Fork

Fork Herkunft: ffftp / ffftp

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revision	25e4bc92bcd934ea3f23a7c79a4211dfb7a09c0a (tree)
Zeit	2014-04-30 12:22:40
Autor	s_kawamoto <s_kawamoto@user...>
Commiter	s_kawamoto

Log Message

Fix bugs of process protection.

Ändern Zusammenfassung

modified: FFFTP_Eng_Release/FFFTP.exe (diff)
modified: FFFTP_Eng_Release_64/FFFTP.exe (diff)
modified: Release/FFFTP.exe (diff)
modified: Release_64/FFFTP.exe (diff)
modified: protectprocess.c (diff)
modified: socketwrapper.c (diff)

Diff

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ

Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ

Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ

Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ

--- a/protectprocess.c

+++ b/protectprocess.c

		@@ -26,9 +26,6 @@
26	26	#include <sfc.h>
27	27	#include <tlhelp32.h>
28	28	#include <imagehlp.h>
29		-#ifdef USE_IAT_HOOK
30		-#include <dbghelp.h>
31		-#endif
32	29
33	30	#define DO_NOT_REPLACE
34	31	#include "protectprocess.h"

		@@ -44,12 +41,19 @@
44	41	#elif defined(_M_AMD64)
45	42	#define HOOK_JUMP_CODE_LENGTH 14
46	43	#endif
	44	+typedef struct
	45	+{
	46	+ void* pCode;
	47	+ size_t CodeLength;
	48	+ BYTE PatchCode[HOOK_JUMP_CODE_LENGTH];
	49	+ BYTE BackupCode[HOOK_JUMP_CODE_LENGTH];
	50	+} HOOK_JUMP_CODE_PATCH;
47	51	#endif
48	52
49	53	BOOL LockThreadLock();
50	54	BOOL UnlockThreadLock();
51	55	#ifdef USE_CODE_HOOK
52		-BOOL HookFunctionInCode(void* pOriginal, void* pNew, void* pBackupCode, BOOL bRestore);
	56	+BOOL HookFunctionInCode(void* pOriginal, void* pNew, HOOK_JUMP_CODE_PATCH* pPatch, BOOL bRestore);
53	57	#endif
54	58	#ifdef USE_IAT_HOOK
55	59	BOOL HookFunctionInIAT(void* pOriginal, void* pNew);

		@@ -63,7 +67,7 @@ BOOL IsModuleTrusted(LPCWSTR Filename);
63	67
64	68	// 変数の宣言
65	69	#ifdef USE_CODE_HOOK
66		-#define HOOK_FUNCTION_VAR(name) _##name p_##name;BYTE c_##name[HOOK_JUMP_CODE_LENGTH * 2];
	70	+#define HOOK_FUNCTION_VAR(name) _##name p_##name;HOOK_JUMP_CODE_PATCH c_##name;
67	71	#endif
68	72	#ifdef USE_IAT_HOOK
69	73	#define HOOK_FUNCTION_VAR(name) _##name p_##name;

		@@ -75,7 +79,7 @@ BOOL IsModuleTrusted(LPCWSTR Filename);
75	79	// フック対象を呼び出す前に対象のコードを復元
76	80	#define BEGIN_HOOK_FUNCTION(name) HookFunctionInCode(p_##name, h_##name, &c_##name, TRUE)
77	81	// フック対象を呼び出した後に対象のコードを置換
78		-#define END_HOOK_FUNCTION(name) HookFunctionInCode(p_##name, h_##name, NULL, FALSE)
	82	+#define END_HOOK_FUNCTION(name) HookFunctionInCode(p_##name, h_##name, &c_##name, FALSE)
79	83
80	84	HOOK_FUNCTION_VAR(LoadLibraryA)
81	85	HOOK_FUNCTION_VAR(LoadLibraryW)

		@@ -245,63 +249,120 @@ BOOL UnlockThreadLock()
245	249	}
246	250
247	251	#ifdef USE_CODE_HOOK
248		-BOOL HookFunctionInCode(void* pOriginal, void* pNew, void* pBackupCode, BOOL bRestore)
	252	+BOOL HookFunctionInCode(void* pOriginal, void* pNew, HOOK_JUMP_CODE_PATCH* pPatch, BOOL bRestore)
249	253	{
250	254	BOOL bResult;
251	255	bResult = FALSE;
252	256	#if defined(_M_IX86)
253	257	{
254		- BYTE JumpCode[HOOK_JUMP_CODE_LENGTH] = {0xe9, 0x00, 0x00, 0x00, 0x00};
255		- size_t Relative;
256	258	DWORD Protect;
257		- Relative = (size_t)pNew - (size_t)pOriginal - HOOK_JUMP_CODE_LENGTH;
258		- memcpy(&JumpCode[1], &Relative, 4);
	259	+ BYTE* pCode;
	260	+ CHAR c;
	261	+ LONG l;
	262	+ bResult = FALSE;
259	263	if(bRestore)
260	264	{
261		- if(VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, PAGE_EXECUTE_READWRITE, &Protect))
	265	+ if(VirtualProtect(pPatch->pCode, pPatch->CodeLength, PAGE_EXECUTE_READWRITE, &Protect))
262	266	{
263		- memcpy(pOriginal, pBackupCode, HOOK_JUMP_CODE_LENGTH);
264		- VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, Protect, &Protect);
	267	+ memcpy(pPatch->pCode, &pPatch->BackupCode, pPatch->CodeLength);
	268	+ VirtualProtect(pPatch->pCode, pPatch->CodeLength, Protect, &Protect);
265	269	bResult = TRUE;
266	270	}
267	271	}
268	272	else
269	273	{
270		- if(pBackupCode)
271		- memcpy(pBackupCode, pOriginal, HOOK_JUMP_CODE_LENGTH);
272		- if(VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, PAGE_EXECUTE_READWRITE, &Protect))
	274	+ if(!pPatch->pCode)
	275	+ {
	276	+ pCode = (BYTE*)pOriginal;
	277	+ while(pCode[0] == 0xeb)
	278	+ {
	279	+ memcpy(&c, pCode + 1, 1);
	280	+ pCode = pCode + 2 + c;
	281	+ }
	282	+ if(pCode[0] == 0xe9)
	283	+ {
	284	+ pPatch->pCode = pCode + 1;
	285	+ pPatch->CodeLength = 4;
	286	+ memcpy(&pPatch->BackupCode, pPatch->pCode, pPatch->CodeLength);
	287	+ l = (long)pNew - ((long)pCode + 5);
	288	+ memcpy(&pPatch->PatchCode[0], &l, 4);
	289	+ }
	290	+ else
	291	+ {
	292	+ pPatch->pCode = pCode;
	293	+ pPatch->CodeLength = 5;
	294	+ memcpy(&pPatch->BackupCode, pPatch->pCode, pPatch->CodeLength);
	295	+ pPatch->PatchCode[0] = 0xe9;
	296	+ l = (long)pNew - ((long)pCode + 5);
	297	+ memcpy(&pPatch->PatchCode[1], &l, 4);
	298	+ }
	299	+ }
	300	+ if(VirtualProtect(pPatch->pCode, pPatch->CodeLength, PAGE_EXECUTE_READWRITE, &Protect))
273	301	{
274		- memcpy(pOriginal, &JumpCode, HOOK_JUMP_CODE_LENGTH);
275		- VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, Protect, &Protect);
	302	+ memcpy(pPatch->pCode, &pPatch->PatchCode, pPatch->CodeLength);
	303	+ VirtualProtect(pPatch->pCode, pPatch->CodeLength, Protect, &Protect);
276	304	bResult = TRUE;
277	305	}
278	306	}
279	307	}
280	308	#elif defined(_M_AMD64)
281	309	{
282		- BYTE JumpCode[HOOK_JUMP_CODE_LENGTH] = {0xff, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
283		- size_t Absolute;
284	310	DWORD Protect;
285		- Absolute = (size_t)pNew;
286		- memcpy(&JumpCode[6], &Absolute, 8);
	311	+ BYTE* pCode;
	312	+ CHAR c;
	313	+ LONG l;
287	314	bResult = FALSE;
288	315	if(bRestore)
289	316	{
290		- if(VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, PAGE_EXECUTE_READWRITE, &Protect))
	317	+ if(VirtualProtect(pPatch->pCode, pPatch->CodeLength, PAGE_EXECUTE_READWRITE, &Protect))
291	318	{
292		- memcpy(pOriginal, pBackupCode, HOOK_JUMP_CODE_LENGTH);
293		- VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, Protect, &Protect);
	319	+ memcpy(pPatch->pCode, &pPatch->BackupCode, pPatch->CodeLength);
	320	+ VirtualProtect(pPatch->pCode, pPatch->CodeLength, Protect, &Protect);
294	321	bResult = TRUE;
295	322	}
296	323	}
297	324	else
298	325	{
299		- if(pBackupCode)
300		- memcpy(pBackupCode, pOriginal, HOOK_JUMP_CODE_LENGTH);
301		- if(VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, PAGE_EXECUTE_READWRITE, &Protect))
	326	+ if(!pPatch->pCode)
	327	+ {
	328	+ pCode = (BYTE*)pOriginal;
	329	+ while(pCode[0] == 0xeb \|\| pCode[0] == 0xe9)
	330	+ {
	331	+ if(pCode[0] == 0xeb)
	332	+ {
	333	+ memcpy(&c, pCode + 1, 1);
	334	+ pCode = pCode + 2 + c;
	335	+ }
	336	+ else
	337	+ {
	338	+ memcpy(&l, pCode + 1, 4);
	339	+ pCode = pCode + 5 + l;
	340	+ }
	341	+ }
	342	+ if(pCode[0] == 0xff && pCode[1] == 0x25)
	343	+ {
	344	+ memcpy(&l, pCode + 2, 4);
	345	+ pPatch->pCode = pCode + 6 + l;
	346	+ pPatch->CodeLength = 8;
	347	+ memcpy(&pPatch->BackupCode, pPatch->pCode, pPatch->CodeLength);
	348	+ memcpy(&pPatch->PatchCode[0], &pNew, 8);
	349	+ }
	350	+ else
	351	+ {
	352	+ pPatch->pCode = pCode;
	353	+ pPatch->CodeLength = 14;
	354	+ memcpy(&pPatch->BackupCode, pPatch->pCode, pPatch->CodeLength);
	355	+ pPatch->PatchCode[0] = 0xff;
	356	+ pPatch->PatchCode[1] = 0x25;
	357	+ l = 0;
	358	+ memcpy(&pPatch->PatchCode[2], &l, 4);
	359	+ memcpy(&pPatch->PatchCode[6], &pNew, 8);
	360	+ }
	361	+ }
	362	+ if(VirtualProtect(pPatch->pCode, pPatch->CodeLength, PAGE_EXECUTE_READWRITE, &Protect))
302	363	{
303		- memcpy(pOriginal, &JumpCode, HOOK_JUMP_CODE_LENGTH);
304		- VirtualProtect(pOriginal, HOOK_JUMP_CODE_LENGTH, Protect, &Protect);
	364	+ memcpy(pPatch->pCode, &pPatch->PatchCode, pPatch->CodeLength);
	365	+ VirtualProtect(pPatch->pCode, pPatch->CodeLength, Protect, &Protect);
305	366	bResult = TRUE;
306	367	}
307	368	}

		@@ -730,8 +791,8 @@ HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
730	791	HANDLE hDataFile;
731	792	HANDLE hMapping;
732	793	DWORD DllFlags;
733		- us.Length = sizeof(wchar_t) * wcslen(lpLibFileName);
734		- us.MaximumLength = sizeof(wchar_t) * (wcslen(lpLibFileName) + 1);
	794	+ us.Length = sizeof(wchar_t) * (USHORT)wcslen(lpLibFileName);
	795	+ us.MaximumLength = sizeof(wchar_t) * ((USHORT)wcslen(lpLibFileName) + 1);
735	796	us.Buffer = (PWSTR)lpLibFileName;
736	797	// if(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE))
737	798	if(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| 0x00000040))

--- a/socketwrapper.c

+++ b/socketwrapper.c

		@@ -1227,8 +1227,12 @@ BOOL LoadPuTTY()
1227	1227	return FALSE;
1228	1228	#ifdef ENABLE_PROCESS_PROTECTION
1229	1229	// ビルドしたputty.dllに合わせてSHA1ハッシュ値を変更すること
	1230	+#if defined(_M_IX86)
	1231	+ RegisterTrustedModuleSHA1Hash("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00");
	1232	+#elif defined(_M_AMD64)
1230	1233	RegisterTrustedModuleSHA1Hash("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00");
1231	1234	#endif
	1235	+#endif
1232	1236	// デバッグ用
1233	1237	#ifdef _DEBUG
1234	1238	{

ffftp.http://sabah.net/ Fork