-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdllmain.cpp
More file actions
160 lines (144 loc) · 5.06 KB
/
dllmain.cpp
File metadata and controls
160 lines (144 loc) · 5.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include <Windows.h>
#include "detours.h"
#include <iostream>
#include <fstream>
#include <string>
using namespace std;
typedef HANDLE(WINAPI* CreateFile_t)(
_In_ LPCTSTR lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile
);
typedef HANDLE(WINAPI* CreateFile_tA)(
_In_ const char* lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile
);
CreateFile_t oCreateFileW;
CreateFile_tA oCreateFileA;
ofstream logfile;
const char* FlashFsCertKeysName = "\\\\.\\Xvuc\\FlashFS\\certkeys.bin";
const char* EmuFlashCertKeysName = "D:\\EmuFlash\\certkeys.bin";
const char* LogFileName = "D:\\emuflashlog.txt";
LPCWSTR UnicodeFlashFsCertKeysName = L"\\\\.\\Xvuc\\FlashFS\\certkeys.bin";
LPCWSTR UnicodeEmuFlashCertKeysName = L"D:\\EmuFlash\\certkeys.bin";
HANDLE WINAPI hkCreateFile(
_In_ LPCTSTR lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile
)
{
if(lstrcmp(lpFileName, UnicodeFlashFsCertKeysName) == 0)
{
ofstream logfile;
logfile.open(LogFileName);
logfile << "System is attempting to access certkeys.bin, rerouting to EmuFlash!\n";
logfile.close();
return oCreateFileW(UnicodeEmuFlashCertKeysName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
cout << "Normal CreateFile call, disregarding" << endl;
return oCreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
HANDLE WINAPI hkCreateFileA(
_In_ const char* lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile
)
{
if(strcmp(lpFileName, FlashFsCertKeysName) == 0)
{
ofstream logfile;
logfile.open(LogFileName);
logfile << "System is attempting to access certkeys.bin, rerouting to EmuFlash!\n";
logfile.close();
return oCreateFileA(EmuFlashCertKeysName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
cout << "Normal CreateFile call, disregarding" << endl;
return oCreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
__declspec(dllexport) void GetThreadProfilingDataVolatile()
{
return;
}
__declspec(dllexport) void ThreadProfilingBind()
{
return;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
HMODULE hKernelBase = GetModuleHandle(L"kernelbase.dll");
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if (hKernelBase == NULL)
{
logfile.open(LogFileName);
logfile << "GetModuleHandle failed\n";
logfile.close();
return TRUE;
}
oCreateFileW = (CreateFile_t)GetProcAddress(hKernelBase, "CreateFileW");
oCreateFileA = (CreateFile_tA)GetProcAddress(hKernelBase, "CreateFileA");
if (oCreateFileW == NULL)
{
logfile.open(LogFileName);
logfile << "GetProcAddress CreateFileW failed\n";
logfile.close();
return 1;
}
if (oCreateFileA == NULL)
{
logfile.open(LogFileName);
logfile << "GetProcAddress CreateFileA failed\n";
logfile.close();
return 1;
}
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)oCreateFileW, hkCreateFile);
DetourAttach(&(PVOID&)oCreateFileA, hkCreateFileA);
DetourTransactionCommit();
logfile.open(LogFileName);
logfile << "Detouring CreateFileW\n";
logfile << "Detouring CreateFileA\n";
logfile.close();
return 0;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)oCreateFileW, hkCreateFile);
DetourDetach(&(PVOID&)oCreateFileA, hkCreateFileA);
DetourTransactionCommit();
logfile.open(LogFileName);
logfile << "Restored original CreateFileW\n";
logfile << "Restored original CreateFileA\n";
logfile.close();
break;
}
return TRUE;
}