Page MenuHomedesp's stash
Files F191375

No OneTemporary
Actions

View Options

diff --git a/Scylla/ImportsHandling.cpp b/Scylla/ImportsHandling.cpp
index 2aa5c5e..3ab5c7b 100644
--- a/Scylla/ImportsHandling.cpp
+++ b/Scylla/ImportsHandling.cpp
@@ -1,780 +1,766 @@
#include "ImportsHandling.h"
#include "definitions.h"
//#define DEBUG_COMMENTS
bool ImportModuleThunk::isValid()
{
std::map<DWORD_PTR, ImportThunk>::iterator iterator = thunkList.begin();
while (iterator != thunkList.end())
{
if (iterator->second.valid == false)
{
return false;
}
iterator++;
}
return true;
}
DWORD_PTR ImportModuleThunk::getFirstThunk()
{
if (thunkList.size() > 0)
{
std::map<DWORD_PTR, ImportThunk>::iterator iterator = thunkList.begin();
return iterator->first;
}
else
{
return 0;
}
}
/*bool ImportsHandling::addModule(WCHAR * moduleName, DWORD_PTR firstThunk)
{
ImportModuleThunk module;
module.firstThunk = firstThunk;
wcscpy_s(module.moduleName, MAX_PATH, moduleName);
moduleList.insert(std::pair<DWORD_PTR,ImportModuleThunk>(firstThunk,module));
return true;
}*/
/*bool ImportsHandling::addFunction(WCHAR * moduleName, char * name, DWORD_PTR va, DWORD_PTR rva, DWORD_PTR ordinal, bool valid, bool suspect)
{
ImportThunk import;
ImportModuleThunk * module = 0;
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
if (moduleList.size() > 1)
{
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
if (rva >= iterator1->second.firstThunk)
{
iterator1++;
if (iterator1 == moduleList.end())
{
iterator1--;
module = &(iterator1->second);
break;
}
else if (rva < iterator1->second.firstThunk)
{
iterator1--;
module = &(iterator1->second);
break;
}
}
}
}
else
{
iterator1 = moduleList.begin();
module = &(iterator1->second);
}
if (!module)
{
Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(""),rva);
return false;
}
//TODO
import.suspect = true;
import.valid = false;
import.va = va;
import.rva = rva;
import.ordinal = ordinal;
wcscpy_s(import.moduleName, MAX_PATH, moduleName);
strcpy_s(import.name, MAX_PATH, name);
module->thunkList.insert(std::pair<DWORD_PTR,ImportThunk>(import.rva, import));
return true;
}*/
void ImportsHandling::displayAllImports()
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
- HTREEITEM module;
- HTREEITEM apiFunction;
+ CTreeItem module;
+ CTreeItem apiFunction;
TreeImports.DeleteAllItems();
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
module = addDllToTreeView(TreeImports,moduleThunk->moduleName,moduleThunk->firstThunk,moduleThunk->thunkList.size(),moduleThunk->isValid());
moduleThunk->hTreeItem = module;
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
apiFunction = addApiToTreeView(TreeImports,module,importThunk);
importThunk->hTreeItem = apiFunction;
iterator2++;
}
iterator1++;
}
}
-HTREEITEM ImportsHandling::addDllToTreeView(CTreeViewCtrl& idTreeView, const WCHAR * dllName, DWORD_PTR firstThunk, size_t numberOfFunctions, bool valid)
+CTreeItem ImportsHandling::addDllToTreeView(CTreeViewCtrl& idTreeView, const WCHAR * dllName, DWORD_PTR firstThunk, size_t numberOfFunctions, bool valid)
{
WCHAR validString[4];
if (valid)
{
wcscpy_s(validString,_countof(validString),TEXT("YES"));
}
else
{
wcscpy_s(validString,_countof(validString),TEXT("NO"));
}
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%s FThunk: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" NbThunk: %02X (dec: %02d) valid: %s"),dllName,firstThunk,numberOfFunctions,numberOfFunctions,validString);
- /*
- tvInsert.hParent = NULL;
- tvInsert.hInsertAfter = TVI_ROOT;
- tvInsert.item.mask = TVIF_TEXT|TVIF_IMAGE|TVIF_SELECTEDIMAGE;
- tvInsert.item.pszText = stringBuffer;
- return TreeView_InsertItem(idTreeView, &tvInsert);
- */
return idTreeView.InsertItem(stringBuffer, NULL, TVI_ROOT);
}
-HTREEITEM ImportsHandling::addApiToTreeView(CTreeViewCtrl& idTreeView, HTREEITEM parentDll, ImportThunk * importThunk)
+CTreeItem ImportsHandling::addApiToTreeView(CTreeViewCtrl& idTreeView, CTreeItem parentDll, ImportThunk * importThunk)
{
if (importThunk->ordinal != 0)
{
if (importThunk->name[0] != 0x00)
{
swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X name: %S"),importThunk->ordinal,importThunk->name);
}
else
{
swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X"),importThunk->ordinal);
}
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" mod: %s %s"),importThunk->va,importThunk->rva,importThunk->moduleName,tempString);
}
else
{
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" ptr: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(""),importThunk->va,importThunk->rva,importThunk->apiAddressVA);
}
- /*
- tvInsert.hParent = parentDll;
- tvInsert.hInsertAfter = TVI_LAST;
- tvInsert.item.mask = TVIF_TEXT|TVIF_IMAGE|TVIF_SELECTEDIMAGE;
- tvInsert.item.pszText = stringBuffer;
- return TreeView_InsertItem(idTreeView, &tvInsert);
- */
return idTreeView.InsertItem(stringBuffer, parentDll, TVI_LAST);
}
void ImportsHandling::showImports(bool invalid, bool suspect)
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
TreeImports.SetFocus();
TreeImports.SelectItem(NULL); //remove selection
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (invalid && !importThunk->valid)
{
selectItem(TreeImports, importThunk->hTreeItem);
setFocus(TreeImports, importThunk->hTreeItem);
}
else if (suspect && importThunk->suspect)
{
selectItem(TreeImports, importThunk->hTreeItem);
setFocus(TreeImports, importThunk->hTreeItem);
}
else
{
unselectItem(TreeImports, importThunk->hTreeItem);
}
iterator2++;
}
iterator1++;
}
}
-bool ImportsHandling::isItemSelected(CTreeViewCtrl& hwndTV, HTREEITEM hItem)
+bool ImportsHandling::isItemSelected(CTreeViewCtrl& hwndTV, CTreeItem hItem)
{
- return (hwndTV.GetItemState(hItem, TVIS_SELECTED) & TVIS_SELECTED) != 0;
+ const UINT state = TVIS_SELECTED;
+ return ((hwndTV.GetItemState(hItem, state) & state) == state);
}
-void ImportsHandling::unselectItem(CTreeViewCtrl& hwndTV, HTREEITEM htItem)
+void ImportsHandling::unselectItem(CTreeViewCtrl& hwndTV, CTreeItem htItem)
{
selectItem(hwndTV, htItem, false);
}
-bool ImportsHandling::selectItem(CTreeViewCtrl& hwndTV, HTREEITEM hItem, bool select)
+bool ImportsHandling::selectItem(CTreeViewCtrl& hwndTV, CTreeItem hItem, bool select)
{
- return FALSE != hwndTV.SetItemState(hItem, (select ? TVIS_SELECTED : 0), TVIS_SELECTED);
+ const UINT state = TVIS_SELECTED;
+ return FALSE != hwndTV.SetItemState(hItem, (select ? state : 0), state);
}
-void ImportsHandling::setFocus(CTreeViewCtrl& hwndTV, HTREEITEM htItem)
+void ImportsHandling::setFocus(CTreeViewCtrl& hwndTV, CTreeItem htItem)
{
// the current focus
- HTREEITEM htFocus = hwndTV.GetSelectedItem();
+ CTreeItem htFocus = hwndTV.GetSelectedItem();
if ( htItem )
{
// set the focus
if ( htItem != htFocus )
{
// remember the selection state of the item
bool wasSelected = isItemSelected(hwndTV, htItem);
if ( htFocus && isItemSelected(hwndTV, htFocus) )
{
// prevent the tree from unselecting the old focus which it
// would do by default (TreeView_SelectItem unselects the
// focused item)
hwndTV.SelectItem(NULL);
selectItem(hwndTV, htFocus);
}
hwndTV.SelectItem(htItem);
if ( !wasSelected )
{
// need to clear the selection which TreeView_SelectItem() gave
// us
unselectItem(hwndTV, htItem);
}
//else: was selected, still selected - ok
}
//else: nothing to do, focus already there
}
else
{
if ( htFocus )
{
bool wasFocusSelected = isItemSelected(hwndTV, htFocus);
// just clear the focus
hwndTV.SelectItem(NULL);
if ( wasFocusSelected )
{
// restore the selection state
selectItem(hwndTV, htFocus);
}
}
//else: nothing to do, no focus already
}
}
-bool ImportsHandling::invalidateFunction( HTREEITEM selectedTreeNode )
+bool ImportsHandling::invalidateFunction( CTreeItem selectedTreeNode )
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
- TV_ITEM tvi = {0};
-
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (importThunk->hTreeItem == selectedTreeNode)
{
importThunk->ordinal = 0;
importThunk->hint = 0;
importThunk->valid = false;
importThunk->suspect = false;
importThunk->moduleName[0] = 0;
importThunk->name[0] = 0;
updateImportInTreeView(importThunk);
updateModuleInTreeView(moduleThunk);
return true;
}
iterator2++;
}
iterator1++;
}
return false;
}
void ImportsHandling::updateImportInTreeView(ImportThunk * importThunk)
{
if (importThunk->ordinal != 0)
{
if (importThunk->name[0] != 0x00)
{
swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X name: %S"),importThunk->ordinal,importThunk->name);
}
else
{
swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X"),importThunk->ordinal);
}
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" mod: %s %s"),importThunk->va,importThunk->rva,importThunk->moduleName,tempString);
}
else
{
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" prt: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(""),importThunk->va,importThunk->rva,importThunk->apiAddressVA);
}
TreeImports.SetItemText(importThunk->hTreeItem, stringBuffer);
}
void ImportsHandling::updateModuleInTreeView(ImportModuleThunk * importThunk)
{
WCHAR validString[4];
if (importThunk->isValid())
{
wcscpy_s(validString,_countof(validString),TEXT("YES"));
}
else
{
wcscpy_s(validString,_countof(validString),TEXT("NO"));
}
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%s FThunk: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" NbThunk: %02X (dec: %02d) valid: %s"),importThunk->moduleName,importThunk->firstThunk,importThunk->thunkList.size(),importThunk->thunkList.size(),validString);
TreeImports.SetItemText(importThunk->hTreeItem, stringBuffer);
}
-bool ImportsHandling::cutThunk( HTREEITEM selectedTreeNode )
+bool ImportsHandling::cutThunk( CTreeItem selectedTreeNode )
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (importThunk->hTreeItem == selectedTreeNode)
{
-
TreeImports.DeleteItem(importThunk->hTreeItem);
moduleThunk->thunkList.erase(iterator2);
if (moduleThunk->thunkList.empty())
{
TreeImports.DeleteItem(moduleThunk->hTreeItem);
moduleList.erase(iterator1);
}
else
{
updateModuleInTreeView(moduleThunk);
}
return true;
}
iterator2++;
}
iterator1++;
}
return false;
}
-bool ImportsHandling::deleteTreeNode( HTREEITEM selectedTreeNode )
+bool ImportsHandling::deleteTreeNode( CTreeItem selectedTreeNode )
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
if (moduleThunk->hTreeItem == selectedTreeNode)
{
TreeImports.DeleteItem(moduleThunk->hTreeItem);
+
moduleThunk->thunkList.clear();
moduleList.erase(iterator1);
return true;
}
else
{
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (importThunk->hTreeItem == selectedTreeNode)
{
TreeImports.DeleteItem(moduleThunk->hTreeItem);
moduleThunk->thunkList.clear();
moduleList.erase(iterator1);
return true;
}
iterator2++;
}
}
iterator1++;
}
return false;
}
-DWORD_PTR ImportsHandling::getApiAddressByNode( HTREEITEM selectedTreeNode )
+DWORD_PTR ImportsHandling::getApiAddressByNode( CTreeItem selectedTreeNode )
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (importThunk->hTreeItem == selectedTreeNode)
{
return importThunk->apiAddressVA;
}
iterator2++;
}
iterator1++;
}
return 0;
}
void ImportsHandling::scanAndFixModuleList()
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
std::map<DWORD_PTR, ImportThunk>::iterator iterator2;
ImportModuleThunk * moduleThunk;
ImportThunk * importThunk;
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
iterator2 = moduleThunk->thunkList.begin();
while (iterator2 != moduleThunk->thunkList.end())
{
importThunk = &(iterator2->second);
if (importThunk->moduleName[0] == 0 || importThunk->moduleName[0] == L'?')
{
addNotFoundApiToModuleList(importThunk);
}
else
{
if (isNewModule(importThunk->moduleName))
{
addModuleToModuleList(importThunk->moduleName, importThunk->rva);
}
addFunctionToModuleList(importThunk);
}
iterator2++;
}
moduleThunk->thunkList.clear();
iterator1++;
}
moduleList.clear();
moduleList.insert(moduleListNew.begin(), moduleListNew.end());
moduleListNew.clear();
}
bool ImportsHandling::findNewModules( std::map<DWORD_PTR, ImportThunk> & thunkList )
{
throw std::exception("The method or operation is not implemented.");
}
bool ImportsHandling::addModuleToModuleList(const WCHAR * moduleName, DWORD_PTR firstThunk)
{
ImportModuleThunk module;
module.firstThunk = firstThunk;
wcscpy_s(module.moduleName, MAX_PATH, moduleName);
moduleListNew.insert(std::pair<DWORD_PTR,ImportModuleThunk>(firstThunk,module));
return true;
}
bool ImportsHandling::isNewModule(const WCHAR * moduleName)
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
iterator1 = moduleListNew.begin();
while (iterator1 != moduleListNew.end())
{
if (!_wcsicmp(iterator1->second.moduleName, moduleName))
{
return false;
}
iterator1++;
}
return true;
}
void ImportsHandling::addUnknownModuleToModuleList(DWORD_PTR firstThunk)
{
ImportModuleThunk module;
module.firstThunk = firstThunk;
- wcscpy_s(module.moduleName, MAX_PATH, TEXT("?"));
+ wcscpy_s(module.moduleName, MAX_PATH, L"?");
moduleListNew.insert(std::pair<DWORD_PTR,ImportModuleThunk>(firstThunk,module));
}
bool ImportsHandling::addNotFoundApiToModuleList(ImportThunk * apiNotFound)
{
ImportThunk import;
ImportModuleThunk * module = 0;
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
DWORD_PTR rva = apiNotFound->rva;
if (moduleListNew.size() > 0)
{
iterator1 = moduleListNew.begin();
while (iterator1 != moduleListNew.end())
{
if (rva >= iterator1->second.firstThunk)
{
iterator1++;
if (iterator1 == moduleListNew.end())
{
iterator1--;
//new unknown module
if (iterator1->second.moduleName[0] == L'?')
{
module = &(iterator1->second);
}
else
{
addUnknownModuleToModuleList(apiNotFound->rva);
module = &(moduleListNew.find(rva)->second);
}
break;
}
else if (rva < iterator1->second.firstThunk)
{
iterator1--;
module = &(iterator1->second);
break;
}
}
else
{
#ifdef DEBUG_COMMENTS
Logger::debugLog("Error iterator1 != (*moduleThunkList).end()\r\n");
#endif
break;
}
}
}
else
{
//new unknown module
addUnknownModuleToModuleList(apiNotFound->rva);
module = &(moduleListNew.find(rva)->second);
}
if (!module)
{
#ifdef DEBUG_COMMENTS
Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("\r\n"),rva);
#endif
return false;
}
import.suspect = true;
import.valid = false;
import.va = apiNotFound->va;
import.rva = apiNotFound->rva;
import.apiAddressVA = apiNotFound->apiAddressVA;
import.ordinal = 0;
- wcscpy_s(import.moduleName, MAX_PATH, TEXT("?"));
+ wcscpy_s(import.moduleName, MAX_PATH, L"?");
strcpy_s(import.name, MAX_PATH, "?");
module->thunkList.insert(std::pair<DWORD_PTR,ImportThunk>(import.rva, import));
return true;
}
bool ImportsHandling::addFunctionToModuleList(ImportThunk * apiFound)
{
ImportThunk import;
ImportModuleThunk * module = 0;
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
if (moduleListNew.size() > 1)
{
iterator1 = moduleListNew.begin();
while (iterator1 != moduleListNew.end())
{
if (apiFound->rva >= iterator1->second.firstThunk)
{
iterator1++;
if (iterator1 == moduleListNew.end())
{
iterator1--;
module = &(iterator1->second);
break;
}
else if (apiFound->rva < iterator1->second.firstThunk)
{
iterator1--;
module = &(iterator1->second);
break;
}
}
else
{
#ifdef DEBUG_COMMENTS
Logger::debugLog(TEXT("Error iterator1 != moduleListNew.end()\r\n"));
#endif
break;
}
}
}
else
{
iterator1 = moduleListNew.begin();
module = &(iterator1->second);
}
if (!module)
{
#ifdef DEBUG_COMMENTS
Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("\r\n"),apiFound->rva);
#endif
return false;
}
import.suspect = apiFound->suspect;
import.valid = apiFound->valid;
import.va = apiFound->va;
import.rva = apiFound->rva;
import.apiAddressVA = apiFound->apiAddressVA;
import.ordinal = apiFound->ordinal;
import.hint = apiFound->hint;
wcscpy_s(import.moduleName, MAX_PATH, apiFound->moduleName);
strcpy_s(import.name, MAX_PATH, apiFound->name);
module->thunkList.insert(std::pair<DWORD_PTR,ImportThunk>(import.rva, import));
return true;
}
void ImportsHandling::expandAllTreeNodes()
{
changeExpandStateOfTreeNodes(TVE_EXPAND);
}
void ImportsHandling::collapseAllTreeNodes()
{
changeExpandStateOfTreeNodes(TVE_COLLAPSE);
}
void ImportsHandling::changeExpandStateOfTreeNodes(UINT flag)
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator iterator1;
ImportModuleThunk * moduleThunk;
iterator1 = moduleList.begin();
while (iterator1 != moduleList.end())
{
moduleThunk = &(iterator1->second);
TreeImports.Expand(moduleThunk->hTreeItem, flag);
iterator1++;
}
}
diff --git a/Scylla/ImportsHandling.h b/Scylla/ImportsHandling.h
index aa2a002..5ae9ea3 100644
--- a/Scylla/ImportsHandling.h
+++ b/Scylla/ImportsHandling.h
@@ -1,64 +1,58 @@
#pragma once
#include "Thunks.h"
#include <atlbase.h>
#include <atlapp.h>
#include <atlctrls.h>
class ImportsHandling
{
public:
std::map<DWORD_PTR, ImportModuleThunk> moduleList;
std::map<DWORD_PTR, ImportModuleThunk> moduleListNew;
//bool addFunction(WCHAR * moduleName, char * name, DWORD_PTR va, DWORD_PTR rva, DWORD_PTR ordinal, bool valid, bool suspect);
//bool addModule(WCHAR * moduleName, DWORD_PTR firstThunk);
- //
+
ImportsHandling(CTreeViewCtrl& TreeImports) : TreeImports(TreeImports) { }
void displayAllImports();
void showImports(bool invalid, bool suspect);
- bool invalidateFunction(HTREEITEM selectedTreeNode);
- bool cutThunk( HTREEITEM selectedTreeNode );
- bool deleteTreeNode( HTREEITEM selectedTreeNode );
+ bool invalidateFunction(CTreeItem selectedTreeNode);
+ bool cutThunk( CTreeItem selectedTreeNode );
+ bool deleteTreeNode( CTreeItem selectedTreeNode );
void updateImportInTreeView(ImportThunk * importThunk);
void updateModuleInTreeView(ImportModuleThunk * importThunk);
- DWORD_PTR getApiAddressByNode( HTREEITEM selectedTreeNode );
+ DWORD_PTR getApiAddressByNode( CTreeItem selectedTreeNode );
void scanAndFixModuleList();
void expandAllTreeNodes();
void collapseAllTreeNodes();
private:
DWORD numberOfFunctions;
WCHAR stringBuffer[600]; // o_O
WCHAR tempString[300];
CTreeViewCtrl& TreeImports;
- TV_INSERTSTRUCT tvInsert;
- HTREEITEM m_hItemFirstSel;
-
- HTREEITEM addDllToTreeView(CTreeViewCtrl& idTreeView, const WCHAR * dllName, DWORD_PTR firstThunk, size_t numberOfFunctions, bool valid);
- HTREEITEM addApiToTreeView(CTreeViewCtrl& idTreeView, HTREEITEM parentDll, ImportThunk * importThunk);
+ CTreeItem addDllToTreeView(CTreeViewCtrl& idTreeView, const WCHAR * dllName, DWORD_PTR firstThunk, size_t numberOfFunctions, bool valid);
+ CTreeItem addApiToTreeView(CTreeViewCtrl& idTreeView, CTreeItem parentDll, ImportThunk * importThunk);
-
- bool isItemSelected(CTreeViewCtrl& hwndTV, HTREEITEM hItem);
- void unselectItem(CTreeViewCtrl& hwndTV, HTREEITEM htItem);
- bool selectItem(CTreeViewCtrl& hwndTV, HTREEITEM hItem, bool select = true);
- void setFocus(CTreeViewCtrl& hwndTV, HTREEITEM htItem);
+ bool isItemSelected(CTreeViewCtrl& hwndTV, CTreeItem hItem);
+ void unselectItem(CTreeViewCtrl& hwndTV, CTreeItem htItem);
+ bool selectItem(CTreeViewCtrl& hwndTV, CTreeItem hItem, bool select = true);
+ void setFocus(CTreeViewCtrl& hwndTV, CTreeItem htItem);
bool findNewModules( std::map<DWORD_PTR, ImportThunk> & thunkList );
bool addModuleToModuleList(const WCHAR * moduleName, DWORD_PTR firstThunk);
void addUnknownModuleToModuleList(DWORD_PTR firstThunk);
bool addNotFoundApiToModuleList(ImportThunk * apiNotFound);
bool addFunctionToModuleList(ImportThunk * apiFound);
bool isNewModule(const WCHAR * moduleName);
void changeExpandStateOfTreeNodes(UINT flag);
-
-
};
\ No newline at end of file
diff --git a/Scylla/MainGui.cpp b/Scylla/MainGui.cpp
index 85c2847..0ce1e2a 100644
--- a/Scylla/MainGui.cpp
+++ b/Scylla/MainGui.cpp
@@ -1,824 +1,824 @@
#include "MainGui.h"
#include "definitions.h"
#include "PluginLoader.h"
#include "ConfigurationHolder.h"
#include "PeDump.h"
#include "PeRebuild.h"
#include "DllInjectionPlugin.h"
#include "DisassemblerGui.h"
#include "NativeWinApi.h"
#include "ImportRebuild.h"
#include "SystemInformation.h"
#include "AboutGui.h"
#include "OptionsGui.h"
MainGui::MainGui(HINSTANCE hInstance) : selectedProcess(0), importsHandling(TreeImports)
{
this->hInstance = hInstance;
Logger::getDebugLogFilePath();
ConfigurationHolder::loadConfiguration();
PluginLoader::findAllPlugins();
NativeWinApi::initialize();
SystemInformation::getSystemInformation();
}
BOOL MainGui::OnInitDialog(CWindow wndFocus, LPARAM lInitParam)
{
if (SystemInformation::currenOS == UNKNOWN_OS)
{
MessageBox(L"Operating System is not supported", L"Error Operating System", MB_ICONERROR);
EndDialog(0);
return FALSE;
}
if(ConfigurationHolder::getConfigObject(DEBUG_PRIVILEGE)->isTrue())
{
processLister.setDebugPrivileges();
}
processAccessHelp.getProcessModules(GetCurrentProcessId(), processAccessHelp.ownModuleList);
TreeImports.Attach(GetDlgItem(IDC_TREE_IMPORTS));
ComboProcessList.Attach(GetDlgItem(IDC_CBO_PROCESSLIST));
ListLog.Attach(GetDlgItem(IDC_LIST_LOG));
EditOEPAddress.Attach(GetDlgItem(IDC_EDIT_OEPADDRESS));
EditIATAddress.Attach(GetDlgItem(IDC_EDIT_IATADDRESS));
EditIATSize.Attach(GetDlgItem(IDC_EDIT_IATSIZE));
EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
enableDialogButtons(FALSE);
setIconAndDialogCaption();
return TRUE;
}
void MainGui::OnLButtonDown(UINT nFlags, CPoint point)
{
}
void MainGui::OnContextMenu(CWindow wnd, CPoint point)
{
//TV_ITEM tvi;
//WCHAR ttt[260] = {0};
//HTREEITEM selectedTreeNode = 0;
if(wnd.GetDlgCtrlID() == IDC_TREE_IMPORTS)
{
if(TreeImports.GetCount()) //module list should not be empty
{
/*selectedTreeNode = (HTREEITEM)SendDlgItemMessage(hWndMainDlg,IDC_TREE_IMPORTS,TVM_GETNEXTITEM,TVGN_CARET,(LPARAM)selectedTreeNode);
tvi.mask=TVIF_TEXT; // item text attrivute
tvi.pszText=ttt; // Text is the pointer to the text
tvi.cchTextMax=260; // size of text to retrieve.
tvi.hItem=selectedTreeNode; // the selected item
SendDlgItemMessage(hWndMainDlg,IDC_TREE_IMPORTS,TVM_GETITEM,TVGN_CARET,(LPARAM)&tvi);
Logger::printfDialog(L"selected %s",tvi.pszText);*/
//CPoint pt = GetMessagePos();
//UINT flags = 0;
//if(TreeImports.HitTest(pt, &flags))
//{
DisplayContextMenuImports(wnd, point);
//}
}
return;
}
//if (PtInRect(&rc, pt))
//{
// ClientToScreen(hwnd, &pt);
// DisplayContextMenu(hwnd, pt);
// return TRUE;
//}
}
LRESULT MainGui::OnTreeImportsClick(const NMHDR* pnmh)
{
//Logger::printfDialog(L"NM_CLICK");
return FALSE;
}
LRESULT MainGui::OnTreeImportsDoubleClick(const NMHDR* pnmh)
{
//Logger::printfDialog(L"NM_DBLCLK");
return FALSE;
}
LRESULT MainGui::OnTreeImportsRightClick(const NMHDR* pnmh)
{
//Logger::printfDialog(L"NM_RCLICK");
/*
HTREEITEM selectedTreeNode = TreeImports.GetNextItem(NULL, TVGN_DROPHILITE);
if(selectedTreeNode != NULL)
{
TreeImports.Select(selectedTreeNode, TVGN_CARET);
}
*/
return FALSE;
}
LRESULT MainGui::OnTreeImportsRightDoubleClick(const NMHDR* pnmh)
{
//Logger::printfDialog(L"NM_RDBLCLK");
return FALSE;
}
void MainGui::OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl)
{
fillProcessListComboBox(ComboProcessList);
}
void MainGui::OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl)
{
processSelectedActionHandler(ComboProcessList.GetCurSel());
}
void MainGui::OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl)
{
pickDllActionHandler();
}
void MainGui::OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl)
{
optionsActionHandler();
}
void MainGui::OnDump(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dumpActionHandler();
}
void MainGui::OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dumpFixActionHandler();
}
void MainGui::OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl)
{
peRebuildActionHandler();
}
void MainGui::OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dllInjectActionHandler();
}
void MainGui::OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl)
{
iatAutosearchActionHandler();
}
void MainGui::OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
getImportsActionHandler();
}
void MainGui::OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showInvalidImportsActionHandler();
}
void MainGui::OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showSuspectImportsActionHandler();
}
void MainGui::OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
TreeImports.DeleteAllItems();
importsHandling.moduleList.clear();
}
void MainGui::OnClearLog(UINT uNotifyCode, int nID, CWindow wndCtl)
{
clearOutputLog();
}
void MainGui::OnExit(UINT uNotifyCode, int nID, CWindow wndCtl)
{
EndDialog(0);
}
void MainGui::OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showAboutDialog();
}
void MainGui::setIconAndDialogCaption()
{
CIconHandle hicon; // Resource leak!
if(hicon.LoadIcon(IDI_ICON_SCYLLA1))
{
SetIcon(hicon, TRUE);
SetIcon(hicon, FALSE);
}
SetWindowText(TEXT(APPNAME)TEXT(" ")TEXT(ARCHITECTURE)TEXT(" ")TEXT(APPVERSION));
}
void MainGui::pickDllActionHandler()
{
if (PickDllGui::initDialog(hInstance,m_hWnd, processAccessHelp.moduleList))
{
//get selected module
processAccessHelp.selectedModule = PickDllGui::selectedModule;
Logger::printfDialog(TEXT("->>> Module %s selected."), processAccessHelp.selectedModule->getFilename());
Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),processAccessHelp.selectedModule->modBaseAddr,processAccessHelp.selectedModule->modBaseSize);
}
else
{
processAccessHelp.selectedModule = 0;
}
}
-void MainGui::startDisassemblerGui(HTREEITEM selectedTreeNode)
+void MainGui::startDisassemblerGui(CTreeItem selectedTreeNode)
{
DWORD_PTR address = importsHandling.getApiAddressByNode(selectedTreeNode);
if (address)
{
DisassemblerGui::initDialog(hInstance,m_hWnd,address);
}
}
void MainGui::processSelectedActionHandler(int index)
{
std::vector<Process>& processList = processLister.getProcessList();
Process &process = processList.at(index);
selectedProcess = &process;
enableDialogButtons(TRUE);
Logger::printfDialog(TEXT("Analyzing %s"),process.fullPath);
if (processAccessHelp.hProcess != 0)
{
processAccessHelp.closeProcessHandle();
apiReader.clearAll();
}
if (!processAccessHelp.openProcessHandle(process.PID))
{
Logger::printfDialog(TEXT("Error: Cannot open process handle."));
return;
}
processAccessHelp.getProcessModules(process.PID, processAccessHelp.moduleList);
apiReader.readApisFromModuleList();
Logger::printfDialog(TEXT("Loading modules done."));
//TODO improve
processAccessHelp.selectedModule = 0;
processAccessHelp.targetSizeOfImage = process.imageSize;
processAccessHelp.targetImageBase = process.imageBase;
ProcessAccessHelp::getSizeOfImageCurrentProcess();
process.imageSize = (DWORD)processAccessHelp.targetSizeOfImage;
Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),process.imageBase, process.imageSize);
selectedProcess->entryPoint = ProcessAccessHelp::getEntryPointFromFile(selectedProcess->fullPath);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),selectedProcess->entryPoint + selectedProcess->imageBase);
EditOEPAddress.SetWindowText(stringBuffer);
}
void MainGui::fillProcessListComboBox(CComboBox& hCombo)
{
hCombo.ResetContent();
std::vector<Process>& processList = processLister.getProcessListSnapshot();
for (size_t i = 0; i < processList.size(); i++)
{
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("0x%04X - %s - %s"),processList[i].PID,processList[i].filename,processList[i].fullPath);
hCombo.AddString(stringBuffer);
}
}
void MainGui::addTextToOutputLog(const WCHAR * text)
{
if (m_hWnd)
{
ListLog.SetCurSel(ListLog.AddString(text));
}
}
void MainGui::clearOutputLog()
{
if (m_hWnd)
{
ListLog.ResetContent();
}
}
void MainGui::showInvalidImportsActionHandler()
{
importsHandling.showImports(true, false);
}
void MainGui::showSuspectImportsActionHandler()
{
importsHandling.showImports(false, true);
}
void MainGui::iatAutosearchActionHandler()
{
DWORD_PTR searchAddress = 0;
DWORD_PTR addressIAT = 0;
DWORD sizeIAT = 0;
IATSearch iatSearch;
if(EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 1)
{
searchAddress = stringToDwordPtr(stringBuffer);
if (searchAddress)
{
if (iatSearch.searchImportAddressTableInProcess(searchAddress, &addressIAT, &sizeIAT))
{
Logger::printfDialog(TEXT("IAT found at VA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" RVA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d)"),addressIAT, addressIAT - processAccessHelp.targetImageBase,sizeIAT,sizeIAT);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),addressIAT);
EditIATAddress.SetWindowText(stringBuffer);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%08X"),sizeIAT);
EditIATSize.SetWindowText(stringBuffer);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("IAT found! Start Address ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d) "),addressIAT,sizeIAT,sizeIAT);
MessageBox(stringBuffer, L"IAT found", MB_ICONINFORMATION);
}
else
{
Logger::printfDialog(TEXT("IAT not found at OEP ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("!"),searchAddress);
}
}
}
}
void MainGui::getImportsActionHandler()
{
DWORD_PTR addressIAT = 0;
DWORD sizeIAT = 0;
if (EditIATAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
addressIAT = stringToDwordPtr(stringBuffer);
}
if (EditIATSize.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
sizeIAT = wcstoul(stringBuffer, NULL, 16);
}
if (addressIAT && sizeIAT)
{
apiReader.readAndParseIAT(addressIAT, sizeIAT,importsHandling.moduleList);
importsHandling.displayAllImports();
}
}
DWORD_PTR MainGui::stringToDwordPtr(WCHAR * hexString)
{
DWORD_PTR address = 0;
#ifdef _WIN64
address = _wcstoui64(hexString, NULL, 16);
#else
address = wcstoul(hexString, NULL, 16);
#endif
if (address == 0)
{
#ifdef DEBUG_COMMENTS
Logger::debugLog(L"stringToDwordPtr :: address == 0, %s",hexString);
#endif
return 0;
}
else
{
return address;
}
}
void MainGui::DisplayContextMenuImports(CWindow hwnd, POINT pt)
{
BOOL menuItem = 0;
- HTREEITEM selectedTreeNode = 0;
+ CTreeItem selectedTreeNode = 0;
std::vector<Plugin> &pluginList = PluginLoader::getScyllaPluginList();
CMenuHandle hmenuTrackPopup = getCorrectSubMenu(IDR_MENU_IMPORTS, 0);
if (hmenuTrackPopup)
{
appendPluginListToMenu(hmenuTrackPopup);
menuItem = hmenuTrackPopup.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd);
hmenuTrackPopup.DestroyMenu();
if (menuItem)
{
if ((menuItem >= PLUGIN_MENU_BASE_ID) && (menuItem <= (int)(PluginLoader::getScyllaPluginList().size() + PluginLoader::getImprecPluginList().size() + PLUGIN_MENU_BASE_ID)))
{
//wsprintf(stringBuffer, L"%d %s\n",menuItem,pluginList[menuItem - PLUGIN_MENU_BASE_ID].pluginName);
//MessageBox(stringBuffer, L"plugin selection");
pluginActionHandler(menuItem);
return;
}
-
- selectedTreeNode = TreeImports.GetSelectedItem(); //TreeImports.GetNextItem(selectedTreeNode, TVGN_CARET);
+
+ selectedTreeNode = TreeImports.GetSelectedItem();
switch (menuItem)
{
case ID__INVALIDATEFUNCTION:
{
importsHandling.invalidateFunction(selectedTreeNode);
}
break;
case ID__DISASSEMBLE:
{
startDisassemblerGui(selectedTreeNode);
}
break;
case ID__CUTTHUNK:
{
importsHandling.cutThunk(selectedTreeNode);
}
break;
case ID__DELETETREENODE:
{
importsHandling.deleteTreeNode(selectedTreeNode);
}
break;
case ID__EXPANDALLNODES:
{
importsHandling.expandAllTreeNodes();
}
break;
case ID__COLLAPSEALLNODES:
{
importsHandling.collapseAllTreeNodes();
}
break;
}
}
}
}
CMenuHandle MainGui::getCorrectSubMenu(int menuItem, int subMenuItem)
{
CMenuHandle hmenu; // top-level menu
// Load the menu resource.
if (!hmenu.LoadMenu(menuItem))
return NULL;
return hmenu.GetSubMenu(subMenuItem);
}
void MainGui::DisplayContextMenu(CWindow hwnd, POINT pt)
{
CMenu hmenu; // top-level menu
CMenuHandle hmenuTrackPopup; // shortcut menu
int menuItem; // selected menu item
// Load the menu resource.
if (!hmenu.LoadMenu(IDR_MENU_IMPORTS))
return;
// TrackPopupMenu cannot display the menu bar so get
// a handle to the first shortcut menu.
hmenuTrackPopup = hmenu.GetSubMenu(0);
// Display the shortcut menu. Track the right mouse
// button.
if (!hmenuTrackPopup)
{
MessageBox(L"hmenuTrackPopup == null", L"hmenuTrackPopup");
}
menuItem = hmenuTrackPopup.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd);
if (menuItem)
{
/*if (menuItem == ID_LISTCONTROL_SHOWEXPORTS)
{
MessageBox(L"exports",L"dshhhhh");
}*/
}
}
void MainGui::appendPluginListToMenu(CMenuHandle hMenuTrackPopup)
{
std::vector<Plugin> &scyllaPluginList = PluginLoader::getScyllaPluginList();
std::vector<Plugin> &imprecPluginList = PluginLoader::getImprecPluginList();
if (scyllaPluginList.size() > 0)
{
CMenuHandle newMenu;
newMenu.CreatePopupMenu();
for (size_t i = 0; i < scyllaPluginList.size(); i++)
{
newMenu.AppendMenu(MF_STRING, i + PLUGIN_MENU_BASE_ID, scyllaPluginList[i].pluginName);
}
hMenuTrackPopup.AppendMenu(MF_MENUBARBREAK);
hMenuTrackPopup.AppendMenu(MF_POPUP, newMenu, L"Scylla Plugins");
}
if (imprecPluginList.size() > 0)
{
CMenuHandle newMenu;
newMenu.CreatePopupMenu();
for (size_t i = 0; i < imprecPluginList.size(); i++)
{
newMenu.AppendMenu(MF_STRING, scyllaPluginList.size() + i + PLUGIN_MENU_BASE_ID, imprecPluginList[i].pluginName);
}
hMenuTrackPopup.AppendMenu(MF_MENUBARBREAK);
hMenuTrackPopup.AppendMenu(MF_POPUP, newMenu, L"ImpREC Plugins");
}
}
void MainGui::dumpActionHandler()
{
WCHAR * targetFile = 0;
PeDump peDump;
if (processAccessHelp.selectedModule)
{
targetFile = ProcessAccessHelp::selectFileToSave(0, 0);
}
else
{
targetFile = ProcessAccessHelp::selectFileToSave(0, 1);
}
if (targetFile)
{
if (processAccessHelp.selectedModule)
{
//dump DLL
peDump.imageBase = processAccessHelp.selectedModule->modBaseAddr;
peDump.sizeOfImage = processAccessHelp.selectedModule->modBaseSize;
//get it from gui
peDump.entryPoint = getOEPFromGui();
wcscpy_s(peDump.fullpath, MAX_PATH, processAccessHelp.selectedModule->fullPath);
}
else
{
peDump.imageBase = ProcessAccessHelp::targetImageBase;
peDump.sizeOfImage = (DWORD)ProcessAccessHelp::targetSizeOfImage;
//get it from gui
peDump.entryPoint = getOEPFromGui();
wcscpy_s(peDump.fullpath, MAX_PATH, selectedProcess->fullPath);
}
peDump.useHeaderFromDisk = ConfigurationHolder::getConfigObject(USE_PE_HEADER_FROM_DISK)->isTrue();
if (peDump.dumpCompleteProcessToDisk(targetFile))
{
Logger::printfDialog(TEXT("Dump success %s"),targetFile);
//MessageBox(L"Image dumped successfully.", L"Success");
}
else
{
Logger::printfDialog(TEXT("Error: Cannot dump image."));
MessageBox(L"Cannot dump image.", L"Failure", MB_ICONERROR);
}
delete [] targetFile;
}
}
DWORD_PTR MainGui::getOEPFromGui()
{
if (EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
return stringToDwordPtr(stringBuffer);
}
else
{
return 0;
}
}
void MainGui::peRebuildActionHandler()
{
DWORD newSize = 0;
WCHAR * targetFile = 0;
PeRebuild peRebuild;
targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 2);
if (targetFile)
{
if (ConfigurationHolder::getConfigObject(CREATE_BACKUP)->isTrue())
{
if (!ProcessAccessHelp::createBackupFile(targetFile))
{
Logger::printfDialog(TEXT("Creating backup file failed %s"), targetFile);
}
}
LONGLONG fileSize = ProcessAccessHelp::getFileSize(targetFile);
LPVOID mapped = peRebuild.createFileMappingViewFull(targetFile);
newSize = peRebuild.realignPE(mapped, (DWORD)fileSize);
peRebuild.closeAllMappingHandles();
if (newSize < 10)
{
Logger::printfDialog(TEXT("Rebuild failed %s"), targetFile);
MessageBox(L"Rebuild failed.", L"Failure", MB_ICONERROR);
}
else
{
peRebuild.truncateFile(targetFile, newSize);
Logger::printfDialog(TEXT("Rebuild success %s"), targetFile);
Logger::printfDialog(TEXT("-> Old file size 0x%08X new file size 0x%08X (%d %%)"), (DWORD)fileSize, newSize, (DWORD)((newSize * 100) / (DWORD)fileSize) );
//MessageBox(L"Image rebuilded successfully.", L"Success", MB_ICONINFORMATION);
}
delete [] targetFile;
}
}
void MainGui::dumpFixActionHandler()
{
WCHAR * targetFile = 0;
WCHAR newFilePath[MAX_PATH];
ImportRebuild importRebuild;
if (TreeImports.GetCount() < 2)
{
Logger::printfDialog(TEXT("Nothing to rebuild"));
return;
}
if (processAccessHelp.selectedModule)
{
targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 0);
}
else
{
targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 1);
}
if (targetFile)
{
wcscpy_s(newFilePath,MAX_PATH,targetFile);
WCHAR* dot = wcsrchr(newFilePath, L'.');
if (dot)
{
*dot = L'\0';
}
if (processAccessHelp.selectedModule)
{
wcscat_s(newFilePath,MAX_PATH, L"_SCY.dll");
}
else
{
wcscat_s(newFilePath,MAX_PATH, L"_SCY.exe");
}
if (importRebuild.rebuildImportTable(targetFile,newFilePath,importsHandling.moduleList))
{
//MessageBox(L"Imports rebuilding successful", L"Success", MB_ICONINFORMATION);
Logger::printfDialog(TEXT("Import Rebuild success %s"), newFilePath);
}
else
{
Logger::printfDialog(TEXT("Import Rebuild failed, target %s"), targetFile);
MessageBox(L"Imports rebuilding failed", L"Failure", MB_ICONERROR);
}
delete [] targetFile;
}
}
void MainGui::enableDialogButtons(BOOL value)
{
GetDlgItem(IDC_BTN_PICKDLL).EnableWindow(value);
GetDlgItem(IDC_BTN_DUMP).EnableWindow(value);
GetDlgItem(IDC_BTN_DLLINJECT).EnableWindow(value);
GetDlgItem(IDC_BTN_FIXDUMP).EnableWindow(value);
GetDlgItem(IDC_BTN_IATAUTOSEARCH).EnableWindow(value);
GetDlgItem(IDC_BTN_GETIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_SUSPECTIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_INVALIDIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_CLEARIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_OPTIONS).EnableWindow(TRUE);
//not yet implemented
GetDlgItem(IDC_BTN_AUTOTRACE).EnableWindow(FALSE);
GetDlgItem(IDC_BTN_SAVETREE).EnableWindow(FALSE);
GetDlgItem(IDC_BTN_LOADTREE).EnableWindow(FALSE);
}
void MainGui::showAboutDialog()
{
AboutGui::initDialog(hInstance, m_hWnd);
}
void MainGui::dllInjectActionHandler()
{
WCHAR * targetFile = 0;
HMODULE hMod = 0;
DllInjection dllInjection;
targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 0);
if (targetFile)
{
hMod = dllInjection.dllInjection(ProcessAccessHelp::hProcess, targetFile);
if (hMod && ConfigurationHolder::getConfigObject(DLL_INJECTION_AUTO_UNLOAD)->isTrue())
{
if (!dllInjection.unloadDllInProcess(ProcessAccessHelp::hProcess, hMod))
{
Logger::printfDialog(TEXT("DLL unloading failed, target %s"), targetFile);
}
}
if (hMod)
{
Logger::printfDialog(TEXT("DLL Injection was successful, target %s"), targetFile);
}
else
{
Logger::printfDialog(TEXT("DLL Injection failed, target %s"), targetFile);
}
delete [] targetFile;
}
}
void MainGui::optionsActionHandler()
{
OptionsGui::initOptionsDialog(hInstance, m_hWnd);
}
void MainGui::pluginActionHandler( int menuItem )
{
DllInjectionPlugin dllInjectionPlugin;
std::vector<Plugin> &scyllaPluginList = PluginLoader::getScyllaPluginList();
std::vector<Plugin> &imprecPluginList = PluginLoader::getImprecPluginList();
menuItem -= PLUGIN_MENU_BASE_ID;
dllInjectionPlugin.hProcess = ProcessAccessHelp::hProcess;
dllInjectionPlugin.apiReader = &apiReader;
if (menuItem < (int)scyllaPluginList.size())
{
//scylla plugin
dllInjectionPlugin.injectPlugin(scyllaPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize);
}
else
{
#ifndef _WIN64
menuItem -= (int)scyllaPluginList.size();
//imprec plugin
dllInjectionPlugin.injectImprecPlugin(imprecPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize);
#endif
}
importsHandling.scanAndFixModuleList();
importsHandling.displayAllImports();
}
diff --git a/Scylla/MainGui.h b/Scylla/MainGui.h
index da38497..ad98403 100644
--- a/Scylla/MainGui.h
+++ b/Scylla/MainGui.h
@@ -1,169 +1,169 @@
#pragma once
//#define _CRTDBG_MAP_ALLOC
//#include <stdlib.h>
//#include <crtdbg.h>
#include <windows.h>
#include <Commctrl.h>
#include <stdio.h>
#include <map>
#include <Windowsx.h>
// WTL
#include <atlbase.h> // base ATL classes
#include <atlapp.h> // base WTL classes
#include <atlwin.h> // ATL GUI classes
#include <atlframe.h> // WTL frame window classes
#include <atlmisc.h> // WTL utility classes like CString
#include <atlcrack.h> // WTL enhanced msg map macros
#include <atlctrls.h>
#include "resource.h"
#include "Logger.h"
#include "ProcessLister.h"
#include "IATSearch.h"
#include "PickDllGui.h"
#include "ImportsHandling.h"
//#pragma comment(lib, "comctl32.lib")
class ImportsHandling;
class MainGui : public CDialogImpl<MainGui>
{
public:
enum { IDD = IDD_DLG_MAIN };
BEGIN_MSG_MAP(MainGui)
MSG_WM_INITDIALOG(OnInitDialog)
MSG_WM_CONTEXTMENU(OnContextMenu)
MSG_WM_LBUTTONDOWN(OnLButtonDown)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_CLICK, OnTreeImportsClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_DBLCLK, OnTreeImportsDoubleClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RCLICK, OnTreeImportsRightClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RDBLCLK, OnTreeImportsRightDoubleClick)
COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_DROPDOWN, OnProcessListDrop)
COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_SELENDOK, OnProcessListSelected)
COMMAND_ID_HANDLER_EX(IDC_BTN_PICKDLL, OnPickDLL)
COMMAND_ID_HANDLER_EX(IDC_BTN_OPTIONS, OnOptions)
COMMAND_ID_HANDLER_EX(IDC_BTN_DUMP, OnDump)
COMMAND_ID_HANDLER_EX(IDC_BTN_FIXDUMP, OnFixDump)
COMMAND_ID_HANDLER_EX(IDC_BTN_PEREBUILD, OnPERebuild)
COMMAND_ID_HANDLER_EX(IDC_BTN_DLLINJECT, OnDLLInject)
COMMAND_ID_HANDLER_EX(IDC_BTN_IATAUTOSEARCH, OnIATAutoSearch)
COMMAND_ID_HANDLER_EX(IDC_BTN_GETIMPORTS, OnGetImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_INVALIDIMPORTS, OnInvalidImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_SUSPECTIMPORTS, OnSuspectImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_CLEARIMPORTS, OnClearImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_CLEARLOG, OnClearLog)
COMMAND_ID_HANDLER_EX(ID_FILE_EXIT, OnExit)
COMMAND_ID_HANDLER_EX(ID_MISC_DLLINJECTION, OnDLLInject)
COMMAND_ID_HANDLER_EX(ID_MISC_PREFERENCES, OnOptions)
COMMAND_ID_HANDLER_EX(ID_HELP_ABOUT, OnAbout)
COMMAND_ID_HANDLER_EX(IDCANCEL, OnExit)
END_MSG_MAP()
MainGui(HINSTANCE hInstance);
Process * selectedProcess;
//Output Window
void addTextToOutputLog(const WCHAR * text);
static DWORD_PTR stringToDwordPtr(WCHAR * hexString);
protected:
HINSTANCE hInstance;
// Controls
CTreeViewCtrl TreeImports;
CComboBox ComboProcessList;
CEdit EditOEPAddress;
CEdit EditIATAddress;
CEdit EditIATSize;
CListBox ListLog;
ProcessLister processLister;
WCHAR stringBuffer[600];
ImportsHandling importsHandling;
ProcessAccessHelp processAccessHelp;
ApiReader apiReader;
private:
//Message handlers
BOOL OnInitDialog(CWindow wndFocus, LPARAM lInitParam);
void OnLButtonDown(UINT nFlags, CPoint point);
void OnContextMenu(CWindow wnd, CPoint point);
LRESULT OnTreeImportsClick(const NMHDR* pnmh);
LRESULT OnTreeImportsDoubleClick(const NMHDR* pnmh);
LRESULT OnTreeImportsRightClick(const NMHDR* pnmh);
LRESULT OnTreeImportsRightDoubleClick(const NMHDR* pnmh);
void OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnDump(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnClearLog(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnExit(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl);
// ---
void setIconAndDialogCaption();
void fillProcessListComboBox(CComboBox& hCombo);
void getModuleListItem(int column, int iItem, char * buffer);
void pickDllActionHandler();
void processSelectedActionHandler(int index);
//static bool displayModuleList(HWND hWndDlg, HWND hList, LRESULT index);
// POPUP MENU Prototypes
void DisplayContextMenu(CWindow, POINT);
void DisplayContextMenuImports(CWindow, POINT);
CMenuHandle getCorrectSubMenu(int, int);
void clearOutputLog();//Output Window
void showInvalidImportsActionHandler();
void showSuspectImportsActionHandler();
void iatAutosearchActionHandler();
void getImportsActionHandler();
void appendPluginListToMenu(CMenuHandle hMenuTrackPopup);
void dumpActionHandler();
DWORD_PTR getOEPFromGui();
void peRebuildActionHandler();
- void startDisassemblerGui(HTREEITEM selectedTreeNode);
+ void startDisassemblerGui(CTreeItem selectedTreeNode);
void dumpFixActionHandler();
void enableDialogButtons( BOOL value );
void showAboutDialog();
void dllInjectActionHandler();
void optionsActionHandler();
void pluginActionHandler( int menuItem );
};
diff --git a/Scylla/Thunks.h b/Scylla/Thunks.h
index 586c34b..28f540f 100644
--- a/Scylla/Thunks.h
+++ b/Scylla/Thunks.h
@@ -1,46 +1,50 @@
#pragma once
#include <windows.h>
#include <Commctrl.h>
#include <map>
+#include <atlbase.h>
+#include <atlapp.h>
+#include <atlctrls.h>
+
class ImportModuleThunk;
class ImportThunk;
class ImportThunk {
public:
WCHAR moduleName[MAX_PATH];
char name[MAX_PATH];
DWORD_PTR va;
DWORD_PTR rva;
DWORD_PTR ordinal;
DWORD_PTR apiAddressVA;
WORD hint;
bool valid;
bool suspect;
- HTREEITEM hTreeItem;
+ CTreeItem hTreeItem;
};
class ImportModuleThunk {
public:
WCHAR moduleName[MAX_PATH];
std::map<DWORD_PTR, ImportThunk> thunkList;
DWORD_PTR firstThunk;
- HTREEITEM hTreeItem;
+ CTreeItem hTreeItem;
DWORD_PTR getFirstThunk();
bool isValid();
~ImportModuleThunk()
{
if (!thunkList.empty())
{
thunkList.clear();
}
}
};
\ No newline at end of file

File Metadata

Mime Type
text/x-diff
Expires
Sat, Sep 21, 9:47 PM (1 d, 21 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
cd/bb/4e7203e4667d0799533108e62fa8

Event Timeline

Back to Main Site