plugapi.h

Cracker终结者——提供最优秀的软件保护技术

typedef struct {
	DWORD	PlugVersion;

	// Function Export!

//---------------------------------------------
	// Hook 
	VOID	(__stdcall*hook)( PPHOOKER hHook, PVOID hookproc, BYTE priority );
	VOID	(__stdcall*unhook)( PPHOOKER hHook, PVOID hookproc );
	VOID	(__stdcall*unhookall)( PPHOOKER hHook );
	BOOL	(__cdecl *Call_Hookproc)( PPHOOKER hHook, ... );
	BOOL	(__stdcall*Call_Hookproc0)( PPHOOKER hHook );
	VOID	(__cdecl *Broadcast_Hookproc)( PPHOOKER hHook, ... );
	VOID	(__stdcall*Broadcast_Hookproc0)( PPHOOKER hHook );

//---------------------------------------------
	// String
	int		(__stdcall*strlen)(char *str);
	int		(__stdcall*stricmp)(PSTR dst,PSTR src);
	PSTR	(__stdcall*strcat)( PSTR p1,PSTR p2);
	PSTR	(__stdcall*strcpy)( PSTR p1,PSTR p2);
	int		(__stdcall*memcmp)( PVOID buf1, PVOID buf2, size_t count );
	int		(__stdcall*strcmp)( PSTR p1,PSTR p2);
	PSTR	(__stdcall*strchr)( PSTR p1,CHAR c);
	PSTR	(__stdcall*strrchr)( PSTR p1,CHAR c);
	PSTR	(__stdcall*strstr)( PSTR p1,PSTR p2);
	PVOID	(__stdcall*memset)	( PVOID p1,char c,size_t i);
	PVOID	(__stdcall*memcpy)( PVOID p1,PVOID p2,size_t n);
	BOOL	(__stdcall*strcmp_wild)(PSTR s,PSTR wild); // return FALSE if string coin
	int		(__stdcall*memicmp)(PVOID first,PVOID last,size_t count);
	PSTR	(__stdcall*strncpy)(PSTR p1,PSTR p2,size_t n);
	PSTR	(__stdcall*strupr)( PSTR p1 );
	PSTR	(__stdcall*new_STRING)(PSTR p);	
	
	DWORD	(__cdecl *vsprintf)( PSTR Buf, PSTR Format, va_list ap );
	DWORD	(__cdecl *sprintf)( PSTR Buf, PSTR Format, ... );

//---------------------------------------------
	// Momory
	void*	(_stdcall*malloc)(size_t s);
	void	(_stdcall*free)(void* p);
	void*	(_stdcall*realloc)(void* p,size_t s);

//---------------------------------------------
	// Symbol
	PPHOOKER	hh_get_module_area;
	//  BOOL hookproc(ADDRE addr, PSTR* area ),

	PPHOOKER	hh_symbol_to_address;	
	//  BOOL hookproc(PSTR Sym, ADDRE *paddr)

	PPHOOKER	hh_Addr_to_symbol;
	//	BOOL hookproc(ADDRE addr,PSTR *sym,DWORD *limit)
	//*limit is the input limit, do not set it unlese you find a symbol
	//return TRUE only if you get it exactly, with *limit=0

	PSTR	(__stdcall*AddressToSymbol)( IN PADDRE addr );
	PSTR	(__stdcall*GetSymbol)( IN PADDRE addr, DWORD Limit );
	PSTR	(__stdcall*GetSymbolArea)( IN PADDRE addr );
	BOOL	(__stdcall*SymbolToAddress)(IN PSTR buffer,OUT PADDRE paddr );

//---------------------------------------------
	// Command
	VOID	(__stdcall*Add_Command)( PSTR command, 
							PSTR Help_1,
							PSTR Help_2,
							PSTR Example, 
                            BOOL(_stdcall* h)(int argc,PSTR* argv) );
	VOID	(__stdcall*Remove_Command)( PSTR command );

	DWORD	(__stdcall*Reload_Command)( PSTR cmdstr, 
							BOOL(_stdcall* h)(int argc,PSTR* argv) );
	BOOL	(__stdcall*Run_Command)( PSTR buffer );
	VOID	(__stdcall*Get_Command_Help)( PSTR InputBuf, PSTR OutputBuf );
	PSTR	(__stdcall*Get_Related_Command)( PSTR InputBuf );
	PSTR	(__stdcall*GetInputcmdLine)();
	
//---------------------------------------------
	// INI file
	BOOL	(__stdcall*ini_STR)		(IN PSTR szKey,OUT PSTR *ret );
	BOOL	(__stdcall*ini_BOOL)	(IN PSTR szKey,OUT BOOL *ret );
	BOOL	(__stdcall*ini_DEC)		(IN PSTR szKey,OUT DWORD *ret );
	BOOL	(__stdcall*ini_DWORD)	(IN PSTR szKey,OUT DWORD *ret );
	void	(__stdcall*ini_ForEach)	(IN PSTR szKey,OUT PVOID func);

//---------------------------------------------
	// Ring0 File IO
	HANDLE	(__stdcall*fopen)(PSTR pfilename,DWORD mode);
	VOID	(__stdcall*fclose)(HANDLE h);
	DWORD	(__stdcall*fseek)(HANDLE h,DWORD pos);
	DWORD	(__stdcall*fwrite)(HANDLE h,PVOID buffer,DWORD Count);
	DWORD	(__stdcall*fread)(HANDLE h,PVOID buffer,DWORD Count);
	BOOL	(__stdcall*fgets)(HANDLE h,OUT PSTR s);
	DWORD	(__stdcall*fputs)(HANDLE h,IN PSTR s);

//---------------------------------------------
	// Memory&Selector
	BOOL	(__stdcall*Set_Page_Map)(DWORD Linear,DWORD Map);
	BOOL	(__stdcall*Get_Page_Map)(DWORD Linear,DWORD* Map);
	BOOL	(__stdcall*LinearToPhys)(DWORD Linear,DWORD* Phys);
	BOOL	(__stdcall*PhysToLinear)(DWORD Phys ,DWORD* Linear);

	BOOL	(__stdcall*ifReadable_flat)(DWORD Linear);
	BOOL	(__stdcall*ifReadable)(PADDRE addr);
	BOOL	(__stdcall*ToFlat)(PADDRE addr,DWORD* Linear);
	
	BOOL	(__stdcall*CompareSel)( WORD seg1, WORD seg2 );
	WORD	(__stdcall*ValidSel)( WORD seg );
	// return the valid selector
	BOOL	(__stdcall*Sel16_32)( WORD sel );
	//0:invalid 1:16bit 2:32bit
	BOOL	(__stdcall*Sel_Ring0_3)( WORD sel );
	//0:invalid 1:Ring0 2:Ring3

	BOOL	(__stdcall*ValidAddr)(PADDRE ptgt,PADDRE psrc);

	void	(__stdcall*toR0CS)(DWORD linear,PADDRE paddr);
	void	(__stdcall*toR0DS)(DWORD linear,PADDRE paddr);
	void	(__stdcall*toR3CS)(DWORD linear,PADDRE paddr);
	void	(__stdcall*toR3DS)(DWORD linear,PADDRE paddr);
	BOOL	(__stdcall*ifR0CS)( PADDRE addr );
	BOOL	(__stdcall*ifR0DS)( PADDRE addr );
	BOOL	(__stdcall*ifR3CS)( PADDRE addr );
	BOOL	(__stdcall*ifR3DS)( PADDRE addr );

	BOOL	(__stdcall*ifLinear)(PADDRE paddr);
	VOID	(__stdcall*CurCSEIP)(PADDRE paddr);

	BOOL	(__stdcall*PeekB)(PADDRE paddr,OUT BYTE* b);
	BOOL	(__stdcall*PeekW)(PADDRE paddr,OUT WORD* w);
	BOOL	(__stdcall*PeekD)(PADDRE paddr,OUT DWORD* dw);

//---------------------------------------------
	// Hex&Dec&String
	PSTR	(__stdcall*str2dec)(PSTR s,OUT DWORD* d);
	PSTR	(__stdcall*str2hex)(PSTR s,OUT DWORD* d);
	VOID	(__stdcall*dec2str)(DWORD d,OUT PSTR s);
	VOID	(__stdcall*hex2str)(DWORD d,OUT PSTR s);

//---------------------------------------------
	// Kernel
	PPHOOKER hh_IntObj;
	// CallBack proc prohotype
	// BOOL STDCALL hookproc(DWORD IntNum) 

	PPHOOKER hh_PreEnterKernel;
	// CallBack proc prohotype
	// BOOL STDCALL hookproc() 
	// return TRUE will not enter kernel, v.v.

	PPHOOKER hh_EnterKernel;
	// CallBack proc prohotype
	// VOID STDCALL hookproc() 

	PPHOOKER hh_OnMessageLoop;
	// CallBack proc prohotype
	// BOOL STDCALL hookproc() 

	PPHOOKER hh_LeaveKernel;
	// CallBack proc prohotype
	// VOID STDCALL hookproc() 

	PPHOOKER hh_PostLeaveKernel;
	// CallBack proc prohotype
	// VOID STDCALL hookproc() 

	BYTE*	pfV86;
	BYTE*	pfPM;
	BYTE*	pfVMM;
	BYTE*	pfUserVM;

	CLIENT_STRUCT*	pUser;
	X86_REG_STRUCT*	pUserX86;

	DWORD*	pWindows_IntNum;

	DWORD*	pCur_Thread_Handle;
	DWORD*	pCur_VM_Handle;
	DWORD*	pCur_Process_DB;

	VOID	(__stdcall*Ring3_CallBack)(PVOID Ring3_callback,PVOID Ring0_callback);

	VOID	(__stdcall*Set_Enter_Kernel)();
	VOID	(__stdcall*Set_Leave_Kernel)();

	VOID	(__stdcall*UpdateIDT)( );

	BYTE	(__stdcall*Read_Port)( DWORD Port );
	VOID	(__stdcall*Write_Port)( DWORD Port, BYTE wData );
	
	BOOL	(__stdcall*GetExpression)(IN PSTR expr,OUT DWORD* result);

	VOID	(__stdcall*FatalError)(IN PSTR msg);

	VOID	(__stdcall*Begin_Nest_VMM_Exec)();
	VOID	(__stdcall*End_Nest_VMM_Exec)();

	BOOL*	pfSoft_1Step;
	BOOL	(__stdcall*GetTraceFlag)();
	VOID	(__stdcall*Get_Origin_Interrupt_Vector)( DWORD  IntNum,
										   DWORD* IntSeg,
										   DWORD* IntOff,
										   BOOL*  GateSize);

//---------------------------------------------
	// Driver
	// Timer
	DWORD	(__stdcall*Get_Time)();

	// Keyboard
	PPHOOKER hh_HotKey;
	// Hookprpoc:
	// BOOL STDCALL hookproc( DWORD keycode );     

	WORD	(__stdcall*Get_Key)( );
	VOID	(__stdcall*Clear_Key_Buf)( );
	BYTE	(__stdcall*Get_CTRL_Key)( );
	WORD	(__stdcall*Wait_Key)( );
	VOID	(__stdcall*Set_Ring0_Hotkey)(WORD key);
	VOID	(__stdcall*Set_Ring3_Hotkey)(WORD key);

	BYTE	(__stdcall*Get_Keyboard_State)();
	void	(__stdcall*Set_Keyboard_State)(BYTE f);

	// Display
	PPHOOKER hh_DisplaySetMode;
	// CallBack proc prohotype
	// BOOL STDCALL hookproc() 

	PPHOOKER hh_DisplaySaveRegister;
	// CallBack proc prohotype
	// BOOL STDCALL hookproc() 

	PPHOOKER hh_DisplayRestoreRegister;
	// CallBack proc prohotype
	// BOOL STDcALL hookproc() 

	PPHOOKER hh_Notify_Screen_Lines_Change;
	// Add/Remove change screen lines callback .
	// CallBack proc prohotype:
	// VOID STDCALL CallBack( DWORD Lines );

	VOID	(__stdcall*TRW2000_Screen)();
	VOID	(__stdcall*User_Screen)();
	VOID	(__stdcall*Set_Cursor)(BYTE x,BYTE y);
	VOID	(__stdcall*Change_Cursor)(BYTE Begin,BYTE End);
	DWORD	(__stdcall*Save_Hardware_Cursor_State)(void);
	VOID	(__stdcall*Restore_Cursor_State)(DWORD State);

	// Mouse
	VOID	(__stdcall*Get_Mouse_State)(MOUSE_STATE *State);
	VOID	(__stdcall*Mouse_Show)( );
	VOID	(__stdcall*Mouse_Hide)( );

//---------------------------------------------
	// Module16&Module32&VxD
	WORD	(__stdcall*GetMod16Handle)(IN PSTR modname);
	BOOL	(__stdcall*GetMod16Info)(PADDRE paddr,PSTR modname,DWORD* segnum,DWORD* off);
	BOOL	(__stdcall*GetMod16Info2)(PSTR modname,DWORD segnum,PADDRE paddr,DWORD* size);