diff --git a/Scylla/ImportsHandling.cpp b/Scylla/ImportsHandling.cpp index 6576f9f..2aa5c5e 100644 --- a/Scylla/ImportsHandling.cpp +++ b/Scylla/ImportsHandling.cpp @@ -1,834 +1,780 @@ #include "ImportsHandling.h" #include "definitions.h" //#define DEBUG_COMMENTS bool ImportModuleThunk::isValid() { std::map::iterator iterator = thunkList.begin(); while (iterator != thunkList.end()) { if (iterator->second.valid == false) { return false; } iterator++; } return true; } DWORD_PTR ImportModuleThunk::getFirstThunk() { if (thunkList.size() > 0) { std::map::iterator iterator = thunkList.begin(); return iterator->first; } else { return 0; } } /*bool ImportsHandling::addModule(WCHAR * moduleName, DWORD_PTR firstThunk) { ImportModuleThunk module; module.firstThunk = firstThunk; wcscpy_s(module.moduleName, MAX_PATH, moduleName); moduleList.insert(std::pair(firstThunk,module)); return true; }*/ /*bool ImportsHandling::addFunction(WCHAR * moduleName, char * name, DWORD_PTR va, DWORD_PTR rva, DWORD_PTR ordinal, bool valid, bool suspect) { ImportThunk import; ImportModuleThunk * module = 0; std::map::iterator iterator1; if (moduleList.size() > 1) { iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { if (rva >= iterator1->second.firstThunk) { iterator1++; if (iterator1 == moduleList.end()) { iterator1--; module = &(iterator1->second); break; } else if (rva < iterator1->second.firstThunk) { iterator1--; module = &(iterator1->second); break; } } } } else { iterator1 = moduleList.begin(); module = &(iterator1->second); } if (!module) { Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(""),rva); return false; } //TODO import.suspect = true; import.valid = false; import.va = va; import.rva = rva; import.ordinal = ordinal; wcscpy_s(import.moduleName, MAX_PATH, moduleName); strcpy_s(import.name, MAX_PATH, name); module->thunkList.insert(std::pair(import.rva, import)); return true; }*/ void ImportsHandling::displayAllImports() { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; HTREEITEM module; HTREEITEM apiFunction; - //HWND idTreeView = GetDlgItem(hWndMainDlg, IDC_TREE_IMPORTS); - - //TreeView_DeleteAllItems(idTreeView); TreeImports.DeleteAllItems(); iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); - module = addDllToTreeView(TreeImports/*idTreeView*/,moduleThunk->moduleName,moduleThunk->firstThunk,moduleThunk->thunkList.size(),moduleThunk->isValid()); + module = addDllToTreeView(TreeImports,moduleThunk->moduleName,moduleThunk->firstThunk,moduleThunk->thunkList.size(),moduleThunk->isValid()); moduleThunk->hTreeItem = module; iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); - apiFunction = addApiToTreeView(TreeImports/*idTreeView*/,module,importThunk); + apiFunction = addApiToTreeView(TreeImports,module,importThunk); importThunk->hTreeItem = apiFunction; iterator2++; } iterator1++; } } HTREEITEM ImportsHandling::addDllToTreeView(CTreeViewCtrl& idTreeView, const WCHAR * dllName, DWORD_PTR firstThunk, size_t numberOfFunctions, bool valid) { WCHAR validString[4]; if (valid) { wcscpy_s(validString,_countof(validString),TEXT("YES")); } else { wcscpy_s(validString,_countof(validString),TEXT("NO")); } swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%s FThunk: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" NbThunk: %02X (dec: %02d) valid: %s"),dllName,firstThunk,numberOfFunctions,numberOfFunctions,validString); + /* tvInsert.hParent = NULL; tvInsert.hInsertAfter = TVI_ROOT; tvInsert.item.mask = TVIF_TEXT|TVIF_IMAGE|TVIF_SELECTEDIMAGE; tvInsert.item.pszText = stringBuffer; - //return TreeView_InsertItem(idTreeView, &tvInsert); - return idTreeView.InsertItem(&tvInsert); + return TreeView_InsertItem(idTreeView, &tvInsert); + */ + return idTreeView.InsertItem(stringBuffer, NULL, TVI_ROOT); } HTREEITEM ImportsHandling::addApiToTreeView(CTreeViewCtrl& idTreeView, HTREEITEM parentDll, ImportThunk * importThunk) { if (importThunk->ordinal != 0) { if (importThunk->name[0] != 0x00) { swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X name: %S"),importThunk->ordinal,importThunk->name); } else { swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X"),importThunk->ordinal); } swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" mod: %s %s"),importThunk->va,importThunk->rva,importThunk->moduleName,tempString); } else { swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" ptr: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(""),importThunk->va,importThunk->rva,importThunk->apiAddressVA); } - + /* tvInsert.hParent = parentDll; tvInsert.hInsertAfter = TVI_LAST; tvInsert.item.mask = TVIF_TEXT|TVIF_IMAGE|TVIF_SELECTEDIMAGE; tvInsert.item.pszText = stringBuffer; - //return TreeView_InsertItem(idTreeView, &tvInsert); - return idTreeView.InsertItem(&tvInsert); + return TreeView_InsertItem(idTreeView, &tvInsert); + */ + return idTreeView.InsertItem(stringBuffer, parentDll, TVI_LAST); } void ImportsHandling::showImports(bool invalid, bool suspect) { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; - //HWND idTreeView = GetDlgItem(hWndMainDlg, IDC_TREE_IMPORTS); - - //SetFocus(idTreeView); - //TreeView_SelectItem(idTreeView,0); //remove selection - TreeImports.SetFocus(); TreeImports.SelectItem(NULL); //remove selection iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (invalid && !importThunk->valid) { selectItem(TreeImports, importThunk->hTreeItem); setFocus(TreeImports, importThunk->hTreeItem); } else if (suspect && importThunk->suspect) { selectItem(TreeImports, importThunk->hTreeItem); setFocus(TreeImports, importThunk->hTreeItem); } else { unselectItem(TreeImports, importThunk->hTreeItem); } iterator2++; } iterator1++; } } bool ImportsHandling::isItemSelected(CTreeViewCtrl& hwndTV, HTREEITEM hItem) { - TV_ITEM tvi; - tvi.mask = TVIF_STATE | TVIF_HANDLE; - tvi.stateMask = TVIS_SELECTED; - tvi.hItem = hItem; - - //TreeView_GetItem(hwndTV, &tvi); - hwndTV.GetItem(&tvi); - - return (tvi.state & TVIS_SELECTED) != 0; + return (hwndTV.GetItemState(hItem, TVIS_SELECTED) & TVIS_SELECTED) != 0; } void ImportsHandling::unselectItem(CTreeViewCtrl& hwndTV, HTREEITEM htItem) { selectItem(hwndTV, htItem, false); } bool ImportsHandling::selectItem(CTreeViewCtrl& hwndTV, HTREEITEM hItem, bool select) { - TV_ITEM tvi; - tvi.mask = TVIF_STATE | TVIF_HANDLE; - tvi.stateMask = TVIS_SELECTED; - tvi.state = select ? TVIS_SELECTED : 0; - tvi.hItem = hItem; - - - //*if ( TreeView_SetItem(hwndTV, &tvi) == -1 ) - if ( hwndTV.SetItem(&tvi) == -1 ) - { - return false; - } - - return true; + return FALSE != hwndTV.SetItemState(hItem, (select ? TVIS_SELECTED : 0), TVIS_SELECTED); } void ImportsHandling::setFocus(CTreeViewCtrl& hwndTV, HTREEITEM htItem) { // the current focus - HTREEITEM htFocus = hwndTV.GetSelectedItem(); //(HTREEITEM)TreeView_GetSelection(hwndTV); + HTREEITEM htFocus = hwndTV.GetSelectedItem(); if ( htItem ) { // set the focus if ( htItem != htFocus ) { // remember the selection state of the item bool wasSelected = isItemSelected(hwndTV, htItem); if ( htFocus && isItemSelected(hwndTV, htFocus) ) { // prevent the tree from unselecting the old focus which it // would do by default (TreeView_SelectItem unselects the // focused item) - hwndTV.SelectItem(NULL); //TreeView_SelectItem(hwndTV, 0); + hwndTV.SelectItem(NULL); selectItem(hwndTV, htFocus); } - hwndTV.SelectItem(htItem); //TreeView_SelectItem(hwndTV, htItem); + hwndTV.SelectItem(htItem); if ( !wasSelected ) { // need to clear the selection which TreeView_SelectItem() gave // us unselectItem(hwndTV, htItem); } //else: was selected, still selected - ok } //else: nothing to do, focus already there } else { if ( htFocus ) { bool wasFocusSelected = isItemSelected(hwndTV, htFocus); // just clear the focus - hwndTV.SelectItem(NULL); //TreeView_SelectItem(hwndTV, 0); + hwndTV.SelectItem(NULL); if ( wasFocusSelected ) { // restore the selection state selectItem(hwndTV, htFocus); } } //else: nothing to do, no focus already } } bool ImportsHandling::invalidateFunction( HTREEITEM selectedTreeNode ) { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; TV_ITEM tvi = {0}; iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (importThunk->hTreeItem == selectedTreeNode) { importThunk->ordinal = 0; importThunk->hint = 0; importThunk->valid = false; importThunk->suspect = false; importThunk->moduleName[0] = 0; importThunk->name[0] = 0; updateImportInTreeView(importThunk); updateModuleInTreeView(moduleThunk); return true; } iterator2++; } iterator1++; } return false; } void ImportsHandling::updateImportInTreeView(ImportThunk * importThunk) { - TV_ITEM tvi = {0}; - //HWND treeControl = GetDlgItem(hWndMainDlg, IDC_TREE_IMPORTS); - if (importThunk->ordinal != 0) { if (importThunk->name[0] != 0x00) { swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X name: %S"),importThunk->ordinal,importThunk->name); } else { swprintf_s(tempString, _countof(tempString),TEXT("ord: %04X"),importThunk->ordinal); } swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" mod: %s %s"),importThunk->va,importThunk->rva,importThunk->moduleName,tempString); } else { swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("va: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" rva: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" prt: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(""),importThunk->va,importThunk->rva,importThunk->apiAddressVA); } - tvi.pszText = stringBuffer; - tvi.cchTextMax = 260; - tvi.hItem = importThunk->hTreeItem; - tvi.mask = TVIF_TEXT; - TreeImports.SetItem(&tvi); //TreeView_SetItem(treeControl,&tvi); + TreeImports.SetItemText(importThunk->hTreeItem, stringBuffer); } void ImportsHandling::updateModuleInTreeView(ImportModuleThunk * importThunk) { - TV_ITEM tvi = {0}; - //HWND treeControl = GetDlgItem(hWndMainDlg,IDC_TREE_IMPORTS); - WCHAR validString[4]; if (importThunk->isValid()) { wcscpy_s(validString,_countof(validString),TEXT("YES")); } else { wcscpy_s(validString,_countof(validString),TEXT("NO")); } swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%s FThunk: ")TEXT(PRINTF_DWORD_PTR_HALF)TEXT(" NbThunk: %02X (dec: %02d) valid: %s"),importThunk->moduleName,importThunk->firstThunk,importThunk->thunkList.size(),importThunk->thunkList.size(),validString); - - tvi.pszText = stringBuffer; - tvi.cchTextMax = 260; - tvi.hItem = importThunk->hTreeItem; - tvi.mask = TVIF_TEXT; - TreeImports.SetItem(&tvi); //TreeView_SetItem(treeControl,&tvi); + TreeImports.SetItemText(importThunk->hTreeItem, stringBuffer); } bool ImportsHandling::cutThunk( HTREEITEM selectedTreeNode ) { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; - TV_ITEM tvi = {0}; - //HWND treeControl = GetDlgItem(hWndMainDlg,IDC_TREE_IMPORTS); - iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (importThunk->hTreeItem == selectedTreeNode) { - TreeImports.DeleteItem(importThunk->hTreeItem); //TreeView_DeleteItem(treeControl,importThunk->hTreeItem); + TreeImports.DeleteItem(importThunk->hTreeItem); moduleThunk->thunkList.erase(iterator2); if (moduleThunk->thunkList.empty()) { - TreeImports.DeleteItem(moduleThunk->hTreeItem); //TreeView_DeleteItem(treeControl,moduleThunk->hTreeItem); + TreeImports.DeleteItem(moduleThunk->hTreeItem); moduleList.erase(iterator1); } else { updateModuleInTreeView(moduleThunk); } return true; } iterator2++; } iterator1++; } return false; } bool ImportsHandling::deleteTreeNode( HTREEITEM selectedTreeNode ) { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; - TV_ITEM tvi = {0}; - //HWND treeControl = GetDlgItem(hWndMainDlg,IDC_TREE_IMPORTS); - iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); - - if (moduleThunk->hTreeItem == selectedTreeNode) { - TreeImports.DeleteItem(moduleThunk->hTreeItem); //TreeView_DeleteItem(treeControl,moduleThunk->hTreeItem); + TreeImports.DeleteItem(moduleThunk->hTreeItem); moduleThunk->thunkList.clear(); moduleList.erase(iterator1); return true; } else { iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (importThunk->hTreeItem == selectedTreeNode) { - TreeImports.DeleteItem(moduleThunk->hTreeItem); //TreeView_DeleteItem(treeControl,moduleThunk->hTreeItem); + TreeImports.DeleteItem(moduleThunk->hTreeItem); moduleThunk->thunkList.clear(); moduleList.erase(iterator1); return true; } iterator2++; } } - - iterator1++; } return false; } DWORD_PTR ImportsHandling::getApiAddressByNode( HTREEITEM selectedTreeNode ) { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; - iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (importThunk->hTreeItem == selectedTreeNode) { return importThunk->apiAddressVA; } iterator2++; } iterator1++; } return 0; } void ImportsHandling::scanAndFixModuleList() { std::map::iterator iterator1; std::map::iterator iterator2; ImportModuleThunk * moduleThunk; ImportThunk * importThunk; iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); iterator2 = moduleThunk->thunkList.begin(); while (iterator2 != moduleThunk->thunkList.end()) { importThunk = &(iterator2->second); if (importThunk->moduleName[0] == 0 || importThunk->moduleName[0] == L'?') { addNotFoundApiToModuleList(importThunk); } else { if (isNewModule(importThunk->moduleName)) { addModuleToModuleList(importThunk->moduleName, importThunk->rva); } addFunctionToModuleList(importThunk); } iterator2++; } moduleThunk->thunkList.clear(); iterator1++; } moduleList.clear(); moduleList.insert(moduleListNew.begin(), moduleListNew.end()); moduleListNew.clear(); } bool ImportsHandling::findNewModules( std::map & thunkList ) { throw std::exception("The method or operation is not implemented."); } bool ImportsHandling::addModuleToModuleList(const WCHAR * moduleName, DWORD_PTR firstThunk) { ImportModuleThunk module; module.firstThunk = firstThunk; wcscpy_s(module.moduleName, MAX_PATH, moduleName); moduleListNew.insert(std::pair(firstThunk,module)); return true; } bool ImportsHandling::isNewModule(const WCHAR * moduleName) { std::map::iterator iterator1; iterator1 = moduleListNew.begin(); while (iterator1 != moduleListNew.end()) { if (!_wcsicmp(iterator1->second.moduleName, moduleName)) { return false; } iterator1++; } return true; } void ImportsHandling::addUnknownModuleToModuleList(DWORD_PTR firstThunk) { ImportModuleThunk module; module.firstThunk = firstThunk; wcscpy_s(module.moduleName, MAX_PATH, TEXT("?")); moduleListNew.insert(std::pair(firstThunk,module)); } bool ImportsHandling::addNotFoundApiToModuleList(ImportThunk * apiNotFound) { ImportThunk import; ImportModuleThunk * module = 0; std::map::iterator iterator1; DWORD_PTR rva = apiNotFound->rva; if (moduleListNew.size() > 0) { iterator1 = moduleListNew.begin(); while (iterator1 != moduleListNew.end()) { if (rva >= iterator1->second.firstThunk) { iterator1++; if (iterator1 == moduleListNew.end()) { iterator1--; //new unknown module if (iterator1->second.moduleName[0] == L'?') { module = &(iterator1->second); } else { addUnknownModuleToModuleList(apiNotFound->rva); module = &(moduleListNew.find(rva)->second); } break; } else if (rva < iterator1->second.firstThunk) { iterator1--; module = &(iterator1->second); break; } } else { #ifdef DEBUG_COMMENTS Logger::debugLog("Error iterator1 != (*moduleThunkList).end()\r\n"); #endif break; } } } else { //new unknown module addUnknownModuleToModuleList(apiNotFound->rva); module = &(moduleListNew.find(rva)->second); } if (!module) { #ifdef DEBUG_COMMENTS Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("\r\n"),rva); #endif return false; } import.suspect = true; import.valid = false; import.va = apiNotFound->va; import.rva = apiNotFound->rva; import.apiAddressVA = apiNotFound->apiAddressVA; import.ordinal = 0; wcscpy_s(import.moduleName, MAX_PATH, TEXT("?")); strcpy_s(import.name, MAX_PATH, "?"); module->thunkList.insert(std::pair(import.rva, import)); return true; } bool ImportsHandling::addFunctionToModuleList(ImportThunk * apiFound) { ImportThunk import; ImportModuleThunk * module = 0; std::map::iterator iterator1; if (moduleListNew.size() > 1) { iterator1 = moduleListNew.begin(); while (iterator1 != moduleListNew.end()) { if (apiFound->rva >= iterator1->second.firstThunk) { iterator1++; if (iterator1 == moduleListNew.end()) { iterator1--; module = &(iterator1->second); break; } else if (apiFound->rva < iterator1->second.firstThunk) { iterator1--; module = &(iterator1->second); break; } } else { #ifdef DEBUG_COMMENTS Logger::debugLog(TEXT("Error iterator1 != moduleListNew.end()\r\n")); #endif break; } } } else { iterator1 = moduleListNew.begin(); module = &(iterator1->second); } if (!module) { #ifdef DEBUG_COMMENTS Logger::debugLog(TEXT("ImportsHandling::addFunction module not found rva ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("\r\n"),apiFound->rva); #endif return false; } import.suspect = apiFound->suspect; import.valid = apiFound->valid; import.va = apiFound->va; import.rva = apiFound->rva; import.apiAddressVA = apiFound->apiAddressVA; import.ordinal = apiFound->ordinal; import.hint = apiFound->hint; wcscpy_s(import.moduleName, MAX_PATH, apiFound->moduleName); strcpy_s(import.name, MAX_PATH, apiFound->name); module->thunkList.insert(std::pair(import.rva, import)); return true; } void ImportsHandling::expandAllTreeNodes() { changeExpandStateOfTreeNodes(TVE_EXPAND); } void ImportsHandling::collapseAllTreeNodes() { changeExpandStateOfTreeNodes(TVE_COLLAPSE); } void ImportsHandling::changeExpandStateOfTreeNodes(UINT flag) { std::map::iterator iterator1; ImportModuleThunk * moduleThunk; - //HWND treeControl = GetDlgItem(hWndMainDlg,IDC_TREE_IMPORTS); - iterator1 = moduleList.begin(); while (iterator1 != moduleList.end()) { moduleThunk = &(iterator1->second); - TreeImports.Expand(moduleThunk->hTreeItem, flag); //TreeView_Expand(treeControl, moduleThunk->hTreeItem, flag); + TreeImports.Expand(moduleThunk->hTreeItem, flag); iterator1++; } } diff --git a/Scylla/MainGui.cpp b/Scylla/MainGui.cpp index dd15afb..85c2847 100644 --- a/Scylla/MainGui.cpp +++ b/Scylla/MainGui.cpp @@ -1,857 +1,824 @@ #include "MainGui.h" #include "definitions.h" #include "PluginLoader.h" #include "ConfigurationHolder.h" #include "PeDump.h" #include "PeRebuild.h" #include "DllInjectionPlugin.h" #include "DisassemblerGui.h" #include "NativeWinApi.h" #include "ImportRebuild.h" #include "SystemInformation.h" #include "AboutGui.h" #include "OptionsGui.h" MainGui::MainGui(HINSTANCE hInstance) : selectedProcess(0), importsHandling(TreeImports) { this->hInstance = hInstance; Logger::getDebugLogFilePath(); ConfigurationHolder::loadConfiguration(); PluginLoader::findAllPlugins(); NativeWinApi::initialize(); SystemInformation::getSystemInformation(); } BOOL MainGui::OnInitDialog(CWindow wndFocus, LPARAM lInitParam) { if (SystemInformation::currenOS == UNKNOWN_OS) { - ::MessageBox(0, TEXT("Operating System is not supported"), TEXT("Error Operating System"), MB_OK); + MessageBox(L"Operating System is not supported", L"Error Operating System", MB_ICONERROR); EndDialog(0); - return TRUE; + return FALSE; } if(ConfigurationHolder::getConfigObject(DEBUG_PRIVILEGE)->isTrue()) { processLister.setDebugPrivileges(); } processAccessHelp.getProcessModules(GetCurrentProcessId(), processAccessHelp.ownModuleList); TreeImports.Attach(GetDlgItem(IDC_TREE_IMPORTS)); ComboProcessList.Attach(GetDlgItem(IDC_CBO_PROCESSLIST)); ListLog.Attach(GetDlgItem(IDC_LIST_LOG)); EditOEPAddress.Attach(GetDlgItem(IDC_EDIT_OEPADDRESS)); EditIATAddress.Attach(GetDlgItem(IDC_EDIT_IATADDRESS)); EditIATSize.Attach(GetDlgItem(IDC_EDIT_IATSIZE)); EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH); EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH); EditOEPAddress.LimitText(MAX_HEX_VALUE_EDIT_LENGTH); enableDialogButtons(FALSE); setIconAndDialogCaption(); return TRUE; } void MainGui::OnLButtonDown(UINT nFlags, CPoint point) { } void MainGui::OnContextMenu(CWindow wnd, CPoint point) { //TV_ITEM tvi; //WCHAR ttt[260] = {0}; //HTREEITEM selectedTreeNode = 0; if(wnd.GetDlgCtrlID() == IDC_TREE_IMPORTS) { if(TreeImports.GetCount()) //module list should not be empty { /*selectedTreeNode = (HTREEITEM)SendDlgItemMessage(hWndMainDlg,IDC_TREE_IMPORTS,TVM_GETNEXTITEM,TVGN_CARET,(LPARAM)selectedTreeNode); tvi.mask=TVIF_TEXT; // item text attrivute tvi.pszText=ttt; // Text is the pointer to the text tvi.cchTextMax=260; // size of text to retrieve. tvi.hItem=selectedTreeNode; // the selected item SendDlgItemMessage(hWndMainDlg,IDC_TREE_IMPORTS,TVM_GETITEM,TVGN_CARET,(LPARAM)&tvi); Logger::printfDialog(L"selected %s",tvi.pszText);*/ //CPoint pt = GetMessagePos(); //UINT flags = 0; //if(TreeImports.HitTest(pt, &flags)) //{ DisplayContextMenuImports(wnd, point); //} } return; } //if (PtInRect(&rc, pt)) //{ // ClientToScreen(hwnd, &pt); // DisplayContextMenu(hwnd, pt); // return TRUE; //} } LRESULT MainGui::OnTreeImportsClick(const NMHDR* pnmh) { //Logger::printfDialog(L"NM_CLICK"); return FALSE; } LRESULT MainGui::OnTreeImportsDoubleClick(const NMHDR* pnmh) { //Logger::printfDialog(L"NM_DBLCLK"); return FALSE; } LRESULT MainGui::OnTreeImportsRightClick(const NMHDR* pnmh) { //Logger::printfDialog(L"NM_RCLICK"); /* HTREEITEM selectedTreeNode = TreeImports.GetNextItem(NULL, TVGN_DROPHILITE); if(selectedTreeNode != NULL) { TreeImports.Select(selectedTreeNode, TVGN_CARET); } */ return FALSE; } LRESULT MainGui::OnTreeImportsRightDoubleClick(const NMHDR* pnmh) { //Logger::printfDialog(L"NM_RDBLCLK"); return FALSE; } void MainGui::OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl) { fillProcessListComboBox(ComboProcessList); } void MainGui::OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl) { processSelectedActionHandler(ComboProcessList.GetCurSel()); - //processSelectedActionHandler(SendMessage(GetDlgItem(hWndDlg, IDC_CBO_PROCESSLIST),CB_GETCURSEL,0,0)); } void MainGui::OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl) { pickDllActionHandler(); } void MainGui::OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl) { optionsActionHandler(); } void MainGui::OnDump(UINT uNotifyCode, int nID, CWindow wndCtl) { dumpActionHandler(); } void MainGui::OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl) { dumpFixActionHandler(); } void MainGui::OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl) { peRebuildActionHandler(); } void MainGui::OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl) { dllInjectActionHandler(); } void MainGui::OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl) { iatAutosearchActionHandler(); } void MainGui::OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl) { getImportsActionHandler(); } void MainGui::OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl) { showInvalidImportsActionHandler(); } void MainGui::OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl) { showSuspectImportsActionHandler(); } void MainGui::OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl) { TreeImports.DeleteAllItems(); importsHandling.moduleList.clear(); } void MainGui::OnClearLog(UINT uNotifyCode, int nID, CWindow wndCtl) { clearOutputLog(); } void MainGui::OnExit(UINT uNotifyCode, int nID, CWindow wndCtl) { EndDialog(0); } void MainGui::OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl) { showAboutDialog(); } void MainGui::setIconAndDialogCaption() { - HICON hicon = LoadIcon(GetModuleHandle(0), MAKEINTRESOURCE(IDI_ICON_SCYLLA1)); - - SetIcon(hicon, TRUE); - SetIcon(hicon, FALSE); + CIconHandle hicon; // Resource leak! + if(hicon.LoadIcon(IDI_ICON_SCYLLA1)) + { + SetIcon(hicon, TRUE); + SetIcon(hicon, FALSE); + } SetWindowText(TEXT(APPNAME)TEXT(" ")TEXT(ARCHITECTURE)TEXT(" ")TEXT(APPVERSION)); } void MainGui::pickDllActionHandler() { if (PickDllGui::initDialog(hInstance,m_hWnd, processAccessHelp.moduleList)) { //get selected module processAccessHelp.selectedModule = PickDllGui::selectedModule; Logger::printfDialog(TEXT("->>> Module %s selected."), processAccessHelp.selectedModule->getFilename()); Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),processAccessHelp.selectedModule->modBaseAddr,processAccessHelp.selectedModule->modBaseSize); } else { processAccessHelp.selectedModule = 0; } } void MainGui::startDisassemblerGui(HTREEITEM selectedTreeNode) { DWORD_PTR address = importsHandling.getApiAddressByNode(selectedTreeNode); if (address) { DisassemblerGui::initDialog(hInstance,m_hWnd,address); } } void MainGui::processSelectedActionHandler(int index) { std::vector& processList = processLister.getProcessList(); Process &process = processList.at(index); selectedProcess = &process; enableDialogButtons(TRUE); Logger::printfDialog(TEXT("Analyzing %s"),process.fullPath); if (processAccessHelp.hProcess != 0) { processAccessHelp.closeProcessHandle(); apiReader.clearAll(); } if (!processAccessHelp.openProcessHandle(process.PID)) { Logger::printfDialog(TEXT("Error: Cannot open process handle.")); return; } processAccessHelp.getProcessModules(process.PID, processAccessHelp.moduleList); apiReader.readApisFromModuleList(); Logger::printfDialog(TEXT("Loading modules done.")); //TODO improve processAccessHelp.selectedModule = 0; processAccessHelp.targetSizeOfImage = process.imageSize; processAccessHelp.targetImageBase = process.imageBase; ProcessAccessHelp::getSizeOfImageCurrentProcess(); process.imageSize = (DWORD)processAccessHelp.targetSizeOfImage; Logger::printfDialog(TEXT("Imagebase: ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size: %08X"),process.imageBase, process.imageSize); selectedProcess->entryPoint = ProcessAccessHelp::getEntryPointFromFile(selectedProcess->fullPath); swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),selectedProcess->entryPoint + selectedProcess->imageBase); - //SetDlgItemText(hWndMainDlg, IDC_EDIT_OEPADDRESS, stringBuffer); EditOEPAddress.SetWindowText(stringBuffer); } void MainGui::fillProcessListComboBox(CComboBox& hCombo) { hCombo.ResetContent(); std::vector& processList = processLister.getProcessListSnapshot(); for (size_t i = 0; i < processList.size(); i++) { swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("0x%04X - %s - %s"),processList[i].PID,processList[i].filename,processList[i].fullPath); hCombo.AddString(stringBuffer); } } void MainGui::addTextToOutputLog(const WCHAR * text) { if (m_hWnd) { - //HWND hList = GetDlgItem(hWndMainDlg,IDC_LIST_LOG); - - //ListBox_SetCurSel(hList, ListBox_AddString(hList,text)); - ListLog.SetCurSel(ListLog.AddString(text)); } } void MainGui::clearOutputLog() { if (m_hWnd) { ListLog.ResetContent(); - //SendDlgItemMessage(hWndMainDlg, IDC_LIST_LOG, LB_RESETCONTENT, 0, 0); } } void MainGui::showInvalidImportsActionHandler() { importsHandling.showImports(true, false); } void MainGui::showSuspectImportsActionHandler() { importsHandling.showImports(false, true); } void MainGui::iatAutosearchActionHandler() { DWORD_PTR searchAddress = 0; DWORD_PTR addressIAT = 0; DWORD sizeIAT = 0; IATSearch iatSearch; - EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)); - //GetDlgItemText(hWndMainDlg, IDC_EDIT_OEPADDRESS, stringBuffer, _countof(stringBuffer)); - - if (wcslen(stringBuffer) > 1) + if(EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 1) { searchAddress = stringToDwordPtr(stringBuffer); if (searchAddress) { if (iatSearch.searchImportAddressTableInProcess(searchAddress, &addressIAT, &sizeIAT)) { Logger::printfDialog(TEXT("IAT found at VA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" RVA ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d)"),addressIAT, addressIAT - processAccessHelp.targetImageBase,sizeIAT,sizeIAT); swprintf_s(stringBuffer, _countof(stringBuffer),TEXT(PRINTF_DWORD_PTR_FULL),addressIAT); EditIATAddress.SetWindowText(stringBuffer); - //SetDlgItemText(hWndMainDlg,IDC_EDIT_IATADDRESS,stringBuffer); swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("%08X"),sizeIAT); EditIATSize.SetWindowText(stringBuffer); - //SetDlgItemText(hWndMainDlg,IDC_EDIT_IATSIZE,stringBuffer); swprintf_s(stringBuffer, _countof(stringBuffer),TEXT("IAT found! Start Address ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT(" Size 0x%04X (%d) "),addressIAT,sizeIAT,sizeIAT); - MessageBox(stringBuffer, TEXT("IAT found")); - + MessageBox(stringBuffer, L"IAT found", MB_ICONINFORMATION); } else { Logger::printfDialog(TEXT("IAT not found at OEP ")TEXT(PRINTF_DWORD_PTR_FULL)TEXT("!"),searchAddress); } } - } } void MainGui::getImportsActionHandler() { DWORD_PTR addressIAT = 0; DWORD sizeIAT = 0; - EditIATAddress.GetWindowText(stringBuffer, _countof(stringBuffer)); - //GetDlgItemText(hWndMainDlg, IDC_EDIT_IATADDRESS, stringBuffer, sizeof(stringBuffer)); - addressIAT = stringToDwordPtr(stringBuffer); + if (EditIATAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0) + { + addressIAT = stringToDwordPtr(stringBuffer); + } - EditIATSize.GetWindowText(stringBuffer, _countof(stringBuffer)); - //GetDlgItemText(hWndMainDlg, IDC_EDIT_IATSIZE, stringBuffer, sizeof(stringBuffer)); - sizeIAT = wcstoul(stringBuffer, NULL, 16); + if (EditIATSize.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0) + { + sizeIAT = wcstoul(stringBuffer, NULL, 16); + } if (addressIAT && sizeIAT) { apiReader.readAndParseIAT(addressIAT, sizeIAT,importsHandling.moduleList); importsHandling.displayAllImports(); } } - DWORD_PTR MainGui::stringToDwordPtr(WCHAR * hexString) { DWORD_PTR address = 0; #ifdef _WIN64 address = _wcstoui64(hexString, NULL, 16); #else address = wcstoul(hexString, NULL, 16); #endif if (address == 0) { #ifdef DEBUG_COMMENTS Logger::debugLog(L"stringToDwordPtr :: address == 0, %s",hexString); #endif return 0; } else { return address; } } -void MainGui::DisplayContextMenuImports(HWND hwnd, POINT pt) +void MainGui::DisplayContextMenuImports(CWindow hwnd, POINT pt) { BOOL menuItem = 0; HTREEITEM selectedTreeNode = 0; std::vector &pluginList = PluginLoader::getScyllaPluginList(); - HMENU hmenuTrackPopup = getCorrectSubMenu(IDR_MENU_IMPORTS, 0); - - appendPluginListToMenu(hmenuTrackPopup); + CMenuHandle hmenuTrackPopup = getCorrectSubMenu(IDR_MENU_IMPORTS, 0); if (hmenuTrackPopup) { - menuItem = TrackPopupMenu(hmenuTrackPopup, TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, 0, hwnd, 0); + appendPluginListToMenu(hmenuTrackPopup); + + menuItem = hmenuTrackPopup.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd); + hmenuTrackPopup.DestroyMenu(); if (menuItem) { - if ((menuItem >= PLUGIN_MENU_BASE_ID) && (menuItem <= (int)(PluginLoader::getScyllaPluginList().size() + PluginLoader::getImprecPluginList().size() + PLUGIN_MENU_BASE_ID))) { //wsprintf(stringBuffer, L"%d %s\n",menuItem,pluginList[menuItem - PLUGIN_MENU_BASE_ID].pluginName); - //MessageBox(0,stringBuffer,L"plugin selection",0); + //MessageBox(stringBuffer, L"plugin selection"); pluginActionHandler(menuItem); return; } - selectedTreeNode = TreeImports.GetNextItem(selectedTreeNode, TVGN_CARET); - //selectedTreeNode = (HTREEITEM)SendDlgItemMessage(hWndMainDlg,IDC_TREE_IMPORTS,TVM_GETNEXTITEM,TVGN_CARET,(LPARAM)selectedTreeNode); + selectedTreeNode = TreeImports.GetSelectedItem(); //TreeImports.GetNextItem(selectedTreeNode, TVGN_CARET); switch (menuItem) { case ID__INVALIDATEFUNCTION: { importsHandling.invalidateFunction(selectedTreeNode); } break; case ID__DISASSEMBLE: { startDisassemblerGui(selectedTreeNode); } break; case ID__CUTTHUNK: { importsHandling.cutThunk(selectedTreeNode); } break; case ID__DELETETREENODE: { importsHandling.deleteTreeNode(selectedTreeNode); } break; case ID__EXPANDALLNODES: { importsHandling.expandAllTreeNodes(); } break; case ID__COLLAPSEALLNODES: { importsHandling.collapseAllTreeNodes(); } break; } } } } -HMENU MainGui::getCorrectSubMenu(int menuItem, int subMenuItem) +CMenuHandle MainGui::getCorrectSubMenu(int menuItem, int subMenuItem) { - HMENU hmenu; // top-level menu - HMENU hmenuTrackPopup; // shortcut menu - // Load the menu resource. - if ((hmenu = LoadMenu(hInstance, MAKEINTRESOURCE(menuItem))) == NULL) - return 0; + CMenuHandle hmenu; // top-level menu - hmenuTrackPopup = GetSubMenu(hmenu, subMenuItem); + // Load the menu resource. + if (!hmenu.LoadMenu(menuItem)) + return NULL; - if (hmenuTrackPopup) - { - return hmenuTrackPopup; - } - else - { - return 0; - } + return hmenu.GetSubMenu(subMenuItem); } -void MainGui::DisplayContextMenu(HWND hwnd, POINT pt) +void MainGui::DisplayContextMenu(CWindow hwnd, POINT pt) { - HMENU hmenu; // top-level menu - HMENU hmenuTrackPopup; // shortcut menu + CMenu hmenu; // top-level menu + CMenuHandle hmenuTrackPopup; // shortcut menu int menuItem; // selected menu item // Load the menu resource. - if ((hmenu = LoadMenu(hInstance, MAKEINTRESOURCE(IDR_MENU_IMPORTS))) == NULL) + if (!hmenu.LoadMenu(IDR_MENU_IMPORTS)) return; // TrackPopupMenu cannot display the menu bar so get // a handle to the first shortcut menu. - hmenuTrackPopup = GetSubMenu(hmenu, 0); + hmenuTrackPopup = hmenu.GetSubMenu(0); // Display the shortcut menu. Track the right mouse // button. if (!hmenuTrackPopup) { - MessageBoxA(0,"hmenuTrackPopup == null","hmenuTrackPopup",0); + MessageBox(L"hmenuTrackPopup == null", L"hmenuTrackPopup"); } - menuItem = TrackPopupMenu(hmenuTrackPopup, TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, 0, hwnd, NULL); + menuItem = hmenuTrackPopup.TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON | TPM_RETURNCMD, pt.x, pt.y, hwnd); if (menuItem) { /*if (menuItem == ID_LISTCONTROL_SHOWEXPORTS) { - MessageBox(0,"exports","dshhhhh",0); + MessageBox(L"exports",L"dshhhhh"); }*/ } - - // Destroy the menu. - - DestroyMenu(hmenu); } -void MainGui::appendPluginListToMenu(HMENU hMenuTrackPopup) +void MainGui::appendPluginListToMenu(CMenuHandle hMenuTrackPopup) { - CMenu newMenu = CreatePopupMenu(); //HMENU newMenu = CreatePopupMenu(); - std::vector &scyllaPluginList = PluginLoader::getScyllaPluginList(); std::vector &imprecPluginList = PluginLoader::getImprecPluginList(); if (scyllaPluginList.size() > 0) { + CMenuHandle newMenu; + newMenu.CreatePopupMenu(); + for (size_t i = 0; i < scyllaPluginList.size(); i++) { - - AppendMenu(newMenu, MF_STRING, i + PLUGIN_MENU_BASE_ID, scyllaPluginList[i].pluginName); + newMenu.AppendMenu(MF_STRING, i + PLUGIN_MENU_BASE_ID, scyllaPluginList[i].pluginName); } - AppendMenu(hMenuTrackPopup,MF_MENUBARBREAK,0,0); - AppendMenu(hMenuTrackPopup,MF_POPUP,(UINT_PTR)(HMENU)newMenu,TEXT("Scylla Plugins")); + hMenuTrackPopup.AppendMenu(MF_MENUBARBREAK); + hMenuTrackPopup.AppendMenu(MF_POPUP, newMenu, L"Scylla Plugins"); } - newMenu = CreatePopupMenu(); - if (imprecPluginList.size() > 0) { + CMenuHandle newMenu; + newMenu.CreatePopupMenu(); + for (size_t i = 0; i < imprecPluginList.size(); i++) { - AppendMenu(newMenu, MF_STRING, scyllaPluginList.size() + i + PLUGIN_MENU_BASE_ID, imprecPluginList[i].pluginName); + newMenu.AppendMenu(MF_STRING, scyllaPluginList.size() + i + PLUGIN_MENU_BASE_ID, imprecPluginList[i].pluginName); } - AppendMenu(hMenuTrackPopup,MF_MENUBARBREAK,0,0); - AppendMenu(hMenuTrackPopup,MF_POPUP,(UINT_PTR)(HMENU)newMenu,TEXT("ImpREC Plugins")); + hMenuTrackPopup.AppendMenu(MF_MENUBARBREAK); + hMenuTrackPopup.AppendMenu(MF_POPUP, newMenu, L"ImpREC Plugins"); } - } void MainGui::dumpActionHandler() { WCHAR * targetFile = 0; PeDump peDump; if (processAccessHelp.selectedModule) { targetFile = ProcessAccessHelp::selectFileToSave(0, 0); } else { targetFile = ProcessAccessHelp::selectFileToSave(0, 1); } if (targetFile) { if (processAccessHelp.selectedModule) { //dump DLL peDump.imageBase = processAccessHelp.selectedModule->modBaseAddr; peDump.sizeOfImage = processAccessHelp.selectedModule->modBaseSize; //get it from gui peDump.entryPoint = getOEPFromGui(); wcscpy_s(peDump.fullpath, MAX_PATH, processAccessHelp.selectedModule->fullPath); } else { peDump.imageBase = ProcessAccessHelp::targetImageBase; peDump.sizeOfImage = (DWORD)ProcessAccessHelp::targetSizeOfImage; //get it from gui peDump.entryPoint = getOEPFromGui(); wcscpy_s(peDump.fullpath, MAX_PATH, selectedProcess->fullPath); } peDump.useHeaderFromDisk = ConfigurationHolder::getConfigObject(USE_PE_HEADER_FROM_DISK)->isTrue(); if (peDump.dumpCompleteProcessToDisk(targetFile)) { Logger::printfDialog(TEXT("Dump success %s"),targetFile); - //MessageBox(hWndMainDlg,TEXT("Image dumped successfully."),TEXT("Success"),MB_OK); + //MessageBox(L"Image dumped successfully.", L"Success"); } else { Logger::printfDialog(TEXT("Error: Cannot dump image.")); - MessageBox(TEXT("Cannot dump image."),TEXT("Failure")); + MessageBox(L"Cannot dump image.", L"Failure", MB_ICONERROR); } delete [] targetFile; } } DWORD_PTR MainGui::getOEPFromGui() { - //if (GetDlgItemText(hWndMainDlg, IDC_EDIT_OEPADDRESS, stringBuffer, _countof(stringBuffer))) if (EditOEPAddress.GetWindowText(stringBuffer, _countof(stringBuffer)) > 0) { return stringToDwordPtr(stringBuffer); } else { return 0; } } void MainGui::peRebuildActionHandler() { DWORD newSize = 0; WCHAR * targetFile = 0; PeRebuild peRebuild; targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 2); if (targetFile) { if (ConfigurationHolder::getConfigObject(CREATE_BACKUP)->isTrue()) { if (!ProcessAccessHelp::createBackupFile(targetFile)) { Logger::printfDialog(TEXT("Creating backup file failed %s"), targetFile); } } LONGLONG fileSize = ProcessAccessHelp::getFileSize(targetFile); LPVOID mapped = peRebuild.createFileMappingViewFull(targetFile); newSize = peRebuild.realignPE(mapped, (DWORD)fileSize); peRebuild.closeAllMappingHandles(); if (newSize < 10) { Logger::printfDialog(TEXT("Rebuild failed %s"), targetFile); - MessageBox(TEXT("Rebuild failed."),TEXT("Failure")); + MessageBox(L"Rebuild failed.", L"Failure", MB_ICONERROR); } else { peRebuild.truncateFile(targetFile, newSize); Logger::printfDialog(TEXT("Rebuild success %s"), targetFile); Logger::printfDialog(TEXT("-> Old file size 0x%08X new file size 0x%08X (%d %%)"), (DWORD)fileSize, newSize, (DWORD)((newSize * 100) / (DWORD)fileSize) ); - //MessageBox(hWndMainDlg,TEXT("Image rebuilded successfully."),TEXT("Success"),MB_OK); + //MessageBox(L"Image rebuilded successfully.", L"Success", MB_ICONINFORMATION); } - delete [] targetFile; } } void MainGui::dumpFixActionHandler() { WCHAR * targetFile = 0; WCHAR newFilePath[MAX_PATH]; ImportRebuild importRebuild; - //if (TreeView_GetCount(GetDlgItem(hWndMainDlg, IDC_TREE_IMPORTS)) < 2) if (TreeImports.GetCount() < 2) { Logger::printfDialog(TEXT("Nothing to rebuild")); return; } if (processAccessHelp.selectedModule) { targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 0); } else { targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 1); } if (targetFile) { wcscpy_s(newFilePath,MAX_PATH,targetFile); - for (size_t i = wcslen(newFilePath) - 1; i >= 0; i--) + WCHAR* dot = wcsrchr(newFilePath, L'.'); + if (dot) { - if (newFilePath[i] == L'.') - { - newFilePath[i] = 0; - break; - } + *dot = L'\0'; } if (processAccessHelp.selectedModule) { wcscat_s(newFilePath,MAX_PATH, L"_SCY.dll"); } else { wcscat_s(newFilePath,MAX_PATH, L"_SCY.exe"); } if (importRebuild.rebuildImportTable(targetFile,newFilePath,importsHandling.moduleList)) { - //MessageBox(hWndMainDlg,L"Imports rebuilding successful",L"Success",MB_OK); + //MessageBox(L"Imports rebuilding successful", L"Success", MB_ICONINFORMATION); Logger::printfDialog(TEXT("Import Rebuild success %s"), newFilePath); } else { Logger::printfDialog(TEXT("Import Rebuild failed, target %s"), targetFile); - MessageBox(L"Imports rebuilding failed",L"Failure"); + MessageBox(L"Imports rebuilding failed", L"Failure", MB_ICONERROR); } delete [] targetFile; } } void MainGui::enableDialogButtons(BOOL value) { GetDlgItem(IDC_BTN_PICKDLL).EnableWindow(value); GetDlgItem(IDC_BTN_DUMP).EnableWindow(value); GetDlgItem(IDC_BTN_DLLINJECT).EnableWindow(value); GetDlgItem(IDC_BTN_FIXDUMP).EnableWindow(value); GetDlgItem(IDC_BTN_IATAUTOSEARCH).EnableWindow(value); GetDlgItem(IDC_BTN_GETIMPORTS).EnableWindow(value); GetDlgItem(IDC_BTN_SUSPECTIMPORTS).EnableWindow(value); GetDlgItem(IDC_BTN_INVALIDIMPORTS).EnableWindow(value); GetDlgItem(IDC_BTN_CLEARIMPORTS).EnableWindow(value); GetDlgItem(IDC_BTN_OPTIONS).EnableWindow(TRUE); //not yet implemented GetDlgItem(IDC_BTN_AUTOTRACE).EnableWindow(FALSE); GetDlgItem(IDC_BTN_SAVETREE).EnableWindow(FALSE); GetDlgItem(IDC_BTN_LOADTREE).EnableWindow(FALSE); } void MainGui::showAboutDialog() { AboutGui::initDialog(hInstance, m_hWnd); } void MainGui::dllInjectActionHandler() { WCHAR * targetFile = 0; HMODULE hMod = 0; DllInjection dllInjection; targetFile = ProcessAccessHelp::selectFileToSave(OFN_FILEMUSTEXIST, 0); if (targetFile) { hMod = dllInjection.dllInjection(ProcessAccessHelp::hProcess, targetFile); if (hMod && ConfigurationHolder::getConfigObject(DLL_INJECTION_AUTO_UNLOAD)->isTrue()) { if (!dllInjection.unloadDllInProcess(ProcessAccessHelp::hProcess, hMod)) { Logger::printfDialog(TEXT("DLL unloading failed, target %s"), targetFile); } } if (hMod) { Logger::printfDialog(TEXT("DLL Injection was successful, target %s"), targetFile); } else { Logger::printfDialog(TEXT("DLL Injection failed, target %s"), targetFile); } delete [] targetFile; } } void MainGui::optionsActionHandler() { OptionsGui::initOptionsDialog(hInstance, m_hWnd); } void MainGui::pluginActionHandler( int menuItem ) { DllInjectionPlugin dllInjectionPlugin; std::vector &scyllaPluginList = PluginLoader::getScyllaPluginList(); std::vector &imprecPluginList = PluginLoader::getImprecPluginList(); menuItem -= PLUGIN_MENU_BASE_ID; dllInjectionPlugin.hProcess = ProcessAccessHelp::hProcess; dllInjectionPlugin.apiReader = &apiReader; if (menuItem < (int)scyllaPluginList.size()) { //scylla plugin dllInjectionPlugin.injectPlugin(scyllaPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize); } else { #ifndef _WIN64 menuItem -= (int)scyllaPluginList.size(); //imprec plugin dllInjectionPlugin.injectImprecPlugin(imprecPluginList[menuItem], importsHandling.moduleList,selectedProcess->imageBase, selectedProcess->imageSize); #endif } - - importsHandling.scanAndFixModuleList(); importsHandling.displayAllImports(); } diff --git a/Scylla/MainGui.h b/Scylla/MainGui.h index c01baf4..da38497 100644 --- a/Scylla/MainGui.h +++ b/Scylla/MainGui.h @@ -1,169 +1,169 @@ #pragma once //#define _CRTDBG_MAP_ALLOC //#include //#include #include #include #include #include #include // WTL #include // base ATL classes #include // base WTL classes #include // ATL GUI classes #include // WTL frame window classes #include // WTL utility classes like CString #include // WTL enhanced msg map macros #include #include "resource.h" #include "Logger.h" #include "ProcessLister.h" #include "IATSearch.h" #include "PickDllGui.h" #include "ImportsHandling.h" //#pragma comment(lib, "comctl32.lib") class ImportsHandling; class MainGui : public CDialogImpl { public: enum { IDD = IDD_DLG_MAIN }; BEGIN_MSG_MAP(MainGui) MSG_WM_INITDIALOG(OnInitDialog) MSG_WM_CONTEXTMENU(OnContextMenu) MSG_WM_LBUTTONDOWN(OnLButtonDown) NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_CLICK, OnTreeImportsClick) NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_DBLCLK, OnTreeImportsDoubleClick) NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RCLICK, OnTreeImportsRightClick) NOTIFY_HANDLER_EX(IDC_TREE_IMPORTS, NM_RDBLCLK, OnTreeImportsRightDoubleClick) COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_DROPDOWN, OnProcessListDrop) COMMAND_HANDLER_EX(IDC_CBO_PROCESSLIST, CBN_SELENDOK, OnProcessListSelected) COMMAND_ID_HANDLER_EX(IDC_BTN_PICKDLL, OnPickDLL) COMMAND_ID_HANDLER_EX(IDC_BTN_OPTIONS, OnOptions) COMMAND_ID_HANDLER_EX(IDC_BTN_DUMP, OnDump) COMMAND_ID_HANDLER_EX(IDC_BTN_FIXDUMP, OnFixDump) COMMAND_ID_HANDLER_EX(IDC_BTN_PEREBUILD, OnPERebuild) COMMAND_ID_HANDLER_EX(IDC_BTN_DLLINJECT, OnDLLInject) COMMAND_ID_HANDLER_EX(IDC_BTN_IATAUTOSEARCH, OnIATAutoSearch) COMMAND_ID_HANDLER_EX(IDC_BTN_GETIMPORTS, OnGetImports) COMMAND_ID_HANDLER_EX(IDC_BTN_INVALIDIMPORTS, OnInvalidImports) COMMAND_ID_HANDLER_EX(IDC_BTN_SUSPECTIMPORTS, OnSuspectImports) COMMAND_ID_HANDLER_EX(IDC_BTN_CLEARIMPORTS, OnClearImports) COMMAND_ID_HANDLER_EX(IDC_BTN_CLEARLOG, OnClearLog) COMMAND_ID_HANDLER_EX(ID_FILE_EXIT, OnExit) COMMAND_ID_HANDLER_EX(ID_MISC_DLLINJECTION, OnDLLInject) COMMAND_ID_HANDLER_EX(ID_MISC_PREFERENCES, OnOptions) COMMAND_ID_HANDLER_EX(ID_HELP_ABOUT, OnAbout) COMMAND_ID_HANDLER_EX(IDCANCEL, OnExit) END_MSG_MAP() MainGui(HINSTANCE hInstance); Process * selectedProcess; //Output Window void addTextToOutputLog(const WCHAR * text); static DWORD_PTR stringToDwordPtr(WCHAR * hexString); protected: HINSTANCE hInstance; // Controls CTreeViewCtrl TreeImports; CComboBox ComboProcessList; CEdit EditOEPAddress; CEdit EditIATAddress; CEdit EditIATSize; CListBox ListLog; ProcessLister processLister; WCHAR stringBuffer[600]; ImportsHandling importsHandling; ProcessAccessHelp processAccessHelp; ApiReader apiReader; private: //Message handlers BOOL OnInitDialog(CWindow wndFocus, LPARAM lInitParam); void OnLButtonDown(UINT nFlags, CPoint point); void OnContextMenu(CWindow wnd, CPoint point); LRESULT OnTreeImportsClick(const NMHDR* pnmh); LRESULT OnTreeImportsDoubleClick(const NMHDR* pnmh); LRESULT OnTreeImportsRightClick(const NMHDR* pnmh); LRESULT OnTreeImportsRightDoubleClick(const NMHDR* pnmh); void OnProcessListDrop(UINT uNotifyCode, int nID, CWindow wndCtl); void OnProcessListSelected(UINT uNotifyCode, int nID, CWindow wndCtl); void OnPickDLL(UINT uNotifyCode, int nID, CWindow wndCtl); void OnOptions(UINT uNotifyCode, int nID, CWindow wndCtl); void OnDump(UINT uNotifyCode, int nID, CWindow wndCtl); void OnFixDump(UINT uNotifyCode, int nID, CWindow wndCtl); void OnPERebuild(UINT uNotifyCode, int nID, CWindow wndCtl); void OnDLLInject(UINT uNotifyCode, int nID, CWindow wndCtl); void OnIATAutoSearch(UINT uNotifyCode, int nID, CWindow wndCtl); void OnGetImports(UINT uNotifyCode, int nID, CWindow wndCtl); void OnInvalidImports(UINT uNotifyCode, int nID, CWindow wndCtl); void OnSuspectImports(UINT uNotifyCode, int nID, CWindow wndCtl); void OnClearImports(UINT uNotifyCode, int nID, CWindow wndCtl); void OnClearLog(UINT uNotifyCode, int nID, CWindow wndCtl); void OnExit(UINT uNotifyCode, int nID, CWindow wndCtl); void OnAbout(UINT uNotifyCode, int nID, CWindow wndCtl); // --- void setIconAndDialogCaption(); void fillProcessListComboBox(CComboBox& hCombo); void getModuleListItem(int column, int iItem, char * buffer); void pickDllActionHandler(); void processSelectedActionHandler(int index); //static bool displayModuleList(HWND hWndDlg, HWND hList, LRESULT index); // POPUP MENU Prototypes - void DisplayContextMenu(HWND, POINT); - void DisplayContextMenuImports(HWND, POINT); - HMENU getCorrectSubMenu(int, int); + void DisplayContextMenu(CWindow, POINT); + void DisplayContextMenuImports(CWindow, POINT); + CMenuHandle getCorrectSubMenu(int, int); void clearOutputLog();//Output Window void showInvalidImportsActionHandler(); void showSuspectImportsActionHandler(); void iatAutosearchActionHandler(); void getImportsActionHandler(); - void appendPluginListToMenu( HMENU hMenuTrackPopup ); + void appendPluginListToMenu(CMenuHandle hMenuTrackPopup); void dumpActionHandler(); DWORD_PTR getOEPFromGui(); void peRebuildActionHandler(); void startDisassemblerGui(HTREEITEM selectedTreeNode); void dumpFixActionHandler(); void enableDialogButtons( BOOL value ); void showAboutDialog(); void dllInjectActionHandler(); void optionsActionHandler(); void pluginActionHandler( int menuItem ); };