diff --git a/src-x86-binarymaster/rdpwrap.dpr b/src-x86-binarymaster/rdpwrap.dpr index 4e1534e..7a7ae49 100644 --- a/src-x86-binarymaster/rdpwrap.dpr +++ b/src-x86-binarymaster/rdpwrap.dpr @@ -374,7 +374,7 @@ begin if OverrideSL(pwszValueName, dw) then begin pdwValue^ := dw; Result := S_OK; - WriteLog('Rewrite: ' + IntToStr(pdwValue^)); + WriteLog('Policy rewrite: ' + IntToStr(pdwValue^)); Exit; end; @@ -387,9 +387,9 @@ begin // get result Result := SLGetWindowsInformationDWORD(pwszValueName, pdwValue); if Result = S_OK then - WriteLog('Result: ' + IntToStr(pdwValue^)) + WriteLog('Policy result: ' + IntToStr(pdwValue^)) else - WriteLog('Failed'); + WriteLog('Policy request failed'); // wrap it back WriteProcessMemory(GetCurrentProcess, @SLGetWindowsInformationDWORD, @Stub_SLGetWindowsInformationDWORD, SizeOf(far_jmp), bw); @@ -408,7 +408,7 @@ begin if OverrideSL(pwszValueName, dw) then begin pdwValue^ := dw; Result := S_OK; - WriteLog('Rewrite: ' + IntToStr(pdwValue^)); + WriteLog('Policy rewrite: ' + IntToStr(pdwValue^)); Exit; end; @@ -417,9 +417,9 @@ begin Result := SLGetWindowsInformationDWORD(pwszValueName, pdwValue); if Result = S_OK then - WriteLog('Result: ' + IntToStr(pdwValue^)) + WriteLog('Policy result: ' + IntToStr(pdwValue^)) else - WriteLog('Failed'); + WriteLog('Policy request failed'); end; function New_Win8SL_CP(eax: DWORD; pdwValue: PDWORD; ecx: DWORD; pwszValueName: PWideChar): HRESULT; register; @@ -450,7 +450,7 @@ begin lMaxUserSessions := nil; ulMaxDebugSessions := nil; bInitialized := nil; - WriteLog('> CSLQuery::Initialize'); + WriteLog('>>> CSLQuery::Initialize'); Sect := IntToStr(FV.Version.w.Major)+'.'+IntToStr(FV.Version.w.Minor)+'.'+ IntToStr(FV.Release)+'.'+IntToStr(FV.Build)+'-SLInit'; if INISectionExists(INI, Sect) then begin @@ -466,42 +466,43 @@ begin if bServerSku <> nil then begin bServerSku^ := INIReadDWord(INI, 'SLInit', 'bServerSku', 1); - WriteLog('[0x'+IntToHex(DWORD(bServerSku), 1)+'] bServerSku = ' + IntToStr(bServerSku^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bServerSku), 1)+'] bServerSku = ' + IntToStr(bServerSku^)); end; if bRemoteConnAllowed <> nil then begin bRemoteConnAllowed^ := INIReadDWord(INI, 'SLInit', 'bRemoteConnAllowed', 1); - WriteLog('[0x'+IntToHex(DWORD(bRemoteConnAllowed), 1)+'] bRemoteConnAllowed = ' + IntToStr(bRemoteConnAllowed^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bRemoteConnAllowed), 1)+'] bRemoteConnAllowed = ' + IntToStr(bRemoteConnAllowed^)); end; if bFUSEnabled <> nil then begin bFUSEnabled^ := INIReadDWord(INI, 'SLInit', 'bFUSEnabled', 1); - WriteLog('[0x'+IntToHex(DWORD(bFUSEnabled), 1)+'] bFUSEnabled = ' + IntToStr(bFUSEnabled^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bFUSEnabled), 1)+'] bFUSEnabled = ' + IntToStr(bFUSEnabled^)); end; if bAppServerAllowed <> nil then begin bAppServerAllowed^ := INIReadDWord(INI, 'SLInit', 'bAppServerAllowed', 1); - WriteLog('[0x'+IntToHex(DWORD(bAppServerAllowed), 1)+'] bAppServerAllowed = ' + IntToStr(bAppServerAllowed^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bAppServerAllowed), 1)+'] bAppServerAllowed = ' + IntToStr(bAppServerAllowed^)); end; if bMultimonAllowed <> nil then begin bMultimonAllowed^ := INIReadDWord(INI, 'SLInit', 'bMultimonAllowed', 1); - WriteLog('[0x'+IntToHex(DWORD(bMultimonAllowed), 1)+'] bMultimonAllowed = ' + IntToStr(bMultimonAllowed^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bMultimonAllowed), 1)+'] bMultimonAllowed = ' + IntToStr(bMultimonAllowed^)); end; if lMaxUserSessions <> nil then begin lMaxUserSessions^ := INIReadDWord(INI, 'SLInit', 'lMaxUserSessions', 0); - WriteLog('[0x'+IntToHex(DWORD(lMaxUserSessions), 1)+'] lMaxUserSessions = ' + IntToStr(lMaxUserSessions^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(lMaxUserSessions), 1)+'] lMaxUserSessions = ' + IntToStr(lMaxUserSessions^)); end; if ulMaxDebugSessions <> nil then begin ulMaxDebugSessions^ := INIReadDWord(INI, 'SLInit', 'ulMaxDebugSessions', 0); - WriteLog('[0x'+IntToHex(DWORD(ulMaxDebugSessions), 1)+'] ulMaxDebugSessions = ' + IntToStr(ulMaxDebugSessions^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(ulMaxDebugSessions), 1)+'] ulMaxDebugSessions = ' + IntToStr(ulMaxDebugSessions^)); end; if bInitialized <> nil then begin bInitialized^ := INIReadDWord(INI, 'SLInit', 'bInitialized', 1); - WriteLog('[0x'+IntToHex(DWORD(bInitialized), 1)+'] bInitialized = ' + IntToStr(bInitialized^)); + WriteLog('SLInit [0x'+IntToHex(DWORD(bInitialized), 1)+'] bInitialized = ' + IntToStr(bInitialized^)); end; Result := S_OK; + WriteLog('<<< CSLQuery::Initialize'); end; procedure HookFunctions; var - Sect, FuncName: String; + ConfigFile, Sect, FuncName: String; V: DWORD; TS_Handle, SLC_Handle: THandle; TermSrvSize: DWORD; @@ -520,14 +521,16 @@ begin SLGetWindowsInformationDWORD := nil; WriteLog('Loading configuration...'); - INILoad(INI, ExtractFilePath(GetBinaryPath) + 'rdpwrap.ini'); + ConfigFile := ExtractFilePath(GetBinaryPath) + 'rdpwrap.ini'; + WriteLog('Configuration file: ' + ConfigFile); + INILoad(INI, ConfigFile); if Length(INI) = 0 then begin WriteLog('Error: Failed to load configuration'); Exit; end; LogFile := INIReadString(INI, 'Main', 'LogFile', ExtractFilePath(GetBinaryPath) + 'rdpwrap.txt'); - WriteLog('init'); + WriteLog('Initializing RDP Wrapper...'); // load termsrv.dll and get functions TS_Handle := LoadLibrary('termsrv.dll'); @@ -535,11 +538,13 @@ begin WriteLog('Error: Failed to load Terminal Services library'); Exit; end; - WriteLog('Base addr: 0x'+IntToHex(TS_Handle, 8)); TSMain := GetProcAddress(TS_Handle, 'ServiceMain'); - WriteLog('SvcMain: termsrv.dll+0x'+IntToHex(Cardinal(@TSMain) - TS_Handle, 1)); TSGlobals := GetProcAddress(TS_Handle, 'SvchostPushServiceGlobals'); - WriteLog('SvcGlobals: termsrv.dll+0x'+IntToHex(Cardinal(@TSGlobals) - TS_Handle, 1)); + WriteLog( + 'Base addr: 0x' + IntToHex(TS_Handle, 8) + + 'SvcMain: termsrv.dll+0x' + IntToHex(Cardinal(@TSMain) - TS_Handle, 1) + + 'SvcGlobals: termsrv.dll+0x' + IntToHex(Cardinal(@TSGlobals) - TS_Handle, 1) + ); V := 0; // check termsrv version @@ -555,15 +560,17 @@ begin Exit; end; - WriteLog('Version: '+IntToStr(FV.Version.w.Major)+'.'+IntToStr(FV.Version.w.Minor)); - WriteLog('Release: '+IntToStr(FV.Release)); - WriteLog('Build: '+IntToStr(FV.Build)); + WriteLog('Version: '+ + IntToStr(FV.Version.w.Major)+'.'+ + IntToStr(FV.Version.w.Minor)+'.'+ + IntToStr(FV.Release)+'.'+ + IntToStr(FV.Build)); // temporarily freeze threads - WriteLog('freeze'); + WriteLog('Freezing threads...'); StopThreads(); - WriteLog('Loading patch codes...'); + WriteLog('Caching patch codes...'); PatchList := INIReadSection(INI, 'PatchCodes'); SetLength(Patch, Length(PatchList)); for I := 0 to Length(Patch) - 1 do begin @@ -691,37 +698,38 @@ begin end; // unfreeze threads - WriteLog('resume'); + WriteLog('Resumimg threads...'); RunThreads(); end; function TermServiceMain(dwArgc: DWORD; lpszArgv: PWideChar): DWORD; stdcall; begin // wrap ServiceMain function - WriteLog('> ServiceMain'); + WriteLog('>>> ServiceMain'); if not IsHooked then HookFunctions; Result := 0; if @TSMain <> nil then Result := TSMain(dwArgc, lpszArgv); + WriteLog('<<< ServiceMain'); end; function TermServiceGlobals(lpGlobalData: Pointer): DWORD; stdcall; begin // wrap SvchostPushServiceGlobals function - WriteLog('> SvchostPushServiceGlobals'); + WriteLog('>>> SvchostPushServiceGlobals'); if not IsHooked then HookFunctions; Result := 0; if @TSGlobals <> nil then Result := TSGlobals(lpGlobalData); + WriteLog('<<< SvchostPushServiceGlobals'); end; // export section exports - TermServiceMain index 1 name 'ServiceMain'; -exports + TermServiceMain index 1 name 'ServiceMain', TermServiceGlobals index 2 name 'SvchostPushServiceGlobals'; begin diff --git a/src-x86-x64-Fusix/RDPWrap.cpp b/src-x86-x64-Fusix/RDPWrap.cpp index 77903ca..c5a80c6 100644 --- a/src-x86-x64-Fusix/RDPWrap.cpp +++ b/src-x86-x64-Fusix/RDPWrap.cpp @@ -290,7 +290,7 @@ HRESULT WINAPI New_SLGetWindowsInformationDWORD(PWSTR pwszValueName, DWORD *pdwV *pdwValue = dw; Log = new char[1024]; - wsprintfA(Log, "Rewrite: %i\r\n", dw); + wsprintfA(Log, "Policy rewrite: %i\r\n", dw); WriteToLog(Log); delete[] Log; @@ -302,11 +302,11 @@ HRESULT WINAPI New_SLGetWindowsInformationDWORD(PWSTR pwszValueName, DWORD *pdwV if (Result == S_OK) { Log = new char[1024]; - wsprintfA(Log, "Result: %i\r\n", dw); + wsprintfA(Log, "Policy result: %i\r\n", dw); WriteToLog(Log); delete[] Log; } else { - WriteToLog("Failed\r\n"); + WriteToLog("Policy request failed\r\n"); } WriteProcessMemory(GetCurrentProcess(), _SLGetWindowsInformationDWORD, &Stub_SLGetWindowsInformationDWORD, sizeof(FARJMP), &bw); @@ -336,7 +336,7 @@ HRESULT __fastcall New_Win8SL(PWSTR pwszValueName, DWORD *pdwValue) *pdwValue = dw; Log = new char[1024]; - wsprintfA(Log, "Rewrite: %i\r\n", dw); + wsprintfA(Log, "Policy rewrite: %i\r\n", dw); WriteToLog(Log); delete[] Log; @@ -347,11 +347,11 @@ HRESULT __fastcall New_Win8SL(PWSTR pwszValueName, DWORD *pdwValue) if (Result == S_OK) { Log = new char[1024]; - wsprintfA(Log, "Result: %i\r\n", dw); + wsprintfA(Log, "Policy result: %i\r\n", dw); WriteToLog(Log); delete[] Log; } else { - WriteToLog("Failed\r\n"); + WriteToLog("Policy request failed\r\n"); } return Result; @@ -382,7 +382,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() DWORD *ulMaxDebugSessions = NULL; DWORD *bInitialized = NULL; - WriteToLog("> CSLQuery::Initialize\r\n"); + WriteToLog(">>> CSLQuery::Initialize\r\n"); char *Sect; Sect = new char[256]; @@ -418,7 +418,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bServerSku = INIReadDWordHex(IniFile, "SLInit", "bServerSku", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bServerSku = %d\r\n", bServerSku, *bServerSku); + wsprintfA(Log, "SLInit [0x%p] bServerSku = %d\r\n", bServerSku, *bServerSku); WriteToLog(Log); delete[] Log; } @@ -427,7 +427,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bRemoteConnAllowed = INIReadDWordHex(IniFile, "SLInit", "bRemoteConnAllowed", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bRemoteConnAllowed = %d\r\n", bRemoteConnAllowed, *bRemoteConnAllowed); + wsprintfA(Log, "SLInit [0x%p] bRemoteConnAllowed = %d\r\n", bRemoteConnAllowed, *bRemoteConnAllowed); WriteToLog(Log); delete[] Log; } @@ -436,7 +436,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bFUSEnabled = INIReadDWordHex(IniFile, "SLInit", "bFUSEnabled", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bFUSEnabled = %d\r\n", bFUSEnabled, *bFUSEnabled); + wsprintfA(Log, "SLInit [0x%p] bFUSEnabled = %d\r\n", bFUSEnabled, *bFUSEnabled); WriteToLog(Log); delete[] Log; } @@ -445,7 +445,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bAppServerAllowed = INIReadDWordHex(IniFile, "SLInit", "bAppServerAllowed", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bAppServerAllowed = %d\r\n", bAppServerAllowed, *bAppServerAllowed); + wsprintfA(Log, "SLInit [0x%p] bAppServerAllowed = %d\r\n", bAppServerAllowed, *bAppServerAllowed); WriteToLog(Log); delete[] Log; } @@ -454,7 +454,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bMultimonAllowed = INIReadDWordHex(IniFile, "SLInit", "bMultimonAllowed", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bMultimonAllowed = %d\r\n", bMultimonAllowed, *bMultimonAllowed); + wsprintfA(Log, "SLInit [0x%p] bMultimonAllowed = %d\r\n", bMultimonAllowed, *bMultimonAllowed); WriteToLog(Log); delete[] Log; } @@ -463,7 +463,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *lMaxUserSessions = INIReadDWordHex(IniFile, "SLInit", "lMaxUserSessions", 0); Log = new char[1024]; - wsprintfA(Log, "[0x%p] lMaxUserSessions = %d\r\n", lMaxUserSessions, *lMaxUserSessions); + wsprintfA(Log, "SLInit [0x%p] lMaxUserSessions = %d\r\n", lMaxUserSessions, *lMaxUserSessions); WriteToLog(Log); delete[] Log; } @@ -472,7 +472,7 @@ HRESULT WINAPI New_CSLQuery_Initialize() *ulMaxDebugSessions = INIReadDWordHex(IniFile, "SLInit", "ulMaxDebugSessions", 0); Log = new char[1024]; - wsprintfA(Log, "[0x%p] ulMaxDebugSessions = %d\r\n", ulMaxDebugSessions, *ulMaxDebugSessions); + wsprintfA(Log, "SLInit [0x%p] ulMaxDebugSessions = %d\r\n", ulMaxDebugSessions, *ulMaxDebugSessions); WriteToLog(Log); delete[] Log; } @@ -481,10 +481,11 @@ HRESULT WINAPI New_CSLQuery_Initialize() *bInitialized = INIReadDWordHex(IniFile, "SLInit", "bInitialized", 1); Log = new char[1024]; - wsprintfA(Log, "[0x%p] bInitialized = %d\r\n", bInitialized, *bInitialized); + wsprintfA(Log, "SLInit [0x%p] bInitialized = %d\r\n", bInitialized, *bInitialized); WriteToLog(Log); delete[] Log; } + WriteToLog("<<< CSLQuery::Initialize\r\n"); return S_OK; } @@ -521,7 +522,6 @@ void Hook() delete[] Log; IniFile = new INI_FILE(ConfigFile); - // TODO: implement this if (IniFile == NULL) { @@ -558,7 +558,7 @@ void Hook() PLATFORM_DWORD TermSrvSize, SignPtr; FARJMP Jump; - WriteToLog("init\r\n"); + WriteToLog("Initializing RDP Wrapper...\r\n"); hTermSrv = LoadLibrary(L"termsrv.dll"); if (hTermSrv == 0) @@ -601,7 +601,7 @@ void Hook() delete[] Log; // temporarily freeze threads - WriteToLog("freeze\r\n"); + WriteToLog("Freezing threads...\r\n"); SetThreadsState(false); bool Bool; @@ -845,23 +845,25 @@ void Hook() } delete[] Sect; - WriteToLog("resume\r\n"); + WriteToLog("Resumimg threads...\r\n"); SetThreadsState(true); return; } void WINAPI ServiceMain(DWORD dwArgc, LPTSTR *lpszArgv) { - WriteToLog("> ServiceMain\r\n"); + WriteToLog(">>> ServiceMain\r\n"); if (!AlreadyHooked) Hook(); if (_ServiceMain != NULL) _ServiceMain(dwArgc, lpszArgv); + WriteToLog("<<< ServiceMain\r\n"); } void WINAPI SvchostPushServiceGlobals(void *lpGlobalData) { - WriteToLog("> SvchostPushServiceGlobals\r\n"); + WriteToLog(">>> SvchostPushServiceGlobals\r\n"); if (!AlreadyHooked) Hook(); if (_SvchostPushServiceGlobals != NULL) _SvchostPushServiceGlobals(lpGlobalData); + WriteToLog("<<< SvchostPushServiceGlobals\r\n"); }