Page MenuHomedesp's stash
Files F191449

No OneTemporary
Actions

View Options

diff --git a/Scylla.sln b/Scylla.sln
index cca0ab2..9dc6716 100644
--- a/Scylla.sln
+++ b/Scylla.sln
@@ -1,26 +1,39 @@

-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Scylla", "Scylla\Scylla.vcxproj", "{710434C9-FC4B-4F1D-B318-E10ADC78499F}"
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual Studio 2008
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Scylla", "Scylla\Scylla.vcproj", "{8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}"
+ ProjectSection(ProjectDependencies) = postProject
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1} = {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "diStorm", "diStorm\diStorm.vcproj", "{A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Debug|x64 = Debug|x64
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Debug|Win32.ActiveCfg = Debug|Win32
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Debug|Win32.Build.0 = Debug|Win32
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Debug|x64.ActiveCfg = Debug|x64
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Debug|x64.Build.0 = Debug|x64
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Release|Win32.ActiveCfg = Release|Win32
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Release|Win32.Build.0 = Release|Win32
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Release|x64.ActiveCfg = Release|x64
- {710434C9-FC4B-4F1D-B318-E10ADC78499F}.Release|x64.Build.0 = Release|x64
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Debug|Win32.ActiveCfg = Debug|Win32
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Debug|Win32.Build.0 = Debug|Win32
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Debug|x64.ActiveCfg = Debug|x64
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Debug|x64.Build.0 = Debug|x64
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Release|Win32.ActiveCfg = Release|Win32
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Release|Win32.Build.0 = Release|Win32
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Release|x64.ActiveCfg = Release|x64
+ {8F59CEE2-A2A7-420E-91C9-BBE9F05C1B59}.Release|x64.Build.0 = Release|x64
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Debug|Win32.ActiveCfg = Debug|Win32
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Debug|Win32.Build.0 = Debug|Win32
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Debug|x64.ActiveCfg = Debug|x64
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Debug|x64.Build.0 = Debug|x64
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Release|Win32.ActiveCfg = Release|Win32
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Release|Win32.Build.0 = Release|Win32
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Release|x64.ActiveCfg = Release|x64
+ {A4B94DE4-BE0E-4E7D-95E7-7B84E6F117A1}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
diff --git a/Scylla/MainGui.aps b/Scylla/MainGui.aps
index d559401..4f74b12 100644
Binary files a/Scylla/MainGui.aps and b/Scylla/MainGui.aps differ
diff --git a/Scylla/MainGui.cpp b/Scylla/MainGui.cpp
index d445168..28f1c35 100644
--- a/Scylla/MainGui.cpp
+++ b/Scylla/MainGui.cpp
@@ -1,1040 +1,1043 @@
#include "MainGui.h"
#include <atldlgs.h> // WTL common dialogs
#include "definitions.h"
#include "PluginLoader.h"
#include "ConfigurationHolder.h"
#include "PeDump.h"
#include "PeRebuild.h"
#include "DllInjectionPlugin.h"
#include "DisassemblerGui.h"
#include "NativeWinApi.h"
#include "ImportRebuild.h"
#include "SystemInformation.h"
#include "AboutGui.h"
#include "OptionsGui.h"
#include "WindowDeferrer.h"
const WCHAR MainGui::filterExe[] = L"Executable (*.exe)\0*.exe\0All files\0*.*\0";
const WCHAR MainGui::filterDll[] = L"Dynamic Link Library (*.dll)\0*.dll\0All files\0*.*\0";
const WCHAR MainGui::filterExeDll[] = L"Executable (*.exe)\0*.exe\0Dynamic Link Library (*.dll)\0*.dll\0All files\0*.*\0";
const WCHAR MainGui::filterTxt[] = L"Text file (*.txt)\0*.txt\0All files\0*.*\0";
MainGui::MainGui() : selectedProcess(0), importsHandling(TreeImports)
{
Logger::getDebugLogFilePath();
ConfigurationHolder::loadConfiguration();
PluginLoader::findAllPlugins();
NativeWinApi::initialize();
SystemInformation::getSystemInformation();
hIcon.LoadIcon(IDI_ICON_SCYLLA);
hMenuImports.LoadMenu(IDR_MENU_IMPORTS);
hMenuLog.LoadMenu(IDR_MENU_LOG);
if(hMenuImports)
{
appendPluginListToMenu(hMenuImports.GetSubMenu(0));
}
}
BOOL MainGui::OnInitDialog(CWindow wndFocus, LPARAM lInitParam)
{
if (SystemInformation::currenOS == UNKNOWN_OS)
{
- MessageBox(L"Operating System is not supported", L"Error Operating System", MB_ICONERROR);
- EndDialog(0);
- return FALSE;
+ if(IDCANCEL == MessageBox(L"Operating System is not supported\r\nContinue anyway?", L"Scylla", MB_ICONWARNING | MB_OKCANCEL))
+ {
+ EndDialog(0);
+ return FALSE;
+ }
}
if(ConfigurationHolder::getConfigObject(DEBUG_PRIVILEGE)->isTrue())
{
processLister.setDebugPrivileges();
}
processAccessHelp.getProcessModules(GetCurrentProcessId(), processAccessHelp.ownModuleList);
TreeImports.Attach(GetDlgItem(IDC_TREE_IMPORTS));
ComboProcessList.Attach(GetDlgItem(IDC_CBO_PROCESSLIST));
ListLog.Attach(GetDlgItem(IDC_LIST_LOG));
EditOEPAddress.Attach(GetDlgItem(IDC_EDIT_OEPADDRESS));
EditIATAddress.Attach(GetDlgItem(IDC_EDIT_IATADDRESS));
EditIATSize.Attach(GetDlgItem(IDC_EDIT_IATSIZE));
EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
EditIATAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
EditIATSize.LimitText(MAX_HEX_VALUE_EDIT_LENGTH);
appendPluginListToMenu(CMenuHandle(GetMenu()).GetSubMenu(MenuImportsOffsetTrace));
enableDialogControls(FALSE);
setIconAndDialogCaption();
- LOGFONT lf;
- CFontHandle font = CButton(GetDlgItem(IDC_BTN_FIXDUMP)).GetFont();
- font.GetLogFont(&lf);
- lf.lfWeight = FW_BOLD;
- FontBold.CreateFontIndirect(&lf);
-
- CButton(GetDlgItem(IDC_BTN_IATAUTOSEARCH)).SetFont(FontBold, FALSE);
- CButton(GetDlgItem(IDC_BTN_GETIMPORTS)).SetFont(FontBold, FALSE);
- CButton(GetDlgItem(IDC_BTN_FIXDUMP)).SetFont(FontBold, FALSE);
-
GetWindowRect(&MinSize);
SetMsgHandled(false);
return TRUE;
}
void MainGui::OnGetMinMaxInfo(MINMAXINFO* lpMMI)
{
lpMMI->ptMinTrackSize.x = MinSize.right - MinSize.left;
lpMMI->ptMinTrackSize.y = MinSize.bottom - MinSize.top;
}
void MainGui::OnSizing(UINT fwSide, RECT* pRect)
+{
+ // Get size difference
+ RECT rectOld;
+ GetWindowRect(&rectOld);
+ long deltaX = (pRect->right - pRect->left) - (rectOld.right - rectOld.left);
+ long deltaY = (pRect->bottom - pRect->top) - (rectOld.bottom - rectOld.top);
+
+ SizeOffset.SetSize(deltaX, deltaY);
+
+ SetMsgHandled(false);
+}
+
+void MainGui::OnSize(UINT nType, CSize size)
{
WindowDeferrer::Deferrable controls[] =
{
{IDC_GROUP_ATTACH, false, false, true, false},
{IDC_CBO_PROCESSLIST, false, false, true, false},
{IDC_BTN_PICKDLL, true, false, false, false},
{IDC_GROUP_IMPORTS, false, false, true, true},
{IDC_TREE_IMPORTS, false, false, true, true},
+ {IDC_BTN_INVALIDIMPORTS, false, true, false, false},
+ {IDC_BTN_SUSPECTIMPORTS, false, true, false, false},
+ {IDC_BTN_SAVETREE, true, true, false, false},
+ {IDC_BTN_LOADTREE, true, true, false, false},
+ {IDC_BTN_CLEARIMPORTS, true, true, false, false},
{IDC_GROUP_IATINFO, false, true, false, false},
{IDC_STATIC_OEPADDRESS, false, true, false, false},
{IDC_STATIC_IATADDRESS, false, true, false, false},
{IDC_STATIC_IATSIZE, false, true, false, false},
{IDC_EDIT_OEPADDRESS, false, true, false, false},
{IDC_EDIT_IATADDRESS, false, true, false, false},
{IDC_EDIT_IATSIZE, false, true, false, false},
{IDC_BTN_IATAUTOSEARCH, false, true, false, false},
{IDC_BTN_GETIMPORTS, false, true, false, false},
- {IDC_GROUP_IMPORTSOPTIONS, true, true, false, false},
- {IDC_BTN_INVALIDIMPORTS, true, true, false, false},
- {IDC_BTN_SUSPECTIMPORTS, true, true, false, false},
- {IDC_BTN_CLEARIMPORTS, true, true, false, false},
- {IDC_BTN_AUTOTRACE, true, true, false, false},
- {IDC_BTN_SAVETREE, true, true, false, false},
- {IDC_BTN_LOADTREE, true, true, false, false},
+ {IDC_GROUP_ACTIONS, false, true, false, false},
+ {IDC_BTN_AUTOTRACE, false, true, false, false},
- {IDC_GROUP_LOG, false, true, true, false},
- {IDC_LIST_LOG, false, true, true, false},
+ {IDC_GROUP_DUMP, false, true, false, false},
+ {IDC_BTN_DUMP, false, true, false, false},
+ {IDC_BTN_PEREBUILD, false, true, false, false},
+ {IDC_BTN_FIXDUMP, false, true, false, false},
- {IDC_GROUP_MISC, true, false, false, true},
- {IDC_BTN_DUMP, true, false, false, false},
- {IDC_BTN_PEREBUILD, true, false, false, false},
- {IDC_BTN_DLLINJECT, true, false, false, false},
- {IDC_BTN_FIXDUMP, true, false, false, false}
+ {IDC_GROUP_LOG, false, true, true, false},
+ {IDC_LIST_LOG, false, true, true, false}
};
- // Get size difference
- RECT rectOld;
- GetWindowRect(&rectOld);
- long deltaX = (pRect->right - pRect->left) - (rectOld.right - rectOld.left);
- long deltaY = (pRect->bottom - pRect->top) - (rectOld.bottom - rectOld.top);
-
WindowDeferrer deferrer(m_hWnd, controls, _countof(controls));
- deferrer.defer(deltaX, deltaY);
+ deferrer.defer(SizeOffset.cx, SizeOffset.cy);
+ SizeOffset.SetSize(0, 0);
SetMsgHandled(false);
}
void MainGui::OnLButtonDown(UINT nFlags, CPoint point)
{
SetMsgHandled(false);
}
void MainGui::OnContextMenu(CWindow wnd, CPoint point)
{
// point = -1, -1 for keyboard invoked shortcut!
switch(wnd.GetDlgCtrlID())
{
case IDC_TREE_IMPORTS:
DisplayContextMenuImports(wnd, point);
break;
case IDC_LIST_LOG:
DisplayContextMenuLog(wnd, point);
break;
//default: // wnd == m_hWnd?
// DisplayContextMenu(wnd, point);
// break;
}
}
void MainGui::OnCommand(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// Make sure it's a menu
if(uNotifyCode == 0 && !wndCtl.IsWindow())
{
if ((nID >= PLUGIN_MENU_BASE_ID) && (nID <= (int)(PluginLoader::getScyllaPluginList().size() + PluginLoader::getImprecPluginList().size() + PLUGIN_MENU_BASE_ID)))
{
pluginActionHandler(nID);
return;
}
}
SetMsgHandled(false);
}
LRESULT MainGui::OnTreeImportsClick(const NMHDR* pnmh)
{
return false;
}
LRESULT MainGui::OnTreeImportsDoubleClick(const NMHDR* pnmh)
{
CPoint pt = GetMessagePos();
return false;
}
LRESULT MainGui::OnTreeImportsRightClick(const NMHDR* pnmh)
{
- //Logger::printfDialog(L"NM_RCLICK");
-
/*
HTREEITEM selectedTreeNode = TreeImports.GetNextItem(NULL, TVGN_DROPHILITE);
if(selectedTreeNode != NULL)
{
TreeImports.Select(selectedTreeNode, TVGN_CARET);
}
*/
return false;
}
LRESULT MainGui::OnTreeImportsRightDoubleClick(const NMHDR* pnmh)
{
return false;
}
void MainGui::OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl)
{
fillProcessListComboBox(ComboProcessList);
}
void MainGui::OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl)
{
processSelectedActionHandler(ComboProcessList.GetCurSel());
}
void MainGui::OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl)
{
pickDllActionHandler();
}
void MainGui::OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl)
{
optionsActionHandler();
}
void MainGui::OnDump(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dumpActionHandler();
}
void MainGui::OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dumpFixActionHandler();
}
void MainGui::OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl)
{
peRebuildActionHandler();
}
void MainGui::OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl)
{
dllInjectActionHandler();
}
void MainGui::OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl)
{
iatAutosearchActionHandler();
}
void MainGui::OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
getImportsActionHandler();
}
void MainGui::OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showInvalidImportsActionHandler();
}
void MainGui::OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showSuspectImportsActionHandler();
}
void MainGui::OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl)
{
clearImportsActionHandler();
}
void MainGui::OnInvalidateSelected(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// TODO
}
void MainGui::OnCutSelected(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// TODO
}
void MainGui::OnSaveTree(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// TODO
}
void MainGui::OnLoadTree(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// TODO
}
void MainGui::OnAutotrace(UINT uNotifyCode, int nID, CWindow wndCtl)
{
// TODO
}
void MainGui::OnExit(UINT uNotifyCode, int nID, CWindow wndCtl)
{
- FontBold.DeleteObject();
EndDialog(0);
}
void MainGui::OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl)
{
showAboutDialog();
}
bool MainGui::showFileDialog(WCHAR * selectedFile, bool save, const WCHAR * defFileName, const WCHAR * filter, const WCHAR * defExtension, const WCHAR * directory)
{
OPENFILENAME ofn = {0};
// WTL doesn't support new explorer styles on Vista and up
// This is because it uses a custom hook, we could remove it or derive
// from CFileDialog but this solution is easier and allows more control anyway (e.g. initial dir)
if(defFileName)
{
wcscpy_s(selectedFile, MAX_PATH, defFileName);
}
else
{
selectedFile[0] = _T('\0');
}
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = m_hWnd;
ofn.lpstrFilter = filter;
ofn.lpstrDefExt = defExtension; // only first 3 chars are used, no dots!
ofn.lpstrFile = selectedFile;
ofn.lpstrInitialDir = directory;
ofn.nMaxFile = MAX_PATH;
ofn.Flags = OFN_PATHMUSTEXIST | OFN_HIDEREADONLY;
/*
*OFN_EXPLORER is automatically used, it only has to be specified
*if using a custom hook
*OFN_LONGNAMES is automatically used by explorer-style dialogs
*/
if(save)
ofn.Flags |= OFN_OVERWRITEPROMPT;
else
ofn.Flags |= OFN_FILEMUSTEXIST;
if(save)
return 0 != GetSaveFileName(&ofn);
else
return 0 != GetOpenFileName(&ofn);
}
void MainGui::setIconAndDialogCaption()
{
SetIcon(hIcon, TRUE);
SetIcon(hIcon, FALSE);
SetWindowText(TEXT(APPNAME)TEXT(" ")TEXT(ARCHITECTURE)TEXT(" ")TEXT(APPVERSION));
}
void MainGui::pickDllActionHandler()
{
if(!selectedProcess)
return;
PickDllGui dlgPickDll(processAccessHelp.moduleList);
if(dlgPickDll.DoModal())
{
//get selected module
processAccessHelp.selectedModule = dlgPickDll.getSelectedModule();
Logger::printfDialog(TEXT("->>> Module %s selected."), processAccessHelp.selectedModule->getFilename());
Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),processAccessHelp.selectedModule->modBaseAddr,processAccessHelp.selectedModule->modBaseSize);
-
}
else
{
processAccessHelp.selectedModule = 0;
}
}
void MainGui::startDisassemblerGui(CTreeItem selectedTreeNode)
{
if(!selectedProcess)
return;
DWORD_PTR address = importsHandling.getApiAddressByNode(selectedTreeNode);
if (address)
{
- DisassemblerGui dlgDisassembler(address);
- dlgDisassembler.DoModal();
+ BYTE test;
+ if(!ProcessAccessHelp::readMemoryFromProcess(address, sizeof(test), &test))
+ {
+ swprintf_s(stringBuffer, _countof(stringBuffer), TEXT("Can't read memory at ")TEXT(PRINTF_DWORD_PTR_FULL),address);
+ MessageBox(stringBuffer, L"Failure", MB_ICONERROR);
+ }
+ else
+ {
+ DisassemblerGui dlgDisassembler(address);
+ dlgDisassembler.DoModal();
+ }
}
}
void MainGui::processSelectedActionHandler(int index)
{
std::vector<Process>& processList = processLister.getProcessList();
Process &process = processList.at(index);
selectedProcess = 0;
clearImportsActionHandler();
Logger::printfDialog(TEXT("Analyzing %s"),process.fullPath);
if (processAccessHelp.hProcess != 0)
{
processAccessHelp.closeProcessHandle();
apiReader.clearAll();
}
if (!processAccessHelp.openProcessHandle(process.PID))
{
enableDialogControls(FALSE);
Logger::printfDialog(TEXT("Error: Cannot open process handle."));
return;
}
processAccessHelp.getProcessModules(process.PID, processAccessHelp.moduleList);
apiReader.readApisFromModuleList();
Logger::printfDialog(TEXT("Loading modules done."));
//TODO improve
processAccessHelp.selectedModule = 0;
processAccessHelp.targetSizeOfImage = process.imageSize;
processAccessHelp.targetImageBase = process.imageBase;
ProcessAccessHelp::getSizeOfImageCurrentProcess();
process.imageSize = (DWORD)processAccessHelp.targetSizeOfImage;
Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),process.imageBase, process.imageSize);
process.entryPoint = ProcessAccessHelp::getEntryPointFromFile(process.fullPath);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),process.entryPoint + process.imageBase);
EditOEPAddress.SetWindowText(stringBuffer);
selectedProcess = &process;
enableDialogControls(TRUE);
}
void MainGui::fillProcessListComboBox(CComboBox& hCombo)
{
hCombo.ResetContent();
std::vector<Process>& processList = processLister.getProcessListSnapshot();
for (size_t i = 0; i < processList.size(); i++)
{
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("0x%04X - %s - %s"),processList[i].PID,processList[i].filename,processList[i].fullPath);
hCombo.AddString(stringBuffer);
}
}
void MainGui::addTextToOutputLog(const WCHAR * text)
{
if (m_hWnd)
{
ListLog.SetCurSel(ListLog.AddString(text));
}
}
void MainGui::clearOutputLog()
{
if (m_hWnd)
{
ListLog.ResetContent();
}
}
bool MainGui::saveLogToFile(const WCHAR * file)
{
const BYTE BOM[] = {0xFF, 0xFE}; // UTF-16 little-endian
const WCHAR newLine[] = L"\r\n";
bool success = true;
HANDLE hFile = CreateFile(file, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if(hFile != INVALID_HANDLE_VALUE)
{
ProcessAccessHelp::writeMemoryToFileEnd(hFile, sizeof(BOM), BOM);
WCHAR * buffer = 0;
int bufsize = 0;
for(int i = 0; i < ListLog.GetCount(); i++)
{
int size = ListLog.GetTextLen(i);
size += _countof(newLine)-1;
if(size+1 > bufsize)
{
bufsize = size+1;
delete[] buffer;
try
{
buffer = new WCHAR[bufsize];
}
catch(std::bad_alloc&)
{
buffer = 0;
success = false;
break;
}
}
ListLog.GetText(i, buffer);
wcscat_s(buffer, bufsize, newLine);
ProcessAccessHelp::writeMemoryToFileEnd(hFile, size * sizeof(WCHAR), buffer);
}
delete[] buffer;
CloseHandle(hFile);
}
return success;
}
void MainGui::showInvalidImportsActionHandler()
{
importsHandling.showImports(true, false);
}
void MainGui::showSuspectImportsActionHandler()
{
importsHandling.showImports(false, true);
}
void MainGui::iatAutosearchActionHandler()
{
DWORD_PTR searchAddress = 0;
DWORD_PTR addressIAT = 0;
DWORD sizeIAT = 0;
IATSearch iatSearch;
if(!selectedProcess)
return;
if(EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 1)
{
searchAddress = stringToDwordPtr(stringBuffer);
if (searchAddress)
{
if (iatSearch.searchImportAddressTableInProcess(searchAddress, &addressIAT, &sizeIAT))
{
Logger::printfDialog(TEXT("IAT found at VA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" RVA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d)"),addressIAT, addressIAT - processAccessHelp.targetImageBase,sizeIAT,sizeIAT);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),addressIAT);
EditIATAddress.SetWindowText(stringBuffer);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%08X"),sizeIAT);
EditIATSize.SetWindowText(stringBuffer);
swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("IAT found! Start Address ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d) "),addressIAT,sizeIAT,sizeIAT);
MessageBox(stringBuffer, L"IAT found", MB_ICONINFORMATION);
}
else
{
Logger::printfDialog(TEXT("IAT not found at OEP ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("!"),searchAddress);
}
}
}
}
void MainGui::getImportsActionHandler()
{
DWORD_PTR addressIAT = 0;
DWORD sizeIAT = 0;
if(!selectedProcess)
return;
if (EditIATAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
addressIAT = stringToDwordPtr(stringBuffer);
}
if (EditIATSize.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
sizeIAT = wcstoul(stringBuffer, NULL, 16);
}
if (addressIAT && sizeIAT)
{
apiReader.readAndParseIAT(addressIAT, sizeIAT,importsHandling.moduleList);
importsHandling.displayAllImports();
}
}
DWORD_PTR MainGui::stringToDwordPtr(const WCHAR * hexString)
{
DWORD_PTR address = 0;
#ifdef _WIN64
address = _wcstoui64(hexString, NULL, 16);
#else
address = wcstoul(hexString, NULL, 16);
#endif
if (address == 0)
{
#ifdef DEBUG_COMMENTS
Logger::debugLog(L"stringToDwordPtr :: address == 0, %s",hexString);
#endif
return 0;
}
else
{
return address;
}
}
void MainGui::SetupImportsMenuItems(bool isItem, bool isThunk)
{
// assert(!(!isItem && isThunk));
CMenuHandle hSub = hMenuImports.GetSubMenu(0);
UINT itemOnly = isItem ? MF_ENABLED : MF_GRAYED;
UINT thunkOnly = isThunk ? MF_ENABLED : MF_GRAYED;
hSub.EnableMenuItem(ID__INVALIDATEFUNCTION, thunkOnly);
hSub.EnableMenuItem(ID__DISASSEMBLE, thunkOnly);
hSub.EnableMenuItem(ID__CUTTHUNK, thunkOnly);
hSub.EnableMenuItem(ID__DELETETREENODE, itemOnly);
}
void MainGui::DisplayContextMenuImports(CWindow hwnd, CPoint pt)
{
if(TreeImports.GetCount() < 1)
return;
// Get item under cursor
CPoint client(pt);
CWindow(GetDesktopWindow()).MapWindowPoints(TreeImports, &client, 1); // pt is screen, we need client
UINT flags;
CTreeItem over = TreeImports.HitTest(client, &flags);
CTreeItem parent;
if(over)
{
if(!(flags & TVHT_ONITEM))
{
over = NULL;
}
else
{
parent = TreeImports.GetParentItem(over);
}
}
if (hMenuImports)
{
// Prepare hmenuImports
SetupImportsMenuItems(!over.IsNull(), !parent.IsNull());
CMenuHandle hSub = hMenuImports.GetSubMenu(0);
BOOL menuItem = hSub.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd);
if (menuItem)
{
if ((menuItem >= PLUGIN_MENU_BASE_ID) && (menuItem <= (int)(PluginLoader::getScyllaPluginList().size() + PluginLoader::getImprecPluginList().size() + PLUGIN_MENU_BASE_ID)))
{
//wsprintf(stringBuffer, L"%d %s\n",menuItem,pluginList[menuItem - PLUGIN_MENU_BASE_ID].pluginName);
//MessageBox(stringBuffer, L"plugin selection");
pluginActionHandler(menuItem);
return;
}
switch (menuItem)
{
case ID__INVALIDATEFUNCTION:
importsHandling.invalidateFunction(over);
break;
case ID__DISASSEMBLE:
startDisassemblerGui(over);
break;
case ID__EXPANDALLNODES:
importsHandling.expandAllTreeNodes();
break;
case ID__COLLAPSEALLNODES:
importsHandling.collapseAllTreeNodes();
break;
case ID__CUTTHUNK:
importsHandling.cutThunk(over);
break;
case ID__DELETETREENODE:
importsHandling.deleteTreeNode(parent ? parent : over);
break;
}
}
}
}
void MainGui::DisplayContextMenuLog(CWindow hwnd, CPoint pt)
{
if (hMenuLog)
{
CMenuHandle hSub = hMenuLog.GetSubMenu(0);
BOOL menuItem = hSub.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd);
if (menuItem)
{
switch (menuItem)
{
case ID__SAVE:
WCHAR selectedFilePath[MAX_PATH];
if(showFileDialog(selectedFilePath, true, NULL, filterTxt, L"txt"))
{
saveLogToFile(selectedFilePath);
}
break;
case ID__CLEAR:
clearOutputLog();
break;
}
}
}
}
void MainGui::appendPluginListToMenu(CMenuHandle hMenu)
{
std::vector<Plugin> &scyllaPluginList = PluginLoader::getScyllaPluginList();
std::vector<Plugin> &imprecPluginList = PluginLoader::getImprecPluginList();
if (scyllaPluginList.size() > 0)
{
CMenuHandle newMenu;
newMenu.CreatePopupMenu();
for (size_t i = 0; i < scyllaPluginList.size(); i++)
{
newMenu.AppendMenu(MF_STRING, i + PLUGIN_MENU_BASE_ID, scyllaPluginList[i].pluginName);
}
hMenu.AppendMenu(MF_MENUBARBREAK);
hMenu.AppendMenu(MF_POPUP, newMenu, L"Scylla Plugins");
}
if (imprecPluginList.size() > 0)
{
CMenuHandle newMenu;
newMenu.CreatePopupMenu();
for (size_t i = 0; i < imprecPluginList.size(); i++)
{
newMenu.AppendMenu(MF_STRING, scyllaPluginList.size() + i + PLUGIN_MENU_BASE_ID, imprecPluginList[i].pluginName);
}
hMenu.AppendMenu(MF_MENUBARBREAK);
hMenu.AppendMenu(MF_POPUP, newMenu, L"ImpREC Plugins");
}
}
void MainGui::dumpActionHandler()
{
if(!selectedProcess)
return;
WCHAR selectedFilePath[MAX_PATH];
const WCHAR * fileFilter;
const WCHAR * defExtension;
PeDump peDump;
if (processAccessHelp.selectedModule)
{
fileFilter = filterDll;
defExtension = L"dll";
}
else
{
fileFilter = filterExe;
defExtension = L"exe";
}
if(showFileDialog(selectedFilePath, true, NULL, fileFilter, defExtension))
{
if (processAccessHelp.selectedModule)
{
//dump DLL
peDump.imageBase = processAccessHelp.selectedModule->modBaseAddr;
peDump.sizeOfImage = processAccessHelp.selectedModule->modBaseSize;
//get it from gui
peDump.entryPoint = getOEPFromGui();
wcscpy_s(peDump.fullpath, MAX_PATH, processAccessHelp.selectedModule->fullPath);
}
else
{
peDump.imageBase = ProcessAccessHelp::targetImageBase;
peDump.sizeOfImage = (DWORD)ProcessAccessHelp::targetSizeOfImage;
//get it from gui
peDump.entryPoint = getOEPFromGui();
wcscpy_s(peDump.fullpath, MAX_PATH, selectedProcess->fullPath);
}
peDump.useHeaderFromDisk = ConfigurationHolder::getConfigObject(USE_PE_HEADER_FROM_DISK)->isTrue();
if (peDump.dumpCompleteProcessToDisk(selectedFilePath))
{
Logger::printfDialog(TEXT("Dump success %s"),selectedFilePath);
//MessageBox(L"Image dumped successfully.", L"Success");
}
else
{
Logger::printfDialog(TEXT("Error: Cannot dump image."));
MessageBox(L"Cannot dump image.", L"Failure", MB_ICONERROR);
}
}
}
DWORD_PTR MainGui::getOEPFromGui()
{
if (EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0)
{
return stringToDwordPtr(stringBuffer);
}
else
{
return 0;
}
}
void MainGui::peRebuildActionHandler()
{
DWORD newSize = 0;
WCHAR selectedFilePath[MAX_PATH];
PeRebuild peRebuild;
if(showFileDialog(selectedFilePath, false, NULL, filterExeDll))
{
if (ConfigurationHolder::getConfigObject(CREATE_BACKUP)->isTrue())
{
if (!ProcessAccessHelp::createBackupFile(selectedFilePath))
{
Logger::printfDialog(TEXT("Creating backup file failed %s"), selectedFilePath);
}
}
LONGLONG fileSize = ProcessAccessHelp::getFileSize(selectedFilePath);
LPVOID mapped = peRebuild.createFileMappingViewFull(selectedFilePath);
newSize = peRebuild.realignPE(mapped, (DWORD)fileSize);
peRebuild.closeAllMappingHandles();
if (newSize < 10)
{
Logger::printfDialog(TEXT("Rebuild failed %s"), selectedFilePath);
MessageBox(L"Rebuild failed.", L"Failure", MB_ICONERROR);
}
else
{
peRebuild.truncateFile(selectedFilePath, newSize);
Logger::printfDialog(TEXT("Rebuild success %s"), selectedFilePath);
Logger::printfDialog(TEXT("-> Old file size 0x%08X new file size 0x%08X (%d %%)"), (DWORD)fileSize, newSize, (DWORD)((newSize * 100) / (DWORD)fileSize) );
//MessageBox(L"Image rebuilded successfully.", L"Success", MB_ICONINFORMATION);
}
}
}
void MainGui::dumpFixActionHandler()
{
if(!selectedProcess)
return;
WCHAR newFilePath[MAX_PATH];
WCHAR selectedFilePath[MAX_PATH];
const WCHAR * fileFilter;
ImportRebuild importRebuild;
if (TreeImports.GetCount() < 2)
{
Logger::printfDialog(TEXT("Nothing to rebuild"));
return;
}
if (processAccessHelp.selectedModule)
{
fileFilter = filterDll;
}
else
{
fileFilter = filterExe;
}
if (showFileDialog(selectedFilePath, false, NULL, fileFilter))
{
wcscpy_s(newFilePath,MAX_PATH,selectedFilePath);
const WCHAR * extension = 0;
WCHAR* dot = wcsrchr(newFilePath, L'.');
if (dot)
{
*dot = L'\0';
extension = selectedFilePath + (dot - newFilePath); //wcsrchr(selectedFilePath, L'.');
}
wcscat_s(newFilePath, MAX_PATH, L"_SCY");
if(extension)
{
wcscat_s(newFilePath, MAX_PATH, extension);
}
if (importRebuild.rebuildImportTable(selectedFilePath,newFilePath,importsHandling.moduleList))
{
//MessageBox(L"Imports rebuilding successful", L"Success", MB_ICONINFORMATION);
Logger::printfDialog(TEXT("Import Rebuild success %s"), newFilePath);
}
else
{
Logger::printfDialog(TEXT("Import Rebuild failed, target %s"), selectedFilePath);
MessageBox(L"Imports rebuilding failed", L"Failure", MB_ICONERROR);
}
}
}
void MainGui::enableDialogControls(BOOL value)
{
GetDlgItem(IDC_BTN_PICKDLL).EnableWindow(value);
GetDlgItem(IDC_BTN_DUMP).EnableWindow(value);
- GetDlgItem(IDC_BTN_DLLINJECT).EnableWindow(value);
GetDlgItem(IDC_BTN_FIXDUMP).EnableWindow(value);
GetDlgItem(IDC_BTN_IATAUTOSEARCH).EnableWindow(value);
GetDlgItem(IDC_BTN_GETIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_SUSPECTIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_INVALIDIMPORTS).EnableWindow(value);
GetDlgItem(IDC_BTN_CLEARIMPORTS).EnableWindow(value);
CMenuHandle menu = GetMenu();
menu.EnableMenuItem(ID_FILE_DUMP, value ? MF_ENABLED : MF_GRAYED);
menu.EnableMenuItem(ID_FILE_FIXDUMP, value ? MF_ENABLED : MF_GRAYED);
menu.EnableMenuItem(ID_MISC_DLLINJECTION, value ? MF_ENABLED : MF_GRAYED);
menu.GetSubMenu(MenuImportsOffsetTrace).EnableMenuItem(MenuImportsTraceOffsetScylla, MF_BYPOSITION | (value ? MF_ENABLED : MF_GRAYED));
menu.GetSubMenu(MenuImportsOffsetTrace).EnableMenuItem(MenuImportsTraceOffsetImpRec, MF_BYPOSITION | (value ? MF_ENABLED : MF_GRAYED));
//not yet implemented
GetDlgItem(IDC_BTN_AUTOTRACE).EnableWindow(FALSE);
GetDlgItem(IDC_BTN_SAVETREE).EnableWindow(FALSE);
GetDlgItem(IDC_BTN_LOADTREE).EnableWindow(FALSE);
menu.EnableMenuItem(ID_IMPORTS_INVALIDATESELECTED, MF_GRAYED);
menu.EnableMenuItem(ID_IMPORTS_CUTSELECTED, MF_GRAYED);
menu.EnableMenuItem(ID_IMPORTS_SAVETREE, MF_GRAYED);
menu.EnableMenuItem(ID_IMPORTS_SAVETREE, MF_GRAYED);
menu.EnableMenuItem(ID_IMPORTS_LOADTREE, MF_GRAYED);
menu.EnableMenuItem(ID_TRACE_AUTOTRACE, MF_GRAYED);
}
void MainGui::showAboutDialog()
{
AboutGui dlgAbout;
dlgAbout.DoModal();
}
void MainGui::dllInjectActionHandler()
{
if(!selectedProcess)
return;
WCHAR selectedFilePath[MAX_PATH];
HMODULE hMod = 0;
DllInjection dllInjection;
if (showFileDialog(selectedFilePath, false, NULL, filterDll))
{
hMod = dllInjection.dllInjection(ProcessAccessHelp::hProcess, selectedFilePath);
if (hMod && ConfigurationHolder::getConfigObject(DLL_INJECTION_AUTO_UNLOAD)->isTrue())
{
if (!dllInjection.unloadDllInProcess(ProcessAccessHelp::hProcess, hMod))
{
Logger::printfDialog(TEXT("DLL unloading failed, target %s"), selectedFilePath);
}
}
if (hMod)
{
Logger::printfDialog(TEXT("DLL Injection was successful, target %s"), selectedFilePath);
}
else
{
Logger::printfDialog(TEXT("DLL Injection failed, target %s"), selectedFilePath);
}
}
}
void MainGui::optionsActionHandler()
{
OptionsGui dlgOptions;
dlgOptions.DoModal();
}
void MainGui::clearImportsActionHandler()
{
TreeImports.DeleteAllItems();
importsHandling.moduleList.clear();
}
void MainGui::pluginActionHandler( int menuItem )
{
if(!selectedProcess)
return;
DllInjectionPlugin dllInjectionPlugin;
std::vector<Plugin> &scyllaPluginList = PluginLoader::getScyllaPluginList();
std::vector<Plugin> &imprecPluginList = PluginLoader::getImprecPluginList();
menuItem -= PLUGIN_MENU_BASE_ID;
dllInjectionPlugin.hProcess = ProcessAccessHelp::hProcess;
dllInjectionPlugin.apiReader = &apiReader;
if (menuItem < (int)scyllaPluginList.size())
{
//scylla plugin
dllInjectionPlugin.injectPlugin(scyllaPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize);
}
else
{
#ifndef _WIN64
menuItem -= (int)scyllaPluginList.size();
//imprec plugin
dllInjectionPlugin.injectImprecPlugin(imprecPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize);
#endif
}
importsHandling.scanAndFixModuleList();
importsHandling.displayAllImports();
}
diff --git a/Scylla/MainGui.h b/Scylla/MainGui.h
index 17007c8..050a4c0 100644
--- a/Scylla/MainGui.h
+++ b/Scylla/MainGui.h
@@ -1,211 +1,207 @@
#pragma once
#include <windows.h>
#include "resource.h"
// WTL
#include <atlbase.h> // base ATL classes
#include <atlapp.h> // base WTL classes
#include <atlwin.h> // ATL GUI classes
#include <atlmisc.h> // WTL utility classes like CString
#include <atlcrack.h> // WTL enhanced msg map macros
#include <atlctrls.h> // WTL controls
//#define _CRTDBG_MAP_ALLOC
//#include <cstdlib>
//#include <crtdbg.h>
#include <cstdio>
#include "Logger.h"
#include "ProcessLister.h"
#include "IATSearch.h"
#include "PickDllGui.h"
#include "ImportsHandling.h"
class MainGui : public CDialogImpl<MainGui>
{
public:
enum { IDD = IDD_DLG_MAIN };
BEGIN_MSG_MAP(MainGui)
MSG_WM_INITDIALOG(OnInitDialog)
MSG_WM_GETMINMAXINFO(OnGetMinMaxInfo)
MSG_WM_SIZING(OnSizing)
+ MSG_WM_SIZE(OnSize)
MSG_WM_CONTEXTMENU(OnContextMenu)
MSG_WM_LBUTTONDOWN(OnLButtonDown)
MSG_WM_COMMAND(OnCommand)
- //MSG_WM_ENTERSIZEMOVE(OnEnterSizeMove)
- //MSG_WM_EXITSIZEMOVE(OnExitSizeMove)
-
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_CLICK, OnTreeImportsClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_DBLCLK, OnTreeImportsDoubleClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RCLICK, OnTreeImportsRightClick)
NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RDBLCLK, OnTreeImportsRightDoubleClick)
COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_DROPDOWN, OnProcessListDrop)
COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_SELENDOK, OnProcessListSelected)
COMMAND_ID_HANDLER_EX(IDC_BTN_PICKDLL, OnPickDLL)
COMMAND_ID_HANDLER_EX(IDC_BTN_OPTIONS, OnOptions)
COMMAND_ID_HANDLER_EX(IDC_BTN_DUMP, OnDump)
COMMAND_ID_HANDLER_EX(IDC_BTN_FIXDUMP, OnFixDump)
COMMAND_ID_HANDLER_EX(IDC_BTN_PEREBUILD, OnPERebuild)
- COMMAND_ID_HANDLER_EX(IDC_BTN_DLLINJECT, OnDLLInject)
COMMAND_ID_HANDLER_EX(IDC_BTN_IATAUTOSEARCH, OnIATAutoSearch)
COMMAND_ID_HANDLER_EX(IDC_BTN_GETIMPORTS, OnGetImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_INVALIDIMPORTS, OnInvalidImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_SUSPECTIMPORTS, OnSuspectImports)
COMMAND_ID_HANDLER_EX(IDC_BTN_CLEARIMPORTS, OnClearImports)
COMMAND_ID_HANDLER_EX(ID_FILE_DUMP, OnDump)
COMMAND_ID_HANDLER_EX(ID_FILE_PEREBUILD, OnPERebuild)
COMMAND_ID_HANDLER_EX(ID_FILE_FIXDUMP, OnFixDump)
COMMAND_ID_HANDLER_EX(ID_FILE_EXIT, OnExit)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_SHOWINVALID, OnInvalidImports)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_SHOWSUSPECT, OnSuspectImports)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_INVALIDATESELECTED, OnInvalidateSelected)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_CUTSELECTED, OnCutSelected)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_CLEARIMPORTS, OnClearImports)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_SAVETREE, OnSaveTree)
COMMAND_ID_HANDLER_EX(ID_IMPORTS_LOADTREE, OnLoadTree)
COMMAND_ID_HANDLER_EX(ID_TRACE_AUTOTRACE, OnAutotrace)
COMMAND_ID_HANDLER_EX(ID_MISC_DLLINJECTION, OnDLLInject)
COMMAND_ID_HANDLER_EX(ID_MISC_OPTIONS, OnOptions)
COMMAND_ID_HANDLER_EX(ID_HELP_ABOUT, OnAbout)
COMMAND_ID_HANDLER_EX(IDCANCEL, OnExit)
END_MSG_MAP()
MainGui();
void addTextToOutputLog(const WCHAR * text);
protected:
// Variables
ProcessLister processLister;
WCHAR stringBuffer[600];
ImportsHandling importsHandling;
ProcessAccessHelp processAccessHelp;
ApiReader apiReader;
Process * selectedProcess;
// File selection stuff
static const WCHAR filterExe[];
static const WCHAR filterDll[];
static const WCHAR filterExeDll[];
static const WCHAR filterTxt[];
// Controls
CTreeViewCtrl TreeImports;
CComboBox ComboProcessList;
CEdit EditOEPAddress;
CEdit EditIATAddress;
CEdit EditIATSize;
CListBox ListLog;
RECT MinSize;
+ CSize SizeOffset;
// Handles
CIcon hIcon;
CMenu hMenuImports;
CMenu hMenuLog;
- CFontHandle FontBold;
static const int MenuImportsOffsetTrace = 2;
static const int MenuImportsTraceOffsetScylla = 2;
static const int MenuImportsTraceOffsetImpRec = 4;
protected:
// Message handlers
BOOL OnInitDialog(CWindow wndFocus, LPARAM lInitParam);
void OnGetMinMaxInfo(MINMAXINFO* lpMMI);
void OnSizing(UINT fwSide, RECT* pRect);
- //void OnEnterSizeMove();
- //void OnExitSizeMove();
+ void OnSize(UINT nType, CSize size);
void OnLButtonDown(UINT nFlags, CPoint point);
void OnContextMenu(CWindow wnd, CPoint point);
void OnCommand(UINT uNotifyCode, int nID, CWindow wndCtl);
LRESULT OnTreeImportsClick(const NMHDR* pnmh);
LRESULT OnTreeImportsDoubleClick(const NMHDR* pnmh);
LRESULT OnTreeImportsRightClick(const NMHDR* pnmh);
LRESULT OnTreeImportsRightDoubleClick(const NMHDR* pnmh);
void OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnDump(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnInvalidateSelected(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnCutSelected(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnSaveTree(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnLoadTree(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnAutotrace(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnExit(UINT uNotifyCode, int nID, CWindow wndCtl);
void OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl);
// GUI functions
bool showFileDialog(WCHAR * selectedFile, bool save, const WCHAR * defFileName, const WCHAR * filter = NULL, const WCHAR * defExtension = NULL, const WCHAR * directory = NULL);
void fillProcessListComboBox(CComboBox& hCombo);
void setIconAndDialogCaption();
void enableDialogControls(BOOL value);
// Actions
void pickDllActionHandler();
void processSelectedActionHandler(int index);
void showInvalidImportsActionHandler();
void showSuspectImportsActionHandler();
void iatAutosearchActionHandler();
void getImportsActionHandler();
void dumpActionHandler();
void peRebuildActionHandler();
void startDisassemblerGui(CTreeItem selectedTreeNode);
void dumpFixActionHandler();
void showAboutDialog();
void dllInjectActionHandler();
void optionsActionHandler();
void clearImportsActionHandler();
void pluginActionHandler(int menuItem);
// Popup menu functions
void SetupImportsMenuItems(bool isItem, bool isThunk);
void appendPluginListToMenu(CMenuHandle hMenuTrackPopup);
void DisplayContextMenuImports(CWindow, CPoint);
void DisplayContextMenuLog(CWindow, CPoint);
// Log
void clearOutputLog();
bool saveLogToFile(const WCHAR * file);
// Misc
DWORD_PTR getOEPFromGui();
static DWORD_PTR stringToDwordPtr(const WCHAR * hexString);
};
diff --git a/Scylla/MainGui.rc b/Scylla/MainGui.rc
index 8b923c5..09b210d 100644
Binary files a/Scylla/MainGui.rc and b/Scylla/MainGui.rc differ
diff --git a/Scylla/Scylla.vcxproj b/Scylla/Scylla.vcxproj
deleted file mode 100644
index 9106a59..0000000
--- a/Scylla/Scylla.vcxproj
+++ /dev/null
@@ -1,198 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|Win32">
- <Configuration>Debug</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Debug|x64">
- <Configuration>Debug</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|Win32">
- <Configuration>Release</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|x64">
- <Configuration>Release</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{710434C9-FC4B-4F1D-B318-E10ADC78499F}</ProjectGuid>
- <Keyword>Win32Proj</Keyword>
- <RootNamespace>Scylla</RootNamespace>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>true</UseDebugLibraries>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>v90</PlatformToolset>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
- <ConfigurationType>Application</ConfigurationType>
- <UseDebugLibraries>false</UseDebugLibraries>
- <WholeProgramOptimization>true</WholeProgramOptimization>
- <CharacterSet>Unicode</CharacterSet>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <LinkIncremental>true</LinkIncremental>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LinkIncremental>true</LinkIncremental>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <LinkIncremental>false</LinkIncremental>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <LinkIncremental>false</LinkIncremental>
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <ClCompile>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <Optimization>Disabled</Optimization>
- <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
- <GenerateDebugInformation>true</GenerateDebugInformation>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
- <GenerateDebugInformation>false</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- </Link>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <ClCompile>
- <WarningLevel>Level3</WarningLevel>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <Optimization>MaxSpeed</Optimization>
- <FunctionLevelLinking>true</FunctionLevelLinking>
- <IntrinsicFunctions>true</IntrinsicFunctions>
- <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
- <GenerateDebugInformation>false</GenerateDebugInformation>
- <EnableCOMDATFolding>true</EnableCOMDATFolding>
- <OptimizeReferences>true</OptimizeReferences>
- </Link>
- </ItemDefinitionGroup>
- <ItemGroup>
- <ClCompile Include="AboutGui.cpp" />
- <ClCompile Include="ApiReader.cpp" />
- <ClCompile Include="ConfigurationHolder.cpp" />
- <ClCompile Include="DisassemblerGui.cpp" />
- <ClCompile Include="DllInjection.cpp" />
- <ClCompile Include="DllInjectionPlugin.cpp" />
- <ClCompile Include="IATSearch.cpp" />
- <ClCompile Include="ImportRebuild.cpp" />
- <ClCompile Include="ImportsHandling.cpp" />
- <ClCompile Include="Logger.cpp" />
- <ClCompile Include="main.cpp" />
- <ClCompile Include="MainGui.cpp" />
- <ClCompile Include="NativeWinApi.cpp" />
- <ClCompile Include="OptionsGui.cpp" />
- <ClCompile Include="PeDump.cpp" />
- <ClCompile Include="PeRebuild.cpp" />
- <ClCompile Include="PickDllGui.cpp" />
- <ClCompile Include="PluginLoader.cpp" />
- <ClCompile Include="ProcessAccessHelp.cpp" />
- <ClCompile Include="ProcessLister.cpp" />
- <ClCompile Include="SystemInformation.cpp" />
- </ItemGroup>
- <ItemGroup>
- <ClInclude Include="AboutGui.h" />
- <ClInclude Include="ApiReader.h" />
- <ClInclude Include="ConfigurationHolder.h" />
- <ClInclude Include="definitions.h" />
- <ClInclude Include="DisassemblerGui.h" />
- <ClInclude Include="distorm.h" />
- <ClInclude Include="DllInjection.h" />
- <ClInclude Include="DllInjectionPlugin.h" />
- <ClInclude Include="IATSearch.h" />
- <ClInclude Include="ImportRebuild.h" />
- <ClInclude Include="ImportsHandling.h" />
- <ClInclude Include="Logger.h" />
- <ClInclude Include="MainGui.h" />
- <ClInclude Include="NativeWinApi.h" />
- <ClInclude Include="OptionsGui.h" />
- <ClInclude Include="PeDump.h" />
- <ClInclude Include="PeRebuild.h" />
- <ClInclude Include="PickDllGui.h" />
- <ClInclude Include="PluginLoader.h" />
- <ClInclude Include="ProcessAccessHelp.h" />
- <ClInclude Include="ProcessLister.h" />
- <ClInclude Include="resource.h" />
- <ClInclude Include="SystemInformation.h" />
- <ClInclude Include="Thunks.h" />
- </ItemGroup>
- <ItemGroup>
- <ResourceCompile Include="MainGui.rc" />
- </ItemGroup>
- <ItemGroup>
- <None Include="scylla.ico" />
- </ItemGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
\ No newline at end of file
diff --git a/Scylla/Scylla.vcxproj.filters b/Scylla/Scylla.vcxproj.filters
deleted file mode 100644
index 98cc2a3..0000000
--- a/Scylla/Scylla.vcxproj.filters
+++ /dev/null
@@ -1,172 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup>
- <Filter Include="Quelldateien">
- <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
- <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
- </Filter>
- <Filter Include="Headerdateien">
- <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
- <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
- </Filter>
- <Filter Include="Ressourcendateien">
- <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
- <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
- </Filter>
- <Filter Include="Headerdateien\GUI">
- <UniqueIdentifier>{e037d0d5-35ad-4034-83db-746a56a4fee7}</UniqueIdentifier>
- </Filter>
- <Filter Include="Quelldateien\GUI">
- <UniqueIdentifier>{6f76186f-b79c-41e2-8939-05d9de028aad}</UniqueIdentifier>
- </Filter>
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="main.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="MainGui.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="Logger.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="ProcessLister.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="PickDllGui.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="ImportsHandling.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="ApiReader.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="IATSearch.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="ProcessAccessHelp.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="ImportRebuild.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="PeDump.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="PeRebuild.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="DllInjection.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="DllInjectionPlugin.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="PluginLoader.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="ConfigurationHolder.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="DisassemblerGui.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="NativeWinApi.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="SystemInformation.cpp">
- <Filter>Quelldateien</Filter>
- </ClCompile>
- <ClCompile Include="AboutGui.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- <ClCompile Include="OptionsGui.cpp">
- <Filter>Quelldateien\GUI</Filter>
- </ClCompile>
- </ItemGroup>
- <ItemGroup>
- <ClInclude Include="resource.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="MainGui.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="Logger.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="ProcessLister.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="PickDllGui.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="ImportsHandling.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="ApiReader.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="IATSearch.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="distorm.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="ProcessAccessHelp.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="Thunks.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="PeRebuild.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="PeDump.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="ImportRebuild.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="ConfigurationHolder.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="DllInjectionPlugin.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="DllInjection.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="PluginLoader.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="definitions.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="DisassemblerGui.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="NativeWinApi.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="SystemInformation.h">
- <Filter>Headerdateien</Filter>
- </ClInclude>
- <ClInclude Include="AboutGui.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- <ClInclude Include="OptionsGui.h">
- <Filter>Headerdateien\GUI</Filter>
- </ClInclude>
- </ItemGroup>
- <ItemGroup>
- <ResourceCompile Include="MainGui.rc">
- <Filter>Ressourcendateien</Filter>
- </ResourceCompile>
- </ItemGroup>
- <ItemGroup>
- <None Include="scylla.ico">
- <Filter>Ressourcendateien</Filter>
- </None>
- </ItemGroup>
-</Project>
\ No newline at end of file
diff --git a/Scylla/Scylla.vcxproj.user b/Scylla/Scylla.vcxproj.user
deleted file mode 100644
index ace9a86..0000000
--- a/Scylla/Scylla.vcxproj.user
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>
\ No newline at end of file

File Metadata

Mime Type
text/x-diff
Expires
Sun, Sep 22, 3:22 AM (1 d, 17 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
cf/de/ae6932e521bee0b7548c078b72fb

Event Timeline

Back to Main Site