OSDN > Entwickler > yamat0jp > Kammer > ffftp > Commit

ffftp
Fork

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revision	c30cc851b60a7c4006cd02b4718d9738a6c4049a (tree)
Zeit	2011-10-03 23:17:55
Autor	s_kawamoto <s_kawamoto@user...>
Commiter	s_kawamoto

Log Message

Fix bugs process protection.
Add support for process protection on Vista/7.
Fix bugs of UTF-8 to UTF-16 API bridge.
Fix inconsistent WINVER, _WIN32_WINNT and _WIN32_IE.

Ändern Zusammenfassung

modified: FFFTP.vc90.vcproj (diff)
modified: FFFTP.vcproj (diff)
modified: FFFTP_Eng_Release/FFFTP.exe (diff)
modified: FFFTP_English.vc90.vcproj (diff)
modified: FFFTP_English.vcproj (diff)
modified: Release/FFFTP.exe (diff)
modified: bookmark.c (diff)
modified: filelist.c (diff)
modified: hostman.c (diff)
modified: main.c (diff)
modified: mbswrapper.c (diff)
modified: mbswrapper.h (diff)
modified: mesg-eng.h (diff)
modified: mesg-eng.old.h (diff)
modified: mesg-jpn.h (diff)
modified: mesg-jpn.old.h (diff)
modified: option.c (diff)
modified: protectprocess.c (diff)
modified: protectprocess.h (diff)
modified: ras.c (diff)
modified: socketwrapper.c (diff)

Diff

--- a/FFFTP.vc90.vcproj

+++ b/FFFTP.vc90.vcproj

		@@ -47,7 +47,7 @@
47	47	Name="VCCLCompilerTool"
48	48	Optimization="0"
49	49	AdditionalIncludeDirectories="Resource"
50		- PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS"
	50	+ PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS"
51	51	RuntimeLibrary="1"
52	52	PrecompiledHeaderFile=".\Debug\FFFTP.pch"
53	53	AssemblerListingLocation=".\Debug\"

		@@ -71,12 +71,12 @@
71	71	<Tool
72	72	Name="VCLinkerTool"
73	73	AdditionalOptions="/MACHINE:I386"
74		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	74	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
75	75	OutputFile=".\Debug\FFFTP.exe"
76	76	LinkIncremental="2"
77	77	SuppressStartupBanner="true"
78	78	GenerateManifest="false"
79		- DelayLoadDLLs="advapi32.dll;comctl32.dll;comdlg32.dll;gdi32.dll;sfc.dll;shell32.dll;ole32.dll;user32.dll;winmm.dll;wintrust.dll;wsock32.dll"
	79	+ DelayLoadDLLs="advapi32.dll;comctl32.dll;comdlg32.dll;gdi32.dll;imagehlp.dll;ole32.dll;sfc.dll;shell32.dll;user32.dll;winmm.dll;wintrust.dll;wsock32.dll"
80	80	GenerateDebugInformation="true"
81	81	ProgramDatabaseFile=".\Debug\FFFTP.pdb"
82	82	SubSystem="2"

		@@ -138,7 +138,7 @@
138	138	Name="VCCLCompilerTool"
139	139	InlineFunctionExpansion="1"
140	140	AdditionalIncludeDirectories="Resource"
141		- PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS"
	141	+ PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS"
142	142	StringPooling="true"
143	143	RuntimeLibrary="0"
144	144	EnableFunctionLevelLinking="true"

		@@ -164,7 +164,7 @@
164	164	<Tool
165	165	Name="VCLinkerTool"
166	166	AdditionalOptions="/MACHINE:I386"
167		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	167	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
168	168	OutputFile=".\Release\FFFTP.exe"
169	169	LinkIncremental="1"
170	170	SuppressStartupBanner="true"

--- a/FFFTP.vcproj

+++ b/FFFTP.vcproj

		@@ -46,7 +46,7 @@
46	46	Name="VCCLCompilerTool"
47	47	Optimization="0"
48	48	AdditionalIncludeDirectories="Resource"
49		- PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS"
	49	+ PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS"
50	50	RuntimeLibrary="1"
51	51	PrecompiledHeaderFile=".\Debug\FFFTP.pch"
52	52	AssemblerListingLocation=".\Debug\"

		@@ -70,7 +70,7 @@
70	70	<Tool
71	71	Name="VCLinkerTool"
72	72	AdditionalOptions="/MACHINE:I386"
73		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	73	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
74	74	OutputFile=".\Debug\FFFTP.exe"
75	75	LinkIncremental="2"
76	76	SuppressStartupBanner="true"

		@@ -138,7 +138,7 @@
138	138	Name="VCCLCompilerTool"
139	139	InlineFunctionExpansion="1"
140	140	AdditionalIncludeDirectories="Resource"
141		- PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS"
	141	+ PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS"
142	142	StringPooling="true"
143	143	RuntimeLibrary="0"
144	144	EnableFunctionLevelLinking="true"

		@@ -164,7 +164,7 @@
164	164	<Tool
165	165	Name="VCLinkerTool"
166	166	AdditionalOptions="/MACHINE:I386"
167		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	167	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
168	168	OutputFile=".\Release\FFFTP.exe"
169	169	LinkIncremental="1"
170	170	SuppressStartupBanner="true"

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ

--- a/FFFTP_English.vc90.vcproj

+++ b/FFFTP_English.vc90.vcproj

		@@ -48,7 +48,7 @@
48	48	Name="VCCLCompilerTool"
49	49	Optimization="0"
50	50	AdditionalIncludeDirectories="Resource_eng"
51		- PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS,ENGLISH"
	51	+ PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS,ENGLISH"
52	52	BasicRuntimeChecks="3"
53	53	RuntimeLibrary="1"
54	54	PrecompiledHeaderFile=".\FFFTP_Eng_Debug\FFFTP_English.pch"

		@@ -73,7 +73,7 @@
73	73	<Tool
74	74	Name="VCLinkerTool"
75	75	AdditionalOptions="/MACHINE:I386"
76		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	76	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
77	77	OutputFile=".\FFFTP_Eng_Debug\FFFTP.exe"
78	78	LinkIncremental="2"
79	79	SuppressStartupBanner="true"

		@@ -140,7 +140,7 @@
140	140	Name="VCCLCompilerTool"
141	141	InlineFunctionExpansion="1"
142	142	AdditionalIncludeDirectories="Resource_eng"
143		- PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS,ENGLISH"
	143	+ PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS,ENGLISH"
144	144	StringPooling="true"
145	145	RuntimeLibrary="0"
146	146	EnableFunctionLevelLinking="true"

		@@ -165,7 +165,7 @@
165	165	<Tool
166	166	Name="VCLinkerTool"
167	167	AdditionalOptions="/MACHINE:I386"
168		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	168	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
169	169	OutputFile=".\FFFTP_Eng_Release\FFFTP.exe"
170	170	LinkIncremental="1"
171	171	SuppressStartupBanner="true"

--- a/FFFTP_English.vcproj

+++ b/FFFTP_English.vcproj

		@@ -47,7 +47,7 @@
47	47	Name="VCCLCompilerTool"
48	48	Optimization="0"
49	49	AdditionalIncludeDirectories="Resource_eng"
50		- PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS,ENGLISH"
	50	+ PreprocessorDefinitions="WIN32,_DEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS,ENGLISH"
51	51	BasicRuntimeChecks="3"
52	52	RuntimeLibrary="1"
53	53	PrecompiledHeaderFile=".\FFFTP_Eng_Debug\FFFTP_English.pch"

		@@ -72,7 +72,7 @@
72	72	<Tool
73	73	Name="VCLinkerTool"
74	74	AdditionalOptions="/MACHINE:I386"
75		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	75	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
76	76	OutputFile=".\FFFTP_Eng_Debug\FFFTP.exe"
77	77	LinkIncremental="2"
78	78	SuppressStartupBanner="true"

		@@ -140,7 +140,7 @@
140	140	Name="VCCLCompilerTool"
141	141	InlineFunctionExpansion="1"
142	142	AdditionalIncludeDirectories="Resource_eng"
143		- PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,_WIN32_IE=0x300,_CRT_SECURE_NO_WARNINGS,ENGLISH"
	143	+ PreprocessorDefinitions="WIN32,NDEBUG,_WINDOWS,WINVER=0x0500,_WIN32_WINNT=0x0500,_WIN32_IE=0x0400,_CRT_SECURE_NO_WARNINGS,ENGLISH"
144	144	StringPooling="true"
145	145	RuntimeLibrary="0"
146	146	EnableFunctionLevelLinking="true"

		@@ -165,7 +165,7 @@
165	165	<Tool
166	166	Name="VCLinkerTool"
167	167	AdditionalOptions="/MACHINE:I386"
168		- AdditionalDependencies="wsock32.lib comctl32.lib winmm.lib rasapi32.lib htmlhelp.lib sfc.lib wintrust.lib"
	168	+ AdditionalDependencies="comctl32.lib htmlhelp.lib imagehlp.lib rasapi32.lib sfc.lib winmm.lib wintrust.lib wsock32.lib"
169	169	OutputFile=".\FFFTP_Eng_Release\FFFTP.exe"
170	170	LinkIncremental="1"
171	171	SuppressStartupBanner="true"

Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ

--- a/bookmark.c

+++ b/bookmark.c

		@@ -27,7 +27,8 @@
27	27	/ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28	28	/============================================================================*/
29	29
30		-#define WINVER 0x400
	30	+// UTF-8対応
	31	+//#define WINVER 0x400
31	32
32	33	#define STRICT
33	34	#include <windows.h>

--- a/filelist.c

+++ b/filelist.c

		@@ -27,7 +27,8 @@
27	27	/ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28	28	/============================================================================*/
29	29
30		-#define _WIN32_WINNT 0x400
	30	+// UTF-8対応
	31	+//#define _WIN32_WINNT 0x400
31	32
32	33	#define STRICT
33	34	#include <windows.h>

--- a/hostman.c

+++ b/hostman.c

		@@ -1531,6 +1531,10 @@ static int DispHostSetDlg(HWND hDlg)
1531	1531	PROPSHEETPAGE psp[7];
1532	1532	PROPSHEETHEADER psh;
1533	1533
	1534	+ // 変数が未初期化のバグ修正
	1535	+ memset(&psp, 0, sizeof(psp));
	1536	+ memset(&psh, 0, sizeof(psh));
	1537	+
1534	1538	psp[0].dwSize = sizeof(PROPSHEETPAGE);
1535	1539	psp[0].dwFlags = PSP_USETITLE \| PSP_HASHELP;
1536	1540	psp[0].hInstance = GetFtpInst();

--- a/main.c

+++ b/main.c

		@@ -247,17 +247,37 @@ int PASCAL WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLi
247	247	break;
248	248	}
249	249	}
250		- InitializeLoadLibraryHook();
251	250	if(bProtect)
252	251	{
	252	+ if(!InitializeLoadLibraryHook())
	253	+ {
	254	+ MessageBox(NULL, MSGJPN321, "FFFTP", MB_OK \| MB_ICONERROR);
	255	+ return 0;
	256	+ }
253	257	#ifndef _DEBUG
254		- if(IsDebuggerPresent() \|\| RestartProtectedProcess(" --restart"))
	258	+ if(IsDebuggerPresent())
	259	+ {
	260	+ MessageBox(NULL, MSGJPN322, "FFFTP", MB_OK \| MB_ICONERROR);
255	261	return 0;
	262	+ }
256	263	#endif
257		- // DLLの検証の前にロードされている必要があるDLL
258		- LoadLibrary("shell32.dll");
259		- EnableLoadLibraryHook(TRUE);
	264	+ if(!UnloadUntrustedModule())
	265	+ {
	266	+ MessageBox(NULL, MSGJPN323, "FFFTP", MB_OK \| MB_ICONERROR);
	267	+ return 0;
	268	+ }
	269	+#ifndef _DEBUG
	270	+ if(RestartProtectedProcess(" --restart"))
	271	+ return 0;
	272	+#endif
	273	+ if(!EnableLoadLibraryHook(TRUE))
	274	+ {
	275	+ MessageBox(NULL, MSGJPN324, "FFFTP", MB_OK \| MB_ICONERROR);
	276	+ return 0;
	277	+ }
260	278	}
	279	+ else
	280	+ InitializeLoadLibraryHook();
261	281	#endif
262	282
263	283	#ifdef DISABLE_MULTI_CPUS

--- a/mbswrapper.c

+++ b/mbswrapper.c

		@@ -6,9 +6,6 @@
6	6
7	7	#define UNICODE
8	8	#define _UNICODE
9		-#define _WIN32_WINNT 0x0600
10		-#undef _WIN32_IE
11		-#define _WIN32_IE 0x0400
12	9
13	10	#include <tchar.h>
14	11	#include <direct.h>

		@@ -262,6 +259,7 @@ char* AllocateStringA(int size)
262	259	}
263	260
264	261	// メモリを確保してマルチバイト文字列からワイド文字列へ変換
	262	+// リソースIDならば元の値を返す
265	263	wchar_t* DuplicateMtoW(LPCSTR lpString, int c)
266	264	{
267	265	wchar_t* p;

		@@ -280,6 +278,7 @@ wchar_t* DuplicateMtoW(LPCSTR lpString, int c)
280	278	}
281	279
282	280	// 指定したサイズのメモリを確保してマルチバイト文字列からワイド文字列へ変換
	281	+// リソースIDならば元の値を返す
283	282	wchar_t* DuplicateMtoWBuffer(LPCSTR lpString, int c, int size)
284	283	{
285	284	wchar_t* p;

		@@ -298,6 +297,7 @@ wchar_t* DuplicateMtoWBuffer(LPCSTR lpString, int c, int size)
298	297	}
299	298
300	299	// メモリを確保してNULL区切りマルチバイト文字列からワイド文字列へ変換
	300	+// リソースIDならば元の値を返す
301	301	wchar_t* DuplicateMtoWMultiString(LPCSTR lpString)
302	302	{
303	303	int count;

		@@ -312,6 +312,7 @@ wchar_t* DuplicateMtoWMultiString(LPCSTR lpString)
312	312	}
313	313
314	314	// 指定したサイズのメモリを確保してNULL区切りマルチバイト文字列からワイド文字列へ変換
	315	+// リソースIDならば元の値を返す
315	316	wchar_t* DuplicateMtoWMultiStringBuffer(LPCSTR lpString, int size)
316	317	{
317	318	int count;

		@@ -330,6 +331,7 @@ wchar_t* DuplicateMtoWMultiStringBuffer(LPCSTR lpString, int size)
330	331	}
331	332
332	333	// メモリを確保してワイド文字列からマルチバイト文字列へ変換
	334	+// リソースIDならば元の値を返す
333	335	char* DuplicateWtoM(LPCWSTR lpString, int c)
334	336	{
335	337	char* p;

		@@ -348,6 +350,7 @@ char* DuplicateWtoM(LPCWSTR lpString, int c)
348	350	}
349	351
350	352	// メモリを確保してShift_JIS文字列からワイド文字列へ変換
	353	+// リソースIDならば元の値を返す
351	354	wchar_t* DuplicateAtoW(LPCSTR lpString, int c)
352	355	{
353	356	wchar_t* p;

		@@ -366,6 +369,7 @@ wchar_t* DuplicateAtoW(LPCSTR lpString, int c)
366	369	}
367	370
368	371	// メモリを確保してワイド文字列からShift_JIS文字列へ変換
	372	+// リソースIDならば元の値を返す
369	373	char* DuplicateWtoA(LPCWSTR lpString, int c)
370	374	{
371	375	char* p;

		@@ -384,6 +388,7 @@ char* DuplicateWtoA(LPCWSTR lpString, int c)
384	388	}
385	389
386	390	// 文字列用に確保したメモリを開放
	391	+// リソースIDならば何もしない
387	392	void FreeDuplicatedString(void* p)
388	393	{
389	394	if(p < (void)0x00010000 \|\| p == (void)~0)

		@@ -984,18 +989,6 @@ END_ROUTINE
984	989	return r;
985	990	}
986	991
987		-BOOL SetDllDirectoryM(LPCSTR lpPathName)
988		-{
989		- BOOL r = FALSE;
990		- wchar_t* pw0 = NULL;
991		-START_ROUTINE
992		- pw0 = DuplicateMtoW(lpPathName, -1);
993		- r = SetDllDirectoryW(pw0);
994		-END_ROUTINE
995		- FreeDuplicatedString(pw0);
996		- return r;
997		-}
998		-
999	992	DWORD GetTempPathM(DWORD nBufferLength, LPSTR lpBuffer)
1000	993	{
1001	994	DWORD r = 0;

		@@ -1184,56 +1177,79 @@ START_ROUTINE
1184	1177	a0.hIcon = v0->hIcon;
1185	1178	a0.pszCaption = DuplicateMtoW(v0->pszCaption, -1);
1186	1179	a0.nPages = v0->nPages;
1187		- a0.pStartPage = DuplicateMtoW(v0->pStartPage, -1);
1188		- if(v0->ppsp && (pwPage = (PROPSHEETPAGEW)malloc(sizeof(PROPSHEETPAGEW) v0->nPages)))
	1180	+ if(v0->dwFlags & PSH_USEPSTARTPAGE)
	1181	+ a0.pStartPage = DuplicateMtoW(v0->pStartPage, -1);
	1182	+ else
	1183	+ a0.nStartPage = v0->nStartPage;
	1184	+ if(v0->dwFlags & PSH_PROPSHEETPAGE)
1189	1185	{
1190		- for(i = 0; i < v0->nPages; i++)
	1186	+ if(v0->ppsp && (pwPage = (PROPSHEETPAGEW)malloc(sizeof(PROPSHEETPAGEW) v0->nPages)))
1191	1187	{
1192		- pwPage[i].dwSize = sizeof(PROPSHEETPAGEW);
1193		- pwPage[i].dwFlags = v0->ppsp[i].dwFlags;
1194		- pwPage[i].hInstance = v0->ppsp[i].hInstance;
1195		- pwPage[i].pszTemplate = DuplicateMtoW(v0->ppsp[i].pszTemplate, -1);
1196		- if(v0->ppsp[i].dwFlags & PSP_USEICONID)
1197		- pwPage[i].pszIcon = DuplicateMtoW(v0->ppsp[i].pszIcon, -1);
1198		- else
1199		- pwPage[i].hIcon = v0->ppsp[i].hIcon;
1200		- if(v0->ppsp[i].dwFlags & PSP_USETITLE)
1201		- pwPage[i].pszTitle = DuplicateMtoW(v0->ppsp[i].pszTitle, -1);
1202		- pwPage[i].pfnDlgProc = v0->ppsp[i].pfnDlgProc;
1203		- pwPage[i].lParam = v0->ppsp[i].lParam;
1204		- // TODO: pfnCallback
1205		- pwPage[i].pfnCallback = (LPFNPSPCALLBACKW)v0->ppsp[i].pfnCallback;
1206		- pwPage[i].pcRefParent = v0->ppsp[i].pcRefParent;
1207		-// pwPage[i].pszHeaderTitle = DuplicateMtoW(v0->ppsp[i].pszHeaderTitle, -1);
1208		-// pwPage[i].pszHeaderSubTitle = DuplicateMtoW(v0->ppsp[i].pszHeaderSubTitle, -1);
1209		- pwPage[i].hActCtx = v0->ppsp[i].hActCtx;
1210		-// pwPage[i].pszbmHeader = DuplicateMtoW(v0->ppsp[i].pszbmHeader, -1);
	1188	+ for(i = 0; i < v0->nPages; i++)
	1189	+ {
	1190	+ pwPage[i].dwSize = sizeof(PROPSHEETPAGEW);
	1191	+ pwPage[i].dwFlags = v0->ppsp[i].dwFlags;
	1192	+ pwPage[i].hInstance = v0->ppsp[i].hInstance;
	1193	+ if(v0->ppsp[i].dwFlags & PSP_DLGINDIRECT)
	1194	+ pwPage[i].pResource = v0->ppsp[i].pResource;
	1195	+ else
	1196	+ pwPage[i].pszTemplate = DuplicateMtoW(v0->ppsp[i].pszTemplate, -1);
	1197	+ if(v0->ppsp[i].dwFlags & PSP_USEICONID)
	1198	+ pwPage[i].pszIcon = DuplicateMtoW(v0->ppsp[i].pszIcon, -1);
	1199	+ else
	1200	+ pwPage[i].hIcon = v0->ppsp[i].hIcon;
	1201	+ if(v0->ppsp[i].dwFlags & PSP_USETITLE)
	1202	+ pwPage[i].pszTitle = DuplicateMtoW(v0->ppsp[i].pszTitle, -1);
	1203	+ pwPage[i].pfnDlgProc = v0->ppsp[i].pfnDlgProc;
	1204	+ pwPage[i].lParam = v0->ppsp[i].lParam;
	1205	+ // TODO: pfnCallback
	1206	+ pwPage[i].pfnCallback = (LPFNPSPCALLBACKW)v0->ppsp[i].pfnCallback;
	1207	+ pwPage[i].pcRefParent = v0->ppsp[i].pcRefParent;
	1208	+ if(v0->ppsp[i].dwFlags & PSP_USEHEADERTITLE)
	1209	+ pwPage[i].pszHeaderTitle = DuplicateMtoW(v0->ppsp[i].pszHeaderTitle, -1);
	1210	+ if(v0->ppsp[i].dwFlags & PSP_USEHEADERSUBTITLE)
	1211	+ pwPage[i].pszHeaderSubTitle = DuplicateMtoW(v0->ppsp[i].pszHeaderSubTitle, -1);
	1212	+ }
1211	1213	}
	1214	+ else
	1215	+ pwPage = NULL;
	1216	+ a0.ppsp = pwPage;
1212	1217	}
1213	1218	else
1214		- pwPage = NULL;
1215		- a0.ppsp = pwPage;
	1219	+ a0.phpage = v0->phpage;
1216	1220	a0.pfnCallback = v0->pfnCallback;
	1221	+ if(v0->dwFlags & PSH_USEHBMWATERMARK)
	1222	+ a0.hbmWatermark = v0->hbmWatermark;
	1223	+ else
	1224	+ a0.pszbmWatermark = DuplicateMtoW(v0->pszbmWatermark, -1);
1217	1225	r = PropertySheetW(&a0);
1218	1226	if(a0.dwFlags & PSH_USEICONID)
1219	1227	FreeDuplicatedString((void*)a0.pszIcon);
1220	1228	FreeDuplicatedString((void*)a0.pszCaption);
1221		- FreeDuplicatedString((void*)a0.pStartPage);
1222		- if(pwPage)
	1229	+ if(v0->dwFlags & PSH_USEPSTARTPAGE)
	1230	+ FreeDuplicatedString((void*)a0.pStartPage);
	1231	+ if(v0->dwFlags & PSH_PROPSHEETPAGE)
1223	1232	{
1224		- for(i = 0; i < v0->nPages; i++)
	1233	+ if(pwPage)
1225	1234	{
1226		- FreeDuplicatedString((void*)pwPage[i].pszTemplate);
1227		- if(pwPage[i].dwFlags & PSP_USEICONID)
1228		- FreeDuplicatedString((void*)pwPage[i].pszIcon);
1229		- if(pwPage[i].dwFlags & PSP_USETITLE)
1230		- FreeDuplicatedString((void*)pwPage[i].pszTitle);
1231		-// FreeDuplicatedString((void*)pwPage[i].pszHeaderTitle);
1232		-// FreeDuplicatedString((void*)pwPage[i].pszHeaderSubTitle);
1233		-// FreeDuplicatedString((void*)pwPage[i].pszbmHeader);
	1235	+ for(i = 0; i < v0->nPages; i++)
	1236	+ {
	1237	+ if(!(v0->ppsp[i].dwFlags & PSP_DLGINDIRECT))
	1238	+ FreeDuplicatedString((void*)pwPage[i].pszTemplate);
	1239	+ if(v0->ppsp[i].dwFlags & PSP_USEICONID)
	1240	+ FreeDuplicatedString((void*)pwPage[i].pszIcon);
	1241	+ if(v0->ppsp[i].dwFlags & PSP_USETITLE)
	1242	+ FreeDuplicatedString((void*)pwPage[i].pszTitle);
	1243	+ if(v0->ppsp[i].dwFlags & PSP_USEHEADERTITLE)
	1244	+ FreeDuplicatedString((void*)pwPage[i].pszHeaderTitle);
	1245	+ if(v0->ppsp[i].dwFlags & PSP_USEHEADERSUBTITLE)
	1246	+ FreeDuplicatedString((void*)pwPage[i].pszHeaderSubTitle);
	1247	+ }
	1248	+ free(pwPage);
1234	1249	}
1235		- free(pwPage);
1236	1250	}
	1251	+ if(!(v0->dwFlags & PSH_USEHBMWATERMARK))
	1252	+ FreeDuplicatedString((void*)a0.pszbmWatermark);
1237	1253	END_ROUTINE
1238	1254	return r;
1239	1255	}

		@@ -1521,7 +1537,8 @@ START_ROUTINE
1521	1537	wFileOp.fFlags = lpFileOp->fFlags;
1522	1538	wFileOp.fAnyOperationsAborted = lpFileOp->fAnyOperationsAborted;
1523	1539	wFileOp.hNameMappings = lpFileOp->hNameMappings;
1524		- pw2 = DuplicateMtoW(lpFileOp->lpszProgressTitle, -1);
	1540	+ if(lpFileOp->fFlags & FOF_SIMPLEPROGRESS)
	1541	+ pw2 = DuplicateMtoW(lpFileOp->lpszProgressTitle, -1);
1525	1542	r = SHFileOperationW(&wFileOp);
1526	1543	lpFileOp->fAnyOperationsAborted = wFileOp.fAnyOperationsAborted;
1527	1544	END_ROUTINE

		@@ -1563,9 +1580,13 @@ START_ROUTINE
1563	1580	wmii.hbmpChecked = lpmii->hbmpChecked;
1564	1581	wmii.hbmpUnchecked = lpmii->hbmpUnchecked;
1565	1582	wmii.dwItemData = lpmii->dwItemData;
1566		- pw0 = DuplicateMtoWBuffer(lpmii->dwTypeData, -1, lpmii->cch * 4);
1567		- wmii.dwTypeData = pw0;
1568		- wmii.cch = lpmii->cch * 4;
	1583	+ if(lpmii->fMask & MIIM_TYPE)
	1584	+ {
	1585	+ pw0 = DuplicateMtoWBuffer(lpmii->dwTypeData, -1, lpmii->cch * 4);
	1586	+ wmii.dwTypeData = pw0;
	1587	+ wmii.cch = lpmii->cch * 4;
	1588	+ }
	1589	+ wmii.hbmpItem = lpmii->hbmpItem;
1569	1590	r = GetMenuItemInfoW(hmenu, item, fByPosition, &wmii);
1570	1591	lpmii->fType = wmii.fType;
1571	1592	lpmii->fState = wmii.fState;

--- a/mbswrapper.h

+++ b/mbswrapper.h

		@@ -74,9 +74,6 @@ DWORD GetCurrentDirectoryM(DWORD nBufferLength, LPSTR lpBuffer);
74	74	#undef SetCurrentDirectory
75	75	#define SetCurrentDirectory SetCurrentDirectoryM
76	76	BOOL SetCurrentDirectoryM(LPCSTR lpPathName);
77		-#undef SetDllDirectory
78		-#define SetDllDirectory SetDllDirectoryM
79		-BOOL SetDllDirectoryM(LPCSTR lpPathName);
80	77	#undef GetTempPath
81	78	#define GetTempPath GetTempPathM
82	79	DWORD GetTempPathM(DWORD nBufferLength, LPSTR lpBuffer);

--- a/mesg-eng.h

+++ b/mesg-eng.h

		@@ -318,3 +318,7 @@
318	318	#define MSGJPN318 "OpenSSL is loaded."
319	319	#define MSGJPN319 "OpenSSL is not installed.\r\nCommunication will not be encrypted."
320	320	#define MSGJPN320 "Feature"
	321	+#define MSGJPN321 "Failed to get required functions to protect the process."
	322	+#define MSGJPN322 "Debugger was detected."
	323	+#define MSGJPN323 "Failed to unload untrustworthy DLLs."
	324	+#define MSGJPN324 "Failed to hook required functions to protect the process."

--- a/mesg-eng.old.h

+++ b/mesg-eng.old.h

		@@ -318,3 +318,7 @@
318	318	#define MSGJPN318 "OpenSSL is loaded."
319	319	#define MSGJPN319 "OpenSSL is not installed.\r\nCommunication will not be encrypted."
320	320	#define MSGJPN320 "Feature"
	321	+#define MSGJPN321 "Failed to get required functions to protect the process."
	322	+#define MSGJPN322 "Debugger was detected."
	323	+#define MSGJPN323 "Failed to unload untrustworthy DLLs."
	324	+#define MSGJPN324 "Failed to hook required functions to protect the process."

--- a/mesg-jpn.h

+++ b/mesg-jpn.h

		@@ -318,3 +318,7 @@
318	318	#define MSGJPN318 "OpenSSL\xE3\x81\x8C\xE8\xAA\xAD\xE3\x81\xBF\xE8\xBE\xBC\xE3\x81\xBE\xE3\x82\x8C\xE3\x81\xBE\xE3\x81\x97\xE3\x81\x9F."
319	319	#define MSGJPN319 "OpenSSL\xE3\x81\x8C\xE3\x82\xA4\xE3\x83\xB3\xE3\x82\xB9\xE3\x83\x88\xE3\x83\xBC\xE3\x83\xAB\xE3\x81\x95\xE3\x82\x8C\xE3\x81\xA6\xE3\x81\x84\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93.\r\n\xE9\x80\x9A\xE4\xBF\xA1\xE3\x81\xAE\xE6\x9A\x97\xE5\x8F\xB7\xE5\x8C\x96\xE3\x81\xAF\xE8\xA1\x8C\xE3\x82\x8F\xE3\x82\x8C\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93."
320	320	#define MSGJPN320 "\xE7\x89\xB9\xE6\xAE\x8A\xE6\xA9\x9F\xE8\x83\xBD"
	321	+#define MSGJPN321 "\xE3\x83\x97\xE3\x83\xAD\xE3\x82\xBB\xE3\x82\xB9\xE3\x81\xAE\xE4\xBF\x9D\xE8\xAD\xB7\xE3\x81\xAB\xE5\xBF\x85\xE8\xA6\x81\xE3\x81\xAA\xE9\x96\xA2\xE6\x95\xB0\xE3\x82\x92\xE5\x8F\x96\xE5\xBE\x97\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F."
	322	+#define MSGJPN322 "\xE3\x83\x87\xE3\x83\x90\xE3\x83\x83\xE3\x82\xAC\xE3\x81\x8C\xE6\xA4\x9C\xE5\x87\xBA\xE3\x81\x95\xE3\x82\x8C\xE3\x81\xBE\xE3\x81\x97\xE3\x81\x9F."
	323	+#define MSGJPN323 "\xE4\xBF\xA1\xE9\xA0\xBC\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xAA\xE3\x81\x84\x44LL\xE3\x82\x92\xE3\x82\xA2\xE3\x83\xB3\xE3\x83\xAD\xE3\x83\xBC\xE3\x83\x89\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F."
	324	+#define MSGJPN324 "\xE3\x83\x97\xE3\x83\xAD\xE3\x82\xBB\xE3\x82\xB9\xE3\x81\xAE\xE4\xBF\x9D\xE8\xAD\xB7\xE3\x81\xAB\xE5\xBF\x85\xE8\xA6\x81\xE3\x81\xAA\xE9\x96\xA2\xE6\x95\xB0\xE3\x82\x92\xE3\x83\x95\xE3\x83\x83\xE3\x82\xAF\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F."

--- a/mesg-jpn.old.h

+++ b/mesg-jpn.old.h

		@@ -318,3 +318,7 @@
318	318	#define MSGJPN318 "OpenSSLが読み込まれました."
319	319	#define MSGJPN319 "OpenSSLがインストールされていません.\r\n通信の暗号化は行われません."
320	320	#define MSGJPN320 "特殊機能"
	321	+#define MSGJPN321 "プロセスの保護に必要な関数を取得できませんでした."
	322	+#define MSGJPN322 "デバッガが検出されました."
	323	+#define MSGJPN323 "信頼できないDLLをアンロードできませんでした."
	324	+#define MSGJPN324 "プロセスの保護に必要な関数をフックできませんでした."

--- a/option.c

+++ b/option.c

		@@ -163,6 +163,10 @@ void SetOption(int Start)
163	163	PROPSHEETPAGE psp[12];
164	164	PROPSHEETHEADER psh;
165	165
	166	+ // 変数が未初期化のバグ修正
	167	+ memset(&psp, 0, sizeof(psp));
	168	+ memset(&psh, 0, sizeof(psh));
	169	+
166	170	psp[0].dwSize = sizeof(PROPSHEETPAGE);
167	171	psp[0].dwFlags = PSP_USETITLE \| PSP_HASHELP;
168	172	psp[0].hInstance = GetFtpInst();

--- a/protectprocess.c

+++ b/protectprocess.c

		@@ -16,8 +16,6 @@
16	16	// フック用の関数名 h_%s
17	17	// フック対象のコードのバックアップ c_%s
18	18
19		-#define _WIN32_WINNT 0x0600
20		-
21	19	#include <tchar.h>
22	20	#include <windows.h>
23	21	#include <ntsecapi.h>

		@@ -26,8 +24,9 @@
26	24	#include <softpub.h>
27	25	#include <aclapi.h>
28	26	#include <sfc.h>
29		-#ifdef USE_IAT_HOOK
30	27	#include <tlhelp32.h>
	28	+#include <imagehlp.h>
	29	+#ifdef USE_IAT_HOOK
31	30	#include <dbghelp.h>
32	31	#endif
33	32

		@@ -47,7 +46,20 @@
47	46	#endif
48	47	#endif
49	48
	49	+BOOL LockThreadLock();
	50	+BOOL UnlockThreadLock();
	51	+#ifdef USE_CODE_HOOK
50	52	BOOL HookFunctionInCode(void* pOriginal, void* pNew, void* pBackupCode, BOOL bRestore);
	53	+#endif
	54	+#ifdef USE_IAT_HOOK
	55	+BOOL HookFunctionInIAT(void* pOriginal, void* pNew);
	56	+#endif
	57	+HANDLE LockExistingFile(LPCWSTR Filename);
	58	+BOOL FindTrustedModuleMD5Hash(void* pHash);
	59	+BOOL VerifyFileSignature(LPCWSTR Filename);
	60	+BOOL VerifyFileSignatureInCatalog(LPCWSTR Catalog, LPCWSTR Filename);
	61	+BOOL GetSHA1HashOfModule(LPCWSTR Filename, void* pHash);
	62	+BOOL IsModuleTrusted(LPCWSTR Filename);
51	63
52	64	// 変数の宣言
53	65	#ifdef USE_CODE_HOOK

		@@ -70,21 +82,23 @@ HOOK_FUNCTION_VAR(LoadLibraryW)
70	82	HOOK_FUNCTION_VAR(LoadLibraryExA)
71	83	HOOK_FUNCTION_VAR(LoadLibraryExW)
72	84
73		-// ドキュメントが無いため原因は不明だが第2引数はポインタでないとエラーになる場合がある
74		-//typedef NTSTATUS (WINAPI* _LdrLoadDll)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE);
75		-typedef NTSTATUS (WINAPI* _LdrLoadDll)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE*);
76		-// ドキュメントが無いため原因は不明だが第2引数はポインタでないとエラーになる場合がある
77		-//typedef NTSTATUS (WINAPI* _LdrGetDllHandle)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE);
78		-typedef NTSTATUS (WINAPI* _LdrGetDllHandle)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE*);
79		-typedef NTSTATUS (WINAPI* _LdrAddRefDll)(DWORD, HMODULE);
	85	+typedef NTSTATUS (NTAPI* _LdrLoadDll)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE*);
	86	+typedef NTSTATUS (NTAPI* _LdrGetDllHandle)(LPCWSTR, DWORD, UNICODE_STRING, HMODULE*);
	87	+typedef PIMAGE_NT_HEADERS (NTAPI* _RtlImageNtHeader)(PVOID);
	88	+typedef BOOL (WINAPI* _CryptCATAdminCalcHashFromFileHandle)(HANDLE, DWORD, BYTE, DWORD);
80	89
81	90	_LdrLoadDll p_LdrLoadDll;
82	91	_LdrGetDllHandle p_LdrGetDllHandle;
83		-_LdrAddRefDll p_LdrAddRefDll;
	92	+_RtlImageNtHeader p_RtlImageNtHeader;
	93	+_CryptCATAdminCalcHashFromFileHandle p_CryptCATAdminCalcHashFromFileHandle;
84	94
85		-#define MAX_MD5_HASH_TABLE 16
	95	+#define MAX_LOCKED_THREAD 16
	96	+#define MAX_TRUSTED_FILENAME_TABLE 16
	97	+#define MAX_TRUSTED_MD5_HASH_TABLE 16
86	98
87		-BYTE g_MD5HashTable[MAX_MD5_HASH_TABLE][16];
	99	+DWORD g_LockedThread[MAX_LOCKED_THREAD];
	100	+WCHAR* g_pTrustedFilenameTable[MAX_TRUSTED_FILENAME_TABLE];
	101	+BYTE g_TrustedMD5HashTable[MAX_TRUSTED_MD5_HASH_TABLE][16];
88	102
89	103	// 以下フック関数
90	104	// フック対象を呼び出す場合は前後でSTART_HOOK_FUNCTIONとEND_HOOK_FUNCTIONを実行する必要がある

		@@ -92,84 +106,142 @@ BYTE g_MD5HashTable[MAX_MD5_HASH_TABLE][16];
92	106	HMODULE WINAPI h_LoadLibraryA(LPCSTR lpLibFileName)
93	107	{
94	108	HMODULE r = NULL;
95		- if(GetModuleHandleA(lpLibFileName) \|\| IsModuleTrustedA(lpLibFileName))
96		- {
97		- wchar_t* pw0 = NULL;
98		- pw0 = DuplicateAtoW(lpLibFileName, -1);
99		- r = System_LoadLibrary(pw0, NULL, 0);
100		- FreeDuplicatedString(pw0);
101		- }
	109	+ wchar_t* pw0 = NULL;
	110	+ if(pw0 = DuplicateAtoW(lpLibFileName, -1))
	111	+ r = LoadLibraryExW(pw0, NULL, 0);
	112	+ FreeDuplicatedString(pw0);
102	113	return r;
103	114	}
104	115
105	116	HMODULE WINAPI h_LoadLibraryW(LPCWSTR lpLibFileName)
106	117	{
107	118	HMODULE r = NULL;
108		- if(GetModuleHandleW(lpLibFileName) \|\| IsModuleTrustedW(lpLibFileName))
109		- r = System_LoadLibrary(lpLibFileName, NULL, 0);
	119	+ r = LoadLibraryExW(lpLibFileName, NULL, 0);
110	120	return r;
111	121	}
112	122
113	123	HMODULE WINAPI h_LoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
114	124	{
115	125	HMODULE r = NULL;
116		- if(GetModuleHandleA(lpLibFileName) \|\| IsModuleTrustedA(lpLibFileName))
117		- {
118		- wchar_t* pw0 = NULL;
119		- pw0 = DuplicateAtoW(lpLibFileName, -1);
120		- r = System_LoadLibrary(pw0, hFile, dwFlags);
121		- FreeDuplicatedString(pw0);
122		- }
	126	+ wchar_t* pw0 = NULL;
	127	+ if(pw0 = DuplicateAtoW(lpLibFileName, -1))
	128	+ r = LoadLibraryExW(pw0, hFile, dwFlags);
	129	+ FreeDuplicatedString(pw0);
123	130	return r;
124	131	}
125	132
126	133	HMODULE WINAPI h_LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
127	134	{
128	135	HMODULE r = NULL;
129		- if(GetModuleHandleW(lpLibFileName) \|\| IsModuleTrustedW(lpLibFileName))
	136	+ BOOL bTrusted;
	137	+ wchar_t* pw0;
	138	+ HANDLE hLock;
	139	+ HMODULE hModule;
	140	+ DWORD Length;
	141	+ bTrusted = FALSE;
	142	+ pw0 = NULL;
	143	+ hLock = NULL;
	144	+// if(dwFlags & (DONT_RESOLVE_DLL_REFERENCES \| LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_IMAGE_RESOURCE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE))
	145	+ if(dwFlags & (DONT_RESOLVE_DLL_REFERENCES \| LOAD_LIBRARY_AS_DATAFILE \| 0x00000020 \| 0x00000040))
	146	+ bTrusted = TRUE;
	147	+ if(!bTrusted)
	148	+ {
	149	+ if(hModule = System_LoadLibrary(lpLibFileName, NULL, DONT_RESOLVE_DLL_REFERENCES))
	150	+ {
	151	+ Length = MAX_PATH;
	152	+ if(pw0 = AllocateStringW(Length))
	153	+ {
	154	+ if(GetModuleFileNameW(hModule, pw0, Length) > 0)
	155	+ {
	156	+ while(pw0)
	157	+ {
	158	+ if(GetModuleFileNameW(hModule, pw0, Length) + 1 <= Length)
	159	+ {
	160	+ lpLibFileName = pw0;
	161	+ break;
	162	+ }
	163	+ Length = Length * 2;
	164	+ FreeDuplicatedString(pw0);
	165	+ pw0 = AllocateStringW(Length);
	166	+ }
	167	+ }
	168	+ }
	169	+ hLock = LockExistingFile(lpLibFileName);
	170	+ FreeLibrary(hModule);
	171	+ }
	172	+ if(GetModuleHandleW(lpLibFileName))
	173	+ bTrusted = TRUE;
	174	+ }
	175	+ if(!bTrusted)
	176	+ {
	177	+ if(LockThreadLock())
	178	+ {
	179	+ if(hLock)
	180	+ {
	181	+ if(IsModuleTrusted(lpLibFileName))
	182	+ bTrusted = TRUE;
	183	+ }
	184	+ UnlockThreadLock();
	185	+ }
	186	+ }
	187	+ if(bTrusted)
130	188	r = System_LoadLibrary(lpLibFileName, hFile, dwFlags);
	189	+ FreeDuplicatedString(pw0);
	190	+ if(hLock)
	191	+ CloseHandle(hLock);
131	192	return r;
132	193	}
133	194
134	195	// 以下ヘルパー関数
135	196
136		-BOOL GetMD5HashOfFile(LPCWSTR Filename, void* pHash)
	197	+BOOL LockThreadLock()
137	198	{
138	199	BOOL bResult;
139		- HCRYPTPROV hProv;
140		- HCRYPTHASH hHash;
141		- HANDLE hFile;
142		- DWORD Size;
143		- void* pData;
144		- DWORD dw;
	200	+ DWORD ThreadId;
	201	+ DWORD i;
145	202	bResult = FALSE;
146		- if(CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, 0) \|\| CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
	203	+ ThreadId = GetCurrentThreadId();
	204	+ i = 0;
	205	+ while(i < MAX_LOCKED_THREAD)
147	206	{
148		- if(CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
	207	+ if(g_LockedThread[i] == ThreadId)
	208	+ break;
	209	+ i++;
	210	+ }
	211	+ if(i >= MAX_LOCKED_THREAD)
	212	+ {
	213	+ i = 0;
	214	+ while(i < MAX_LOCKED_THREAD)
149	215	{
150		- if((hFile = CreateFileW(Filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) != INVALID_HANDLE_VALUE)
	216	+ if(g_LockedThread[i] == 0)
151	217	{
152		- Size = GetFileSize(hFile, NULL);
153		- if(pData = VirtualAlloc(NULL, Size, MEM_COMMIT, PAGE_READWRITE))
154		- {
155		- VirtualLock(pData, Size);
156		- if(ReadFile(hFile, pData, Size, &dw, NULL))
157		- {
158		- if(CryptHashData(hHash, (BYTE*)pData, Size, 0))
159		- {
160		- dw = 16;
161		- if(CryptGetHashParam(hHash, HP_HASHVAL, (BYTE*)pHash, &dw, 0))
162		- bResult = TRUE;
163		- }
164		- }
165		- VirtualUnlock(pData, Size);
166		- VirtualFree(pData, Size, MEM_DECOMMIT);
167		- }
168		- CloseHandle(hFile);
	218	+ g_LockedThread[i] = ThreadId;
	219	+ bResult = TRUE;
	220	+ break;
169	221	}
170		- CryptDestroyHash(hHash);
	222	+ i++;
171	223	}
172		- CryptReleaseContext(hProv, 0);
	224	+ }
	225	+ return bResult;
	226	+}
	227	+
	228	+BOOL UnlockThreadLock()
	229	+{
	230	+ BOOL bResult;
	231	+ DWORD ThreadId;
	232	+ DWORD i;
	233	+ bResult = FALSE;
	234	+ ThreadId = GetCurrentThreadId();
	235	+ i = 0;
	236	+ while(i < MAX_LOCKED_THREAD)
	237	+ {
	238	+ if(g_LockedThread[i] == ThreadId)
	239	+ {
	240	+ g_LockedThread[i] = 0;
	241	+ bResult = TRUE;
	242	+ break;
	243	+ }
	244	+ i++;
173	245	}
174	246	return bResult;
175	247	}

		@@ -287,43 +359,378 @@ BOOL HookFunctionInIAT(void* pOriginal, void* pNew)
287	359	}
288	360	#endif
289	361
	362	+// ファイルを変更不能に設定
	363	+HANDLE LockExistingFile(LPCWSTR Filename)
	364	+{
	365	+ HANDLE hResult;
	366	+ hResult = NULL;
	367	+ if((hResult = CreateFileW(Filename, 0, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL)) == INVALID_HANDLE_VALUE)
	368	+ hResult = NULL;
	369	+ return hResult;
	370	+}
	371	+
	372	+// DLLのハッシュを検索
	373	+BOOL FindTrustedModuleMD5Hash(void* pHash)
	374	+{
	375	+ BOOL bResult;
	376	+ int i;
	377	+ bResult = FALSE;
	378	+ i = 0;
	379	+ while(i < MAX_TRUSTED_MD5_HASH_TABLE)
	380	+ {
	381	+ if(memcmp(&g_TrustedMD5HashTable[i], pHash, 16) == 0)
	382	+ {
	383	+ bResult = TRUE;
	384	+ break;
	385	+ }
	386	+ i++;
	387	+ }
	388	+ return bResult;
	389	+}
	390	+
	391	+// ファイルの署名を確認
	392	+BOOL VerifyFileSignature(LPCWSTR Filename)
	393	+{
	394	+ BOOL bResult;
	395	+ GUID g = WINTRUST_ACTION_GENERIC_VERIFY_V2;
	396	+ WINTRUST_FILE_INFO wfi;
	397	+ WINTRUST_DATA wd;
	398	+ bResult = FALSE;
	399	+ ZeroMemory(&wfi, sizeof(WINTRUST_FILE_INFO));
	400	+ wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
	401	+ wfi.pcwszFilePath = Filename;
	402	+ ZeroMemory(&wd, sizeof(WINTRUST_DATA));
	403	+ wd.cbStruct = sizeof(WINTRUST_DATA);
	404	+ wd.dwUIChoice = WTD_UI_NONE;
	405	+ wd.dwUnionChoice = WTD_CHOICE_FILE;
	406	+ wd.pFile = &wfi;
	407	+ if(WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &g, &wd) == ERROR_SUCCESS)
	408	+ bResult = TRUE;
	409	+ return bResult;
	410	+}
	411	+
	412	+// ファイルの署名をカタログファイルで確認
	413	+BOOL VerifyFileSignatureInCatalog(LPCWSTR Catalog, LPCWSTR Filename)
	414	+{
	415	+ BOOL bResult;
	416	+ GUID g = WINTRUST_ACTION_GENERIC_VERIFY_V2;
	417	+ WINTRUST_CATALOG_INFO wci;
	418	+ WINTRUST_DATA wd;
	419	+ bResult = FALSE;
	420	+ if(VerifyFileSignature(Catalog))
	421	+ {
	422	+ ZeroMemory(&wci, sizeof(WINTRUST_CATALOG_INFO));
	423	+ wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
	424	+ wci.pcwszCatalogFilePath = Catalog;
	425	+ wci.pcwszMemberFilePath = Filename;
	426	+ if((wci.hMemberFile = CreateFileW(Filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL)) != INVALID_HANDLE_VALUE)
	427	+ {
	428	+ p_CryptCATAdminCalcHashFromFileHandle(wci.hMemberFile, &wci.cbCalculatedFileHash, NULL, 0);
	429	+ if(wci.pbCalculatedFileHash = (BYTE*)malloc(wci.cbCalculatedFileHash))
	430	+ {
	431	+ if(p_CryptCATAdminCalcHashFromFileHandle(wci.hMemberFile, &wci.cbCalculatedFileHash, wci.pbCalculatedFileHash, 0))
	432	+ {
	433	+ ZeroMemory(&wd, sizeof(WINTRUST_DATA));
	434	+ wd.cbStruct = sizeof(WINTRUST_DATA);
	435	+ wd.dwUIChoice = WTD_UI_NONE;
	436	+ wd.dwUnionChoice = WTD_CHOICE_CATALOG;
	437	+ wd.pCatalog = &wci;
	438	+ if(WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &g, &wd) == ERROR_SUCCESS)
	439	+ bResult = TRUE;
	440	+ }
	441	+ free(wci.pbCalculatedFileHash);
	442	+ }
	443	+ CloseHandle(wci.hMemberFile);
	444	+ }
	445	+ }
	446	+ return bResult;
	447	+}
	448	+
	449	+BOOL WINAPI GetSHA1HashOfModule_Function(DIGEST_HANDLE refdata, PBYTE pData, DWORD dwLength)
	450	+{
	451	+ return CryptHashData((HCRYPTHASH)refdata, pData, dwLength, 0);
	452	+}
	453	+
	454	+// モジュールのSHA1ハッシュを取得
	455	+// マニフェストファイルのfile要素のhash属性は実行可能ファイルの場合にImageGetDigestStreamで算出される
	456	+BOOL GetSHA1HashOfModule(LPCWSTR Filename, void* pHash)
	457	+{
	458	+ BOOL bResult;
	459	+ HCRYPTPROV hProv;
	460	+ HCRYPTHASH hHash;
	461	+ HANDLE hFile;
	462	+ DWORD dw;
	463	+ bResult = FALSE;
	464	+ if(CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, 0) \|\| CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
	465	+ {
	466	+ if(CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash))
	467	+ {
	468	+ if((hFile = CreateFileW(Filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) != INVALID_HANDLE_VALUE)
	469	+ {
	470	+ if(ImageGetDigestStream(hFile, CERT_PE_IMAGE_DIGEST_ALL_IMPORT_INFO, GetSHA1HashOfModule_Function, (DIGEST_HANDLE)&hHash))
	471	+ {
	472	+ dw = 20;
	473	+ if(CryptGetHashParam(hHash, HP_HASHVAL, (BYTE*)pHash, &dw, 0))
	474	+ bResult = TRUE;
	475	+ }
	476	+ CloseHandle(hFile);
	477	+ }
	478	+ CryptDestroyHash(hHash);
	479	+ }
	480	+ CryptReleaseContext(hProv, 0);
	481	+ }
	482	+ return bResult;
	483	+}
	484	+
	485	+BOOL IsSxsModuleTrusted_Function(LPCWSTR Catalog, LPCWSTR Manifest, LPCWSTR Module)
	486	+{
	487	+ BOOL bResult;
	488	+ HANDLE hLock0;
	489	+ HANDLE hLock1;
	490	+ BYTE Hash[20];
	491	+ int i;
	492	+ static char HexTable[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
	493	+ char HashHex[41];
	494	+ HANDLE hFile;
	495	+ DWORD Size;
	496	+ char* pData;
	497	+ DWORD dw;
	498	+ bResult = FALSE;
	499	+ if(hLock0 = LockExistingFile(Catalog))
	500	+ {
	501	+ if(hLock1 = LockExistingFile(Manifest))
	502	+ {
	503	+ if(VerifyFileSignatureInCatalog(Catalog, Manifest))
	504	+ {
	505	+ if(GetSHA1HashOfModule(Module, &Hash))
	506	+ {
	507	+ for(i = 0; i < 20; i++)
	508	+ {
	509	+ HashHex[i * 2] = HexTable[(Hash[i] >> 4) & 0x0f];
	510	+ HashHex[i * 2 + 1] = HexTable[Hash[i] & 0x0f];
	511	+ }
	512	+ HashHex[i * 2] = '\0';
	513	+ if((hFile = CreateFileW(Manifest, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL)) != INVALID_HANDLE_VALUE)
	514	+ {
	515	+ Size = GetFileSize(hFile, NULL);
	516	+ if(pData = (char*)VirtualAlloc(NULL, Size + 1, MEM_COMMIT, PAGE_READWRITE))
	517	+ {
	518	+ VirtualLock(pData, Size + 1);
	519	+ if(ReadFile(hFile, pData, Size, &dw, NULL))
	520	+ {
	521	+ pData[dw] = '\0';
	522	+ if(strstr(pData, HashHex))
	523	+ bResult = TRUE;
	524	+ }
	525	+ VirtualUnlock(pData, Size + 1);
	526	+ VirtualFree(pData, Size + 1, MEM_DECOMMIT);
	527	+ }
	528	+ CloseHandle(hFile);
	529	+ }
	530	+ }
	531	+ }
	532	+ CloseHandle(hLock1);
	533	+ }
	534	+ CloseHandle(hLock0);
	535	+ }
	536	+ return bResult;
	537	+}
	538	+
	539	+// サイドバイサイドDLLを確認
	540	+// パスは"%SystemRoot%\WinSxS"以下を想定
	541	+// 以下のファイルが存在するものとする
	542	+// "\xxx\yyy.dll"、"\manifests\xxx.cat"、"\manifests\xxx.manifest"のセット（XPの全てのDLL、Vista以降の一部のDLL）
	543	+// "\xxx\yyy.dll"、"\catalogs\zzz.cat"、"\manifests\xxx.manifest"のセット（Vista以降のほとんどのDLL）
	544	+// 署名されたカタログファイルを用いてマニフェストファイルが改竄されていないことを確認
	545	+// ハッシュ値はマニフェストファイルのfile要素のhash属性に記述されているものを用いる
	546	+// マニフェストファイル内にSHA1ハッシュ値の16進数表記を直接検索しているが確率的に問題なし
	547	+BOOL IsSxsModuleTrusted(LPCWSTR Filename)
	548	+{
	549	+ BOOL bResult;
	550	+ wchar_t* pw0;
	551	+ wchar_t* pw1;
	552	+ wchar_t* pw2;
	553	+ wchar_t* pw3;
	554	+ wchar_t* pw4;
	555	+ wchar_t* pw5;
	556	+ wchar_t* p;
	557	+ HANDLE hFind;
	558	+ WIN32_FIND_DATAW wfd;
	559	+ bResult = FALSE;
	560	+ if(pw0 = AllocateStringW(wcslen(Filename) + 1))
	561	+ {
	562	+ wcscpy(pw0, Filename);
	563	+ if(p = wcsrchr(pw0, L'\\'))
	564	+ {
	565	+ wcscpy(p, L"");
	566	+ if(p = wcsrchr(pw0, L'\\'))
	567	+ {
	568	+ p++;
	569	+ if(pw1 = AllocateStringW(wcslen(p) + 1))
	570	+ {
	571	+ wcscpy(pw1, p);
	572	+ wcscpy(p, L"");
	573	+ if(pw2 = AllocateStringW(wcslen(pw0) + wcslen(L"manifests\\") + wcslen(pw1) + wcslen(L".cat") + 1))
	574	+ {
	575	+ wcscpy(pw2, pw0);
	576	+ wcscat(pw2, L"manifests\\");
	577	+ wcscat(pw2, pw1);
	578	+ if(pw3 = AllocateStringW(wcslen(pw2) + wcslen(L".manifest") + 1))
	579	+ {
	580	+ wcscpy(pw3, pw2);
	581	+ wcscat(pw3, L".manifest");
	582	+ wcscat(pw2, L".cat");
	583	+ if(IsSxsModuleTrusted_Function(pw2, pw3, Filename))
	584	+ bResult = TRUE;
	585	+ FreeDuplicatedString(pw3);
	586	+ }
	587	+ FreeDuplicatedString(pw2);
	588	+ }
	589	+ if(!bResult)
	590	+ {
	591	+ if(pw2 = AllocateStringW(wcslen(pw0) + wcslen(L"catalogs\\") + 1))
	592	+ {
	593	+ if(pw3 = AllocateStringW(wcslen(pw0) + wcslen(L"manifests\\") + wcslen(pw1) + wcslen(L".manifest") + 1))
	594	+ {
	595	+ wcscpy(pw2, pw0);
	596	+ wcscat(pw2, L"catalogs\\");
	597	+ wcscpy(pw3, pw0);
	598	+ wcscat(pw3, L"manifests\\");
	599	+ wcscat(pw3, pw1);
	600	+ wcscat(pw3, L".manifest");
	601	+ if(pw4 = AllocateStringW(wcslen(pw2) + wcslen(L"*.cat") + 1))
	602	+ {
	603	+ wcscpy(pw4, pw2);
	604	+ wcscat(pw4, L"*.cat");
	605	+ if((hFind = FindFirstFileW(pw4, &wfd)) != INVALID_HANDLE_VALUE)
	606	+ {
	607	+ do
	608	+ {
	609	+ if(pw5 = AllocateStringW(wcslen(pw2) + wcslen(wfd.cFileName) + 1))
	610	+ {
	611	+ wcscpy(pw5, pw2);
	612	+ wcscat(pw5, wfd.cFileName);
	613	+ if(IsSxsModuleTrusted_Function(pw5, pw3, Filename))
	614	+ bResult = TRUE;
	615	+ FreeDuplicatedString(pw5);
	616	+ }
	617	+ }
	618	+ while(!bResult && FindNextFileW(hFind, &wfd));
	619	+ FindClose(hFind);
	620	+ }
	621	+ FreeDuplicatedString(pw4);
	622	+ }
	623	+ FreeDuplicatedString(pw3);
	624	+ }
	625	+ FreeDuplicatedString(pw2);
	626	+ }
	627	+ }
	628	+ FreeDuplicatedString(pw1);
	629	+ }
	630	+ }
	631	+ }
	632	+ FreeDuplicatedString(pw0);
	633	+ }
	634	+ return bResult;
	635	+}
	636	+
	637	+// DLLを確認
	638	+// ハッシュが登録されている、Authenticode署名がされている、またはWFPによる保護下にあることを確認
	639	+BOOL IsModuleTrusted(LPCWSTR Filename)
	640	+{
	641	+ BOOL bResult;
	642	+ BYTE Hash[16];
	643	+ bResult = FALSE;
	644	+ if(GetMD5HashOfFile(Filename, &Hash))
	645	+ {
	646	+ if(FindTrustedModuleMD5Hash(&Hash))
	647	+ bResult = TRUE;
	648	+ }
	649	+ if(!bResult)
	650	+ {
	651	+ if(VerifyFileSignature(Filename))
	652	+ bResult = TRUE;
	653	+ }
	654	+ if(!bResult)
	655	+ {
	656	+ if(IsSxsModuleTrusted(Filename))
	657	+ bResult = TRUE;
	658	+ }
	659	+ if(!bResult)
	660	+ {
	661	+ if(SfcIsFileProtected(NULL, Filename))
	662	+ bResult = TRUE;
	663	+ }
	664	+ return bResult;
	665	+}
	666	+
290	667	// kernel32.dllのLoadLibraryExW相当の関数
	668	+// ドキュメントが無いため詳細は不明
	669	+// 一部のウィルス対策ソフト（Avast!等）がLdrLoadDllをフックしているためLdrLoadDllを書き換えるべきではない
	670	+// カーネルモードのコードに対しては効果なし
	671	+// SeDebugPrivilegeが使用可能なユーザーに対しては効果なし
291	672	HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
292	673	{
293	674	HMODULE r = NULL;
294	675	UNICODE_STRING us;
	676	+ HANDLE hDataFile;
	677	+ HANDLE hMapping;
	678	+ DWORD DllFlags;
295	679	us.Length = sizeof(wchar_t) * wcslen(lpLibFileName);
296	680	us.MaximumLength = sizeof(wchar_t) * (wcslen(lpLibFileName) + 1);
297	681	us.Buffer = (PWSTR)lpLibFileName;
298		- if(dwFlags & LOAD_LIBRARY_AS_DATAFILE)
	682	+// if(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE))
	683	+ if(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| 0x00000040))
299	684	{
300		-// if(p_LdrGetDllHandle(NULL, dwFlags, &us, &r) == 0)
301		- if(p_LdrGetDllHandle(NULL, &dwFlags, &us, &r) == 0)
	685	+// if(p_LdrGetDllHandle(NULL, NULL, &us, &r) == STATUS_SUCCESS)
	686	+ if(p_LdrGetDllHandle(NULL, NULL, &us, &r) == 0)
302	687	{
303		- if(p_LdrAddRefDll)
304		- p_LdrAddRefDll(0, r);
	688	+// dwFlags &= ~(LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE);
	689	+ dwFlags &= ~(LOAD_LIBRARY_AS_DATAFILE \| 0x00000040);
	690	+ dwFlags \|= DONT_RESOLVE_DLL_REFERENCES;
305	691	}
306	692	else
307	693	{
308		- dwFlags \|= DONT_RESOLVE_DLL_REFERENCES;
309		-// if(p_LdrLoadDll(NULL, dwFlags, &us, &r) == 0)
310		- if(p_LdrLoadDll(NULL, &dwFlags, &us, &r) == 0)
	694	+// if(dwFlags & LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE)
	695	+ if(dwFlags & 0x00000040)
	696	+ hDataFile = CreateFileW(lpLibFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	697	+ else
	698	+ hDataFile = CreateFileW(lpLibFileName, GENERIC_READ, FILE_SHARE_READ \| FILE_SHARE_WRITE \| FILE_SHARE_DELETE, NULL, OPEN_EXISTING, 0, NULL);
	699	+ if(hDataFile != INVALID_HANDLE_VALUE)
311	700	{
	701	+ if(hMapping = CreateFileMappingW(hDataFile, NULL, PAGE_READONLY, 0, 0, NULL))
	702	+ {
	703	+ if(r = (HMODULE)MapViewOfFileEx(hMapping, FILE_MAP_READ, 0, 0, 0, NULL))
	704	+ {
	705	+ if(p_RtlImageNtHeader(r))
	706	+ r = (HMODULE)((size_t)r \| 1);
	707	+ else
	708	+ {
	709	+ UnmapViewOfFile(r);
	710	+ r = NULL;
	711	+ }
	712	+ }
	713	+ CloseHandle(hMapping);
	714	+ }
	715	+ CloseHandle(hDataFile);
312	716	}
313	717	else
314		- r = NULL;
	718	+ {
	719	+// dwFlags &= ~(LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE);
	720	+ dwFlags &= ~(LOAD_LIBRARY_AS_DATAFILE \| 0x00000040);
	721	+ dwFlags \|= DONT_RESOLVE_DLL_REFERENCES;
	722	+ }
315	723	}
316	724	}
317		- else
	725	+// if(!(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE)))
	726	+ if(!(dwFlags & (LOAD_LIBRARY_AS_DATAFILE \| 0x00000040)))
318	727	{
319		-// if(p_LdrGetDllHandle(NULL, dwFlags, &us, &r) == 0)
320		- if(p_LdrGetDllHandle(NULL, &dwFlags, &us, &r) == 0)
321		- {
322		- if(p_LdrAddRefDll)
323		- p_LdrAddRefDll(0, r);
324		- }
325		-// else if(p_LdrLoadDll(NULL, dwFlags, &us, &r) == 0)
326		- else if(p_LdrLoadDll(NULL, &dwFlags, &us, &r) == 0)
	728	+ DllFlags = 0;
	729	+// if(dwFlags & (DONT_RESOLVE_DLL_REFERENCES \| LOAD_LIBRARY_AS_IMAGE_RESOURCE))
	730	+ if(dwFlags & (DONT_RESOLVE_DLL_REFERENCES \| 0x00000020))
	731	+ DllFlags \|= 0x00000002;
	732	+// if(p_LdrLoadDll(NULL, &DllFlags, &us, &r) == STATUS_SUCCESS)
	733	+ if(p_LdrLoadDll(NULL, &DllFlags, &us, &r) == 0)
327	734	{
328	735	}
329	736	else

		@@ -332,23 +739,65 @@ HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
332	739	return r;
333	740	}
334	741
	742	+// ファイルのMD5ハッシュを取得
	743	+BOOL GetMD5HashOfFile(LPCWSTR Filename, void* pHash)
	744	+{
	745	+ BOOL bResult;
	746	+ HCRYPTPROV hProv;
	747	+ HCRYPTHASH hHash;
	748	+ HANDLE hFile;
	749	+ DWORD Size;
	750	+ void* pData;
	751	+ DWORD dw;
	752	+ bResult = FALSE;
	753	+ if(CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, 0) \|\| CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
	754	+ {
	755	+ if(CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
	756	+ {
	757	+ if((hFile = CreateFileW(Filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) != INVALID_HANDLE_VALUE)
	758	+ {
	759	+ Size = GetFileSize(hFile, NULL);
	760	+ if(pData = VirtualAlloc(NULL, Size, MEM_COMMIT, PAGE_READWRITE))
	761	+ {
	762	+ VirtualLock(pData, Size);
	763	+ if(ReadFile(hFile, pData, Size, &dw, NULL))
	764	+ {
	765	+ if(CryptHashData(hHash, (BYTE*)pData, Size, 0))
	766	+ {
	767	+ dw = 16;
	768	+ if(CryptGetHashParam(hHash, HP_HASHVAL, (BYTE*)pHash, &dw, 0))
	769	+ bResult = TRUE;
	770	+ }
	771	+ }
	772	+ VirtualUnlock(pData, Size);
	773	+ VirtualFree(pData, Size, MEM_DECOMMIT);
	774	+ }
	775	+ CloseHandle(hFile);
	776	+ }
	777	+ CryptDestroyHash(hHash);
	778	+ }
	779	+ CryptReleaseContext(hProv, 0);
	780	+ }
	781	+ return bResult;
	782	+}
	783	+
335	784	// DLLのハッシュを登録
336		-BOOL RegisterModuleMD5Hash(void* pHash)
	785	+BOOL RegisterTrustedModuleMD5Hash(void* pHash)
337	786	{
338	787	BOOL bResult;
339	788	BYTE NullHash[16] = {0};
340	789	int i;
341	790	bResult = FALSE;
342		- if(FindModuleMD5Hash(pHash))
	791	+ if(FindTrustedModuleMD5Hash(pHash))
343	792	bResult = TRUE;
344	793	else
345	794	{
346	795	i = 0;
347		- while(i < MAX_MD5_HASH_TABLE)
	796	+ while(i < MAX_TRUSTED_MD5_HASH_TABLE)
348	797	{
349		- if(memcmp(&g_MD5HashTable[i], &NullHash, 16) == 0)
	798	+ if(memcmp(&g_TrustedMD5HashTable[i], &NullHash, 16) == 0)
350	799	{
351		- memcpy(&g_MD5HashTable[i], pHash, 16);
	800	+ memcpy(&g_TrustedMD5HashTable[i], pHash, 16);
352	801	bResult = TRUE;
353	802	break;
354	803	}

		@@ -359,18 +808,18 @@ BOOL RegisterModuleMD5Hash(void* pHash)
359	808	}
360	809
361	810	// DLLのハッシュの登録を解除
362		-BOOL UnregisterModuleMD5Hash(void* pHash)
	811	+BOOL UnregisterTrustedModuleMD5Hash(void* pHash)
363	812	{
364	813	BOOL bResult;
365	814	BYTE NullHash[16] = {0};
366	815	int i;
367	816	bResult = FALSE;
368	817	i = 0;
369		- while(i < MAX_MD5_HASH_TABLE)
	818	+ while(i < MAX_TRUSTED_MD5_HASH_TABLE)
370	819	{
371		- if(memcmp(&g_MD5HashTable[i], pHash, 16) == 0)
	820	+ if(memcmp(&g_TrustedMD5HashTable[i], pHash, 16) == 0)
372	821	{
373		- memcpy(&g_MD5HashTable[i], &NullHash, 16);
	822	+ memcpy(&g_TrustedMD5HashTable[i], &NullHash, 16);
374	823	bResult = TRUE;
375	824	break;
376	825	}

		@@ -379,144 +828,157 @@ BOOL UnregisterModuleMD5Hash(void* pHash)
379	828	return bResult;
380	829	}
381	830
382		-// DLLのハッシュを検索
383		-BOOL FindModuleMD5Hash(void* pHash)
	831	+// 信頼できないDLLをアンロード
	832	+BOOL UnloadUntrustedModule()
384	833	{
385	834	BOOL bResult;
386		- int i;
	835	+ wchar_t* pw0;
	836	+ HANDLE hSnapshot;
	837	+ MODULEENTRY32 me;
	838	+ DWORD Length;
387	839	bResult = FALSE;
388		- i = 0;
389		- while(i < MAX_MD5_HASH_TABLE)
	840	+ pw0 = NULL;
	841	+ if((hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId())) != INVALID_HANDLE_VALUE)
390	842	{
391		- if(memcmp(&g_MD5HashTable[i], pHash, 16) == 0)
	843	+ bResult = TRUE;
	844	+ me.dwSize = sizeof(MODULEENTRY32);
	845	+ if(Module32First(hSnapshot, &me))
392	846	{
393		- bResult = TRUE;
394		- break;
	847	+ do
	848	+ {
	849	+ Length = MAX_PATH;
	850	+ FreeDuplicatedString(pw0);
	851	+ if(pw0 = AllocateStringW(Length))
	852	+ {
	853	+ if(GetModuleFileNameW(me.hModule, pw0, Length) > 0)
	854	+ {
	855	+ while(pw0)
	856	+ {
	857	+ if(GetModuleFileNameW(me.hModule, pw0, Length) + 1 <= Length)
	858	+ break;
	859	+ Length = Length * 2;
	860	+ FreeDuplicatedString(pw0);
	861	+ pw0 = AllocateStringW(Length);
	862	+ }
	863	+ }
	864	+ }
	865	+ if(pw0)
	866	+ {
	867	+ if(!IsModuleTrusted(pw0))
	868	+ {
	869	+ if(me.hModule != GetModuleHandleW(NULL))
	870	+ {
	871	+ while(FreeLibrary(me.hModule))
	872	+ {
	873	+ }
	874	+ if(GetModuleFileNameW(me.hModule, pw0, Length) > 0)
	875	+ {
	876	+ bResult = FALSE;
	877	+ break;
	878	+ }
	879	+ }
	880	+ }
	881	+ }
	882	+ else
	883	+ {
	884	+ bResult = FALSE;
	885	+ break;
	886	+ }
	887	+ }
	888	+ while(Module32Next(hSnapshot, &me));
395	889	}
396		- i++;
	890	+ CloseHandle(hSnapshot);
397	891	}
398		- return bResult;
399		-}
400		-
401		-// DLLを確認
402		-// ハッシュが登録されている、Authenticode署名がされている、またはWFPによる保護下にあることを確認
403		-BOOL IsModuleTrustedA(LPCSTR Filename)
404		-{
405		- BOOL r = FALSE;
406		- wchar_t* pw0 = NULL;
407		- pw0 = DuplicateAtoW(Filename, -1);
408		- r = IsModuleTrustedW(pw0);
409	892	FreeDuplicatedString(pw0);
410		- return r;
411		-}
412		-
413		-// DLLを確認
414		-// ハッシュが登録されている、Authenticode署名がされている、またはWFPによる保護下にあることを確認
415		-BOOL IsModuleTrustedW(LPCWSTR Filename)
416		-{
417		- BOOL bResult;
418		- WCHAR Path[MAX_PATH];
419		- LPWSTR p;
420		- BYTE Hash[16];
421		- GUID g = WINTRUST_ACTION_GENERIC_VERIFY_V2;
422		- WINTRUST_FILE_INFO wfi;
423		- WINTRUST_DATA wd;
424		- bResult = FALSE;
425		- if(wcsrchr(Filename, '.') > wcsrchr(Filename, '\\'))
426		- {
427		- if(SearchPathW(NULL, Filename, NULL, MAX_PATH, Path, &p) > 0)
428		- Filename = Path;
429		- }
430		- else
431		- {
432		- if(SearchPathW(NULL, Filename, L".dll", MAX_PATH, Path, &p) > 0)
433		- Filename = Path;
434		- }
435		- if(GetMD5HashOfFile(Filename, &Hash))
436		- {
437		- if(FindModuleMD5Hash(&Hash))
438		- bResult = TRUE;
439		- }
440		- if(!bResult)
441		- {
442		- ZeroMemory(&wfi, sizeof(WINTRUST_FILE_INFO));
443		- wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
444		- wfi.pcwszFilePath = Filename;
445		- ZeroMemory(&wd, sizeof(WINTRUST_DATA));
446		- wd.cbStruct = sizeof(WINTRUST_DATA);
447		- wd.dwUIChoice = WTD_UI_NONE;
448		- wd.dwUnionChoice = WTD_CHOICE_FILE;
449		- wd.pFile = &wfi;
450		- if(WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &g, &wd) == ERROR_SUCCESS)
451		- bResult = TRUE;
452		- }
453		- if(!bResult)
454		- {
455		- if(SfcIsFileProtected(NULL, Filename))
456		- bResult = TRUE;
457		- }
458		-// if(!bResult)
459		-// {
460		-// WCHAR Temp[MAX_PATH + 128];
461		-// _swprintf(Temp, L"Untrusted module was detected! \"%s\"\n", Filename);
462		-// OutputDebugStringW(Temp);
463		-// }
464	893	return bResult;
465	894	}
466	895
467	896	// 関数ポインタを使用可能な状態に初期化
468	897	BOOL InitializeLoadLibraryHook()
469	898	{
	899	+ BOOL bResult;
470	900	HMODULE hModule;
471		- hModule = GetModuleHandleW(L"kernel32.dll");
472		- GET_FUNCTION(hModule, LoadLibraryA);
473		- GET_FUNCTION(hModule, LoadLibraryW);
474		- GET_FUNCTION(hModule, LoadLibraryExA);
475		- GET_FUNCTION(hModule, LoadLibraryExW);
476		- hModule = GetModuleHandleW(L"ntdll.dll");
477		- GET_FUNCTION(hModule, LdrLoadDll);
478		- GET_FUNCTION(hModule, LdrGetDllHandle);
479		- GET_FUNCTION(hModule, LdrAddRefDll);
480		- return TRUE;
	901	+ bResult = TRUE;
	902	+ if(!(hModule = GetModuleHandleW(L"kernel32.dll")))
	903	+ bResult = FALSE;
	904	+ if(!(GET_FUNCTION(hModule, LoadLibraryA)))
	905	+ bResult = FALSE;
	906	+ if(!(GET_FUNCTION(hModule, LoadLibraryW)))
	907	+ bResult = FALSE;
	908	+ if(!(GET_FUNCTION(hModule, LoadLibraryExA)))
	909	+ bResult = FALSE;
	910	+ if(!(GET_FUNCTION(hModule, LoadLibraryExW)))
	911	+ bResult = FALSE;
	912	+ if(!(hModule = GetModuleHandleW(L"ntdll.dll")))
	913	+ bResult = FALSE;
	914	+ if(!(GET_FUNCTION(hModule, LdrLoadDll)))
	915	+ bResult = FALSE;
	916	+ if(!(GET_FUNCTION(hModule, LdrGetDllHandle)))
	917	+ bResult = FALSE;
	918	+ if(!(GET_FUNCTION(hModule, RtlImageNtHeader)))
	919	+ bResult = FALSE;
	920	+ if(!(hModule = LoadLibraryW(L"wintrust.dll")))
	921	+ bResult = FALSE;
	922	+ if(!(GET_FUNCTION(hModule, CryptCATAdminCalcHashFromFileHandle)))
	923	+ bResult = FALSE;
	924	+ return bResult;
481	925	}
482	926
483	927	// SetWindowsHookEx対策
484	928	// DLL Injectionされた場合は上のh_LoadLibrary系関数でトラップ可能
485	929	BOOL EnableLoadLibraryHook(BOOL bEnable)
486	930	{
	931	+ BOOL bResult;
	932	+ bResult = FALSE;
487	933	if(bEnable)
488	934	{
489		- // 検証に必要なDLLの遅延読み込み回避
490		- IsModuleTrustedA("");
	935	+ bResult = TRUE;
491	936	#ifdef USE_CODE_HOOK
492		- SET_HOOK_FUNCTION(LoadLibraryA);
493		- SET_HOOK_FUNCTION(LoadLibraryW);
494		- SET_HOOK_FUNCTION(LoadLibraryExA);
495		- SET_HOOK_FUNCTION(LoadLibraryExW);
	937	+ if(!SET_HOOK_FUNCTION(LoadLibraryA))
	938	+ bResult = FALSE;
	939	+ if(!SET_HOOK_FUNCTION(LoadLibraryW))
	940	+ bResult = FALSE;
	941	+ if(!SET_HOOK_FUNCTION(LoadLibraryExA))
	942	+ bResult = FALSE;
	943	+ if(!SET_HOOK_FUNCTION(LoadLibraryExW))
	944	+ bResult = FALSE;
496	945	#endif
497	946	#ifdef USE_IAT_HOOK
498		- HookFunctionInIAT(p_LoadLibraryA, h_LoadLibraryA);
499		- HookFunctionInIAT(p_LoadLibraryW, h_LoadLibraryW);
500		- HookFunctionInIAT(p_LoadLibraryExA, h_LoadLibraryExA);
501		- HookFunctionInIAT(p_LoadLibraryExW, h_LoadLibraryExW);
	947	+ if(!HookFunctionInIAT(p_LoadLibraryA, h_LoadLibraryA))
	948	+ bResult = FALSE;
	949	+ if(!HookFunctionInIAT(p_LoadLibraryW, h_LoadLibraryW))
	950	+ bResult = FALSE;
	951	+ if(!HookFunctionInIAT(p_LoadLibraryExA, h_LoadLibraryExA))
	952	+ bResult = FALSE;
	953	+ if(!HookFunctionInIAT(p_LoadLibraryExW, h_LoadLibraryExW))
	954	+ bResult = FALSE;
502	955	#endif
503	956	}
504	957	else
505	958	{
	959	+ bResult = TRUE;
506	960	#ifdef USE_CODE_HOOK
507		- END_HOOK_FUNCTION(LoadLibraryA);
508		- END_HOOK_FUNCTION(LoadLibraryW);
509		- END_HOOK_FUNCTION(LoadLibraryExA);
510		- END_HOOK_FUNCTION(LoadLibraryExW);
	961	+ if(!END_HOOK_FUNCTION(LoadLibraryA))
	962	+ bResult = FALSE;
	963	+ if(!END_HOOK_FUNCTION(LoadLibraryW))
	964	+ bResult = FALSE;
	965	+ if(!END_HOOK_FUNCTION(LoadLibraryExA))
	966	+ bResult = FALSE;
	967	+ if(!END_HOOK_FUNCTION(LoadLibraryExW))
	968	+ bResult = FALSE;
511	969	#endif
512	970	#ifdef USE_IAT_HOOK
513		- HookFunctionInIAT(h_LoadLibraryA, p_LoadLibraryA);
514		- HookFunctionInIAT(h_LoadLibraryW, p_LoadLibraryW);
515		- HookFunctionInIAT(h_LoadLibraryExA, p_LoadLibraryExA);
516		- HookFunctionInIAT(h_LoadLibraryExW, p_LoadLibraryExW);
	971	+ if(!HookFunctionInIAT(h_LoadLibraryA, p_LoadLibraryA))
	972	+ bResult = FALSE;
	973	+ if(!HookFunctionInIAT(h_LoadLibraryW, p_LoadLibraryW))
	974	+ bResult = FALSE;
	975	+ if(!HookFunctionInIAT(h_LoadLibraryExA, p_LoadLibraryExA))
	976	+ bResult = FALSE;
	977	+ if(!HookFunctionInIAT(h_LoadLibraryExW, p_LoadLibraryExW))
	978	+ bResult = FALSE;
517	979	#endif
518	980	}
519		- return TRUE;
	981	+ return bResult;
520	982	}
521	983
522	984	// ReadProcessMemory、WriteProcessMemory、CreateRemoteThread対策

--- a/protectprocess.h

+++ b/protectprocess.h

		@@ -45,11 +45,10 @@ EXTERN_HOOK_FUNCTION_VAR(LoadLibraryExW)
45	45	#endif
46	46
47	47	HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
48		-BOOL RegisterModuleMD5Hash(void* pHash);
49		-BOOL UnregisterModuleMD5Hash(void* pHash);
50		-BOOL FindModuleMD5Hash(void* pHash);
51		-BOOL IsModuleTrustedA(LPCSTR Filename);
52		-BOOL IsModuleTrustedW(LPCWSTR Filename);
	48	+BOOL GetMD5HashOfFile(LPCWSTR Filename, void* pHash);
	49	+BOOL RegisterTrustedModuleMD5Hash(void* pHash);
	50	+BOOL UnregisterTrustedModuleMD5Hash(void* pHash);
	51	+BOOL UnloadUntrustedModule();
53	52	BOOL InitializeLoadLibraryHook();
54	53	BOOL EnableLoadLibraryHook(BOOL bEnable);
55	54	BOOL RestartProtectedProcess(LPCTSTR Keyword);

--- a/ras.c

+++ b/ras.c

		@@ -29,7 +29,8 @@
29	29
30	30	#define STRICT
31	31
32		-#define WINVER 0x400
	32	+// UTF-8対応
	33	+//#define WINVER 0x400
33	34
34	35	#include <windows.h>
35	36	#include <stdio.h>

--- a/socketwrapper.c

+++ b/socketwrapper.c

		@@ -5,8 +5,6 @@
5	5	// コンパイルにはOpenSSLのヘッダーファイルが必要
6	6	// 実行にはOpenSSLのDLLが必要
7	7
8		-#define _WIN32_WINNT 0x0600
9		-
10	8	#include <windows.h>
11	9	#include <mmsystem.h>
12	10	#include <openssl/ssl.h>

		@@ -71,9 +69,9 @@ BOOL LoadOpenSSL()
71	69	#ifdef ENABLE_PROCESS_PROTECTION
72	70	// ssleay32.dll 1.0.0e
73	71	// libssl32.dll 1.0.0e
74		- RegisterModuleMD5Hash("\x8B\xA3\xB7\xB3\xCE\x2E\x4F\x07\x8C\xB8\x93\x7D\x77\xE1\x09\x3A");
	72	+ RegisterTrustedModuleMD5Hash("\x8B\xA3\xB7\xB3\xCE\x2E\x4F\x07\x8C\xB8\x93\x7D\x77\xE1\x09\x3A");
75	73	// libeay32.dll 1.0.0e
76		- RegisterModuleMD5Hash("\xA6\x4C\xAF\x9E\xF3\xDC\xFC\x68\xAE\xCA\xCC\x61\xD2\xF6\x70\x8B");
	74	+ RegisterTrustedModuleMD5Hash("\xA6\x4C\xAF\x9E\xF3\xDC\xFC\x68\xAE\xCA\xCC\x61\xD2\xF6\x70\x8B");
77	75	#endif
78	76	g_hOpenSSL = LoadLibrary("ssleay32.dll");
79	77	if(!g_hOpenSSL)

ffftp Fork