Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

client/windows: Hook GetVersionEx functions (broken if PUPY_DYNLOAD=1)

This commit is contained in:
Oleksii Shevchuk 2019-10-22 15:04:05 +03:00
parent cc1b826183
commit cc7d2f3dec
1 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
client/sources/MemoryModule.c
View File

@ -55,6 +55,23 @@ static void*
OffsetPointer(void* data, ptrdiff_t offset) { OffsetPointer(void* data, ptrdiff_t offset) {
return (void*) ((uintptr_t) data + offset); return (void*) ((uintptr_t) data + offset);
} }
typedef NTSTATUS (WINAPI *t_RtlGetVersion)(OSVERSIONINFOEXW *infow);
static NTSTATUS WINAPI RtlGetVersion(OSVERSIONINFOEXW *infow) {
static t_RtlGetVersion _RtlGetVersion = NULL;
if (!_RtlGetVersion) {
HMODULE ntdll = GetModuleHandle("NTDLL");
_RtlGetVersion = (t_RtlGetVersion) GetProcAddress(ntdll, "RtlGetVersion");
}
if (!_RtlGetVersion) {
return E_UNEXPECTED;
}
return _RtlGetVersion(infow);
}
typedef struct { typedef struct {
const char *name; const char *name;
FARPROC proc; FARPROC proc;
@ -437,6 +454,44 @@ BuildResourceTables(PMEMORYMODULE module)
return TRUE; return TRUE;
} }
static
BOOL CALLBACK
GetVersionExW_Hooked(OSVERSIONINFOEXW *info) {
NTSTATUS ntResult = RtlGetVersion(info);
return ntResult == S_OK;
}
static
BOOL CALLBACK
GetVersionExA_Hooked(OSVERSIONINFOEXA *info) {
OSVERSIONINFOEXW infow;
DWORD dwResult;
NTSTATUS ntResult = RtlGetVersion(&infow);
if (ntResult != S_OK)
return FALSE;
dwResult = WideCharToMultiByte(
CP_OEMCP, 0, infow.szCSDVersion, -1, info->szCSDVersion,
sizeof(info->szCSDVersion), NULL, NULL
);
if (!SUCCEEDED(dwResult))
return FALSE;
info->dwOSVersionInfoSize = infow.dwOSVersionInfoSize;
info->dwMajorVersion = infow.dwMajorVersion;
info->dwMinorVersion = infow.dwMinorVersion;
info->dwBuildNumber = infow.dwBuildNumber;
info->dwPlatformId = infow.dwPlatformId;
info->wServicePackMajor = infow.wServicePackMajor;
info->wServicePackMinor = infow.wServicePackMinor;
info->wSuiteMask = infow.wSuiteMask;
info->wProductType = infow.wProductType;
info->wReserved = infow.wReserved;
return TRUE;
}
static BOOL static BOOL
BuildImportTable(PMEMORYMODULE module) BuildImportTable(PMEMORYMODULE module)
{ {
@ -457,6 +512,9 @@ BuildImportTable(PMEMORYMODULE module)
{"GetModuleFileNameA", (FARPROC) module->callbacks->getModuleFileNameA}, {"GetModuleFileNameA", (FARPROC) module->callbacks->getModuleFileNameA},
{"GetModuleFileNameW", (FARPROC) module->callbacks->getModuleFileNameW}, {"GetModuleFileNameW", (FARPROC) module->callbacks->getModuleFileNameW},
{"GetVersionExA", (FARPROC) GetVersionExA_Hooked},
{"GetVersionExW", (FARPROC) GetVersionExW_Hooked},
{"FindResourceA", (FARPROC) module->callbacks->getFindResourceA}, {"FindResourceA", (FARPROC) module->callbacks->getFindResourceA},
{"FindResourceW", (FARPROC) module->callbacks->getFindResourceW}, {"FindResourceW", (FARPROC) module->callbacks->getFindResourceW},
{"FindResourceExA", (FARPROC) module->callbacks->getFindResourceExA}, {"FindResourceExA", (FARPROC) module->callbacks->getFindResourceExA},