├── include
├── ITH
│ ├── version.h
│ ├── BitMap.h
│ ├── mem.h
│ ├── CustomFilter.h
│ ├── IHF_DLL.h
│ ├── SettingManager.h
│ ├── string.h
│ ├── IHF.h
│ ├── ITH_TLS.h
│ ├── common.h
│ ├── IHF_SYS.h
│ ├── main_template.h
│ ├── Hash.h
│ ├── TextThread.h
│ └── HookManager.h
└── winres.h
├── ITH
├── ITH.rc
├── icon1.ico
├── resource.h
├── ITH.h
├── BitMap.cpp
├── ITH.vcxproj.filters
├── language.h
├── PointerTable.h
├── language.cpp
├── profile.h
├── CustomFilter.cpp
├── command.cpp
├── window.h
└── ITH.vcxproj
├── BuildDate.bat
├── ITH_TLS
├── sizedef.h
├── prng.h
├── hmac.h
├── arithmetic.h
├── aes256.h
├── prng.cpp
├── tls.h
├── ITH_TLS.vcxproj.filters
├── socket.h
├── main.cpp
├── hmac.cpp
├── socket.cpp
├── x509.h
└── ITH_TLS.vcxproj
├── .gitignore
├── Build.txt
├── README.md
├── ITH_HashLib
├── ITH_HashLib.vcxproj.filters
└── ITH_HashLib.vcxproj
├── ITH_SYS
├── ITH_SYS.vcxproj.filters
└── ITH_SYS.vcxproj
├── ITH_TinyXmlLib
├── ITH_TinyXmlLib.vcxproj.filters
├── tinyxmlerror.cpp
├── tinystr.cpp
└── ITH_TinyXmlLib.vcxproj
├── ITH_Engine
├── ITH_Engine.vcxproj.filters
├── util.h
├── engine.h
├── ITH_Engine.vcxproj
└── util.cpp
├── IHF_DLL
├── IHF_DLL.vcxproj.filters
├── IHF_CLIENT.h
└── IHF_DLL.vcxproj
├── IHF
├── IHF.vcxproj.filters
├── BitMap.cpp
├── main.h
├── language.h
├── language.cpp
├── pipe.cpp
└── IHF.vcxproj
└── ITH3.sln
/include/ITH/version.h:
--------------------------------------------------------------------------------
1 | const wchar_t* build_date=L"05.02.2014";
2 |
--------------------------------------------------------------------------------
/ITH/ITH.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndyScull/interactive-text-hooker/HEAD/ITH/ITH.rc
--------------------------------------------------------------------------------
/ITH/icon1.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndyScull/interactive-text-hooker/HEAD/ITH/icon1.ico
--------------------------------------------------------------------------------
/ITH/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndyScull/interactive-text-hooker/HEAD/ITH/resource.h
--------------------------------------------------------------------------------
/BuildDate.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | SET _result=%DATE:/=.%
3 | echo const wchar_t* build_date=L"%_result%"; >%1%\include\ITH\version.h
4 | @echo on
5 | echo %_result%
--------------------------------------------------------------------------------
/ITH_TLS/sizedef.h:
--------------------------------------------------------------------------------
1 | #ifndef ITH_SIZEDEF
2 | #define ITH_SIZEDEF
3 | typedef unsigned char u8;
4 | typedef unsigned short u16;
5 | typedef unsigned int u32;
6 | #endif
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # our libraries directory
2 | /lib
3 |
4 | # Visual Studio Directories
5 | Debug
6 | Release
7 | /ipch
8 | /libs
9 | /obj
10 |
11 | # Visual Studio Files
12 | *.aps
13 | *.sdf
14 | *.user
15 | *.opensdf
16 | *.suo
17 |
--------------------------------------------------------------------------------
/Build.txt:
--------------------------------------------------------------------------------
1 | Requirements to Compile
2 |
3 | 1. Visual C++ 2010 Express
4 | 2. Windows Driver Kit 7.1 (7600.16385.1)
5 |
6 | - create lib\ folder and put ntdll.lib (from WDK) into it
7 | - copy winres.h from WDK to include folder
8 |
9 |
10 |
11 | - after build, Release folder contains all
12 | required DLL, Clean Solution does not delete them
13 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | interactive-text-hooker
2 | =======================
3 |
4 | Interactive Text Hooker (ITH) is a tool to help you extract text from Japanese games. The extracted text can then be sent to machine translation engine and electronic dictionary. By this approach you can learn Japanese while playing games!
5 |
6 | The current version is based on ITH 3.0 originally hosted on Google Code (https://code.google.com/p/interactive-text-hooker/).
7 |
8 | Features:
9 |
10 | - attach to/detach from target process dynamically
11 | - insert/modify/remove hook dynamically
12 | - detect many common game engine
13 | - save actions to profile and automatically perform in the future
14 | - a flexible thread linking mechanism
15 | - detect and remove single character repetition
16 | - on demand suppress repetition
17 |
--------------------------------------------------------------------------------
/ITH_HashLib/ITH_HashLib.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/ITH_SYS/ITH_SYS.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 |
--------------------------------------------------------------------------------
/ITH_TLS/prng.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_PRNG
19 | #define ITH_PRNG
20 | #include "sizedef.h"
21 | struct PRNGContext
22 | {
23 | unsigned char prng_key[240];
24 | unsigned char seed[0x10];
25 | };
26 | void PRNGInit(PRNGContext* ctx);
27 | void PRNGGen(PRNGContext* ctx, unsigned char *dest, unsigned int size);
28 | void PRNGClose(PRNGContext* ctx);
29 | #endif
--------------------------------------------------------------------------------
/include/ITH/BitMap.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | class BitMap
20 | {
21 | public:
22 | BitMap();
23 | BitMap(unsigned long init_size);
24 | ~BitMap();
25 | bool Check(unsigned long number);
26 | void Set(unsigned long number);
27 | void Reset();
28 | void Clear(unsigned long number);
29 | protected:
30 | unsigned char* map;
31 | unsigned long size;
32 | };
--------------------------------------------------------------------------------
/ITH_TinyXmlLib/ITH_TinyXmlLib.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 |
--------------------------------------------------------------------------------
/ITH_Engine/ITH_Engine.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/include/winres.h:
--------------------------------------------------------------------------------
1 | // This is a part of the Microsoft Foundation Classes C++ library.
2 | // Copyright (C) 1992-1999 Microsoft Corporation
3 | // All rights reserved.
4 | //
5 | // This source code is only intended as a supplement to the
6 | // Microsoft Foundation Classes Reference and related
7 | // electronic documentation provided with the library.
8 | // See these sources for detailed information regarding the
9 | // Microsoft Foundation Classes product.
10 |
11 | // winres.h - Windows resource definitions
12 | // extracted from WINUSER.H and COMMCTRL.H
13 |
14 | #ifdef _AFX_MINREBUILD
15 | #pragma component(minrebuild, off)
16 | #endif
17 |
18 | #define VS_VERSION_INFO 1
19 |
20 | #ifdef APSTUDIO_INVOKED
21 | #define APSTUDIO_HIDDEN_SYMBOLS // Ignore following symbols
22 | #endif
23 |
24 | #ifndef WINVER
25 | #define WINVER 0x0400 // default to Windows Version 4.0
26 | #endif
27 |
28 | #include
29 |
30 | #ifdef _MAC
31 | #define DS_WINDOWSUI 0x8000L
32 | #endif
33 |
34 | // operation messages sent to DLGINIT
35 | #define LB_ADDSTRING (WM_USER+1)
36 | #define CB_ADDSTRING (WM_USER+3)
37 |
38 | #ifdef APSTUDIO_INVOKED
39 | #undef APSTUDIO_HIDDEN_SYMBOLS
40 | #endif
41 |
42 | #ifdef IDC_STATIC
43 | #undef IDC_STATIC
44 | #endif
45 | #define IDC_STATIC (-1)
46 |
47 | #ifdef _AFX_MINREBUILD
48 | #pragma component(minrebuild, on)
49 | #endif
50 |
51 |
--------------------------------------------------------------------------------
/ITH_TLS/hmac.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_HMAC
19 | #define ITH_HMAC
20 | #include
21 | #define HMAC_BLOCK_SIZE 64
22 | class HMAC_Calc
23 | {
24 | public:
25 | HMAC_Calc(void* key, int key_len, HashCalculator* hash);
26 | ~HMAC_Calc();
27 | int HMAC_Init(void* key, int key_len, HashCalculator* hash);
28 | int HMAC_Update(void* msg, int len);
29 | int HMAC_Final(void* out);
30 | private:
31 | char opad[HMAC_BLOCK_SIZE];
32 | HashCalculator* hash_calc;
33 | };
34 | int HMAC(void* key, int len_key, void* msg, int len_msg, void* hmac, HashCalculator*);
35 | #endif
--------------------------------------------------------------------------------
/ITH_TLS/arithmetic.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_ARITHMETIC
19 | #define ITH_ARITHMETIC
20 | #include "sizedef.h"
21 | //void mulmnu( short w[], short u[], short v[], int m, int n);
22 | int mulmnu(u8 w[], u8 u[], u8 v[], int m, int n);
23 | int divmnu( u8 q[], u8 r[], const u8 u[], const u8 v[], int m, int n);
24 | int divmnu32(u32 q[], u32 r[], const u32 u[], const u32 v[], int m, int n);
25 | int div_long(void* q, void* r, const void* u, const void* v, unsigned m, unsigned n);
26 | void exp_mod(u8* base, u8* exp, u8* mod,u8* res, u32 base_size, u32 exp_size, u32 mod_size);
27 | #endif
--------------------------------------------------------------------------------
/IHF_DLL/IHF_DLL.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 |
29 |
30 | Header Files
31 |
32 |
33 | Header Files
34 |
35 |
36 |
--------------------------------------------------------------------------------
/ITH_Engine/util.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // util/util.h
4 | // 8/23/2013 jichi
5 |
6 | #include "ITH\IHF_DLL.h"
7 | #include "ITH\IHF_SYS.h"
8 |
9 |
10 |
11 |
12 |
13 | namespace Util {
14 |
15 | DWORD GetCodeRange(DWORD hModule,DWORD *low, DWORD *high);
16 | DWORD FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig);
17 | DWORD FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp);
18 | DWORD FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp);
19 | DWORD FindCallBoth(DWORD fun, DWORD size, DWORD pt);
20 | DWORD FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig);
21 | DWORD FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig);
22 | DWORD FindEntryAligned(DWORD start, DWORD back_range);
23 | DWORD FindImportEntry(DWORD hModule, DWORD fun);
24 |
25 | bool SearchResourceString(LPCWSTR str);
26 |
27 | /**
28 | * @param name
29 | */
30 | inline void GetProcessName(wchar_t *name)
31 | {
32 | //assert(name);
33 | PLDR_DATA_TABLE_ENTRY it;
34 | __asm
35 | {
36 | mov eax,fs:[0x30]
37 | mov eax,[eax+0xc]
38 | mov eax,[eax+0xc]
39 | mov it,eax
40 | }
41 | wcscpy(name, it->BaseDllName.Buffer);
42 | }
43 |
44 | /**
45 | * @return HANDLE module handle
46 | */
47 | inline DWORD GetModuleBase()
48 | {
49 | __asm
50 | {
51 | mov eax,fs:[0x18]
52 | mov eax,[eax+0x30]
53 | mov eax,[eax+0xc]
54 | mov eax,[eax+0xc]
55 | mov eax,[eax+0x18]
56 | }
57 | }
58 |
59 | } // namespace Util
60 |
61 | // EOF
62 |
--------------------------------------------------------------------------------
/include/ITH/mem.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #ifndef DEFAULT_MM
20 |
21 | extern "C" {
22 | __declspec(dllimport) void* __stdcall RtlAllocateHeap(void* hHeap, unsigned long flags, unsigned long size);
23 | __declspec(dllimport) int __stdcall RtlFreeHeap(void*,unsigned long,void*);
24 | };
25 |
26 | extern void* hHeap;
27 |
28 | //HEAP_ZERO_MEMORY flag is critical. All new objects are assumed with zero initialized.
29 | inline void * __cdecl operator new(size_t lSize)
30 | {
31 | return RtlAllocateHeap(hHeap, 8, lSize);
32 | }
33 | inline void __cdecl operator delete(void *pBlock)
34 | {
35 | RtlFreeHeap(hHeap, 0, pBlock);
36 | }
37 | inline void __cdecl operator delete[](void* pBlock)
38 | {
39 | RtlFreeHeap(hHeap, 0, pBlock);
40 | }
41 | #endif
--------------------------------------------------------------------------------
/ITH_TLS/aes256.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_AES256
19 | #define ITH_AES256
20 | void KeyExpansion(unsigned char* key);
21 | void AES256EncryptRound(unsigned char* plain_text, unsigned char* cipher_text, unsigned char* key,unsigned int round);
22 | void AES256Encrypt(unsigned char* plain_text, unsigned char* cipher_text, unsigned char* key);
23 | void AES256Decrypt(unsigned char* plain_text, unsigned char* cipher_text, unsigned char* key);
24 |
25 | class AES_CBC_Cipher
26 | {
27 | public:
28 | AES_CBC_Cipher(unsigned char* key, unsigned char* iv);
29 | ~AES_CBC_Cipher();
30 | void Init(unsigned char* key, unsigned char* iv);
31 | void Encrypt(void* in, void* out);
32 | void Decrypt(void* in, void* out);
33 | private:
34 | unsigned char cipher_iv[16];
35 | unsigned char cipher_key[240];
36 | };
37 | #endif
--------------------------------------------------------------------------------
/include/ITH/CustomFilter.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 | typedef void (*CustomFilterCallBack) (WORD, PVOID);
22 |
23 | class CustomFilterUnicode : public BitMap
24 | {
25 | public:
26 | CustomFilterUnicode();
27 | ~CustomFilterUnicode();
28 | bool Check(WORD number);
29 | void Set(WORD number);
30 | void Clear(WORD number);
31 | void Traverse(CustomFilterCallBack callback, PVOID param);
32 |
33 | };
34 |
35 | class CustomFilterMultiByte : public BitMap
36 | {
37 | public:
38 | CustomFilterMultiByte();
39 | ~CustomFilterMultiByte();
40 | bool Check(WORD number);
41 | void Set(WORD number);
42 | void Clear(WORD number);
43 | void Reset();
44 | void Traverse(CustomFilterCallBack callback, PVOID param);
45 | private:
46 | BYTE ascii_map[0x20];
47 | };
--------------------------------------------------------------------------------
/include/ITH/IHF_DLL.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #ifdef IHF
21 | #define IHFAPI __declspec(dllexport) __stdcall
22 | #else
23 | #define IHFAPI __declspec(dllimport) __stdcall
24 | #endif
25 | extern "C" {
26 | DWORD IHFAPI OutputConsole(LPWSTR str);
27 | DWORD IHFAPI ConsoleOutput(LPSTR str);
28 | DWORD IHFAPI OutputDWORD(DWORD d);
29 | DWORD IHFAPI OutputRegister(DWORD *base);
30 | DWORD IHFAPI NotifyHookInsert(DWORD addr);
31 | DWORD IHFAPI NewHook(const HookParam& hp, LPWSTR name=0, DWORD flag=HOOK_ENGINE);
32 | DWORD IHFAPI RemoveHook(DWORD addr);
33 | DWORD IHFAPI RegisterEngineModule(DWORD base, DWORD idEngine, DWORD dnHook);
34 | DWORD IHFAPI SwitchTrigger(DWORD on);
35 | DWORD IHFAPI GetFunctionAddr(char* name, DWORD* addr, DWORD *base, DWORD* size, LPWSTR* base_name);
36 | }
--------------------------------------------------------------------------------
/include/ITH/SettingManager.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #define SETTING_SPLIT_TIME 0
21 | #define SETTING_CYCLIC_REMOVE 1
22 | #define SETTING_REPEAT_COUNT 2
23 | #define SETTING_CLIPFLAG 3
24 | #define SETTING_MAX_INDEX 4
25 | class SettingManager
26 | {
27 | public:
28 | SettingManager() {memset(settting_int,0,sizeof(settting_int));}
29 | ~SettingManager(){}
30 | unsigned int SetValue(unsigned int index, unsigned int value)
31 | {
32 | if (index < SETTING_MAX_INDEX)
33 | return (unsigned int)_InterlockedExchange((long*)settting_int+index,(long)value);
34 | else return 0;
35 | }
36 | unsigned int GetValue(unsigned int index)
37 | {
38 | if (index < SETTING_MAX_INDEX)
39 | return settting_int[index];
40 | else return 0;
41 | }
42 | private:
43 | unsigned int settting_int[SETTING_MAX_INDEX];
44 |
45 | };
--------------------------------------------------------------------------------
/ITH_TLS/prng.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 |
19 | #include "aes256.h"
20 | #include "prng.h"
21 | //#include "sha.h"
22 | #include
23 | void PRNGInit(PRNGContext* ctx)
24 | {
25 | unsigned int seed;
26 | __asm rdtsc
27 | __asm mov seed,eax
28 | HashSHA256((u8*)&seed, 4, ctx->prng_key);
29 | memset(ctx->prng_key + 32,0,224);
30 | KeyExpansion(ctx->prng_key);
31 | }
32 | void PRNGGen(PRNGContext* ctx, unsigned char *dest, unsigned int size)
33 | {
34 | unsigned int i,remain;
35 | if (size<=0) return;
36 | memset(dest,0,size);
37 | remain=size&0xF;
38 | size &= ~0xF;
39 | for (i=0;iseed,ctx->seed,ctx->prng_key,4);
42 | memcpy(dest+i,ctx->seed, 0x10);
43 | //memcpy(dest+(i<<4),ctx->seed,0x10);
44 | }
45 | if (remain)
46 | {
47 | AES256EncryptRound(ctx->seed,ctx->seed,ctx->prng_key,4);
48 | memcpy(dest+size,ctx->seed,remain);
49 | }
50 | }
--------------------------------------------------------------------------------
/IHF/IHF.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | Source Files
35 |
36 |
37 |
38 |
39 | Header Files
40 |
41 |
42 | Header Files
43 |
44 |
45 |
--------------------------------------------------------------------------------
/ITH/ITH.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | #pragma once
18 |
19 | #include
20 | inline DWORD Hash(LPWSTR module, int length = -1)
21 | {
22 | bool flag=(length==-1);
23 | DWORD hash=0;
24 | for (;*module&&(flag||length--);module++)
25 | {
26 | hash = _rotr(hash,7) + *module;
27 | //hash=((hash>>7)|(hash<<25))+(*module);
28 | }
29 | return hash;
30 | }
31 | DWORD ProcessCommand(LPWSTR cmd, DWORD pid);
32 | DWORD GetProcessPath(HANDLE hProc, LPWSTR path);
33 | DWORD GetProcessPath(DWORD pid, LPWSTR path);
34 | DWORD GetProcessMemory(HANDLE hProc, DWORD& mem_size, DWORD& ws);
35 | void ConsoleOutput(LPCWSTR);
36 | int UTF8to16len(const char* mb);
37 | int UTF8to16(const char* mb, wchar_t* wc);
38 | int UTF16to8(const wchar_t* wc, char* mb);
39 | wchar_t* AllocateUTF16AndConvertUTF8(const char* utf8);
40 | bool CheckHashStr(BYTE* value, DWORD size_in_bytes, const char* str);
41 | bool CompareHashStr(const char* s1, const char* s2);
42 | void ByteToHexStr(char* hex_str, unsigned char b);
43 | LPWSTR SaveProcessTitle(DWORD pid); //New allocated from heap.
--------------------------------------------------------------------------------
/IHF/BitMap.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include "ITH\BitMap.h"
19 |
20 | #include
21 | #include
22 |
23 | BitMap::BitMap(): size(0x20)
24 | {
25 | //map=new BYTE[size];
26 | }
27 | BitMap::BitMap(unsigned long init_size): size(init_size>>3)
28 | {
29 | map=new unsigned char[size];
30 | }
31 | BitMap::~BitMap()
32 | {
33 | if (map)
34 | {
35 | delete map;
36 | map=0;
37 | }
38 | }
39 | bool BitMap::Check(unsigned long number)
40 | {
41 | if ((number>>3)>=size) return false;
42 | return (map[number>>3]&(1<<(number&7)))!=0;
43 | }
44 | void BitMap::Set(unsigned long number)
45 | {
46 | if (number>>16) return;
47 | unsigned long s=number>>3;
48 | unsigned long t=s>>2;
49 | if (s&3) t++;
50 | s=t<<2; //Align to 4 byte.
51 | if (s>=size)
52 | {
53 | t=size;
54 | while (s>=size) size<<=1;
55 | unsigned char* temp=new unsigned char[size];
56 | memcpy(temp,map,t);
57 | delete map;
58 | map=temp;
59 | }
60 | map[number>>3]|=1<<(number&7);
61 | }
62 | void BitMap::Reset()
63 | {
64 | memset(map,0,size);
65 | }
66 | void BitMap::Clear(unsigned long number)
67 | {
68 | if ((number>>3)>=size) return;
69 | map[number>>3]&=~(1<<(number&7));
70 | }
71 |
--------------------------------------------------------------------------------
/ITH/BitMap.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include
19 |
20 | #include
21 | #include
22 | BitMap::BitMap(): size(0x20)
23 | {
24 | //map=new unsigned char[size];
25 | }
26 | BitMap::BitMap(unsigned long init_size): size(init_size>>3)
27 | {
28 | map=new unsigned char[size];
29 | }
30 | BitMap::~BitMap()
31 | {
32 | if (map)
33 | {
34 | delete map;
35 | map=0;
36 | }
37 | }
38 | bool BitMap::Check(unsigned long number)
39 | {
40 | if ((number>>3)>=size) return false;
41 | return (map[number>>3]&(1<<(number&7)))!=0;
42 | }
43 | void BitMap::Set(unsigned long number)
44 | {
45 | if (number>>16) return;
46 | unsigned long s=number>>3;
47 | unsigned long t=s>>2;
48 | if (s&3) t++;
49 | s=t<<2; //Align to 4 unsigned char.
50 | if (s>=size)
51 | {
52 | t=size;
53 | while (s>=size) size<<=1;
54 | unsigned char* temp=new unsigned char[size];
55 | memcpy(temp,map,t);
56 | delete map;
57 | map=temp;
58 | }
59 | map[number>>3]|=1<<(number&7);
60 | }
61 | void BitMap::Reset()
62 | {
63 | memset(map,0,size);
64 | }
65 | void BitMap::Clear(unsigned long number)
66 | {
67 | if ((number>>3)>=size) return;
68 | map[number>>3]&=~(1<<(number&7));
69 | }
70 |
--------------------------------------------------------------------------------
/ITH_TinyXmlLib/tinyxmlerror.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | www.sourceforge.net/projects/tinyxml
3 | Original code (2.0 and earlier )copyright (c) 2000-2006 Lee Thomason (www.grinninglizard.com)
4 |
5 | This software is provided 'as-is', without any express or implied
6 | warranty. In no event will the authors be held liable for any
7 | damages arising from the use of this software.
8 |
9 | Permission is granted to anyone to use this software for any
10 | purpose, including commercial applications, and to alter it and
11 | redistribute it freely, subject to the following restrictions:
12 |
13 | 1. The origin of this software must not be misrepresented; you must
14 | not claim that you wrote the original software. If you use this
15 | software in a product, an acknowledgment in the product documentation
16 | would be appreciated but is not required.
17 |
18 | 2. Altered source versions must be plainly marked as such, and
19 | must not be misrepresented as being the original software.
20 |
21 | 3. This notice may not be removed or altered from any source
22 | distribution.
23 | */
24 |
25 | #include
26 |
27 | // The goal of the seperate error file is to make the first
28 | // step towards localization. tinyxml (currently) only supports
29 | // english error messages, but the could now be translated.
30 | //
31 | // It also cleans up the code a bit.
32 | //
33 |
34 | const char* TiXmlBase::errorString[ TiXmlBase::TIXML_ERROR_STRING_COUNT ] =
35 | {
36 | "No error",
37 | "Error",
38 | "Failed to open file",
39 | "Error parsing Element.",
40 | "Failed to read Element name",
41 | "Error reading Element value.",
42 | "Error reading Attributes.",
43 | "Error: empty tag.",
44 | "Error reading end tag.",
45 | "Error parsing Unknown.",
46 | "Error parsing Comment.",
47 | "Error parsing Declaration.",
48 | "Error document empty.",
49 | "Error null (0) or unexpected EOF found in input stream.",
50 | "Error parsing CDATA.",
51 | "Error when TiXmlDocument added to document, because TiXmlDocument can only be at the root.",
52 | };
53 |
--------------------------------------------------------------------------------
/include/ITH/string.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #define _INC_SWPRINTF_INL_
20 | #define CRT_IMPORT __declspec(dllimport)
21 | extern "C" {
22 | CRT_IMPORT int swprintf(wchar_t * _String, const wchar_t * _Format, ...);
23 | CRT_IMPORT int sprintf(char * _String, const char * _Format, ...);
24 | CRT_IMPORT int swscanf(const wchar_t * _Src, const wchar_t * _Format, ...);
25 | CRT_IMPORT int sscanf(const char * _String, const char * _Format, ...);
26 | CRT_IMPORT int wprintf(const wchar_t* _Format, ...);
27 | CRT_IMPORT int printf(const char* _Format, ...);
28 | CRT_IMPORT int _wputs(const wchar_t* _String);
29 | CRT_IMPORT int puts(const char* _String);
30 | CRT_IMPORT int _stricmp(const char * _Str1, const char * _Str2);
31 | CRT_IMPORT int _wcsicmp(const wchar_t * _Str1, const wchar_t * _Str2);
32 | //CRT_IMPORT size_t strlen(const char *);
33 | //CRT_IMPORT size_t wcslen(const wchar_t *);
34 | //CRT_IMPORT char *strcpy(char *,const char *);
35 | //CRT_IMPORT wchar_t *wcscpy(wchar_t *,const wchar_t *);
36 | CRT_IMPORT void * memmove(void * _Dst, const void * _Src, size_t _Size);
37 | CRT_IMPORT const char * strchr(const char * _Str, int _Val);
38 | CRT_IMPORT int strncmp(const char * _Str1, const char * _Str2, size_t _MaxCount);
39 | }
40 |
--------------------------------------------------------------------------------
/IHF/main.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 | #include
22 | #include "language.h"
23 |
24 | #define GLOBAL extern
25 | #define SHIFT_JIS 0x3A4
26 | class HookManager;
27 | //class CommandQueue;
28 | class SettingManager;
29 | class TextHook;
30 | class BitMap;
31 | class CustomFilterMultiByte;
32 | class CustomFilterUnicode;
33 | #define TextHook Hook
34 | GLOBAL BOOL running;
35 | //GLOBAL BitMap *pid_map;
36 | GLOBAL CustomFilterMultiByte *mb_filter;
37 | GLOBAL CustomFilterUnicode *uni_filter;
38 | GLOBAL HookManager *man;
39 | //GLOBAL CommandQueue *cmdq;
40 | GLOBAL SettingManager* setman;
41 | GLOBAL WCHAR recv_pipe[];
42 | GLOBAL WCHAR command[];
43 | GLOBAL HANDLE hPipeExist;
44 | GLOBAL DWORD split_time,cyclic_remove,clipboard_flag,global_filter;
45 | GLOBAL CRITICAL_SECTION detach_cs;
46 |
47 | DWORD WINAPI RecvThread(LPVOID lpThreadParameter);
48 | DWORD WINAPI CmdThread(LPVOID lpThreadParameter);
49 |
50 | void ConsoleOutput(LPCWSTR text);
51 | DWORD GetCurrentPID();
52 | DWORD GetProcessIDByPath(LPWSTR str);
53 | HANDLE GetCmdHandleByPID(DWORD pid);
54 | DWORD Inject(HANDLE hProc);
55 | DWORD InjectByPID(DWORD pid);
56 | DWORD PIDByName(LPWSTR target);
57 | DWORD Hash(LPWSTR module, int length=-1);
58 |
--------------------------------------------------------------------------------
/include/ITH/IHF.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #define IHFAPI __stdcall
21 | #ifdef IHF
22 | #define IHFSERVICE __declspec(dllexport)
23 | #else
24 | #define IHFSERVICE __declspec(dllimport)
25 | #endif
26 | #define ITH_DEFAULT_ENGINE 0
27 |
28 | extern "C" {
29 | IHFSERVICE DWORD IHFAPI IHF_Init();
30 | IHFSERVICE DWORD IHFAPI IHF_Start();
31 | IHFSERVICE DWORD IHFAPI IHF_Cleanup();
32 | IHFSERVICE DWORD IHFAPI IHF_GetPIDByName(LPWSTR pwcTarget);
33 | IHFSERVICE DWORD IHFAPI IHF_InjectByPID(DWORD pid, LPWSTR engine);
34 | IHFSERVICE DWORD IHFAPI IHF_ActiveDetachProcess(DWORD pid);
35 | IHFSERVICE DWORD IHFAPI IHF_GetHookManager(HookManager** hookman);
36 | IHFSERVICE DWORD IHFAPI IHF_GetSettingManager(SettingManager** set_man);
37 | IHFSERVICE DWORD IHFAPI IHF_InsertHook(DWORD pid, HookParam* hp, LPWSTR name = 0);
38 | IHFSERVICE DWORD IHFAPI IHF_ModifyHook(DWORD pid, HookParam* hp);
39 | IHFSERVICE DWORD IHFAPI IHF_RemoveHook(DWORD pid, DWORD addr);
40 | IHFSERVICE DWORD IHFAPI IHF_IsAdmin();
41 | //IHFSERVICE DWORD IHFAPI IHF_GetFilters(PVOID* mb_filter, PVOID* uni_filter);
42 | IHFSERVICE DWORD IHFAPI IHF_AddLink(DWORD from, DWORD to);
43 | IHFSERVICE DWORD IHFAPI IHF_UnLink(DWORD from);
44 | IHFSERVICE DWORD IHFAPI IHF_UnLinkAll(DWORD from);
45 | }
--------------------------------------------------------------------------------
/ITH_TLS/tls.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_TLS_HEADER
19 | #define ITH_TLS_HEADER
20 | #include "aes256.h"
21 | #include "hmac.h"
22 | #include "socket.h"
23 | #include
24 | #include
25 | class PHashGen
26 | {
27 | public:
28 | PHashGen(HashType HashType, void* secret, int len_secret, void* seed, int len_seed);
29 | ~PHashGen();
30 | int NextHash(void*);
31 | private:
32 | unsigned char* secret;
33 | unsigned char* seed;
34 | int len_secret,len_seed;
35 | HashCalculator* hash;
36 | };
37 | int PRF_TLSv1(void* secret, int len_secret, void* text, int len_text, void* out, int len_out);
38 | int ComputeMasterSecret(void* pre_master, void* master, void* client_random, void* server_random);
39 | int ComputeKeyBlock(void* master, void* out, void* client_random, void* server_random);
40 | int ComputeClientWriteKey(void* client_write, int len, void* out, void* client_ramdom, void* server_random);
41 | int ComputeServerWriteKey(void* server_write, int len, void* out, void* client_ramdom, void* server_random);
42 | int ComputeClientIV(void* out, int len, void* client_ramdom, void* server_random);
43 | int ComputeClientVerify(void* out, void* master, void* hash_md5, void* hash_sha1);
44 | int ComputeClientMAC(void* out, void* key, int len_key, void * seq, void* msg, int msg_len);
45 |
46 | #endif
--------------------------------------------------------------------------------
/include/ITH/ITH_TLS.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #ifdef ITH_TLS
21 | #define ITH_TLS_SERVICE __declspec(dllexport)
22 | #else
23 | #define ITH_TLS_SERVICE __declspec(dllimport)
24 | #endif
25 | #define ITH_TLS_API __stdcall
26 |
27 | #ifndef ITH_TLS_SOCKET
28 | #define ITH_TLS_SOCKET
29 | class TransportSocket
30 | {
31 | public:
32 | TransportSocket() : sock(0), type(0), error_code(0), status(0) {}
33 | virtual ~TransportSocket();
34 | virtual int socket();
35 | virtual int connect(char* server, int port = 0); //pass 0 to make use of default port number.
36 | //This number is 80 for plain socket and 443 for secure socket.
37 | virtual int close();
38 | virtual int send(void* data, int len);
39 | virtual int recv(void* data, int len);
40 | inline int Type() {return type;}
41 | protected:
42 | int sock, type, error_code, status;
43 | };
44 | #endif
45 | extern "C" {
46 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Init();
47 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Cleanup();
48 | ITH_TLS_SERVICE HashCalculator* ITH_TLS_API ITH_TLS_NewHashCalculator(HashType type);
49 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroyHashCalculator(HashCalculator* hash);
50 | ITH_TLS_SERVICE TransportSocket* ITH_TLS_API ITH_TLS_NewSocket(DWORD secure);
51 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroySocket(TransportSocket* socket);
52 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_RSAEncrypt(void* key, void* data, void* out, DWORD len_in_bytes);
53 | };
54 |
--------------------------------------------------------------------------------
/ITH_TLS/ITH_TLS.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 | Source Files
41 |
42 |
43 |
44 |
45 | Header Files
46 |
47 |
48 | Header Files
49 |
50 |
51 | Header Files
52 |
53 |
54 | Header Files
55 |
56 |
57 | Header Files
58 |
59 |
60 | Header Files
61 |
62 |
63 | Header Files
64 |
65 |
66 | Header Files
67 |
68 |
69 |
--------------------------------------------------------------------------------
/include/ITH/common.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 | #include
22 |
23 | #define IHF_COMMAND -1
24 | #define IHF_COMMAND_NEW_HOOK 0
25 | #define IHF_COMMAND_REMOVE_HOOK 1
26 | #define IHF_COMMAND_MODIFY_HOOK 2
27 | #define IHF_COMMAND_DETACH 3
28 | #define IHF_NOTIFICATION -1
29 | #define IHF_NOTIFICATION_TEXT 0
30 | #define IHF_NOTIFICATION_NEWHOOK 1
31 |
32 | #define USING_STRING 0x1
33 | #define USING_UNICODE 0x2
34 | #define BIG_ENDIAN 0x4
35 | #define DATA_INDIRECT 0x8
36 | #define USING_SPLIT 0x10
37 | #define SPLIT_INDIRECT 0x20
38 | #define MODULE_OFFSET 0x40
39 | #define FUNCTION_OFFSET 0x80
40 | #define PRINT_DWORD 0x100
41 | #define STRING_LAST_CHAR 0x200
42 | #define NO_CONTEXT 0x400
43 | #define EXTERN_HOOK 0x800
44 | #define HOOK_AUXILIARY 0x2000
45 | #define HOOK_ENGINE 0x4000
46 | #define HOOK_ADDITIONAL 0x8000
47 |
48 | #define MAX_HOOK 32
49 |
50 |
51 |
52 | struct HookParam //0x24
53 | {
54 | typedef void (*DataFun)(DWORD, HookParam*, DWORD*, DWORD*, DWORD*);
55 |
56 | DWORD addr;
57 | DWORD off,ind,split,split_ind;
58 | DWORD module,function;
59 | DataFun extern_fun;
60 | DWORD type;
61 | WORD length_offset;
62 | BYTE hook_len,recover_len;
63 | };
64 | struct SendParam
65 | {
66 | DWORD type;
67 | HookParam hp;
68 | };
69 | class Hook //0x80
70 | {
71 | public:
72 | inline DWORD Address() const {return hp.addr;}
73 | inline DWORD Type() const {return hp.type;}
74 | inline WORD Length() const {return hp.hook_len;}
75 | inline LPWSTR Name() const {return hook_name;}
76 | inline int NameLength() const {return name_length;}
77 | //protected:
78 | HookParam hp;
79 | LPWSTR hook_name;
80 | int name_length;
81 | BYTE recover[0x68-sizeof(HookParam)];
82 | BYTE original[0x10];
83 | };
84 |
--------------------------------------------------------------------------------
/ITH/ITH.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 | Source Files
41 |
42 |
43 |
44 |
45 | Header Files
46 |
47 |
48 | Header Files
49 |
50 |
51 | Header Files
52 |
53 |
54 | Header Files
55 |
56 |
57 | Header Files
58 |
59 |
60 | Header Files
61 |
62 |
63 |
64 |
65 | Resource Files
66 |
67 |
68 |
69 |
70 | Resource Files
71 |
72 |
73 |
--------------------------------------------------------------------------------
/IHF_DLL/IHF_CLIENT.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | #pragma once
18 | //#include
19 | #define IHF
20 | #include
21 | #include
22 |
23 | #define HEADER_SIZE 0xC
24 | extern int current_hook;
25 | extern WCHAR dll_mutex[];
26 | extern WCHAR dll_name[];
27 | extern DWORD trigger;
28 | //extern DWORD current_process_id;
29 | template class AVLTree;
30 | struct FunctionInfo
31 | {
32 | DWORD addr;
33 | DWORD module;
34 | DWORD size;
35 | LPWSTR name;
36 | };
37 | class SCMP;
38 | class SCPY;
39 | class SLEN;
40 | extern AVLTree *tree;
41 | void InitFilterTable();
42 |
43 | int disasm(BYTE* opcode0);
44 | class TextHook : public Hook
45 | {
46 | public:
47 | int InsertHook();
48 | int InsertHookCode();
49 | int InitHook(const HookParam&, LPWSTR name=0, WORD set_flag=0);
50 | int InitHook(LPVOID addr, DWORD data, DWORD data_ind,
51 | DWORD split_off, DWORD split_ind, WORD type, DWORD len_off=0);
52 | DWORD Send(DWORD dwDataBase, DWORD dwRetn);
53 | int RecoverHook();
54 | int RemoveHook();
55 | int ClearHook();
56 | int ModifyHook(const HookParam&);
57 | int SetHookName(LPWSTR name);
58 | int GetLength(DWORD base, DWORD in);
59 | };
60 |
61 | extern TextHook *hookman,*current_available;
62 | void InitDefaultHook();
63 | struct FilterRange
64 | {
65 | DWORD lower,upper;
66 | };
67 | extern FilterRange filter[8];
68 | int FillRange(LPWSTR name,DWORD* lower, DWORD* upper);
69 | extern bool running,live;
70 | extern HANDLE hPipe,hmMutex;
71 | DWORD WINAPI WaitForPipe(LPVOID lpThreadParameter);
72 | DWORD WINAPI CommandPipe(LPVOID lpThreadParameter);
73 | void RequestRefreshProfile();
74 | typedef DWORD (*IdentifyEngineFun)();
75 | typedef DWORD (*InsertHookFun)(DWORD);
76 | typedef DWORD (*InsertDynamicHookFun)(LPVOID addr, DWORD frame, DWORD stack);
77 | extern IdentifyEngineFun IdentifyEngine;
78 | extern InsertDynamicHookFun InsertDynamicHook;
--------------------------------------------------------------------------------
/ITH_TinyXmlLib/tinystr.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | www.sourceforge.net/projects/tinyxml
3 |
4 | This software is provided 'as-is', without any express or implied
5 | warranty. In no event will the authors be held liable for any
6 | damages arising from the use of this software.
7 |
8 | Permission is granted to anyone to use this software for any
9 | purpose, including commercial applications, and to alter it and
10 | redistribute it freely, subject to the following restrictions:
11 |
12 | 1. The origin of this software must not be misrepresented; you must
13 | not claim that you wrote the original software. If you use this
14 | software in a product, an acknowledgment in the product documentation
15 | would be appreciated but is not required.
16 |
17 | 2. Altered source versions must be plainly marked as such, and
18 | must not be misrepresented as being the original software.
19 |
20 | 3. This notice may not be removed or altered from any source
21 | distribution.
22 | */
23 |
24 |
25 | #ifndef TIXML_USE_STL
26 |
27 | #include
28 |
29 | // Error value for find primitive
30 | const TiXmlString::size_type TiXmlString::npos = static_cast< TiXmlString::size_type >(-1);
31 |
32 |
33 | // Null rep.
34 | TiXmlString::Rep TiXmlString::nullrep_ = { 0, 0, { '\0' } };
35 |
36 |
37 | void TiXmlString::reserve (size_type cap)
38 | {
39 | if (cap > capacity())
40 | {
41 | TiXmlString tmp;
42 | tmp.init(length(), cap);
43 | memcpy(tmp.start(), data(), length());
44 | swap(tmp);
45 | }
46 | }
47 |
48 |
49 | TiXmlString& TiXmlString::assign(const char* str, size_type len)
50 | {
51 | size_type cap = capacity();
52 | if (len > cap || cap > 3*(len + 8))
53 | {
54 | TiXmlString tmp;
55 | tmp.init(len);
56 | memcpy(tmp.start(), str, len);
57 | swap(tmp);
58 | }
59 | else
60 | {
61 | memmove(start(), str, len);
62 | set_size(len);
63 | }
64 | return *this;
65 | }
66 |
67 |
68 | TiXmlString& TiXmlString::append(const char* str, size_type len)
69 | {
70 | size_type newsize = length() + len;
71 | if (newsize > capacity())
72 | {
73 | reserve (newsize + capacity());
74 | }
75 | memmove(finish(), str, len);
76 | set_size(newsize);
77 | return *this;
78 | }
79 |
80 |
81 | TiXmlString operator + (const TiXmlString & a, const TiXmlString & b)
82 | {
83 | TiXmlString tmp;
84 | tmp.reserve(a.length() + b.length());
85 | tmp += a;
86 | tmp += b;
87 | return tmp;
88 | }
89 |
90 | TiXmlString operator + (const TiXmlString & a, const char* b)
91 | {
92 | TiXmlString tmp;
93 | TiXmlString::size_type b_len = static_cast( strlen(b) );
94 | tmp.reserve(a.length() + b_len);
95 | tmp += a;
96 | tmp.append(b, b_len);
97 | return tmp;
98 | }
99 |
100 | TiXmlString operator + (const char* a, const TiXmlString & b)
101 | {
102 | TiXmlString tmp;
103 | TiXmlString::size_type a_len = static_cast( strlen(a) );
104 | tmp.reserve(a_len + b.length());
105 | tmp.append(a, a_len);
106 | tmp += b;
107 | return tmp;
108 | }
109 |
110 |
111 | #endif // TIXML_USE_STL
112 |
--------------------------------------------------------------------------------
/IHF/language.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | #pragma once
18 |
19 | extern const wchar_t* Warning;
20 | //command.cpp
21 | extern const wchar_t* ErrorSyntax;
22 | //inject.cpp
23 | extern const wchar_t* ErrorRemoteThread;
24 | extern const wchar_t* ErrorOpenProcess;
25 | extern const wchar_t* ErrorNoProcess;
26 | extern const wchar_t* SelfAttach;
27 | extern const wchar_t* AlreadyAttach;
28 | extern const wchar_t* FormatInject;
29 | //main.cpp
30 | extern const wchar_t* NotAdmin;
31 | //pipe.cpp
32 | extern const wchar_t* ErrorCreatePipe;
33 | extern const wchar_t* FormatDetach;
34 | extern const wchar_t* ErrorCmdQueueFull;
35 | extern const wchar_t* ErrorNoAttach;
36 |
37 | //profile.cpp
38 | extern const wchar_t* ErrorMonitor;
39 |
40 | //utility.cpp
41 | extern const wchar_t* InitMessage;
42 | extern const wchar_t* BackgroundMsg;
43 | extern const wchar_t* ErrorLinkExist;
44 | extern const wchar_t* ErrorCylicLink;
45 | extern const wchar_t* FormatLink;
46 | extern const wchar_t* ErrorLink;
47 | extern const wchar_t* ErrorDeleteCombo;
48 |
49 | //window.cpp
50 | extern const wchar_t* ClassName;
51 | extern const wchar_t* ClassNameAdmin;
52 | extern const wchar_t* ErrorNotSplit;
53 | extern const wchar_t* ErrorNotModule;
54 | //Main window buttons
55 | extern const wchar_t* ButtonTitleProcess;
56 | extern const wchar_t* ButtonTitleThread;
57 | extern const wchar_t* ButtonTitleHook;
58 | extern const wchar_t* ButtonTitleProfile;
59 | extern const wchar_t* ButtonTitleOption;
60 | extern const wchar_t* ButtonTitleClear;
61 | extern const wchar_t* ButtonTitleSave;
62 | extern const wchar_t* ButtonTitleTop;
63 | //Hook window
64 | extern const wchar_t* SpecialHook;
65 | //Process window
66 | extern const wchar_t* TabTitlePID;
67 | extern const wchar_t* TabTitleMemory;
68 | extern const wchar_t* TabTitleName;
69 | extern const wchar_t* TabTitleTID;
70 | extern const wchar_t* TabTitleStart;
71 | extern const wchar_t* TabTitleModule;
72 | extern const wchar_t* TabTitleState;
73 | extern const wchar_t* SuccessAttach;
74 | extern const wchar_t* FailAttach;
75 | extern const wchar_t* SuccessDetach;
76 | extern const wchar_t* FailDetach;
77 | //Profile window
78 | extern const wchar_t* ProfileExist;
79 | extern const wchar_t* SuccessAddProfile;
80 | extern const wchar_t* FailAddProfile;
81 | extern const wchar_t* TabTitleNumber;
82 | extern const wchar_t* NoFile;
83 | extern const wchar_t* PathDismatch;
84 | extern const wchar_t* SuccessImportProfile;
--------------------------------------------------------------------------------
/ITH/language.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | #pragma once
18 |
19 | extern const wchar_t* Warning;
20 | //command.cpp
21 | extern const wchar_t* ErrorSyntax;
22 | //inject.cpp
23 | extern const wchar_t* ErrorRemoteThread;
24 | extern const wchar_t* ErrorOpenProcess;
25 | extern const wchar_t* ErrorNoProcess;
26 | extern const wchar_t* SelfAttach;
27 | extern const wchar_t* AlreadyAttach;
28 | extern const wchar_t* FormatInject;
29 | //main.cpp
30 | extern const wchar_t* NotAdmin;
31 | //pipe.cpp
32 | extern const wchar_t* ErrorCreatePipe;
33 | extern const wchar_t* FormatDetach;
34 | extern const wchar_t* ErrorCmdQueueFull;
35 | extern const wchar_t* ErrorNoAttach;
36 |
37 | //profile.cpp
38 | extern const wchar_t* ErrorMonitor;
39 |
40 | //utility.cpp
41 | extern const wchar_t* InitMessage;
42 | extern const wchar_t* BackgroundMsg;
43 | extern const wchar_t* ErrorLinkExist;
44 | extern const wchar_t* ErrorCylicLink;
45 | extern const wchar_t* FormatLink;
46 | extern const wchar_t* ErrorLink;
47 | extern const wchar_t* ErrorDeleteCombo;
48 |
49 | //window.cpp
50 | extern const wchar_t* ClassName;
51 | extern const wchar_t* ClassNameAdmin;
52 | extern const wchar_t* ErrorNotSplit;
53 | extern const wchar_t* ErrorNotModule;
54 | //Main window buttons
55 | extern const wchar_t* ButtonTitleProcess;
56 | extern const wchar_t* ButtonTitleThread;
57 | extern const wchar_t* ButtonTitleHook;
58 | extern const wchar_t* ButtonTitleProfile;
59 | extern const wchar_t* ButtonTitleOption;
60 | extern const wchar_t* ButtonTitleClear;
61 | extern const wchar_t* ButtonTitleSave;
62 | extern const wchar_t* ButtonTitleTop;
63 | //Hook window
64 | extern const wchar_t* SpecialHook;
65 | //Process window
66 | extern const wchar_t* TabTitlePID;
67 | extern const wchar_t* TabTitleMemory;
68 | extern const wchar_t* TabTitleName;
69 | extern const wchar_t* TabTitleTID;
70 | extern const wchar_t* TabTitleStart;
71 | extern const wchar_t* TabTitleModule;
72 | extern const wchar_t* TabTitleState;
73 | extern const wchar_t* SuccessAttach;
74 | extern const wchar_t* FailAttach;
75 | extern const wchar_t* SuccessDetach;
76 | extern const wchar_t* FailDetach;
77 | //Profile window
78 | extern const wchar_t* ProfileExist;
79 | extern const wchar_t* SuccessAddProfile;
80 | extern const wchar_t* FailAddProfile;
81 | extern const wchar_t* TabTitleNumber;
82 | extern const wchar_t* NoFile;
83 | extern const wchar_t* PathDismatch;
84 | extern const wchar_t* SuccessImportProfile;
--------------------------------------------------------------------------------
/ITH/PointerTable.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 |
20 | template
21 | class PointerTable
22 | {
23 | public:
24 | PointerTable()
25 | {
26 | assert((default_size & (default_size - 1)) == 0);
27 | size = default_size;
28 | table = new T*[size];
29 | used = 0;
30 | next = 0;
31 | memset(table, 0, size * sizeof(T*));
32 | }
33 | ~PointerTable()
34 | {
35 | delete table;
36 | }
37 | T* Set(unsigned int number, T* ptr)
38 | {
39 | if (number >= size - 2)
40 | {
41 | unsigned int new_size = size;
42 | while (number >= new_size - 2) new_size <<= 1;
43 | Resize(new_size);
44 | }
45 | T* original = table[number + 1];
46 | table[number + 1] = ptr;
47 | if (ptr == 0) //Clear pointer.
48 | {
49 | if (number < next) next = number;
50 | if (number == used - 1) //Last used position is cleared.
51 | {
52 | table[0] = (T*)1;
53 | for (used--; table[used] == 0; used--);
54 | }
55 | }
56 | else //Set pointer.
57 | {
58 | __assume(number < size - 2); //Otherwise a resize operation is invoked.
59 | if (number == next)
60 | {
61 | next++; //Next position is occupied.
62 | for (next++; table[next]; next++); //There is always a zero in the end.
63 | next--; //next is zero based but the table start at one(zero is used as sentry).
64 | }
65 | if (number >= used) used = number + 1;
66 | }
67 | return original;
68 | }
69 | T* Get(unsigned int number)
70 | {
71 | number++;
72 | if (number <= used) return table[number];
73 | else return 0;
74 | }
75 | T* operator [](unsigned int number)
76 | {
77 | number++;
78 | if (number <= used) return table[number];
79 | else return 0;
80 | }
81 | void Append(T* ptr)
82 | {
83 | Set(next,ptr);
84 | }
85 | void Resize(unsigned int new_size)
86 | {
87 | assert(new_size > size);
88 | assert((new_size & (new_size - 1)) == 0);
89 | assert(new_size < 0x10000);
90 |
91 | T** temp = new T*[new_size];
92 | memcpy(temp, table, size * sizeof(T*));
93 | memset(temp + size, 0, (new_size - size) * sizeof(T*));
94 | delete table;
95 | size = new_size;
96 | table = temp;
97 | }
98 | void DeleteAll() //Release all pointers on demand.
99 | {
100 | T* p;
101 | next = 0;
102 | while (used)
103 | {
104 | p = table[used];
105 | if (p) delete p;
106 | table[used] = 0;
107 | used--;
108 | }
109 | }
110 | void Reset() //Reset without release pointers.
111 | {
112 | memset(table, 0, sizeof(T*) * (used + 1));
113 | next = 0;
114 | used = 0;
115 |
116 | }
117 | unsigned int size,next,used;
118 | T** table;
119 | };
--------------------------------------------------------------------------------
/include/ITH/IHF_SYS.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | extern "C" {
21 | extern WORD* NlsAnsiCodePage;
22 | int disasm(BYTE* opcode0);
23 | int FillRange(LPWSTR name,DWORD* lower, DWORD* upper);
24 | int MB_WC(char* mb, wchar_t* wc);
25 | int MB_WC_count(char* mb, int mb_length);
26 | int WC_MB(wchar_t *wc, char* mb);
27 | DWORD SearchPattern(DWORD base, DWORD base_length, LPVOID search, DWORD search_length); //KMP
28 | BOOL IthInitSystemService();
29 | void IthCloseSystemService();
30 | DWORD IthGetMemoryRange(LPVOID mem, DWORD* base, DWORD* size);
31 | BOOL IthCheckFile(LPWSTR file);
32 | BOOL IthFindFile(LPWSTR file);
33 | BOOL IthGetFileInfo(LPWSTR file, LPVOID info, DWORD size = 0x1000);
34 | BOOL IthCheckFileFullPath(LPWSTR file);
35 | HANDLE IthCreateFile(LPWSTR name, DWORD option, DWORD share, DWORD disposition);
36 | HANDLE IthCreateFileInDirectory(LPWSTR name, HANDLE dir, DWORD option, DWORD share, DWORD disposition);
37 | HANDLE IthCreateDirectory(LPWSTR name);
38 | HANDLE IthCreateFileFullPath(LPWSTR full_path, DWORD option, DWORD share, DWORD disposition);
39 | HANDLE IthPromptCreateFile(DWORD option, DWORD share, DWORD disposition);
40 | HANDLE IthCreateSection(LPWSTR name, DWORD size, DWORD right);
41 | HANDLE IthCreateEvent(LPWSTR name, DWORD auto_reset=0, DWORD init_state=0);
42 | HANDLE IthOpenEvent(LPWSTR name);
43 | void IthSetEvent(HANDLE hEvent);
44 | void IthResetEvent(HANDLE hEvent);
45 | HANDLE IthCreateMutex(LPWSTR name, BOOL InitialOwner, DWORD* exist=0);
46 | HANDLE IthOpenMutex(LPWSTR name);
47 | BOOL IthReleaseMutex(HANDLE hMutex);
48 | //DWORD IthWaitForSingleObject(HANDLE hObject, DWORD dwTime);
49 | HANDLE IthCreateThread(LPVOID start_addr, DWORD param, HANDLE hProc=(HANDLE)-1);
50 | DWORD GetExportAddress(DWORD hModule,DWORD hash);
51 | void IthSleep(int time);
52 | void IthSystemTimeToLocalTime(LARGE_INTEGER* ptime);
53 | void FreeThreadStart(HANDLE hProc);
54 | void CheckThreadStart();
55 | }
56 | extern HANDLE hHeap;
57 | extern DWORD current_process_id,debug;
58 | extern BYTE LeadByteTable[];
59 | extern LPVOID page;
60 | extern BYTE launch_time[];
61 | inline DWORD GetHash(LPSTR str)
62 | {
63 | DWORD hash=0;
64 | for (;*str;str++)
65 | {
66 | hash=((hash>>7)|(hash<<25))+(*str);
67 | }
68 | return hash;
69 | }
70 | inline DWORD GetHash(LPWSTR str)
71 | {
72 | DWORD hash=0;
73 | for (;*str;str++)
74 | {
75 | hash=((hash>>7)|(hash<<25))+(*str);
76 | }
77 | return hash;
78 | }
79 | inline void IthBreak()
80 | {
81 | if (debug) __debugbreak();
82 | }
83 | inline LPWSTR GetMainModulePath()
84 | {
85 | __asm
86 | {
87 | mov eax, fs:[0x30]
88 | mov eax, [eax + 0xC]
89 | mov eax, [eax + 0xC]
90 | mov eax, [eax + 0x28]
91 | }
92 | }
--------------------------------------------------------------------------------
/ITH_TLS/socket.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_SOCKET
19 | #define ITH_SOCKET
20 | #include "aes256.h"
21 | #include
22 | #include
23 | #ifndef ITH_TLS_SOCKET
24 | #define ITH_TLS_SOCKET
25 | class TransportSocket
26 | {
27 | public:
28 | TransportSocket() : sock(0), sock6(0), error(0), status(0) {}
29 | virtual ~TransportSocket();
30 | virtual int socket();
31 | virtual int connect(char* server, int port);
32 | virtual int close();
33 | virtual int send(void* data, int len);
34 | virtual int recv(void* data, int len);
35 | //inline int Type() {return type;}
36 | protected:
37 | int sock, sock6, error, status;
38 | };
39 | #endif
40 |
41 |
42 | #define AES256_KEY_SIZE 0x20
43 | #define AES256_BLOCK_SIZE 0x10
44 | #define KEY_BLOCK_SIZE ((HASH_SIZE_SHA1 + AES256_KEY_SIZE + AES256_BLOCK_SIZE) * 2)
45 | struct MasterSecret
46 | {
47 | unsigned char secret[0x30];
48 | };
49 | struct RecordControlBlock
50 | {
51 | int expect_recv;
52 | int already_recv;
53 | unsigned long long send_seq;
54 | unsigned long long recv_seq;
55 | };
56 | struct KeyBlock
57 | {
58 | unsigned char client_mac[HASH_SIZE_SHA1],server_mac[HASH_SIZE_SHA1];
59 | unsigned char client_write[AES256_KEY_SIZE], server_write[AES256_KEY_SIZE];
60 | unsigned char client_iv[AES256_BLOCK_SIZE],server_iv[AES256_BLOCK_SIZE];
61 | };
62 |
63 |
64 | class SecureSocket : public TransportSocket
65 | {
66 | public:
67 | SecureSocket();
68 | ~SecureSocket();
69 | //virtual int socket();
70 | virtual int connect(char* server, int port);
71 | virtual int close();
72 | virtual int send(void* data, int len);
73 | virtual int recv(void* data, int len);
74 | protected:
75 | int send_type(void* data, int len, unsigned char type);
76 | int get_record();
77 | int build_ssl_client_hello(char* hello, unsigned char* client_random);
78 | int recv_full(void* buff, int len);
79 | int handshake();
80 | AES_CBC_Cipher* get_encryptor();
81 | AES_CBC_Cipher* get_decryptor();
82 | KeyBlock* get_key_block();
83 | //static const int port = 443;
84 | unsigned int buffer_size;
85 | //int sock;
86 | //unsigned int status;
87 | RecordControlBlock rcb;
88 | void* transfer_buffer;
89 | void* param_buffer;
90 | };
91 |
92 | /*class DNSCache : public AVLTree
93 | {
94 | public:
95 | void SetAddress(char* server, unsigned long addr);
96 | unsigned long GetAddress(char* server);
97 |
98 | };
99 | class DNSCache6 : public AVLTree
100 | {
101 | public:
102 | void SetAddress(char* server, char* addr);
103 | char* GetAddress(char* server);
104 | };
105 | extern DNSCache *dns;*/
106 | #endif
--------------------------------------------------------------------------------
/ITH_TLS/main.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include
19 | #define ITH_TLS
20 | #include
21 | #include
22 | //#include "sha.h"
23 | #include "socket.h"
24 | #include "arithmetic.h"
25 | //#include "tls.h"
26 | #include
27 | HANDLE hHeap;
28 | //DNSCache* dns;
29 |
30 | BOOL WINAPI DllMain(HANDLE hModule, DWORD reason, LPVOID lpReserved)
31 | {
32 | switch(reason)
33 | {
34 | case DLL_PROCESS_ATTACH:
35 | {
36 | LdrDisableThreadCalloutsForDll(hModule);
37 | hHeap = RtlCreateHeap(HEAP_GROWABLE,0,0,0,0,0);
38 | }
39 | break;
40 | case DLL_PROCESS_DETACH:
41 | RtlDestroyHeap(hHeap);
42 | hHeap = 0;
43 | break;
44 | }
45 | return TRUE;
46 | }
47 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Init()
48 | {
49 | WSADATA wsa;
50 | WSAStartup(MAKEWORD(2,2),&wsa);
51 | //dns = new DNSCache;
52 | //dns->Insert(DNSInitTableName[0],DNSInitTableAddr[0]);
53 | return 0;
54 | }
55 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Cleanup()
56 | {
57 | //delete dns;
58 | //dns = 0;
59 | WSACleanup();
60 | return 0;
61 | }
62 | ITH_TLS_SERVICE HashCalculator* ITH_TLS_API ITH_TLS_NewHashCalculator(HashType type)
63 | {
64 | switch (type)
65 | {
66 | case HashTypeMD5:
67 | return new MD5Calc;
68 | break;
69 | case HashTypeSHA1:
70 | return new SHA1Calc;
71 | break;
72 | case HashTypeSHA256:
73 | return new SHA256Calc;
74 | break;
75 | default:
76 | return 0;
77 | }
78 | }
79 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroyHashCalculator(HashCalculator* hash)
80 | {
81 | delete hash;
82 | return 0;
83 | }
84 | ITH_TLS_SERVICE TransportSocket* ITH_TLS_API ITH_TLS_NewSocket(DWORD secure)
85 | {
86 | if (secure == 0) return new TransportSocket;
87 | else return new SecureSocket;
88 | }
89 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroySocket(TransportSocket* socket)
90 | {
91 | delete socket;
92 | return 0;
93 | }
94 | ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_RSAEncrypt(void* key, void* data, void* out, DWORD len_in_bytes)
95 | {
96 | if (len_in_bytes > 0x100) return -1;
97 | static BYTE commong_exp[4] = {1,0,1,0}; //0x10001
98 | BYTE *key_tmp, *data_tmp;
99 | DWORD tmp_len = 0x10;
100 | while (len_in_bytes > tmp_len) tmp_len <<= 1;
101 | key_tmp = new BYTE[tmp_len];
102 | data_tmp = new BYTE[tmp_len];
103 | memcpy(key_tmp, key, len_in_bytes);
104 | memset(key_tmp + len_in_bytes, 0, tmp_len - len_in_bytes);
105 | memcpy(data_tmp, data, len_in_bytes);
106 | memset(data_tmp + len_in_bytes, 0, tmp_len - len_in_bytes);
107 | exp_mod(data_tmp, commong_exp, key_tmp, data_tmp, len_in_bytes, 4, len_in_bytes);
108 | memcpy(out, data_tmp, len_in_bytes);
109 | delete key_tmp;
110 | delete data_tmp;
111 | return 0;
112 | }
--------------------------------------------------------------------------------
/ITH_Engine/engine.h:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include "util.h"
6 | #include "ITH\version.h"
7 |
8 |
9 | DWORD DetermineEngineType();
10 | DWORD DetermineEngineByFile1();
11 | DWORD DetermineEngineByFile2();
12 | DWORD DetermineEngineByFile3();
13 | DWORD DetermineEngineByFile4();
14 | DWORD DetermineEngineByProcessName();
15 | DWORD DetermineEngineOther();
16 | DWORD DetermineNoHookEngine();
17 |
18 |
19 |
20 | // Engine-specific hooks
21 |
22 | bool InsertAbelHook(); // Abel
23 | bool InsertAliceHook(); // System40@AliceSoft; do not work for latest alice games
24 | bool InsertAnex86Hook(); // Anex86: anex86.exe
25 | bool InsertApricotHook(); // Apricot: arc.a*
26 | bool InsertArtemisHook(); // Artemis Engine: *.pfs
27 | bool InsertAtelierHook(); // Atelier Kaguya: message.dat
28 | bool InsertBGIHook(); // BGI: BGI.*
29 | bool InsertC4Hook(); // C4: C4.EXE or XEX.EXE
30 | bool InsertCaramelBoxHook(); // Caramel: *.bin
31 | bool InsertCandyHook(); // SystemC@CandySoft: *.fpk
32 | bool InsertCatSystem2Hook(); // CatSystem2: *.int
33 | bool InsertCotophaHook(); // Cotopha: *.noa
34 | bool InsertDebonosuHook(); // Debonosu: bmp.bak and dsetup.dll
35 | bool InsertEMEHook(); // EmonEngine: emecfg.ecf
36 | bool InsertGesen18Hook(); // Gsen18: *.szs
37 | bool InsertGXPHook(); // GXP: *.gxp
38 | bool InsertLiveHook(); // Live: live.dll
39 | bool InsertMalieHook(); // Malie@light: malie.ini
40 | bool InsertMEDHook(); // RunrunEngine: *.med
41 | bool InsertNextonHook(); // NEXTON: aInfo.db
42 | bool InsertNitroPlusHook(); // NitroPlus: *.npa
43 | bool InsertPensilHook(); // Pensil: PSetup.exe
44 | bool InsertQLIEHook(); // QLiE: GameData/*.pack
45 | //bool InsertRai7Hook(); // Rai7puk: rai7.exe
46 | bool InsertRejetHook(); // Rejet: Module/{gd.dat,pf.dat,sd.dat}
47 | bool InsertRUGPHook(); // rUGP: rUGP.exe
48 | bool InsertRetouchHook(); // Retouch: resident.dll
49 | bool InsertRREHook(); // RRE: rrecfg.rcf
50 | bool InsertShinaHook(); // ShinaRio: Rio.ini
51 | bool InsertShinyDaysHook(); // ShinyDays
52 | bool InsertSystem43Hook(); // System43@AliceSoft: AliceStart.ini
53 | bool InsertSiglusHook(); // SiglusEngine: SiglusEngine.exe
54 | bool InsertTanukiHook(); // Tanuki: *.tak
55 | bool InsertTaskforce2Hook(); // Taskforce2.exe
56 | bool InsertTriangleHook(); // Triangle: Execle.exe
57 | //bool InsertSolfaHook(); // sol-fa-soft: *.iar
58 | bool InsertWhirlpoolHook(); // YU-RIS: *.ypf
59 | bool InsertWillPlusHook(); // WillPlus: Rio.arc
60 | bool InsertWolfHook(); // Wolf: Data.wolf
61 |
62 | //bool InsertBaldrHook(); // BaldrSkyZero (Unity3D): bsz.exe
63 |
64 | void InsertAB2TryHook(); // Yane@AkabeiSoft2Try: YaneSDK.dll.
65 | void InsertBrunsHook(); // Bruns: bruns.exe
66 | void InsertCMVSHook(); // CMVS: data/pack/*.cpz; do not support the latest cmvs32.exe and cmvs64.exe
67 | void InsertLuneHook(); // Lune: *.mbl
68 | void InsertMajiroHook(); // MAJIRO: *.arc
69 | void InsertKiriKiriHook(); // KiriKiri: *.xp3, resource string
70 | void InsertIronGameSystemHook();// IroneGameSystem: igs_sample.exe
71 | void InsertLucifenHook(); // Lucifen@Navel: *.lpk
72 | void InsertRyokuchaHook(); // Ryokucha: _checksum.exe
73 | void InsertRealliveHook(); // RealLive: RealLive*.exe
74 | void InsertSoftHouseHook(); // SoftHouse: *.vfs
75 | void InsertStuffScriptHook(); // Stuff: *.mpk
76 | void InsertTinkerBellHook(); // TinkerBell: arc00.dat
77 | void InsertWaffleHook(); // WAFFLE: cg.pak
78 |
79 | // CIRCUS: avdata/
80 | bool InsertCircusHook1();
81 | bool InsertCircusHook2();
82 |
--------------------------------------------------------------------------------
/ITH_TLS/hmac.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include "hmac.h"
19 | #include
20 | int HMAC(void* key, int len_key, void* msg, int len_msg, void* hmac, HashCalculator* hash)
21 | {
22 | int i, hash_value_size;
23 | unsigned char ipad[HMAC_BLOCK_SIZE],opad[HMAC_BLOCK_SIZE];
24 | unsigned char buffer[HMAC_BLOCK_SIZE];
25 | hash_value_size = hash->HashValueSize();
26 | if (len_key > HMAC_BLOCK_SIZE)
27 | {
28 | hash->HashInit();
29 | hash->HashUpdate(key,len_key);
30 | hash->HashFinal(buffer);
31 | memset(buffer + hash_value_size, 0, HMAC_BLOCK_SIZE - hash_value_size);
32 | }
33 | else if (len_key < HMAC_BLOCK_SIZE)
34 | {
35 | memcpy(buffer, key, len_key);
36 | memset(buffer + len_key, 0, HMAC_BLOCK_SIZE - len_key);
37 | }
38 | else
39 | memcpy(buffer, key, len_key);
40 | memset(ipad, 0x36, HMAC_BLOCK_SIZE);
41 | memset(opad, 0x5C, HMAC_BLOCK_SIZE);
42 | for (i = 0; i < HMAC_BLOCK_SIZE; i++)
43 | {
44 | ipad[i] ^= buffer[i];
45 | opad[i] ^= buffer[i];
46 | }
47 | hash->HashInit();
48 | hash->HashUpdate(ipad,HMAC_BLOCK_SIZE);
49 | hash->HashUpdate(msg,len_msg);
50 | hash->HashFinal(buffer);
51 |
52 | hash->HashInit();
53 | hash->HashUpdate(opad,HMAC_BLOCK_SIZE);
54 | hash->HashUpdate(buffer,hash_value_size);
55 | hash->HashFinal(hmac);
56 |
57 | return 0;
58 | }
59 |
60 |
61 | HMAC_Calc::HMAC_Calc( void* key, int key_len, HashCalculator* hash)
62 | {
63 | HMAC_Init(key,key_len,hash);
64 | }
65 |
66 | HMAC_Calc::~HMAC_Calc()
67 | {
68 | memset(opad,0,HMAC_BLOCK_SIZE);
69 | }
70 |
71 | int HMAC_Calc::HMAC_Init( void* key, int len_key, HashCalculator* hash)
72 | {
73 | char ipad[HMAC_BLOCK_SIZE];
74 | hash_calc = hash;
75 | hash_calc->HashInit();
76 | int i, size = hash_calc->HashValueSize();
77 | memset(ipad, 0x36, HMAC_BLOCK_SIZE);
78 | memset(opad, 0x5c, HMAC_BLOCK_SIZE);
79 | if (len_key > HMAC_BLOCK_SIZE)
80 | {
81 | char buffer[HMAC_BLOCK_SIZE];
82 | hash_calc->HashUpdate(key,len_key);
83 | hash_calc->HashFinal(buffer);
84 | for (i = 0; i < size; i+=4)
85 | {
86 | unsigned int t = *(unsigned int*)(buffer + i);
87 | *(unsigned int*)(ipad + i) ^= t;
88 | *(unsigned int*)(opad + i) ^= t;
89 | }
90 | }
91 | else
92 | {
93 | char* p = (char*)key;
94 | for (i = 0; i < len_key; i += 4)
95 | {
96 | unsigned int t = *(unsigned int*)(p + i);
97 | *(unsigned int*)(ipad + i) ^= t;
98 | *(unsigned int*)(opad + i) ^= t;
99 | }
100 | }
101 | hash_calc->HashUpdate(ipad,HMAC_BLOCK_SIZE);
102 | memset(ipad, 0, HMAC_BLOCK_SIZE);
103 | return 0;
104 | }
105 |
106 | int HMAC_Calc::HMAC_Update( void* msg, int len )
107 | {
108 | hash_calc->HashUpdate(msg,len);
109 | return 0;
110 | }
111 |
112 | int HMAC_Calc::HMAC_Final( void* out )
113 | {
114 | char buffer[HMAC_BLOCK_SIZE];
115 | hash_calc->HashFinal(buffer);
116 | hash_calc->HashInit();
117 | hash_calc->HashUpdate(opad,HMAC_BLOCK_SIZE);
118 | hash_calc->HashUpdate(buffer,hash_calc->HashValueSize());
119 | hash_calc->HashFinal(out);
120 | return 0;
121 | }
122 |
--------------------------------------------------------------------------------
/include/ITH/main_template.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | template
21 | void Release(const T& p) {delete p;}
22 |
23 | //Prevent memory release.
24 | //Used when T is basic types and will be automatically released (on stack).
25 | #define MK_BASIC_TYPE(T) \
26 | template<> \
27 | void Release(const T& p) {}
28 |
29 | template
30 | class BinaryEqual
31 | {
32 | public:
33 | bool operator ()(const T& a, const T& b, DWORD) {return a==b;}
34 | };
35 | template >
36 | class MyVector
37 | {
38 | public:
39 | MyVector()
40 | {
41 | InitializeCriticalSection(&cs_store);
42 | size=default_size;
43 | used=0;
44 | storage=new T[size];
45 | }
46 | virtual ~MyVector()
47 | {
48 | if (storage) delete []storage;
49 | DeleteCriticalSection(&cs_store);
50 | storage=0;
51 | }
52 | void Reset()
53 | {
54 | EnterCriticalSection(&cs_store);
55 | for (int i=0;i(storage[i]);
58 | storage[i]=T();
59 | }
60 | used=0;
61 | LeaveCriticalSection(&cs_store);
62 | }
63 | void Remove(int index)
64 | {
65 | if (index>=used) return;
66 | Release(storage[index]);
67 | for (int i=index;i=size)
90 | {
91 | while (amount+used+2>=size) size<<=1;
92 | T* temp;
93 | if (size*sizeof(T)<0x1000000)
94 | {
95 | temp=new T[size];
96 | memcpy(temp,storage,used*sizeof(T));
97 | }
98 | else
99 | {
100 | size=default_size;
101 | temp=new T[size];
102 | used=0;
103 | status=1;
104 | }
105 | delete []storage;
106 | storage=temp;
107 | }
108 | memcpy(storage+used,con,amount*sizeof(T));
109 | used+=amount;
110 | LeaveCriticalSection(&cs_store);
111 | return status;
112 | }
113 | int Find(const T& item, int start=0, DWORD control=0)
114 | {
115 | int c=-1;
116 | for (int i=start;i
135 | class MyStack
136 | {
137 | public:
138 | MyStack(): index(0) {}
139 | void push_back(const T& e)
140 | {
141 | if (index.
16 | */
17 |
18 |
19 | #include
20 | #include
21 | #include
22 | #include "socket.h"
23 | #include
24 | static const char* googleITH = "interactive-text-hooker.googlecode.com";
25 | //74.125.31.82
26 | static const DWORD googleITH4 = 0x521f7d4a; //
27 | //2404:6800:800b::64
28 | static const unsigned char googleITH6[0x10] = {0x24,0x4,0x68,0x00,0x80,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x65};
29 |
30 | TransportSocket::~TransportSocket()
31 | {
32 | close();
33 | }
34 | int TransportSocket::socket()
35 | {
36 | int s = _InterlockedExchange((long*)&sock,1);
37 | if (s == 0)
38 | {
39 | s = ::socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
40 | if (s != INVALID_SOCKET) sock = s;
41 | return s;
42 | }
43 | else sock = 0;
44 | return -1;
45 | }
46 |
47 | int TransportSocket::connect( char* server, int port )
48 | {
49 | if (port == 0) port = 80;
50 | if (_stricmp(server,googleITH) == 0)
51 | {
52 | sockaddr_in6 addr6 = {};
53 | addr6.sin6_family = AF_INET6;
54 | addr6.sin6_port = htons(port);
55 | memcpy(addr6.sin6_addr.s6_addr,googleITH6,0x10);
56 | sock6 = ::socket(AF_INET6,SOCK_STREAM,IPPROTO_TCP);
57 | error = ::connect(sock6,(sockaddr*)&addr6,sizeof(addr6));
58 | if (error != 0)
59 | {
60 | closesocket(sock6);
61 | sock6 = 0;
62 | }
63 | else return 0;
64 | sockaddr_in remote;
65 | remote.sin_family = AF_INET;
66 | remote.sin_addr.s_addr = googleITH4;
67 | remote.sin_port = htons(port);
68 | return ::connect(sock, (struct sockaddr *)&remote, sizeof(remote));
69 | }
70 |
71 | unsigned long addr = 0;
72 | unsigned long ip1,ip2,ip3,ip4;
73 | if (sscanf(server,"%d.%d.%d.%d",&ip1,&ip2,&ip3,&ip4) == 4)
74 | {
75 | addr |= ip4;
76 | addr <<= 8;
77 | addr |= ip3;
78 | addr <<= 8;
79 | addr |= ip2;
80 | addr <<= 8;
81 | addr |= ip1;
82 | }
83 | else
84 | {
85 | hostent* host = gethostbyname(server);
86 | if (host == 0) return -1;
87 | addr = *(ULONG*)host->h_addr_list[0];
88 |
89 | }
90 |
91 | sockaddr_in remote;
92 | remote.sin_family = AF_INET;
93 | remote.sin_addr.s_addr = addr;
94 | remote.sin_port = htons(port);
95 | return ::connect(sock, (struct sockaddr *)&remote, sizeof(struct sockaddr));
96 | }
97 |
98 | int TransportSocket::close()
99 | {
100 | int s = _InterlockedExchange((long*)&sock6,0);
101 | if (s == 0)
102 | {
103 | s = _InterlockedExchange((long*)&sock,0);
104 | if (s == 0) return 0;
105 | }
106 | else closesocket(sock);
107 | shutdown(s, SD_BOTH);
108 | //Wait for gracefully shutdown. In normal network condition TCP should shutdown in 1 sec.
109 | //As only (20(IP) + 20(TCP)) * 2(FIN&ACK, ACK) = 80 bytes needed to be transmitted.
110 | LARGE_INTEGER sleep_time = {-10000000, -1};
111 | NtDelayExecution(0,&sleep_time);
112 | return closesocket(s);
113 | }
114 |
115 | int TransportSocket::send( void* data, int len )
116 | {
117 | int s = sock6 != 0 ? sock6 : sock;
118 | return ::send(s,(char*)data,len,0);
119 | }
120 |
121 | int TransportSocket::recv( void* data, int len )
122 | {
123 | int s = sock6 != 0 ? sock6 : sock;
124 | return ::recv(s,(char*)data,len,0);
125 | }
126 |
127 | /*void DNSCache::SetAddress(char* server, unsigned long addr)
128 | {
129 | Insert(server, addr);
130 | }
131 |
132 | unsigned long DNSCache::GetAddress(char* server)
133 | {
134 | TreeNode* node;
135 | node = Search(server);
136 | if (node == 0) return 0;
137 | return node->data;
138 | }*/
--------------------------------------------------------------------------------
/ITH/language.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | const wchar_t* Warning=L"Warning!";
18 | //command.cpp
19 | const wchar_t* ErrorSyntax=L"Syntax error";
20 | //inject.cpp
21 | const wchar_t* ErrorRemoteThread=L"Can't create remote thread.";
22 | const wchar_t* ErrorOpenProcess=L"Can't open process.";
23 | const wchar_t* ErrorNoProcess=L"Process not found";
24 | const wchar_t* SelfAttach=L"Please do not attach to ITH.exe";
25 | const wchar_t* AlreadyAttach=L"Process already attached.";
26 | const wchar_t* FormatInject=L"Inject process %d. Module base %.8X";
27 | //main.cpp
28 | const wchar_t* NotAdmin=L"Can't enable SeDebugPrevilege. ITH might malfunction.\r\n\
29 | Please run ITH as administrator or turn off UAC.";
30 | //pipe.cpp
31 | const wchar_t* ErrorCreatePipe=L"Can't create text pipe or too many instance.";
32 | const wchar_t* FormatDetach=L"Process %d detached.";
33 | const wchar_t* ErrorCmdQueueFull=L"Command queue full.";
34 | const wchar_t* ErrorNoAttach=L"No process attached.";
35 |
36 | //profile.cpp
37 | const wchar_t* ErrorMonitor=L"Can't monitor process.";
38 | //utility.cpp
39 | const wchar_t* InitMessage=L"Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)\r\n\
40 | Source code \r\n\
41 | General discussion ";
42 | const wchar_t* BackgroundMsg=L"If you feel tired about the pure white background,\r\n\
43 | put your favorite picture in ITH folder and name it 'background.bmp'\r\n";
44 | const wchar_t* ErrorLinkExist=L"Link exist.";
45 | const wchar_t* ErrorCylicLink=L"Link failed. No cyclic link allowed.";
46 | const wchar_t* FormatLink=L"Link from thread%.4x to thread%.4x.";
47 | const wchar_t* ErrorLink=L"Link failed. Source or/and destination thread not found.";
48 | const wchar_t* ErrorDeleteCombo=L"Error delete from combo.";
49 |
50 | //window.cpp
51 | const wchar_t* ClassName=L"ITH";
52 | const wchar_t* ClassNameAdmin=L"ITH (Administrator)";
53 | const wchar_t* ErrorNotSplit=L"Need to enable split first!";
54 | const wchar_t* ErrorNotModule=L"Need to enable module first!";
55 | //Main window buttons
56 | const wchar_t* ButtonTitleProcess=L"Process";
57 | const wchar_t* ButtonTitleThread=L"Thread";
58 | const wchar_t* ButtonTitleHook=L"Hook";
59 | const wchar_t* ButtonTitleProfile=L"Profile";
60 | const wchar_t* ButtonTitleOption=L"Option";
61 | const wchar_t* ButtonTitleClear=L"Clear";
62 | const wchar_t* ButtonTitleSave=L"Save";
63 | const wchar_t* ButtonTitleTop=L"Top";
64 | //Hook window
65 | const wchar_t* SpecialHook=L"Special hook, no AGTH equivalent.";
66 | //Process window
67 | const wchar_t* TabTitlePID=L"PID";
68 | const wchar_t* TabTitleMemory=L"Memory";
69 | const wchar_t* TabTitleName=L"Name";
70 | const wchar_t* TabTitleTID=L"TID";
71 | const wchar_t* TabTitleStart=L"Start";
72 | const wchar_t* TabTitleModule=L"Module";
73 | const wchar_t* TabTitleState=L"State";
74 | const wchar_t* SuccessAttach=L"Attach ITH to process successfully.";
75 | const wchar_t* FailAttach=L"Failed to attach ITH to process.";
76 | const wchar_t* SuccessDetach=L"ITH detach from process.";
77 | const wchar_t* FailDetach=L"Detach failed.";
78 | //Profile window
79 | const wchar_t* ProfileExist=L"Profile already exists.";
80 | const wchar_t* SuccessAddProfile=L"Profile added.";
81 | const wchar_t* FailAddProfile=L"Fail to add profile";
82 | const wchar_t* TabTitleNumber=L"No.";
83 | const wchar_t* NoFile=L"Can't find file.";
84 | const wchar_t* PathDismatch=L"Process name dismatch, continue?";
85 | const wchar_t* SuccessImportProfile=L"Import profile success";
86 | //const wchar_t* SuccessAddProfile=L"Profile added.";
--------------------------------------------------------------------------------
/IHF/language.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 | const wchar_t* Warning=L"Warning!";
18 | //command.cpp
19 | const wchar_t* ErrorSyntax=L"Syntax error";
20 | //inject.cpp
21 | const wchar_t* ErrorRemoteThread=L"Can't create remote thread.";
22 | const wchar_t* ErrorOpenProcess=L"Can't open process.";
23 | const wchar_t* ErrorNoProcess=L"Process not found";
24 | const wchar_t* SelfAttach=L"Please do not attach to ITH.exe";
25 | const wchar_t* AlreadyAttach=L"Process already attached.";
26 | const wchar_t* FormatInject=L"Inject process %d. Module base %.8X";
27 | //main.cpp
28 | const wchar_t* NotAdmin=L"Can't enable SeDebugPrivilege. ITH might malfunction.\r\n\
29 | Please run ITH as administrator or turn off UAC.";
30 | //pipe.cpp
31 | const wchar_t* ErrorCreatePipe=L"Can't create text pipe or too many instance.";
32 | const wchar_t* FormatDetach=L"Process %d detached.";
33 | const wchar_t* ErrorCmdQueueFull=L"Command queue full.";
34 | const wchar_t* ErrorNoAttach=L"No process attached.";
35 |
36 | //profile.cpp
37 | const wchar_t* ErrorMonitor=L"Can't monitor process.";
38 | //utility.cpp
39 | const wchar_t* InitMessage=L"Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)\r\n\
40 | Source code \r\n\
41 | General discussion \r\n\
42 | Google group \r\n";
43 | const wchar_t* BackgroundMsg=L"If you feel tired about the pure white background,\r\n\
44 | put your favorite picture in ITH folder and name it 'background.bmp'\r\n";
45 | const wchar_t* ErrorLinkExist=L"Link exist.";
46 | const wchar_t* ErrorCylicLink=L"Link failed. No cyclic link allowed.";
47 | const wchar_t* FormatLink=L"Link from thread%.4x to thread%.4x.";
48 | const wchar_t* ErrorLink=L"Link failed. Source or/and destination thread not found.";
49 | const wchar_t* ErrorDeleteCombo=L"Error delete from combo.";
50 |
51 | //window.cpp
52 | const wchar_t* ClassName=L"ITH";
53 | const wchar_t* ClassNameAdmin=L"ITH (Administrator)";
54 | const wchar_t* ErrorNotSplit=L"Need to enable split first!";
55 | const wchar_t* ErrorNotModule=L"Need to enable module first!";
56 | //Main window buttons
57 | const wchar_t* ButtonTitleProcess=L"Process";
58 | const wchar_t* ButtonTitleThread=L"Thread";
59 | const wchar_t* ButtonTitleHook=L"Hook";
60 | const wchar_t* ButtonTitleProfile=L"Profile";
61 | const wchar_t* ButtonTitleOption=L"Option";
62 | const wchar_t* ButtonTitleClear=L"Clear";
63 | const wchar_t* ButtonTitleSave=L"Save";
64 | const wchar_t* ButtonTitleTop=L"Top";
65 | //Hook window
66 | const wchar_t* SpecialHook=L"Special hook, no AGTH equivalent.";
67 | //Process window
68 | const wchar_t* TabTitlePID=L"PID";
69 | const wchar_t* TabTitleMemory=L"Memory";
70 | const wchar_t* TabTitleName=L"Name";
71 | const wchar_t* TabTitleTID=L"TID";
72 | const wchar_t* TabTitleStart=L"Start";
73 | const wchar_t* TabTitleModule=L"Module";
74 | const wchar_t* TabTitleState=L"State";
75 | const wchar_t* SuccessAttach=L"Attach ITH to process successfully.";
76 | const wchar_t* FailAttach=L"Failed to attach ITH to process.";
77 | const wchar_t* SuccessDetach=L"ITH detach from process.";
78 | const wchar_t* FailDetach=L"Detach failed.";
79 | //Profile window
80 | const wchar_t* ProfileExist=L"Profile already exists.";
81 | const wchar_t* SuccessAddProfile=L"Profile added.";
82 | const wchar_t* FailAddProfile=L"Fail to add profile";
83 | const wchar_t* TabTitleNumber=L"No.";
84 | const wchar_t* NoFile=L"Can't find file.";
85 | const wchar_t* PathDismatch=L"Process name dismatch, continue?";
86 | const wchar_t* SuccessImportProfile=L"Import profile success";
87 | //const wchar_t* SuccessAddProfile=L"Profile added.";
--------------------------------------------------------------------------------
/include/ITH/Hash.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 |
22 | #define HASH_SIZE_MD5 0x10
23 | #define HASH_BLOCK_MD5 0x40
24 | struct MD5_Context
25 | {
26 | union{
27 | unsigned __int64 len;
28 | struct {
29 | unsigned int len_low,len_high;
30 | };
31 | };
32 | unsigned int h0,h1,h2,h3;
33 | unsigned int remain_len;
34 | unsigned char remain[0x40];
35 | }; //0x5C
36 |
37 | void HashMD5Block(void* block, MD5_Context* ctx);
38 | void HashMD5(void* msg, unsigned int len, void* hash);
39 | void HashMD5Init(MD5_Context* ctx);
40 | void HashMD5Update(MD5_Context* ctx, void* msg, int len);
41 | void HashMD5Final(MD5_Context* ctx, void* hash);
42 |
43 | #define HASH_SIZE_SHA1 0x14
44 | #define HASH_BLOCK_SHA1 0x40
45 | struct SHA1_Context
46 | {
47 | union{
48 | unsigned __int64 len;
49 | struct {
50 | unsigned int len_low,len_high;
51 | };
52 | };
53 | unsigned int h0,h1,h2,h3,h4;
54 | unsigned int remain_len;
55 | unsigned char remain[0x40];
56 | }; //0x60
57 |
58 | void HashSHA1Block(void* block, SHA1_Context* ctx);
59 | void HashSHA1(void* msg, unsigned int len, void* hash);
60 | void HashSHA1Init(SHA1_Context* ctx);
61 | void HashSHA1Update(SHA1_Context* ctx, void* msg, int len);
62 | void HashSHA1Final(SHA1_Context* ctx, void* hash);
63 |
64 | #define HASH_SIZE_SHA256 32
65 | #define HASH_BLOCK_SHA256 0x40
66 | struct SHA256_Context
67 | {
68 | union{
69 | unsigned __int64 len;
70 | struct {
71 | unsigned int len_low,len_high;
72 | };
73 | };
74 | unsigned int h0,h1,h2,h3,h4,h5,h6,h7;
75 | unsigned int remain_len;
76 | unsigned char remain[0x40];
77 | }; //0x6C
78 |
79 | void HashSHA256Block(void* block, SHA256_Context* ctx);
80 | void HashSHA256(void* msg, unsigned int len, void* hash);
81 | void HashSHA256Init(SHA256_Context* ctx);
82 | void HashSHA256Update(SHA256_Context* ctx, void* msg, int len);
83 | void HashSHA256Final(SHA256_Context* ctx, void* hash);
84 |
85 | #ifndef ITH_TLS_HASH_CALC
86 | #define ITH_TLS_HASH_CALC
87 | class HashCalculator
88 | {
89 | public:
90 | HashCalculator() {}
91 | virtual ~HashCalculator() {}
92 | virtual void HashInit() {}
93 | virtual void HashUpdate(void* msg, int len) {}
94 | virtual void HashFinal(void* hash) {}
95 | virtual int HashValueSize() const {return 0;}
96 | virtual int HashBlockSize() const {return 0;}
97 | };
98 |
99 | enum HashType
100 | {
101 | HashTypeMD5 = 0,
102 | HashTypeSHA1,
103 | HashTypeSHA256
104 | };
105 | #endif
106 |
107 | class MD5Calc : public HashCalculator
108 | {
109 | public:
110 | MD5Calc();
111 | virtual ~MD5Calc();
112 | virtual void HashInit();
113 | virtual void HashUpdate(void* msg, int len);
114 | virtual void HashFinal(void* hash);
115 | virtual int HashValueSize() const;
116 | virtual int HashBlockSize() const;
117 | private:
118 | MD5_Context ctx;
119 | };
120 |
121 | class SHA1Calc : public HashCalculator
122 | {
123 | public:
124 | SHA1Calc();
125 | virtual ~SHA1Calc();
126 | virtual void HashInit();
127 | virtual void HashUpdate(void* msg, int len);
128 | virtual void HashFinal(void* hash);
129 | virtual int HashValueSize() const;
130 | virtual int HashBlockSize() const;
131 | private:
132 | SHA1_Context ctx;
133 | };
134 |
135 | class SHA256Calc : public HashCalculator
136 | {
137 | public:
138 | SHA256Calc();
139 | virtual ~SHA256Calc();
140 | virtual void HashInit();
141 | virtual void HashUpdate(void* msg, int len);
142 | virtual void HashFinal(void* hash);
143 | virtual int HashValueSize() const;
144 | virtual int HashBlockSize() const;
145 | private:
146 | SHA256_Context ctx;
147 | };
148 |
--------------------------------------------------------------------------------
/ITH/profile.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 |
20 | #include
21 | #include
22 | #include
23 | #include
24 | #include "PointerTable.h"
25 | #define THREAD_MASK_RETN 1
26 | #define THREAD_MASK_SPLIT 2
27 | struct HookProfile
28 | {
29 | HookParam hp;
30 | LPWSTR name;
31 | };
32 | struct ThreadProfile
33 | {
34 | DWORD hook_name_index;
35 | DWORD retn;
36 | DWORD split;
37 | DWORD hook_addr;
38 | WORD hm_index,flags;
39 | LPWSTR comment;
40 | };
41 | struct LinkProfile
42 | {
43 | WORD from_index,to_index;
44 | };
45 | class Profile
46 | {
47 | public:
48 | Profile();
49 | Profile(const Profile& p);
50 | ~Profile();
51 | bool XmlReadProfile(TiXmlElement* profile_node);
52 | bool XmlReadProfileHook(TiXmlElement* hooks_node);
53 | bool XmlReadProfileThread(TiXmlElement* threads_node);
54 | bool XmlReadProfileLink(TiXmlElement* links_node);
55 | bool XmlWriteProfile(TiXmlElement* profile_node);
56 | bool XmlWriteProfileHook(TiXmlElement* hooks_node);
57 | bool XmlWriteProfileThread(TiXmlElement* threads_node);
58 | bool XmlWriteProfileLink(TiXmlElement* links_node);
59 | void RemoveHook(int index);
60 | void RemoveThread(int index);
61 | void RemoveLink(int index);
62 | void Release();
63 | void ReleaseData();
64 | void ClearHooks();
65 | int AddHook(const HookParam& hp, LPWSTR name);
66 | int AddThread(ThreadProfile *tp);
67 | int AddLink(LinkProfile* lp);
68 | Profile& operator = (Profile& pf);
69 |
70 | WORD hook_count,thread_count,link_count;
71 | WORD hook_allocate,thread_allocate,link_allocate;
72 | WORD select_index,engine_type;
73 | HookProfile* hooks;
74 | ThreadProfile* threads;
75 | LinkProfile* links;
76 | LPWSTR title;
77 | };
78 | typedef TreeNode ProfileNode;
79 | class ProfileManager
80 | {
81 | public:
82 | ProfileManager();
83 | ~ProfileManager();
84 | bool AddProfile(TiXmlElement* node);
85 | DWORD AddProfile(LPWSTR path, Profile* p);
86 | void RefreshProfileXml(LPWSTR path);
87 | void RefreshProfileXml(DWORD index);
88 | void RefreshProfileXml(TreeNode* node);
89 | void ClearProfile();
90 | void LoadProfile();
91 | void SaveProfile();
92 | void ExportProfile(LPWSTR file, DWORD index);
93 | void ExportProfile(LPWSTR file, LPWSTR path);
94 | void ExportProfile(LPWSTR file, TreeNode* node);
95 | void ExportAllProfile(LPWSTR file);
96 | void DeleteProfile(int index);
97 | void DeleteProfile(LPWSTR path);
98 | void RefreshProfileAddr(DWORD pid,LPWSTR path);
99 | void SetProfileEngine(LPWSTR path, DWORD type);
100 | void LockProfileManager();
101 | void UnlockProfileManager();
102 | bool IsPathProfile(LPWSTR path);
103 | bool IsProfileCurrent(Profile* pf);
104 | Profile* GetProfile(LPWSTR path);
105 | Profile* GetProfile(DWORD pid);
106 | Profile* GetProfileByIndex(DWORD index);
107 | TiXmlElement* GetProfileXmlByIndex(DWORD index);
108 | DWORD ProfileCount();
109 | DWORD GetCurrentPID();
110 | private:
111 | //Locate profile with executable path.
112 | AVLTree profile_tree;
113 |
114 | PointerTable profile_table;
115 | PointerTable xml_table;
116 | TiXmlDocument doc;
117 | CRITICAL_SECTION pfcs;
118 | DWORD current_select_pid, current_select_profile, profile_changed;
119 | HANDLE hMonitorThread;
120 |
121 | };
122 | DWORD GetCode(const HookParam& hp, LPWSTR buffer, DWORD pid=0);
123 | void GetThreadString(ThreadProfile* tp, LPWSTR str);
124 |
125 | class HookNameManager
126 | {
127 | public:
128 | HookNameManager();
129 | ~HookNameManager();
130 | DWORD InsertName(LPWSTR name);
131 | LPWSTR GetName(DWORD index);
132 | private:
133 | //HookName of profiled threads turns to be same.
134 | //e.g. GetGlyphOutlineA, UserHook0
135 | AVLTree hookname_tree;
136 | PointerTable hookname_table;
137 | };
138 |
139 | extern ProfileManager* pfman;
140 | extern HookNameManager* hnman;
--------------------------------------------------------------------------------
/include/ITH/TextThread.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 | #include
22 |
23 | struct RepeatCountNode
24 | {
25 | short repeat;
26 | short count;
27 | RepeatCountNode* next;
28 | };
29 | struct ThreadParameter
30 | {
31 | DWORD pid;
32 | DWORD hook;
33 | DWORD retn;
34 | DWORD spl;
35 | };
36 | #define CURRENT_SELECT 0x1000
37 | #define REPEAT_NUMBER_DECIDED 0x2000
38 | #define BUFF_NEWLINE 0x4000
39 | #define CYCLIC_REPEAT 0x8000
40 | #define COUNT_PER_FOWARD 0x200
41 | #define REPEAT_DETECT 0x10000
42 | #define REPEAT_SUPPRESS 0x20000
43 | #define REPEAT_NEWLINE 0x40000
44 | class TextThread;
45 | typedef DWORD (*ThreadOutputFilterCallback) (TextThread*, BYTE*,DWORD,DWORD,PVOID);
46 | typedef DWORD (*ThreadEventCallback) (TextThread*);
47 |
48 | //extern DWORD split_time,repeat_count,global_filter,cyclic_remove;
49 |
50 | class TextThread : public MyVector
51 | {
52 | public:
53 | TextThread(DWORD pid, DWORD hook, DWORD retn, DWORD spl, WORD num);
54 | virtual ~TextThread();
55 | virtual void CopyLastSentence(LPWSTR str);
56 | virtual void SetComment(LPWSTR);
57 | virtual void ExportTextToFile(LPWSTR filename);
58 |
59 | virtual bool CheckCycle(TextThread* start);
60 | virtual DWORD GetThreadString(LPWSTR str, DWORD max);
61 | virtual DWORD GetEntryString(LPWSTR str, DWORD max = 0x200);
62 |
63 | void Reset();
64 | void AddText(BYTE* con,int len, bool new_line=false, bool console=false);
65 | void AddTextDirect(BYTE* con, int len);
66 | void RemoveSingleRepeatAuto(BYTE* con, int &len);
67 | void RemoveSingleRepeatForce(BYTE* con, int &len);
68 | void RemoveCyclicRepeat(BYTE* &con, int &len);
69 | void ResetRepeatStatus();
70 | void AddLineBreak();
71 | void ResetEditText();
72 | void ComboSelectCurrent();
73 | void UnLinkAll();
74 | void CopyLastToClipboard();
75 |
76 | //void AdjustPrevRepeat(DWORD len);
77 | //void PrevRepeatLength(DWORD &len);
78 |
79 | //bool AddToCombo();
80 | bool RemoveFromCombo();
81 |
82 | void SetNewLineFlag();
83 | void SetNewLineTimer();
84 | BYTE* GetStore(DWORD* len) {if (len) *len = used; return storage;}
85 | inline DWORD LastSentenceLen() {return used - last_sentence;}
86 | inline DWORD PID() const {return tp.pid;}
87 | inline DWORD Addr() const {return tp.hook;}
88 | inline DWORD& Status() {return status;}
89 | inline WORD Number() const {return thread_number;}
90 | inline WORD& Last() {return last;}
91 | inline WORD& LinkNumber() {return link_number;}
92 | inline UINT_PTR& Timer() {return timer;}
93 | inline ThreadParameter* GetThreadParameter() {return &tp;}
94 | inline TextThread*& Link() {return link;}
95 | inline ThreadOutputFilterCallback RegisterOutputCallBack(ThreadOutputFilterCallback cb, PVOID data)
96 | {
97 | app_data = data;
98 | return (ThreadOutputFilterCallback)_InterlockedExchange((long*)&output,(long)cb);
99 | }
100 | inline ThreadOutputFilterCallback RegisterFilterCallBack(ThreadOutputFilterCallback cb, PVOID data)
101 | {
102 | app_data = data;
103 | return (ThreadOutputFilterCallback)_InterlockedExchange((long*)&filter,(long)cb);
104 | }
105 | inline void SetRepeatFlag() {status|=CYCLIC_REPEAT;}
106 | inline void ClearNewLineFlag() {status&=~BUFF_NEWLINE;}
107 | inline void ClearRepeatFlag() {status&=~CYCLIC_REPEAT;}
108 | inline LPCWSTR GetComment() {return comment;}
109 | private:
110 | ThreadParameter tp;
111 |
112 | WORD thread_number,link_number;
113 | WORD last,align_space;
114 | WORD repeat_single;
115 | WORD repeat_single_current;
116 | WORD repeat_single_count;
117 | WORD repeat_detect_count;
118 | RepeatCountNode* head;
119 |
120 | TextThread *link;
121 | ThreadOutputFilterCallback filter,output;
122 | PVOID app_data;
123 | LPWSTR comment,thread_string;
124 | UINT_PTR timer;
125 | DWORD status,repeat_detect_limit;
126 | DWORD last_sentence,prev_sentence,sentence_length,repeat_index,last_time;
127 | };
128 |
--------------------------------------------------------------------------------
/include/ITH/HookManager.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include
20 | #include
21 |
22 | #define MAX_REGISTER 0xF
23 | #define MAX_PREV_REPEAT_LENGTH 0x20
24 | struct ProcessRecord {
25 | DWORD pid_register;
26 | DWORD hookman_register;
27 | DWORD module_register;
28 | DWORD engine_register;
29 | HANDLE process_handle;
30 | HANDLE hookman_mutex;
31 | HANDLE hookman_section;
32 | LPVOID hookman_map;
33 | };
34 |
35 | class ThreadTable : public MyVector
36 | {
37 | public:
38 | virtual void SetThread(DWORD number, TextThread* ptr);
39 | virtual TextThread* FindThread(DWORD number);
40 | };
41 | class TCmp
42 | {
43 | public:
44 | char operator()(const ThreadParameter* t1,const ThreadParameter* t2);
45 | };
46 | class TCpy
47 | {
48 | public:
49 | void operator()(ThreadParameter* t1,const ThreadParameter* t2);
50 | };
51 | class TLen
52 | {
53 | public:
54 | int operator()(const ThreadParameter* t);
55 | };
56 | typedef DWORD (*ProcessEventCallback)(DWORD pid);
57 | class HookManager : public AVLTree
58 | {
59 | public:
60 | HookManager();
61 | ~HookManager();
62 | virtual TextThread* FindSingle(DWORD pid, DWORD hook, DWORD retn, DWORD split);
63 | virtual TextThread* FindSingle(DWORD number);
64 | virtual ProcessRecord* GetProcessRecord(DWORD pid);
65 | virtual DWORD GetProcessIDByPath(LPWSTR str);
66 | virtual void RemoveSingleThread(DWORD number);
67 | virtual void LockHookman();
68 | virtual void UnlockHookman();
69 | virtual void ResetRepeatStatus();
70 | virtual void ClearCurrent();
71 | virtual void AddLink(WORD from, WORD to);
72 | virtual void UnLink(WORD from);
73 | virtual void UnLinkAll(WORD from);
74 | virtual void SelectCurrent(DWORD num);
75 | virtual void DetachProcess(DWORD pid);
76 | virtual void SetCurrent(TextThread* it);
77 | virtual void AddConsoleOutput(LPCWSTR text);
78 |
79 | void DispatchText(DWORD pid, BYTE* text, DWORD hook, DWORD retn, DWORD split, int len);
80 | void ClearText(DWORD pid, DWORD hook, DWORD retn, DWORD split);
81 | void RemoveProcessContext(DWORD pid);
82 | void RemoveSingleHook(DWORD pid, DWORD addr);
83 | void RegisterThread(TextThread*, DWORD);
84 | void RegisterPipe(HANDLE text, HANDLE cmd, HANDLE thread);
85 | void RegisterProcess(DWORD pid, DWORD hookman, DWORD module, DWORD engine);
86 | void UnRegisterProcess(DWORD pid);
87 | void SetName(DWORD);
88 |
89 | DWORD GetCurrentPID();
90 | HANDLE GetCmdHandleByPID(DWORD pid);
91 |
92 | inline ThreadEventCallback RegisterThreadCreateCallback(ThreadEventCallback cf)
93 | {
94 | return (ThreadEventCallback)_InterlockedExchange((long*)&create,(long)cf);
95 | }
96 | inline ThreadEventCallback RegisterThreadRemoveCallback(ThreadEventCallback cf)
97 | {
98 | return (ThreadEventCallback)_InterlockedExchange((long*)&remove,(long)cf);
99 | }
100 | inline ThreadEventCallback RegisterThreadResetCallback(ThreadEventCallback cf)
101 | {
102 | return (ThreadEventCallback)_InterlockedExchange((long*)&reset,(long)cf);
103 | }
104 | inline ProcessEventCallback RegisterProcessAttachCallback(ProcessEventCallback cf)
105 | {
106 | return (ProcessEventCallback)_InterlockedExchange((long*)&attach,(long)cf);
107 | }
108 | inline ProcessEventCallback RegisterProcessDetachCallback(ProcessEventCallback cf)
109 | {
110 | return (ProcessEventCallback)_InterlockedExchange((long*)&detach,(long)cf);
111 | }
112 | inline ProcessEventCallback RegisterProcessNewHookCallback(ProcessEventCallback cf)
113 | {
114 | return (ProcessEventCallback)_InterlockedExchange((long*)&hook,(long)cf);
115 | }
116 | inline ProcessEventCallback ProcessNewHook() {return hook;}
117 | inline TextThread* GetCurrentThread() {return current;}
118 | inline ProcessRecord* Records() {return record;}
119 | inline ThreadTable* Table() {return thread_table;}
120 | /*inline DWORD& SplitTime() {return split_time;}
121 | inline DWORD& RepeatCount() {return repeat_count;}
122 | inline DWORD& CyclicRemove() {return cyclic_remove;}
123 | inline DWORD& GlobalFilter() {return global_filter;}*/
124 | private:
125 |
126 | CRITICAL_SECTION hmcs;
127 | TextThread *current;
128 | ThreadEventCallback create,remove,reset;
129 | ProcessEventCallback attach,detach,hook;
130 | DWORD current_pid;
131 | ThreadTable *thread_table;
132 | HANDLE destroy_event;
133 | ProcessRecord record[MAX_REGISTER+1];
134 | HANDLE text_pipes[MAX_REGISTER+1];
135 | HANDLE cmd_pipes[MAX_REGISTER+1];
136 | HANDLE recv_threads[MAX_REGISTER+1];
137 | WORD register_count, new_thread_number;
138 | };
139 |
140 |
--------------------------------------------------------------------------------
/ITH3.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual Studio 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH", "ITH\ITH.vcxproj", "{1A196FCB-1ABB-463C-8C8E-6A878CDBB280}"
5 | ProjectSection(ProjectDependencies) = postProject
6 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B} = {C07A8FA2-3841-43BC-B877-8A7437DCC07B}
7 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239} = {C3C138AA-AB69-402D-A1C9-C7945A8D6239}
8 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA} = {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}
9 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D} = {F353F4D8-FC3E-4301-8E03-4B179C5A773D}
10 | {C8257FF3-7DA9-41C4-87AA-13A03679D093} = {C8257FF3-7DA9-41C4-87AA-13A03679D093}
11 | EndProjectSection
12 | EndProject
13 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "IHF", "IHF\IHF.vcxproj", "{C07A8FA2-3841-43BC-B877-8A7437DCC07B}"
14 | ProjectSection(ProjectDependencies) = postProject
15 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239} = {C3C138AA-AB69-402D-A1C9-C7945A8D6239}
16 | EndProjectSection
17 | EndProject
18 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_SYS", "ITH_SYS\ITH_SYS.vcxproj", "{C3C138AA-AB69-402D-A1C9-C7945A8D6239}"
19 | EndProject
20 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "IHF_DLL", "IHF_DLL\IHF_DLL.vcxproj", "{4BC982D4-97CE-4F66-94D5-0A4A00AFB054}"
21 | ProjectSection(ProjectDependencies) = postProject
22 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239} = {C3C138AA-AB69-402D-A1C9-C7945A8D6239}
23 | EndProjectSection
24 | EndProject
25 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_Engine", "ITH_Engine\ITH_Engine.vcxproj", "{9F2A3AAF-6847-4E86-BAE7-0371B95608D3}"
26 | ProjectSection(ProjectDependencies) = postProject
27 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239} = {C3C138AA-AB69-402D-A1C9-C7945A8D6239}
28 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054} = {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}
29 | EndProjectSection
30 | EndProject
31 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_TLS", "ITH_TLS\ITH_TLS.vcxproj", "{C8257FF3-7DA9-41C4-87AA-13A03679D093}"
32 | ProjectSection(ProjectDependencies) = postProject
33 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA} = {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}
34 | EndProjectSection
35 | EndProject
36 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_TinyXmlLib", "ITH_TinyXmlLib\ITH_TinyXmlLib.vcxproj", "{F353F4D8-FC3E-4301-8E03-4B179C5A773D}"
37 | EndProject
38 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_HashLib", "ITH_HashLib\ITH_HashLib.vcxproj", "{BCD1D8D8-A13F-4295-BB93-4C634D8214EA}"
39 | EndProject
40 | Global
41 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
42 | Debug|Win32 = Debug|Win32
43 | Release|Win32 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
46 | {1A196FCB-1ABB-463C-8C8E-6A878CDBB280}.Debug|Win32.ActiveCfg = Debug|Win32
47 | {1A196FCB-1ABB-463C-8C8E-6A878CDBB280}.Debug|Win32.Build.0 = Debug|Win32
48 | {1A196FCB-1ABB-463C-8C8E-6A878CDBB280}.Release|Win32.ActiveCfg = Release|Win32
49 | {1A196FCB-1ABB-463C-8C8E-6A878CDBB280}.Release|Win32.Build.0 = Release|Win32
50 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B}.Debug|Win32.ActiveCfg = Debug|Win32
51 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B}.Debug|Win32.Build.0 = Debug|Win32
52 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B}.Release|Win32.ActiveCfg = Release|Win32
53 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B}.Release|Win32.Build.0 = Release|Win32
54 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239}.Debug|Win32.ActiveCfg = Debug|Win32
55 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239}.Debug|Win32.Build.0 = Debug|Win32
56 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239}.Release|Win32.ActiveCfg = Release|Win32
57 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239}.Release|Win32.Build.0 = Release|Win32
58 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}.Debug|Win32.ActiveCfg = Debug|Win32
59 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}.Debug|Win32.Build.0 = Debug|Win32
60 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}.Release|Win32.ActiveCfg = Release|Win32
61 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}.Release|Win32.Build.0 = Release|Win32
62 | {9F2A3AAF-6847-4E86-BAE7-0371B95608D3}.Debug|Win32.ActiveCfg = Debug|Win32
63 | {9F2A3AAF-6847-4E86-BAE7-0371B95608D3}.Debug|Win32.Build.0 = Debug|Win32
64 | {9F2A3AAF-6847-4E86-BAE7-0371B95608D3}.Release|Win32.ActiveCfg = Release|Win32
65 | {9F2A3AAF-6847-4E86-BAE7-0371B95608D3}.Release|Win32.Build.0 = Release|Win32
66 | {C8257FF3-7DA9-41C4-87AA-13A03679D093}.Debug|Win32.ActiveCfg = Debug|Win32
67 | {C8257FF3-7DA9-41C4-87AA-13A03679D093}.Debug|Win32.Build.0 = Debug|Win32
68 | {C8257FF3-7DA9-41C4-87AA-13A03679D093}.Release|Win32.ActiveCfg = Release|Win32
69 | {C8257FF3-7DA9-41C4-87AA-13A03679D093}.Release|Win32.Build.0 = Release|Win32
70 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D}.Debug|Win32.ActiveCfg = Debug|Win32
71 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D}.Debug|Win32.Build.0 = Debug|Win32
72 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D}.Release|Win32.ActiveCfg = Release|Win32
73 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D}.Release|Win32.Build.0 = Release|Win32
74 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}.Debug|Win32.ActiveCfg = Debug|Win32
75 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}.Debug|Win32.Build.0 = Debug|Win32
76 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}.Release|Win32.ActiveCfg = Release|Win32
77 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}.Release|Win32.Build.0 = Release|Win32
78 | EndGlobalSection
79 | GlobalSection(SolutionProperties) = preSolution
80 | HideSolutionNode = FALSE
81 | EndGlobalSection
82 | EndGlobal
83 |
--------------------------------------------------------------------------------
/ITH_HashLib/ITH_HashLib.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 |
15 |
16 |
17 | {BCD1D8D8-A13F-4295-BB93-4C634D8214EA}
18 | Win32Proj
19 | ITH_HashLib
20 |
21 |
22 |
23 | StaticLibrary
24 | true
25 | Unicode
26 | v100
27 |
28 |
29 | StaticLibrary
30 | false
31 | true
32 | Unicode
33 | v100
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 | $(SolutionDir)libs
48 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
49 | $(WindowsSdkDir)inc;$(IncludePath);$(SolutionDir)include;$(ProjectDir)include;$(SolutionDir)libs
50 |
51 |
52 | $(SolutionDir)lib\$(Configuration)\
53 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
54 |
55 |
56 |
57 |
58 |
59 | Level3
60 | Disabled
61 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
62 | ../include
63 | MultiThreadedDebugDLL
64 | StreamingSIMDExtensions2
65 | Fast
66 |
67 |
68 | Windows
69 | true
70 |
71 |
72 |
73 |
74 | Level3
75 |
76 |
77 | Full
78 | true
79 | true
80 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
81 | AnySuitable
82 | Size
83 | false
84 | false
85 | false
86 | StreamingSIMDExtensions2
87 | true
88 | true
89 | ..\include
90 | Fast
91 |
92 |
93 | Windows
94 | true
95 | true
96 | true
97 |
98 |
99 |
100 |
101 |
102 |
--------------------------------------------------------------------------------
/ITH_SYS/ITH_SYS.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {C3C138AA-AB69-402D-A1C9-C7945A8D6239}
15 | Win32Proj
16 | ITH_SYS
17 |
18 |
19 |
20 | StaticLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | StaticLibrary
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
44 | $(SolutionDir)\libs
45 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
46 |
47 |
48 | $(SolutionDir)lib\$(Configuration)\
49 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
50 |
51 |
52 |
53 |
54 |
55 | Level3
56 | Disabled
57 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
58 | ..\include
59 | MultiThreadedDebugDLL
60 | StreamingSIMDExtensions2
61 | Fast
62 |
63 |
64 | Windows
65 | true
66 |
67 |
68 |
69 |
70 | Level3
71 |
72 |
73 | Full
74 | true
75 | true
76 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
77 | 4996
78 | false
79 | false
80 | false
81 | AnySuitable
82 | Size
83 | true
84 | true
85 | StreamingSIMDExtensions2
86 | ..\include
87 | Fast
88 |
89 |
90 | Windows
91 | true
92 | true
93 | true
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
--------------------------------------------------------------------------------
/ITH_TinyXmlLib/ITH_TinyXmlLib.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {F353F4D8-FC3E-4301-8E03-4B179C5A773D}
15 | Win32Proj
16 | ITH_TinyXmlLib
17 |
18 |
19 |
20 | StaticLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | StaticLibrary
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 | $(SolutionDir)libs
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | $(SolutionDir)lib\$(Configuration)\
49 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
50 |
51 |
52 |
53 |
54 |
55 | Level3
56 | Disabled
57 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
58 | ..\include
59 | MultiThreadedDebugDLL
60 | StreamingSIMDExtensions2
61 | Fast
62 |
63 |
64 | Windows
65 | true
66 |
67 |
68 |
69 |
70 | Level3
71 |
72 |
73 | Full
74 | true
75 | true
76 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
77 | AnySuitable
78 | Size
79 | true
80 | true
81 | true
82 | false
83 | false
84 | false
85 | StreamingSIMDExtensions2
86 | ..\include
87 | Fast
88 |
89 |
90 | Windows
91 | true
92 | true
93 | true
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
--------------------------------------------------------------------------------
/ITH/CustomFilter.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include
19 | #include
20 | #include
21 | #include
22 |
23 | static DWORD zeros[4]={0,0,0,0};
24 |
25 | CustomFilterUnicode::CustomFilterUnicode()
26 | {
27 | map=0;
28 | size=0x2000;
29 | NtAllocateVirtualMemory(NtCurrentProcess(),(PVOID*)&map,0,&size,MEM_COMMIT,PAGE_READWRITE);
30 | }
31 | CustomFilterUnicode::~CustomFilterUnicode()
32 | {
33 | NtFreeVirtualMemory(NtCurrentProcess(),(PVOID*)&map,&size,MEM_RELEASE);
34 | map=0;
35 | }
36 | void CustomFilterUnicode::Set(WORD number)
37 | {
38 | map[number>>3]|=1<<(number&7);
39 |
40 | }
41 | void CustomFilterUnicode::Clear(WORD number)
42 | {
43 | map[number>>3]&=~(1<<(number&7));
44 |
45 | }
46 | bool CustomFilterUnicode::Check(WORD number)
47 | {
48 | return (map[number>>3]>>(number&7))&1;
49 | }
50 | void CustomFilterUnicode::Traverse(CustomFilterCallBack callback, PVOID param)
51 | {
52 | union{ __m128d m0; __m128i i0;};
53 | union{ __m128d m1; __m128i i1;};
54 | DWORD mask,i,j,k,t,ch;
55 | m1=_mm_loadu_pd((const double*)zeros);
56 | BYTE* ptr=map;
57 | BYTE* end=map+size;
58 | while (ptr>3]|=1<<(c&7);
106 | else
107 | {
108 | number>>=8;
109 | number|=(c-0x80)<<8;
110 | map[number>>3]|=1<<(number&7);
111 | }
112 |
113 | }
114 | void CustomFilterMultiByte::Clear(WORD number)
115 | {
116 | BYTE c=number&0xFF;
117 | if (LeadByteTable[c]==1) ascii_map[c>>3]&=~(1<<(c&7));
118 | else
119 | {
120 | number>>=8;
121 | number|=(c-0x80)<<8;
122 | map[number>>3]&=~(1<<(number&7));
123 | }
124 | }
125 | bool CustomFilterMultiByte::Check(WORD number)
126 | {
127 | BYTE c=number&0xFF;
128 | if (LeadByteTable[c]==1)
129 | return (ascii_map[c>>3]>>(c&7))&1;
130 | else
131 | {
132 | number=(number>>8)+((c-0x80)<<8);
133 | return (map[number>>3]>>(number&7))&1;
134 | }
135 | }
136 | void CustomFilterMultiByte::Reset()
137 | {
138 | BitMap::Reset();
139 | memset(ascii_map,0,0x20);
140 | }
141 | void CustomFilterMultiByte::Traverse(CustomFilterCallBack callback, PVOID param)
142 | {
143 | union{ __m128d m0; __m128i i0;};
144 | union{ __m128d m1; __m128i i1;};
145 | DWORD mask,i,j,k,t,ch,cl;
146 | m1=_mm_loadu_pd((const double*)zeros);
147 | BYTE* ptr=map;
148 | BYTE* end=map+size;
149 | while (ptr>8)+0x80;
171 | ch|=cl;
172 | callback(ch&0xFFFF, param);
173 | }
174 | t<<=1;
175 | }
176 | }
177 | }
178 | }
179 | }
180 | ptr+=0x10;
181 | }
182 |
183 | for (i=0;i<0x20;i+=4) //single byte
184 | {
185 | if (*(DWORD*)(ascii_map+i))
186 | {
187 | for (j=0;j<4;j++)
188 | {
189 | if (ascii_map[i+j])
190 | {
191 | t=1;
192 | for (k=0;k<8;k++)
193 | {
194 | if (ascii_map[i+j]&t)
195 | {
196 | ch=((i+j)<<3)+k;
197 | callback(ch&0xFFFF, param);
198 | }
199 | t<<=1;
200 | }
201 | }
202 | }
203 | }
204 | }
205 | }
206 |
--------------------------------------------------------------------------------
/ITH/command.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include
19 | #include "ITH.h"
20 | #include "language.h"
21 | #include
22 | void ConsoleOutput(LPCWSTR text)
23 | {
24 |
25 | }
26 | int Convert(LPWSTR str, DWORD *num, LPWSTR delim)
27 | {
28 | if (num == 0) return -1;
29 | WCHAR t = *str,tc = *(str+0xF);
30 | WCHAR temp[0x10]={};
31 | LPWSTR it = temp,istr = str,id = temp;
32 | if (delim)
33 | {
34 | id=wcschr(delim, t);
35 | str[0xF] = delim[0];
36 | }
37 | else str[0xF] = 0;
38 | while (id == 0 && t)
39 | {
40 | *it = t;
41 | it++; istr++;
42 | t = *istr;
43 | if (delim) id = wcschr(delim, t);
44 | }
45 | swscanf(temp, L"%x", num);
46 | str[0xF] = tc;
47 | if (id == 0 || istr - str == 0xF) return -1;
48 | if (t == 0) return istr - str;
49 | else return id - delim;
50 | }
51 | bool Parse(LPWSTR cmd, HookParam& hp)
52 | {
53 | int t;
54 | bool accept = false;
55 | memset(&hp, 0, sizeof(hp));
56 | DWORD *data = &hp.off;
57 | LPWSTR offset = cmd + 1;
58 | LPWSTR delim_str = L":*@!";
59 | LPWSTR delim = delim_str;
60 | if (*offset == L'n' || *offset == 'N')
61 | {
62 | offset++;
63 | hp.type |= NO_CONTEXT;
64 | }
65 | while (!accept)
66 | {
67 | t = Convert(offset, data, delim);
68 | if (t < 0)
69 | {
70 | _error:
71 | //ConsoleOutput(L"Syntax error.");
72 | return false;
73 | }
74 | offset = wcschr(offset , delim[t]);
75 | if (offset) offset++;
76 | else goto _error;
77 | switch (delim[t])
78 | {
79 | case L':':
80 | data = &hp.split;
81 | delim = delim_str+1;
82 | hp.type |= USING_SPLIT;
83 | break;
84 | case L'*':
85 | if (hp.split)
86 | {
87 | data = &hp.split_ind;
88 | delim = delim_str+2;
89 | hp.type |= SPLIT_INDIRECT;
90 | }
91 | else
92 | {
93 | hp.type |= DATA_INDIRECT;
94 | data = &hp.ind;
95 | }
96 | break;
97 | case L'@':
98 | accept = true;
99 | break;
100 | }
101 | }
102 | t = Convert(offset, &hp.addr, delim_str);
103 | if (t < 0) return false;
104 | if (hp.off & 0x80000000) hp.off -= 4;
105 | if (hp.split & 0x80000000) hp.split -= 4;
106 | LPWSTR temp = offset;
107 | offset = wcschr(offset, L':');
108 | if (offset)
109 | {
110 | hp.type |= MODULE_OFFSET;
111 | offset++;
112 | delim = wcschr(offset, L':');
113 |
114 | if (delim)
115 | {
116 | *delim = 0;
117 | delim++;
118 | _wcslwr(offset);
119 | hp.function = Hash(delim);
120 | hp.module = Hash(offset, delim - offset - 1);
121 | hp.type |= FUNCTION_OFFSET;
122 | }
123 | else
124 | {
125 | hp.module = Hash(_wcslwr(offset));
126 | }
127 | }
128 | else
129 | {
130 | offset = wcschr(temp, L'!');
131 | if (offset)
132 | {
133 | hp.type |= MODULE_OFFSET;
134 | swscanf(offset + 1, L"%x", &hp.module);
135 | offset = wcschr(offset + 1, L'!');
136 | if (offset)
137 | {
138 | hp.type |= FUNCTION_OFFSET;
139 | swscanf(offset + 1, L"%x", &hp.function);
140 | }
141 | }
142 | }
143 | switch (*cmd)
144 | {
145 | case L's':
146 | case L'S':
147 | hp.type |= USING_STRING;
148 | break;
149 | case L'e':
150 | case L'E':
151 | hp.type |= STRING_LAST_CHAR;
152 | case L'a':
153 | case L'A':
154 | hp.type |= BIG_ENDIAN;
155 | hp.length_offset = 1;
156 | break;
157 | case L'b':
158 | case L'B':
159 | hp.length_offset = 1;
160 | break;
161 | case L'h':
162 | case L'H':
163 | hp.type |= PRINT_DWORD;
164 | case L'q':
165 | case L'Q':
166 | hp.type |= USING_STRING | USING_UNICODE;
167 | break;
168 | case L'l':
169 | case L'L':
170 | hp.type |= STRING_LAST_CHAR;
171 | case L'w':
172 | case L'W':
173 | hp.type |= USING_UNICODE;
174 | hp.length_offset = 1;
175 | break;
176 | default:
177 | break;
178 | }
179 | //ConsoleOutput(L"Try to insert additional hook.");
180 | return true;
181 | }
182 | //void AddLink(WORD from, WORD to);
183 |
184 | DWORD ProcessCommand(LPWSTR cmd, DWORD pid)
185 | {
186 | int t;
187 | LPWSTR ts = wcsrchr(cmd, L':');
188 | if (ts) *ts = 0;
189 | _wcslwr(cmd);
190 | if (ts) *ts = L':'; //Prevent modification to function names, as they are case sensitive.
191 |
192 | switch (cmd[0])
193 | {
194 | case L'/':
195 | switch (cmd[1])
196 | {
197 |
198 | case L'p':
199 | {
200 | if (cmd[2] == L'n')
201 | {
202 | pid = IHF_GetPIDByName(cmd + 3);
203 | if (pid == 0) break;
204 | }
205 | else
206 | swscanf(cmd + 2, L"%d", &pid);
207 | t = IHF_InjectByPID(pid, ITH_DEFAULT_ENGINE);
208 | }
209 | break;
210 | case L'h':
211 | {
212 | HookParam hp;
213 | if (Parse(cmd + 2, hp)) IHF_InsertHook(pid ,&hp);
214 | }
215 | break;
216 | default:
217 | break;
218 | //ConsoleOutput(ErrorSyntax);
219 | }
220 | break;
221 | case L'l':
222 | {
223 | DWORD from, to;
224 | swscanf(cmd+1, L"%x-%x", &from, &to);
225 | IHF_AddLink(from, to);
226 | }
227 | break;
228 | case L'u':
229 | {
230 | DWORD from;
231 | if (cmd[1] == L'a')
232 | {
233 | if (swscanf(cmd + 2, L"%x",&from) == 1)
234 | IHF_UnLinkAll(from);
235 | }
236 | else
237 | {
238 | if (swscanf(cmd + 1, L"%x",&from) == 1)
239 | IHF_UnLink(from);
240 | }
241 | }
242 |
243 | break;
244 | default:
245 | break;
246 | }
247 | return 0;
248 | }
249 |
--------------------------------------------------------------------------------
/ITH/window.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #pragma once
19 | #include "profile.h"
20 | #include
21 | #include
22 | #include
23 | #include
24 | int GetHookString(LPWSTR str, DWORD pid, DWORD hook_addr, DWORD status);
25 | //SYSTEM_PROCESS_INFORMATION* GetBaseByPid(BYTE* pbBuffer,DWORD dwPid);
26 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam);
27 |
28 | enum ThreadOperation
29 | {
30 | Suspend,
31 | Resume,
32 | Terminate,
33 | OutputInformation
34 | };
35 |
36 | #define IDC_CHECK_BIGENDIAN IDC_CHECK1
37 | #define IDC_CHECK_UNICODE IDC_CHECK2
38 | #define IDC_CHECK_STRING IDC_CHECK3
39 | #define IDC_CHECK_DATA_IND IDC_CHECK4
40 | #define IDC_CHECK_SPLIT IDC_CHECK5
41 | #define IDC_CHECK_SPLIT_IND IDC_CHECK6
42 | #define IDC_CHECK_MODULE IDC_CHECK7
43 | #define IDC_CHECK_FUNCTION IDC_CHECK8
44 | #define IDC_CHECK_HEX IDC_CHECK9
45 | #define IDC_CHECK_LASTCHAR IDC_CHECK10
46 | #define IDC_CHECK_NOCONTEXT IDC_CHECK11
47 |
48 | class ProcessWindow
49 | {
50 | public:
51 | ProcessWindow(HWND hDialog);
52 | void InitProcessDlg();
53 | void RefreshProcess();
54 | void AttachProcess();
55 | void DetachProcess();
56 | void OperateThread();
57 | void AddCurrentToProfile();
58 | void RefreshThread(int index);
59 | void RefreshThreadColumns(DWORD pid);
60 | bool PerformThread(DWORD pid, DWORD tid, ThreadOperation op=OutputInformation, DWORD addr=0);
61 | bool PerformThread(PVOID system_thread);
62 | DWORD GetSelectPID();
63 | private:
64 | HWND hDlg;
65 | HWND hlProcess,hlThread;
66 | HWND hbRefresh,hbAttach,hbDetach,hbExecute,hbAddProfile;
67 | HWND heAddr,heOutput;
68 | HWND hrSuspend,hrResume,hrTerminate;
69 | };
70 |
71 | class ThreadWindow
72 | {
73 | public:
74 | ThreadWindow(HWND hDialog);
75 | void InitWindow();
76 | void InitThread(int index);
77 | void SetThreadInfo(int index);
78 | void RemoveLink(int index);
79 | void SetThread();
80 | void SetLastSentence(DWORD select);
81 | void ExportAllThreadText();
82 | void ExportSingleThreadText(DWORD index, LPCWSTR dir);
83 | private:
84 | HWND hDlg;
85 | HWND hcCurrentThread,hcLinkThread;
86 | HWND hlFromThread;
87 | HWND heInfo,heSentence,heComment;
88 | };
89 |
90 | class HookWindow
91 | {
92 | public:
93 | HookWindow(HWND hDialog);
94 | inline bool IsBigEndian();
95 | inline bool IsUnicode();
96 | inline bool IsString();
97 | inline bool IsDataInd();
98 | inline bool IsSplit();
99 | inline bool IsSplitInd();
100 | inline bool IsModule();
101 | inline bool IsFunction();
102 | inline bool IsHex();
103 | inline bool IsLastChar();
104 | inline bool IsNoContext();
105 | void GenerateCode();
106 | void GenerateHash(int ID);
107 | void RemoveHook();
108 | void ModifyHook();
109 | void ResetDialog(const HookParam& hp);
110 | void ResetDialog(int index);
111 | void GetHookParam(HookParam& hp);
112 | void InitDlg();
113 | void ResetDlgHooks(DWORD pid, HookParam& hp);
114 |
115 | private:
116 | void PrintSignDWORD(LPWSTR str, DWORD d);
117 | HWND hDlg,hCombo,hText;
118 | HWND hcBigEndian, hcUnicode, hcString, hcDataInd,
119 | hcSplit, hcSplitInd, hcModule, hcFunction,
120 | hcHex, hcLastChar, hcNoContext;
121 | HWND heAddr, heData, heDataInd, heSplit,
122 | heSplitInd, heModule, heFunction, heHash;
123 | HWND hbModify, hbRemove, hbModule, hbFunction, hbCode;
124 | };
125 |
126 | class ProfileWindow
127 | {
128 | public:
129 | ProfileWindow(HWND hDialog);
130 | ~ProfileWindow();
131 | void InitProfiles();
132 | void RefreshManifest();
133 | void RefreshManifestList();
134 | bool RefreshGames(DWORD index);
135 | bool RefreshGames(const char* name);
136 | bool RefreshGamesInMemory(LPVOID memory, DWORD size, const char* hash);
137 | void RefreshGamesList();
138 | void FindProperProfile();
139 | void ImportProfile();
140 | void RefreshProfile(DWORD index);
141 | void RefreshProfile(Profile* pf);
142 | void SetStatusText(LPCWSTR text);
143 | void SetStatusText(LPCSTR text);
144 | void ClearStatusText();
145 | void SetStatusSuccess();
146 | void ExportProfile();
147 | void ExportAllProfile();
148 | void DeleteProfile();
149 | Profile* GetCurrentProfile();
150 | DWORD GetCurrentSelect();
151 | HWND hDlg;
152 | HWND hlProfileList,hlManifest,hlGameList;
153 | HWND heProfile,heStatus;
154 | HWND hcbLink;
155 | char* base_link;
156 | TiXmlDocument manifest,game_list;
157 | AVLTree hash_tree;
158 | PointerTable hash_table;
159 | AVLTree game_tree;
160 | PointerTable game_table;
161 | };
162 |
163 | void ExportSingleProfile(ProfileNode* pfn, MyVector &export_text);
164 |
165 | class FilterWindow
166 | {
167 | public:
168 | FilterWindow(HWND hDialog);
169 | ~FilterWindow();
170 | void Init();
171 | void SetCurrentChar();
172 | void SelectCurrentChar(DWORD index);
173 | void InitWithChar(WCHAR);
174 | void DeleteCurrentChar();
175 | void AddNewChar();
176 | void DrawGlyph(WCHAR);
177 | void ClearGlyphArea();
178 | void SetUniChar(WCHAR);
179 | void SetMBChar(WORD);
180 | void SetCommitFlag();
181 | UINT IsSJISCheck();
182 | UINT IsUnicodeCheck();
183 | private:
184 | TEXTMETRIC tm;
185 | RECT rc;
186 | HWND hDlg;
187 | HWND hList;
188 | HWND hGlyph;
189 | HDC hGlyphDC;
190 | HBRUSH white;
191 | HFONT hGlyphFont;
192 | HWND hSJIS,hUnicode,hChar;
193 | DWORD init_x,init_y;
194 | BYTE modify,remove,commit;
195 | //CustomFilterMultiByte* mb_filter;
196 | //CustomFilterUnicode* uni_filter;
197 | };
198 |
199 | class TextBuffer : MyVector
200 | {
201 | public:
202 | TextBuffer(HWND edit);
203 | ~TextBuffer();
204 | void Flush();
205 | void AddText(LPWSTR str, int len, bool line);
206 | void ClearBuffer();
207 | bool Running() {return running;}
208 | private:
209 | bool line_break,running;
210 | HANDLE hThread;
211 | HWND hEdit;
212 | };
213 |
214 |
--------------------------------------------------------------------------------
/ITH_Engine/ITH_Engine.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {9F2A3AAF-6847-4E86-BAE7-0371B95608D3}
15 | Win32Proj
16 | ITH_Engine
17 |
18 |
19 |
20 | DynamicLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | DynamicLibrary
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | true
44 | $(SolutionDir)lib\$(Configuration)\
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | false
49 | false
50 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
51 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
52 |
53 |
54 |
55 |
56 |
57 | Level3
58 | Disabled
59 | WIN32;_DEBUG;_WINDOWS;_USRDLL;ITH_ENGINE_EXPORTS;%(PreprocessorDefinitions)
60 | ..\include
61 | MultiThreadedDebugDLL
62 | StreamingSIMDExtensions2
63 | Fast
64 |
65 |
66 | Windows
67 | true
68 | ntdll.lib;IHF_DLL.lib;ITH_SYS.lib;%(AdditionalDependencies)
69 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
70 |
71 |
72 |
73 |
74 | Level3
75 |
76 |
77 | Full
78 | true
79 | true
80 | WIN32;NDEBUG;_WINDOWS;_USRDLL;ITH_ENGINE_EXPORTS;%(PreprocessorDefinitions)
81 | AnySuitable
82 | Size
83 | true
84 | true
85 | false
86 | false
87 | false
88 | 4996;4733
89 | StreamingSIMDExtensions2
90 | ..\include
91 | Fast
92 |
93 |
94 | Windows
95 | false
96 | true
97 | true
98 | ntdll.lib;IHF_DLL.lib;ITH_SYS.lib;%(AdditionalDependencies)
99 | DllMain
100 | false
101 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
102 |
103 |
104 |
105 | $(SolutionDir)BuildDate $(SolutionDir)
106 |
107 |
108 | put version date into version.h
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
--------------------------------------------------------------------------------
/IHF_DLL/IHF_DLL.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {4BC982D4-97CE-4F66-94D5-0A4A00AFB054}
15 | Win32Proj
16 | IHF_DLL
17 |
18 |
19 |
20 | DynamicLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | DynamicLibrary
27 | false
28 | true
29 | v100
30 | Unicode
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | true
44 | $(SolutionDir)lib\$(Configuration)\
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | false
49 | false
50 | $(SolutionDir)libs
51 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
52 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
53 |
54 |
55 |
56 |
57 |
58 | Level3
59 | Disabled
60 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
61 | ..\include
62 | MultiThreadedDebugDLL
63 | StreamingSIMDExtensions2
64 | Fast
65 | Async
66 |
67 |
68 | Windows
69 | true
70 | ntdll.lib;ith_sys.lib;%(AdditionalDependencies)
71 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
72 | DllMain
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 | Level3
82 |
83 |
84 | Full
85 | true
86 | true
87 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
88 | 4996;4733
89 | Async
90 | false
91 | false
92 | AnySuitable
93 | Size
94 | true
95 | true
96 | StreamingSIMDExtensions2
97 | ..\include
98 | Fast
99 |
100 |
101 | Windows
102 | false
103 | true
104 | true
105 | ntdll.lib;ith_sys.lib;%(AdditionalDependencies)
106 | DllMain
107 | false
108 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
--------------------------------------------------------------------------------
/ITH_TLS/x509.h:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #ifndef ITH_X509
19 | #define ITH_X509
20 |
21 | //Main purpose: to extract public modulus from certificate.
22 | //Do not verify certificate. So man-in-the-middle attack will success.
23 |
24 | class ASN1Object
25 | {
26 | public:
27 | ASN1Object() : type(0), len(0) {}
28 | unsigned char* Parse(unsigned char* in);
29 | unsigned char ASN1Tag()
30 | {
31 | return type & 0x1F;
32 | }
33 | bool IsConstructed()
34 | {
35 | return (type & 0x20) > 0;
36 | }
37 | unsigned char ASN1Class()
38 | {
39 | return type >> 6;
40 | }
41 | unsigned int ASN1Len()
42 | {
43 | return len;
44 | }
45 | protected:
46 | unsigned int type, len;
47 | //type = {
48 | // Class : 2,
49 | // P/C : 1,
50 | // Tag : 5
51 | };
52 | class ASN1Sequence : public ASN1Object
53 | {
54 | public:
55 | unsigned char* Parse(unsigned char* in);
56 | protected:
57 |
58 | };
59 | class ASN1SetItem : public ASN1Object
60 | {
61 | public:
62 | virtual ~ASN1SetItem();
63 | unsigned char* Parse(unsigned char* in);
64 | void SetNext(ASN1SetItem* s) {next = s;}
65 | protected:
66 | ASN1SetItem* next;
67 | };
68 | class ASN1Interger : public ASN1Object
69 | {
70 | public:
71 | ASN1Interger()
72 | {
73 | value_long = 0;
74 | }
75 | ~ASN1Interger();
76 | unsigned char* Parse(unsigned char* in);
77 | unsigned char* Value();
78 | protected:
79 | union
80 | {
81 | unsigned char* value_long;
82 | unsigned char value_short[4];
83 | };
84 |
85 | };
86 | class ASN1Bitstring : public ASN1Object
87 | {
88 | public:
89 | unsigned char* Parse(unsigned char* in);
90 | };
91 | class ASN1ObjectIdentifier : public ASN1Object
92 | {
93 | public:
94 | ASN1ObjectIdentifier()
95 | {
96 | oid_long = 0;
97 | }
98 | virtual ~ASN1ObjectIdentifier();
99 | unsigned char* Parse(unsigned char* in);
100 | unsigned char PKCS1Algorithm();
101 | unsigned char RDNType();
102 | protected:
103 | union
104 | {
105 | unsigned char* oid_long;
106 | unsigned char oid_short[4];
107 | };
108 |
109 | };
110 | class ASN1CharacterString : public ASN1Object
111 | {
112 | public:
113 | ASN1CharacterString() {str_long = 0;}
114 | ~ASN1CharacterString();
115 | unsigned char* Parse(unsigned char* in);
116 | protected:
117 | union
118 | {
119 | unsigned char str_short[4];
120 | unsigned char *str_long;
121 | };
122 | };
123 | class CertificateVersion : ASN1Object
124 | {
125 | public:
126 | CertificateVersion(int version = 0) : ver(version) {}
127 | unsigned char* Parse(unsigned char* in);
128 | unsigned char Version(){return ver;}
129 | protected:
130 | unsigned char ver;
131 | };
132 | /*
133 | AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
134 | algorithm ALGORITHM.&id ({SupportedAlgorithms}),
135 | parameters ALGORITHM.&Type ({SupportedAlgorithms}{ @algorithm}) OPTIONAL
136 | }
137 | */
138 | class AlgorithmIdentifier : public ASN1Sequence
139 | {
140 | public:
141 | unsigned char* Parse(unsigned char* in);
142 | protected:
143 | ASN1ObjectIdentifier algorithm;
144 | ASN1Object param; //null = 0x5 0x0
145 | };
146 | class RDNSequenceItem : public ASN1Sequence
147 | {
148 | public:
149 | unsigned char* Parse(unsigned char* in);
150 | protected:
151 | ASN1ObjectIdentifier item;
152 | ASN1CharacterString str;
153 | };
154 | class RDNSequence : public ASN1SetItem
155 | {
156 | public:
157 | RDNSequence() {next = 0;}
158 | void SetNext(RDNSequence* n) {next = n;}
159 | unsigned char* Parse(unsigned char* in);
160 | protected:
161 | RDNSequenceItem item;
162 | };
163 | class Name : public ASN1Sequence
164 | {
165 | public:
166 | unsigned char* Parse(unsigned char* in);
167 | protected:
168 | RDNSequence head;
169 | };
170 | class UTCTime : ASN1Object
171 | {
172 | public:
173 | unsigned char* Parse(unsigned char* in);
174 | protected:
175 | char utcStr[0x10]; //12 used.
176 | };
177 | class Validity : ASN1Sequence
178 | {
179 | public:
180 | unsigned char* Parse(unsigned char* in);
181 | protected:
182 | UTCTime notBefore;
183 | UTCTime notAfter;
184 | };
185 | class RSAKeyItem : public ASN1Sequence
186 | {
187 | public:
188 | unsigned char* Parse(unsigned char* in);
189 | unsigned int PublicKey(unsigned char* k);
190 | protected:
191 | ASN1Interger public_mod;
192 | ASN1Interger public_exp;
193 | };
194 | class RSAKeyInfo : public ASN1Bitstring
195 | {
196 | public:
197 | unsigned char* Parse(unsigned char* in);
198 | unsigned int PublicKey(unsigned char* k);
199 | protected:
200 | RSAKeyItem key;
201 | };
202 | class SubjectPublicKeyInfo : public ASN1Sequence
203 | {
204 | public:
205 | unsigned char* Parse(unsigned char* in);
206 | unsigned int PublicKey(unsigned char* k);
207 | protected:
208 | AlgorithmIdentifier algorithm;
209 | RSAKeyInfo key;
210 | };
211 | /* version 1.
212 | CertificateContent ::= SEQUENCE {
213 | version [0] Version DEFAULT v1,
214 | serialNumber CertificateSerialNumber,
215 | signature AlgorithmIdentifier{{SupportedAlgorithms}},
216 | issuer Name,
217 | validity Validity,
218 | subject Name,
219 | subjectPublicKeyInfo SubjectPublicKeyInfo,
220 | }
221 | */
222 | class CertificateContent : public ASN1Sequence
223 | {
224 | public:
225 | unsigned char* Parse(unsigned char* in);
226 | unsigned int PublicKey(unsigned char* k);
227 | protected:
228 | typedef ASN1Interger CertificateSerialNumber;
229 | CertificateVersion version;
230 | CertificateSerialNumber serial;
231 | AlgorithmIdentifier signature;
232 | Name issuer;
233 | Validity validity;
234 | Name subject;
235 | SubjectPublicKeyInfo subjectPublicKeyInfo;
236 | };
237 | class SignatureBitstring : public ASN1Bitstring
238 | {
239 | public:
240 | virtual ~SignatureBitstring();
241 | unsigned char* Parse(unsigned char* in);
242 | protected:
243 | unsigned char* value;
244 | };
245 | class CertificateSignature : public AlgorithmIdentifier
246 | {
247 | public:
248 | unsigned char* Parse(unsigned char* in);
249 | protected:
250 | SignatureBitstring signature;
251 | };
252 | //Certificate ::= SIGNED { CertificateContent }
253 | class Certificate : public ASN1Sequence
254 | {
255 | public:
256 | unsigned char* Parse(unsigned char* in);
257 | unsigned int PublicKey(unsigned char* k);
258 | protected:
259 | CertificateContent certificate;
260 | CertificateSignature signature;
261 | };
262 | #endif
--------------------------------------------------------------------------------
/IHF/pipe.cpp:
--------------------------------------------------------------------------------
1 | /* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
2 | * This file is part of the Interactive Text Hooker.
3 |
4 | * Interactive Text Hooker is free software: you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as published
6 | * by the Free Software Foundation, either version 3 of the License, or
7 | * (at your option) any later version.
8 |
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU General Public License for more details.
13 |
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program. If not, see .
16 | */
17 |
18 | #include "main.h"
19 | #include
20 | //#include "CommandQueue.h"
21 |
22 | #define NAMED_PIPE_DISCONNECT 1
23 | #define NAMED_PIPE_CONNECT 2
24 |
25 | WCHAR recv_pipe[]=L"\\??\\pipe\\ITH_PIPE";
26 | WCHAR command_pipe[]=L"\\??\\pipe\\ITH_COMMAND";
27 |
28 | static bool newline=false;
29 | static bool detach=false;
30 |
31 | CRITICAL_SECTION detach_cs;
32 | //HANDLE hDetachEvent;
33 | extern HANDLE hPipeExist;
34 |
35 | //DWORD WINAPI UpdateWindows(LPVOID lpThreadParameter);
36 | BYTE* Filter(BYTE *str, int len)
37 | {
38 | WORD s;
39 | while (1)
40 | {
41 | s = *(WORD*)str;
42 | if (len >= 2)
43 | {
44 | if (s <= 0x20) {str += 2; len -= 2;}
45 | else break;
46 | }
47 | else if (str[0] <= 0x20)
48 | {
49 | str++;
50 | len--;
51 | }
52 | else break;
53 | }
54 | return str;
55 | }
56 | void CreateNewPipe()
57 | {
58 | static DWORD acl[7]={0x1C0002,
59 | 1,
60 | 0x140000,
61 | GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
62 | 0x101,
63 | 0x1000000,
64 | 0};
65 | static SECURITY_DESCRIPTOR sd = {1,0,4,0,0,0,(PACL)acl};
66 |
67 | HANDLE hTextPipe, hCmdPipe, hThread;
68 | IO_STATUS_BLOCK ios;
69 | UNICODE_STRING us;
70 |
71 | OBJECT_ATTRIBUTES oa = {sizeof(oa), 0, &us, OBJ_CASE_INSENSITIVE, &sd, 0};
72 | LARGE_INTEGER time = {-500000, -1};
73 |
74 | RtlInitUnicodeString(&us,recv_pipe);
75 | if (!NT_SUCCESS(NtCreateNamedPipeFile(
76 | &hTextPipe,
77 | GENERIC_READ | SYNCHRONIZE,
78 | &oa,
79 | &ios,
80 | FILE_SHARE_WRITE,
81 | FILE_OPEN_IF,
82 | FILE_SYNCHRONOUS_IO_NONALERT,
83 | 1, 1, 0, -1,
84 | 0x1000,
85 | 0x1000,
86 | &time)))
87 | {
88 | ConsoleOutput(ErrorCreatePipe);
89 | return;
90 | }
91 |
92 | RtlInitUnicodeString(&us, command_pipe);
93 | if (!NT_SUCCESS(NtCreateNamedPipeFile(
94 | &hCmdPipe,
95 | GENERIC_WRITE | SYNCHRONIZE,
96 | &oa,
97 | &ios,
98 | FILE_SHARE_READ,
99 | FILE_OPEN_IF,
100 | FILE_SYNCHRONOUS_IO_NONALERT,
101 | 1, 1, 0, -1,
102 | 0x1000,
103 | 0x1000,
104 | &time)))
105 | {
106 | ConsoleOutput(ErrorCreatePipe);
107 | return;
108 | }
109 | hThread = IthCreateThread(RecvThread, (DWORD)hTextPipe);
110 | man -> RegisterPipe(hTextPipe, hCmdPipe, hThread);
111 | }
112 | void DetachFromProcess(DWORD pid)
113 | {
114 | HANDLE hMutex, hEvent;
115 | IO_STATUS_BLOCK ios;
116 | ProcessRecord* pr = man->GetProcessRecord(pid);
117 | if (pr == 0) return;
118 | //IthBreak();
119 | hEvent = IthCreateEvent(0);
120 | if (STATUS_PENDING == NtFsControlFile(
121 | man -> GetCmdHandleByPID(pid),
122 | hEvent,
123 | 0,0,
124 | &ios,
125 | CTL_CODE(FILE_DEVICE_NAMED_PIPE, NAMED_PIPE_DISCONNECT, 0, 0),
126 | 0,0,0,0))
127 | {
128 | NtWaitForSingleObject(hEvent, 0, 0);
129 | }
130 | NtClose(hEvent);
131 |
132 | WCHAR mutex[0x20];
133 | swprintf(mutex,L"ITH_DETACH_%d",pid);
134 |
135 | hMutex = IthOpenMutex(mutex);
136 | if (hMutex != INVALID_HANDLE_VALUE)
137 | {
138 | NtWaitForSingleObject(hMutex, 0, 0);
139 | NtReleaseMutant(hMutex, 0);
140 | NtClose(hMutex);
141 | }
142 |
143 | //NtSetEvent(hDetachEvent, 0);
144 | if (running) NtSetEvent(hPipeExist, 0);
145 | }
146 | void OutputDWORD(DWORD d)
147 | {
148 | WCHAR str[0x20];
149 | swprintf(str, L"%.8X", d);
150 | ConsoleOutput(str);
151 | }
152 |
153 | bool GetProcessPath(DWORD pid, LPWSTR path);
154 |
155 | DWORD WINAPI RecvThread(LPVOID lpThreadParameter)
156 | {
157 | HANDLE hTextPipe, hDisconnect;
158 | IO_STATUS_BLOCK ios;
159 | NTSTATUS status;
160 |
161 | hTextPipe = (HANDLE)lpThreadParameter;
162 | NtFsControlFile(hTextPipe,
163 | 0,0,0,
164 | &ios,
165 | CTL_CODE(FILE_DEVICE_NAMED_PIPE, NAMED_PIPE_CONNECT, 0, 0),
166 | 0,0,0,0);
167 | if (!running)
168 | {
169 | NtClose(hTextPipe);
170 | return 0;
171 | }
172 |
173 | DWORD pid, hookman, module, engine, RecvLen;
174 |
175 | BYTE *buff, *it;
176 |
177 | buff = new BYTE[0x1000];
178 | NtReadFile(hTextPipe, 0, 0, 0, &ios, buff, 16, 0, 0);
179 |
180 | pid = *(DWORD*)buff;
181 | hookman = *(DWORD*)(buff + 0x4);
182 | module = *(DWORD*)(buff + 0x8);
183 | engine = *(DWORD*)(buff + 0xC);
184 | man -> RegisterProcess(pid, hookman, module, engine);
185 |
186 | CreateNewPipe();
187 |
188 | //NtClose(IthCreateThread(UpdateWindows,0));
189 |
190 | while (running)
191 | {
192 | status = NtReadFile(hTextPipe,
193 | 0,0,0,
194 | &ios,
195 | buff,
196 | 0xF80,
197 | 0,0);
198 | if (!NT_SUCCESS(status)) break;
199 |
200 | RecvLen = ios.uInformation;
201 | if (RecvLen < 0xC) break;
202 | DWORD hook = *(DWORD*)buff;
203 |
204 | union {DWORD retn; DWORD cmd_type;};
205 | union {DWORD split; DWORD new_engine_type;};
206 |
207 | retn = *(DWORD*)(buff + 4);
208 | split = *(DWORD*)(buff + 8);
209 |
210 |
211 | buff[RecvLen] = 0;
212 | buff[RecvLen+1] = 0;
213 |
214 |
215 | if (hook == IHF_NOTIFICATION)
216 | {
217 | switch (cmd_type)
218 | {
219 | case IHF_NOTIFICATION_NEWHOOK:
220 | {
221 | static long lock;
222 | while (_InterlockedExchange(&lock,1) == 1);
223 | ProcessEventCallback new_hook = man->ProcessNewHook();
224 | if (new_hook) new_hook(pid);
225 | lock = 0;
226 | }
227 | break;
228 | case IHF_NOTIFICATION_TEXT:
229 | {
230 | ConsoleOutput((LPWSTR)(buff+8));
231 | }
232 |
233 |
234 | break;
235 | }
236 | }
237 | else
238 | {
239 | it = Filter(buff + 0xC, RecvLen - 0xC);
240 | RecvLen = RecvLen - (it - buff);
241 | if (RecvLen >> 31) RecvLen = 0;
242 | man -> DispatchText(pid, it, hook, retn, split, RecvLen);
243 | }
244 | }
245 |
246 | EnterCriticalSection(&detach_cs);
247 |
248 | hDisconnect = IthCreateEvent(0);
249 |
250 | if (STATUS_PENDING == NtFsControlFile(
251 | hTextPipe,
252 | hDisconnect,
253 | 0, 0,
254 | &ios,
255 | CTL_CODE(FILE_DEVICE_NAMED_PIPE, NAMED_PIPE_DISCONNECT, 0, 0),
256 | 0, 0, 0, 0))
257 | {
258 | NtWaitForSingleObject(hDisconnect, 0, 0);
259 | }
260 | NtClose(hDisconnect);
261 | DetachFromProcess(pid);
262 | man -> UnRegisterProcess(pid);
263 |
264 | //NtClearEvent(hDetachEvent);
265 |
266 | LeaveCriticalSection(&detach_cs);
267 |
268 | if (running)
269 | {
270 | swprintf((LPWSTR)buff, FormatDetach, pid);
271 | ConsoleOutput((LPWSTR)buff);
272 | //NtClose(IthCreateThread(UpdateWindows, 0));
273 | }
274 | delete buff;
275 | return 0;
276 | }
277 |
278 |
--------------------------------------------------------------------------------
/ITH_TLS/ITH_TLS.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {C8257FF3-7DA9-41C4-87AA-13A03679D093}
15 | Win32Proj
16 | ITH_TLS
17 |
18 |
19 |
20 | DynamicLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | DynamicLibrary
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | true
44 | $(SolutionDir)lib\$(Configuration)\
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | false
49 | $(SolutionDir)libs
50 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
51 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
52 |
53 |
54 |
55 |
56 |
57 | Level3
58 | Disabled
59 | WIN32;_DEBUG;_WINDOWS;_USRDLL;ITH_TLS_EXPORTS;%(PreprocessorDefinitions)
60 | ..\include
61 | MultiThreadedDebugDLL
62 | StreamingSIMDExtensions2
63 | Fast
64 | Async
65 |
66 |
67 | Windows
68 | true
69 | ws2_32.lib;ntdll.lib;ITH_Hashlib.lib;%(AdditionalDependencies)
70 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
71 |
72 |
73 |
74 |
75 | Level3
76 |
77 |
78 | Full
79 | true
80 | true
81 | WIN32;NDEBUG;_WINDOWS;_USRDLL;ITH_TLS_EXPORTS;%(PreprocessorDefinitions)
82 | Async
83 | false
84 | false
85 | 4996;4731
86 | AnySuitable
87 | Size
88 | true
89 | true
90 | StreamingSIMDExtensions2
91 | ..\include
92 | Fast
93 |
94 |
95 | Windows
96 | true
97 | true
98 | true
99 | ws2_32.lib;ntdll.lib;ITH_Hashlib.lib;%(AdditionalDependencies)
100 | DllMain
101 | false
102 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
--------------------------------------------------------------------------------
/IHF/IHF.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {C07A8FA2-3841-43BC-B877-8A7437DCC07B}
15 | Win32Proj
16 | IHF
17 |
18 |
19 |
20 | DynamicLibrary
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | DynamicLibrary
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | true
44 | $(SolutionDir)lib\$(Configuration)\
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | false
49 | false
50 |
51 |
52 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
53 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
54 | $(SolutionDir)libs
55 |
56 |
57 |
58 |
59 |
60 | Level3
61 | Disabled
62 | WIN32;_DEBUG;_WINDOWS;_USRDLL;IHF_EXPORTS;%(PreprocessorDefinitions)
63 | ..\include
64 | MultiThreadedDebugDLL
65 | StreamingSIMDExtensions2
66 | Fast
67 | Async
68 |
69 |
70 | Windows
71 | true
72 | comctl32.lib;ntdll.lib;ith_sys.lib;%(AdditionalDependencies)
73 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 | Level3
83 |
84 |
85 | Full
86 | true
87 | true
88 | WIN32;NDEBUG;_WINDOWS;_USRDLL;IHF_EXPORTS;%(PreprocessorDefinitions)
89 | false
90 | false
91 | 4996;4146
92 | Async
93 | AnySuitable
94 | Size
95 | true
96 | true
97 | StreamingSIMDExtensions2
98 | ..\include
99 | Fast
100 |
101 |
102 | Windows
103 | true
104 | true
105 | true
106 | DllMain
107 | false
108 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
109 | comctl32.lib;ntdll.lib;ith_sys.lib;%(AdditionalDependencies)
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
--------------------------------------------------------------------------------
/ITH/ITH.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {1A196FCB-1ABB-463C-8C8E-6A878CDBB280}
15 | Win32Proj
16 | ITH
17 |
18 |
19 |
20 | Application
21 | true
22 | Unicode
23 | v100
24 |
25 |
26 | Application
27 | false
28 | true
29 | Unicode
30 | v100
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | true
44 | $(SolutionDir)lib\$(Configuration)\
45 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
46 |
47 |
48 | false
49 | $(SolutionDir)$(Configuration)\
50 | $(SolutionDir)obj\$(ProjectName)\$(Configuration)\
51 | $(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;$(SolutionDir)lib;$(ProjectDir)lib;$(SolutionDir)libs
52 |
53 |
54 |
55 |
56 |
57 | Level3
58 | Disabled
59 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
60 | ..\include
61 | MultiThreadedDebugDLL
62 | Fast
63 | StreamingSIMDExtensions2
64 |
65 |
66 | Windows
67 | true
68 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
69 | ntdll.lib;comctl32.lib;ITH_Hashlib.lib;ITH_TinyXmlLib.lib;ITH_TLS.lib;ITH_SYS.lib;IHF.lib;%(AdditionalDependencies)
70 | main
71 | RequireAdministrator
72 |
73 |
74 |
75 |
76 | Level3
77 |
78 |
79 | Full
80 | true
81 | true
82 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
83 | 4146;4996
84 | false
85 | false
86 | false
87 | AnySuitable
88 | Size
89 | true
90 | StreamingSIMDExtensions2
91 | ..\include
92 | true
93 | true
94 | Fast
95 |
96 |
97 | Windows
98 | true
99 | ntdll.lib;comctl32.lib;ITH_Hashlib.lib;ITH_TinyXmlLib.lib;ITH_TLS.lib;ITH_SYS.lib;IHF.lib;%(AdditionalDependencies)
100 | main
101 | type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'
102 | $(SolutionDir)lib\$(Configuration);C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x86
103 | RequireAdministrator
104 |
105 |
106 |
107 | move $(SolutionDir)libs\*.dll $(SolutionDir)$(Configuration)
108 |
109 |
110 | Move DLL to Release folder
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
--------------------------------------------------------------------------------
/ITH_Engine/util.cpp:
--------------------------------------------------------------------------------
1 | // util/util.cc
2 | // 8/23/2013 jichi
3 | // Branch: ITH_Engine/engine.cpp, revision 133
4 | // See: http://ja.wikipedia.org/wiki/プロジェクト:美少女ゲーム系/ゲームエンジン
5 |
6 | #include "util.h"
7 |
8 | namespace { // unnamed
9 |
10 | inline DWORD SigMask(DWORD sig)
11 | {
12 | __asm
13 | {
14 | xor ecx,ecx
15 | mov eax,sig
16 | _mask:
17 | shr eax,8
18 | inc ecx
19 | test eax,eax
20 | jnz _mask
21 | sub ecx,4
22 | neg ecx
23 | or eax,-1
24 | shl ecx,3
25 | shr eax,cl
26 | }
27 | }
28 |
29 | } // namespace unnamed
30 |
31 | // jichi 8/24/2013: binary search?
32 | DWORD Util::GetCodeRange(DWORD hModule,DWORD *low, DWORD *high)
33 | {
34 | IMAGE_DOS_HEADER *DosHdr;
35 | IMAGE_NT_HEADERS *NtHdr;
36 | DWORD dwReadAddr;
37 | IMAGE_SECTION_HEADER *shdr;
38 | DosHdr = (IMAGE_DOS_HEADER *)hModule;
39 | if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
40 | dwReadAddr = hModule + DosHdr->e_lfanew;
41 | NtHdr = (IMAGE_NT_HEADERS *)dwReadAddr;
42 | if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
43 | shdr = (PIMAGE_SECTION_HEADER)((DWORD)(&NtHdr->OptionalHeader) + NtHdr->FileHeader.SizeOfOptionalHeader);
44 | while ((shdr->Characteristics & IMAGE_SCN_CNT_CODE) == 0)
45 | shdr++;
46 | *low = hModule + shdr->VirtualAddress;
47 | *high = *low + (shdr->Misc.VirtualSize & 0xfffff000) + 0x1000;
48 | }
49 | }
50 | return 0;
51 | }
52 |
53 | DWORD Util::FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig)
54 | {
55 | //WCHAR str[0x40];
56 | DWORD i, j, t, l, mask;
57 | DWORD reverse_length = 0x800;
58 | mask = SigMask(sig);
59 | bool flag1, flag2;
60 | for (i = 0x1000; i < size-4; i++) {
61 | flag1 = false;
62 | if (*(BYTE *)(pt + i) == 0xe8) {
63 | flag1 = flag2 = true;
64 | t = *(DWORD *)(pt + i + 1);
65 | } else if (*(WORD *)(pt + i) == 0x15ff) {
66 | flag1 = true;
67 | flag2 = false;
68 | t = *(DWORD *)(pt + i + 2);
69 | }
70 | if (flag1) {
71 | if (flag2) {
72 | flag1 = (pt + i + 5 + t == fun);
73 | l = 5;
74 | } else if (t >= pt && t <= pt + size - 4) {
75 | flag1 = fun == *(DWORD *)t;
76 | l = 6;
77 | } else
78 | flag1=false;
79 | if (flag1)
80 | //swprintf(str,L"CALL addr: 0x%.8X",pt + i);
81 | //OutputConsole(str);
82 | for (j = i; j > i - reverse_length; j--)
83 | if ((*(WORD *)(pt + j)) == (sig & mask)) //Fun entry 1.
84 | //swprintf(str,L"Entry: 0x%.8X",pt + j);
85 | //OutputConsole(str);
86 | return pt + j;
87 | else
88 | i += l;
89 | }
90 | }
91 | //OutputConsole(L"Find call and entry failed.");
92 | return 0;
93 | }
94 |
95 | DWORD Util::FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp)
96 | {
97 | DWORD i, t;
98 | BYTE sig = (jmp) ? 0xe9 : 0xe8;
99 | for (i = 0x1000; i < size - 4; i++)
100 | if (sig == *(BYTE *)(pt + i)) {
101 | t = *(DWORD *)(pt + i + 1);
102 | if(fun == pt + i + 5 + t)
103 | //OutputDWORD(pt + i);
104 | return pt + i;
105 | else
106 | i += 5;
107 | }
108 | return 0;
109 | }
110 |
111 | DWORD Util::FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp)
112 | {
113 | DWORD i,t;
114 | WORD sig = jmp ? 0x25ff : 0x15ff;
115 | for (i = 0x1000; i < size - 4; i++)
116 | if (sig == *(WORD *)(pt + i)) {
117 | t = *(DWORD *)(pt + i + 2);
118 | if (t > pt && t < pt + size) {
119 | if (fun == *(DWORD *)t)
120 | return pt + i;
121 | else
122 | i += 5;
123 | }
124 | }
125 | return 0;
126 | }
127 |
128 | DWORD Util::FindCallBoth(DWORD fun, DWORD size, DWORD pt)
129 | {
130 | DWORD i, t;
131 | for (i = 0x1000; i < size - 4; i++) {
132 | if (*(BYTE *)(pt + i) == 0xe8) {
133 | t = *(DWORD *)(pt + i + 1) + pt + i + 5;
134 | if (t == fun)
135 | return i;
136 | }
137 | if (*(WORD *)(pt + i) == 0x15ff) {
138 | t = *(DWORD *)(pt + i + 2);
139 | if (t >= pt && t <= pt + size - 4) {
140 | if (*(DWORD *)t == fun)
141 | return i;
142 | else
143 | i += 6;
144 | }
145 | }
146 | }
147 | return 0;
148 | }
149 |
150 | DWORD Util::FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig)
151 | {
152 | //WCHAR str[0x40];
153 | DWORD i, j, t, mask;
154 | DWORD reverse_length = 0x800;
155 | mask = SigMask(sig);
156 | for (i = 0x1000; i < size - 4; i++)
157 | if (*(WORD *)(pt + i) == 0x15ff) {
158 | t = *(DWORD *)(pt + i + 2);
159 | if (t >= pt && t <= pt + size - 4) {
160 | if (*(DWORD *)t == fun)
161 | //swprintf(str,L"CALL addr: 0x%.8X",pt + i);
162 | //OutputConsole(str);
163 | for (j = i ; j > i - reverse_length; j--)
164 | if ((*(DWORD *)(pt + j) & mask) == sig) //Fun entry 1.
165 | //swprintf(str,L"Entry: 0x%.8X",pt + j);
166 | //OutputConsole(str);
167 | return pt + j;
168 |
169 | } else
170 | i += 6;
171 | }
172 | //OutputConsole(L"Find call and entry failed.");
173 | return 0;
174 | }
175 |
176 | DWORD Util::FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig)
177 | {
178 | //WCHAR str[0x40];
179 | DWORD i, j, mask;
180 | DWORD reverse_length = 0x800;
181 | mask = SigMask(sig);
182 | i = FindCallOrJmpRel(fun, size, pt, false);
183 | if (i)
184 | for (j = i; j > i - reverse_length; j--)
185 | if (((*(DWORD *)j) & mask) == sig) //Fun entry 1.
186 | //swprintf(str,L"Entry: 0x%.8X",j);
187 | //OutputConsole(str);
188 | return j;
189 | //OutputConsole(L"Find call and entry failed.");
190 | return 0;
191 | }
192 | DWORD Util::FindEntryAligned(DWORD start, DWORD back_range)
193 | {
194 | DWORD i,j,k,t;
195 | start &= ~0xf;
196 | for (i = start, j = start - back_range; i > j; i-=0x10) {
197 | k = *(DWORD *)(i-4);
198 | if (k == 0xcccccccc
199 | || k == 0x90909090
200 | || k == 0xccccccc3
201 | || k == 0x909090c3
202 | )
203 | return i;
204 | t = k & 0xff0000ff;
205 | if (t == 0xcc0000c2 || t == 0x900000c2)
206 | return i;
207 | k >>= 8;
208 | if (k == 0xccccc3 || k == 0x9090c3)
209 | return i;
210 | t = k & 0xff;
211 | if (t == 0xc2)
212 | return i;
213 | k >>= 8;
214 | if (k == 0xccc3 || k == 0x90c3)
215 | return i;
216 | k >>= 8;
217 | if (k == 0xc3)
218 | return i;
219 | }
220 | return 0;
221 | }
222 |
223 | DWORD Util::FindImportEntry(DWORD hModule, DWORD fun)
224 | {
225 | IMAGE_DOS_HEADER *DosHdr;
226 | IMAGE_NT_HEADERS *NtHdr;
227 | DWORD IAT, end, pt, addr;
228 | DosHdr = (IMAGE_DOS_HEADER *)hModule;
229 | if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
230 | NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew);
231 | if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
232 | IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress;
233 | end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size;
234 | IAT += hModule;
235 | end += IAT;
236 | for (pt = IAT; pt < end; pt += 4) {
237 | addr = *(DWORD *)pt;
238 | if (addr == fun)
239 | return pt;
240 | }
241 | }
242 | }
243 | return 0;
244 | }
245 |
246 | // Search string in rsrc section. This section usually contains version and copyright info.
247 | bool Util::SearchResourceString(LPCWSTR str)
248 | {
249 | DWORD hModule = Util::GetModuleBase();
250 | IMAGE_DOS_HEADER *DosHdr;
251 | IMAGE_NT_HEADERS *NtHdr;
252 | DosHdr = (IMAGE_DOS_HEADER *)hModule;
253 | DWORD rsrc, size;
254 | //__asm int 3
255 | if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
256 | NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew);
257 | if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
258 | rsrc = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress;
259 | if (rsrc) {
260 | rsrc += hModule;
261 | if (IthGetMemoryRange((LPVOID)rsrc, &rsrc ,&size) &&
262 | SearchPattern(rsrc, size - 4, (LPVOID)str, wcslen(str) << 1))
263 | return true;
264 | }
265 | }
266 | }
267 | return false;
268 | }
269 |
270 | // EOF
271 |
--------------------------------------------------------------------------------