wslog2dll.cpp

Cracker终结者——提供最优秀的软件保护技术

#define  WIN32_LEAN_AND_MEAN
//#define UNICODE
#ifdef UNICODE
  #define _UNICODE
#endif
#include <stdio.h>
#define  _WIN32_WINNT 0x400
#include <windows.h>
#include <tchar.h>
#define  AH_STATIC_LINKING
#include <ApiHooks.h>

#define  INCL_WINSOCK_API_TYPEDEFS 1
#include <winsock2.h>

#include "WSLog2.h"

#define W9XPLockName _T("W9XPLock")

BOOL bIsNT;
BOOL Initialized = FALSE;

typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, BYTE*);
TRAP RAP = NULL;

/////////////////////////////////////////////////////////
#define NHELPERAPIS 2 //CPW, CPE
#define NWSAPIS 2     //send, gethost

#define WSLIBName (ApiHookChain[NHELPERAPIS+1].ModuleExport)

typedef struct _WSOCK9XPROCESS {
  DWORD PID;
  LPFN_GETHOSTBYNAME Oldgethostbyname;
  LPFN_SEND Oldsend;
} WSOCK9XPROCESS, *PWSOCK9XPROCESS;


#define MAX_WSOCK9XPROCESSES 256
WSOCK9XPROCESS ws9xprocess[MAX_WSOCK9XPROCESSES] = {0, NULL, NULL};

LONG WINAPI FindWS9XProcess(DWORD PID) {
  for(LONG i=0; i<MAX_WSOCK9XPROCESSES; i++)
    if(ws9xprocess[i].PID == PID)
      return(i);
  return(-1);
}
/////////////////////////////////////////////////////////

HANDLE hEV;

BOOL IsActive(VOID) {
  return(WaitForSingleObject(hEV, 0) != WAIT_OBJECT_0);
}

API_HOOK ApiHookChain[];
/////////////////////////////////////////////////////////

VOID WINAPI PostMsg(TCHAR *SpecificMsg) {
  #define commonpost_templ TEXT("******\n0x%.3X='%s':\n%s\n")
  HANDLE hMS, hMU;
  DWORD  i, j;
  TCHAR  *Msg;
  BYTE WasEn;

  //bypass traverse checking
  if(RAP)
    RAP(23, TRUE, 0, &WasEn);

  if(Msg = (TCHAR *)LocalAlloc(LPTR, (_tcslen(SpecificMsg)+sizeof(commonpost_templ)+64+MAX_PATH)*sizeof(TCHAR))) {
    i = wsprintf(Msg, commonpost_templ, GetCurrentProcessId(), GetCommandLine(), SpecificMsg)*sizeof(TCHAR);
    hMS = CreateFile(MSName, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
    if(hMS != INVALID_HANDLE_VALUE) {
      if((hMU = OpenMutex(SYNCHRONIZE, FALSE, MUName)) == 0)
        hMU = OpenMutex(SYNCHRONIZE, FALSE, BaseMUName);
      if(hMU) {
        WaitForSingleObject(hMU, INFINITE);
        while(i > MS_MAX_MSG_SIZE) {
          WriteFile(hMS, Msg, MS_MAX_MSG_SIZE, &j, NULL);
          Msg = (TCHAR *)((BYTE *)Msg +j);
          i -= j;
        }
        WriteFile(hMS, Msg, i, &j, NULL);
        ReleaseMutex(hMU);
        CloseHandle(hMU);
      }
      CloseHandle(hMS);
    } 
    LocalFree(Msg);
  }
  if(RAP)
    RAP(23, WasEn, 0, &WasEn);
}
/////////////////////////////////////////////////////////

LPFN_WSAGETLASTERROR WINAPI GetWSAGLE(VOID) {
  return((LPFN_WSAGETLASTERROR)GetProcAddress(GetModuleHandleA(WSLIBName), "WSAGetLastError"));
}

LPFN_WSASETLASTERROR WINAPI GetWSASLE(VOID) {
  return((LPFN_WSASETLASTERROR)GetProcAddress(GetModuleHandleA(WSLIBName), "WSASetLastError"));
}

char *ssss = "'";
char *azeroch = "\0";
TCHAR *zeroch = TEXT("\0");

/////////////////////////////////////////////////////////
HOSTENT FAR *WSAAPI Newgethostbyname(const char FAR *name) {
  #define gethostbynamesuccess_templ TEXT("h_name = '%hs'\nh_aliases = %hs\nh_addrtype = %d\nh_length = %d\nh_addr_list= %hs")
  #define gethostbynamefailed_templ TEXT("FAILED (%d)")
  #define gethostbyname_templ TEXT("gethostbyname(%hs):\n%s")

  HOSTENT FAR  *Result;
  int     WSALastError;
  DWORD   i, h_aliases_len=0, h_addr_list_len=0, SubMsg_len=0;
  void    *memptr;
  char    *h_aliases = ssss, *h_addr_list = ssss;
  TCHAR   *SubMsg = zeroch, *MainMsg = NULL;

  LPFN_WSAGETLASTERROR pWSAGetLastError = GetWSAGLE();
  LPFN_WSASETLASTERROR pWSASetLastError = GetWSASLE();

  Result = ws9xprocess[FindWS9XProcess(GetCurrentProcessId())].Oldgethostbyname(name);
  if(Initialized && IsActive()) {
    WSALastError = pWSAGetLastError();
    if(Result) {

      for(i=0; Result->h_aliases[i] != NULL;i++)
         h_aliases_len += strlen(Result->h_aliases[i]) + 4;
      if(h_aliases_len != 0) {
        memptr = LocalAlloc(LPTR, h_aliases_len);
        if(memptr) {
          h_aliases = (char *)memptr;
          h_aliases[0] = '\0';
          while(i) {
            strcat(h_aliases, "'");
            strcat(h_aliases, Result->h_aliases[--i]);
            strcat(h_aliases, "'");
            if(i)
              strcat(h_aliases, ", ");
          }
        }
      }

      for(i=0; Result->h_addr_list[i] != NULL;i++)
         h_addr_list_len += strlen(Result->h_addr_list[i]) + 4;
      if(h_addr_list_len != 0) {
        memptr = LocalAlloc(LPTR, h_addr_list_len);
        if(memptr) {
          h_addr_list = (char *)memptr;
          h_addr_list[0] = '\0';
          while(i) {
            strcat(h_addr_list, "'");
            strcat(h_addr_list, Result->h_addr_list[--i]);
            strcat(h_addr_list, "'");
            if(i)
              strcat(h_addr_list, ", ");
          }
        } 
      }
      memptr = LocalAlloc(LPTR, (h_aliases_len +h_addr_list_len +64)*sizeof(TCHAR) +sizeof(gethostbynamesuccess_templ));
      if(memptr) {
        SubMsg = (TCHAR *)memptr;
        SubMsg_len = wsprintf(SubMsg, gethostbynamesuccess_templ, Result->h_name, h_aliases, Result->h_addrtype, Result->h_length, h_addr_list);
      }
    }
    else {
      memptr = LocalAlloc(LPTR, (64)*sizeof(TCHAR) +sizeof(gethostbynamefailed_templ));
      if(memptr) {
        SubMsg = (TCHAR *)memptr;
        SubMsg_len = wsprintf(SubMsg, gethostbynamefailed_templ, WSALastError);
      }
    }
    memptr = LocalAlloc(LPTR, (SubMsg_len +64)*sizeof(TCHAR) +sizeof(gethostbyname_templ));
    if(memptr) {
       MainMsg = (TCHAR *)memptr;
      wsprintf(MainMsg, gethostbyname_templ, name, SubMsg);
      PostMsg(MainMsg);
    }
    if(MainMsg)
      LocalFree(MainMsg);
    if(SubMsg != zeroch)
      LocalFree(SubMsg);
    if(h_addr_list != ssss)
      LocalFree(h_addr_list);
    if(h_aliases != ssss)
      LocalFree(h_aliases);
    pWSASetLastError(WSALastError);
  }
  return(Result);
}
/////////////////////////////////////////////////////////

int WSAAPI Newsend(SOCKET s, const char FAR * buf, int len, int flags) {
  #define sendstandard_templ TEXT("s = %u\n*buf = '%hs'\nlen = %d\nflags = %s\n")
  #define sendsuccess_templ TEXT("Sent %d bytes")
  #define sendfailed_templ TEXT("SOCKET_ERROR (%d)")
  #define send_templ TEXT("send:\n%s%s")
  #define szMSG_DONTROUTE TEXT("MSG_DONTROUTE")
  #define szMSG_OOB TEXT("MSG_OOB")

  int     Result, WSALastError;
  DWORD   i=0, j=0, SubMsg_len=0, Status_len=0;
  void    *memptr;
  TCHAR   s_flags[(sizeof(szMSG_DONTROUTE)+sizeof(szMSG_DONTROUTE))/sizeof(TCHAR)+64];
  char    *s_buf = azeroch;
  TCHAR   *SubMsg = zeroch, *Status = zeroch, *MainMsg = NULL;

  LPFN_WSAGETLASTERROR pWSAGetLastError = GetWSAGLE();
  LPFN_WSASETLASTERROR pWSASetLastError = GetWSASLE();

  Result = ws9xprocess[FindWS9XProcess(GetCurrentProcessId())].Oldsend(s, buf, len, flags);
  if(Initialized && IsActive()) {
    WSALastError = pWSAGetLastError();
    if(flags & (MSG_DONTROUTE | MSG_OOB)) {
      if(flags & MSG_DONTROUTE)
        _tcscat(s_flags, szMSG_DONTROUTE);
      if(flags & MSG_OOB)
        _tcscat(s_flags, szMSG_OOB);
    }
    else
      wsprintf(s_flags, TEXT("%d"), flags);

    memptr = LocalAlloc(LPTR, len+1);
    if(memptr) {
       s_buf = (char *)memptr;
       strncpy(s_buf, buf, len);
       s_buf[len] = '\0';
    }

    memptr = LocalAlloc(LPTR, (_tcslen(s_flags) +len +64)*sizeof(TCHAR) +sizeof(sendstandard_templ));
    if(memptr) {
       SubMsg = (TCHAR *)memptr;
       SubMsg_len = wsprintf(SubMsg, sendstandard_templ, s, s_buf, len, s_flags, Result);
    }

    memptr = LocalAlloc(LPTR, (64)*sizeof(TCHAR) +sizeof(sendfailed_templ));
    if(memptr) {
      Status = (TCHAR *)memptr;