miniglobalexe.cpp

Cracker终结者——提供最优秀的软件保护技术

//#define UNICODE
#ifdef UNICODE
  #define _UNICODE
#endif
#include <windows.h>
#include <tchar.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>

/////////////////////////////////////////////////////////
DWORD EnumPIDs(DWORD **pPIDs) {
  LONG r=0, s=r+1, t;
  DWORD *buf=NULL;
  while(s>r) { 
    r=s+0x100;  
    if(buf)
      LocalFree(buf);
    if(buf=(LPDWORD)LocalAlloc(LPTR, r*sizeof(LONG)))
       if((s = BuildPIDList(buf, r, PW_ALLSESSIONS)) == PW_MEMERROR)
         return((DWORD)LocalFree(buf));
       else
         *pPIDs = buf;
    else
      return(0);
  }
  return(s);
}
/////////////////////////////////////////////////////////
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
  DWORD i, nPIDs, *PIDs, nHookedPIDs;
  TCHAR Message[128], Hooks_DLL[MAX_PATH]; 

    HINSTANCE hntdll;
    BYTE  WasEn;
    typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, BYTE*);
    TRAP  RAP;
    if(hntdll = GetModuleHandle(_T("NTDLL.DLL")))
      if(RAP = (TRAP)GetProcAddress(hntdll, "RtlAdjustPrivilege"))
        RAP(20, TRUE, 0, &WasEn);
                
//get Hooks_DLL name assuming it's like main module name but with dll extension
  nPIDs = GetModuleFileName(NULL, Hooks_DLL, sizeof(Hooks_DLL)/sizeof(TCHAR));
  Hooks_DLL[--nPIDs] = 'L';   
  Hooks_DLL[--nPIDs] = 'L';   
  Hooks_DLL[--nPIDs] = 'D';   

//enumerate processes
  nPIDs = EnumPIDs(&PIDs);

  if(nPIDs == 0)
    return(MessageBox(NULL, _T("No memory or BuildPIDList failed!"), _T("MiniGlobal"), MB_OK));
    
//Test ApiWorks (apply hooks to enumerated processes)
  nHookedPIDs = 0;
  for(i=0; i<nPIDs; i++)
    if(!(GetProcFlags(PIDs[i])&RC_PF_DEBUGGED))
      if(EstablishApiHooks(NULL, Hooks_DLL, PIDs[i], 20000) == ErrorAWSuccess)
        ++nHookedPIDs; 

  wsprintf(Message, _T("Hooks established in %u of %u processes"), nHookedPIDs, nPIDs);
  MessageBox(NULL, Message, _T("EstablishApiHooks"), MB_OK);

//Test ModWorks (load module to enumerated processes)
  nHookedPIDs = 0;
  DWORD NotMe = 0x12345678;
  for(i=0; i<nPIDs; i++)
    if(!(GetProcFlags(PIDs[i])&RC_PF_DEBUGGED))
      if(LoadAndCall(NULL, Hooks_DLL, PIDs[i], 20000, 1, _T("NotMe"), 1, &NotMe) == ~NotMe)
        ++nHookedPIDs;

  wsprintf(Message, _T("Module loaded into %u of %u processes"), nHookedPIDs, nPIDs);
  MessageBox(NULL, Message, _T("LoadAndCall"), MB_OK);


//Test ModWorks (unload 2x module from enumerated processes)
  nHookedPIDs = 0;
  for(i=0; i<nPIDs; i++)
    if(!(GetProcFlags(PIDs[i])&RC_PF_DEBUGGED))
      if(UnloadModule(NULL, Hooks_DLL, PIDs[i], 20000, 2) == 0)
        ++nHookedPIDs; 

  wsprintf(Message, _T("Module isn't present at least in %u processes"), nHookedPIDs);
  MessageBox(NULL, Message, _T("UnloadModule"), MB_OK);

  LocalFree(PIDs);
  return(0);
}