guus
/
reman3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
reman3/Rayman_X/cpa/tempgrp/PTC/PTC.c

1308 lines
40 KiB
C
Raw Permalink Blame History

/////////////////////////////////////////////////////
//
// Version 1.0 :
//
//////////////////////////////////////////////////
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
//#include "PeImpExp.h"
#include "PEInline.h"
#include "PTC.h"
#include "PTC_abc.h"
#ifdef PTC_SYSTEM_ACTIVED // {
//////////////////////////////////////////////////
// Global Variables Declarations
//////////////////////////////////////////////////
char PTC_ga_cGeneratedCode[PTC_C_CODESIZE];
long PTC_g_lCurrentRandom;
long PTC_g_lProtectError;
DWORD *PTC_ga_dwLinkedDLLImageBase;
BOOL PTC_g_bNTSystem;
DWORD PTC_g_dwLinkedDLLNumber;
DWORD PTC_g_dwImportedFunctionsNumber;
DWORD PTC_gs_dwOldPageProtection;
char PTC_ga_szLinkedDLLName[][PTC_C_NAMESIZE] =
{
PTC_C_Kernel32_dllName ,
PTC_C_User32_dllName ,
PTC_C_PSAPI_dllName ,
PTC_C_ADVAPI32_dllName ,
PTC_C_GDI32_dllName ,
PTC_C_VERSION_dllName ,
PTC_C_WINMM_dllName ,
""
};
PTC_tdstImportedFunction PTC_ga_stImportedFunctions[] =
{
/* Name , dwAddress , lOwnerDLLIndex , lOtherDLLIndex */
#if defined(UNICODE)
PTC_C_GetModuleHandleWName , 0L , 0 , 1 , 6 , 0 , 0 , 0 , /* 0 */
#else
PTC_C_GetModuleHandleAName , 0L , 0 , 1 , 6 , 0 , 0 , 0 , /* 0 */
#endif
PTC_C_FlushInstructionCacheName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_GetCurrentProcessName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_QueryPerformanceFrequencyName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
#if defined(UNICODE)
PTC_C_OpenEventWName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_CreateEventWName , 0L , 0 , 0 , 0 , 0 , 0 , 0 , /* 5 */
#else
PTC_C_OpenEventAName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_CreateEventAName , 0L , 0 , 0 , 0 , 0 , 0 , 0 , /* 5 */
#endif
PTC_C_ResetEventName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_SetEventName , 0L , 0 , 1 , 0 , 0 , 0 , 0 ,
#if defined(UNICODE)
PTC_C_CreateFileWName, 0L , 0 , 1 , 6 , 3 , 5 , 0 ,
#else
PTC_C_CreateFileAName, 0L , 0 , 1 , 6 , 3 , 5 , 0 ,
#endif
PTC_C_WriteFileName, 0L , 0 , 3 , 4 , 0 , 0 , 0 ,
PTC_C_ReadFileName, 0L , 0 , 3 , 0 , 0 , 0 , 0 , /* 10 */
PTC_C_CloseHandleName, 0L , 0 , 1 , 5 , 3 , 4 , 6 ,
PTC_C_SetFilePointerName, 0L , 0 , 4 , 0 , 0 , 0 , 0 ,
PTC_C_FlushFileBufferName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_QueryPerformanceCounterName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
#if defined(UNICODE)
PTC_C_GetDriveTypeWName , 0L , 0 , 4 , 0 , 0 , 0 , 0 , /* 15 */
PTC_C_GetVolumeInformationWName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_GetLogicalDriveStringsWName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
#else
PTC_C_GetDriveTypeAName , 0L , 0 , 4 , 0 , 0 , 0 , 0 , /* 15 */
PTC_C_GetVolumeInformationAName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_GetLogicalDriveStringsAName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
#endif
PTC_C_GetFileSizeName , 0L , 0 , 3 , 1 , 6 , 5 , 0 ,
PTC_C_CreateToolhelp32SnapshotName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_Process32FirstName , 0L , 0 , 0 , 0 , 0 , 0 , 0 , /* 20 */
PTC_C_Process32NextName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_Module32FirstName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_Module32NextName , 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_EnumProcessesName , 0L , 2 , 2 , 0 , 0 , 0 , 0 ,
PTC_C_EnumProcessModulesName , 0L , 2 , 2 , 0 , 0 , 0 , 0 , /* 25 */
#if defined(UNICODE)
PTC_C_LoadLibraryWName , 0L , 0 , 3 , 4 , 1 , 6 , 0 ,
#else
PTC_C_LoadLibraryAName , 0L , 0 , 3 , 4 , 1 , 6 , 0 ,
#endif
PTC_C_FreeLibraryName , 0L , 0 , 4 , 1 , 6 , 5 , 3 ,
/* ANNECY OA - 21/07/99 { */
#if defined(UNICODE)
PTC_C_GetDiskFreeSpaceWName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_SetFileAttributsWName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_GetFileAttributsWName, 0L , 0 , 6 , 5 , 3 , 0 , 0 , /* 30 */
#else
PTC_C_GetDiskFreeSpaceAName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_SetFileAttributsAName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_GetFileAttributsAName, 0L , 0 , 6 , 3 , 5 , 0 , 0 , /* 30 */
#endif
PTC_C_GetFileInformationByHandleName, 0L , 0 , 0 , 0 , 0 , 0 , 0 ,
PTC_C_SetErrorModeName, 0L , 0 , 3 , 6 , 0 , 0 , 0 ,
PTC_C_SetFileTimeName, 0L , 0 , 6 , 1 , 5 , 0 , 0 ,
PTC_C_GetFileTimeName, 0L , 0 , 6 , 3 , 5 , 1 , 0 ,
/* END ANNECY OA } */
"" , 0L , 0 , 0 , 0 , 0 , 0 , 0 /* 35 */
};
//////////////////////////////////////////////////
//////////////////////////////////////////////////
DWORD PTC_g_dwBeginLabelAddress[PTC_C_ChecksumTableSize];
DWORD PTC_g_dwEndLabelAddress[PTC_C_ChecksumTableSize];
BOOL PTC_g_bTakeAddresses;
DWORD PTC_g_dwChecksum[PTC_C_ChecksumTableSize];
DWORD PTC_g_dwBeginLabelAddressDelete[PTC_C_ChecksumTableSize];
DWORD PTC_g_dwEndLabelAddressDelete[PTC_C_ChecksumTableSize];
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
#define PTC_M_bCanObtainFunctionWithAnotherDLL(lIndex)\
((PTC_ga_stImportedFunctions [lIndex] . lOwnerDLLIndex != PTC_ga_stImportedFunctions [lIndex] . lOtherDLLIndex[0]) &&\
(PTC_ga_dwLinkedDLLImageBase [PTC_ga_stImportedFunctions [lIndex] . lOtherDLLIndex[0]] != 0))
//////////////////////////////////////////////////
// Internal Functions
//////////////////////////////////////////////////
char *PTC_fn_szGetFunctionExplicitName (long _lIndex);
char *PTC_fn_szGetDLLExplicitName(long _lIndex);
DWORD dwGetAddressOfFunctionInAnotherDLL (char *szDll,char *szFunc);
void PTC_fn_vGetGetModuleHandleA (BOOL _bFirstTime);
void PTC_fn_vGetOneLinkedDLLImageBase(long _iIndex , BOOL _bFirstTime);
void PTC_fn_vGetOneSystemFunctionPtr (long _iIndex , BOOL _bFirstTime);
void PTC_fn_vGetAllSystemFunctionsPtr(BOOL _bFirstTime);
void PTC_fn_vGetAllLinkedDLLImageBase(BOOL _bFirstTime);
HMODULE PTC_fn_hGetKernel32Handle();
HMODULE PTC_fn_hScanMemoryForKernel32(LPBYTE lpBuffer,int n,int step);
BOOL PTC_fn_bLookForKernel32(LPBYTE lpBuffer);
//////////////////////////////////////////////////////////////////////////////
// Return the Real Name of The function in PTC_ga_szImportedFunctionName array
// Used to uncode the name
//////////////////////////////////////////////////////////////////////////////
char PTC_g_szFunctionCurrentName[PTC_C_NAMESIZE];
char *PTC_fn_szGetFunctionExplicitName(long _lIndex)
{
return PTC_ga_stImportedFunctions [_lIndex] . szName;
}
char PTC_g_szDLLCurrentName[PTC_C_NAMESIZE];
char *PTC_fn_szGetDLLExplicitName(long _lIndex)
{
DWORD dwKey = *(DWORD*)(PTC_ga_szLinkedDLLName [_lIndex]);
unsigned char *p_ucCryptKey = (unsigned char*) &dwKey;
unsigned char cSize = (unsigned char)PTC_ga_szLinkedDLLName [_lIndex] [4];
char *p_cSource = PTC_ga_szLinkedDLLName [_lIndex] + 5;
char *p_cTarget = PTC_g_szDLLCurrentName;
unsigned char cCount;
for (cCount = 0 ; cCount < cSize ; cCount++ , p_cSource++ , p_cTarget++ )
{
*p_cTarget = (*p_cSource - p_ucCryptKey[0]) ^ p_ucCryptKey[1];
p_ucCryptKey[0] += p_ucCryptKey[2];
p_ucCryptKey[1] += p_ucCryptKey[3];
}
*p_cTarget = 0;
return PTC_g_szDLLCurrentName;
}
//////////////////////////////////////////////////
// return Absolute Address
//////////////////////////////////////////////////
DWORD PTC_dwGetAddressOfFunctionInAnotherDLL(long _lFunctionIndex)
{
DWORD dwIndexMax , dwIndex , dwAddressEntry , dwAddress;
dwIndexMax = 4;
while ( PTC_ga_stImportedFunctions [_lFunctionIndex] . lOtherDLLIndex [dwIndexMax] != PTC_ga_stImportedFunctions [_lFunctionIndex] . lOwnerDLLIndex) dwIndexMax--;
dwIndex = (DWORD)PTC_fn_lGetRandomRange (0 , dwIndexMax+1);
dwAddressEntry = dwGetImportedFunctionEntryFromImageBase (PTC_ga_dwLinkedDLLImageBase [PTC_ga_stImportedFunctions [_lFunctionIndex] . lOtherDLLIndex[dwIndex]] , PTC_fn_szGetFunctionExplicitName (_lFunctionIndex));
dwAddress = *((DWORD*) dwAddressEntry);
return (dwAddress);
}
//////////////////////////////////////////////////
// return OffSet Address
//////////////////////////////////////////////////
DWORD PTC_dwGetExportedFunctionEntryFromImageBase(long _lFunctionIndex)
{
DWORD dwImageBase = PTC_ga_dwLinkedDLLImageBase [PTC_ga_stImportedFunctions [_lFunctionIndex] . lOwnerDLLIndex];
DWORD dwPtr = dwGetExportedFunctionEntryFromImageBase (dwImageBase , PTC_fn_szGetFunctionExplicitName (_lFunctionIndex));
return(dwPtr);
}
//////////////////////////////////////////////////
// Get 'GetModuleHandle' Ptr in USER32.dll
//////////////////////////////////////////////////
void PTC_fn_vGetGetModuleHandleA(BOOL _bFirstTime)
{
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(8,PTC_fn_vGetGetModuleHandleA);
return;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_vGetGetModuleHandleA)
if (_bFirstTime)
{
DWORD dwAddressEntry , dwAddress , dwKey;
/*
HANDLE hDll = GetModuleHandle (PTC_fn_szGetDLLExplicitName(PTC_C_User32Index));
dwAddressEntry = dwGetImportedFunctionEntryFromImageBase ((DWORD) hDll , PTC_fn_szGetFunctionExplicitName(PTC_C_GetModuleHandleIndex));
dwAddress = *((DWORD*) dwAddressEntry);
*/
PTC_ga_dwLinkedDLLImageBase [PTC_C_Kernel32Index] = (DWORD)PTC_fn_hGetKernel32Handle();
dwAddressEntry = PTC_dwGetExportedFunctionEntryFromImageBase (PTC_C_GetModuleHandleIndex);
dwAddress = PTC_ga_dwLinkedDLLImageBase [PTC_C_Kernel32Index] + dwAddressEntry;
dwKey = *((DWORD*) PTC_ga_stImportedFunctions [PTC_C_GetModuleHandleIndex] . szName);
PTC_ga_stImportedFunctions [PTC_C_GetModuleHandleIndex] . dwAddress = dwAddress ^ dwKey;
}
else
{
DWORD dwPtr;
DWORD dwKey = *((DWORD*) PTC_ga_stImportedFunctions [PTC_C_GetModuleHandleIndex] . szName);
if (PTC_M_bCanObtainFunctionWithAnotherDLL(PTC_C_GetModuleHandleIndex))
{
dwPtr = PTC_dwGetAddressOfFunctionInAnotherDLL (PTC_C_GetModuleHandleIndex);
}
else
{
HANDLE hDll = GetModuleHandle (PTC_fn_szGetDLLExplicitName(PTC_C_User32Index));
DWORD dwAddressEntry = dwGetImportedFunctionEntryFromImageBase ((DWORD) hDll , PTC_fn_szGetFunctionExplicitName(PTC_C_GetModuleHandleIndex));
dwPtr = *((DWORD*) dwAddressEntry);
}
// Test if same as previous getting
if (dwPtr != PTC_ga_stImportedFunctions [PTC_C_GetModuleHandleIndex] . dwAddress)
{
PTC_g_lProtectError = 1; // GetModuleHandle Ptr has changed
}
PTC_ga_stImportedFunctions [PTC_C_GetModuleHandleIndex] . dwAddress = dwPtr ^ dwKey;
}
PTC_M_DeclareEndLabel(PTC_fn_vGetGetModuleHandleA);
}
//////////////////////////////////////////////////
// Get a DLL ImageBase
//////////////////////////////////////////////////
void PTC_fn_vGetOneLinkedDLLImageBase(long _iIndex , BOOL _bFirstTime)
{
DWORD dwPtr = (DWORD) PTC_DirectGetModuleHandle (PTC_fn_szGetDLLExplicitName (_iIndex));
if (! _bFirstTime && (dwPtr != PTC_ga_dwLinkedDLLImageBase [_iIndex]))
{
PTC_g_lProtectError = 1; // GetModuleHandle Ptr has changed
}
PTC_ga_dwLinkedDLLImageBase [_iIndex] = dwPtr;
}
//////////////////////////////////////////////////
// Get One System Function Ptr
//////////////////////////////////////////////////
void PTC_fn_vGetOneSystemFunctionPtr (long _iIndex , BOOL _bFirstTime)
{
DWORD dwPtr,dwImageBase;
DWORD dwKey = *((DWORD*) PTC_ga_stImportedFunctions [_iIndex] . szName);
dwImageBase = PTC_ga_dwLinkedDLLImageBase [PTC_ga_stImportedFunctions [_iIndex] . lOwnerDLLIndex];
if (dwImageBase == 0L)
{
PTC_ga_stImportedFunctions [_iIndex] . dwAddress = 0L;
return;
}
if (_bFirstTime)
{
dwPtr = PTC_dwGetExportedFunctionEntryFromImageBase (_iIndex);
dwPtr += (dwPtr ? dwImageBase : 0);
}
else
{
if (PTC_M_bCanObtainFunctionWithAnotherDLL(_iIndex))
{
dwPtr = PTC_dwGetAddressOfFunctionInAnotherDLL (_iIndex);
}
else
{
dwPtr = PTC_dwGetExportedFunctionEntryFromImageBase (_iIndex);
dwPtr += (dwPtr ? dwImageBase : 0);
}
// Test if same as previous getting
if (dwPtr != PTC_ga_stImportedFunctions [_iIndex] . dwAddress)
{
PTC_g_lProtectError = 1; // Function Ptr has changed
}
}
PTC_ga_stImportedFunctions [_iIndex] . dwAddress = (dwPtr ? dwPtr ^ dwKey : 0L);
}
//////////////////////////////////////////////////
// check for kernel32 presence
//////////////////////////////////////////////////
BOOL PTC_fn_bLookForKernel32(LPBYTE lpBuffer)
{
BOOL bRet=FALSE;
// MZ signature
if (*(USHORT *) lpBuffer == IMAGE_DOS_SIGNATURE)
{
// PE signature
if (*(DWORD *)NTSIGNATURE (lpBuffer) == IMAGE_NT_SIGNATURE)
{
// find dllname in export table
PIMAGE_OPTIONAL_HEADER pPEOptionalHeader=(PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpBuffer);
if (pPEOptionalHeader)
{
// RVA of export table
DWORD ExportRVA=pPEOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if (ExportRVA)
{
// pointer on export table
PIMAGE_EXPORT_DIRECTORY ped=(PIMAGE_EXPORT_DIRECTORY) &lpBuffer[ExportRVA];
if (ped)
{
// pointer on DLL name
DWORD *dwPtr=(DWORD*) &lpBuffer[ped->Name];
#define MASK1 0x20202020
#define MASK2 0x00002020
#define MASK3 0x20202000
#define MASK4 0x000000FF
// avoid a silly stricmp
if ( (dwPtr[0] & ~MASK1) == ('NREK') )
{
if ( (dwPtr[1] | MASK2) == ('23le') )
{
if ( (dwPtr[2] & ~MASK3) == ('LLD.') )
{
if ( (dwPtr[3] & MASK4)==0)
{
bRet=TRUE;
}
}
}
}
}
}
}
}
}
return(bRet);
}
//////////////////////////////////////////////////
// scan memory with exception handler to prevent from crashing
//////////////////////////////////////////////////
#include <excpt.h>
/* ASM version */
HMODULE PTC_fn_hScanMemoryForKernel32(LPBYTE lpBuffer,int n,int step)
{
HMODULE lAddress;
__asm
{
// jmp + push the seh routine address on the stack
call set_seh
// Exception handler routine
mov eax,[esp+0Ch]
push ebx
mov ebx,[eax.Edx] // offset A8h
sub [eax.Eax],ebx // offset B0h
dec dword ptr [eax.Ecx] // offset ACh
jnz continue_search
// end the search, put a valid address in eax
mov ebx,[eax.Esp] // offset C4h
mov [eax.Eax],ebx
continue_search:
pop ebx
mov eax,ExceptionContinueExecution
ret
set_seh:
push fs:[0]
mov fs:[0],esp
mov eax,[lpBuffer]
mov ecx,[n]
mov edx,[step]
try_once:
mov ebx,[eax]
or ecx,ecx
jz not_found
push eax
push edx
push ecx
push eax
call PTC_fn_bLookForKernel32
or eax,eax
pop eax
pop ecx
pop edx
pop eax
jnz found
sub eax,edx
dec ecx
jz not_found
jmp try_once
not_found:
xor eax,eax
found:
mov ebx,fs:[0]
mov ebx,[ebx]
mov fs:[0],ebx
mov [lAddress],eax
}
return lAddress;
}
//////////////////////////////////////////////////
//////////////////////////////////////////////////
HMODULE PTC_fn_hGetKernel32Handle()
{
static HMODULE hKernel32=0;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(7,PTC_fn_hGetKernel32Handle);
return NULL;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_hGetKernel32Handle)
if (!hKernel32)
{
LPBYTE lpBuffer=0;
// start scanning at 0x80000000 under NT at 0xC0000000 else
__asm
{
mov eax,dword ptr fs:[30h]
and eax,0x80000000 // NT detected if eax == 0
shr eax,1
add eax,0x80000000
mov dword ptr [lpBuffer],eax
}
hKernel32=PTC_fn_hScanMemoryForKernel32(lpBuffer,0x1000,0x10000); // it's fastest to scan the correct zone first
if (!hKernel32)
{
hKernel32=PTC_fn_hScanMemoryForKernel32((LPBYTE) 0xC0000000,0x1000,0x10000); // works under W9x
if (!hKernel32)
{
hKernel32=PTC_fn_hScanMemoryForKernel32((LPBYTE) 0x80000000,0x1000,0x10000); // works under WinNT
if (!hKernel32)
{
hKernel32=PTC_fn_hScanMemoryForKernel32((LPBYTE) 0x00000000,0xF000,-0x10000); // should not happened
}
}
}
}
return(hKernel32);
PTC_M_DeclareEndLabel(PTC_fn_hGetKernel32Handle);
}
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
////////////////////////////////////////////////////////
// Must be done after PTC_fn_vGetAllSystemFunctionsPtr()
// Is NT System or W95/W98 ????
////////////////////////////////////////////////////////
void PTC_fn_vUpdateCurrentSystem()
{
HANDLE hSnapshotProcess;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(6,PTC_fn_vUpdateCurrentSystem);
return;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_vUpdateCurrentSystem)
if ( PTC_ga_stImportedFunctions [PTC_C_CreateToolhelp32SnapshotIndex] . dwAddress == 0L ||
PTC_ga_stImportedFunctions [PTC_C_Process32FirstIndex] . dwAddress == 0L ||
PTC_ga_stImportedFunctions [PTC_C_Process32NextIndex] . dwAddress == 0L ||
PTC_ga_stImportedFunctions [PTC_C_Module32FirstIndex] . dwAddress == 0L ||
PTC_ga_stImportedFunctions [PTC_C_Module32NextIndex] . dwAddress == 0L)
{
// NT System
PTC_g_bNTSystem = TRUE;
// Load PSAPI.DLL
PTC_LoadLibrary (PTC_fn_szGetDLLExplicitName (PTC_C_PSAPIIndex));
// update array of DLL Image Base
PTC_fn_vGetOneLinkedDLLImageBase (PTC_C_PSAPIIndex , TRUE);
// update array of Functions Image Base
PTC_fn_vGetOneSystemFunctionPtr (PTC_C_EnumProcessesIndex , TRUE);
PTC_fn_vGetOneSystemFunctionPtr (PTC_C_EnumProcessModulesIndex , TRUE);
return;
}
// Create a ToolHelp32 snapshot containing the process list
hSnapshotProcess = PTC_CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if ( hSnapshotProcess == NULL )
{
PTC_g_bNTSystem = TRUE;
// Load PSAPI.DLL
PTC_LoadLibrary (PTC_fn_szGetDLLExplicitName (PTC_C_PSAPIIndex));
// update array of DLL Image Base
PTC_fn_vGetOneLinkedDLLImageBase (PTC_C_PSAPIIndex , TRUE);
// update array of Functions Image Base
PTC_fn_vGetOneSystemFunctionPtr (PTC_C_EnumProcessesIndex , TRUE);
PTC_fn_vGetOneSystemFunctionPtr (PTC_C_EnumProcessModulesIndex , TRUE);
return;
}
PTC_g_bNTSystem = FALSE;
PTC_M_DeclareEndLabel(PTC_fn_vUpdateCurrentSystem);
}
////////////////////////////////
// Uses PSAPI.dll
////////////////////////////////
#ifdef _DEBUG
typedef DWORD (WINAPI * PFNGETMODULEFILENAMEEXA)(HANDLE hProcess,HMODULE hModule,LPSTR lpFilename,DWORD nSize);
#endif
DWORD PTC_fn_dwGetRandomDLLImageBaseOnNT()
{
HANDLE hProcess;
DWORD cbNeeded;
HMODULE hModuleArray[1024];
DWORD dwModuleSelected;
DWORD nModules;
#ifdef _DEBUG
PFNGETMODULEFILENAMEEXA pfnGetModuleFileNameExA = (PFNGETMODULEFILENAMEEXA) GetProcAddress ((HMODULE)PTC_ga_dwLinkedDLLImageBase [PTC_C_PSAPIIndex], "GetModuleFileNameExA");
char szModuleName[255];
#endif
hProcess = PTC_GetCurrentProcess ();
// Count number of modules
if ( !PTC_EnumProcessModules(hProcess, hModuleArray, sizeof(hModuleArray), &cbNeeded ) )
{
return(0L);
}
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
if (nModules == 1) // strange, the process uses no DLL !!!!!!!!!!!!!!
{
return 0L;
}
// choose one
dwModuleSelected = PTC_fn_lGetRandomRange (0 , nModules - 1) + 1; // the first module is the process itself
#ifdef _DEBUG
pfnGetModuleFileNameExA(hProcess, hModuleArray [dwModuleSelected], szModuleName, sizeof(szModuleName) );
#endif
return (DWORD)hModuleArray [dwModuleSelected];
}
DWORD PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT(char *_szCryptedName)
{
HANDLE hProcess;
DWORD cbNeeded;
HMODULE hModuleArray[1024];
DWORD nModules;
DWORD dwIndex;
DWORD dwResult = 0;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(4,PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT);
return 0L;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT)
hProcess = PTC_GetCurrentProcess ();
// Count number of modules
if ( !PTC_EnumProcessModules(hProcess, hModuleArray, sizeof(hModuleArray), &cbNeeded ) )
{
return(0L);
}
// Calculate number of modules in the process
nModules = cbNeeded / sizeof(hModuleArray[0]);
if (nModules == 1) // strange, the process uses no DLL !!!!!!!!!!!!!!
{
return 0L;
}
for(dwIndex = 0 ; dwIndex < nModules ; dwIndex++)
{
DWORD dwAddress = dwGetExportedFunctionEntryFromImageBase ((DWORD)hModuleArray [dwIndex] , _szCryptedName);
if (dwAddress) dwResult++;
}
return dwResult;
PTC_M_DeclareEndLabel(PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT);
}
////////////////////////////////
// Uses CreateToolhelp32 function
////////////////////////////////
DWORD PTC_fn_dwGetRandomDLLImageBaseOnW95W98()
{
HANDLE hSnapshotModule;
MODULEENTRY32 modEntry;
BOOL fModWalkContinue;
DWORD dwNbModule, dwModuleIndex;
hSnapshotModule = PTC_CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, 0 ); // current process only
modEntry.dwSize = sizeof(MODULEENTRY32);
for (fModWalkContinue = PTC_Module32First(hSnapshotModule,&modEntry) , dwNbModule = 0;
fModWalkContinue;
fModWalkContinue = PTC_Module32Next(hSnapshotModule,&modEntry) , dwNbModule++ );
// choose one
dwModuleIndex = PTC_fn_lGetRandomRange (0 , dwNbModule-1) + 1; // the first module is the process itself
// get selected module
dwNbModule = 0;
fModWalkContinue = PTC_Module32First(hSnapshotModule,&modEntry);
while (dwNbModule != dwModuleIndex)
{
fModWalkContinue = PTC_Module32Next(hSnapshotModule,&modEntry);
}
// close handle
PTC_CloseHandle (hSnapshotModule);
return (DWORD)modEntry.hModule;
}
DWORD PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98(char *_szCryptedName)
{
HANDLE hSnapshotModule;
MODULEENTRY32 modEntry;
BOOL fModWalkContinue;
DWORD dwNbModule;
DWORD dwResult = 0;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(5,PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98);
return 0L;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98)
hSnapshotModule = PTC_CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, 0 ); // current process only
modEntry.dwSize = sizeof(MODULEENTRY32);
for (fModWalkContinue = PTC_Module32First(hSnapshotModule,&modEntry) , dwNbModule = 0;
fModWalkContinue;
fModWalkContinue = PTC_Module32Next(hSnapshotModule,&modEntry) , dwNbModule++ )
{
DWORD dwAddress = dwGetExportedFunctionEntryFromImageBase ((DWORD)modEntry.hModule , _szCryptedName);
if (dwAddress) dwResult++;
}
// close handle
PTC_CloseHandle (hSnapshotModule);
return dwResult;
PTC_M_DeclareEndLabel(PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98);
}
//////////////////////////////////////////////////
//////////////////////////////////////////////////
DWORD PTC_fn_dwSearchFunctionInImportedTableOfExe(char *_szCryptedName)
{
DWORD dwResult,dwAddress;
DWORD dwKey = *((DWORD*) _szCryptedName);
PTC_tdstImportedFunction *p_stIF = (PTC_tdstImportedFunction *) PTC_ga_stImportedFunctions;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(9,PTC_fn_dwSearchFunctionInImportedTableOfExe);
return 0L;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_dwSearchFunctionInImportedTableOfExe)
dwResult = dwGetImportedFunctionEntryFromImageBase ((DWORD)PTC_GetModuleHandle(NULL) , _szCryptedName);
dwAddress = (dwResult ? *((DWORD*) dwResult) : 0L);
if (dwAddress)
{
while (*(p_stIF -> szName) && (strcmp(p_stIF -> szName,_szCryptedName))) p_stIF++;
if(*(p_stIF -> szName))
{
return (dwAddress - (p_stIF -> dwAddress ^ dwKey));
}
}
return (0L);
PTC_M_DeclareEndLabel(PTC_fn_dwSearchFunctionInImportedTableOfExe);
}
//////////////////////////////////////////////////
// Get All System Functions Ptr
//////////////////////////////////////////////////
void PTC_fn_vGetAllSystemFunctionsPtr(BOOL _bFirstTime)
{
DWORD dwIndex;
for (dwIndex = 1 ; dwIndex < PTC_g_dwImportedFunctionsNumber ; dwIndex++)
{
PTC_fn_vGetOneSystemFunctionPtr (dwIndex , _bFirstTime);
}
}
//////////////////////////////////////////////////
// Get all Linked ImageBase
//////////////////////////////////////////////////
void PTC_fn_vGetAllLinkedDLLImageBase(BOOL _bFirstTime)
{
DWORD dwIndex;
for (dwIndex = 0 ; dwIndex < PTC_g_dwLinkedDLLNumber ; dwIndex++)
{
PTC_fn_vGetOneLinkedDLLImageBase (dwIndex , _bFirstTime);
}
}
//////////////////////////////////////////////////
// Return ...
//////////////////////////////////////////////////
DWORD PTC_fn_dwGetRandomDLLImageBase()
{
if (PTC_g_bNTSystem)
return PTC_fn_dwGetRandomDLLImageBaseOnNT ();
else
return PTC_fn_dwGetRandomDLLImageBaseOnW95W98 ();
return 0L;
}
//////////////////////////////////////////////////
// Return ...
//////////////////////////////////////////////////
DWORD PTC_fn_dwSearchExportedFunctionInEveryDLL(char *_szCryptedName)
{
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(3,PTC_fn_dwSearchExportedFunctionInEveryDLL);
return 0L;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_dwSearchExportedFunctionInEveryDLL)
if (PTC_g_bNTSystem)
return PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT (_szCryptedName);
else
return PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98 (_szCryptedName);
return 0L;
PTC_M_DeclareEndLabel(PTC_fn_dwSearchExportedFunctionInEveryDLL);
}
//////////////////////////////////////////////////
// Fill
//////////////////////////////////////////////////
__inline void PTC_fn_vInitOneVariable (void *p_vAddr , DWORD dwSizeInByte)
{
long lSize = dwSizeInByte / 4;
long lIndex;
long *p_lValue = (long*)p_vAddr;
for (lIndex = 0 ; lIndex < lSize ; lIndex++ , p_lValue++)
{
*p_lValue = PTC_fn_lGetRandom ();
}
}
//////////////////////////////////////////////////
// Init Protections
//////////////////////////////////////////////////
void PTC_fn_vTest();
void PTC_fn_vInit(BOOL _bFirstTime)
{
LARGE_INTEGER xCounter;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionCheckSum(2,PTC_fn_vInit);
return;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_vInit)
// Init Random Sequence
if (QueryPerformanceCounter (&xCounter))
{
PTC_g_lCurrentRandom = xCounter.LowPart;
}
else
{
PTC_g_lCurrentRandom = 0x12345678;
}
// Fill Generated Code Buffer with random value
PTC_fn_vInitOneVariable ((void*)PTC_ga_cGeneratedCode , PTC_C_CODESIZE);
//VirtualProtect(PTC_ga_cGeneratedCode, PTC_C_CODESIZE, PAGE_EXECUTE, &PTC_gs_dwOldPageProtection);
// Compute Size of Arrays
PTC_g_dwLinkedDLLNumber = (sizeof(PTC_ga_szLinkedDLLName) / PTC_C_NAMESIZE) - 1;
PTC_g_dwImportedFunctionsNumber = (sizeof(PTC_ga_stImportedFunctions) / sizeof(PTC_tdstImportedFunction)) - 1;
// Allocate array of DLL Image Base
PTC_ga_dwLinkedDLLImageBase = (DWORD*) malloc (PTC_g_dwLinkedDLLNumber * sizeof(DWORD));
// Fill It with random value
PTC_fn_vInitOneVariable ((void*)PTC_ga_dwLinkedDLLImageBase, PTC_g_dwLinkedDLLNumber * sizeof(DWORD));
/////////////////////////////////////////////////
if (_bFirstTime) PTC_g_lProtectError = 0;
// Get GetModuleHandle Ptr
PTC_fn_vGetGetModuleHandleA (_bFirstTime);
// Get All DLL ImageBase
PTC_fn_vGetAllLinkedDLLImageBase (_bFirstTime);
// Get All System functions Ptr
PTC_fn_vGetAllSystemFunctionsPtr (_bFirstTime);
// Is NT or W95/98
if (_bFirstTime) PTC_fn_vUpdateCurrentSystem ();
PTC_M_DeclareEndLabel(PTC_fn_vInit)
///////////////////////////////////////////////
PTC_fn_vTest ();
}
//////////////////////////////////////////////////
// DesInit Protections
//////////////////////////////////////////////////
void PTC_fn_vDesInit()
{
/*
if (PTC_ga_cGeneratedCode)
{
VirtualProtect(PTC_ga_cGeneratedCode, PTC_C_CODESIZE, PTC_gs_dwOldPageProtection, &PTC_gs_dwOldPageProtection);
free (PTC_ga_cGeneratedCode);
}
*/
if (PTC_ga_dwLinkedDLLImageBase)
{
free (PTC_ga_dwLinkedDLLImageBase);
}
if (PTC_g_bNTSystem)
{
FreeLibrary ((HMODULE)PTC_ga_dwLinkedDLLImageBase [PTC_C_PSAPIIndex]);
}
}
//////////////////////////////////////////////////
//
//////////////////////////////////////////////////
BOOL PTC_fn_bVerifyOneImportedFunctionPtr()
{
DWORD dwRandomImageBase = PTC_fn_dwGetRandomDLLImageBase ();
if (dwRandomImageBase)
{
DWORD dwRandomFunctionPtr = PTC_fn_lGetRandomRange (0 , PTC_g_dwImportedFunctionsNumber);
DWORD dwKey = *((DWORD*) PTC_ga_stImportedFunctions [dwRandomFunctionPtr] . szName);
DWORD dwAddress = PTC_ga_stImportedFunctions [dwRandomFunctionPtr] . dwAddress;
DWORD dwAddressFounded = dwGetImportedFunctionEntryFromImageBase (dwRandomImageBase , PTC_fn_szGetFunctionExplicitName(dwRandomFunctionPtr));
DWORD dwPtrFounded = ( dwAddressFounded ? *((DWORD*)dwAddressFounded) : 0L);
if (dwPtrFounded && dwAddress && ((dwAddress ^ dwKey) != dwPtrFounded))
{
PTC_g_lProtectError = 1;
return FALSE;
}
}
return TRUE;
}
//////////////////////////////////////////////////
//
//////////////////////////////////////////////////
long PTC_fn_lGetCheckSum(DWORD dwBeginAddr, DWORD dwEndAddr);
void PTC_fn_vInitChecksum()
{
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionDelete(0,PTC_fn_vInitChecksum);
return;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_vInitChecksum)
memset (PTC_g_dwBeginLabelAddress , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwEndLabelAddress , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwChecksum , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwBeginLabelAddressDelete , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwEndLabelAddressDelete , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
//
PTC_g_bTakeAddresses = TRUE;
// Compute Checksum
SNA_fn_bGetHandleToRelocationTable (NULL); /* 0 */
SNA_fn_bGetHandleToRelocationTableInBigFile (NULL); /* 1 */
PTC_fn_vInit (TRUE); /* 2 */
PTC_fn_dwSearchExportedFunctionInEveryDLL (NULL); /* 3 */
PTC_fn_dwSearchExportedFunctionInEveryDLLOnNT (NULL); /* 4 */
PTC_fn_dwSearchExportedFunctionInEveryDLLOnW95W98 (NULL); /* 5 */
PTC_fn_vUpdateCurrentSystem (); /* 6 */
PTC_fn_hGetKernel32Handle (); /* 7 */
PTC_fn_vGetGetModuleHandleA (TRUE); /* 8 */
PTC_fn_dwSearchFunctionInImportedTableOfExe (NULL); /* 9 */
// Get addresses for delete
PTC_fn_vInitChecksum (); /* 0 */
PTC_fn_vComputeAndWriteChecksumFile (); /* 1 */
PTC_fn_lGetCheckSum (0,0); /* 2 */
WinMain (NULL,NULL,NULL,0); /* 3 & 4 */
//
PTC_g_bTakeAddresses = FALSE;
//
PTC_M_DeclareEndLabel(PTC_fn_vInitChecksum)
return;
}
//////////////////////////////////////////////////
//
//////////////////////////////////////////////////
void PTC_fn_vComputeAndWriteChecksumFile()
{
DWORD *p_dwBeginAddress;
DWORD *p_dwEndAddress;
FILE *pFile;
DWORD i;
DWORD dwOffsetBegin , dwOffsetEnd , dwOffset;
char szText[255];
long lCheckSum;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionDelete(1,PTC_fn_vComputeAndWriteChecksumFile);
return;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_vComputeAndWriteChecksumFile)
// Checksum List
pFile = fopen ("CheckSum.lst" , "wt");
if (pFile)
{
i = 0;
dwOffset = (DWORD)PTC_GetModuleHandle(NULL);
p_dwBeginAddress = PTC_g_dwBeginLabelAddress;
p_dwEndAddress = PTC_g_dwEndLabelAddress;
while (*p_dwBeginAddress && *p_dwEndAddress)
{
lCheckSum = PTC_fn_lGetCheckSum(*p_dwBeginAddress , *p_dwEndAddress);
dwOffsetBegin = *p_dwBeginAddress - dwOffset;
dwOffsetEnd = *p_dwEndAddress - dwOffset;
sprintf (szText , "%i - Begin: 0x%08x End: 0x%08x Checksum: 0x%08x\n" , i , dwOffsetBegin , dwOffsetEnd , lCheckSum);
fprintf (pFile , "%i - Begin: 0x%08x End: 0x%08x Checksum: 0x%08x\n" , i , dwOffsetBegin , dwOffsetEnd , lCheckSum);
p_dwBeginAddress++;
p_dwEndAddress++;
i++;
}
fclose (pFile);
}
// Delete List
pFile = fopen ("Delete.lst" , "wt");
if (pFile)
{
i = 0;
dwOffset = (DWORD)PTC_GetModuleHandle(NULL);
p_dwBeginAddress = PTC_g_dwBeginLabelAddressDelete;
p_dwEndAddress = PTC_g_dwEndLabelAddressDelete;
while (*p_dwBeginAddress && *p_dwEndAddress)
{
dwOffsetBegin = *p_dwBeginAddress - dwOffset;
dwOffsetEnd = *p_dwEndAddress - dwOffset;
sprintf (szText , "%i - Begin: 0x%08x End: 0x%08x \n" , i , dwOffsetBegin , dwOffsetEnd);
fprintf (pFile , "%i - Begin: 0x%08x End: 0x%08x \n" , i , dwOffsetBegin , dwOffsetEnd);
p_dwBeginAddress++;
p_dwEndAddress++;
i++;
}
fclose (pFile);
}
PTC_M_DeclareEndLabel(PTC_fn_vComputeAndWriteChecksumFile)
return;
}
#ifndef RETAIL /* { */
//////////////////////////////////////////////////
// Read CheckSum File
//////////////////////////////////////////////////
void PTC_fn_vReadChecksumFile()
{
DWORD *p_dwBeginAddress = PTC_g_dwBeginLabelAddress;
DWORD *p_dwEndAddress = PTC_g_dwEndLabelAddress;
DWORD *p_dwCheckSum = PTC_g_dwChecksum;
FILE *pFile;
DWORD dwOffsetBegin , dwOffsetEnd , dwOffset;
char szText[255];
char *p_cBegin , *p_cEnd , *p_cChecksum;
long lChecksum;
memset (PTC_g_dwBeginLabelAddress , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwEndLabelAddress , 0 , PTC_C_ChecksumTableSize * sizeof(DWORD));
memset (PTC_g_dwChecksum , 0 , PTC_C_ChecksumTableSize * sizeof(long));
pFile = fopen ("CheckSum.lst" , "rt");
if (pFile)
{
dwOffset = (DWORD)PTC_GetModuleHandle(NULL);
while (!feof(pFile))
{
if (fgets (szText , 255 , pFile))
{
p_cBegin = strstr(szText,"Begin: 0x") + strlen("Begin: 0x");
p_cEnd = strstr(szText,"End: 0x") + strlen("End: 0x");
p_cChecksum = strstr(szText,"Checksum: 0x") + strlen("Checksum: 0x");
// read dwOffsetBegin
sscanf (p_cBegin , "%x" , &dwOffsetBegin);
// read dwOffsetEnd
sscanf (p_cEnd , "%x" , &dwOffsetEnd);
// read dwChecksum
sscanf (p_cChecksum , "%x" , &lChecksum);
*p_dwBeginAddress++ = dwOffsetBegin;
*p_dwEndAddress++ = dwOffsetEnd;
*p_dwCheckSum++ = (DWORD)lChecksum;
}
}
fclose (pFile);
}
return;
}
#endif /* RETAIL } */
//////////////////////////////////////////////////
// Compute CheckSum
//////////////////////////////////////////////////
long PTC_fn_lGetCheckSum(DWORD dwBeginAddr, DWORD dwEndAddr)
{
long lResult = 0;
DWORD *dwCurrent;
/* ------------------------------------------ */
/* to get begin and end addresses of function */
if (PTC_g_bTakeAddresses)
{
PTC_M_AddFunctionDelete(2,PTC_fn_lGetCheckSum);
return (long)0;
}
/* ------------------------------------------ */
/* ------------------------------------------ */
PTC_M_DeclareBeginLabel(PTC_fn_lGetCheckSum)
if (dwBeginAddr > dwEndAddr)
{
DWORD dwTmp;
dwTmp = dwEndAddr;
dwEndAddr = dwBeginAddr;
dwBeginAddr = dwTmp;
}
dwBeginAddr -= (dwBeginAddr % 4);
dwEndAddr -= (dwEndAddr % 4);
dwCurrent = (DWORD*)dwBeginAddr;
while (dwCurrent < (DWORD*)dwEndAddr)
{
lResult += (*(long*)dwCurrent) * (*(long*)dwCurrent);
dwCurrent++;
}
PTC_M_DeclareEndLabel(PTC_fn_lGetCheckSum)
return lResult;
}
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
#ifdef _DEBUG
void PTC_fn_vTestDLLImport();
#endif
void PTC_fn_vTest()
{
#ifdef _DEBUG
PTC_fn_vTestDLLImport();
#endif
}
#ifdef _DEBUG
void PTC_fn_vTestChecksum()
{
DWORD *p_dwBeginAddress = PTC_g_dwBeginLabelAddress;
DWORD *p_dwEndAddress = PTC_g_dwEndLabelAddress;
long *p_lCheckSum = PTC_g_dwChecksum;
long lCheckSum;
DWORD dwError;
DWORD dwOffset;
// read checksum in file
PTC_fn_vReadChecksumFile ();
// verify
dwOffset = (DWORD)PTC_GetModuleHandle(NULL);
dwError = 0;
while (*p_dwBeginAddress && *p_dwEndAddress)
{
lCheckSum = PTC_fn_lGetCheckSum(*p_dwBeginAddress + dwOffset, *p_dwEndAddress + dwOffset);
if (lCheckSum != *p_lCheckSum)
dwError++;
p_dwBeginAddress++;
p_dwEndAddress++;
p_lCheckSum++;
}
if (dwError)
MessageBox(NULL , "Error on checksum" , "ERROR" , MB_OK + MB_ICONEXCLAMATION);
else
MessageBox(NULL , "No Error on checksum" , "GOOD" , MB_OK + MB_ICONINFORMATION);
}
void PTC_fn_vTestDLLImport()
{
DWORD dwIndex;
DWORD dwTest , dwOK , dwNo;
dwTest = dwOK = dwNo = 0;
for (dwIndex = 1 ; dwIndex < PTC_g_dwImportedFunctionsNumber ; dwIndex++)
{
PTC_tdstImportedFunction *p_stIF = PTC_ga_stImportedFunctions + dwIndex;
DWORD dwIdx;
DWORD dwAddress;
DWORD dwKey = *((DWORD*) p_stIF -> szName);
/*
for (dwIdx = 0 ; dwIdx < 5 ; dwIdx++)
{
if ((p_stIF -> lOtherDLLIndex [dwIdx] != 0) && PTC_ga_dwLinkedDLLImageBase [p_stIF -> lOtherDLLIndex [dwIdx]])
{
DWORD dwKey = *((DWORD*) p_stIF -> szName);
DWORD dwAddress = p_stIF -> dwAddress;
DWORD dwAddressFounded = dwGetImportedFunctionEntryFromImageBase (PTC_ga_dwLinkedDLLImageBase [p_stIF -> lOtherDLLIndex [dwIdx]] , PTC_fn_szGetFunctionExplicitName(dwIndex));
DWORD dwPtrFounded = ( dwAddressFounded ? *((DWORD*)dwAddressFounded) : 0L);
dwTest++;
if (dwPtrFounded && dwAddress && ((dwAddress ^ dwKey) != dwPtrFounded))
{
PTC_g_lProtectError = 1;
dwNo++;
}
else
{
PTC_g_lProtectError = -1;
dwOK++;
}
}
}
*/
dwIdx = PTC_fn_dwSearchExportedFunctionInEveryDLL(PTC_fn_szGetFunctionExplicitName(dwIndex));
dwAddress = PTC_fn_dwSearchFunctionInImportedTableOfExe(PTC_fn_szGetFunctionExplicitName(dwIndex));
if (dwAddress)
{
dwTest++;
if( dwAddress == (p_stIF -> dwAddress ^ dwKey)) dwOK++; else dwNo++;
}
}
}
#endif
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
//////////////////////////////////////////////////
#endif // PTC_SYSTEM_ACTIVED }
Reference in New Issue View Git Blame Copy Permalink