├── DetourHook
├── DetourHook.sln
├── DetourHook.v11.suo
├── DetourHook
│ ├── DetourHook.cpp
│ ├── DetourHook.vcxproj
│ ├── DetourHook.vcxproj.filters
│ ├── DetourHook.vcxproj.user
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
└── DetourHookDll
│ ├── DetourHookDll.cpp
│ ├── DetourHookDll.vcxproj
│ ├── DetourHookDll.vcxproj.filters
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── LICENSE
├── PECMD-v2.8.8U
├── DEFINE.H
├── HIDEPROCESS.H
├── MD5.H
├── PECMD.CPP
├── PECMD.DSW
├── PECMD.EXE
├── PECMD.SLN
├── PECMD.SUO
├── PECMD.VCPROJ
├── RESOURCE.APS
├── RESOURCE.RC
├── Resource.h
├── Resource
│ ├── HELP.TXT
│ ├── MAIN.ICO
│ ├── TRAY.ICO
│ └── VER.RC2
└── UNIBASE.H
└── README.md
/DetourHook/DetourHook.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2012
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetourHook", "DetourHook\DetourHook.vcxproj", "{B6E69357-0B02-44E6-AEE5-A7F207424387}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetourHookDll", "DetourHookDll\DetourHookDll.vcxproj", "{6856EE4F-8914-4645-927E-179FF29D5DBC}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Debug|x64 = Debug|x64
12 | Release|Win32 = Release|Win32
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Debug|Win32.ActiveCfg = Debug|Win32
17 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Debug|Win32.Build.0 = Debug|Win32
18 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Debug|x64.ActiveCfg = Debug|x64
19 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Debug|x64.Build.0 = Debug|x64
20 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Release|Win32.ActiveCfg = Release|Win32
21 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Release|Win32.Build.0 = Release|Win32
22 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Release|x64.ActiveCfg = Release|x64
23 | {B6E69357-0B02-44E6-AEE5-A7F207424387}.Release|x64.Build.0 = Release|x64
24 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Debug|Win32.ActiveCfg = Debug|Win32
25 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Debug|Win32.Build.0 = Debug|Win32
26 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Debug|x64.ActiveCfg = Debug|x64
27 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Debug|x64.Build.0 = Debug|x64
28 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Release|Win32.ActiveCfg = Release|Win32
29 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Release|Win32.Build.0 = Release|Win32
30 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Release|x64.ActiveCfg = Release|x64
31 | {6856EE4F-8914-4645-927E-179FF29D5DBC}.Release|x64.Build.0 = Release|x64
32 | EndGlobalSection
33 | GlobalSection(SolutionProperties) = preSolution
34 | HideSolutionNode = FALSE
35 | EndGlobalSection
36 | EndGlobal
37 |
--------------------------------------------------------------------------------
/DetourHook/DetourHook.v11.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHook.v11.suo
--------------------------------------------------------------------------------
/DetourHook/DetourHook/DetourHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHook/DetourHook.cpp
--------------------------------------------------------------------------------
/DetourHook/DetourHook/DetourHook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {B6E69357-0B02-44E6-AEE5-A7F207424387}
23 | Win32Proj
24 | DetourHook
25 |
26 |
27 |
28 | Application
29 | true
30 | v110
31 | Unicode
32 |
33 |
34 | Application
35 | true
36 | v110
37 | Unicode
38 |
39 |
40 | Application
41 | false
42 | v110
43 | true
44 | Unicode
45 |
46 |
47 | Application
48 | false
49 | v110
50 | true
51 | Unicode
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 | true
71 |
72 |
73 | true
74 |
75 |
76 | false
77 |
78 |
79 | false
80 |
81 |
82 |
83 | Use
84 | Level3
85 | Disabled
86 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
87 | true
88 |
89 |
90 | Console
91 | true
92 |
93 |
94 |
95 |
96 | Use
97 | Level3
98 | Disabled
99 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
100 | true
101 |
102 |
103 | Console
104 | true
105 |
106 |
107 |
108 |
109 | Level3
110 | Use
111 | MaxSpeed
112 | true
113 | true
114 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
115 | true
116 |
117 |
118 | Console
119 | true
120 | true
121 | true
122 |
123 |
124 |
125 |
126 | Level3
127 | Use
128 | MaxSpeed
129 | true
130 | true
131 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
132 | true
133 |
134 |
135 | Console
136 | true
137 | true
138 | true
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 | Create
152 | Create
153 | Create
154 | Create
155 |
156 |
157 |
158 |
159 |
160 |
--------------------------------------------------------------------------------
/DetourHook/DetourHook/DetourHook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 | 头文件
23 |
24 |
25 | 头文件
26 |
27 |
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/DetourHook/DetourHook/DetourHook.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\Users\liber\Desktop\APIHook\DetourHook\x64\Debug\pecmd.exe C:\Users\liber\Desktop\APIHook\DetourHook\x64\Debug\DetourHookDll.dll
5 | WindowsLocalDebugger
6 |
7 |
--------------------------------------------------------------------------------
/DetourHook/DetourHook/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHook/stdafx.cpp
--------------------------------------------------------------------------------
/DetourHook/DetourHook/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHook/stdafx.h
--------------------------------------------------------------------------------
/DetourHook/DetourHook/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHook/targetver.h
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/DetourHookDll.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHookDll/DetourHookDll.cpp
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/DetourHookDll.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {6856EE4F-8914-4645-927E-179FF29D5DBC}
23 | Win32Proj
24 | DetourHookDll
25 |
26 |
27 |
28 | DynamicLibrary
29 | true
30 | v110
31 | Unicode
32 |
33 |
34 | DynamicLibrary
35 | true
36 | v110
37 | Unicode
38 |
39 |
40 | DynamicLibrary
41 | false
42 | v110
43 | true
44 | Unicode
45 |
46 |
47 | DynamicLibrary
48 | false
49 | v110
50 | true
51 | Unicode
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 | true
71 |
72 |
73 | true
74 |
75 |
76 | false
77 |
78 |
79 | false
80 |
81 |
82 |
83 | Use
84 | Level3
85 | Disabled
86 | WIN32;_DEBUG;_WINDOWS;_USRDLL;DETOURHOOKDLL_EXPORTS;%(PreprocessorDefinitions)
87 | true
88 |
89 |
90 | Windows
91 | true
92 |
93 |
94 |
95 |
96 | Use
97 | Level3
98 | Disabled
99 | WIN32;_DEBUG;_WINDOWS;_USRDLL;DETOURHOOKDLL_EXPORTS;%(PreprocessorDefinitions)
100 | true
101 |
102 |
103 | Windows
104 | true
105 |
106 |
107 |
108 |
109 | Level3
110 | Use
111 | MaxSpeed
112 | true
113 | true
114 | WIN32;NDEBUG;_WINDOWS;_USRDLL;DETOURHOOKDLL_EXPORTS;%(PreprocessorDefinitions)
115 | true
116 |
117 |
118 | Windows
119 | true
120 | true
121 | true
122 |
123 |
124 |
125 |
126 | Level3
127 | Use
128 | MaxSpeed
129 | true
130 | true
131 | WIN32;NDEBUG;_WINDOWS;_USRDLL;DETOURHOOKDLL_EXPORTS;%(PreprocessorDefinitions)
132 | true
133 |
134 |
135 | Windows
136 | true
137 | true
138 | true
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 | false
151 | false
152 |
153 |
154 |
155 |
156 | false
157 | false
158 |
159 |
160 |
161 |
162 |
163 |
164 | Create
165 | Create
166 | Create
167 | Create
168 |
169 |
170 |
171 |
172 |
173 |
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/DetourHookDll.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 | 头文件
23 |
24 |
25 | 头文件
26 |
27 |
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHookDll/stdafx.cpp
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHookDll/stdafx.h
--------------------------------------------------------------------------------
/DetourHook/DetourHookDll/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/DetourHook/DetourHookDll/targetver.h
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2015 Paul Lee
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
23 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/DEFINE.H:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/DEFINE.H
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/HIDEPROCESS.H:
--------------------------------------------------------------------------------
1 | //HideProcess.h
2 | BOOL HideProcess();
3 | /////////////////////////////////////////////////////////////////////////////
4 | //HideProcess.cpp
5 | #include
6 | #include
7 | #include
8 | #include
9 |
10 | //#include"HideProcess.h"
11 |
12 | #define NT_SUCCESS(Status)((NTSTATUS)(Status) >= 0)
13 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
14 | #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
15 |
16 | typedef LONG NTSTATUS;
17 |
18 | typedef struct _IO_STATUS_BLOCK
19 | {
20 | NTSTATUS Status;
21 | ULONG Information;
22 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
23 |
24 |
25 | typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
26 |
27 | #define OBJ_INHERIT 0x00000002L
28 | #define OBJ_PERMANENT 0x00000010L
29 | #define OBJ_EXCLUSIVE 0x00000020L
30 | #define OBJ_CASE_INSENSITIVE 0x00000040L
31 | #define OBJ_OPENIF 0x00000080L
32 | #define OBJ_OPENLINK 0x00000100L
33 | #define OBJ_KERNEL_HANDLE 0x00000200L
34 | #define OBJ_VALID_ATTRIBUTES 0x000003F2L
35 |
36 | typedef struct _OBJECT_ATTRIBUTES
37 | {
38 | ULONG Length;
39 | HANDLE RootDirectory;
40 | PUNICODE_STRING ObjectName;
41 | ULONG Attributes;
42 | PVOID SecurityDescriptor;
43 | PVOID SecurityQualityOfService;
44 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
45 |
46 | typedef NTSTATUS (CALLBACK* ZWOPENSECTION)(
47 | OUT PHANDLE SectionHandle,
48 | IN ACCESS_MASK DesiredAccess,
49 | IN POBJECT_ATTRIBUTES ObjectAttributes
50 | );
51 |
52 | typedef VOID (CALLBACK* RTLINITUNICODESTRING)(
53 | IN OUT PUNICODE_STRING DestinationString,
54 | IN PCWSTR SourceString
55 | );
56 |
57 | RTLINITUNICODESTRING RtlInitUnicodeString;
58 | ZWOPENSECTION ZwOpenSection;
59 | HMODULE g_hNtDLL = NULL;
60 | PVOID g_pMapPhysicalMemory = NULL;
61 | HANDLE g_hMPM = NULL;
62 | OSVERSIONINFO g_osvi;
63 |
64 | //---------------------------------------------------------------------------
65 | BOOL InitNTDLL()
66 | {
67 | g_hNtDLL = LoadLibrary(TEXT("ntdll.dll"));
68 |
69 | if (NULL == g_hNtDLL)
70 | return FALSE;
71 |
72 | RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress( g_hNtDLL,"RtlInitUnicodeString");
73 | ZwOpenSection = (ZWOPENSECTION)GetProcAddress( g_hNtDLL, "ZwOpenSection");
74 |
75 | return TRUE;
76 | }
77 | //---------------------------------------------------------------------------
78 | VOID CloseNTDLL()
79 | {
80 | if(NULL != g_hNtDLL)
81 | FreeLibrary(g_hNtDLL);
82 |
83 | g_hNtDLL = NULL;
84 | }
85 | //---------------------------------------------------------------------------
86 | VOID SetPhyscialMemorySectionCanBeWrited(HANDLE hSection)
87 | {
88 | PACL pDacl = NULL;
89 | PSECURITY_DESCRIPTOR pSD = NULL;
90 | PACL pNewDacl = NULL;
91 |
92 | DWORD dwRes = GetSecurityInfo(hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL,
93 |
94 | NULL, &pDacl, NULL, &pSD);
95 |
96 | if(ERROR_SUCCESS != dwRes)
97 | {
98 |
99 | if(pSD)
100 | LocalFree(pSD);
101 | if(pNewDacl)
102 | LocalFree(pNewDacl);
103 | }
104 |
105 | EXPLICIT_ACCESS ea;
106 | RtlZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
107 | ea.grfAccessPermissions = SECTION_MAP_WRITE;
108 | ea.grfAccessMode = GRANT_ACCESS;
109 | ea.grfInheritance= NO_INHERITANCE;
110 | ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
111 | ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
112 | ea.Trustee.ptstrName = TEXT("CURRENT_USER");
113 |
114 | dwRes = SetEntriesInAcl(1,&ea,pDacl,&pNewDacl);
115 |
116 | if(ERROR_SUCCESS != dwRes)
117 | {
118 |
119 | if(pSD)
120 | LocalFree(pSD);
121 | if(pNewDacl)
122 | LocalFree(pNewDacl);
123 | }
124 | dwRes = SetSecurityInfo
125 |
126 | (hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);
127 |
128 | if(ERROR_SUCCESS != dwRes)
129 | {
130 |
131 | if(pSD)
132 | LocalFree(pSD);
133 | if(pNewDacl)
134 | LocalFree(pNewDacl);
135 | }
136 |
137 | }
138 | //---------------------------------------------------------------------------
139 | HANDLE OpenPhysicalMemory()
140 | {
141 | NTSTATUS status;
142 | UNICODE_STRING physmemString;
143 | OBJECT_ATTRIBUTES attributes;
144 | ULONG PhyDirectory;
145 |
146 | g_osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
147 | GetVersionEx (&g_osvi);
148 |
149 | if (5 != g_osvi.dwMajorVersion)
150 | return NULL;
151 |
152 | switch(g_osvi.dwMinorVersion)
153 | {
154 | case 0:
155 | PhyDirectory = 0x30000;
156 | break; //2k
157 | case 1:
158 | PhyDirectory = 0x39000;
159 | break; //xp
160 | default:
161 | return NULL;
162 | }
163 |
164 | RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");
165 |
166 | attributes.Length = sizeof(OBJECT_ATTRIBUTES);
167 | attributes.RootDirectory = NULL;
168 | attributes.ObjectName = &physmemString;
169 | attributes.Attributes = 0;
170 | attributes.SecurityDescriptor = NULL;
171 | attributes.SecurityQualityOfService = NULL;
172 |
173 | status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes);
174 |
175 | if(status == STATUS_ACCESS_DENIED)
176 | {
177 | status = ZwOpenSection(&g_hMPM, READ_CONTROL|WRITE_DAC, &attributes);
178 | SetPhyscialMemorySectionCanBeWrited(g_hMPM);
179 | CloseHandle(g_hMPM);
180 | status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes);
181 | }
182 |
183 | if(!NT_SUCCESS(status))
184 | return NULL;
185 |
186 | g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, PhyDirectory,
187 |
188 | 0x1000);
189 |
190 | if( g_pMapPhysicalMemory == NULL )
191 | return NULL;
192 |
193 | return g_hMPM;
194 | }
195 | //---------------------------------------------------------------------------
196 | PVOID LinearToPhys(PULONG BaseAddress, PVOID addr)
197 | {
198 | ULONG VAddr = (ULONG)addr,PGDE,PTE,PAddr;
199 | PGDE = BaseAddress[VAddr>>22];
200 |
201 | if (0 == (PGDE&1))
202 | return 0;
203 |
204 | ULONG tmp = PGDE & 0x00000080;
205 |
206 | if (0 != tmp)
207 | {
208 | PAddr = (PGDE & 0xFFC00000) + (VAddr & 0x003FFFFF);
209 | }
210 | else
211 | {
212 | PGDE = (ULONG)MapViewOfFile(g_hMPM, 4, 0, PGDE & 0xfffff000, 0x1000);
213 | PTE = ((PULONG)PGDE)[(VAddr&0x003FF000)>>12];
214 |
215 | if (0 == (PTE&1))
216 | return 0;
217 |
218 | PAddr=(PTE&0xFFFFF000)+(VAddr&0x00000FFF);
219 | UnmapViewOfFile((PVOID)PGDE);
220 | }
221 |
222 | return (PVOID)PAddr;
223 | }
224 | //---------------------------------------------------------------------------
225 | ULONG GetData(PVOID addr)
226 | {
227 | ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
228 | PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, phys &
229 |
230 | 0xfffff000, 0x1000);
231 |
232 | if (0 == tmp)
233 | return 0;
234 |
235 | ULONG ret = tmp[(phys & 0xFFF)>>2];
236 | UnmapViewOfFile(tmp);
237 |
238 | return ret;
239 | }
240 | //---------------------------------------------------------------------------
241 | BOOL SetData(PVOID addr,ULONG data)
242 | {
243 | ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
244 | PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000);
245 |
246 | if (0 == tmp)
247 | return FALSE;
248 |
249 | tmp[(phys & 0xFFF)>>2] = data;
250 | UnmapViewOfFile(tmp);
251 |
252 | return TRUE;
253 | }
254 | //---------------------------------------------------------------------------
255 | long __stdcall exeception(struct _EXCEPTION_POINTERS *tmp)
256 | {
257 | ExitProcess(0);
258 | return 1 ;
259 | }
260 | //---------------------------------------------------------------------------
261 | BOOL YHideProcess()
262 | {
263 | // SetUnhandledExceptionFilter(exeception);
264 |
265 | if (FALSE == InitNTDLL())
266 | return FALSE;
267 |
268 | if (0 == OpenPhysicalMemory())
269 | return FALSE;
270 |
271 | ULONG thread = GetData((PVOID)0xFFDFF124); //kteb
272 | ULONG process = GetData(PVOID(thread + 0x44)); //kpeb
273 |
274 | ULONG fw, bw;
275 | if (0 == g_osvi.dwMinorVersion)
276 | {
277 | fw = GetData(PVOID(process + 0xa0));
278 | bw = GetData(PVOID(process + 0xa4));
279 | }
280 |
281 | if (1 == g_osvi.dwMinorVersion)
282 | {
283 | fw = GetData(PVOID(process + 0x88));
284 | bw = GetData(PVOID(process + 0x8c));
285 | }
286 |
287 | SetData(PVOID(fw + 4), bw);
288 | SetData(PVOID(bw), fw);
289 |
290 | CloseHandle(g_hMPM);
291 | CloseNTDLL();
292 |
293 | return TRUE;
294 | }
295 |
296 | BOOL HideProcess()
297 | {
298 | static BOOL b_hide = false;
299 | if (!b_hide)
300 | {
301 | b_hide = true;
302 | YHideProcess();
303 | return true;
304 | }
305 | return true;
306 | }
307 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/MD5.H:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/MD5.H
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.CPP:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/PECMD.CPP
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.DSW:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "PECMD"=.\PECMD.dsp - Package Owner=<5>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.EXE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/PECMD.EXE
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.SLN:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PECMD", "PECMD.vcproj", "{5B5CA445-6E02-40DD-A84A-0FC6F5AEAE18}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {5B5CA445-6E02-40DD-A84A-0FC6F5AEAE18}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {5B5CA445-6E02-40DD-A84A-0FC6F5AEAE18}.Debug|Win32.Build.0 = Debug|Win32
14 | {5B5CA445-6E02-40DD-A84A-0FC6F5AEAE18}.Release|Win32.ActiveCfg = Release|Win32
15 | {5B5CA445-6E02-40DD-A84A-0FC6F5AEAE18}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.SUO:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/PECMD.SUO
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/PECMD.VCPROJ:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/PECMD.VCPROJ
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/RESOURCE.APS:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/RESOURCE.APS
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/RESOURCE.RC:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/RESOURCE.RC
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by RESOURCE.RC
4 | //
5 | #define IDI_Main 100
6 | #define IDR_Help 111
7 | #define IDD_Help 201
8 | #define IDC_Help 301
9 | #define IDC_Version 310
10 | #define IDC_Build 320
11 | #define IDS_CmdErr 10000
12 | #define IDS_FoundDevice 10001
13 | #define IDS_FoundDriver 10002
14 | #define IDS_LogoErr 10003
15 | #define IDS_LogoErrTip 10004
16 | #define IDS_PECNMD_Mgr 10005
17 | #define IDS_BrowseTitle 10006
18 | #define IDS_RETRY_EJECT 10007
19 | #define IDS_EJECT_ERR 10008
20 | #define IDS_ReadEnviFail 10009
21 | #define IDS_Error 10010
22 | #define IDS_TempFolder 10011
23 | #define IDI_ICON1 10012
24 | #define IDS_ClearTemp 10012
25 | #define IDR_MENU1 10013
26 | #define IDS_ClearTempFolder 10013
27 | #define IDS_ReSetTempFolder 10014
28 | #define IDS_SetTempFolder 10015
29 | #define IDS_NewTempFolder 10016
30 | #define IDS_PassWordErrorMsg 10017
31 | #define IDS_PassWordError 10018
32 | #define IDS_OK_Text 10019
33 | #define IDS_InputPassWord 10020
34 | #define IDS_PassWordErr 10021
35 | #define IDS_OpporText 10022
36 | #define IDS_SaveToClipboard 10023
37 | #define IDS_MD5String 10024
38 | #define IDS_SupperWord 10025
39 | #define IDS_Hotk 10026
40 | #define ID_PECMD_HELP 21121
41 | #define ID_1024_768_32_85 21122
42 | #define ID_1024_768_32_90 21123
43 | #define ID_1024_768_16_85 21124
44 | #define ID_1024_768_16_90 21125
45 | #define ID_1280_1024_32_85 21126
46 | #define ID_1280_1024_32_90 21127
47 | #define ID_1280_1024_16_85 21128
48 | #define ID_1280_1024_16_90 21129
49 | #define ID_800_600_32_85 21130
50 | #define ID_800_600_32_75 21131
51 | #define ID_800_600_16_85 21132
52 | #define ID_800_600_16_75 21133
53 | #define ID_EJECT_USB 21134
54 | #define ID_EJECT_CDROM 21135
55 | #define ID_DEL_TEMP 21136
56 | #define ID_SET_TEMP 21137
57 | #define ID_HIDE_ICON 21138
58 | #define IDC_AppDesc 30065
59 |
60 | // Next default values for new objects
61 | //
62 | #ifdef APSTUDIO_INVOKED
63 | #ifndef APSTUDIO_READONLY_SYMBOLS
64 | #define _APS_NO_MFC 1
65 | #define _APS_NEXT_RESOURCE_VALUE 10017
66 | #define _APS_NEXT_COMMAND_VALUE 21139
67 | #define _APS_NEXT_CONTROL_VALUE 30066
68 | #define _APS_NEXT_SYMED_VALUE 40005
69 | #endif
70 | #endif
71 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/Resource/HELP.TXT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/Resource/HELP.TXT
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/Resource/MAIN.ICO:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/Resource/MAIN.ICO
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/Resource/TRAY.ICO:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/liberize/pecmd-decrypt/9f526138b3e762b4c747eb6d1e64dd7f904085e4/PECMD-v2.8.8U/Resource/TRAY.ICO
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/Resource/VER.RC2:
--------------------------------------------------------------------------------
1 |
2 | VS_VERSION_INFO VERSIONINFO
3 | FILEVERSION VER_Major, VER_Minor, VER_Release, VER_Build
4 | PRODUCTVERSION VER_Major, VER_Minor, VER_Release, VER_Build
5 | FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
6 | FILEFLAGS 0
7 | FILEOS VOS__WINDOWS32
8 | FILETYPE VFT_UNKNOWN
9 | FILESUBTYPE VFT2_UNKNOWN
10 | BEGIN
11 | BLOCK "StringFileInfo"
12 | BEGIN
13 | BLOCK "040004B0"
14 | BEGIN
15 | VALUE "FileVersion", STR_VersionStamp
16 | VALUE "FileDescription", STR_AppDesc
17 | VALUE "ProductName", STR_AppName
18 | VALUE "ProductVersion", STR_Version
19 | VALUE "CompanyName", STR_Company
20 | VALUE "LegalCopyright", STR_Copyright
21 | VALUE "Comments", STR_Comments
22 | VALUE "OriginalFilename", STR_FileName
23 | END
24 | END
25 | BLOCK "VarFileInfo"
26 | BEGIN
27 | VALUE "Translation", 0x0400, 0x04B0
28 | END
29 | END
30 |
31 | #ifdef STR_Architecture
32 | 1 24
33 | BEGIN
34 | "\r\n"
35 | "\r\n"
36 | "\r\n"
41 | "" STR_AppDesc "\r\n"
42 | "\r\n"
43 | " \r\n"
44 | " \r\n"
52 | " \r\n"
53 | "\r\n"
54 | "\r\n"
55 | END
56 | #endif
57 |
--------------------------------------------------------------------------------
/PECMD-v2.8.8U/UNIBASE.H:
--------------------------------------------------------------------------------
1 |
2 |
3 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
4 | // Uniform Base Library
5 | // Version 1.0.5
6 | #pragma once
7 |
8 | #define _LOGMSG
9 | //#define _LOGCON
10 | //#define _LOGFILE
11 |
12 | #define _WINSTR
13 | #ifndef WINCE
14 | #define _SHLSTR
15 | #endif
16 |
17 | #if defined(_UNICODE) && !defined(UNICODE)
18 | #define UNICODE
19 | #endif
20 |
21 | #define _CRT_SECURE_NO_DEPRECATE
22 | #define _CRT_NON_CONFORMING_SWPRINTFS
23 |
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
32 |
33 |
34 |
35 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
36 | // Type
37 | #define VOID void
38 | typedef void *PVOID;
39 | typedef void *HANDLE;
40 | typedef HANDLE *PHANDLE;
41 | typedef int BOOL, *PBOOL;
42 | typedef float FLOAT, *PFLOAT;
43 | typedef double DOUBLE, *PDOUBLE;
44 |
45 | typedef int INT, *PINT;
46 | typedef signed char INT8, *PINT8;
47 | typedef signed short INT16, *PINT16;
48 | typedef signed int INT32, *PINT32;
49 | typedef signed __int64 INT64, *PINT64;
50 |
51 | typedef unsigned int UINT, *PUINT;
52 | typedef unsigned char UINT8, *PUINT8;
53 | typedef unsigned short UINT16, *PUINT16;
54 | typedef unsigned int UINT32, *PUINT32;
55 | typedef unsigned __int64 UINT64, *PUINT64;
56 |
57 | typedef unsigned char BYTE, *PBYTE;
58 | typedef unsigned short WORD, *PWORD;
59 | typedef unsigned long DWORD, *PDWORD;
60 | typedef unsigned __int64 QWORD, *PQWORD;
61 |
62 | #ifndef _WCHAR_T_DEFINED
63 | #define _WCHAR_T_DEFINED
64 | typedef unsigned short wchar_t;
65 | #endif
66 |
67 | typedef char CHAR, *PCHAR;
68 | typedef wchar_t WCHAR, *PWCHAR;
69 | #ifdef _UNICODE
70 | typedef WCHAR TCHAR, *PTCHAR;
71 | #else
72 | typedef CHAR TCHAR, *PTCHAR;
73 | #endif
74 |
75 | typedef CHAR *PSTR;
76 | typedef WCHAR *PWSTR;
77 | typedef TCHAR *PTSTR;
78 | typedef const CHAR *PCSTR;
79 | typedef const WCHAR *PCWSTR;
80 | typedef const TCHAR *PCTSTR;
81 |
82 | typedef const VOID *PCVOID;
83 | typedef const BYTE *PCBYTE;
84 |
85 | #ifndef CONST
86 | #define CONST const
87 | #endif
88 |
89 | #ifndef STATIC
90 | #define STATIC static
91 | #endif
92 |
93 | #ifndef TEXT
94 | #ifdef _UNICODE
95 | #define TEXT(t) L##t
96 | #else
97 | #define TEXT(t) t
98 | #endif
99 | #endif
100 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
101 |
102 |
103 |
104 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
105 | // Const
106 | #ifndef TRUE
107 | #define TRUE 1
108 | #endif
109 |
110 | #ifndef FALSE
111 | #define FALSE 0
112 | #endif
113 |
114 | #ifndef NULL
115 | #define NULL 0
116 | #endif
117 |
118 | #ifndef MAX_STR
119 | #define MAX_STR 1024
120 | #endif
121 |
122 | #ifndef MAX_PATH
123 | #define MAX_PATH 260
124 | #endif
125 |
126 | #ifndef MAX_NAME
127 | #define MAX_NAME 80
128 | #endif
129 |
130 | #define UFILE_READ GENERIC_READ
131 | #define UFILE_WRITE GENERIC_WRITE
132 | #define UFILE_ALL GENERIC_ALL
133 | #define UFILE_APPEND (GENERIC_READ | GENERIC_WRITE)
134 |
135 | #define UFILE_BEGIN FILE_BEGIN
136 | #define UFILE_CURRENT FILE_CURRENT
137 | #define UFILE_END FILE_END
138 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
139 |
140 |
141 |
142 |
143 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
144 | // Define
145 | #ifndef UCALL
146 | #define UCALL WINAPI
147 | #endif
148 |
149 | #ifndef UAPI
150 | #define UAPI __inline
151 | #endif
152 |
153 | typedef SYSTEMTIME UTIME, *PUTIME;
154 | typedef DWORD (UCALL* UPROC)(PVOID pvParam);
155 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
156 |
157 |
158 |
159 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
160 | // Macro
161 | #define _NumOf(s) (sizeof(s) / sizeof(s[0]))
162 | #define _LenOf(s) (_NumOf(s) - 1)
163 | #define _Zero(p) UMemSet(p, 0, sizeof(*p))
164 | #define _Max(a, b) (((a) > (b)) ? (a) : (b))
165 | #define _Min(a, b) (((a) < (b)) ? (a) : (b))
166 |
167 | #define _SafeFree(p) if (p) {UMemFree(p); p = NULL;}
168 | #define _SafeDelete(p) if (p) {delete p; p = NULL;}
169 | #define _SafeRelease(p) if (p) {(p)->Release(); p = NULL;}
170 |
171 | #define _RectWidth(r) ((r).right - (r).left)
172 | #define _RectHeight(r) ((r).bottom - (r).top)
173 |
174 | #define _LoadStr(i, t) (LoadString(g_hInst, i, t, _NumOf(t)), t)
175 | #define _GetStr(i) _LoadStr(i, tzStr)
176 |
177 | #define _IsIntRes(r) ((((DWORD) (r)) >> 16) == 0)
178 | #define _MakeIntRes(i) ((PTSTR) ((DWORD) (i)))
179 |
180 | #ifdef __cplusplus
181 | template VOID _Swap(T& t1, T& t2) {T t; t = t1; t1 = t2; t2 = t;}
182 | #else
183 | #define _Swap(t1, t2, T) {T t; t = t1; t1 = t2; t2 = t;}
184 | #endif
185 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
186 |
187 |
188 |
189 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
190 | // String
191 | #ifdef _UNICODE
192 |
193 | #define UStrLen UWStrLen
194 | #define UStrCopy UWStrCopy
195 | #define UStrCopyN UWStrCopyN
196 | #define UStrCat UWStrCat
197 | #define UStrCmp UWStrCmp
198 | #define UStrCmpI UWStrCmpI
199 | #define UStrCmpN UWStrCmpN
200 | #define UStrCmpNI UWStrCmpNI
201 |
202 | #define UStrChr UWStrChr
203 | #define UStrRChr UWStrRChr
204 | #define UStrStr UWStrStr
205 | #define UStrStrI UWStrStrI
206 |
207 | #define UStrRep UWStrRep
208 | #define UStrToUpper UWStrToUpper
209 | #define UStrToLower UWStrToLower
210 | #define UStrToInt UWStrToInt
211 | #define UStrFromInt UWStrFromInt
212 | #define UStrPrint UWStrPrint
213 | #define UStrPrintV UWStrPrintV
214 |
215 | #define UStrToAStr(s, t, n) UWStrToAStr(s, t, n)
216 | #define UStrToWStr(w, t, n) UWStrCopyN(w, t, n)
217 | #define UAStrToStr(t, s, n) UAStrToWStr(t, s, n)
218 | #define UWStrToStr(t, w, n) UWStrCopyN(t, w, n)
219 |
220 | #else
221 |
222 | #define UStrLen UAStrLen
223 | #define UStrCopy UAStrCopy
224 | #define UStrCopyN UAStrCopyN
225 | #define UStrCat UAStrCat
226 | #define UStrCmp UAStrCmp
227 | #define UStrCmpI UAStrCmpI
228 | #define UStrCmpN UAStrCmpN
229 | #define UStrCmpNI UAStrCmpNI
230 |
231 | #define UStrChr UAStrChr
232 | #define UStrRChr UAStrRChr
233 | #define UStrStr UAStrStr
234 | #define UStrStrI UAStrStrI
235 |
236 | #define UStrRep UAStrRep
237 | #define UStrToUpper UAStrToUpper
238 | #define UStrToLower UAStrToLower
239 | #define UStrToInt UAStrToInt
240 | #define UStrFromInt UAStrFromInt
241 | #define UStrPrint UAStrPrint
242 | #define UStrPrintV UAStrPrintV
243 |
244 | #define UStrToAStr(s, t, n) UAStrCopyN(s, t, n)
245 | #define UStrToWStr(w, t, n) UAStrToWStr(w, t, n)
246 | #define UAStrToStr(t, s, n) UAStrCopyN(t, s, n)
247 | #define UWStrToStr(t, w, n) UWStrToAStr(t, w, n)
248 |
249 | #endif
250 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
251 |
252 |
253 |
254 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
255 | // Memory
256 | UAPI PVOID UMemAlloc(UINT uSize)
257 | {
258 | return malloc(uSize);
259 | }
260 |
261 | UAPI PVOID UMemRealloc(PVOID pvMem, UINT uSize)
262 | {
263 | return realloc(pvMem, uSize);
264 | }
265 |
266 | UAPI VOID UMemFree(PVOID pvMem)
267 | {
268 | free(pvMem);
269 | }
270 |
271 | UAPI PVOID UMemSet(PVOID pvMem, CHAR cVal, UINT uSize)
272 | {
273 | return memset(pvMem, cVal, uSize);
274 | }
275 |
276 | UAPI PVOID UMemCopy(PVOID pvDst, PCVOID pvSrc, UINT uSize)
277 | {
278 | return memcpy(pvDst, pvSrc, uSize);
279 | }
280 |
281 | UAPI PVOID UMemMove(PVOID pvDst, PCVOID pvSrc, UINT uSize)
282 | {
283 | return memmove(pvDst, pvSrc, uSize);
284 | }
285 |
286 | UAPI INT UMemCmp(PCVOID pvMem1, PCVOID pvMem2, UINT uSize)
287 | {
288 | return memcmp(pvMem1, pvMem2, uSize);
289 | }
290 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
291 |
292 |
293 |
294 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
295 | // Transformable string
296 | UAPI PWSTR UAStrToWStr(PWSTR pwzDst, PCSTR pszSrc, UINT uLen)
297 | {
298 | MultiByteToWideChar(CP_ACP, 0, pszSrc, -1, pwzDst, uLen);
299 | return pwzDst;
300 | }
301 |
302 | UAPI PSTR UWStrToAStr(PSTR pszDst, PCWSTR pwzSrc, UINT uLen)
303 | {
304 | WideCharToMultiByte(CP_ACP, 0,pwzSrc, -1, pszDst, uLen, NULL, NULL);
305 | return pszDst;
306 | }
307 |
308 | UAPI BOOL UChrIsNum(TCHAR c)
309 | {
310 | return (c >= '0') && (c <= '9');
311 | }
312 |
313 | UAPI BOOL UChrIsAlpha(TCHAR c)
314 | {
315 | return (c >= 'A') && (c <= 'Z') || (c >= 'a') && (c <= 'z');
316 | }
317 |
318 | UAPI TCHAR UChrToLower(TCHAR c)
319 | {
320 | return ((c >= 'A') && (c <= 'Z')) ? (c - 'A' + 'a') : c;
321 | }
322 |
323 | UAPI TCHAR UChrToUpper(TCHAR c)
324 | {
325 | return ((c >= 'a') && (c <= 'z')) ? (c + 'A' - 'a') : c;
326 | }
327 |
328 | UAPI BOOL UChrEqual(TCHAR c1, TCHAR c2)
329 | {
330 | return ((c1 == c2) || (c1 == c2 - 'A' + 'a') || (c1 == c2 + 'A' - 'a'));
331 | }
332 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
333 |
334 |
335 |
336 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
337 | // ANSI string*/
338 | UAPI UINT UAStrLen(PCSTR pszStr)
339 | {
340 | #ifdef _WINSTR
341 | return (UINT) lstrlenA(pszStr);
342 | #else
343 | return (UINT) strlen(pszStr);
344 | #endif
345 | }
346 |
347 | UAPI PSTR UAStrCopy(PSTR pszDst, PCSTR pszSrc)
348 | {
349 | #ifdef _WINSTR
350 | return lstrcpyA(pszDst, pszSrc);
351 | #else
352 | return strcpy(pszDst, pszSrc);
353 | #endif
354 | }
355 |
356 | UAPI PSTR UAStrCopyN(PSTR pszDst, PCSTR pszSrc, UINT uLen)
357 | {
358 | #ifdef _SHLSTR
359 | return StrCpyNA(pszDst, pszSrc, uLen);
360 | #else
361 | pszDst[--uLen] = 0;
362 | return strncpy(pszDst, pszSrc, uLen);
363 | #endif
364 | }
365 |
366 | UAPI PSTR UAStrCat(PSTR pszDst, PCSTR pszSrc)
367 | {
368 | #ifdef _WINSTR
369 | return lstrcatA(pszDst, pszSrc);
370 | #else
371 | return strcat(pszDst, pszSrc);
372 | #endif
373 | }
374 |
375 | UAPI INT UAStrCmp(PCSTR pszStr1, PCSTR pszStr2)
376 | {
377 | #ifdef _WINSTR
378 | return lstrcmpA(pszStr1, pszStr2);
379 | #else
380 | return strcmp(pszStr1, pszStr2);
381 | #endif
382 | }
383 |
384 | UAPI INT UAStrCmpI(PCSTR pszStr1, PCSTR pszStr2)
385 | {
386 | #ifdef _WINSTR
387 | return lstrcmpiA(pszStr1, pszStr2);
388 | #else
389 | return _stricmp(pszStr1, pszStr2);
390 | #endif
391 | }
392 |
393 | UAPI INT UAStrCmpN(PCSTR pszStr1, PCSTR pszStr2, UINT uLen)
394 | {
395 | #ifdef _SHLSTR
396 | return StrCmpNA(pszStr1, pszStr2, uLen);
397 | #else
398 | return strncmp(pszStr1, pszStr2, uLen);
399 | #endif
400 | }
401 |
402 | UAPI INT UAStrCmpNI(PCSTR pszStr1, PCSTR pszStr2, UINT uLen)
403 | {
404 | #ifdef _SHLSTR
405 | return StrCmpNIA(pszStr1, pszStr2, uLen);
406 | #else
407 | return _strnicmp(pszStr1, pszStr2, uLen);
408 | #endif
409 | }
410 |
411 | UAPI PSTR UAStrChr(PCSTR pszStr, CHAR cChr)
412 | {
413 | #ifdef _SHLSTR
414 | return (PSTR) StrChrA(pszStr, cChr);
415 | #else
416 | return (PSTR) strchr(pszStr, cChr);
417 | #endif
418 | }
419 |
420 | UAPI PSTR UAStrRChr(PCSTR pszStr, CHAR cChr)
421 | {
422 | #ifdef _SHLSTR
423 | return (PSTR) StrRChrA(pszStr, NULL, cChr);
424 | #else
425 | return (PSTR) strrchr(pszStr, cChr);
426 | #endif
427 | }
428 |
429 | UAPI PSTR UAStrStr(PCSTR pszStr1, PCSTR pszStr2)
430 | {
431 | #ifdef _SHLSTR
432 | return (PSTR) StrStrA(pszStr1, pszStr2);
433 | #else
434 | return (PSTR) strstr(pszStr1, pszStr2);
435 | #endif
436 | }
437 |
438 | UAPI PSTR UAStrStrI(PCSTR pszStr1, PCSTR pszStr2)
439 | {
440 | #ifdef _SHLSTR
441 | return StrStrIA(pszStr1, pszStr2);
442 | #else
443 | PSTR p = (PSTR) pszStr1;
444 | while (*p)
445 | {
446 | PSTR s1 = p;
447 | PSTR s2 = (PSTR) pszStr2;
448 |
449 | while (*s1 && *s2 && UChrEqual(*s1, *s2))
450 | {
451 | s1++;
452 | s2++;
453 | }
454 |
455 | if (*s2 == 0)
456 | {
457 | return p;
458 | }
459 |
460 | p++;
461 | }
462 | return NULL;
463 | #endif
464 | }
465 |
466 | UAPI PSTR UAStrRep(PSTR ptzStr, CHAR cFind, CHAR cRep)
467 | {
468 | PSTR p = ptzStr;
469 | for (; *p; p++)
470 | {
471 | if (*p == cFind)
472 | {
473 | *p = cRep;
474 | }
475 | }
476 | return ptzStr;
477 | }
478 |
479 | UAPI PSTR UAStrToUpper(PSTR pzStr)
480 | {
481 | #ifdef _WINSTR
482 | return CharUpperA(pzStr);
483 | #else
484 | return _strupr(pzStr);
485 | #endif
486 | }
487 |
488 | UAPI PSTR UAStrToLower(PSTR pzStr)
489 | {
490 | #ifdef _WINSTR
491 | return CharLowerA(pzStr);
492 | #else
493 | return _strlwr(pzStr);
494 | #endif
495 | }
496 |
497 | UAPI INT UAStrToInt(PCSTR pszStr)
498 | {
499 | #ifdef _SHLSTR
500 | INT i = 0;
501 | StrToIntExA(pszStr, STIF_SUPPORT_HEX, &i);
502 | return i;
503 | #else
504 | return atoi(pszStr);
505 | #endif
506 | }
507 |
508 | UAPI PSTR UAStrFromInt(PSTR pszDst, INT iVal)
509 | {
510 | #ifdef _WINSTR
511 | wsprintfA(pszDst, "%d", iVal);
512 | return pszDst;
513 | #else
514 | return _itoa(iVal, pszDst, 10);
515 | #endif
516 | }
517 |
518 | #ifdef _WINSTR
519 | #define UAStrPrint wsprintfA
520 | #define UAStrPrintV wvsprintfA
521 | #else
522 | #define UAStrPrint sprintf
523 | #define UAStrPrintV vsprintf
524 | #endif
525 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
526 |
527 |
528 |
529 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
530 | // Wide string
531 | UAPI UINT UWStrLen(PCWSTR pwzStr)
532 | {
533 | #ifdef _WINSTR
534 | return (UINT) lstrlenW(pwzStr);
535 | #else
536 | return (UINT) wcslen(pwzStr);
537 | #endif
538 | }
539 |
540 | UAPI PWSTR UWStrCopy(PWSTR pwzDst, PCWSTR pwzSrc)
541 | {
542 | #ifdef _WINSTR
543 | return lstrcpyW(pwzDst, pwzSrc);
544 | #else
545 | return wcscpy(pwzDst, pwzSrc);
546 | #endif
547 | }
548 |
549 | UAPI PWSTR UWStrCopyN(PWSTR pwzDst, PCWSTR pwzSrc, UINT uLen)
550 | {
551 | #ifdef _SHLSTR
552 | return StrCpyNW(pwzDst, pwzSrc, uLen);
553 | #else
554 | pwzDst[--uLen] = 0;
555 | return wcsncpy(pwzDst, pwzSrc, uLen);
556 | #endif
557 | }
558 |
559 | UAPI PWSTR UWStrCat(PWSTR pwzDst, PCWSTR pwzSrc)
560 | {
561 | #ifdef _WINSTR
562 | return lstrcatW(pwzDst, pwzSrc);
563 | #else
564 | return wcscat(pwzDst, pwzSrc);
565 | #endif
566 | }
567 |
568 | UAPI INT UWStrCmp(PCWSTR pwzStr1, PCWSTR pwzStr2)
569 | {
570 | #ifdef _WINSTR
571 | return lstrcmpW(pwzStr1, pwzStr2);
572 | #else
573 | return wcscmp(pwzStr1, pwzStr2);
574 | #endif
575 | }
576 |
577 | UAPI INT UWStrCmpI(PCWSTR pwzStr1, PCWSTR pwzStr2)
578 | {
579 | #ifdef _WINSTR
580 | return lstrcmpiW(pwzStr1, pwzStr2);
581 | #else
582 | return _wcsicmp(pwzStr1, pwzStr2);
583 | #endif
584 | }
585 |
586 | UAPI INT UWStrCmpN(PCWSTR pwzStr1, PCWSTR pwzStr2, UINT uLen)
587 | {
588 | #ifdef _SHLSTR
589 | return StrCmpNW(pwzStr1, pwzStr2, uLen);
590 | #else
591 | return wcsncmp(pwzStr1, pwzStr2, uLen);
592 | #endif
593 | }
594 |
595 | UAPI INT UWStrCmpNI(PCWSTR pwzStr1, PCWSTR pwzStr2, UINT uLen)
596 | {
597 | #ifdef _SHLSTR
598 | return StrCmpNIW(pwzStr1, pwzStr2, uLen);
599 | #else
600 | return _wcsnicmp(pwzStr1, pwzStr2, uLen);
601 | #endif
602 | }
603 |
604 | UAPI PWSTR UWStrChr(PCWSTR pwzStr, TCHAR wChr)
605 | {
606 | #ifdef _SHLSTR
607 | return (PWSTR) StrChrW(pwzStr, wChr);
608 | #else
609 | return (PWSTR) wcschr(pwzStr, wChr);
610 | #endif
611 | }
612 |
613 | UAPI PWSTR UWStrRChr(PCWSTR pwzStr, TCHAR wChr)
614 | {
615 | #ifdef _SHLSTR
616 | return (PWSTR) StrRChrW(pwzStr, NULL, wChr);
617 | #else
618 | return (PWSTR) wcsrchr(pwzStr, wChr);
619 | #endif
620 | }
621 |
622 | UAPI PWSTR UWStrStr(PCWSTR pwzStr1, PCWSTR pwzStr2)
623 | {
624 | #ifdef _SHLSTR
625 | return (PWSTR) StrStrW(pwzStr1, pwzStr2);
626 | #else
627 | return (PWSTR) wcsstr(pwzStr1, pwzStr2);
628 | #endif
629 | }
630 |
631 | UAPI PWSTR UWStrStrI(PCWSTR pwzStr1, PCWSTR pwzStr2)
632 | {
633 | #ifdef _SHLSTR
634 | return (PWSTR) StrStrIW(pwzStr1, pwzStr2);
635 | #else
636 | PWSTR p = (PWSTR) pwzStr1;
637 | while (*p)
638 | {
639 | PWSTR s1 = p;
640 | PWSTR s2 = (PWSTR) pwzStr2;
641 |
642 | while (*s1 && *s2 && UChrEqual((TCHAR) *s1, (TCHAR) *s2))
643 | {
644 | s1++;
645 | s2++;
646 | }
647 |
648 | if (*s2 == 0)
649 | {
650 | return p;
651 | }
652 |
653 | p++;
654 | }
655 | return NULL;
656 | #endif
657 | }
658 |
659 | UAPI PWSTR UWStrRep(PWSTR pwzStr, WCHAR wFind, WCHAR wRep)
660 | {
661 | PWSTR p = pwzStr;
662 | for (; *p; p++)
663 | {
664 | if (*p == wFind)
665 | {
666 | *p = wRep;
667 | }
668 | }
669 | return pwzStr;
670 | }
671 |
672 | UAPI PWSTR UWStrToUpper(PWSTR pwzStr)
673 | {
674 | #ifdef _WINSTR
675 | return CharUpperW(pwzStr);
676 | #else
677 | return _wcsupr(pwzStr);
678 | #endif
679 | }
680 |
681 | UAPI PWSTR UWStrToLower(PWSTR pwzStr)
682 | {
683 | #ifdef _WINSTR
684 | return CharLowerW(pwzStr);
685 | #else
686 | return _wcslwr(pwzStr);
687 | #endif
688 | }
689 |
690 | UAPI INT UWStrToInt(PCWSTR pwzStr)
691 | {
692 | #ifdef _SHLSTR
693 | INT i = 0;
694 | StrToIntExW(pwzStr, STIF_SUPPORT_HEX, &i);
695 | return i;
696 | #else
697 | return _wtoi(pwzStr);
698 | #endif
699 | }
700 |
701 | UAPI PWSTR UWStrFromInt(PWSTR pwzDst, INT iVal)
702 | {
703 | #ifdef _WINSTR
704 | wsprintfW(pwzDst, L"%d", iVal);
705 | return pwzDst;
706 | #else
707 | return _itow(iVal, pwzDst, 10);
708 | #endif
709 | }
710 |
711 | #ifdef _WINSTR
712 | #define UWStrPrint wsprintfW
713 | #define UWStrPrintV wvsprintfW
714 | #else
715 | #define UWStrPrint swprintf
716 | #define UWStrPrintV vswprintf
717 | #endif
718 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
719 |
720 |
721 |
722 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
723 | // File
724 | UAPI HANDLE UFileOpen(PCTSTR ptzPath, DWORD dwAccess)
725 | {
726 | DWORD dwCreate = (dwAccess == UFILE_WRITE) ? CREATE_ALWAYS : ((dwAccess == UFILE_APPEND) ? OPEN_ALWAYS : OPEN_EXISTING);
727 | HANDLE hFile = CreateFile(ptzPath, dwAccess, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, dwCreate, 0, NULL);
728 | if (hFile == INVALID_HANDLE_VALUE)
729 | {
730 | return NULL;
731 | }
732 | if (dwAccess == UFILE_APPEND)
733 | {
734 | SetFilePointer(hFile, 0, NULL, FILE_END);
735 | }
736 | return hFile;
737 | }
738 |
739 | UAPI BOOL UFileClose(HANDLE hFile)
740 | {
741 | return CloseHandle(hFile);
742 | }
743 |
744 | UAPI UINT UFileRead(HANDLE hFile, PVOID pvData, UINT uSize)
745 | {
746 | DWORD dwRead = 0;
747 | ReadFile(hFile, pvData, uSize, &dwRead, NULL);
748 | return dwRead;
749 | }
750 |
751 | UAPI UINT UFileWrite(HANDLE hFile, PCVOID pvData, UINT uSize)
752 | {
753 | DWORD dwWrite = 0;
754 | WriteFile(hFile, pvData, uSize, &dwWrite, NULL);
755 | return dwWrite;
756 | }
757 |
758 | UAPI UINT UFileSeek(HANDLE hFile, INT iOffset, DWORD dwOrigin)
759 | {
760 | return SetFilePointer(hFile, iOffset, NULL, dwOrigin);
761 | }
762 |
763 | UAPI UINT UFileTell(HANDLE hFile)
764 | {
765 | return UFileSeek(hFile, 0, UFILE_CURRENT);
766 | }
767 |
768 | UAPI UINT UFileGetSize(HANDLE hFile)
769 | {
770 | DWORD dwSize = GetFileSize(hFile, NULL);
771 | return (dwSize == INVALID_FILE_SIZE) ? 0 : dwSize;
772 | }
773 |
774 | UAPI BOOL UFileSetSize(HANDLE hFile, UINT uSize)
775 | {
776 | UFileSeek(hFile, uSize, FILE_CURRENT);
777 | return SetEndOfFile(hFile);
778 | }
779 |
780 | UAPI PVOID UFileLoad(PCTSTR ptzPath, PVOID pvData, PUINT puSize)
781 | {
782 | HANDLE hFile = UFileOpen(ptzPath, UFILE_READ);
783 | if (hFile)
784 | {
785 | UINT uSize = UFileGetSize(hFile);
786 | if (puSize)
787 | {
788 | if (*puSize > uSize)
789 | {
790 | *puSize = uSize;
791 | }
792 | }
793 | else
794 | {
795 | puSize = &uSize;
796 | }
797 | if (!pvData)
798 | {
799 | pvData = (PBYTE) UMemAlloc(uSize + 16);
800 | }
801 | if (pvData)
802 | {
803 | *puSize = UFileRead(hFile, pvData, *puSize);
804 | ((PBYTE) pvData)[uSize] = 0;
805 | ((PBYTE) pvData)[uSize + 1] = 0;
806 | }
807 | UFileClose(hFile);
808 | }
809 | return pvData;
810 | }
811 |
812 | UAPI UINT UFileSave(PCTSTR ptzPath, PCVOID pvData, UINT uSize, DWORD dwAccess)
813 | {
814 | UINT uResult = 0;
815 | HANDLE hFile = UFileOpen(ptzPath, dwAccess);
816 | if (hFile)
817 | {
818 | uResult = UFileWrite(hFile, pvData, uSize);
819 | UFileClose(hFile);
820 | }
821 | return uResult;
822 | }
823 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
824 |
825 |
826 |
827 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
828 | // File Management
829 | UAPI BOOL UFileDelete(PCTSTR ptzPath)
830 | {
831 | return DeleteFile(ptzPath);
832 | }
833 |
834 | UAPI BOOL UFileCopy(PCTSTR ptzPath, PCTSTR ptzNewPath)
835 | {
836 | return CopyFile(ptzPath, ptzNewPath, FALSE);
837 | }
838 |
839 | UAPI BOOL UFileMove(PCTSTR ptzPath, PCTSTR ptzNewPath)
840 | {
841 | return MoveFile(ptzPath, ptzNewPath);
842 | }
843 |
844 | UAPI BOOL UFileExist(PCTSTR ptzPath)
845 | {
846 | HANDLE hFile = UFileOpen(ptzPath, UFILE_READ);
847 | if (hFile)
848 | {
849 | UFileClose(hFile);
850 | return TRUE;
851 | }
852 | return FALSE;
853 | }
854 |
855 | UAPI BOOL UDirExist(PCTSTR ptzPath)
856 | {
857 | WIN32_FILE_ATTRIBUTE_DATA fa;
858 | return GetFileAttributesEx(ptzPath, GetFileExInfoStandard, &fa) && (fa.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY);
859 | }
860 |
861 | UAPI BOOL UDirCreate(PTSTR ptzDir)
862 | {
863 | for (PTSTR p = ptzDir; p = UStrChr(p, '\\'); *p++ = '\\')
864 | {
865 | *p = 0;
866 | if (!UDirExist(ptzDir))
867 | {
868 | CreateDirectory(ptzDir, NULL);
869 | }
870 | }
871 | return TRUE;
872 | }
873 |
874 | UAPI BOOL UDirDelete(PCTSTR ptzDir)
875 | {
876 | return RemoveDirectory(ptzDir);
877 | }
878 |
879 | UAPI PTSTR UDirMakePath(PTSTR ptzDir, PCTSTR ptzSub)
880 | {
881 | PTSTR p = UStrChr(ptzDir, 0);
882 | if (p[-1] != '\\')
883 | {
884 | *p++ = '\\';
885 | }
886 | UStrCopy(p, ptzSub);
887 | return ptzDir;
888 | }
889 |
890 | UAPI PTSTR UDirSplitPath(PTSTR ptzPath)
891 | {
892 | PTSTR p = UStrRChr(ptzPath, '\\');
893 | if (p)
894 | {
895 | *p = 0;
896 | return p + 1;
897 | }
898 |
899 | return ptzPath;
900 | }
901 |
902 | UAPI PTSTR UDirGetTemp(PTSTR ptzDir)
903 | {
904 | GetTempPath(MAX_PATH, ptzDir);
905 | return ptzDir;
906 | }
907 |
908 | UAPI PTSTR UDirGetAppPath(PTSTR ptzPath)
909 | {
910 | #ifdef WINCE
911 | extern HINSTANCE g_hInst;
912 | GetModuleFileName(g_hInst, ptzPath, MAX_PATH);
913 | #else
914 | MEMORY_BASIC_INFORMATION m = {0};
915 | VirtualQuery(UDirGetAppPath, &m, sizeof(MEMORY_BASIC_INFORMATION));
916 | GetModuleFileName((HMODULE) m.AllocationBase, ptzPath, MAX_PATH);
917 | #endif
918 | return ptzPath;
919 | }
920 |
921 | UAPI PTSTR UDirGetAppFile(PTSTR ptzPath, PCTSTR ptzFile)
922 | {
923 | PTSTR p;
924 | UDirGetAppPath(ptzPath);
925 | p = UStrRChr(ptzPath, '\\');
926 | if (p == NULL)
927 | {
928 | p = UStrChr(ptzPath, 0);
929 | }
930 | return UStrCopy(p + 1, ptzFile);
931 | }
932 |
933 | UAPI PTSTR UDirGetAppExt(PTSTR ptzPath, PCTSTR ptzExt)
934 | {
935 | PTSTR p;
936 | UDirGetAppPath(ptzPath);
937 | p = UStrRChr(ptzPath, '.');
938 | if (p == NULL)
939 | {
940 | p = UStrChr(ptzPath, 0);
941 | }
942 | return UStrCopy(p + 1, ptzExt);
943 | }
944 |
945 | UAPI PTSTR UDirGetCurrent(PTSTR ptzDir)
946 | {
947 | #ifdef GetCurrentDirectory
948 | GetCurrentDirectory(MAX_PATH, ptzDir);
949 | return ptzDir;
950 | #else
951 | UDirGetAppPath(ptzDir);
952 | return UDirSplitPath(ptzDir);
953 | #endif
954 | }
955 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
956 |
957 |
958 |
959 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
960 | // Thread
961 | UAPI HANDLE UThreadCreate(UPROC upProc, PVOID pvParam)
962 | {
963 | DWORD dwThread;
964 | return CreateThread(NULL, 0, upProc, pvParam, 0, &dwThread);
965 | }
966 |
967 | UAPI BOOL UThreadClose(HANDLE hThread)
968 | {
969 | return CloseHandle(hThread);
970 | }
971 |
972 | UAPI BOOL UThreadTerminate(HANDLE hThread)
973 | {
974 | return TerminateThread(hThread, 0);
975 | }
976 |
977 | UAPI BOOL UThreadSuspend(HANDLE hThread)
978 | {
979 | return SuspendThread(hThread);
980 | }
981 |
982 | UAPI BOOL UThreadResume(HANDLE hThread)
983 | {
984 | return ResumeThread(hThread);
985 | }
986 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
987 |
988 |
989 |
990 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
991 | // Misc
992 | UAPI UINT UGetRandom()
993 | {
994 | return rand();
995 | }
996 |
997 | UAPI VOID UGetTime(PUTIME pTime)
998 | {
999 | GetLocalTime(pTime);
1000 | }
1001 |
1002 | UAPI UINT UGetTimeStamp()
1003 | {
1004 | return GetTickCount();
1005 | }
1006 |
1007 | UAPI VOID UTrack(PCTSTR ptzFormat, ...)
1008 | {
1009 | DWORD i;
1010 | va_list va;
1011 | TCHAR tz[MAX_STR];
1012 |
1013 | va_start(va, ptzFormat);
1014 | i = UStrPrintV(tz, ptzFormat, va);
1015 | va_end(va);
1016 |
1017 | #if defined(_LOGFILE)
1018 | UFileSave(TEXT("UniDebug.txt"), tz, i * sizeof(TCHAR), UFILE_APPEND);
1019 | #elif defined(_LOGMSG)
1020 | MessageBox(NULL, tz, TEXT("UniDebug"), MB_ICONINFORMATION | MB_TOPMOST);
1021 | #elif defined(_LOGCON)
1022 | WriteConsole(GetStdHandle(STD_OUTPUT_HANDLE), tz, i, &i, NULL);
1023 | #else
1024 | OutputDebugString(tz);
1025 | #endif
1026 | }
1027 |
1028 | UAPI VOID UAssert(PCTSTR ptzExp, PCTSTR ptzFile, UINT uLine)
1029 | {
1030 | UINT i;
1031 | TCHAR tzText[MAX_STR];
1032 | TCHAR tzModule[MAX_PATH];
1033 |
1034 | UStrPrint(tzText,
1035 | TEXT("Assertion failed!\n\n")
1036 | TEXT("Program: %s\n")
1037 | TEXT("File: %s\n")
1038 | TEXT("Line: %d\n\n")
1039 | TEXT("Expression: %s\n\n")
1040 | TEXT("Press Retry to debug the application - JIT must be enabled"),
1041 | UDirGetAppPath(tzModule), ptzFile, uLine, ptzExp);
1042 |
1043 | i = MessageBox(NULL, tzText, TEXT("UniDebug"), MB_ICONERROR | MB_ABORTRETRYIGNORE);
1044 | if (i == IDABORT)
1045 | {
1046 | ExitProcess(0);
1047 | }
1048 | else if (i == IDRETRY)
1049 | {
1050 | DebugBreak();
1051 | }
1052 | }
1053 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1054 |
1055 |
1056 |
1057 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1058 | // Debug
1059 | #ifdef __FUNCTION__
1060 | #define __FUNCFILE__ TEXT(__FUNCTION__)
1061 | #else
1062 | #define __FUNCFILE__ TEXT(__FILE__)
1063 | #endif
1064 |
1065 | #ifdef __cplusplus
1066 | class CAutoTrack
1067 | {
1068 | private:
1069 | UINT m_uLine;
1070 | PCTSTR m_ptzName;
1071 | public:
1072 | CAutoTrack(PCTSTR ptzName, UINT uLine): m_uLine(uLine), m_ptzName(ptzName)
1073 | {
1074 | UTrack(TEXT("Enter %s:%u\r\n"), ptzName, uLine);
1075 | }
1076 | ~CAutoTrack()
1077 | {
1078 | UTrack(TEXT("Leave %s:%u\r\n"), m_ptzName, m_uLine);
1079 | }
1080 | };
1081 | #define __AutoTrack() CAutoTrack at(__FUNCFILE__, __LINE__)
1082 | #else
1083 | #define __AutoTrack() UTrack(TEXT("Track %s:%u\r\n"), __FUNCFILE__, __LINE__)
1084 | #endif
1085 |
1086 | #ifdef _DEBUG
1087 | #define _Track UTrack
1088 | #define _AutoTrack() __AutoTrack()
1089 | #define _LineTrack() UTrack(TEXT("Track %s:%u\r\n"), __FUNCFILE__, __LINE__)
1090 | #else
1091 | #define _Track
1092 | #define _AutoTrack()
1093 | #define _LineTrack()
1094 | #endif
1095 |
1096 | #ifdef _DEBUG
1097 | #define _Assert(e) (VOID) ((e) || (UAssert(TEXT(#e), TEXT(__FILE__), __LINE__), 0))
1098 | #else
1099 | #define _Assert(e) ((VOID) 0)
1100 | #endif
1101 | ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1102 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # pecmd-decrypt
2 |
3 | 解密 mdyblog 版 pecmd 加密的 pecmd.ini。
4 |
5 | ## 原理
6 |
7 | 其实准确说“解密”无关,目前之所以没有破解只是因为算法没公开,我也没有去研究它的算法,
8 | 反正不管怎样,最后肯定要解出来才能执行,所以我在执行的地方替换了它调用的系统 API,从 API 参数里面拿到了解出来的脚本。
9 |
10 | pecmd 执行每一行的时候会将其转为 unicode 编码,会调用 `MultiByteToWideChar` 这个 API,只要 hook 这个 API,从 `lpMultiByteStr` 参数得到传入的多字节字符串,过滤一下就可以得到原始内容。
11 |
12 | 用 [detours](http://research.microsoft.com/en-us/projects/detours/) 可以很方便地达到这个目的:
13 |
14 | 1. 编写一个 dll,实现一个新的 `MultiByteToWideChar` 函数,在 DllMain 里面使用 detours 替换原来的函数;
15 | 2. 编写一个加载器,使用 detours 启动 pecmd 进程,并注入我们的 dll。
16 |
17 | ## 说明
18 |
19 | 理论上此方法适用于使用所有加密方式加密的 ini,不限于 CMPS/CMPA。
20 |
21 | 用什么版本的 pecmd.exe 其实无所谓,但是最近的 m 版 pecmd,启动时会执行一个内置脚本,这个脚本的内容也会出现在生成的 ini 文件中,为了避免混在一起无法区分,请使用不会执行内置脚本的 pecmd。
22 | 判断方法:用一个没有加密的脚本去跑,如果解出来是一样的,那么就不会执行内置脚本。
23 |
24 | ## 步骤
25 |
26 | 本人比较懒,所以直接发布简陋的命令行工具,没有做成 GUI 工具。**以下步骤在 PE 下进行**。
27 |
28 | 1. 先得到加密的 pecmd.ini,如果内置于 pecmd.exe,请用 res hacker 提取;
29 | 2. 找一个不会执行内置脚本的 pecmd.exe,32/64 位其实无所谓,只要 PE 能运行就可以;
30 | 3. 下载 [pecmd-decrypt](https://github.com/liberize/pecmd-decrypt/releases),使用与 pecmd.exe 对应的版本,比如 pecmd.exe 是 64 位的就使用 x64 文件夹中的版本;
31 | 4. 将 1、2 里面的 pecmd.exe 和 pecmd.ini 放在 x86/x64 这个目录下;
32 | 5. 打开终端,运行 `DetourHook.exe "pecmd.exe pecmd.ini" DetourHookDll.dll`;
33 | 6. 在当前目录生成 original.ini,便是解密后的 pecmd.ini。
34 |
--------------------------------------------------------------------------------