You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

loader.d 4.9KB


  1. import std.string : empty, toStringz;
  2. import core.sys.windows.windows, core.sys.windows.dll, core.runtime;
  3. import hook.call, hook.jmp, hook.asm86, hook.mem;
  4. import vorbisfile;
  5. import config;
  6. import lib;
  7. import std.format : format;
  8. public __gshared static stConfig!"VorbisFile.ini" ini;
  9. void hook_mainloop()
  10. {
  11. auto asm86 = new Asm86Hook();
  12. asm86.pushad;
  13. asm86.pushfd;
  14. asm86.call(&mainloop);
  15. asm86.popfd;
  16. asm86.popad;
  17. asm86.insert(0x748DA3, 6);
  18. asm86.ret;
  19. call_hook(0x748DA3, 6, cast(void*)asm86.createFunc);
  20. asm86.destroy;
  21. }
  22. void hook_GetStartupInfoA()
  23. {
  24. auto asm86 = new Asm86Hook();
  25. asm86.pushad;
  26. asm86.pushfd;
  27. asm86.call(&GetStartupInfoA);
  28. asm86.popfd;
  29. asm86.popad;
  30. asm86.insert(0x8246BF, 6);
  31. asm86.ret;
  32. call_hook(0x8246BF, 6, cast(void*)asm86.createFunc);
  33. asm86.destroy;
  34. }
  35. void hook_crtMain()
  36. {
  37. auto asm86 = new Asm86Hook();
  38. asm86.pushad;
  39. asm86.pushfd;
  40. asm86.call(&crtMain);
  41. asm86.popfd;
  42. asm86.popad;
  43. asm86.insert(0x824570, 7);
  44. asm86.jmp(0x824570 + 7);
  45. jmp_hook(0x824570, 7, cast(void*)asm86.createFunc);
  46. asm86.destroy;
  47. }
  48. void hook_ExitProcess()
  49. {
  50. auto kernel32 = GetModuleHandleA("kernel32.dll");
  51. uint kernel32_ExitProcess = cast(uint)GetProcAddress(kernel32, "ExitProcess");
  52. byte[] win = [cast(byte)0x55,
  53. cast(byte)0x8B,
  54. cast(byte)0xEC,
  55. cast(byte)0x6A,
  56. cast(byte)0xFF];
  57. byte[] win7 = [cast(byte)0x8B,
  58. cast(byte)0xC0,
  59. cast(byte)0x55,
  60. cast(byte)0x8B,
  61. cast(byte)0xEC];
  62. byte[] wine = [cast(byte)0x55,
  63. cast(byte)0x8B,
  64. cast(byte)0xEC,
  65. cast(byte)0x6A,
  66. cast(byte)0x00];
  67. byte[] wine_fake = [cast(byte)0x8B,
  68. cast(byte)0xFF,
  69. cast(byte)0x55,
  70. cast(byte)0x8B,
  71. cast(byte)0xEC];
  72. if (win.cmpWithMem(kernel32_ExitProcess) ||
  73. win7.cmpWithMem(kernel32_ExitProcess) ||
  74. wine.cmpWithMem(kernel32_ExitProcess) ||
  75. wine_fake.cmpWithMem(kernel32_ExitProcess) ||
  76. *cast(byte*)kernel32_ExitProcess == cast(byte)0xE9 ||
  77. *cast(byte*)kernel32_ExitProcess == cast(byte)0xE8){
  78. auto asm86 = new Asm86Hook();
  79. asm86.pushad;
  80. asm86.pushfd;
  81. asm86.call(&ExitProcess);
  82. asm86.popfd;
  83. asm86.popad;
  84. asm86.insert(kernel32_ExitProcess, 5);
  85. asm86.jmp(kernel32_ExitProcess + 5);
  86. jmp_hook(kernel32_ExitProcess, 5, cast(void*)asm86.createFunc);
  87. asm86.destroy;
  88. // MessageBoxA(null, format!"%08X"(kernel32_ExitProcess).toStringz, "kernel32", 0);
  89. }
  90. else {
  91. auto bytecode = format!"%08X:\n%02X %02X %02X %02X %02X"(kernel32_ExitProcess,
  92. (kernel32_ExitProcess + 0).read!byte,
  93. (kernel32_ExitProcess + 1).read!byte,
  94. (kernel32_ExitProcess + 2).read!byte,
  95. (kernel32_ExitProcess + 3).read!byte,
  96. (kernel32_ExitProcess + 4).read!byte);
  97. MessageBoxA(null, bytecode.toStringz, "kernel32", 0);
  98. }
  99. }
  100. void init(){
  101. hook_crtMain();
  102. hook_GetStartupInfoA();
  103. hook_mainloop();
  104. ini.load;
  105. if (!ini.proxy.empty)
  106. setVorbisFile(ini.proxy);
  107. }
  108. extern(Windows) {
  109. BOOL DllMain(HINSTANCE hInstance, ULONG ulReason, LPVOID pvReserved)
  110. {
  111. switch (ulReason)
  112. {
  113. case DLL_PROCESS_ATTACH:
  114. Runtime.initialize();
  115. init();
  116. dll_process_attach(hInstance, true);
  117. break;
  118. case DLL_PROCESS_DETACH:
  119. ini.save;
  120. Runtime.terminate();
  121. dll_process_detach(hInstance, true);
  122. break;
  123. case DLL_THREAD_ATTACH:
  124. dll_thread_attach(true, true);
  125. break;
  126. case DLL_THREAD_DETACH:
  127. dll_thread_detach(true, true);
  128. break;
  129. default:
  130. break;
  131. }
  132. return true;
  133. }
  134. void crtMain()
  135. {
  136. foreach(plugin; ini.preload)
  137. LoadLibraryA(plugin.toStringz);
  138. if (ini.asiLoader.enable && ini.asiLoader.loadState == eLoadState.crtMain)
  139. loadAsi();
  140. if (ini.dllLoader.enable && ini.dllLoader.loadState == eLoadState.crtMain){
  141. if (ini.devMode.enable)
  142. loadDll(eLoadType.devCrtMainLoad);
  143. else loadDll(eLoadType.crtMainLoad);
  144. }
  145. }
  146. void GetStartupInfoA(){
  147. __gshared static bool asiLoaded = false;
  148. __gshared static bool dllLoaded = false;
  149. if (!asiLoaded && ini.asiLoader.enable && ini.asiLoader.loadState == eLoadState.GetStartupInfoA){
  150. asiLoaded = true;
  151. loadAsi();
  152. }
  153. if (!dllLoaded && ini.dllLoader.enable && ini.dllLoader.loadState == eLoadState.GetStartupInfoA){
  154. dllLoaded = true;
  155. if (ini.devMode.enable)
  156. loadDll(eLoadType.devGetStartupInfoALoad);
  157. else loadDll(eLoadType.GetStartupInfoALoad);
  158. }
  159. }
  160. void mainloop()
  161. {
  162. __gshared static bool exitHook = false;
  163. __gshared static bool asiLoaded = false;
  164. __gshared static bool dllLoaded = false;
  165. if (!asiLoaded && ini.asiLoader.enable && ini.asiLoader.loadState == eLoadState.mainloop){
  166. asiLoaded = true;
  167. loadAsi();
  168. }
  169. if (!dllLoaded && ini.dllLoader.enable && ini.dllLoader.loadState == eLoadState.mainloop){
  170. dllLoaded = true;
  171. if (ini.devMode.enable)
  172. loadDll(eLoadType.devMainloopLoad);
  173. else loadDll(eLoadType.mainloopLoad);
  174. }
  175. if (!exitHook){
  176. exitHook = true;
  177. hook_ExitProcess();
  178. }
  179. if (ini.devMode.enable)
  180. updateLibraryes();
  181. }
  182. void ExitProcess()
  183. {
  184. unloadAll;
  185. }
  186. }