2022-10-30 17:33:02 +00:00
|
|
|
#include "processes.h"
|
|
|
|
|
|
|
|
|
|
const wchar_t* HOOK_BINARIES[] = {
|
|
|
|
|
L"app\\ALLNetProc.exe",
|
|
|
|
|
L"app\\CameraUploader.exe",
|
|
|
|
|
L"app\\GmSync.exe",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define DISABLE_PROC_SPAWNING
|
|
|
|
|
|
2022-12-24 03:04:04 +00:00
|
|
|
BOOL WINAPI FakeCreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine,
|
|
|
|
|
LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
|
|
|
LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles,
|
|
|
|
|
DWORD dwCreationFlags, LPVOID lpEnvironment,
|
|
|
|
|
LPCSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo,
|
|
|
|
|
LPPROCESS_INFORMATION lpProcessInformation) {
|
|
|
|
|
log_info("spawn", "CreateProcessA %s %s", lpApplicationName, lpCommandLine);
|
|
|
|
|
|
2023-02-14 07:09:08 +00:00
|
|
|
return TrueCreateProcessA("mxAuthDisc.bat", "", lpProcessAttributes,
|
|
|
|
|
lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
|
|
|
|
|
lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
|
|
|
|
|
|
2022-12-24 03:04:04 +00:00
|
|
|
HANDLE fake_evt = CreateEvent(NULL, TRUE, FALSE, NULL);
|
|
|
|
|
SetEvent(fake_evt);
|
|
|
|
|
|
|
|
|
|
if (lpProcessInformation) {
|
|
|
|
|
lpProcessInformation->hProcess = fake_evt;
|
|
|
|
|
}
|
2023-02-14 07:09:08 +00:00
|
|
|
return TRUE;
|
2022-12-24 03:04:04 +00:00
|
|
|
}
|
2022-10-30 17:33:02 +00:00
|
|
|
BOOL WINAPI FakeCreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
|
|
|
|
|
LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
|
|
|
LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles,
|
|
|
|
|
DWORD dwCreationFlags, LPVOID lpEnvironment,
|
|
|
|
|
LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo,
|
|
|
|
|
LPPROCESS_INFORMATION lpProcessInformation) {
|
2022-12-24 03:04:04 +00:00
|
|
|
// #ifdef DISABLE_PROC_SPAWNING
|
|
|
|
|
// log_error("spawn", "CreateProcessW %ls %ls", lpApplicationName, lpCommandLine);
|
|
|
|
|
// return FALSE;
|
|
|
|
|
// #else
|
2023-02-10 04:22:16 +00:00
|
|
|
log_info("spawn", "CreateProcessW %ls %ls", lpApplicationName, lpCommandLine);
|
2023-01-21 18:51:13 +00:00
|
|
|
|
2023-02-10 04:22:16 +00:00
|
|
|
// log_info("spawn", "CreateProcessW %ls", lpApplicationName);
|
|
|
|
|
|
|
|
|
|
// lpProcessInformation->hThread = GetDummyHandle();
|
|
|
|
|
// return TRUE;
|
2022-10-30 17:33:02 +00:00
|
|
|
|
|
|
|
|
CHAR applicationName[MAX_PATH + 1];
|
|
|
|
|
WideCharToMultiByte(CP_ACP, 0, lpApplicationName, -1, applicationName, sizeof applicationName,
|
|
|
|
|
NULL, NULL);
|
|
|
|
|
|
|
|
|
|
HANDLE child;
|
2023-02-10 04:22:16 +00:00
|
|
|
CHAR commandLine[MAX_PATH + 1];
|
|
|
|
|
WCHAR commandLineW[MAX_PATH + 1];
|
|
|
|
|
WCHAR micePathW[MAX_PATH + 1];
|
|
|
|
|
GetModuleFileNameW(NULL, micePathW, MAX_PATH);
|
|
|
|
|
|
|
|
|
|
HANDLE fake_evt = CreateEvent(NULL, TRUE, FALSE, NULL);
|
|
|
|
|
SetEvent(fake_evt);
|
|
|
|
|
|
|
|
|
|
if (lpProcessInformation) {
|
|
|
|
|
lpProcessInformation->hProcess = fake_evt;
|
|
|
|
|
lpProcessInformation->hThread = GetDummyHandle();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
2022-10-30 17:33:02 +00:00
|
|
|
if (lpCommandLine != NULL) {
|
2023-02-10 04:22:16 +00:00
|
|
|
log_error("process", "!!");
|
|
|
|
|
return FALSE;
|
|
|
|
|
// WideCharToMultiByte(CP_ACP, 0, lpCommandLine, -1, commandLine, sizeof commandLine, NULL,
|
|
|
|
|
// NULL);
|
|
|
|
|
// child = start_and_inject(applicationName, commandLine, MICELIB, false, 0, NULL,
|
|
|
|
|
// CREATE_NEW_CONSOLE);
|
2022-10-30 17:33:02 +00:00
|
|
|
} else {
|
2023-02-10 04:22:16 +00:00
|
|
|
dwCreationFlags |= CREATE_NEW_CONSOLE;
|
2023-02-10 04:50:07 +00:00
|
|
|
wsprintfW(commandLineW, L"mice -b %ls", lpApplicationName);
|
2023-02-10 04:22:16 +00:00
|
|
|
printf("%ls %ls\n", micePathW, commandLineW);
|
|
|
|
|
BOOL ret =
|
2023-02-10 04:50:07 +00:00
|
|
|
TrueCreateProcessW(L"mice.cmd", commandLineW, lpProcessAttributes, lpThreadAttributes,
|
2023-02-10 04:22:16 +00:00
|
|
|
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory,
|
|
|
|
|
lpStartupInfo, lpProcessInformation);
|
|
|
|
|
printf("%d\n", ret);
|
|
|
|
|
return ret;
|
|
|
|
|
// CHAR commandLine[]
|
|
|
|
|
// child =
|
|
|
|
|
// start_and_inject(applicationName, NULL, MICELIB, false, 0, NULL, CREATE_NEW_CONSOLE);
|
2022-10-30 17:33:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return !FAILED(child);
|
2022-12-24 03:04:04 +00:00
|
|
|
// #endif
|
2022-10-30 17:33:02 +00:00
|
|
|
}
|
|
|
|
|
|
2023-02-10 04:22:16 +00:00
|
|
|
BOOL WINAPI FakeGetExitCodeProcess(HANDLE hProcess, LPDWORD lpExitCode) {
|
|
|
|
|
*lpExitCode = 0;
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-30 17:33:02 +00:00
|
|
|
void hook_processes() {
|
2023-02-10 04:22:16 +00:00
|
|
|
hook("Kernel32.dll", "CreateProcessW", FakeCreateProcessW, (void**)&TrueCreateProcessW);
|
|
|
|
|
hook("Kernel32.dll", "CreateProcessA", FakeCreateProcessA, (void**)&TrueCreateProcessA);
|
2023-02-14 07:09:08 +00:00
|
|
|
// hook("Kernel32.dll", "GetExitCodeProcess", FakeGetExitCodeProcess, NULL);
|
2022-10-30 17:33:02 +00:00
|
|
|
}
|
