2022-10-30 17:33:02 +00:00
|
|
|
#include "logging.h"
|
|
|
|
|
|
2023-03-28 20:08:02 +00:00
|
|
|
#include "../../lib/mice/mice.h"
|
2022-12-24 03:04:04 +00:00
|
|
|
#include "../util/_util.h"
|
|
|
|
|
|
2022-10-30 17:33:02 +00:00
|
|
|
char* trim_string(char* string) {
|
|
|
|
|
size_t len = strlen(string) - 1;
|
|
|
|
|
|
|
|
|
|
DWORD oldProt;
|
|
|
|
|
while (len > 0 && (string[len] == '\n' || string[len] == '\r')) {
|
|
|
|
|
// TODO: Reassess this. Suspect it may be causing issues.
|
|
|
|
|
// Make sure we can write! This is a terrible hack, but it does work.
|
|
|
|
|
VirtualProtect(string + len, 1, PAGE_EXECUTE_READWRITE, &oldProt);
|
|
|
|
|
string[len--] = '\0';
|
|
|
|
|
VirtualProtect(string + len + 1, 1, oldProt, &oldProt);
|
|
|
|
|
}
|
|
|
|
|
return string;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define WORK_FORMAT_MAX 1024
|
|
|
|
|
char format_buf[WORK_FORMAT_MAX]; // Will do. We guard against overflow in Fake[f]printf
|
|
|
|
|
|
|
|
|
|
int WINAPIV Fakeprintf(const char* _Format, ...) {
|
|
|
|
|
size_t flen = strlen(_Format);
|
|
|
|
|
if (flen == strcspn(_Format, "\n") + 1 && flen < (sizeof format_buf)) {
|
|
|
|
|
strcpy_s(format_buf, WORK_FORMAT_MAX, _Format);
|
|
|
|
|
format_buf[flen - 1] = 0;
|
|
|
|
|
_Format = format_buf;
|
|
|
|
|
}
|
|
|
|
|
va_list args;
|
|
|
|
|
va_start(args, _Format);
|
|
|
|
|
|
2023-03-13 21:49:07 +00:00
|
|
|
int ret = vlog_game(plfPrintf, _Format, args);
|
2022-10-30 17:33:02 +00:00
|
|
|
|
|
|
|
|
va_end(args);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int WINAPIV Fakefprintf(FILE* _File, const char* _Format, ...) {
|
|
|
|
|
size_t flen = strlen(_Format);
|
|
|
|
|
if (flen == strcspn(_Format, "\n") + 1 && flen < (sizeof format_buf)) {
|
|
|
|
|
strcpy_s(format_buf, WORK_FORMAT_MAX, _Format);
|
|
|
|
|
format_buf[flen - 1] = 0;
|
|
|
|
|
_Format = format_buf;
|
|
|
|
|
}
|
|
|
|
|
va_list args;
|
|
|
|
|
va_start(args, _Format);
|
|
|
|
|
|
2023-03-13 21:49:07 +00:00
|
|
|
int ret = vlog_game(plfFprintf, _Format, args);
|
2022-10-30 17:33:02 +00:00
|
|
|
|
|
|
|
|
va_end(args);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int WINAPIV Fakefprintf_s(FILE* _Stream, const char* _Format, ...) {
|
|
|
|
|
va_list args;
|
|
|
|
|
va_start(args, _Format);
|
|
|
|
|
|
2023-03-13 21:49:07 +00:00
|
|
|
int ret = vlog_game(plfFprintf_s, _Format, args);
|
2022-10-30 17:33:02 +00:00
|
|
|
|
|
|
|
|
va_end(args);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
int WINAPIV Fakevfprintf_s(FILE* _Stream, const char* _Format, va_list _ArgList) {
|
2023-03-13 21:49:07 +00:00
|
|
|
return vlog_game(plfVfprintf_s, _Format, _ArgList);
|
2022-10-30 17:33:02 +00:00
|
|
|
}
|
2022-12-24 03:04:04 +00:00
|
|
|
HANDLE WINAPI FakeRegisterEventSourceA(LPCSTR lpUNCServerName, LPCSTR lpSourceName) {
|
|
|
|
|
return (HANDLE)0xDEADBEEF;
|
|
|
|
|
}
|
2022-10-30 17:33:02 +00:00
|
|
|
|
2022-12-24 03:04:04 +00:00
|
|
|
BOOL WINAPI FakeReportEventA(HANDLE hEventLog, WORD wType, WORD wCategory, DWORD dwEventID,
|
|
|
|
|
PSID lpUserSid, WORD wNumStrings, DWORD dwDataSize, LPCSTR* lpStrings,
|
|
|
|
|
LPVOID lpRawData) {
|
2022-10-30 17:33:02 +00:00
|
|
|
switch (wType) {
|
|
|
|
|
case EVENTLOG_SUCCESS:
|
|
|
|
|
case EVENTLOG_AUDIT_SUCCESS:
|
2022-12-24 03:04:04 +00:00
|
|
|
for (int i = 0; i < wNumStrings; i++)
|
2023-03-13 21:49:07 +00:00
|
|
|
log_misc(plfEvtlog, trim_string((char*)lpStrings[i]));
|
2022-10-30 17:33:02 +00:00
|
|
|
break;
|
|
|
|
|
case EVENTLOG_AUDIT_FAILURE:
|
|
|
|
|
case EVENTLOG_ERROR_TYPE:
|
2022-12-24 03:04:04 +00:00
|
|
|
for (int i = 0; i < wNumStrings; i++)
|
2023-03-13 21:49:07 +00:00
|
|
|
log_error(plfEvtlog, trim_string((char*)lpStrings[i]));
|
2022-10-30 17:33:02 +00:00
|
|
|
break;
|
|
|
|
|
case EVENTLOG_WARNING_TYPE:
|
2022-12-24 03:04:04 +00:00
|
|
|
for (int i = 0; i < wNumStrings; i++)
|
2023-03-13 21:49:07 +00:00
|
|
|
log_warning(plfEvtlog, trim_string((char*)lpStrings[i]));
|
2022-10-30 17:33:02 +00:00
|
|
|
break;
|
|
|
|
|
case EVENTLOG_INFORMATION_TYPE:
|
|
|
|
|
default:
|
2022-12-24 03:04:04 +00:00
|
|
|
for (int i = 0; i < wNumStrings; i++)
|
2023-03-13 21:49:07 +00:00
|
|
|
log_info(plfEvtlog, trim_string((char*)lpStrings[i]));
|
2022-10-30 17:33:02 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return TRUE;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
BOOL WINAPI FakeDeregisterEventSource(HANDLE hEventLog) { return TRUE; }
|
|
|
|
|
|
|
|
|
|
// static VOID(WINAPI* TrueOutputDebugStringA)(LPCSTR lpOutputString);
|
2022-12-24 03:04:04 +00:00
|
|
|
// VOID WINAPI FakeOutputDebugStringA(LPCSTR lpOutputString) { log_info("debug", "%s",
|
|
|
|
|
// lpOutputString); }
|
2022-10-30 17:33:02 +00:00
|
|
|
|
|
|
|
|
void hook_logging() {
|
2023-02-14 07:09:08 +00:00
|
|
|
// hook("MSVCR90.DLL", "printf", Fakeprintf, (void**)&Trueprintf);
|
|
|
|
|
// hook("MSVCR90.DLL", "fprintf", Fakefprintf, (void**)&Truefprintf);
|
|
|
|
|
// hook("MSVCR90.DLL", "fprintf_s", Fakefprintf_s, (void**)&Truefprintf_s);
|
|
|
|
|
// hook("MSVCR90.DLL", "vfprintf_s", Fakevfprintf_s, (void**)&Truevfprintf_s);
|
2022-10-30 17:33:02 +00:00
|
|
|
|
2022-12-24 03:04:04 +00:00
|
|
|
hook("Advapi32.dll", "RegisterEventSourceA", FakeRegisterEventSourceA,
|
2023-02-10 04:22:16 +00:00
|
|
|
(void**)&TrueRegisterEventSourceA);
|
|
|
|
|
hook("Advapi32.dll", "ReportEventA", FakeReportEventA, (void**)&TrueReportEventA);
|
2022-12-24 03:04:04 +00:00
|
|
|
hook("Advapi32.dll", "DeregisterEventSource", FakeDeregisterEventSource,
|
2023-02-10 04:22:16 +00:00
|
|
|
(void**)&TrueDeregisterEventSource);
|
2022-10-30 17:33:02 +00:00
|
|
|
}
|
