add cert, dns and netenv hooks back
This commit is contained in:
parent
3df21a749e
commit
05d337c499
9
dist/siva/start.bat
vendored
9
dist/siva/start.bat
vendored
@ -0,0 +1,9 @@
|
|||||||
|
@echo off
|
||||||
|
|
||||||
|
pushd %~dp0
|
||||||
|
|
||||||
|
inject.exe -d -k sivahook.dll game.exe
|
||||||
|
|
||||||
|
echo.
|
||||||
|
echo The game process has terminated
|
||||||
|
pause
|
5
dist/siva/taitools.ini
vendored
5
dist/siva/taitools.ini
vendored
@ -0,0 +1,5 @@
|
|||||||
|
[vfs]
|
||||||
|
d_drive=d_drive
|
||||||
|
|
||||||
|
[netenv]
|
||||||
|
enable=1
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <windns.h>
|
#include <windns.h>
|
||||||
|
#include <winhttp.h>
|
||||||
#include <ws2tcpip.h>
|
#include <ws2tcpip.h>
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
@ -13,6 +14,7 @@
|
|||||||
#include "hook/table.h"
|
#include "hook/table.h"
|
||||||
|
|
||||||
#include "hooklib/dns.h"
|
#include "hooklib/dns.h"
|
||||||
|
#include "util/dprintf.h"
|
||||||
|
|
||||||
/* Latest w32headers does not include DnsQueryEx, so we'll have to "polyfill"
|
/* Latest w32headers does not include DnsQueryEx, so we'll have to "polyfill"
|
||||||
its associated data types here for the time being.
|
its associated data types here for the time being.
|
||||||
@ -66,6 +68,12 @@ static int WSAAPI hook_getaddrinfo(
|
|||||||
const ADDRINFOA *pHints,
|
const ADDRINFOA *pHints,
|
||||||
ADDRINFOA **ppResult);
|
ADDRINFOA **ppResult);
|
||||||
|
|
||||||
|
static WINHTTPAPI BOOL hook_WinHttpCrackUrl(
|
||||||
|
LPCWSTR pwszUrl,
|
||||||
|
DWORD dwUrlLength,
|
||||||
|
DWORD dwFlags,
|
||||||
|
LPURL_COMPONENTS lpUrlComponents);
|
||||||
|
|
||||||
/* Link pointers */
|
/* Link pointers */
|
||||||
|
|
||||||
static DNS_STATUS (WINAPI *next_DnsQuery_A)(
|
static DNS_STATUS (WINAPI *next_DnsQuery_A)(
|
||||||
@ -95,6 +103,12 @@ static int (WSAAPI *next_getaddrinfo)(
|
|||||||
const ADDRINFOA *pHints,
|
const ADDRINFOA *pHints,
|
||||||
ADDRINFOA **ppResult);
|
ADDRINFOA **ppResult);
|
||||||
|
|
||||||
|
static WINHTTPAPI BOOL (*next_WinHttpCrackUrl)(
|
||||||
|
LPCWSTR pwszUrl,
|
||||||
|
DWORD dwUrlLength,
|
||||||
|
DWORD dwFlags,
|
||||||
|
LPURL_COMPONENTS lpUrlComponents);
|
||||||
|
|
||||||
static const struct hook_symbol dns_hook_syms_dnsapi[] = {
|
static const struct hook_symbol dns_hook_syms_dnsapi[] = {
|
||||||
{
|
{
|
||||||
.name = "DnsQuery_A",
|
.name = "DnsQuery_A",
|
||||||
@ -120,6 +134,14 @@ static const struct hook_symbol dns_hook_syms_ws2[] = {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const struct hook_symbol dns_hook_syms_winhttp[] = {
|
||||||
|
{
|
||||||
|
.name = "WinHttpCrackUrl",
|
||||||
|
.patch = hook_WinHttpCrackUrl,
|
||||||
|
.link = (void **) &next_WinHttpCrackUrl,
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
static bool dns_hook_initted;
|
static bool dns_hook_initted;
|
||||||
static CRITICAL_SECTION dns_hook_lock;
|
static CRITICAL_SECTION dns_hook_lock;
|
||||||
static struct dns_hook_entry *dns_hook_entries;
|
static struct dns_hook_entry *dns_hook_entries;
|
||||||
@ -131,17 +153,26 @@ static void dns_hook_init(void)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dns_hook_apply_hooks(NULL);
|
||||||
dns_hook_initted = true;
|
dns_hook_initted = true;
|
||||||
InitializeCriticalSection(&dns_hook_lock);
|
InitializeCriticalSection(&dns_hook_lock);
|
||||||
|
}
|
||||||
|
|
||||||
|
void dns_hook_apply_hooks(HMODULE target) {
|
||||||
hook_table_apply(
|
hook_table_apply(
|
||||||
NULL,
|
target,
|
||||||
"dnsapi.dll",
|
"dnsapi.dll",
|
||||||
dns_hook_syms_dnsapi,
|
dns_hook_syms_dnsapi,
|
||||||
_countof(dns_hook_syms_dnsapi));
|
_countof(dns_hook_syms_dnsapi));
|
||||||
|
|
||||||
hook_table_apply(
|
hook_table_apply(
|
||||||
NULL,
|
target,
|
||||||
|
"winhttp.dll",
|
||||||
|
dns_hook_syms_winhttp,
|
||||||
|
_countof(dns_hook_syms_winhttp));
|
||||||
|
|
||||||
|
hook_table_apply(
|
||||||
|
target,
|
||||||
"ws2_32.dll",
|
"ws2_32.dll",
|
||||||
dns_hook_syms_ws2,
|
dns_hook_syms_ws2,
|
||||||
_countof(dns_hook_syms_ws2));
|
_countof(dns_hook_syms_ws2));
|
||||||
@ -460,3 +491,42 @@ end:
|
|||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static WINHTTPAPI BOOL hook_WinHttpCrackUrl(
|
||||||
|
LPCWSTR pwszUrl,
|
||||||
|
DWORD dwUrlLength,
|
||||||
|
DWORD dwFlags,
|
||||||
|
LPURL_COMPONENTS lpUrlComponents)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
const struct dns_hook_entry *pos;
|
||||||
|
wchar_t bfr[1024] = {0};
|
||||||
|
if (!next_WinHttpCrackUrl(pwszUrl, dwUrlLength, dwFlags, lpUrlComponents)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
dprintf("DNS: crack URL %S\n", lpUrlComponents->lpszHostName);
|
||||||
|
|
||||||
|
EnterCriticalSection(&dns_hook_lock);
|
||||||
|
|
||||||
|
for (i = 0 ; i < dns_hook_nentries ; i++) {
|
||||||
|
pos = &dns_hook_entries[i];
|
||||||
|
if (_wcsnicmp(lpUrlComponents->lpszHostName, pos->from, wcslen(pos->from)) == 0) {
|
||||||
|
wchar_t *path = wcsstr(lpUrlComponents->lpszHostName, L"/");
|
||||||
|
|
||||||
|
if (path == NULL){
|
||||||
|
lpUrlComponents->lpszHostName = pos->to;
|
||||||
|
lpUrlComponents->dwHostNameLength = wcslen(pos->to);
|
||||||
|
} else {
|
||||||
|
wcscat_s(bfr, _countof(bfr), pos->to);
|
||||||
|
wcscat_s(bfr, _countof(bfr), path);
|
||||||
|
lpUrlComponents->lpszHostName = bfr;
|
||||||
|
lpUrlComponents->dwHostNameLength = wcslen(bfr);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
LeaveCriticalSection(&dns_hook_lock);
|
||||||
|
return true;
|
||||||
|
}
|
@ -7,3 +7,4 @@
|
|||||||
// if to_src is NULL, all lookups for from_src will fail
|
// if to_src is NULL, all lookups for from_src will fail
|
||||||
HRESULT dns_hook_push(const wchar_t *from_src, const wchar_t *to_src);
|
HRESULT dns_hook_push(const wchar_t *from_src, const wchar_t *to_src);
|
||||||
|
|
||||||
|
void dns_hook_apply_hooks(HMODULE target);
|
||||||
|
@ -82,25 +82,38 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
|||||||
PCCERT_CONTEXT pPrevCertContext
|
PCCERT_CONTEXT pPrevCertContext
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
uint8_t bfr[4096] = {0};
|
char bfr[4096] = {0};
|
||||||
|
uint8_t bfr_decode[4096] = {0};
|
||||||
|
DWORD pcbBinary = 4096;
|
||||||
wchar_t cert_path[MAX_PATH] = {0};
|
wchar_t cert_path[MAX_PATH] = {0};
|
||||||
DWORD num_read = 0;
|
DWORD num_read = 0;
|
||||||
|
PCCERT_CONTEXT cert_ctx = NULL;
|
||||||
|
|
||||||
if (dwFindType == CERT_FIND_ISSUER_STR || dwFindType == CERT_FIND_SUBJECT_STR) {
|
if (dwFindType == CERT_FIND_ISSUER_STR || dwFindType == CERT_FIND_SUBJECT_STR) {
|
||||||
wcscat_s(cert_path, _countof(cert_path), path);
|
wcscat_s(cert_path, _countof(cert_path), path);
|
||||||
wcscat_s(cert_path, _countof(cert_path), L"/");
|
wcscat_s(cert_path, _countof(cert_path), L"/");
|
||||||
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
||||||
|
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
||||||
|
|
||||||
dprintf("Cert: Look for override cert at %S\n", cert_path);
|
dprintf("Cert: Look for override cert at %S\n", cert_path);
|
||||||
|
|
||||||
HANDLE f = CreateFileW((LPCWSTR)pvFindPara, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
|
||||||
if (f != INVALID_HANDLE_VALUE) {
|
if (f != INVALID_HANDLE_VALUE) {
|
||||||
|
dprintf("Cert: Read file %S\n", cert_path);
|
||||||
ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
|
ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
|
||||||
CloseHandle(f);
|
CloseHandle(f);
|
||||||
|
|
||||||
if (bfr[0]) {
|
if (bfr[0]) {
|
||||||
return CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, bfr, num_read);
|
dprintf("Cert: Override %S\n", cert_path);
|
||||||
|
if (CryptStringToBinary(bfr, 0, CRYPT_STRING_BASE64X509CRLHEADER, bfr_decode, &pcbBinary, NULL, NULL)) {
|
||||||
|
cert_ctx = CertCreateCertificateContext(X509_ASN_ENCODING, bfr_decode, num_read);
|
||||||
|
if (cert_ctx != NULL) {
|
||||||
|
return cert_ctx;
|
||||||
|
}
|
||||||
|
dprintf("Cert: Override FAIL %08X\n", (int)GetLastError());
|
||||||
|
}
|
||||||
|
dprintf("Cert: CryptStringToBinary FAIL %08X\n", (int)GetLastError());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -154,13 +154,16 @@ HRESULT netenv_hook_init(
|
|||||||
netenv_ip_router = kc_cfg->subnet | cfg->router_suffix;
|
netenv_ip_router = kc_cfg->subnet | cfg->router_suffix;
|
||||||
memcpy(netenv_mac_addr, cfg->mac_addr, sizeof(netenv_mac_addr));
|
memcpy(netenv_mac_addr, cfg->mac_addr, sizeof(netenv_mac_addr));
|
||||||
|
|
||||||
|
netenv_hook_apply(NULL);
|
||||||
|
return S_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
void netenv_hook_apply(HMODULE target) {
|
||||||
hook_table_apply(
|
hook_table_apply(
|
||||||
NULL,
|
target,
|
||||||
"iphlpapi.dll",
|
"iphlpapi.dll",
|
||||||
netenv_hook_syms,
|
netenv_hook_syms,
|
||||||
_countof(netenv_hook_syms));
|
_countof(netenv_hook_syms));
|
||||||
|
|
||||||
return S_OK;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static uint32_t WINAPI hook_GetAdaptersAddresses(
|
static uint32_t WINAPI hook_GetAdaptersAddresses(
|
||||||
|
@ -17,4 +17,4 @@ struct netenv_config {
|
|||||||
HRESULT netenv_hook_init(
|
HRESULT netenv_hook_init(
|
||||||
const struct netenv_config *cfg,
|
const struct netenv_config *cfg,
|
||||||
const struct ttxsec_config *kc_cfg);
|
const struct ttxsec_config *kc_cfg);
|
||||||
|
void netenv_hook_apply(HMODULE target);
|
||||||
|
@ -9,10 +9,12 @@
|
|||||||
#include "hooklib/path.h"
|
#include "hooklib/path.h"
|
||||||
#include "hooklib/serial.h"
|
#include "hooklib/serial.h"
|
||||||
#include "hooklib/createprocess.h"
|
#include "hooklib/createprocess.h"
|
||||||
|
#include "hooklib/dns.h"
|
||||||
#include "hooklib/reg.h"
|
#include "hooklib/reg.h"
|
||||||
#include "hook/procaddr.h"
|
#include "hook/procaddr.h"
|
||||||
|
|
||||||
#include "platform/cert.h"
|
#include "platform/cert.h"
|
||||||
|
#include "platform/netenv.h"
|
||||||
|
|
||||||
#include "util/dprintf.h"
|
#include "util/dprintf.h"
|
||||||
|
|
||||||
@ -109,6 +111,8 @@ static HMODULE WINAPI my_LoadLibraryW(const wchar_t *name)
|
|||||||
proc_addr_insert_hooks(result);
|
proc_addr_insert_hooks(result);
|
||||||
cert_hook_insert_hooks(result);
|
cert_hook_insert_hooks(result);
|
||||||
createprocess_hook_insert_hook(result);
|
createprocess_hook_insert_hook(result);
|
||||||
|
dns_hook_apply_hooks(result);
|
||||||
|
netenv_hook_apply(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (size_t i = 0; i < dep_hooks_len; i++) {
|
for (size_t i = 0; i < dep_hooks_len; i++) {
|
||||||
|
Loading…
Reference in New Issue
Block a user