Code updates

C++ code still needs to be processed
This commit is contained in:
binarymaster 2014-11-21 16:38:07 +03:00
parent 1d35b31d6e
commit 2c7e0279e0
3 changed files with 2736 additions and 1950 deletions

View File

@ -641,70 +641,50 @@ begin
if GetModuleAddress('termsrv.dll', GetCurrentProcessId, TermSrvBase, TermSrvSize) then begin if GetModuleAddress('termsrv.dll', GetCurrentProcessId, TermSrvBase, TermSrvSize) then begin
if INIReadBool(INI, Sect, 'LocalOnlyPatch.x86', False) then begin if INIReadBool(INI, Sect, 'LocalOnlyPatch.x86', False) then begin
WriteLog('Patch CEnforcementCore::GetInstanceOfTSLicense'); WriteLog('Patch CEnforcementCore::GetInstanceOfTSLicense');
try
SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'LocalOnlyOffset.x86', 0)); SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'LocalOnlyOffset.x86', 0));
I := SListFind(PatchList, INIReadString(INI, Sect, 'LocalOnlyCode.x86', '')); I := SListFind(PatchList, INIReadString(INI, Sect, 'LocalOnlyCode.x86', ''));
if I >= 0 then if I >= 0 then
WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw); WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw);
except
end;
end; end;
if INIReadBool(INI, Sect, 'SingleUserPatch.x86', False) then begin if INIReadBool(INI, Sect, 'SingleUserPatch.x86', False) then begin
WriteLog('Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled'); WriteLog('Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled');
try
SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SingleUserOffset.x86', 0)); SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SingleUserOffset.x86', 0));
I := SListFind(PatchList, INIReadString(INI, Sect, 'SingleUserCode.x86', '')); I := SListFind(PatchList, INIReadString(INI, Sect, 'SingleUserCode.x86', ''));
if I >= 0 then if I >= 0 then
WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw); WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw);
except
end;
end; end;
if INIReadBool(INI, Sect, 'DefPolicyPatch.x86', False) then begin if INIReadBool(INI, Sect, 'DefPolicyPatch.x86', False) then begin
WriteLog('Patch CDefPolicy::Query'); WriteLog('Patch CDefPolicy::Query');
try
SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'DefPolicyOffset.x86', 0)); SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'DefPolicyOffset.x86', 0));
I := SListFind(PatchList, INIReadString(INI, Sect, 'DefPolicyCode.x86', '')); I := SListFind(PatchList, INIReadString(INI, Sect, 'DefPolicyCode.x86', ''));
if I >= 0 then if I >= 0 then
WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw); WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw);
except
end;
end; end;
if INIReadBool(INI, Sect, 'SLPolicyInternal.x86', False) then begin if INIReadBool(INI, Sect, 'SLPolicyInternal.x86', False) then begin
WriteLog('Hook SLGetWindowsInformationDWORDWrapper'); WriteLog('Hook SLGetWindowsInformationDWORDWrapper');
try
SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SLPolicyOffset.x86', 0)); SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SLPolicyOffset.x86', 0));
except
SignPtr := nil;
end;
MovJump.MovOp := $89; // mov eax, ecx MovJump.MovOp := $89; // mov eax, ecx
MovJump.MovArg := $C8; // __msfastcall compatibility MovJump.MovArg := $C8; // __msfastcall compatibility
MovJump.PushOp := $68; MovJump.PushOp := $68;
MovJump.PushArg := nil; MovJump.PushArg := @New_Win8SL;
MovJump.RetOp := $C3;
FuncName := INIReadString(INI, Sect, 'SLPolicyFunc.x86', 'New_Win8SL'); FuncName := INIReadString(INI, Sect, 'SLPolicyFunc.x86', 'New_Win8SL');
if FuncName = 'New_Win8SL' then if FuncName = 'New_Win8SL' then
MovJump.PushArg := @New_Win8SL; MovJump.PushArg := @New_Win8SL;
if FuncName = 'New_Win8SL_CP' then if FuncName = 'New_Win8SL_CP' then
MovJump.PushArg := @New_Win8SL_CP; MovJump.PushArg := @New_Win8SL_CP;
MovJump.RetOp := $C3;
WriteProcessMemory(GetCurrentProcess, SignPtr, WriteProcessMemory(GetCurrentProcess, SignPtr,
@MovJump, SizeOf(mov_far_jmp), bw); @MovJump, SizeOf(mov_far_jmp), bw);
end; end;
if INIReadBool(INI, Sect, 'SLInitHook.x86', False) then begin if INIReadBool(INI, Sect, 'SLInitHook.x86', False) then begin
WriteLog('Hook CSLQuery::Initialize'); WriteLog('Hook CSLQuery::Initialize');
try
SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SLInitOffset.x86', 0)); SignPtr := Pointer(Cardinal(TermSrvBase) + INIReadDWordHex(INI, Sect, 'SLInitOffset.x86', 0));
except
SignPtr := nil;
end;
Jump.PushOp := $68; Jump.PushOp := $68;
Jump.PushArg := nil; Jump.PushArg := @New_CSLQuery_Initialize;
Jump.RetOp := $C3;
FuncName := INIReadString(INI, Sect, 'SLInitFunc.x86', 'New_CSLQuery_Initialize'); FuncName := INIReadString(INI, Sect, 'SLInitFunc.x86', 'New_CSLQuery_Initialize');
if FuncName = 'New_CSLQuery_Initialize' then if FuncName = 'New_CSLQuery_Initialize' then
Jump.PushArg := @New_CSLQuery_Initialize; Jump.PushArg := @New_CSLQuery_Initialize;
Jump.RetOp := $C3;
WriteProcessMemory(GetCurrentProcess, SignPtr, WriteProcessMemory(GetCurrentProcess, SignPtr,
@Jump, SizeOf(far_jmp), bw); @Jump, SizeOf(far_jmp), bw);
end; end;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff