📄 globalcexe.cpp
字号:
#define WIN32_LEAN_AND_MEAN
//#define UNICODE
#ifdef UNICODE
#define _UNICODE
#endif
#include <stdio.h>
#include <conio.h>
#include <string.h>
#include <windows.h>
#include <tchar.h>
#include <stdlib.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>
#include "GlobalC.h"
/////////////////////////////////////////////////////////
DWORD EnumPIDs(DWORD **pPIDs) {
LONG r=0, s=r+1, t;
DWORD *buf=NULL;
while(s>r) {
r=s+0x100;
if(buf)
LocalFree(buf);
if(buf=(LPDWORD)LocalAlloc(LPTR, r*sizeof(LONG)))
if((s = BuildPIDList(buf, r, PW_ALLSESSIONS)) == PW_MEMERROR)
return((DWORD)LocalFree(buf));
else
*pPIDs = buf;
else
return(0);
}
return(s);
}
/////////////////////////////////////////////////////////
BOOL Active = TRUE;
DWORD WINAPI ReadMS(HANDLE hMS) {
DWORD i;
TCHAR Msg[MS_MAX_MSG_SIZE/sizeof(TCHAR)];
while(Active)
if(ReadFile(hMS, Msg, MS_MAX_MSG_SIZE, &i, NULL))
_tprintf(Msg);
return(CloseHandle(hMS));
}
/////////////////////////////////////////////////////////
LPTSTR ExeNameOnly(LPTSTR ProcName) {
int i = _tcslen(ProcName);
for(; i>=0; i--)
if(ProcName[i] == '\\')
return ProcName+i+1;
return(ProcName);
}
/////////////////////////////////////////////////////////
typedef union {
COORD coord;
WORD wsize[2];
} LCC32_COORD;
int _tmain(VOID) {
LCC32_COORD cbsize = {{80, 0x910}};
BOOL TryLater;
HANDLE hMS, hMU=NULL, StdOut, hMSC;
DWORD i, nPIDs, *PIDs, AHResult;
BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa = {sizeof(sa), &sd, FALSE}, *psa = NULL;
TCHAR ch, ProcName[MAX_PATH], Hooks_DLL[MAX_PATH];
FreeConsole();
AllocConsole();
SetConsoleTitle(TEXT("GlobalC Messages (Press any key to perform unhooking)"));
if(InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
if(SetSecurityDescriptorDacl(&sd, TRUE, (PACL)NULL, FALSE))
psa = &sa;
if((hMS = CreateMailslot(MSName, MS_MAX_MSG_SIZE, 2000, psa)) == INVALID_HANDLE_VALUE) {
_tprintf(TEXT("\nGCSRV: Can't create mailslot!"));
return(getch());
}
if(!(hMU = CreateMutex(psa, FALSE, MUName)))
hMU = CreateMutex(psa, FALSE, BaseMUName);
if(!hMU) {
_tprintf(TEXT("\nGCSRV: Can't create mutex!"));
CloseHandle(hMS);
}
else {
StdOut = GetStdHandle(STD_OUTPUT_HANDLE);
while(!SetConsoleScreenBufferSize(StdOut, cbsize.coord))
cbsize.wsize[1] -= 0x10;
//get Hooks_DLL name assuming it's like main module name but with dll extension
nPIDs = GetModuleFileName(NULL, Hooks_DLL, sizeof(Hooks_DLL)/sizeof(TCHAR));
Hooks_DLL[nPIDs-1] = 'L';
Hooks_DLL[nPIDs-2] = 'L';
Hooks_DLL[nPIDs-3] = 'D';
//enumerate processes
if((nPIDs = EnumPIDs(&PIDs)) == 0)
_tprintf(TEXT("\nGCSRV: No memory or BuildPIDList failed!"));
else {
//filter system processes out, if requested
HINSTANCE hntdll;
BYTE WasEn;
typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, BYTE*);
TRAP RAP;
if(hntdll = GetModuleHandle(_T("ntdll.dll")))
if(RAP = (TRAP)GetProcAddress(hntdll, "RtlAdjustPrivilege"))
if(RAP(20, FALSE, 0, &WasEn) >=0) {
do {
_tprintf(TEXT("\nGCSRV: Do you wish to hook system processes [Y/N]?"));
ch = getch() | ' ';
} while(!((ch == 'y') || (ch == 'n')));
if(ch == 'y')
RAP(20, TRUE, 0, &WasEn);
}
//create ReadMS thread
HANDLE hThread = CreateThread(NULL, 0, ReadMS, hMS, 0, &i);
//apply hooks to enumerated processes
for(i=0; i<nPIDs; i++) {
ProcName[0] = '\0';
PID2ProcessName(PIDs[i], ProcName);
WaitForSingleObject(hMU, INFINITE);
_tprintf(TEXT("\nGCSRV: Hooking 0x%.3X='%s' .."), PIDs[i], ExeNameOnly(ProcName));
if(GetProcFlags(PIDs[i]) & RC_PF_DEBUGGED) {
#ifdef TRY_DEBUGGEE
AHResult = EstablishApiHooks(NULL, Hooks_DLL, PIDs[i], TRY_DEBUGGEE);
#else
AHResult = ErrorDebugged;
#endif
}
else
AHResult = EstablishApiHooks(NULL, Hooks_DLL, PIDs[i], 40000);
if(AHResult == 0)
AHResult += (ErrorAHMin-1);
_tprintf(TEXT("%s"), EAHErrorMessages[AHResult-ErrorAHMin+1]);
ReleaseMutex(hMU);
}
LocalFree(PIDs);
do {
getch();
//do unhooking
TryLater = FALSE;
//enumerate processes
if((nPIDs = EnumPIDs(&PIDs)) == 0) {
_tprintf(TEXT("\nGCSRV: No memory or BuildPIDList failed!\n"));
break;
}
else {
for(i=0; i<nPIDs; i++) {
ProcName[0] = '\0';
PID2ProcessName(PIDs[i], ProcName);
WaitForSingleObject(hMU, INFINITE);
_tprintf(TEXT("\nGCSRV: Requesting unloading from 0x%.3X='%s' .."), PIDs[i], ExeNameOnly(ProcName));
if(GetProcFlags(PIDs[i]) & RC_PF_DEBUGGED) {
#ifdef TRY_DEBUGGEE
AHResult = LoadAndCall(NULL, Hooks_DLL, PIDs[i], TRY_DEBUGGEE, 0, TEXT("HooksCanUnloadNow"), 0, NULL);
#else
AHResult = ErrorDebugged;
#endif
}
else {
AHResult = LoadAndCall(NULL, Hooks_DLL, PIDs[i], 40000, 0, TEXT("HooksCanUnloadNow"), 0, NULL);
}
if((ErrorAMMin <= AHResult) && (AHResult <= ErrorLACMax))
_tprintf(TEXT("%s"), LACErrorMessages[AHResult-ErrorAHMin+1]);
else
_tprintf(TEXT("strange error!"));
ReleaseMutex(hMU);
BOOL WantsUnload = AHResult == ErrorUnloaded;
if(AHResult >= ErrorOverHooked)
TryLater = TRUE;
else
if(AHResult > ErrorUnloaded) {
do {
_tprintf(TEXT("\nGCSRV: Unload from 0x%.3X='%s' anyway [Y/N]?"), PIDs[i], ExeNameOnly(ProcName));
ch = getch() | ' ';
} while(!((ch == 'y') || (ch == 'n')));
if(ch == 'y')
WantsUnload = ch == 'y';
else
TryLater = TRUE;
}
if(WantsUnload) {
WaitForSingleObject(hMU, INFINITE);
_tprintf(TEXT("\nGCSRV: Unloading from 0x%.3X='%s' .."), PIDs[i], ExeNameOnly(ProcName));
if(GetProcFlags(PIDs[i]) & RC_PF_DEBUGGED) {
#ifdef TRY_DEBUGGEE
AHResult = UnloadModule(NULL, Hooks_DLL, PIDs[i], TRY_DEBUGGEE, 1);
#else
AHResult = ErrorDebugged;
#endif
}
else
AHResult = UnloadModule(NULL, Hooks_DLL, PIDs[i], 40000, 1);
if(AHResult == 0)
AHResult += (ErrorAMMin-1);
if((ErrorAMMin-1 <= AHResult) && (AHResult <= ErrorULMMax))
_tprintf(TEXT("%s"), ULMErrorMessages[AHResult-ErrorAHMin+1]);
else {
_tprintf(TEXT("still present. Try once again."));
TryLater = TRUE;
}
ReleaseMutex(hMU);
}
}//for
LocalFree(PIDs);
}//else pids 2
} while(TryLater);
Active = FALSE;
WaitForSingleObject(hThread, 3000);
} //else pids 1
CloseHandle(hMU);
}//hMS
SetConsoleTitle(TEXT("Press any key to quit"));
return getch();
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -