188 lines
5.5 KiB
C++
188 lines
5.5 KiB
C++
|
|
|||
|
|
//
|
|||
|
|
// created by AheadLib
|
|||
|
|
// github:https://github.com/strivexjun/AheadLib-x86-x64
|
|||
|
|
//
|
|||
|
|
|
|||
|
|
#include <windows.h>
|
|||
|
|
#include <Shlwapi.h>
|
|||
|
|
|
|||
|
|
#pragma comment( lib, "Shlwapi.lib")
|
|||
|
|
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoA=AheadLib_GetFileVersionInfoA,@1")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoByHandle=AheadLib_GetFileVersionInfoByHandle,@2")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExA=AheadLib_GetFileVersionInfoExA,@3")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExW=AheadLib_GetFileVersionInfoExW,@4")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeA=AheadLib_GetFileVersionInfoSizeA,@5")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExA=AheadLib_GetFileVersionInfoSizeExA,@6")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExW=AheadLib_GetFileVersionInfoSizeExW,@7")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeW=AheadLib_GetFileVersionInfoSizeW,@8")
|
|||
|
|
#pragma comment(linker, "/EXPORT:GetFileVersionInfoW=AheadLib_GetFileVersionInfoW,@9")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerFindFileA=AheadLib_VerFindFileA,@10")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerFindFileW=AheadLib_VerFindFileW,@11")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerInstallFileA=AheadLib_VerInstallFileA,@12")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerInstallFileW=AheadLib_VerInstallFileW,@13")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerLanguageNameA=KERNEL32.VerLanguageNameA,@14")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerLanguageNameW=KERNEL32.VerLanguageNameW,@15")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerQueryValueA=AheadLib_VerQueryValueA,@16")
|
|||
|
|
#pragma comment(linker, "/EXPORT:VerQueryValueW=AheadLib_VerQueryValueW,@17")
|
|||
|
|
|
|||
|
|
|
|||
|
|
extern "C"
|
|||
|
|
{
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoA;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoByHandle;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoExA;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoExW;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoSizeA;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoSizeExA;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoSizeExW;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoSizeW;
|
|||
|
|
PVOID pfnAheadLib_GetFileVersionInfoW;
|
|||
|
|
PVOID pfnAheadLib_VerFindFileA;
|
|||
|
|
PVOID pfnAheadLib_VerFindFileW;
|
|||
|
|
PVOID pfnAheadLib_VerInstallFileA;
|
|||
|
|
PVOID pfnAheadLib_VerInstallFileW;
|
|||
|
|
PVOID pfnAheadLib_VerQueryValueA;
|
|||
|
|
PVOID pfnAheadLib_VerQueryValueW;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
|
|||
|
|
static
|
|||
|
|
HMODULE g_OldModule = NULL;
|
|||
|
|
|
|||
|
|
VOID WINAPI Free()
|
|||
|
|
{
|
|||
|
|
if (g_OldModule)
|
|||
|
|
{
|
|||
|
|
FreeLibrary(g_OldModule);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
|
|||
|
|
BOOL WINAPI Load()
|
|||
|
|
{
|
|||
|
|
TCHAR tzPath[MAX_PATH];
|
|||
|
|
TCHAR tzTemp[MAX_PATH * 2];
|
|||
|
|
|
|||
|
|
//
|
|||
|
|
// <20><><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD>ϵͳĿ¼<C4BF><C2BC><EFBFBD><EFBFBD>ǰĿ¼<C4BF><C2BC><EFBFBD><EFBFBD>ԭʼDLL
|
|||
|
|
//
|
|||
|
|
//GetModuleFileName(NULL,tzPath,MAX_PATH); //<2F><>ȡ<EFBFBD><C8A1>Ŀ¼<C4BF>µ<EFBFBD>
|
|||
|
|
//PathRemoveFileSpec(tzPath);
|
|||
|
|
|
|||
|
|
GetSystemDirectory(tzPath, MAX_PATH); //Ĭ<>ϻ<EFBFBD>ȡϵͳĿ¼<C4BF><C2BC>
|
|||
|
|
|
|||
|
|
lstrcat(tzPath, TEXT("\\version.dll"));
|
|||
|
|
|
|||
|
|
g_OldModule = LoadLibrary(tzPath);
|
|||
|
|
if (g_OldModule == NULL)
|
|||
|
|
{
|
|||
|
|
wsprintf(tzTemp, TEXT("<EFBFBD><EFBFBD><EFBFBD>ҵ<EFBFBD>ģ<EFBFBD><EFBFBD> %s,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"), tzPath);
|
|||
|
|
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return (g_OldModule != NULL);
|
|||
|
|
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
|
|||
|
|
FARPROC WINAPI GetAddress(PCSTR pszProcName)
|
|||
|
|
{
|
|||
|
|
FARPROC fpAddress;
|
|||
|
|
CHAR szProcName[64];
|
|||
|
|
TCHAR tzTemp[MAX_PATH];
|
|||
|
|
|
|||
|
|
fpAddress = GetProcAddress(g_OldModule, pszProcName);
|
|||
|
|
if (fpAddress == NULL)
|
|||
|
|
{
|
|||
|
|
if (HIWORD(pszProcName) == 0)
|
|||
|
|
{
|
|||
|
|
wsprintfA(szProcName, "#%d", pszProcName);
|
|||
|
|
pszProcName = szProcName;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
wsprintf(tzTemp, TEXT("<EFBFBD><EFBFBD><EFBFBD>ҵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> %hs,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>"), pszProcName);
|
|||
|
|
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
|
|||
|
|
ExitProcess(-2);
|
|||
|
|
}
|
|||
|
|
return fpAddress;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
BOOL WINAPI Init()
|
|||
|
|
{
|
|||
|
|
pfnAheadLib_GetFileVersionInfoA = GetAddress("GetFileVersionInfoA");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoByHandle = GetAddress("GetFileVersionInfoByHandle");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoExA = GetAddress("GetFileVersionInfoExA");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoExW = GetAddress("GetFileVersionInfoExW");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoSizeA = GetAddress("GetFileVersionInfoSizeA");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoSizeExA = GetAddress("GetFileVersionInfoSizeExA");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoSizeExW = GetAddress("GetFileVersionInfoSizeExW");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoSizeW = GetAddress("GetFileVersionInfoSizeW");
|
|||
|
|
pfnAheadLib_GetFileVersionInfoW = GetAddress("GetFileVersionInfoW");
|
|||
|
|
pfnAheadLib_VerFindFileA = GetAddress("VerFindFileA");
|
|||
|
|
pfnAheadLib_VerFindFileW = GetAddress("VerFindFileW");
|
|||
|
|
pfnAheadLib_VerInstallFileA = GetAddress("VerInstallFileA");
|
|||
|
|
pfnAheadLib_VerInstallFileW = GetAddress("VerInstallFileW");
|
|||
|
|
pfnAheadLib_VerQueryValueA = GetAddress("VerQueryValueA");
|
|||
|
|
pfnAheadLib_VerQueryValueW = GetAddress("VerQueryValueW");
|
|||
|
|
return TRUE;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
DWORD WINAPI ThreadProc(LPVOID lpThreadParameter)
|
|||
|
|
{
|
|||
|
|
HANDLE hProcess;
|
|||
|
|
|
|||
|
|
PVOID addr1 = reinterpret_cast<PVOID>(0x00401000);
|
|||
|
|
BYTE data1[] = { 0x90, 0x90, 0x90, 0x90 };
|
|||
|
|
|
|||
|
|
//
|
|||
|
|
// <20>ƹ<EFBFBD>VMP3.x <20><><EFBFBD>ڴ汣<DAB4><E6B1A3>
|
|||
|
|
//
|
|||
|
|
hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, GetCurrentProcessId());
|
|||
|
|
if (hProcess)
|
|||
|
|
{
|
|||
|
|
WriteProcessMemory(hProcess, addr1, data1, sizeof(data1), NULL);
|
|||
|
|
|
|||
|
|
CloseHandle(hProcess);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return 0;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
|
|||
|
|
BOOL APIENTRY VersionHijack_DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
|
|||
|
|
{
|
|||
|
|
if (dwReason == DLL_PROCESS_ATTACH)
|
|||
|
|
{
|
|||
|
|
DisableThreadLibraryCalls(hModule);
|
|||
|
|
|
|||
|
|
if (Load() && Init())
|
|||
|
|
{
|
|||
|
|
TCHAR szAppName[MAX_PATH] = TEXT("cs2.exe");//<2F><><EFBFBD><EFBFBD><DEB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
TCHAR szCurName[MAX_PATH];
|
|||
|
|
|
|||
|
|
GetModuleFileName(NULL, szCurName, MAX_PATH);
|
|||
|
|
PathStripPath(szCurName);
|
|||
|
|
|
|||
|
|
//<2F>Ƿ<EFBFBD><C7B7>ж<EFBFBD><D0B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
if (StrCmpI(szCurName, szAppName) == 0)
|
|||
|
|
{
|
|||
|
|
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̻߳<DFB3><CCBB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
|
|||
|
|
if (hThread)
|
|||
|
|
{
|
|||
|
|
CloseHandle(hThread);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
else if (dwReason == DLL_PROCESS_DETACH)
|
|||
|
|
{
|
|||
|
|
Free();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return TRUE;
|
|||
|
|
}
|
|||
|
|
|