capconsolenew.c

Cracker终结者——提供最优秀的软件保护技术

#if _MSC_VER > 1000
#pragma once
#endif

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include "ApiHooks.h"


void LibTest();

ADDR_CONTENTS AddrAndValue[3];
API_UNHOOK UnhookWriteConsoleA = {3,0,AddrAndValue};


void __stdcall UnhookApi(PAPI_UNHOOK unhook) {
	UINT i;
	ULONG OldAttr;
	for(i = 0; i < unhook->CurNoAddr; ++i)
          if(VirtualProtect(unhook->WhereWhat[i].ReturnWhere, sizeof(DWORD), PAGE_READWRITE, &OldAttr))
	  { *unhook->WhereWhat[i].ReturnWhere = unhook->WhereWhat[i].ReturnWhat;
            VirtualProtect(unhook->WhereWhat[i].ReturnWhere, sizeof(DWORD), OldAttr, &OldAttr);
	  };	
}


HANDLE hLog = INVALID_HANDLE_VALUE;


BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved)
{   
    switch (ul_reason_for_call)
    {
		case DLL_PROCESS_ATTACH:
			if(hLog == INVALID_HANDLE_VALUE)
                         hLog = CreateFile("console.log", GENERIC_WRITE, FILE_SHARE_READ,
                         NULL, CREATE_ALWAYS, 0, NULL);
		         break;
		case DLL_PROCESS_DETACH:
                         CloseHandle(hLog);
			 hLog = INVALID_HANDLE_VALUE;
                         UnhookApi(&UnhookWriteConsoleA);  
                         LibTest();
  			 break;
    }
    return TRUE;
}


BOOL WINAPI NewWriteConsoleA(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {              
      WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL);
      return(WriteConsoleA(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved));
}


FARPROC WINAPI NewGetProcAddress(HMODULE hModule, LPCSTR lpProcName) {
     if(hModule == GetModuleHandle("KERNEL32.DLL"))	{ 
      if(!lstrcmp(lpProcName, "WriteConsoleA"))  return((FARPROC)NewWriteConsoleA);
      if(!lstrcmp(lpProcName, "GetProcAddress")) return((FARPROC)NewGetProcAddress);
     }
     return(GetProcAddress(hModule, lpProcName));
}


// just for .lib test BEGIN
API_HOOK DynaHooks[4] = {
	{HOOKS_DYNAMIC},
	{"KERNEL32.DLL","WriteConsoleA", HOOK_ALL, ALL_MODULES, &UnhookWriteConsoleA, NewWriteConsoleA},
	{"KERNEL32.DLL","GetProcAddress",HOOK_ALL, ALL_MODULES, NULL, NewGetProcAddress},
	{HOOKS_END}
};

void LibTest() {
	 EstablishApiHooks("MyHooks.dll",0x123);
	 EstablishApiHooksTime((LPCSTR)DynaHooks,GetCurrentProcessId(),10000);
	 EstablishApiHooksTimeNT((LPCSTR)DynaHooks,GetCurrentProcessId(),10000);
	 RemoteExecuteTime(890,10000, NULL, 0, NULL);
	 RemoteExecuteTimeNT(890,10000, NULL, 0, NULL);
}
// just for .lib test END


API_HOOK ApiHookChain[3] = {
	{"KERNEL32.DLL","WriteConsoleA", HOOK_ALL, ALL_MODULES, &UnhookWriteConsoleA, NewWriteConsoleA},
	{"KERNEL32.DLL","GetProcAddress",HOOK_ALL, ALL_MODULES, NULL, NewGetProcAddress},
	{HOOKS_END}
};


// this is new function !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
__declspec(dllexport) PAPI_HOOK GetApiHookChain() {
        return ApiHookChain;
}