[
{
"path": ".gitignore",
"content": ".vs/\n.vscode/\n\nRelease/\n"
},
{
"path": "HookSigntool.sln",
"content": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio Version 16\r\nVisualStudioVersion = 16.0.29306.81\r\nMinimumVisualStudioVersion = 10.0.40219.1\r\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"HookSigntool\", \"HookSigntool.vcxproj\", \"{E3ACE1E9-7437-4DA6-8B12-1A9A1870AF33}\"\r\nEndProject\r\nGlobal\r\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\r\n\t\tRelease|x86 = Release|x86\r\n\tEndGlobalSection\r\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\r\n\t\t{E3ACE1E9-7437-4DA6-8B12-1A9A1870AF33}.Release|x86.ActiveCfg = Release|Win32\r\n\t\t{E3ACE1E9-7437-4DA6-8B12-1A9A1870AF33}.Release|x86.Build.0 = Release|Win32\r\n\tEndGlobalSection\r\n\tGlobalSection(SolutionProperties) = preSolution\r\n\t\tHideSolutionNode = FALSE\r\n\tEndGlobalSection\r\n\tGlobalSection(ExtensibilityGlobals) = postSolution\r\n\t\tSolutionGuid = {8E08657D-FDF4-4C23-87B8-23026AD83104}\r\n\tEndGlobalSection\r\nEndGlobal\r\n"
},
{
"path": "HookSigntool.vcxproj",
"content": "\r\n\r\n \r\n \r\n Release\r\n Win32\r\n \r\n \r\n \r\n 15.0\r\n {E3ACE1E9-7437-4DA6-8B12-1A9A1870AF33}\r\n HookSigntool\r\n 10.0\r\n \r\n \r\n \r\n DynamicLibrary\r\n false\r\n v142\r\n true\r\n MultiByte\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n include;$(VC_IncludePath);$(WindowsSDK_IncludePath);\r\n lib;$(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\\um\\x86\r\n \r\n \r\n \r\n Level3\r\n MaxSpeed\r\n true\r\n true\r\n true\r\n true\r\n \r\n \r\n true\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n"
},
{
"path": "HookSigntool.vcxproj.filters",
"content": "\r\n\r\n \r\n \r\n {4FC737F1-C7A5-4376-A066-2A32D752A2FF}\r\n cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx\r\n \r\n \r\n {93995380-89BD-4b04-88EB-625FBE52EBFB}\r\n h;hh;hpp;hxx;hm;inl;inc;ipp;xsd\r\n \r\n \r\n {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}\r\n rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms\r\n \r\n \r\n \r\n \r\n 源文件\r\n \r\n \r\n \r\n \r\n 头文件\r\n \r\n \r\n 头文件\r\n \r\n \r\n 头文件\r\n \r\n \r\n 头文件\r\n \r\n \r\n"
},
{
"path": "HookSigntool.vcxproj.user",
"content": "\r\n\r\n \r\n"
},
{
"path": "README.md",
"content": "# HookSigntool\n## 简介\n本项目编译结果为`HookSigntool.dll`,用于亚洲诚信数字签名工具(或其他类似的签名工具,如天威诚信代码签名证书助手,沃通代码签名工具,环玺信息数字签名工具等等)它的作用如下:\n1. Hook数字签名工具对证书有效期的判断,无需修改系统的时间,即可用过期的证书进行数字签名。\r\n2. 增加自建的时间戳服务器,配合过期证书使用,伪造证书有效期内的时间戳签名,使得整个签名能被验证。(此功能需要修改数字签名工具本身)\r\n\r\n## 原理\r\n编译出的`HookSigntool.dll`通过微软的Detours库Hook了签名工具的函数调用以达到目的\r\n总共Hook了6个函数:\r\n1. [crypt32.dll!CertVerifyTimeValidity](https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifytimevalidity) 返回值改为0,让签名工具误以为所有证书都在有效期内,以便在不修改系统时间的情况下用过期证书签名。\r\n2. [mssign32!SignerSign](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signersign) 传入参数 pwszHttpTimeStamp 修改为自建时间戳地址(自建时间戳接受地址中设定的时间,用以伪造签名)\r\n3. [mssign32!SignerTimeStamp](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signertimestamp) 同上\r\n4. [mssign32!SignerTimeStampEx2](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex2) 同上\r\n5. [mssign32!SignerTimeStampEx3](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex3) 同上 (此函数在 Windows 7 上不存在)\r\n6. [kernel32.dll!GetLocalTime](https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlocaltime) 返回值根据配置文件修改,对于程序功能无影响。\r\n\r\n## 用法\r\n这个`dll`有两种设置方法,一种是`ini`文件,另一种是命令行参数\r\n### 时间表示方法\r\n本程序所用的时间表示方法为SimpleDateFormat,即格式为 `yyyy-MM-dd'T'HH:mm:ss` 的UTC时间\r\n北京时间是UTC+8,所以时间需要减掉8小时才能变成UTC时间\r\n举几个例子:\r\n北京时间 `2011-04-01 08:00:00`,表示为 `2011-04-01T00:00:00`\r\n北京时间 `2019-03-10 10:25:34`,表示为 `2019-03-10T02:25:34`\r\n### ini文件\r\n程序默认使用同目录下的`hook.ini`,当然,也可以通过命令行参数`-config`指定其他`ini`文件\r\n```\r\n;[Timestamp]Section中设置SignerTimeStamp的参数\r\n;本处设置的是时间戳签名伪造的默认时间(SimpleDateFormat)\r\n;可以通过命令行 -ts 参数传递替换的Timestamp\r\n[Timestamp]\r\nTimestamp=2011-04-01T00:00:00\r\n\r\n;[Time]Section中设置GetLocalTime的返回值\r\n;本处设置的时间不判断证书有效期,也不是时间戳时间,仅仅影响证书管理界面的证书颜色(到期天数)\r\n;如需设置,请请删除注释分号\r\n[Time]\r\n;Year=2011\r\n;Month=4\r\n;Day=1\r\n;Hour=0\r\n;Minute=0\r\n;Second=0\r\n```\r\n### 命令行参数\r\n向数字签名工具的`exe`文件传递启动参数(如亚洲诚信数字签名工具,则是对`DSigntool.exe`传递参数)\r\n#### -config\r\n指定一个如上描述的`ini`文件的位置(相对路径或绝对路径),比如:\r\n```\r\nDSigntool.exe -config hook.ini\r\nDSigntool.exe -config ../another.ini\r\nDSigntool.exe -config D:\\Signtool\\config.ini\r\n```\r\n#### -ts\r\n指定时间戳需要伪造的签名时间,用SimpleDateFormat表示\r\n`-ts`传递的时间优先级高于`ini`文件中配置的时间,因此`-ts`和`-config`参数同时存在时,程序使用`-ts`的时间\r\n```\r\nDSigntool.exe -ts 2011-04-01T00:00:00\r\nDSigntool.exe -ts 2019-03-10T02:25:34\r\n```\r\n### 快捷方式\r\n由于有命令行参数启动这种方式,所以可以通过lnk快捷方式启动数字签名工具,来达到修改时间戳日期的功能。\r\n编辑指向数字签名工具的lnk快捷方式,在目标后面加上`-ts`参数即可。例如:\r\n```\r\n目标 \"C:\\Program Files (x86)\\DSignTool\\DSignTool.exe\" -ts 2015-04-01T00:00:00\r\n起始位置 \"C:\\Program Files (x86)\\DSignTool\"\r\n```\r\n通过这个lnk启动的数字签名工具就被设定了时间戳日期。\r\n也可以根据需要制作多个不同的快捷方式,设定不同的时间。\r\n\r\n## 编译\r\n编译环境:Visual Studio 2019 (生成工具v142)\r\n\r\n依赖库:[Detours](https://github.com/Microsoft/Detours)库\r\n\r\n编译步骤:\r\n1. 下载微软Detours库 https://www.microsoft.com/en-us/download/details.aspx?id=52586 并解压缩\r\n2. 开始菜单中打开`x86 Native Tools Command Prompt for VS 2019`,进入解压缩的Detours目录,运行`nmake`,编译出x86的lib (x64无需编译)\r\n3. 将Detours目录下`include`,`lib.X86`目录下的文件复制到 `C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Enterprise\\VC\\Tools\\MSVC\\{Version}`目录的`include`,`lib\\x86`子目录中,完成Detours的安装\r\n4. 打开项目文件`HookSigntool.sln`解决方案配置为Release,直接编译即可。\r\n\r\n## 修改数字签名工具\r\n想要数字签名工具加载`HookSigntool.dll`则需要用LordPE等工具修改这个`exe`的导入表,向导入表添加`HookSigntool.dll!attach`\r\n### 绕过证书有效期验证\r\n这个比较容易,只要签名工具加载了本`dll`,无需任何操作即可成功。\r\n### 添加自定义时间戳\r\n需要将软件内置的时间戳地址替换为特殊标记(包括`http://`部分整个替换)\r\n一般是用十六进制编辑器直接找到字符串进行替换,原字符串的多余长度用 0x00 填充\r\nSHA1的时间戳地址整个替换为 `{CustomTimestampMarker-SHA1}`\r\nSHA256的时间戳地址整个替换为 `{CustomTimestampMarker-SHA256}`\r\n这个标记与时间戳协议无关,无论是Authenticode还是RFC3161都相同\r\ndll会特异性识别这个标记,自动将它修改为时间戳地址\r\n\r\n## 关于时间戳服务器\r\n时间戳服务器是我自己编写搭建的,域名是 `timestamp.pki.jemmylovejenny.tk`\r\n根证书由我自己签发,时间戳有两条证书链,分别为SHA1和SHA256\r\n以当前时间签名时,服务器地址是`http://timestamp.pki.jemmylovejenny.tk/SHA1/`和`http://timestamp.pki.jemmylovejenny.tk/SHA256/`\r\n伪造任意时间的时间戳签名时,服务器地址在以上基础上加上SimpleDateFormat表示的时间,例如:\r\n```\r\nhttp://timestamp.pki.jemmylovejenny.tk/SHA1/2011-04-01T00:00:00\r\nhttp://timestamp.pki.jemmylovejenny.tk/SHA256/2019-03-10T02:25:34\r\n```\r\nAuthenticode和RFC3161协议的地址都是相同的,服务器会根据请求的不同自动识别并处理。\r\n域名中的`timestamp`可以简写为`tsa`,即`tsa.pki.jemmylovejenny.tk`\r\n### 配合微软signtool使用\r\n首先将程序签好名(不带时间戳),假设有N个签名\r\n那么对于第一个签名打时间戳:`signtool timestamp /t \"\" `\r\n对于之后的任意个签名打时间戳:`signtool timestamp /tp /tr \"\" `\r\n其中`URL`为时间戳服务器地址,`index`从1开始递增,例如:\r\n```\r\nsigntool timestamp /t \"http://tsa.pki.jemmylovejenny.tk/SHA1/2011-04-01T00:00:00\" test.exe\r\nsigntool timestamp /tp 1 /tr \"http://tsa.pki.jemmylovejenny.tk/SHA256/2011-04-01T00:00:00\" test.exe\r\n```\r\n\r\n## 关于驱动签名\r\n根据微软的最新签名策略 https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later- \r\n\r\n任何有`Microsoft Code Verification Root`交叉签名,且颁发日期在2015-07-29以前的代码签名证书,配合伪造的时间戳签名,可以生成一个在任意Windows版本下都有效的驱动签名。\r\n\r\n因此,采用泄露的证书,信任自建时间戳根证书,就可以在WinXP~Win10(SecureBoot Enabled)任意版本成功加载驱动。\r\n\r\n## 关于我的自建PKI\r\n我的自建PKI根证书为`JemmyLoveJenny EV Root CA`,我使用的所有自签名证书都由它颁发。\r\n本程序使用的自建时间戳服务器的证书也不例外,因此想要时间戳受信,需要手动信任这个根证书。\r\n更多信息请访问`https://pki.jemmylovejenny.tk/`"
},
{
"path": "include/detours.h",
"content": "/////////////////////////////////////////////////////////////////////////////\r\n//\r\n// Core Detours Functionality (detours.h of detours.lib)\r\n//\r\n// Microsoft Research Detours Package, Version 3.0 Build_343.\r\n//\r\n// Copyright (c) Microsoft Corporation. All rights reserved.\r\n//\r\n\r\n#pragma once\r\n#ifndef _DETOURS_H_\r\n#define _DETOURS_H_\r\n\r\n#define DETOURS_VERSION 30001 // 3.00.01\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n\r\n#undef DETOURS_X64\r\n#undef DETOURS_X86\r\n#undef DETOURS_IA64\r\n#undef DETOURS_ARM\r\n#undef DETOURS_ARM64\r\n#undef DETOURS_BITS\r\n#undef DETOURS_32BIT\r\n#undef DETOURS_64BIT\r\n\r\n#if defined(_X86_)\r\n#define DETOURS_X86\r\n#define DETOURS_OPTION_BITS 64\r\n\r\n#elif defined(_AMD64_)\r\n#define DETOURS_X64\r\n#define DETOURS_OPTION_BITS 32\r\n\r\n#elif defined(_IA64_)\r\n#define DETOURS_IA64\r\n#define DETOURS_OPTION_BITS 32\r\n\r\n#elif defined(_ARM_)\r\n#define DETOURS_ARM\r\n\r\n#elif defined(_ARM64_)\r\n#define DETOURS_ARM64\r\n\r\n#else\r\n#error Unknown architecture (x86, amd64, ia64, arm, arm64)\r\n#endif\r\n\r\n#ifdef _WIN64\r\n#undef DETOURS_32BIT\r\n#define DETOURS_64BIT 1\r\n#define DETOURS_BITS 64\r\n// If all 64bit kernels can run one and only one 32bit architecture.\r\n//#define DETOURS_OPTION_BITS 32\r\n#else\r\n#define DETOURS_32BIT 1\r\n#undef DETOURS_64BIT\r\n#define DETOURS_BITS 32\r\n// If all 64bit kernels can run one and only one 32bit architecture.\r\n//#define DETOURS_OPTION_BITS 32\r\n#endif\r\n\r\n#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS)\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n\r\n#if (_MSC_VER < 1299)\r\ntypedef LONG LONG_PTR;\r\ntypedef ULONG ULONG_PTR;\r\n#endif\r\n\r\n///////////////////////////////////////////////// SAL 2.0 Annotations w/o SAL.\r\n//\r\n// These definitions are include so that Detours will build even if the\r\n// compiler doesn't have full SAL 2.0 support.\r\n//\r\n#ifndef DETOURS_DONT_REMOVE_SAL_20\r\n\r\n#ifdef DETOURS_TEST_REMOVE_SAL_20\r\n#undef _Analysis_assume_\r\n#undef _Benign_race_begin_\r\n#undef _Benign_race_end_\r\n#undef _Field_range_\r\n#undef _Field_size_\r\n#undef _In_\r\n#undef _In_bytecount_\r\n#undef _In_count_\r\n#undef _In_opt_\r\n#undef _In_opt_bytecount_\r\n#undef _In_opt_count_\r\n#undef _In_opt_z_\r\n#undef _In_range_\r\n#undef _In_reads_\r\n#undef _In_reads_bytes_\r\n#undef _In_reads_opt_\r\n#undef _In_reads_opt_bytes_\r\n#undef _In_reads_or_z_\r\n#undef _In_z_\r\n#undef _Inout_\r\n#undef _Inout_opt_\r\n#undef _Inout_z_count_\r\n#undef _Out_\r\n#undef _Out_opt_\r\n#undef _Out_writes_\r\n#undef _Outptr_result_maybenull_\r\n#undef _Readable_bytes_\r\n#undef _Success_\r\n#undef _Writable_bytes_\r\n#undef _Pre_notnull_\r\n#endif\r\n\r\n#if defined(_Deref_out_opt_z_) && !defined(_Outptr_result_maybenull_)\r\n#define _Outptr_result_maybenull_ _Deref_out_opt_z_\r\n#endif\r\n\r\n#if defined(_In_count_) && !defined(_In_reads_)\r\n#define _In_reads_(x) _In_count_(x)\r\n#endif\r\n\r\n#if defined(_In_opt_count_) && !defined(_In_reads_opt_)\r\n#define _In_reads_opt_(x) _In_opt_count_(x)\r\n#endif\r\n\r\n#if defined(_In_opt_bytecount_) && !defined(_In_reads_opt_bytes_)\r\n#define _In_reads_opt_bytes_(x) _In_opt_bytecount_(x)\r\n#endif\r\n\r\n#if defined(_In_bytecount_) && !defined(_In_reads_bytes_)\r\n#define _In_reads_bytes_(x) _In_bytecount_(x)\r\n#endif\r\n\r\n#ifndef _In_\r\n#define _In_\r\n#endif\r\n\r\n#ifndef _In_bytecount_\r\n#define _In_bytecount_(x)\r\n#endif\r\n\r\n#ifndef _In_count_\r\n#define _In_count_(x)\r\n#endif\r\n\r\n#ifndef _In_opt_\r\n#define _In_opt_\r\n#endif\r\n\r\n#ifndef _In_opt_bytecount_\r\n#define _In_opt_bytecount_(x)\r\n#endif\r\n\r\n#ifndef _In_opt_count_\r\n#define _In_opt_count_(x)\r\n#endif\r\n\r\n#ifndef _In_opt_z_\r\n#define _In_opt_z_\r\n#endif\r\n\r\n#ifndef _In_range_\r\n#define _In_range_(x,y)\r\n#endif\r\n\r\n#ifndef _In_reads_\r\n#define _In_reads_(x)\r\n#endif\r\n\r\n#ifndef _In_reads_bytes_\r\n#define _In_reads_bytes_(x)\r\n#endif\r\n\r\n#ifndef _In_reads_opt_\r\n#define _In_reads_opt_(x)\r\n#endif\r\n\r\n#ifndef _In_reads_opt_bytes_\r\n#define _In_reads_opt_bytes_(x)\r\n#endif\r\n\r\n#ifndef _In_reads_or_z_\r\n#define _In_reads_or_z_\r\n#endif\r\n\r\n#ifndef _In_z_\r\n#define _In_z_\r\n#endif\r\n\r\n#ifndef _Inout_\r\n#define _Inout_\r\n#endif\r\n\r\n#ifndef _Inout_opt_\r\n#define _Inout_opt_\r\n#endif\r\n\r\n#ifndef _Inout_z_count_\r\n#define _Inout_z_count_(x)\r\n#endif\r\n\r\n#ifndef _Out_\r\n#define _Out_\r\n#endif\r\n\r\n#ifndef _Out_opt_\r\n#define _Out_opt_\r\n#endif\r\n\r\n#ifndef _Out_writes_\r\n#define _Out_writes_(x)\r\n#endif\r\n\r\n#ifndef _Outptr_result_maybenull_\r\n#define _Outptr_result_maybenull_\r\n#endif\r\n\r\n#ifndef _Writable_bytes_\r\n#define _Writable_bytes_(x)\r\n#endif\r\n\r\n#ifndef _Readable_bytes_\r\n#define _Readable_bytes_(x)\r\n#endif\r\n\r\n#ifndef _Success_\r\n#define _Success_(x)\r\n#endif\r\n\r\n#ifndef _Pre_notnull_\r\n#define _Pre_notnull_\r\n#endif\r\n\r\n#ifdef DETOURS_INTERNAL\r\n\r\n#pragma warning(disable:4615) // unknown warning type (suppress with older compilers)\r\n\r\n#ifndef _Benign_race_begin_\r\n#define _Benign_race_begin_\r\n#endif\r\n\r\n#ifndef _Benign_race_end_\r\n#define _Benign_race_end_\r\n#endif\r\n\r\n#ifndef _Field_size_\r\n#define _Field_size_(x)\r\n#endif\r\n\r\n#ifndef _Field_range_\r\n#define _Field_range_(x,y)\r\n#endif\r\n\r\n#ifndef _Analysis_assume_\r\n#define _Analysis_assume_(x)\r\n#endif\r\n\r\n#endif // DETOURS_INTERNAL\r\n#endif // DETOURS_DONT_REMOVE_SAL_20\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n#ifndef GUID_DEFINED\r\n#define GUID_DEFINED\r\ntypedef struct _GUID\r\n{\r\n DWORD Data1;\r\n WORD Data2;\r\n WORD Data3;\r\n BYTE Data4[ 8 ];\r\n} GUID;\r\n\r\n#ifdef INITGUID\r\n#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \\\r\n const GUID name \\\r\n = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }\r\n#else\r\n#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \\\r\n const GUID name\r\n#endif // INITGUID\r\n#endif // !GUID_DEFINED\r\n\r\n#if defined(__cplusplus)\r\n#ifndef _REFGUID_DEFINED\r\n#define _REFGUID_DEFINED\r\n#define REFGUID const GUID &\r\n#endif // !_REFGUID_DEFINED\r\n#else // !__cplusplus\r\n#ifndef _REFGUID_DEFINED\r\n#define _REFGUID_DEFINED\r\n#define REFGUID const GUID * const\r\n#endif // !_REFGUID_DEFINED\r\n#endif // !__cplusplus\r\n\r\n#ifndef ARRAYSIZE\r\n#define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0]))\r\n#endif\r\n\r\n//\r\n//////////////////////////////////////////////////////////////////////////////\r\n\r\n#ifdef __cplusplus\r\nextern \"C\" {\r\n#endif // __cplusplus\r\n\r\n/////////////////////////////////////////////////// Instruction Target Macros.\r\n//\r\n#define DETOUR_INSTRUCTION_TARGET_NONE ((PVOID)0)\r\n#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PVOID)(LONG_PTR)-1)\r\n#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // \"Dtr\\0\"\r\n\r\nextern const GUID DETOUR_EXE_RESTORE_GUID;\r\nextern const GUID DETOUR_EXE_HELPER_GUID;\r\n\r\n#define DETOUR_TRAMPOLINE_SIGNATURE 0x21727444 // Dtr!\r\ntypedef struct _DETOUR_TRAMPOLINE DETOUR_TRAMPOLINE, *PDETOUR_TRAMPOLINE;\r\n\r\n/////////////////////////////////////////////////////////// Binary Structures.\r\n//\r\n#pragma pack(push, 8)\r\ntypedef struct _DETOUR_SECTION_HEADER\r\n{\r\n DWORD cbHeaderSize;\r\n DWORD nSignature;\r\n DWORD nDataOffset;\r\n DWORD cbDataSize;\r\n\r\n DWORD nOriginalImportVirtualAddress;\r\n DWORD nOriginalImportSize;\r\n DWORD nOriginalBoundImportVirtualAddress;\r\n DWORD nOriginalBoundImportSize;\r\n\r\n DWORD nOriginalIatVirtualAddress;\r\n DWORD nOriginalIatSize;\r\n DWORD nOriginalSizeOfImage;\r\n DWORD cbPrePE;\r\n\r\n DWORD nOriginalClrFlags;\r\n DWORD reserved1;\r\n DWORD reserved2;\r\n DWORD reserved3;\r\n\r\n // Followed by cbPrePE bytes of data.\r\n} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;\r\n\r\ntypedef struct _DETOUR_SECTION_RECORD\r\n{\r\n DWORD cbBytes;\r\n DWORD nReserved;\r\n GUID guid;\r\n} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;\r\n\r\ntypedef struct _DETOUR_CLR_HEADER\r\n{\r\n // Header versioning\r\n ULONG cb;\r\n USHORT MajorRuntimeVersion;\r\n USHORT MinorRuntimeVersion;\r\n\r\n // Symbol table and startup information\r\n IMAGE_DATA_DIRECTORY MetaData;\r\n ULONG Flags;\r\n\r\n // Followed by the rest of the IMAGE_COR20_HEADER\r\n} DETOUR_CLR_HEADER, *PDETOUR_CLR_HEADER;\r\n\r\ntypedef struct _DETOUR_EXE_RESTORE\r\n{\r\n DWORD cb;\r\n DWORD cbidh;\r\n DWORD cbinh;\r\n DWORD cbclr;\r\n\r\n PBYTE pidh;\r\n PBYTE pinh;\r\n PBYTE pclr;\r\n\r\n IMAGE_DOS_HEADER idh;\r\n union {\r\n IMAGE_NT_HEADERS inh;\r\n IMAGE_NT_HEADERS32 inh32;\r\n IMAGE_NT_HEADERS64 inh64;\r\n BYTE raw[sizeof(IMAGE_NT_HEADERS64) +\r\n sizeof(IMAGE_SECTION_HEADER) * 32];\r\n };\r\n DETOUR_CLR_HEADER clr;\r\n\r\n} DETOUR_EXE_RESTORE, *PDETOUR_EXE_RESTORE;\r\n\r\ntypedef struct _DETOUR_EXE_HELPER\r\n{\r\n DWORD cb;\r\n DWORD pid;\r\n DWORD nDlls;\r\n CHAR rDlls[4];\r\n} DETOUR_EXE_HELPER, *PDETOUR_EXE_HELPER;\r\n\r\n#pragma pack(pop)\r\n\r\n#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \\\r\n{ \\\r\n sizeof(DETOUR_SECTION_HEADER),\\\r\n DETOUR_SECTION_HEADER_SIGNATURE,\\\r\n sizeof(DETOUR_SECTION_HEADER),\\\r\n (cbSectionSize),\\\r\n \\\r\n 0,\\\r\n 0,\\\r\n 0,\\\r\n 0,\\\r\n \\\r\n 0,\\\r\n 0,\\\r\n 0,\\\r\n 0,\\\r\n}\r\n\r\n/////////////////////////////////////////////////////////////// Helper Macros.\r\n//\r\n#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)\r\n#define DETOURS_STRINGIFY_(x) #x\r\n\r\n///////////////////////////////////////////////////////////// Binary Typedefs.\r\n//\r\ntypedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(\r\n _In_opt_ PVOID pContext,\r\n _In_opt_ LPCSTR pszFile,\r\n _Outptr_result_maybenull_ LPCSTR *ppszOutFile);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(\r\n _In_opt_ PVOID pContext,\r\n _In_ LPCSTR pszOrigFile,\r\n _In_ LPCSTR pszFile,\r\n _Outptr_result_maybenull_ LPCSTR *ppszOutFile);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(\r\n _In_opt_ PVOID pContext,\r\n _In_ ULONG nOrigOrdinal,\r\n _In_ ULONG nOrdinal,\r\n _Out_ ULONG *pnOutOrdinal,\r\n _In_opt_ LPCSTR pszOrigSymbol,\r\n _In_opt_ LPCSTR pszSymbol,\r\n _Outptr_result_maybenull_ LPCSTR *ppszOutSymbol);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_BINARY_COMMIT_CALLBACK)(\r\n _In_opt_ PVOID pContext);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_ENUMERATE_EXPORT_CALLBACK)(_In_opt_ PVOID pContext,\r\n _In_ ULONG nOrdinal,\r\n _In_opt_ LPCSTR pszName,\r\n _In_opt_ PVOID pCode);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FILE_CALLBACK)(_In_opt_ PVOID pContext,\r\n _In_opt_ HMODULE hModule,\r\n _In_opt_ LPCSTR pszFile);\r\n\r\ntypedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK)(_In_opt_ PVOID pContext,\r\n _In_ DWORD nOrdinal,\r\n _In_opt_ LPCSTR pszFunc,\r\n _In_opt_ PVOID pvFunc);\r\n\r\n// Same as PF_DETOUR_IMPORT_FUNC_CALLBACK but extra indirection on last parameter.\r\ntypedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK_EX)(_In_opt_ PVOID pContext,\r\n _In_ DWORD nOrdinal,\r\n _In_opt_ LPCSTR pszFunc,\r\n _In_opt_ PVOID* ppvFunc);\r\n\r\ntypedef VOID * PDETOUR_BINARY;\r\ntypedef VOID * PDETOUR_LOADED_BINARY;\r\n\r\n//////////////////////////////////////////////////////////// Transaction APIs.\r\n//\r\nLONG WINAPI DetourTransactionBegin(VOID);\r\nLONG WINAPI DetourTransactionAbort(VOID);\r\nLONG WINAPI DetourTransactionCommit(VOID);\r\nLONG WINAPI DetourTransactionCommitEx(_Out_opt_ PVOID **pppFailedPointer);\r\n\r\nLONG WINAPI DetourUpdateThread(_In_ HANDLE hThread);\r\n\r\nLONG WINAPI DetourAttach(_Inout_ PVOID *ppPointer,\r\n _In_ PVOID pDetour);\r\n\r\nLONG WINAPI DetourAttachEx(_Inout_ PVOID *ppPointer,\r\n _In_ PVOID pDetour,\r\n _Out_opt_ PDETOUR_TRAMPOLINE *ppRealTrampoline,\r\n _Out_opt_ PVOID *ppRealTarget,\r\n _Out_opt_ PVOID *ppRealDetour);\r\n\r\nLONG WINAPI DetourDetach(_Inout_ PVOID *ppPointer,\r\n _In_ PVOID pDetour);\r\n\r\nBOOL WINAPI DetourSetIgnoreTooSmall(_In_ BOOL fIgnore);\r\nBOOL WINAPI DetourSetRetainRegions(_In_ BOOL fRetain);\r\nPVOID WINAPI DetourSetSystemRegionLowerBound(_In_ PVOID pSystemRegionLowerBound);\r\nPVOID WINAPI DetourSetSystemRegionUpperBound(_In_ PVOID pSystemRegionUpperBound);\r\n\r\n////////////////////////////////////////////////////////////// Code Functions.\r\n//\r\nPVOID WINAPI DetourFindFunction(_In_ LPCSTR pszModule,\r\n _In_ LPCSTR pszFunction);\r\nPVOID WINAPI DetourCodeFromPointer(_In_ PVOID pPointer,\r\n _Out_opt_ PVOID *ppGlobals);\r\nPVOID WINAPI DetourCopyInstruction(_In_opt_ PVOID pDst,\r\n _Inout_opt_ PVOID *ppDstPool,\r\n _In_ PVOID pSrc,\r\n _Out_opt_ PVOID *ppTarget,\r\n _Out_opt_ LONG *plExtra);\r\nBOOL WINAPI DetourSetCodeModule(_In_ HMODULE hModule,\r\n _In_ BOOL fLimitReferencesToModule);\r\n\r\n///////////////////////////////////////////////////// Loaded Binary Functions.\r\n//\r\nHMODULE WINAPI DetourGetContainingModule(_In_ PVOID pvAddr);\r\nHMODULE WINAPI DetourEnumerateModules(_In_opt_ HMODULE hModuleLast);\r\nPVOID WINAPI DetourGetEntryPoint(_In_opt_ HMODULE hModule);\r\nULONG WINAPI DetourGetModuleSize(_In_opt_ HMODULE hModule);\r\nBOOL WINAPI DetourEnumerateExports(_In_ HMODULE hModule,\r\n _In_opt_ PVOID pContext,\r\n _In_ PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport);\r\nBOOL WINAPI DetourEnumerateImports(_In_opt_ HMODULE hModule,\r\n _In_opt_ PVOID pContext,\r\n _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile,\r\n _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK pfImportFunc);\r\n\r\nBOOL WINAPI DetourEnumerateImportsEx(_In_opt_ HMODULE hModule,\r\n _In_opt_ PVOID pContext,\r\n _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile,\r\n _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK_EX pfImportFuncEx);\r\n\r\n_Writable_bytes_(*pcbData)\r\n_Readable_bytes_(*pcbData)\r\n_Success_(return != NULL)\r\nPVOID WINAPI DetourFindPayload(_In_opt_ HMODULE hModule,\r\n _In_ REFGUID rguid,\r\n _Out_ DWORD *pcbData);\r\n\r\n_Writable_bytes_(*pcbData)\r\n_Readable_bytes_(*pcbData)\r\n_Success_(return != NULL)\r\nPVOID WINAPI DetourFindPayloadEx(_In_ REFGUID rguid,\r\n _Out_ DWORD * pcbData);\r\n\r\nDWORD WINAPI DetourGetSizeOfPayloads(_In_opt_ HMODULE hModule);\r\n\r\n///////////////////////////////////////////////// Persistent Binary Functions.\r\n//\r\n\r\nPDETOUR_BINARY WINAPI DetourBinaryOpen(_In_ HANDLE hFile);\r\n\r\n_Writable_bytes_(*pcbData)\r\n_Readable_bytes_(*pcbData)\r\n_Success_(return != NULL)\r\nPVOID WINAPI DetourBinaryEnumeratePayloads(_In_ PDETOUR_BINARY pBinary,\r\n _Out_opt_ GUID *pGuid,\r\n _Out_ DWORD *pcbData,\r\n _Inout_ DWORD *pnIterator);\r\n\r\n_Writable_bytes_(*pcbData)\r\n_Readable_bytes_(*pcbData)\r\n_Success_(return != NULL)\r\nPVOID WINAPI DetourBinaryFindPayload(_In_ PDETOUR_BINARY pBinary,\r\n _In_ REFGUID rguid,\r\n _Out_ DWORD *pcbData);\r\n\r\nPVOID WINAPI DetourBinarySetPayload(_In_ PDETOUR_BINARY pBinary,\r\n _In_ REFGUID rguid,\r\n _In_reads_opt_(cbData) PVOID pData,\r\n _In_ DWORD cbData);\r\nBOOL WINAPI DetourBinaryDeletePayload(_In_ PDETOUR_BINARY pBinary, _In_ REFGUID rguid);\r\nBOOL WINAPI DetourBinaryPurgePayloads(_In_ PDETOUR_BINARY pBinary);\r\nBOOL WINAPI DetourBinaryResetImports(_In_ PDETOUR_BINARY pBinary);\r\nBOOL WINAPI DetourBinaryEditImports(_In_ PDETOUR_BINARY pBinary,\r\n _In_opt_ PVOID pContext,\r\n _In_opt_ PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,\r\n _In_opt_ PF_DETOUR_BINARY_FILE_CALLBACK pfFile,\r\n _In_opt_ PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,\r\n _In_opt_ PF_DETOUR_BINARY_COMMIT_CALLBACK pfCommit);\r\nBOOL WINAPI DetourBinaryWrite(_In_ PDETOUR_BINARY pBinary, _In_ HANDLE hFile);\r\nBOOL WINAPI DetourBinaryClose(_In_ PDETOUR_BINARY pBinary);\r\n\r\n/////////////////////////////////////////////////// Create Process & Load Dll.\r\n//\r\ntypedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)(\r\n _In_opt_ LPCSTR lpApplicationName,\r\n _Inout_opt_ LPSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOA lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation);\r\n\r\ntypedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)(\r\n _In_opt_ LPCWSTR lpApplicationName,\r\n _Inout_opt_ LPWSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCWSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOW lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation);\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllA(_In_opt_ LPCSTR lpApplicationName,\r\n _Inout_opt_ LPSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOA lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ LPCSTR lpDllName,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllW(_In_opt_ LPCWSTR lpApplicationName,\r\n _Inout_opt_ LPWSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCWSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOW lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ LPCSTR lpDllName,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);\r\n\r\n#ifdef UNICODE\r\n#define DetourCreateProcessWithDll DetourCreateProcessWithDllW\r\n#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW\r\n#else\r\n#define DetourCreateProcessWithDll DetourCreateProcessWithDllA\r\n#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA\r\n#endif // !UNICODE\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllExA(_In_opt_ LPCSTR lpApplicationName,\r\n _Inout_opt_ LPSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOA lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ LPCSTR lpDllName,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllExW(_In_opt_ LPCWSTR lpApplicationName,\r\n _Inout_opt_ LPWSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCWSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOW lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ LPCSTR lpDllName,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);\r\n\r\n#ifdef UNICODE\r\n#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExW\r\n#else\r\n#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExA\r\n#endif // !UNICODE\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllsA(_In_opt_ LPCSTR lpApplicationName,\r\n _Inout_opt_ LPSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOA lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ DWORD nDlls,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);\r\n\r\nBOOL WINAPI DetourCreateProcessWithDllsW(_In_opt_ LPCWSTR lpApplicationName,\r\n _Inout_opt_ LPWSTR lpCommandLine,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n _In_ BOOL bInheritHandles,\r\n _In_ DWORD dwCreationFlags,\r\n _In_opt_ LPVOID lpEnvironment,\r\n _In_opt_ LPCWSTR lpCurrentDirectory,\r\n _In_ LPSTARTUPINFOW lpStartupInfo,\r\n _Out_ LPPROCESS_INFORMATION lpProcessInformation,\r\n _In_ DWORD nDlls,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);\r\n\r\n#ifdef UNICODE\r\n#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsW\r\n#else\r\n#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsA\r\n#endif // !UNICODE\r\n\r\nBOOL WINAPI DetourProcessViaHelperA(_In_ DWORD dwTargetPid,\r\n _In_ LPCSTR lpDllName,\r\n _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);\r\n\r\nBOOL WINAPI DetourProcessViaHelperW(_In_ DWORD dwTargetPid,\r\n _In_ LPCSTR lpDllName,\r\n _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);\r\n\r\n#ifdef UNICODE\r\n#define DetourProcessViaHelper DetourProcessViaHelperW\r\n#else\r\n#define DetourProcessViaHelper DetourProcessViaHelperA\r\n#endif // !UNICODE\r\n\r\nBOOL WINAPI DetourProcessViaHelperDllsA(_In_ DWORD dwTargetPid,\r\n _In_ DWORD nDlls,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);\r\n\r\nBOOL WINAPI DetourProcessViaHelperDllsW(_In_ DWORD dwTargetPid,\r\n _In_ DWORD nDlls,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);\r\n\r\n#ifdef UNICODE\r\n#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsW\r\n#else\r\n#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsA\r\n#endif // !UNICODE\r\n\r\nBOOL WINAPI DetourUpdateProcessWithDll(_In_ HANDLE hProcess,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_ DWORD nDlls);\r\n\r\nBOOL WINAPI DetourUpdateProcessWithDllEx(_In_ HANDLE hProcess,\r\n _In_ HMODULE hImage,\r\n _In_ BOOL bIs32Bit,\r\n _In_reads_(nDlls) LPCSTR *rlpDlls,\r\n _In_ DWORD nDlls);\r\n\r\nBOOL WINAPI DetourCopyPayloadToProcess(_In_ HANDLE hProcess,\r\n _In_ REFGUID rguid,\r\n _In_reads_bytes_(cbData) PVOID pvData,\r\n _In_ DWORD cbData);\r\nBOOL WINAPI DetourRestoreAfterWith(VOID);\r\nBOOL WINAPI DetourRestoreAfterWithEx(_In_reads_bytes_(cbData) PVOID pvData,\r\n _In_ DWORD cbData);\r\nBOOL WINAPI DetourIsHelperProcess(VOID);\r\nVOID CALLBACK DetourFinishHelperProcess(_In_ HWND,\r\n _In_ HINSTANCE,\r\n _In_ LPSTR,\r\n _In_ INT);\r\n\r\n//\r\n//////////////////////////////////////////////////////////////////////////////\r\n#ifdef __cplusplus\r\n}\r\n#endif // __cplusplus\r\n\r\n//////////////////////////////////////////////// Detours Internal Definitions.\r\n//\r\n#ifdef __cplusplus\r\n#ifdef DETOURS_INTERNAL\r\n\r\n#define NOTHROW\r\n// #define NOTHROW (nothrow)\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n#if (_MSC_VER < 1299)\r\n#include \r\ntypedef IMAGEHLP_MODULE IMAGEHLP_MODULE64;\r\ntypedef PIMAGEHLP_MODULE PIMAGEHLP_MODULE64;\r\ntypedef IMAGEHLP_SYMBOL SYMBOL_INFO;\r\ntypedef PIMAGEHLP_SYMBOL PSYMBOL_INFO;\r\n\r\nstatic inline\r\nLONG InterlockedCompareExchange(_Inout_ LONG *ptr, _In_ LONG nval, _In_ LONG oval)\r\n{\r\n return (LONG)::InterlockedCompareExchange((PVOID*)ptr, (PVOID)nval, (PVOID)oval);\r\n}\r\n#else\r\n#pragma warning(push)\r\n#pragma warning(disable:4091) // empty typedef\r\n#include \r\n#pragma warning(pop)\r\n#endif\r\n\r\n#ifdef IMAGEAPI // defined by DBGHELP.H\r\ntypedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(_In_ LPAPI_VERSION AppVersion);\r\n\r\ntypedef BOOL (NTAPI *PF_SymInitialize)(_In_ HANDLE hProcess,\r\n _In_opt_ LPCSTR UserSearchPath,\r\n _In_ BOOL fInvadeProcess);\r\ntypedef DWORD (NTAPI *PF_SymSetOptions)(_In_ DWORD SymOptions);\r\ntypedef DWORD (NTAPI *PF_SymGetOptions)(VOID);\r\ntypedef DWORD64 (NTAPI *PF_SymLoadModule64)(_In_ HANDLE hProcess,\r\n _In_opt_ HANDLE hFile,\r\n _In_ LPSTR ImageName,\r\n _In_opt_ LPSTR ModuleName,\r\n _In_ DWORD64 BaseOfDll,\r\n _In_opt_ DWORD SizeOfDll);\r\ntypedef BOOL (NTAPI *PF_SymGetModuleInfo64)(_In_ HANDLE hProcess,\r\n _In_ DWORD64 qwAddr,\r\n _Out_ PIMAGEHLP_MODULE64 ModuleInfo);\r\ntypedef BOOL (NTAPI *PF_SymFromName)(_In_ HANDLE hProcess,\r\n _In_ LPSTR Name,\r\n _Out_ PSYMBOL_INFO Symbol);\r\n\r\ntypedef struct _DETOUR_SYM_INFO\r\n{\r\n HANDLE hProcess;\r\n HMODULE hDbgHelp;\r\n PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;\r\n PF_SymInitialize pfSymInitialize;\r\n PF_SymSetOptions pfSymSetOptions;\r\n PF_SymGetOptions pfSymGetOptions;\r\n PF_SymLoadModule64 pfSymLoadModule64;\r\n PF_SymGetModuleInfo64 pfSymGetModuleInfo64;\r\n PF_SymFromName pfSymFromName;\r\n} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;\r\n\r\nPDETOUR_SYM_INFO DetourLoadImageHlp(VOID);\r\n\r\n#endif // IMAGEAPI\r\n\r\n#if defined(_INC_STDIO) && !defined(_CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS)\r\n#error detours.h must be included before stdio.h (or at least define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS earlier)\r\n#endif\r\n#define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS 1\r\n\r\n#ifndef DETOUR_TRACE\r\n#if DETOUR_DEBUG\r\n#define DETOUR_TRACE(x) printf x\r\n#define DETOUR_BREAK() __debugbreak()\r\n#include \r\n#include \r\n#else\r\n#define DETOUR_TRACE(x)\r\n#define DETOUR_BREAK()\r\n#endif\r\n#endif\r\n\r\n#if 1 || defined(DETOURS_IA64)\r\n\r\n//\r\n// IA64 instructions are 41 bits, 3 per bundle, plus 5 bit bundle template => 128 bits per bundle.\r\n//\r\n\r\n#define DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE (3)\r\n\r\n#define DETOUR_IA64_TEMPLATE_OFFSET (0)\r\n#define DETOUR_IA64_TEMPLATE_SIZE (5)\r\n\r\n#define DETOUR_IA64_INSTRUCTION_SIZE (41)\r\n#define DETOUR_IA64_INSTRUCTION0_OFFSET (DETOUR_IA64_TEMPLATE_SIZE)\r\n#define DETOUR_IA64_INSTRUCTION1_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE)\r\n#define DETOUR_IA64_INSTRUCTION2_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE + DETOUR_IA64_INSTRUCTION_SIZE)\r\n\r\nC_ASSERT(DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE * DETOUR_IA64_INSTRUCTION_SIZE == 128);\r\n\r\n__declspec(align(16)) struct DETOUR_IA64_BUNDLE\r\n{\r\n public:\r\n union\r\n {\r\n BYTE data[16];\r\n UINT64 wide[2];\r\n };\r\n\r\n enum {\r\n A_UNIT = 1u,\r\n I_UNIT = 2u,\r\n M_UNIT = 3u,\r\n B_UNIT = 4u,\r\n F_UNIT = 5u,\r\n L_UNIT = 6u,\r\n X_UNIT = 7u,\r\n };\r\n struct DETOUR_IA64_METADATA\r\n {\r\n ULONG nTemplate : 8; // Instruction template.\r\n ULONG nUnit0 : 4; // Unit for slot 0\r\n ULONG nUnit1 : 4; // Unit for slot 1\r\n ULONG nUnit2 : 4; // Unit for slot 2\r\n };\r\n\r\n protected:\r\n static const DETOUR_IA64_METADATA s_rceCopyTable[33];\r\n\r\n UINT RelocateBundle(_Inout_ DETOUR_IA64_BUNDLE* pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const;\r\n\r\n bool RelocateInstruction(_Inout_ DETOUR_IA64_BUNDLE* pDst,\r\n _In_ BYTE slot,\r\n _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const;\r\n\r\n // 120 112 104 96 88 80 72 64 56 48 40 32 24 16 8 0\r\n // f. e. d. c. b. a. 9. 8. 7. 6. 5. 4. 3. 2. 1. 0.\r\n\r\n // 00\r\n // f.e. d.c. b.a. 9.8. 7.6. 5.4. 3.2. 1.0.\r\n // 0000 0000 0000 0000 0000 0000 0000 001f : Template [4..0]\r\n // 0000 0000 0000 0000 0000 03ff ffff ffe0 : Zero [ 41.. 5]\r\n // 0000 0000 0000 0000 0000 3c00 0000 0000 : Zero [ 45.. 42]\r\n // 0000 0000 0007 ffff ffff c000 0000 0000 : One [ 82.. 46]\r\n // 0000 0000 0078 0000 0000 0000 0000 0000 : One [ 86.. 83]\r\n // 0fff ffff ff80 0000 0000 0000 0000 0000 : Two [123.. 87]\r\n // f000 0000 0000 0000 0000 0000 0000 0000 : Two [127..124]\r\n BYTE GetTemplate() const;\r\n // Get 4 bit opcodes.\r\n BYTE GetInst0() const;\r\n BYTE GetInst1() const;\r\n BYTE GetInst2() const;\r\n BYTE GetUnit(BYTE slot) const;\r\n BYTE GetUnit0() const;\r\n BYTE GetUnit1() const;\r\n BYTE GetUnit2() const;\r\n // Get 37 bit data.\r\n UINT64 GetData0() const;\r\n UINT64 GetData1() const;\r\n UINT64 GetData2() const;\r\n\r\n // Get/set the full 41 bit instructions.\r\n UINT64 GetInstruction(BYTE slot) const;\r\n UINT64 GetInstruction0() const;\r\n UINT64 GetInstruction1() const;\r\n UINT64 GetInstruction2() const;\r\n void SetInstruction(BYTE slot, UINT64 instruction);\r\n void SetInstruction0(UINT64 instruction);\r\n void SetInstruction1(UINT64 instruction);\r\n void SetInstruction2(UINT64 instruction);\r\n\r\n // Get/set bitfields.\r\n static UINT64 GetBits(UINT64 Value, UINT64 Offset, UINT64 Count);\r\n static UINT64 SetBits(UINT64 Value, UINT64 Offset, UINT64 Count, UINT64 Field);\r\n\r\n // Get specific read-only fields.\r\n static UINT64 GetOpcode(UINT64 instruction); // 4bit opcode\r\n static UINT64 GetX(UINT64 instruction); // 1bit opcode extension\r\n static UINT64 GetX3(UINT64 instruction); // 3bit opcode extension\r\n static UINT64 GetX6(UINT64 instruction); // 6bit opcode extension\r\n\r\n // Get/set specific fields.\r\n static UINT64 GetImm7a(UINT64 instruction);\r\n static UINT64 SetImm7a(UINT64 instruction, UINT64 imm7a);\r\n static UINT64 GetImm13c(UINT64 instruction);\r\n static UINT64 SetImm13c(UINT64 instruction, UINT64 imm13c);\r\n static UINT64 GetSignBit(UINT64 instruction);\r\n static UINT64 SetSignBit(UINT64 instruction, UINT64 signBit);\r\n static UINT64 GetImm20a(UINT64 instruction);\r\n static UINT64 SetImm20a(UINT64 instruction, UINT64 imm20a);\r\n static UINT64 GetImm20b(UINT64 instruction);\r\n static UINT64 SetImm20b(UINT64 instruction, UINT64 imm20b);\r\n\r\n static UINT64 SignExtend(UINT64 Value, UINT64 Offset);\r\n\r\n BOOL IsMovlGp() const;\r\n\r\n VOID SetInst(BYTE Slot, BYTE nInst);\r\n VOID SetInst0(BYTE nInst);\r\n VOID SetInst1(BYTE nInst);\r\n VOID SetInst2(BYTE nInst);\r\n VOID SetData(BYTE Slot, UINT64 nData);\r\n VOID SetData0(UINT64 nData);\r\n VOID SetData1(UINT64 nData);\r\n VOID SetData2(UINT64 nData);\r\n BOOL SetNop(BYTE Slot);\r\n BOOL SetNop0();\r\n BOOL SetNop1();\r\n BOOL SetNop2();\r\n\r\n public:\r\n BOOL IsBrl() const;\r\n VOID SetBrl();\r\n VOID SetBrl(UINT64 target);\r\n UINT64 GetBrlTarget() const;\r\n VOID SetBrlTarget(UINT64 target);\r\n VOID SetBrlImm(UINT64 imm);\r\n UINT64 GetBrlImm() const;\r\n\r\n UINT64 GetMovlGp() const;\r\n VOID SetMovlGp(UINT64 gp);\r\n\r\n VOID SetStop();\r\n\r\n UINT Copy(_Out_ DETOUR_IA64_BUNDLE *pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra = NULL) const;\r\n};\r\n#endif // DETOURS_IA64\r\n\r\n#ifdef DETOURS_ARM\r\n\r\n#define DETOURS_PFUNC_TO_PBYTE(p) ((PBYTE)(((ULONG_PTR)(p)) & ~(ULONG_PTR)1))\r\n#define DETOURS_PBYTE_TO_PFUNC(p) ((PBYTE)(((ULONG_PTR)(p)) | (ULONG_PTR)1))\r\n\r\n#endif // DETOURS_ARM\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n\r\n#ifdef __cplusplus\r\nextern \"C\" {\r\n#endif // __cplusplus\r\n\r\n#define DETOUR_OFFLINE_LIBRARY(x) \\\r\nPVOID WINAPI DetourCopyInstruction##x(_In_opt_ PVOID pDst, \\\r\n _Inout_opt_ PVOID *ppDstPool, \\\r\n _In_ PVOID pSrc, \\\r\n _Out_opt_ PVOID *ppTarget, \\\r\n _Out_opt_ LONG *plExtra); \\\r\n \\\r\nBOOL WINAPI DetourSetCodeModule##x(_In_ HMODULE hModule, \\\r\n _In_ BOOL fLimitReferencesToModule); \\\r\n\r\nDETOUR_OFFLINE_LIBRARY(X86)\r\nDETOUR_OFFLINE_LIBRARY(X64)\r\nDETOUR_OFFLINE_LIBRARY(ARM)\r\nDETOUR_OFFLINE_LIBRARY(ARM64)\r\nDETOUR_OFFLINE_LIBRARY(IA64)\r\n\r\n#undef DETOUR_OFFLINE_LIBRARY\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n// Helpers for manipulating page protection.\r\n//\r\n\r\n_Success_(return != FALSE)\r\nBOOL WINAPI DetourVirtualProtectSameExecuteEx(_In_ HANDLE hProcess,\r\n _In_ PVOID pAddress,\r\n _In_ SIZE_T nSize,\r\n _In_ DWORD dwNewProtect,\r\n _Out_ PDWORD pdwOldProtect);\r\n\r\n_Success_(return != FALSE)\r\nBOOL WINAPI DetourVirtualProtectSameExecute(_In_ PVOID pAddress,\r\n _In_ SIZE_T nSize,\r\n _In_ DWORD dwNewProtect,\r\n _Out_ PDWORD pdwOldProtect);\r\n#ifdef __cplusplus\r\n}\r\n#endif // __cplusplus\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n\r\n#define MM_ALLOCATION_GRANULARITY 0x10000\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n\r\n#endif // DETOURS_INTERNAL\r\n#endif // __cplusplus\r\n\r\n#endif // _DETOURS_H_\r\n//\r\n//////////////////////////////////////////////////////////////// End of File.\r\n"
},
{
"path": "include/detver.h",
"content": "//////////////////////////////////////////////////////////////////////////////\r\n//\r\n// Common version parameters.\r\n//\r\n// Microsoft Research Detours Package, Version 3.0 Build_343.\r\n//\r\n// Copyright (c) Microsoft Corporation. All rights reserved.\r\n//\r\n\r\n#define _USING_V110_SDK71_ 1\r\n#include \"winver.h\"\r\n#if 0\r\n#include \r\n#include \r\n#else\r\n#ifndef DETOURS_STRINGIFY\r\n#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)\r\n#define DETOURS_STRINGIFY_(x) #x\r\n#endif\r\n\r\n#define VER_FILEFLAGSMASK 0x3fL\r\n#define VER_FILEFLAGS 0x0L\r\n#define VER_FILEOS 0x00040004L\r\n#define VER_FILETYPE 0x00000002L\r\n#define VER_FILESUBTYPE 0x00000000L\r\n#endif\r\n#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS)\r\n"
},
{
"path": "include/syelog.h",
"content": "//////////////////////////////////////////////////////////////////////////////\r\n//\r\n// Detours Test Program (syelog.h of syelog.lib)\r\n//\r\n// Microsoft Research Detours Package, Version 3.0.\r\n//\r\n// Copyright (c) Microsoft Corporation. All rights reserved.\r\n//\r\n#pragma once\r\n#ifndef _SYELOGD_H_\r\n#define _SYELOGD_H_\r\n#include \r\n\r\n#pragma pack(push, 1)\r\n#pragma warning(push)\r\n#pragma warning(disable: 4200)\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n//\r\n#define SYELOG_PIPE_NAMEA \"\\\\\\\\.\\\\pipe\\\\syelog\"\r\n#define SYELOG_PIPE_NAMEW L\"\\\\\\\\.\\\\pipe\\\\syelog\"\r\n#ifdef UNICODE\r\n#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW\r\n#else\r\n#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA\r\n#endif\r\n\r\n//////////////////////////////////////////////////////////////////////////////\r\n//\r\n#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)\r\n\r\ntypedef struct _SYELOG_MESSAGE\r\n{\r\n USHORT nBytes;\r\n BYTE nFacility;\r\n BYTE nSeverity;\r\n DWORD nProcessId;\r\n FILETIME ftOccurance;\r\n BOOL fTerminate;\r\n CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];\r\n} SYELOG_MESSAGE, *PSYELOG_MESSAGE;\r\n\r\n\r\n// Facility Codes.\r\n//\r\n#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel\r\n#define SYELOG_FACILITY_SECURITY 0x20 // OS Security\r\n#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal\r\n#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon\r\n#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application\r\n#define SYELOG_FACILITY_USER 0x60 // User self-generated.\r\n#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.\r\n#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.\r\n\r\n// Severity Codes.\r\n//\r\n#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.\r\n#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.\r\n#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.\r\n#define SYELOG_SEVERITY_ERROR 0x30 // Error\r\n#define SYELOG_SEVERITY_WARNING 0x40 // Warning\r\n#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.\r\n#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational\r\n#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed\r\n#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded\r\n#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging\r\n\r\n// Logging Functions.\r\n//\r\nVOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);\r\nVOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);\r\nVOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);\r\nVOID SyelogClose(BOOL fTerminate);\r\n\r\n#pragma warning(pop)\r\n#pragma pack(pop)\r\n\r\n#endif // _SYELOGD_H_\r\n//\r\n///////////////////////////////////////////////////////////////// End of File.\r\n"
},
{
"path": "main.cpp",
"content": "#pragma comment(lib, \"detours.lib\")\r\n#define _CRT_SECURE_NO_WARNINGS\r\n\r\n#include \r\n#include \r\n#include \r\n#include \"mssign32.h\"\r\n\r\nHMODULE hModCrypt32 = NULL, hModMssign32 = NULL, hModKernel32 = NULL;\r\nusing fntCertVerifyTimeValidity = decltype(CertVerifyTimeValidity);\r\nusing fntSignerSign = decltype(SignerSign);\r\nusing fntSignerTimeStamp = decltype(SignerTimeStamp);\r\nusing fntSignerTimeStampEx2 = decltype(SignerTimeStampEx2);\r\nusing fntSignerTimeStampEx3 = decltype(SignerTimeStampEx3);\r\nusing fntGetLocalTime = decltype(GetLocalTime);\r\nfntCertVerifyTimeValidity* pOldCertVerifyTimeValidity = NULL;\r\nfntSignerSign* pOldSignerSign = NULL;\r\nfntSignerTimeStamp* pOldSignerTimeStamp = NULL;\r\nfntSignerTimeStampEx2* pOldSignerTimeStampEx2 = NULL;\r\nfntSignerTimeStampEx3* pOldSignerTimeStampEx3 = NULL;\r\nfntGetLocalTime* pOldGetLocalTime = NULL;\r\n\r\nint year = -1, month = -1, day = -1, hour = -1, minute = -1, second = -1;\r\nWCHAR lpTimestamp[20];\r\n\r\nLPCWSTR ReplaceTimeStamp(LPCWSTR lpOriginalTS) {\r\n if (!lpOriginalTS)\r\n return NULL;\r\n LPWSTR buf = new WCHAR[65];\r\n memset(buf, 0, sizeof(WCHAR) * 65);\r\n if (!_wcsicmp(lpOriginalTS, L\"{CustomTimestampMarker-SHA1}\")) {\r\n wcscat(buf, L\"http://timestamp.pki.jemmylovejenny.tk/SHA1/\");\r\n wcscat(buf, lpTimestamp);\r\n return buf;\r\n }\r\n else if (!_wcsicmp(lpOriginalTS, L\"{CustomTimestampMarker-SHA256}\")) {\r\n wcscat(buf, L\"http://timestamp.pki.jemmylovejenny.tk/SHA256/\");\r\n wcscat(buf, lpTimestamp);\r\n return buf;\r\n }\r\n else {\r\n return lpOriginalTS;\r\n }\r\n}\r\nLONG WINAPI NewCertVerifyTimeValidity(\r\n LPFILETIME pTimeToVerify,\r\n PCERT_INFO pCertInfo\r\n)\r\n{\r\n return 0;\r\n}\r\nHRESULT WINAPI NewSignerSign(\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ SIGNER_CERT* pSignerCert,\r\n _In_ SIGNER_SIGNATURE_INFO* pSignatureInfo,\r\n _In_opt_ SIGNER_PROVIDER_INFO* pProviderInfo,\r\n _In_opt_ LPCWSTR pwszHttpTimeStamp,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ LPVOID pSipData\r\n)\r\n{\r\n return (*pOldSignerSign)(pSubjectInfo, pSignerCert, pSignatureInfo, pProviderInfo, ReplaceTimeStamp(pwszHttpTimeStamp), psRequest, pSipData);\r\n}\r\nHRESULT WINAPI NewSignerTimeStamp(\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ LPCWSTR pwszHttpTimeStamp,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ LPVOID pSipData\r\n)\r\n{\r\n return (*pOldSignerTimeStamp)(pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), psRequest, pSipData);\r\n}\r\nHRESULT WINAPI NewSignerTimeStampEx2(\r\n _Reserved_ DWORD dwFlags,\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ LPCWSTR pwszHttpTimeStamp,\r\n _In_ ALG_ID dwAlgId,\r\n _In_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_ LPVOID pSipData,\r\n _Out_ SIGNER_CONTEXT** ppSignerContext\r\n)\r\n{\r\n return (*pOldSignerTimeStampEx2)(dwFlags, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), dwAlgId, psRequest, pSipData, ppSignerContext);\r\n}\r\nHRESULT WINAPI NewSignerTimeStampEx3(\r\n _In_ DWORD dwFlags,\r\n _In_ DWORD dwIndex,\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ PCWSTR pwszHttpTimeStamp,\r\n _In_ PCWSTR pszAlgorithmOid,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ PVOID pSipData,\r\n _Out_ SIGNER_CONTEXT** ppSignerContext,\r\n _In_opt_ PCERT_STRONG_SIGN_PARA pCryptoPolicy,\r\n _Reserved_ PVOID pReserved\r\n)\r\n{\r\n return (*pOldSignerTimeStampEx3)(dwFlags, dwIndex, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), pszAlgorithmOid, psRequest, pSipData, ppSignerContext, pCryptoPolicy, pReserved);\r\n}\r\nvoid WINAPI NewGetLocalTime(\r\n LPSYSTEMTIME lpSystemTime\r\n)\r\n{\r\n (*pOldGetLocalTime)(lpSystemTime);\r\n if (year >= 0)\r\n lpSystemTime->wYear = year;\r\n if (month >= 0)\r\n lpSystemTime->wMonth = month;\r\n if (day >= 0)\r\n lpSystemTime->wDay = day;\r\n if (hour >= 0)\r\n lpSystemTime->wHour = hour;\r\n if (minute >= 0)\r\n lpSystemTime->wMinute = minute;\r\n if (second >= 0)\r\n lpSystemTime->wSecond = second;\r\n}\r\n\r\nbool HookFunctions()\r\n{\r\n if ((hModCrypt32 = LoadLibraryW(L\"crypt32.dll\")) == NULL\r\n || (hModMssign32 = LoadLibraryW(L\"mssign32.dll\")) == NULL\r\n || (hModKernel32 = LoadLibraryW(L\"kernel32.dll\")) == NULL)\r\n return false;\r\n\r\n if ((pOldCertVerifyTimeValidity = (fntCertVerifyTimeValidity*)GetProcAddress(hModCrypt32, \"CertVerifyTimeValidity\")) == NULL\r\n || (pOldSignerSign = (fntSignerSign*)GetProcAddress(hModMssign32, \"SignerSign\")) == NULL\r\n || (pOldSignerTimeStamp = (fntSignerTimeStamp*)GetProcAddress(hModMssign32, \"SignerTimeStamp\")) == NULL\r\n || (pOldSignerTimeStampEx2 = (fntSignerTimeStampEx2*)GetProcAddress(hModMssign32, \"SignerTimeStampEx2\")) == NULL\r\n || ((pOldSignerTimeStampEx3 = (fntSignerTimeStampEx3*)GetProcAddress(hModMssign32, \"SignerTimeStampEx3\")) == NULL && FALSE)\r\n /* SignerTimeStampEx3 does not exist in Windows 7 */\r\n || (pOldGetLocalTime = (fntGetLocalTime*)GetProcAddress(hModKernel32, \"GetLocalTime\")) == NULL)\r\n return false;\r\n\r\n if (DetourTransactionBegin() != NO_ERROR\r\n || DetourAttach(&(PVOID&)pOldCertVerifyTimeValidity, NewCertVerifyTimeValidity) != NO_ERROR\r\n || DetourAttach(&(PVOID&)pOldSignerSign, NewSignerSign) != NO_ERROR\r\n || DetourAttach(&(PVOID&)pOldSignerTimeStamp, NewSignerTimeStamp) != NO_ERROR\r\n || DetourAttach(&(PVOID&)pOldSignerTimeStampEx2, NewSignerTimeStampEx2) != NO_ERROR\r\n || (pOldSignerTimeStampEx3 != NULL ? DetourAttach(&(PVOID&)pOldSignerTimeStampEx3, NewSignerTimeStampEx3) != NO_ERROR : FALSE)\r\n /* SignerTimeStampEx3 does not exist in Windows 7 */\r\n || DetourAttach(&(PVOID&)pOldGetLocalTime, NewGetLocalTime) != NO_ERROR\r\n || DetourTransactionCommit() != NO_ERROR)\r\n return false;\r\n\r\n return true;\r\n}\r\nbool ParseConfig(LPWSTR lpCommandLineConfig, LPWSTR lpCommandLineTimestamp)\r\n{\r\n LPWSTR buf = new WCHAR[260];\r\n memset(buf, 0, sizeof(WCHAR) * 260);\r\n\r\n if (_wgetcwd(buf, 260) == NULL)\r\n return false;\r\n wcscat(buf, L\"\\\\\");\r\n\r\n if (lpCommandLineConfig) {\r\n if ((wcschr(lpCommandLineConfig, L':') - lpCommandLineConfig) == 1) {\r\n memset(buf, 0, sizeof(WCHAR) * 260);\r\n wsprintfW(buf, lpCommandLineConfig);\r\n }\r\n else {\r\n wcscat(buf, lpCommandLineConfig);\r\n }\r\n }\r\n else {\r\n wcscat(buf, L\"hook.ini\");\r\n }\r\n\r\n year = GetPrivateProfileIntW(L\"Time\", L\"Year\", -1, buf);\r\n month = GetPrivateProfileIntW(L\"Time\", L\"Month\", -1, buf);\r\n day = GetPrivateProfileIntW(L\"Time\", L\"Day\", -1, buf);\r\n hour = GetPrivateProfileIntW(L\"Time\", L\"Hour\", -1, buf);\r\n minute = GetPrivateProfileIntW(L\"Time\", L\"Minute\", -1, buf);\r\n second = GetPrivateProfileIntW(L\"Time\", L\"Second\", -1, buf);\r\n\r\n if (lpCommandLineTimestamp)\r\n wsprintfW(lpTimestamp, lpCommandLineTimestamp);\r\n else\r\n GetPrivateProfileStringW(L\"Timestamp\", L\"Timestamp\", NULL, lpTimestamp, 20, buf);\r\n \r\n return true;\r\n}\r\nBOOL WINAPI DllMain(\r\n _In_ HINSTANCE hinstDLL,\r\n _In_ DWORD fdwReason,\r\n _In_ LPVOID lpvReserved\r\n)\r\n{\r\n if (fdwReason == DLL_PROCESS_ATTACH)\r\n {\r\n LPWSTR* szArglist = NULL;\r\n int nArgs = 0;\r\n szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs);\r\n\r\n int iconfig = -1, its = -1;\r\n\r\n for (int i = 0; i <= nArgs - 2; i++) {\r\n if (!wcscmp(szArglist[i], L\"-config\"))\r\n iconfig = i + 1;\r\n if (!wcscmp(szArglist[i], L\"-ts\"))\r\n its = i + 1;\r\n }\r\n\r\n if (!ParseConfig(iconfig >= 0 ? szArglist[iconfig] : NULL, its >= 0 ? szArglist[its] : NULL))\r\n MessageBoxW(NULL, L\"óʼʧܣhook.iniв\", L\"ʼʧ\", MB_ICONERROR);\r\n \r\n LocalFree(szArglist);\r\n\r\n if (!HookFunctions())\r\n MessageBoxW(NULL, L\"ִHookָĺ\\r\\nرճԣ\", L\"Hookʧ\", MB_ICONERROR);\r\n \r\n MessageBoxW(NULL, lpTimestamp, L\"ԶʱΪ\", MB_OK);\r\n }\r\n return 1;\r\n}\r\n\r\nextern \"C\" __declspec(dllexport) int attach()\r\n{\r\n return 0;\r\n}\r\n"
},
{
"path": "mssign32.h",
"content": "#pragma once\r\n#include \r\n\r\ntypedef struct _SIGNER_FILE_INFO {\r\n DWORD cbSize;\r\n LPCWSTR pwszFileName;\r\n HANDLE hFile;\r\n} SIGNER_FILE_INFO, * PSIGNER_FILE_INFO;\r\ntypedef struct _SIGNER_BLOB_INFO {\r\n DWORD cbSize;\r\n GUID* pGuidSubject;\r\n DWORD cbBlob;\r\n BYTE* pbBlob;\r\n LPCWSTR pwszDisplayName;\r\n} SIGNER_BLOB_INFO, * PSIGNER_BLOB_INFO;\r\ntypedef struct _SIGNER_CONTEXT {\r\n DWORD cbSize;\r\n DWORD cbBlob;\r\n BYTE* pbBlob;\r\n} SIGNER_CONTEXT, * PSIGNER_CONTEXT;\r\n\r\ntypedef struct _SIGNER_CERT_STORE_INFO {\r\n DWORD cbSize;\r\n PCCERT_CONTEXT pSigningCert;\r\n DWORD dwCertPolicy;\r\n HCERTSTORE hCertStore;\r\n} SIGNER_CERT_STORE_INFO, * PSIGNER_CERT_STORE_INFO;\r\ntypedef struct _SIGNER_SPC_CHAIN_INFO {\r\n DWORD cbSize;\r\n LPCWSTR pwszSpcFile;\r\n DWORD dwCertPolicy;\r\n HCERTSTORE hCertStore;\r\n} SIGNER_SPC_CHAIN_INFO, * PSIGNER_SPC_CHAIN_INFO;\r\n\r\ntypedef struct _SIGNER_ATTR_AUTHCODE {\r\n DWORD cbSize;\r\n BOOL fCommercial;\r\n BOOL fIndividual;\r\n LPCWSTR pwszName;\r\n LPCWSTR pwszInfo;\r\n} SIGNER_ATTR_AUTHCODE, * PSIGNER_ATTR_AUTHCODE;\r\n\r\ntypedef struct _SIGNER_SUBJECT_INFO {\r\n DWORD cbSize;\r\n DWORD* pdwIndex;\r\n DWORD dwSubjectChoice;\r\n union {\r\n SIGNER_FILE_INFO* pSignerFileInfo;\r\n SIGNER_BLOB_INFO* pSignerBlobInfo;\r\n };\r\n} SIGNER_SUBJECT_INFO, * PSIGNER_SUBJECT_INFO;\r\ntypedef struct _SIGNER_CERT {\r\n DWORD cbSize;\r\n DWORD dwCertChoice;\r\n union {\r\n LPCWSTR pwszSpcFile;\r\n SIGNER_CERT_STORE_INFO* pCertStoreInfo;\r\n SIGNER_SPC_CHAIN_INFO* pSpcChainInfo;\r\n };\r\n HWND hwnd;\r\n} SIGNER_CERT, * PSIGNER_CERT;\r\ntypedef struct _SIGNER_SIGNATURE_INFO {\r\n DWORD cbSize;\r\n ALG_ID algidHash;\r\n DWORD dwAttrChoice;\r\n union {\r\n SIGNER_ATTR_AUTHCODE* pAttrAuthcode;\r\n };\r\n PCRYPT_ATTRIBUTES psAuthenticated;\r\n PCRYPT_ATTRIBUTES psUnauthenticated;\r\n} SIGNER_SIGNATURE_INFO, * PSIGNER_SIGNATURE_INFO;\r\ntypedef struct _SIGNER_PROVIDER_INFO {\r\n DWORD cbSize;\r\n LPCWSTR pwszProviderName;\r\n DWORD dwProviderType;\r\n DWORD dwKeySpec;\r\n DWORD dwPvkChoice;\r\n union {\r\n LPWSTR pwszPvkFileName;\r\n LPWSTR pwszKeyContainer;\r\n };\r\n} SIGNER_PROVIDER_INFO, * PSIGNER_PROVIDER_INFO;\r\n\r\nHRESULT WINAPI SignerSign(\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ SIGNER_CERT* pSignerCert,\r\n _In_ SIGNER_SIGNATURE_INFO* pSignatureInfo,\r\n _In_opt_ SIGNER_PROVIDER_INFO* pProviderInfo,\r\n _In_opt_ LPCWSTR pwszHttpTimeStamp,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ LPVOID pSipData\r\n);\r\nHRESULT WINAPI SignerTimeStamp(\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ LPCWSTR pwszHttpTimeStamp,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ LPVOID pSipData\r\n);\r\nHRESULT WINAPI SignerTimeStampEx2(\r\n _Reserved_ DWORD dwFlags,\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ LPCWSTR pwszHttpTimeStamp,\r\n _In_ ALG_ID dwAlgId,\r\n _In_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_ LPVOID pSipData,\r\n _Out_ SIGNER_CONTEXT** ppSignerContext\r\n);\r\nHRESULT WINAPI SignerTimeStampEx3(\r\n _In_ DWORD dwFlags,\r\n _In_ DWORD dwIndex,\r\n _In_ SIGNER_SUBJECT_INFO* pSubjectInfo,\r\n _In_ PCWSTR pwszHttpTimeStamp,\r\n _In_ PCWSTR pszAlgorithmOid,\r\n _In_opt_ PCRYPT_ATTRIBUTES psRequest,\r\n _In_opt_ PVOID pSipData,\r\n _Out_ SIGNER_CONTEXT** ppSignerContext,\r\n _In_opt_ PCERT_STRONG_SIGN_PARA pCryptoPolicy,\r\n _Reserved_ PVOID pReserved\r\n);\r\n"
}
]