SHARE
TWEET

Untitled

a guest Apr 19th, 2019 118 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <windows.h>
  2. #include <libloaderapi.h>
  3. #include "MinHook.h"
  4. #include <iostream>
  5.  
  6. typedef HANDLE(*CreateFileA_t)(LPCSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE);
  7. CreateFileA_t RealCreateFileA = NULL;
  8. typedef BOOL(*GetVolumeInformationA_t)(LPCSTR, LPSTR, DWORD, LPDWORD, LPDWORD, LPDWORD, LPSTR, DWORD);
  9. GetVolumeInformationA_t RealGetVolumeInformationA = NULL;
  10. typedef BOOL(*CreateProcessA_t)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION);
  11. CreateProcessA_t RealCreateProcessA = NULL;
  12.  
  13. EXTERN_C IMAGE_DOS_HEADER __ImageBase;
  14.  
  15. BOOL WINAPI CreateProcessAHook(
  16.     LPCSTR                lpApplicationName,
  17.     LPSTR                 lpCommandLine,
  18.     LPSECURITY_ATTRIBUTES lpProcessAttributes,
  19.     LPSECURITY_ATTRIBUTES lpThreadAttributes,
  20.     BOOL                  bInheritHandles,
  21.     DWORD                 dwCreationFlags,
  22.     LPVOID                lpEnvironment,
  23.     LPCSTR                lpCurrentDirectory,
  24.     LPSTARTUPINFOA        lpStartupInfo,
  25.     LPPROCESS_INFORMATION lpProcessInformation
  26. ) {
  27.     std::cout << "Yee haw! Time to hook into an innocent process!" << std::endl;
  28.     CHAR DllPath[MAX_PATH] = {0};
  29.     GetModuleFileNameA((HINSTANCE)&__ImageBase, DllPath, _countof(DllPath));
  30.  
  31.     BOOL a = CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, CREATE_SUSPENDED|dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
  32.     HANDLE proc = lpProcessInformation->hProcess;
  33.  
  34.     LPVOID addr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
  35.     LPVOID arg = (LPVOID)VirtualAllocEx(proc, NULL, strlen(DllPath), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
  36.     WriteProcessMemory(proc, arg, DllPath, strlen(DllPath), NULL);
  37.     HANDLE threadID = CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE)addr, arg, NULL, NULL);
  38.     CloseHandle(proc);
  39.     ResumeThread(lpProcessInformation->hThread);
  40.     return a;
  41. }
  42.  
  43.  
  44. DWORD gSerialNumber = -1;
  45. BOOL WINAPI GetVolumeInformationAHook(
  46.     /* _In_opt_  */ LPCSTR  lpRootPathName,
  47.     /* _Out_opt_ */ LPSTR   lpVolumeNameBuffer,
  48.     /* _In_      */ DWORD   nVolumeNameSize,
  49.     /* _Out_opt_ */ LPDWORD lpVolumeSerialNumber,
  50.     /* _Out_opt_ */ LPDWORD lpMaximumComponentLength,
  51.     /* _Out_opt_ */ LPDWORD lpFileSystemFlags,
  52.     /* _Out_opt_ */ LPSTR   lpFileSystemNameBuffer,
  53.     /* _In_      */ DWORD   nFileSystemNameSize)
  54. {
  55.  
  56.     if (strstr(lpRootPathName, "C:\\") == nullptr) {
  57.         return FALSE;
  58.     }
  59.  
  60.     // this seems to be the only thing BYOND cares about, so don't even bother touch the rest of the args
  61.     if (lpVolumeSerialNumber != nullptr) {
  62.         *lpVolumeSerialNumber = gSerialNumber;
  63.     }
  64.     return TRUE;
  65. }
  66.  
  67. HANDLE WINAPI CreateFileAHook(
  68.     LPCSTR                lpFileName,
  69.     DWORD                 dwDesiredAccess,
  70.     DWORD                 dwShareMode,
  71.     LPSECURITY_ATTRIBUTES lpSecurityAttributes,
  72.     DWORD                 dwCreationDisposition,
  73.     DWORD                 dwFlagsAndAttributes,
  74.     HANDLE                hTemplateFile)
  75. {
  76.     if (strstr(lpFileName, "\\\\.\\PhysicalDrive") != nullptr
  77.         || strstr(lpFileName, "\\\\.\\SCSI") != nullptr
  78.         || strstr(lpFileName, "sauth") != nullptr
  79.         || strstr(lpFileName, "cauth") != nullptr) {
  80.         // byond tries to find drives to ask for smart info, so don't let it do dat
  81.         std::cout << "Blocked " << lpFileName << std::endl;
  82.         return HANDLE(-1);
  83.     }
  84.  
  85.     return CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
  86. }
  87.  
  88. BOOL WINAPI DllMain(
  89.     _In_ HINSTANCE hinstDLL,
  90.     _In_ DWORD     fdwReason,
  91.     _In_ LPVOID    lpvReserved
  92. ) {
  93.     if (fdwReason == DLL_PROCESS_ATTACH) {
  94.         FILE* fp;
  95.        
  96.         AllocConsole();
  97.         freopen_s(&fp, "CONOUT$", "w", stdout);
  98.         if (MH_Initialize() != MH_OK)
  99.         {
  100.             return 1;
  101.         }
  102.         std::cout << "Attached and Initialized!" << std::endl;
  103.         if (MH_CreateHookApiEx(L"kernel32", "GetVolumeInformationA", reinterpret_cast<LPVOID*>(&GetVolumeInformationAHook), reinterpret_cast<LPVOID*>(&RealGetVolumeInformationA), NULL) != MH_OK) {
  104.             std::cout << "Failed to hook GetVolumeInformationA!" << std::endl;
  105.             return 1;
  106.         } else {
  107.             std::cout << "Hooked GetVolumeInformationA!" << std::endl;
  108.         }
  109.         if (MH_CreateHookApiEx(L"kernel32", "CreateFileA", reinterpret_cast<LPVOID*>(&CreateFileAHook), reinterpret_cast<LPVOID*>(&RealCreateFileA), NULL) != MH_OK) {
  110.             std::cout << "Failed to hook CreateFileA!" << std::endl;
  111.             return 1;
  112.         } else {
  113.             std::cout << "Hooked CreateFileA!" << std::endl;
  114.         }
  115.         if (MH_CreateHookApiEx(L"kernel32", "CreateProcessA", reinterpret_cast<LPVOID*>(&CreateProcessAHook), reinterpret_cast<LPVOID*>(&RealCreateProcessA), NULL) != MH_OK) {
  116.             std::cout << "Failed to hook CreateProcessA!" << std::endl;
  117.             return 1;
  118.         } else {
  119.             std::cout << "Hooked CreateProcessA!" << std::endl;
  120.         }
  121.     } else if (fdwReason == DLL_PROCESS_DETACH) {
  122.         FreeConsole();
  123.         if (MH_Uninitialize() != MH_OK)
  124.         {
  125.             return 1;
  126.         }
  127.     }
  128.     return 0;
  129. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top