loaderactions.cpp

此为破解装载器一书中的源代码,在看雪论坛下载的,

// LoaderActions.cpp : Defines the entry point for the console application.
//

#include "LoaderActions.h"


//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

Loader::Loader() 
{
	//TODO: insert specific actions if you require additional initialization
	SetStartingMsg("Loader working...wait a little\nCreditz 2 Shub-Nigurrath & ThunderPwr [at] ARTEam");
}

Loader::~Loader() 
{
	//TODO: insert specific actions if you require additional de-initialization
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

//Receives 
//- the Stack of Patch elements that must be properly filled 
//- the victim file name, containing a valid path to the pathced file 
BOOL Loader::InitializePatchStack(growing_arraystack<Patch> &stkPatches) 
{
	//////////////////////////////////////////////////////////////////////////
	//This is the filling of the patches stack.
	//you can use one of the constructors available.
	// The first only requires the patch address and the new byte
	//  so no controls will be performed later, the loader will only do a simply
	//  write to that memory section, regardless of the read value.
	// The second way, used here is to also add the original bytes, doing so 
	//  the loader will also check if the byte read at the memory location specified 
	//  is equal to the original byte you expected to be there.
	//	if not the patch is not applied.
	// The third one allows to specify a callback which is called when trying to perform 
	//  the patch. 
	//Note that the patches are all applied subsequently after the gate condition is met 
	//(see GateProcedure())
	
	//NB 0x00 must explicitly converted to BYTE because otherwise the complier confuses 
	//it with a NULL pointer and doesn't know which constructor of class Patch to use.

	//TODO: insert specific patches for the target

	return TRUE;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

//Simply used to specify the victim's filename, received the storing variable.
BOOL Loader::SetVictimDetails(TextString &victimFileName) 
{

	//TODO: customize this function, according to the target needs

#ifndef _DEBUG
	victimFileName=TextString(".\\_Target.exe");
#else
	victimFileName=TextString("c:\\complete_path_of_installatio\\_Target.exe");
#endif

	//Set this parameter to true when you want the loader to check the CRC of the file!
	//Otherwise comment the line
	SetVictimCRC(0xABCDEF);

	return TRUE;

}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

BOOL Loader::ActionsBeforeGateProcedure() 
{
	//TODO: insert specific actions 
	return TRUE;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

//Callback of EnumDesktopWindows
BOOL CALLBACK EnumWindowsProc(
		  HWND hWnd,      // handle to parent window
		  LPARAM lParam   // application-defined value 
		  ) 
{
	//TODO: customize the test of the main window's application according to the target.
	
	char ClassName[256];
	
	//Retrieve the classname of the given handle
	GetClassName(hWnd,ClassName, 256);
	char caption[256];
	//Retrieve the caption of the given handle
	GetWindowText(hWnd, caption,256);
	
	//Check of the window I want to find, It's specific of the application
	//We have to wait till the window is visible because all the checks happens before this point.
	if(strstr(caption,"target's toolbar text")!=0 && 
		IsWindowVisible(hWnd) &&
		_stricmp(ClassName,"ClassType of the main window")==0) 
	{
		//a little of casting required to return the final BOOL to the caller, via an LPARAM
		//parameter, which afterall is a generic LPVOID.
		BOOL *flag=(BOOL*)lParam;
		*flag=TRUE;
		
		//		char str[256];
		//		sprintf(str,"Hwnd=%x",hWnd);
		//		::MessageBox(NULL,str, caption, MB_OK);
		return FALSE;
	}
	
	return TRUE;
}		

//THE FUNCTION GATEPROCEDURE MUST ALWAYS BE DEFINED WITH THIS PROTOTYPE. 
//RETURNED VALUE IS TRUE WHEN THE MATCHING CONDITION REQUIRED TO START 
//THE PATCH IS MET.
//OFTEN THIS FUNCTION SIMPLY CHECKS FOR A SPECIFIED DWORD VALUE IN A SPECIFIED
//MEMORY LOCATION, AFTER WHICH THE CHECKS HAVE ALL BEEN SUCCESFULLY DONE.
BOOL Loader::GateProcedure() 
{
	BOOL bRet=FALSE;
	//Enum all the windows starting from the desktop, one by one, also the
	//hidden windows. Each handle is passed to EnumWindowsProc which decides
	//what to do with that handle. Actually it returns if it's the victim's window.
	EnumDesktopWindows(NULL, EnumWindowsProc, (LPARAM)&bRet);
	
	return bRet;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

BOOL Loader::ActionsAfterGateProcedure() 
{
	//Stop debugger action and let program run freely
	DWORD dwProcessId = GetProcessId(GetPI()->hProcess);
	BOOL  bDbgStopFlag = DebugActiveProcessStop(dwProcessId);
	
	
	return TRUE;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

//This function is called just before the call to CreateProcess. Could be left empty.
BOOL Loader::ActionsBeforeCreateProc() 
{ 
	return TRUE;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////


//This function is called just before the process has been created but it is still in waiting mode
BOOL Loader::ActionsAfterCreateProc() 
{
	HideDebugger(GetPI()->hThread, GetPI()->hProcess);
	return TRUE;
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////

//This function is called just before closing the loader, after all the actions have been performed.
BOOL Loader::ActionsBeforeClosingLoader() 
{ 
	return TRUE; 
}

//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////