain Cook!\n");~~
540		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
541
542		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
543
544		~~uint32_t eip_save;~~
545
546		~~POP_DWORD(c, &eip_save);~~
547		/*
548		~~int send(~~
549		~~SOCKET s,~~
550		~~const char* buf,~~
551		~~int len,~~
552		~~int flags~~
553		);
554		*/
555		~~uint32_t s;~~
556		~~POP_DWORD(c, &s);~~
557
558		~~uint32_t buf;~~
559		~~POP_DWORD(c, &buf);~~
560
561		~~uint32_t len;~~
562		~~POP_DWORD(c, &len);~~
563
564		~~uint32_t flags;~~
565		~~POP_DWORD(c, &flags);~~
566
567		~~char buffer = (char )malloc(len);~~
568		~~printf("send(%i, 0x%08x, %i, %i)\n", s, buf, len, flags);~~
569		~~emu_memory_read_block(emu_memory_get(env->emu), buf, buffer, len);~~
570		~~int retval = send(s, buffer, len, flags);~~
571		~~printf("send %i (of %i) bytes\n", retval, len);~~
572		~~emu_cpu_reg32_set(c, eax, retval);~~
573		~~free(buffer);~~
574
575		~~printf("eip_save is %08x\n", eip_save);~~
576		~~emu_cpu_eip_set(c, eip_save);~~
577		~~return 0;~~
578		}
579
580
581
582		~~int32_t emu_env_w32_hook_CreateProcessA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
583		{
584		~~printf("Hook me Captain Cook!\n");~~
585		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
586
587		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
588
589		~~uint32_t eip_save;~~
590
591		~~POP_DWORD(c, &eip_save);~~
592
593		~~/*BOOL CreateProcess(~~
594		~~LPCWSTR pszImageName,~~
595		~~LPCWSTR pszCmdLine,~~
596		~~LPSECURITY_ATTRIBUTES psaProcess,~~
597		~~LPSECURITY_ATTRIBUTES psaThread,~~
598		~~BOOL fInheritHandles,~~
599		~~DWORD fdwCreate,~~
600		~~LPVOID pvEnvironment,~~
601		~~LPWSTR pszCurDir,~~
602		~~LPSTARTUPINFOW psiStartInfo,~~
603		~~LPPROCESS_INFORMATION pProcInfo~~
604		~~);*/~~
605
606		~~uint32_t imagename;~~
607		~~POP_DWORD(c, &imagename);~~
608
609		~~uint32_t cmdline;~~
610		~~POP_DWORD(c, &cmdline);~~
611
612		~~uint32_t process;~~
613		~~POP_DWORD(c, &process);~~
614
615		~~uint32_t thread;~~
616		~~POP_DWORD(c, &thread);~~
617
618		~~uint32_t inherithandles;~~
619		~~POP_DWORD(c, &inherithandles);~~
620
621		~~uint32_t create;~~
622		~~POP_DWORD(c, &create);~~
623
624		~~uint32_t environment;~~
625		~~POP_DWORD(c, &environment);~~
626
627		~~uint32_t cwd;~~
628		~~POP_DWORD(c, &cwd);~~
629
630		~~uint32_t p_startinfo;~~
631		~~POP_DWORD(c, &p_startinfo);~~
632
633		~~uint32_t p_procinfo;~~
634		~~POP_DWORD(c, &p_procinfo);~~
635
636
637		~~printf("CreateProcessA \n");~~
638		~~emu_cpu_reg32_set(c, eax, 0);~~
639
640		~~struct emu_memory *m = emu_memory_get(env->emu);~~
641		~~PROCESS_INFORMATION *pi = malloc(sizeof(PROCESS_INFORMATION));~~
642		~~emu_memory_read_block(m, p_procinfo, pi, sizeof(PROCESS_INFORMATION));~~
643
644		~~STARTUPINFO *si = malloc(sizeof(STARTUPINFO));~~
645		~~emu_memory_read_block(m, p_startinfo, si, sizeof(STARTUPINFO));~~
646
647		~~fflush(NULL);~~
648
649		~~// the code is meant to be an example how one could do it~~
650		~~#if 0~~
651
652
653		~~pid_t pid;~~
654		~~if ((pid = fork()) == 0)~~
655		~~{ // child~~
656
657		~~#ifdef UNDEFINED_PROXY_SHELL~~
658
659
660		~~int remote_socket = si->hStdInput;~~
661		~~int shell_socket = socket(AF_INET, SOCK_STREAM, 0);~~
662
663		~~struct sockaddr_in soai;~~
664		~~soai.sin_family=AF_INET;~~
665		~~soai.sin_port=htons(atoi("1234"));~~
666		~~soai.sin_addr.s_addr=inet_addr("127.0.0.1");~~
667		~~memset(&soai.sin_zero, 0, sizeof(soai.sin_zero));~~
668
669		~~if ( connect(shell_socket, (struct sockaddr*)&soai, sizeof(soai)) < 0 )~~
670		{
671		~~perror("connect error");~~
672		}
673
674		~~#define MAX(a,b) (((a)>(b))?(a):(b))~~
675
676		~~while (1)~~
677		{
678		~~struct timeval timeout = {1,0};~~
679		~~fd_set r_fds;~~
680		~~FD_ZERO(&r_fds);~~
681		~~FD_SET(shell_socket, &r_fds);~~
682		~~FD_SET(remote_socket, &r_fds);~~
683
684		~~int r_sockets = select(MAX(shell_socket, remote_socket)+1, &r_fds, NULL, NULL, &timeout);~~
685
686		~~if (r_sockets != 0)~~
687		{
688		~~int from;~~
689		~~int to;~~
690		~~from = to = shell_socket;~~
691		~~if (FD_ISSET(shell_socket,&r_fds))~~
692		~~to = remote_socket;~~
693		~~else~~
694		~~if (FD_ISSET(remote_socket,&r_fds))~~
695		~~from = remote_socket;~~
696
697		~~char rxbuffer[256];~~
698		~~int rxsize;~~
699		~~rxsize = recv(from, rxbuffer, 256, 0);~~
700		~~if (rxsize <= 0)~~
701		{
702		~~exit(EXIT_SUCCESS);~~
703		}
704		~~send(to, rxbuffer, rxsize, 0);~~
705		}
706		}
707		~~#endif~~
708
709		~~#ifdef UNDEFINED_REAL_SHELL~~
710		~~dup2(si->hStdInput, fileno(stdin));~~
711		~~dup2(si->hStdOutput, fileno(stdout));~~
712		~~dup2(si->hStdError, fileno(stderr));~~
713
714		~~system("/tmp/cmd/cmdexe.pl -p winxp -l /tmp/cmd");~~
715		~~exit(EXIT_SUCCESS);~~
716		~~#endif~~
717		~~}else~~
718		~~{ // parent~~
719		~~pi->hThread = pid;~~
720		}
721
722		~~#endif // 0~~
723
724		~~emu_cpu_eip_set(c, eip_save);~~
725		~~return 0;~~
726		}
727
728
729		~~int32_t emu_env_w32_hook_WinExec(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
730		{
731		~~printf("Hook me Captain Cook!\n");~~
732		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
733
734		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
735
736		~~uint32_t eip_save;~~
737
738		~~POP_DWORD(c, &eip_save);~~
739
740		/*
741		~~UINT WINAPI WinExec(~~
742		~~LPCSTR lpCmdLine,~~
743		~~UINT uCmdShow~~
744		);
745		*/
746
747		~~uint32_t cmdline_ptr;~~
748		~~POP_DWORD(c, &cmdline_ptr);~~
749
750		~~uint32_t show;~~
751		~~POP_DWORD(c, &show);~~
752
753
754		~~struct emu_string *cmdstr = emu_string_new();~~
755		~~emu_memory_read_string(emu_memory_get(env->emu), cmdline_ptr, cmdstr, 256);~~
756		~~printf("WinExec %s\n", emu_string_char(cmdstr));~~
757		~~emu_string_free(cmdstr);~~
758
759		~~emu_cpu_reg32_set(c, eax, 32);~~
760
761		~~emu_cpu_eip_set(c, eip_save);~~
762		~~return 0;~~
763		}
764		~~#include <sys/types.h>~~
765		~~#include <sys/wait.h>~~
766
767
768
769		~~int32_t emu_env_w32_hook_WaitForSingleObject(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
770		{
771		~~printf("Hook me Captain Cook!\n");~~
772		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
773
774		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
775
776		~~uint32_t eip_save;~~
777
778		~~POP_DWORD(c, &eip_save);~~
779
780		/*
781		~~DWORD WINAPI WaitForSingleObject(~~
782		~~HANDLE hHandle,~~
783		~~DWORD dwMilliseconds~~
784		);
785		*/
786
787		~~uint32_t handle;~~
788		~~POP_DWORD(c, &handle);~~
789
790		~~uint32_t msecs;~~
791		~~POP_DWORD(c, &msecs);~~
792
793		~~#if 0~~
794		~~// the code is meant to be an example how one could do it~~
795		~~int status, options = 0;~~
796		~~waitpid(handle, &status, options);~~
797		~~#endif~~
798
799		~~emu_cpu_reg32_set(c, eax, 32);~~
800
801		~~emu_cpu_eip_set(c, eip_save);~~
802		~~return 0;~~
803		}
804
805
806		~~int32_t emu_env_w32_hook_ExitProcess(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
807		{
808		~~printf("Hook me Captain Cook!\n");~~
809		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
810
811		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
812
813		~~uint32_t eip_save;~~
814
815		~~POP_DWORD(c, &eip_save);~~
816
817		/*
818		~~VOID WINAPI ExitProcess(~~
819		~~UINT uExitCode~~
820		);
821		*/
822
823		~~uint32_t exitcode;~~
824		~~POP_DWORD(c, &exitcode);~~
825
826
827		~~emu_cpu_eip_set(c, eip_save);~~
828		~~return 0;~~
829		}
830
831		~~int32_t emu_env_w32_hook_ExitThread(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
832		{
833		~~printf("Hook me Captain Cook!\n");~~
834		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
835
836		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
837
838		~~uint32_t eip_save;~~
839
840		~~POP_DWORD(c, &eip_save);~~
841
842		/*
843		~~VOID ExitThread(~~
844		~~DWORD dwExitCode~~
845		);
846		*/
847
848		~~uint32_t exitcode;~~
849		~~POP_DWORD(c, &exitcode);~~
850
851
852		~~emu_cpu_eip_set(c, eip_save);~~
853		~~return 0;~~
854		}
855
856
857		~~int32_t emu_env_w32_hook_CreateFileA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
858		{
859		~~printf("Hook me Captain Cook!\n");~~
860		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
861
862		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
863
864		~~uint32_t eip_save;~~
865
866		~~POP_DWORD(c, &eip_save);~~
867
868		/*
869		~~HANDLE CreateFile(~~
870		~~LPCTSTR lpFileName,~~
871		~~DWORD dwDesiredAccess,~~
872		~~DWORD dwShareMode,~~
873		~~LPSECURITY_ATTRIBUTES lpSecurityAttributes,~~
874		~~DWORD dwCreationDisposition,~~
875		~~DWORD dwFlagsAndAttributes,~~
876		~~HANDLE hTemplateFile~~
877		);
878		*/
879
880		~~uint32_t filename;~~
881		~~POP_DWORD(c, &filename);~~
882
883		~~uint32_t desiredaccess;~~
884		~~POP_DWORD(c, &desiredaccess);~~
885
886		~~uint32_t sharemode;~~
887		~~POP_DWORD(c, &sharemode);~~
888
889		~~uint32_t securityattr;~~
890		~~POP_DWORD(c, &securityattr);~~
891
892		~~uint32_t createdisp;~~
893		~~POP_DWORD(c, &createdisp);~~
894
895		~~uint32_t flagsandattr;~~
896		~~POP_DWORD(c, &flagsandattr);~~
897
898		~~uint32_t templatefile;~~
899		~~POP_DWORD(c, &templatefile);~~
900
901		~~emu_cpu_eip_set(c, eip_save);~~
902		~~return 0;~~
903		}
904
905
906		~~int32_t emu_env_w32_hook_CloseHandle(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
907		{
908		~~printf("Hook me Captain Cook!\n");~~
909		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
910
911		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
912
913		~~uint32_t eip_save;~~
914
915		~~POP_DWORD(c, &eip_save);~~
916
917		/*
918		~~BOOL CloseHandle(~~
919		~~HANDLE hObject~~
920		);
921		);
922		*/
923
924		~~uint32_t object;~~
925		~~POP_DWORD(c, &object);~~
926
927		~~emu_cpu_eip_set(c, eip_save);~~
928		~~return 0;~~
929		}
930
931		~~int32_t emu_env_w32_hook_WriteFile(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
932		{
933		~~printf("Hook me Captain Cook!\n");~~
934		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
935
936		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
937
938		~~uint32_t eip_save;~~
939
940		~~POP_DWORD(c, &eip_save);~~
941
942		/*
943		~~BOOL WriteFile(~~
944		~~HANDLE hFile,~~
945		~~LPCVOID lpBuffer,~~
946		~~DWORD nNumberOfBytesToWrite,~~
947		~~LPDWORD lpNumberOfBytesWritten,~~
948		~~LPOVERLAPPED lpOverlapped~~
949		);
950		*/
951		~~uint32_t file;~~
952		~~POP_DWORD(c, &file);~~
953
954		~~uint32_t buffer;~~
955		~~POP_DWORD(c, &buffer);~~
956
957		~~uint32_t bytestowrite;~~
958		~~POP_DWORD(c, &bytestowrite);~~
959
960		~~uint32_t byteswritten;~~
961		~~POP_DWORD(c, &byteswritten);~~
962
963		~~uint32_t overlapped;~~
964		~~POP_DWORD(c, &overlapped);~~
965
966		~~emu_memory_write_dword(emu_memory_get(env->emu), byteswritten, bytestowrite);~~
967
968		~~emu_cpu_reg32_set(c, eax, 32);~~
969
970		~~emu_cpu_eip_set(c, eip_save);~~
971		~~return 0;~~
972		}
973
974
975
976
977		~~int32_t emu_env_w32_hook_DeleteFileA(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
978		{
979		~~printf("Hook me Captain Cook!\n");~~
980		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
981
982		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
983
984		~~uint32_t eip_save;~~
985
986		~~POP_DWORD(c, &eip_save);~~
987
988		/*
989		~~BOOL DeleteFile(~~
990		~~LPCTSTR lpFileName~~
991		);
992
993		*/
994		~~uint32_t filename;~~
995		~~POP_DWORD(c, &filename);~~
996
997		~~emu_cpu_eip_set(c, eip_save);~~
998		~~return 0;~~
999		}
1000
1001		~~int32_t emu_env_w32_hook__lcreat(struct emu_env_w32 env, struct emu_env_w32_dll_export ex)~~
1002		{
1003		~~printf("Hook me Captain Cook!\n");~~
1004		~~printf("%s:%i %s\n",__FILE__,__LINE__,__FUNCTION__);~~
1005
1006		~~struct emu_cpu *c = emu_cpu_get(env->emu);~~
1007
1008		~~uint32_t eip_save;~~
1009
1010		~~POP_DWORD(c, &eip_save);~~
1011
1012		/*
1013		~~LONG _lcreat(~~
1014		~~LPCSTR lpszFileName,~~
1015		~~&nb~~