Showing preview only (427K chars total). Download the full file or copy to clipboard to get everything.
Repository: hfiref0x/ZeroAccess
Branch: master
Commit: abbf1c636e6d
Files: 92
Total size: 402.7 KB
Directory structure:
gitextract_4mmdaia1/
├── Compiled/
│ ├── s32
│ └── s64
├── LICENSE.md
├── README.md
├── Source/
│ ├── Harusame/
│ │ ├── Harusame.vcxproj
│ │ ├── Harusame.vcxproj.filters
│ │ ├── Harusame.vcxproj.user
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── resource.rc
│ ├── Murasame/
│ │ ├── Murasame.vcxproj
│ │ ├── Murasame.vcxproj.filters
│ │ ├── Murasame.vcxproj.user
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── resource.rc
│ ├── Shigure/
│ │ ├── Shigure.vcxproj
│ │ ├── Shigure.vcxproj.filters
│ │ ├── Shigure.vcxproj.user
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── resource.rc
│ ├── Umikaze/
│ │ ├── Umikaze.vcxproj
│ │ ├── Umikaze.vcxproj.filters
│ │ ├── Umikaze.vcxproj.user
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── resource.rc
│ ├── Yuudachi/
│ │ ├── Yuudachi.vcxproj
│ │ ├── Yuudachi.vcxproj.filters
│ │ ├── Yuudachi.vcxproj.user
│ │ ├── gui.c
│ │ ├── gui.h
│ │ ├── main.c
│ │ ├── p2p.c
│ │ ├── p2p.h
│ │ ├── resource.h
│ │ ├── resource.rc
│ │ └── za.manifest
│ ├── ZeroAccess.sln
│ ├── minirtl/
│ │ ├── _filename.c
│ │ ├── _filename.h
│ │ ├── _strcat.c
│ │ ├── _strcmp.c
│ │ ├── _strcmpi.c
│ │ ├── _strcpy.c
│ │ ├── _strend.c
│ │ ├── _strlen.c
│ │ ├── _strncmp.c
│ │ ├── _strncmpi.c
│ │ ├── _strncpy.c
│ │ ├── _strstr.c
│ │ ├── _strstri.c
│ │ ├── cmdline.c
│ │ ├── cmdline.h
│ │ ├── hextou64.c
│ │ ├── hextoul.c
│ │ ├── i64tostr.c
│ │ ├── itostr.c
│ │ ├── minirtl.h
│ │ ├── rtltypes.h
│ │ ├── strtoi.c
│ │ ├── strtoi64.c
│ │ ├── strtou64.c
│ │ ├── strtoul.c
│ │ ├── u64tohex.c
│ │ ├── u64tostr.c
│ │ ├── ultohex.c
│ │ └── ultostr.c
│ └── shared/
│ ├── cab.c
│ ├── cab.h
│ ├── cui.c
│ ├── cui.h
│ ├── ea.c
│ ├── ea.h
│ ├── gdip.c
│ ├── gdip.h
│ ├── global.h
│ ├── ldr.c
│ ├── ldr.h
│ ├── md5.c
│ ├── md5.h
│ ├── ntos.h
│ ├── rc4.c
│ ├── rc4.h
│ ├── util.c
│ ├── util.h
│ ├── za.h
│ ├── za_crypto.c
│ ├── za_crypto.h
│ └── za_rkey.h
└── ZeroAccess.sha256
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE.md
================================================
Copyright (c) 2016 - 2017 ZeroAccess Project
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================
FILE: README.md
================================================
# ZeroAccess
## Toolkit for ZeroAccess/Sirefef v3
ZeroAccess is an advanced malware family (probably most advanced from all of available), whose first appearance was in the middle of 2009. Initially Win32 kernel mode rootkit, transformed then into user mode toolkit. Uses self made p2p engine for communication (main purpose - download files). Based on modular structure. Survived multiple takedown attempts (they were mostly serving marketing purposes of various so-called security companies/corporations). Has multiple generations of various toolkit modules. This project provide you insights into ZeroAccess v3 code and several instruments to work with ZeroAccess v3 files. Mostly for education purposes.
# Project Contents
**Umikaze - peer list (@ file) decoder**
Processes input file as ZeroAccess peer file, type required for correct port assignation.
Result is output file with Time and IP+Port pairs as text.
> **Usage:** zadecode peerlist_filename [type 32 or 64, default 32], for example: zadecode s32 32
**Shigure - payload decryptor**
Processes input as ZeroAccess payload container, attempting to decode it using RC4 and extract Microsoft Cabinet afterthat.
> **Usage:** zadecrypt inputfile [outputfile], for example: zadecrypt 80000000.@ out.bin
**Harusame - payload container verificator**
Verifies if given file is valid container for ZeroAccess. Requires EA to be set at input file. More information about verification algorithm can be found in source.
> **Usage:** zacheck inputfile [mode 32 or 64, default 32], for example: zacheck 80000000.@ 32
**Yuudachi - ZeroAccess p2p network crawler**
GUI application that monitors given p2p botnet network and downloads payload from it. Downloaded files contain all required information for further verification by zacheck tool. Dumps collected peers in ZeroAccess format so they can be used as bootstrap next. Use x86-32 version for win32 botnet and x64 for win64. For work required proper bootstrap list and read/write access to current directory.
**Murasame - dropper extractor**
Extracts actual bot installation dropper from encrypted resource of high level dropper.
> **Usage:** zaextract inputfile [outputfile] hexkey, for example: zaextract highlvlbot.bin lowlvlbot.bin 0x12345678
# System Requirements
Does not require administrative privileges. Some tools may require read/write access for the their directories. Modern compatible NT version required, Windows XP not supported. For best appearance allow zamon32/zamon64 in firewall.
# Build
Project comes with full source code written in C.
In order to build from source you need: Microsoft Visual Studio 2015 U1 and later versions.
# Authors
(c) 2016 ZeroAccess Project
================================================
FILE: Source/Harusame/Harusame.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>Harusame</RootNamespace>
<WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zacheck32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zacheck64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<AdditionalDependencies>cryptdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<AdditionalDependencies>cryptdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
<AdditionalDependencies>cryptdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
<AdditionalDependencies>cryptdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\cmdline.c" />
<ClCompile Include="..\minirtl\hextou64.c" />
<ClCompile Include="..\minirtl\hextoul.c" />
<ClCompile Include="..\minirtl\i64tostr.c" />
<ClCompile Include="..\minirtl\itostr.c" />
<ClCompile Include="..\minirtl\strtoi.c" />
<ClCompile Include="..\minirtl\strtoi64.c" />
<ClCompile Include="..\minirtl\strtou64.c" />
<ClCompile Include="..\minirtl\strtoul.c" />
<ClCompile Include="..\minirtl\u64tohex.c" />
<ClCompile Include="..\minirtl\u64tostr.c" />
<ClCompile Include="..\minirtl\ultohex.c" />
<ClCompile Include="..\minirtl\ultostr.c" />
<ClCompile Include="..\minirtl\_filename.c" />
<ClCompile Include="..\minirtl\_strcat.c" />
<ClCompile Include="..\minirtl\_strcmp.c" />
<ClCompile Include="..\minirtl\_strcmpi.c" />
<ClCompile Include="..\minirtl\_strcpy.c" />
<ClCompile Include="..\minirtl\_strend.c" />
<ClCompile Include="..\minirtl\_strlen.c" />
<ClCompile Include="..\minirtl\_strncmp.c" />
<ClCompile Include="..\minirtl\_strncmpi.c" />
<ClCompile Include="..\minirtl\_strncpy.c" />
<ClCompile Include="..\minirtl\_strstr.c" />
<ClCompile Include="..\minirtl\_strstri.c" />
<ClCompile Include="..\shared\cui.c" />
<ClCompile Include="..\shared\ea.c" />
<ClCompile Include="..\shared\ldr.c" />
<ClCompile Include="..\shared\md5.c" />
<ClCompile Include="..\shared\util.c" />
<ClCompile Include="..\shared\za_crypto.c" />
<ClCompile Include="main.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h" />
<ClInclude Include="..\minirtl\minirtl.h" />
<ClInclude Include="..\minirtl\rtltypes.h" />
<ClInclude Include="..\minirtl\_filename.h" />
<ClInclude Include="..\shared\cui.h" />
<ClInclude Include="..\shared\ea.h" />
<ClInclude Include="..\shared\global.h" />
<ClInclude Include="..\shared\ldr.h" />
<ClInclude Include="..\shared\md5.h" />
<ClInclude Include="..\shared\ntos.h" />
<ClInclude Include="..\shared\util.h" />
<ClInclude Include="..\shared\za.h" />
<ClInclude Include="..\shared\za_crypto.h" />
<ClInclude Include="..\shared\za_rkey.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: Source/Harusame/Harusame.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="minirtl">
<UniqueIdentifier>{ee77c473-79e0-4e59-9cc2-8a1c0f3caaa6}</UniqueIdentifier>
</Filter>
<Filter Include="shared">
<UniqueIdentifier>{9ddd8dd9-4aea-4a5a-8649-efbcc9649130}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcat.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strend.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strlen.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstri.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\cmdline.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\i64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\itostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\cui.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\md5.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\util.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\za_crypto.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\ldr.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\ea.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_filename.c">
<Filter>minirtl</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\cui.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\global.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\md5.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ntos.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\util.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za_rkey.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\shared\za_crypto.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ldr.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ea.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\_filename.h">
<Filter>minirtl</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>
================================================
FILE: Source/Harusame/Harusame.vcxproj.user
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
================================================
FILE: Source/Harusame/main.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 1.02
*
* DATE: 01 Dec 2017
*
* Harusame program entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "..\shared\global.h"
#include "..\shared\cui.h"
#include "..\shared\za_rkey.h"
HANDLE g_ConOut = NULL;
WCHAR g_BE = 0xFEFF;
BOOL g_ConsoleOutput = FALSE;
#define T_SFCHECKTTITLE L"Sirefef/ZeroAccess 3 file checker v1.0 (14/01/16)"
#define T_SFCHECKUSAGE L"Usage: zacheck inputfile [mode 32 or 64, default 32]\n\r\te.g. zacheck in.dll 32\r\n"
#define T_SFCHECKMODE L"Wrong mode, possible values 32 or 64\r\n"
#define T_SFCHECKED L"File verification SUCCESSFUL "
#define T_SFCHECKFAIL L"File verification FAILED "
#define T_SFEAFAILURE L"File extended attributes missing or incorrect, cannot verify file"
#define T_SFPRESSANYKEY L"\r\nPress Enter to exit"
/*
* SfProcessCmdLine
*
* Purpose:
*
* Parse command line and do the job.
*
*/
UINT SfProcessCmdLine(
LPWSTR lpCommandLine
)
{
ULONG rlen, uMode = 32;
WCHAR szInputFile[MAX_PATH + 1];
WCHAR szMode[MAX_PATH + 1];
NTSTATUS status;
PBYTE pKey;
ULONG KeySize;
//path
rlen = 0;
RtlSecureZeroMemory(szInputFile, sizeof(szInputFile));
GetCommandLineParam(lpCommandLine, 1, (LPWSTR)&szInputFile, MAX_PATH, &rlen);
if (rlen == 0) {
SfcuiPrintText(g_ConOut,
T_SFCHECKUSAGE,
g_ConsoleOutput, FALSE);
return (UINT)-1;
}
//type
rlen = 0;
RtlSecureZeroMemory(&szMode, sizeof(szMode));
GetCommandLineParam(lpCommandLine, 2, (LPWSTR)&szMode, MAX_PATH, &rlen);
if (rlen == 0) {
uMode = 32;
}
else {
uMode = strtoul(szMode);
if (uMode != 32 && uMode != 64) {
SfcuiPrintText(g_ConOut,
T_SFCHECKMODE,
g_ConsoleOutput, FALSE);
return (UINT)-2;
}
}
pKey = (PBYTE)&ZA_key32;
KeySize = sizeof(ZA_key32);
if (uMode == 64) {
pKey = (PBYTE)&ZA_key64;
KeySize = sizeof(ZA_key64);
}
status = SfcIsFileLegit(szInputFile, pKey, KeySize);
//print result
SfcuiPrintText(g_ConOut,
szInputFile,
g_ConsoleOutput, TRUE);
_strcpy(szMode, TEXT("Verification mode: "));
ultostr(uMode, _strend(szMode));
_strcat(szMode, TEXT("\r\n"));
SfcuiPrintText(g_ConOut,
szMode,
g_ConsoleOutput, TRUE);
switch (status) {
case STATUS_EA_LIST_INCONSISTENT:
SfcuiPrintText(g_ConOut,
T_SFEAFAILURE,
g_ConsoleOutput, TRUE);
break;
case STATUS_SUCCESS:
SfcuiPrintText(g_ConOut,
T_SFCHECKED,
g_ConsoleOutput, TRUE);
break;
default:
SfcuiPrintText(g_ConOut,
T_SFCHECKFAIL,
g_ConsoleOutput, TRUE);
break;
}
return (NT_SUCCESS(status));
}
/*
* SfMain
*
* Purpose:
*
* Harusame main.
*
*/
void SfMain(
VOID
)
{
BOOL cond = FALSE;
UINT uResult = 0;
DWORD dwTemp;
HANDLE StdIn;
INPUT_RECORD inp1;
__security_init_cookie();
do {
if (!SfInitMD5()) {
uResult = (UINT)-1;
break;
}
g_ConOut = GetStdHandle(STD_OUTPUT_HANDLE);
if (g_ConOut == INVALID_HANDLE_VALUE) {
uResult = (UINT)-2;
break;
}
g_ConsoleOutput = TRUE;
if (!GetConsoleMode(g_ConOut, &dwTemp)) {
g_ConsoleOutput = FALSE;
}
SetConsoleTitle(T_SFCHECKTTITLE);
SetConsoleMode(g_ConOut, ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT | ENABLE_PROCESSED_OUTPUT);
if (g_ConsoleOutput == FALSE) {
WriteFile(g_ConOut, &g_BE, sizeof(WCHAR), &dwTemp, NULL);
}
uResult = SfProcessCmdLine(GetCommandLine());
if (g_ConsoleOutput) {
SfcuiPrintText(g_ConOut,
T_SFPRESSANYKEY,
TRUE, FALSE);
StdIn = GetStdHandle(STD_INPUT_HANDLE);
if (StdIn != INVALID_HANDLE_VALUE) {
RtlSecureZeroMemory(&inp1, sizeof(inp1));
ReadConsoleInput(StdIn, &inp1, 1, &dwTemp);
ReadConsole(StdIn, &g_BE, 1, &dwTemp, NULL);
}
}
} while (cond);
ExitProcess(uResult);
}
================================================
FILE: Source/Harusame/resource.h
================================================
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by resource.rc
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
================================================
FILE: Source/Murasame/Murasame.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>Murasame</RootNamespace>
<WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zaextract32</TargetName>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zaextract64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\cmdline.c" />
<ClCompile Include="..\minirtl\hextou64.c" />
<ClCompile Include="..\minirtl\hextoul.c" />
<ClCompile Include="..\minirtl\i64tostr.c" />
<ClCompile Include="..\minirtl\itostr.c" />
<ClCompile Include="..\minirtl\strtoi.c" />
<ClCompile Include="..\minirtl\strtoi64.c" />
<ClCompile Include="..\minirtl\strtou64.c" />
<ClCompile Include="..\minirtl\strtoul.c" />
<ClCompile Include="..\minirtl\u64tohex.c" />
<ClCompile Include="..\minirtl\u64tostr.c" />
<ClCompile Include="..\minirtl\ultohex.c" />
<ClCompile Include="..\minirtl\ultostr.c" />
<ClCompile Include="..\minirtl\_filename.c" />
<ClCompile Include="..\minirtl\_strcat.c" />
<ClCompile Include="..\minirtl\_strcmp.c" />
<ClCompile Include="..\minirtl\_strcmpi.c" />
<ClCompile Include="..\minirtl\_strcpy.c" />
<ClCompile Include="..\minirtl\_strend.c" />
<ClCompile Include="..\minirtl\_strlen.c" />
<ClCompile Include="..\minirtl\_strncmp.c" />
<ClCompile Include="..\minirtl\_strncmpi.c" />
<ClCompile Include="..\minirtl\_strncpy.c" />
<ClCompile Include="..\minirtl\_strstr.c" />
<ClCompile Include="..\minirtl\_strstri.c" />
<ClCompile Include="..\shared\cui.c" />
<ClCompile Include="..\shared\gdip.c" />
<ClCompile Include="..\shared\ldr.c" />
<ClCompile Include="..\shared\md5.c" />
<ClCompile Include="..\shared\util.c" />
<ClCompile Include="main.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h" />
<ClInclude Include="..\minirtl\minirtl.h" />
<ClInclude Include="..\minirtl\rtltypes.h" />
<ClInclude Include="..\minirtl\_filename.h" />
<ClInclude Include="..\shared\cui.h" />
<ClInclude Include="..\shared\gdip.h" />
<ClInclude Include="..\shared\global.h" />
<ClInclude Include="..\shared\ldr.h" />
<ClInclude Include="..\shared\md5.h" />
<ClInclude Include="..\shared\ntos.h" />
<ClInclude Include="..\shared\util.h" />
<ClInclude Include="..\shared\za.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: Source/Murasame/Murasame.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="minirtl">
<UniqueIdentifier>{82fc14f9-5afb-45dd-beea-4af99e666148}</UniqueIdentifier>
</Filter>
<Filter Include="shared">
<UniqueIdentifier>{b3d76b8d-1725-48df-880b-4b354f769687}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcat.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strend.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strlen.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstri.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\cmdline.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\i64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\itostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\ldr.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\util.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\md5.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\cui.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\gdip.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_filename.c">
<Filter>minirtl</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\global.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ldr.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ntos.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\util.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\md5.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\cui.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\gdip.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\_filename.h">
<Filter>minirtl</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>
================================================
FILE: Source/Murasame/Murasame.vcxproj.user
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>c:\malware\test.bin c:\malware\ext.bin 0x7744543A</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>c:\malware\test.bin c:\malware\ext.bin 0x7744543A</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
================================================
FILE: Source/Murasame/main.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 1.02
*
* DATE: 01 Dec 2017
*
* Murasame program entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "..\shared\global.h"
#include "..\shared\cui.h"
#include "..\shared\gdip.h"
#include <windows.h>
#include <Shlwapi.h>
#pragma comment(lib, "Shlwapi.lib")
HANDLE g_ConOut = NULL;
WCHAR g_BE = 0xFEFF;
BOOL g_ConsoleOutput = FALSE;
#define T_SFEXTRACTTITLE L"Sirefef/ZeroAccess 3 extractor v1.0 (18/01/16)"
#define T_SFEXTRACTUSAGE L"Usage: zaextract inputfile [outputfile] hexkey\n\r\te.g. zaextract dropper.bin extracted.bin 0x12345678\r\n"
#define T_SFEXTRACTED L"File extracted "
#define T_SFEXTRACTFAIL L"\r\nError while extracting file"
#define T_SFINITFAILED L"Required GDI+ routines cannot be found"
#define T_SFPRESSANYKEY L"\r\nPress Enter to exit"
/*
* SfExtractDropper
*
* Purpose:
*
* Extract Sirefef/ZeroAccess from image resource.
*
* CNG variant
*
*/
UINT SfExtractDropper(
LPWSTR lpCommandLine
)
{
BOOL cond = FALSE, bSuccess = FALSE;
ULONG c, uKey = 0, imagesz;
WCHAR szInputFile[MAX_PATH + 1];
WCHAR szOutputFile[MAX_PATH + 1];
WCHAR szKey[MAX_PATH];
PVOID ImageBase = NULL, EncryptedData = NULL, DecryptedData = NULL;
IStream *pImageStream = NULL;
ULONG_PTR gdiplusToken = 0;
GdiplusStartupInput input;
GdiplusStartupOutput output;
PVOID BitmapPtr = NULL;
GdiPlusBitmapData BitmapData;
GdiPlusRect rect;
SIZE_T sz;
PULONG ptr, i_ptr;
//input file
c = 0;
RtlSecureZeroMemory(szInputFile, sizeof(szInputFile));
GetCommandLineParam(lpCommandLine, 1, (LPWSTR)&szInputFile, MAX_PATH, &c);
if (c == 0) {
SfcuiPrintText(g_ConOut,
T_SFEXTRACTUSAGE,
g_ConsoleOutput, FALSE);
return (UINT)-1;
}
//output file
c = 0;
RtlSecureZeroMemory(&szOutputFile, sizeof(szOutputFile));
GetCommandLineParam(lpCommandLine, 2, (LPWSTR)&szOutputFile, MAX_PATH, &c);
if (c == 0) {
_strcpy(szOutputFile, TEXT("extracted.bin"));
}
//key
c = 0;
RtlSecureZeroMemory(&szKey, sizeof(szKey));
GetCommandLineParam(lpCommandLine, 3, (LPWSTR)&szKey, MAX_PATH, &c);
if ((c == 0) || (c > 10)) {
SfcuiPrintText(g_ConOut,
T_SFEXTRACTUSAGE,
g_ConsoleOutput, FALSE);
return (UINT)-1;
}
c = 0;
if (locase_w(szKey[1]) == 'x') {
c = 2;
}
uKey = hextoul(&szKey[c]);
do {
ImageBase = SfuCreateFileMappingNoExec(szInputFile);
if (ImageBase == NULL)
break;
c = 0;
EncryptedData = SfLdrQueryResourceData(1, ImageBase, &c);
if ((EncryptedData == NULL) || (c == 0))
break;
pImageStream = SHCreateMemStream((BYTE *)EncryptedData, (UINT)c);
if (pImageStream == NULL)
break;
RtlSecureZeroMemory(&input, sizeof(input));
RtlSecureZeroMemory(&output, sizeof(output));
input.GdiplusVersion = 1;
if (GdiplusStartup(&gdiplusToken, &input, &output) != GdiplusOk)
break;
BitmapPtr = NULL;
if (GdipCreateBitmapFromStream(pImageStream, &BitmapPtr) != GdiplusOk)
break;
RtlSecureZeroMemory(&rect, sizeof(rect));
if (
(GdipGetImageWidth(BitmapPtr, (UINT *)&rect.Width) == GdiplusOk) &&
(GdipGetImageHeight(BitmapPtr, (UINT *)&rect.Height) == GdiplusOk)
)
{
RtlSecureZeroMemory(&BitmapData, sizeof(BitmapData));
if (GdipBitmapLockBits(BitmapPtr, &rect, ImageLockModeRead, PixelFormat32bppARGB, &BitmapData) == GdiplusOk) {
c = (rect.Width * rect.Height);
imagesz = sizeof(ULONG) * c;
sz = imagesz;
DecryptedData = NULL;
NtAllocateVirtualMemory(NtCurrentProcess(), &DecryptedData, 0, &sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (DecryptedData) {
i_ptr = (PULONG)BitmapData.Scan0;
ptr = DecryptedData;
while (c > 0) {
*ptr = *i_ptr ^ uKey;
ptr++;
i_ptr++;
c--;
}
bSuccess = (SfuWriteBufferToFile(szOutputFile, DecryptedData, imagesz, FALSE, FALSE) == imagesz);
sz = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &DecryptedData, &sz, MEM_RELEASE);
}
GdipBitmapUnlockBits(BitmapPtr, &BitmapData);
}
}
} while (cond);
if (bSuccess == FALSE) {
SfcuiPrintText(g_ConOut,
T_SFEXTRACTFAIL,
g_ConsoleOutput, FALSE);
}
else
{
SfcuiPrintText(g_ConOut,
szOutputFile,
g_ConsoleOutput, TRUE);
SfcuiPrintText(g_ConOut,
T_SFEXTRACTED,
g_ConsoleOutput, TRUE);
}
if (BitmapPtr != NULL) {
GdipDisposeImage(&BitmapPtr);
}
if (gdiplusToken != 0) {
GdiplusShutdown(gdiplusToken);
}
if (pImageStream != NULL) {
pImageStream->lpVtbl->Release(pImageStream);
}
if (ImageBase != NULL) {
NtUnmapViewOfSection(NtCurrentProcess(), ImageBase);
}
return 0;
}
/*
* SfMain
*
* Purpose:
*
* Murasame main.
*
*/
void SfMain(
VOID
)
{
BOOL cond = FALSE;
UINT uResult = 0;
DWORD dwTemp;
HANDLE StdIn;
INPUT_RECORD inp1;
__security_init_cookie();
do {
g_ConOut = GetStdHandle(STD_OUTPUT_HANDLE);
if (g_ConOut == INVALID_HANDLE_VALUE) {
uResult = (UINT)-1;
break;
}
g_ConsoleOutput = TRUE;
if (!GetConsoleMode(g_ConOut, &dwTemp)) {
g_ConsoleOutput = FALSE;
}
SetConsoleTitle(T_SFEXTRACTTITLE);
SetConsoleMode(g_ConOut, ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT | ENABLE_PROCESSED_OUTPUT);
if (g_ConsoleOutput == FALSE) {
WriteFile(g_ConOut, &g_BE, sizeof(WCHAR), &dwTemp, NULL);
}
if (SfInitGdiPlus()) {
uResult = SfExtractDropper(GetCommandLine());
}
else {
SfcuiPrintText(g_ConOut,
T_SFINITFAILED,
g_ConsoleOutput, FALSE);
}
if (g_ConsoleOutput) {
SfcuiPrintText(g_ConOut,
T_SFPRESSANYKEY,
TRUE, FALSE);
StdIn = GetStdHandle(STD_INPUT_HANDLE);
if (StdIn != INVALID_HANDLE_VALUE) {
RtlSecureZeroMemory(&inp1, sizeof(inp1));
ReadConsoleInput(StdIn, &inp1, 1, &dwTemp);
ReadConsole(StdIn, &g_BE, 1, &dwTemp, NULL);
}
}
} while (cond);
ExitProcess(uResult);
}
================================================
FILE: Source/Murasame/resource.h
================================================
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by resource.rc
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
================================================
FILE: Source/Shigure/Shigure.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{77AD1A3E-BA02-4376-976D-BA356F98F32F}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>Shigure</RootNamespace>
<WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<TargetName>zadecrypt32</TargetName>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<TargetName>zadecrypt64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\cmdline.c" />
<ClCompile Include="..\minirtl\hextou64.c" />
<ClCompile Include="..\minirtl\hextoul.c" />
<ClCompile Include="..\minirtl\i64tostr.c" />
<ClCompile Include="..\minirtl\itostr.c" />
<ClCompile Include="..\minirtl\strtoi.c" />
<ClCompile Include="..\minirtl\strtoi64.c" />
<ClCompile Include="..\minirtl\strtou64.c" />
<ClCompile Include="..\minirtl\strtoul.c" />
<ClCompile Include="..\minirtl\u64tohex.c" />
<ClCompile Include="..\minirtl\u64tostr.c" />
<ClCompile Include="..\minirtl\ultohex.c" />
<ClCompile Include="..\minirtl\ultostr.c" />
<ClCompile Include="..\minirtl\_filename.c" />
<ClCompile Include="..\minirtl\_strcat.c" />
<ClCompile Include="..\minirtl\_strcmp.c" />
<ClCompile Include="..\minirtl\_strcmpi.c" />
<ClCompile Include="..\minirtl\_strcpy.c" />
<ClCompile Include="..\minirtl\_strend.c" />
<ClCompile Include="..\minirtl\_strlen.c" />
<ClCompile Include="..\minirtl\_strncmp.c" />
<ClCompile Include="..\minirtl\_strncmpi.c" />
<ClCompile Include="..\minirtl\_strncpy.c" />
<ClCompile Include="..\minirtl\_strstr.c" />
<ClCompile Include="..\minirtl\_strstri.c" />
<ClCompile Include="..\shared\cab.c" />
<ClCompile Include="..\shared\cui.c" />
<ClCompile Include="..\shared\ldr.c" />
<ClCompile Include="..\shared\md5.c" />
<ClCompile Include="..\shared\util.c" />
<ClCompile Include="main.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h" />
<ClInclude Include="..\minirtl\minirtl.h" />
<ClInclude Include="..\minirtl\rtltypes.h" />
<ClInclude Include="..\minirtl\_filename.h" />
<ClInclude Include="..\shared\cab.h" />
<ClInclude Include="..\shared\cui.h" />
<ClInclude Include="..\shared\global.h" />
<ClInclude Include="..\shared\ldr.h" />
<ClInclude Include="..\shared\md5.h" />
<ClInclude Include="..\shared\ntos.h" />
<ClInclude Include="..\shared\util.h" />
<ClInclude Include="..\shared\za.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: Source/Shigure/Shigure.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="minirtl">
<UniqueIdentifier>{0b82da90-09b9-424a-b217-d47fbaa87c59}</UniqueIdentifier>
</Filter>
<Filter Include="shared">
<UniqueIdentifier>{de1e4bba-d683-4dce-a248-b53266169d63}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\_strcat.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strend.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strlen.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\cmdline.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\cui.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\md5.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\util.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\shared\cab.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstri.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\i64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\itostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\ldr.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_filename.c">
<Filter>minirtl</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\cui.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\global.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\md5.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ntos.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\util.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\shared\cab.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ldr.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\_filename.h">
<Filter>minirtl</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>
================================================
FILE: Source/Shigure/Shigure.vcxproj.user
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
================================================
FILE: Source/Shigure/main.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 1.02
*
* DATE: 01 Dec 2017
*
* Shigure program entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma comment(lib, "bcrypt.lib")
#include "..\shared\global.h"
#include "..\shared\cui.h"
#include "..\shared\cab.h"
#include <Bcrypt.h>
HANDLE g_ConOut = NULL;
WCHAR g_BE = 0xFEFF;
BOOL g_ConsoleOutput = FALSE;
#define T_SFDECRYPTTITLE L"Sirefef/ZeroAccess 3 decryptor v1.0 (10/01/16)"
#define T_SFDECRYPTUSAGE L"Usage: zadecrypt inputfile [outputfile]\n\r\te.g. zadecrypt in.dll out.bin\r\n"
#define T_SFDECRYPTED L"File decrypted "
#define T_SFDECRYPTFAIL L"\r\nError while decrypting file"
#define T_SFPRESSANYKEY L"\r\nPress Enter to exit"
/*
* SfDecryptPayload
*
* Purpose:
*
* Decrypt container from resource using as hash md5 from file header bytes.
*
* CNG variant
*
*/
UINT SfDecryptPayload(
LPWSTR lpParameter
)
{
BOOL cond = FALSE, bSuccess = FALSE;
PBYTE cng_object, hashdata, decrypted, enc_data, extracted;
ULONG obj_sz, rlen, hdatasz, enc_data_size;
BCRYPT_ALG_HANDLE h_alg = NULL;
BCRYPT_HASH_HANDLE h_hash = NULL;
BCRYPT_KEY_HANDLE h_rc4key = NULL;
NTSTATUS status;
HANDLE pheap = NULL;
PIMAGE_FILE_HEADER fheader;
PVOID pdll = NULL;
WCHAR InputFile[MAX_PATH + 1], OutputFile[MAX_PATH + 1];
rlen = 0;
RtlSecureZeroMemory(InputFile, sizeof(InputFile));
GetCommandLineParam(lpParameter, 1, InputFile, MAX_PATH, &rlen);
if (rlen == 0) {
SfcuiPrintText(g_ConOut,
T_SFDECRYPTUSAGE,
g_ConsoleOutput, FALSE);
return (UINT)-1;
}
do {
rlen = 0;
GetCommandLineParam(lpParameter, 2, OutputFile, MAX_PATH, &rlen);
if (rlen == 0)
_strcpy(OutputFile, TEXT("out.bin"));
pdll = SfuCreateFileMappingNoExec(InputFile);
if (pdll == NULL)
break;
enc_data_size = 0;
enc_data = SfLdrQueryResourceData(2, pdll, &enc_data_size);
if (enc_data == NULL)
break;
fheader = &(RtlImageNtHeader(pdll)->FileHeader);
status = BCryptOpenAlgorithmProvider(&h_alg, BCRYPT_MD5_ALGORITHM, NULL, 0);
if (!NT_SUCCESS(status))
break;
obj_sz = 0;
rlen = 0;
status = BCryptGetProperty(h_alg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&obj_sz, sizeof(obj_sz), &rlen, 0);
if (!NT_SUCCESS(status))
break;
hdatasz = 0;
rlen = 0;
status = BCryptGetProperty(h_alg, BCRYPT_HASH_LENGTH, (PUCHAR)&hdatasz, sizeof(hdatasz), &rlen, 0);
if (!NT_SUCCESS(status))
break;
pheap = HeapCreate(0, 0, 0);
if (pheap == NULL)
break;
cng_object = HeapAlloc(pheap, HEAP_ZERO_MEMORY, obj_sz);
if (cng_object == NULL)
break;
hashdata = HeapAlloc(pheap, HEAP_ZERO_MEMORY, hdatasz);
if (hashdata == NULL)
break;
status = BCryptCreateHash(h_alg, &h_hash, cng_object, obj_sz, NULL, 0, 0);
if (!NT_SUCCESS(status))
break;
status = BCryptHashData(h_hash, (PUCHAR)fheader, sizeof(IMAGE_FILE_HEADER), 0);
if (!NT_SUCCESS(status))
break;
status = BCryptFinishHash(h_hash, hashdata, hdatasz, 0);
if (!NT_SUCCESS(status))
break;
BCryptDestroyHash(h_hash);
BCryptCloseAlgorithmProvider(h_alg, 0);
HeapFree(pheap, 0, cng_object);
h_alg = NULL;
h_hash = NULL;
status = BCryptOpenAlgorithmProvider(&h_alg, BCRYPT_RC4_ALGORITHM, NULL, 0);
if (!NT_SUCCESS(status))
break;
obj_sz = 0;
rlen = 0;
status = BCryptGetProperty(h_alg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&obj_sz, sizeof(obj_sz), &rlen, 0);
if (!NT_SUCCESS(status))
break;
cng_object = HeapAlloc(pheap, HEAP_ZERO_MEMORY, obj_sz);
if (cng_object == NULL)
break;
status = BCryptGenerateSymmetricKey(h_alg, &h_rc4key, cng_object, obj_sz, hashdata, hdatasz, 0);
if (!NT_SUCCESS(status))
break;
decrypted = HeapAlloc(pheap, HEAP_ZERO_MEMORY, enc_data_size);
if (decrypted == NULL)
break;
rlen = 0;
status = BCryptEncrypt(h_rc4key, enc_data, enc_data_size, NULL, NULL, 0, decrypted, enc_data_size, &rlen, 0);
if (!NT_SUCCESS(status))
break;
bSuccess = FALSE;
enc_data_size = rlen;
rlen = 0;
extracted = SfcabExtractMemory(decrypted, enc_data_size, &rlen);
if (extracted) {
if (SfuWriteBufferToFile(OutputFile, extracted, rlen, FALSE, FALSE) == rlen) {
bSuccess = TRUE;
}
LocalFree(extracted);
}
else {
//failed to extract, drop cab as is
if (SfuWriteBufferToFile(OutputFile, decrypted, enc_data_size, FALSE, FALSE) == enc_data_size) {
bSuccess = TRUE;
}
}
if (bSuccess) {
SfcuiPrintText(g_ConOut,
T_SFDECRYPTED,
g_ConsoleOutput, FALSE);
SfcuiPrintText(g_ConOut,
OutputFile,
g_ConsoleOutput, FALSE);
}
} while (cond);
if (bSuccess == FALSE) {
SfcuiPrintText(g_ConOut,
T_SFDECRYPTFAIL,
g_ConsoleOutput, FALSE);
}
if (h_rc4key != NULL)
BCryptDestroyKey(h_rc4key);
if (h_hash != NULL)
BCryptDestroyHash(h_hash);
if (h_alg != NULL)
BCryptCloseAlgorithmProvider(h_alg, 0);
if (pheap != NULL)
HeapDestroy(pheap);
if (pdll != 0)
NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)pdll);
return 0;
}
/*
* SfMain
*
* Purpose:
*
* Shigure main.
*
*/
void SfMain(
VOID
)
{
BOOL cond = FALSE;
UINT uResult = 0;
DWORD dwTemp;
HANDLE StdIn;
INPUT_RECORD inp1;
__security_init_cookie();
do {
g_ConOut = GetStdHandle(STD_OUTPUT_HANDLE);
if (g_ConOut == INVALID_HANDLE_VALUE) {
uResult = (UINT)-1;
break;
}
g_ConsoleOutput = TRUE;
if (!GetConsoleMode(g_ConOut, &dwTemp)) {
g_ConsoleOutput = FALSE;
}
SetConsoleTitle(T_SFDECRYPTTITLE);
SetConsoleMode(g_ConOut, ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT | ENABLE_PROCESSED_OUTPUT);
if (g_ConsoleOutput == FALSE) {
WriteFile(g_ConOut, &g_BE, sizeof(WCHAR), &dwTemp, NULL);
}
uResult = SfDecryptPayload(GetCommandLine());
if (g_ConsoleOutput) {
SfcuiPrintText(g_ConOut,
T_SFPRESSANYKEY,
TRUE, FALSE);
StdIn = GetStdHandle(STD_INPUT_HANDLE);
if (StdIn != INVALID_HANDLE_VALUE) {
RtlSecureZeroMemory(&inp1, sizeof(inp1));
ReadConsoleInput(StdIn, &inp1, 1, &dwTemp);
ReadConsole(StdIn, &g_BE, 1, &dwTemp, NULL);
}
}
} while (cond);
ExitProcess(uResult);
}
================================================
FILE: Source/Shigure/resource.h
================================================
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by resource.rc
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
================================================
FILE: Source/Umikaze/Umikaze.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>Umikaze</RootNamespace>
<WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<TargetName>zadecode32</TargetName>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<TargetName>zadecode64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\cmdline.c" />
<ClCompile Include="..\minirtl\hextou64.c" />
<ClCompile Include="..\minirtl\hextoul.c" />
<ClCompile Include="..\minirtl\i64tostr.c" />
<ClCompile Include="..\minirtl\itostr.c" />
<ClCompile Include="..\minirtl\strtoi.c" />
<ClCompile Include="..\minirtl\strtoi64.c" />
<ClCompile Include="..\minirtl\strtou64.c" />
<ClCompile Include="..\minirtl\strtoul.c" />
<ClCompile Include="..\minirtl\u64tohex.c" />
<ClCompile Include="..\minirtl\u64tostr.c" />
<ClCompile Include="..\minirtl\ultohex.c" />
<ClCompile Include="..\minirtl\ultostr.c" />
<ClCompile Include="..\minirtl\_strcat.c" />
<ClCompile Include="..\minirtl\_strcmp.c" />
<ClCompile Include="..\minirtl\_strcmpi.c" />
<ClCompile Include="..\minirtl\_strcpy.c" />
<ClCompile Include="..\minirtl\_strend.c" />
<ClCompile Include="..\minirtl\_strlen.c" />
<ClCompile Include="..\minirtl\_strncmp.c" />
<ClCompile Include="..\minirtl\_strncmpi.c" />
<ClCompile Include="..\minirtl\_strncpy.c" />
<ClCompile Include="..\minirtl\_strstr.c" />
<ClCompile Include="..\minirtl\_strstri.c" />
<ClCompile Include="..\shared\cui.c" />
<ClCompile Include="..\shared\md5.c" />
<ClCompile Include="..\shared\util.c" />
<ClCompile Include="main.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\minirtl\cmdline.h" />
<ClInclude Include="..\..\minirtl\minirtl.h" />
<ClInclude Include="..\..\minirtl\rtltypes.h" />
<ClInclude Include="..\minirtl\cmdline.h" />
<ClInclude Include="..\minirtl\minirtl.h" />
<ClInclude Include="..\minirtl\rtltypes.h" />
<ClInclude Include="..\shared\cui.h" />
<ClInclude Include="..\shared\global.h" />
<ClInclude Include="..\shared\md5.h" />
<ClInclude Include="..\shared\ntos.h" />
<ClInclude Include="..\shared\util.h" />
<ClInclude Include="..\shared\za.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: Source/Umikaze/Umikaze.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="minirtl">
<UniqueIdentifier>{5e475bb5-a4f5-471e-b3c8-d87ad53517d2}</UniqueIdentifier>
</Filter>
<Filter Include="shared">
<UniqueIdentifier>{4b54bbae-5cb8-4e4d-8558-c08ddc6ea92b}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcat.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strend.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strlen.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\cmdline.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\util.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\cui.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstri.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\i64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\itostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\md5.c">
<Filter>shared</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\za.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ntos.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\util.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\cui.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\shared\global.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\md5.h">
<Filter>shared</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>
================================================
FILE: Source/Umikaze/Umikaze.vcxproj.user
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>
</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
================================================
FILE: Source/Umikaze/main.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 1.02
*
* DATE: 01 Dec 2017
*
* Umikaze program entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "..\shared\global.h"
#include "..\shared\cui.h"
HANDLE g_ConOut = NULL;
WCHAR g_BE = 0xFEFF;
BOOL g_ConsoleOutput = FALSE;
#define T_SFDECODETITLE L"Sirefef/ZeroAccess 3 peer list decoder v1.0 (10/01/16)"
#define T_SFDECODEUSAGE L"Usage: zadecode peerlist_filename [type 32 or 64, default 32]\n\r\te.g. zadecode s32 32\r\n"
#define T_SFDECODEMODE L"Wrong mode, possible values 32 or 64\r\n"
#define T_SFUNSUCCESSF L"Error generating list"
#define T_SFBADDATA L"File has wrong structure or damaged"
#define T_SFGENERATED L"File generated "
#define T_SFPRESSANYKEY L"\r\nPress Enter to exit"
/*
* SfDecodePeerList
*
* Purpose:
*
* Decode peer list to file, ZA v3 variant.
*
*/
NTSTATUS SfDecodePeerList(
LPWSTR lpInFileName,
LPWSTR lpOutFileName,
ULONG uType
)
{
BOOL cond = FALSE;
NTSTATUS status = STATUS_UNSUCCESSFUL;
HANDLE hFile = NULL;
OBJECT_ATTRIBUTES obja;
IO_STATUS_BLOCK iost;
UNICODE_STRING NtFileName;
FILE_STANDARD_INFORMATION fsi;
PUCHAR FileBuffer = NULL;
ULONG i, j, c, Port, bytesIO;
PZA_PEERINFO peer;
LARGE_INTEGER ftime;
SYSTEMTIME st1;
WCHAR text[MAX_PATH + 1];
RtlSecureZeroMemory(&NtFileName, sizeof(NtFileName));
do {
//open input file
if (RtlDosPathNameToNtPathName_U(lpInFileName, &NtFileName, NULL, NULL) == FALSE)
break;
InitializeObjectAttributes(&obja, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL);
status = NtCreateFile(&hFile, FILE_READ_ACCESS | SYNCHRONIZE, &obja, &iost, NULL, 0,
FILE_SHARE_READ, FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(status))
break;
//get file size
status = NtQueryInformationFile(hFile, &iost, &fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
if (!NT_SUCCESS(status))
break;
c = fsi.EndOfFile.LowPart % sizeof(ZA_PEERINFO);
if (c != 0) {
status = STATUS_BAD_DATA;
break;
}
FileBuffer = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, fsi.EndOfFile.LowPart);
if (FileBuffer == NULL)
break;
//read file to buffer
status = NtReadFile(hFile, NULL, NULL, NULL, &iost, FileBuffer, fsi.EndOfFile.LowPart, NULL, NULL);
if (!NT_SUCCESS(status))
break;
//close input file
NtClose(hFile);
hFile = NULL;
RtlFreeUnicodeString(&NtFileName);
//create output file
if (RtlDosPathNameToNtPathName_U(lpOutFileName, &NtFileName, NULL, NULL) == FALSE)
break;
InitializeObjectAttributes(&obja, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL);
status = NtCreateFile(&hFile, FILE_WRITE_ACCESS | SYNCHRONIZE, &obja, &iost, NULL, 0,
0, FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(status))
break;
NtWriteFile(hFile, NULL, NULL, NULL, &iost, &g_BE, sizeof(g_BE), NULL, NULL);
c = fsi.EndOfFile.LowPart / sizeof(ZA_PEERINFO);
for (i = 0, j = 0; i < c; i += 1, j += sizeof(ZA_PEERINFO)) {
peer = (ZA_PEERINFO *)&FileBuffer[j];
RtlSecureZeroMemory(&text, sizeof(text));
RtlIpv4AddressToStringW((struct in_addr*)&peer->IP, (PWSTR)&text);
_strcat(text, TEXT(":"));
Port = 0x4000 + (peer->Port);
if (uType == 64) Port += 0x4000;
ultostr(Port, _strend(text));
_strcat(text, TEXT(" "));
RtlSecondsSince1980ToTime((peer->TimeStamp * 3600) - 0xbf000000, &ftime);
RtlSecureZeroMemory(&st1, sizeof(st1));
if (FileTimeToSystemTime((PFILETIME)&ftime, &st1)) {
ultostr(st1.wDay, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wMonth, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wYear, _strend(text));
_strcat(text, TEXT(" "));
ultostr(st1.wHour, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wMinute, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wSecond, _strend(text));
}
_strcat(text, TEXT("\r\n"));
bytesIO = (ULONG)(_strlen(text) * sizeof(WCHAR));
status = NtWriteFile(hFile,
NULL,
NULL,
NULL,
&iost,
text,
bytesIO,
NULL,
NULL);
}
} while (cond);
if (hFile) NtClose(hFile);
if (FileBuffer) RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, FileBuffer);
if (NtFileName.Buffer) RtlFreeUnicodeString(&NtFileName);
return status;
}
/*
* SfProcessCmdLine
*
* Purpose:
*
* Parse command line and do the job.
*
*/
UINT SfProcessCmdLine(
LPWSTR lpCommandLine
)
{
NTSTATUS status;
ULONG rlen, uType = 32;
WCHAR textbuf[MAX_PATH + 1], textbuf2[MAX_PATH * 2];
WCHAR szMode[MAX_PATH + 1];
//path
rlen = 0;
RtlSecureZeroMemory(&textbuf, sizeof(textbuf));
GetCommandLineParam(lpCommandLine, 1, (LPWSTR)&textbuf, sizeof(textbuf), &rlen);
if (rlen == 0) {
SfcuiPrintText(g_ConOut,
T_SFDECODEUSAGE,
g_ConsoleOutput, FALSE);
return (UINT)-1;
}
//type
rlen = 0;
RtlSecureZeroMemory(&szMode, sizeof(szMode));
GetCommandLineParam(lpCommandLine, 2, (LPWSTR)&szMode, sizeof(szMode), &rlen);
if (rlen == 0) {
uType = 32;
}
else {
uType = strtoul(szMode);
if (uType != 32 && uType != 64) {
SfcuiPrintText(g_ConOut,
T_SFDECODEMODE,
g_ConsoleOutput, FALSE);
return (UINT)-2;
}
}
_strcpy(textbuf2, textbuf);
if (uType == 32) {
_strcat(textbuf2, L".d32.txt");
}
else {
_strcat(textbuf2, L".d64.txt");
}
status = SfDecodePeerList(textbuf, textbuf2, uType);
switch (status) {
case STATUS_BAD_DATA:
SfcuiPrintText(g_ConOut,
T_SFBADDATA,
g_ConsoleOutput, FALSE);
return (UINT)-3;
break;
case STATUS_SUCCESS:
SfcuiPrintText(g_ConOut,
T_SFGENERATED,
g_ConsoleOutput, FALSE);
SfcuiPrintText(g_ConOut,
textbuf2,
g_ConsoleOutput, FALSE);
break;
default:
SfcuiPrintText(g_ConOut,
T_SFUNSUCCESSF,
g_ConsoleOutput, FALSE);
return (UINT)-4;
break;
}
return 0;
}
/*
* SfMain
*
* Purpose:
*
* Umikaze main.
*
*/
void SfMain(
VOID
)
{
BOOL cond = FALSE;
UINT uResult = 0;
DWORD dwTemp;
HANDLE StdIn;
INPUT_RECORD inp1;
__security_init_cookie();
do {
g_ConOut = GetStdHandle(STD_OUTPUT_HANDLE);
if (g_ConOut == INVALID_HANDLE_VALUE) {
uResult = (UINT)-1;
break;
}
g_ConsoleOutput = TRUE;
if (!GetConsoleMode(g_ConOut, &dwTemp)) {
g_ConsoleOutput = FALSE;
}
SetConsoleTitle(T_SFDECODETITLE);
SetConsoleMode(g_ConOut, ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT | ENABLE_PROCESSED_OUTPUT);
if (g_ConsoleOutput == FALSE) {
WriteFile(g_ConOut, &g_BE, sizeof(WCHAR), &dwTemp, NULL);
}
uResult = SfProcessCmdLine(GetCommandLine());
if (g_ConsoleOutput) {
SfcuiPrintText(g_ConOut,
T_SFPRESSANYKEY,
TRUE, FALSE);
StdIn = GetStdHandle(STD_INPUT_HANDLE);
if (StdIn != INVALID_HANDLE_VALUE) {
RtlSecureZeroMemory(&inp1, sizeof(inp1));
ReadConsoleInput(StdIn, &inp1, 1, &dwTemp);
ReadConsole(StdIn, &g_BE, 1, &dwTemp, NULL);
}
}
} while (cond);
ExitProcess(uResult);
}
================================================
FILE: Source/Umikaze/resource.h
================================================
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by resource.rc
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
================================================
FILE: Source/Yuudachi/Yuudachi.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{14358883-8E74-44F5-BCC4-C32D41A3A662}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>Yuudachi</RootNamespace>
<WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zamon32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>zamon64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
<Manifest>
<AdditionalManifestFiles>za.manifest</AdditionalManifestFiles>
</Manifest>
<Manifest>
<EnableDpiAwareness>true</EnableDpiAwareness>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
</Link>
<Manifest>
<AdditionalManifestFiles>za.manifest</AdditionalManifestFiles>
</Manifest>
<Manifest>
<EnableDpiAwareness>true</EnableDpiAwareness>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
</Link>
<Manifest>
<AdditionalManifestFiles>za.manifest</AdditionalManifestFiles>
</Manifest>
<Manifest>
<EnableDpiAwareness>true</EnableDpiAwareness>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>No</GenerateDebugInformation>
<EntryPointSymbol>SfMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
<IgnoreAllDefaultLibraries>
</IgnoreAllDefaultLibraries>
</Link>
<Manifest>
<AdditionalManifestFiles>za.manifest</AdditionalManifestFiles>
</Manifest>
<Manifest>
<EnableDpiAwareness>true</EnableDpiAwareness>
</Manifest>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\minirtl\cmdline.c" />
<ClCompile Include="..\minirtl\hextou64.c" />
<ClCompile Include="..\minirtl\hextoul.c" />
<ClCompile Include="..\minirtl\i64tostr.c" />
<ClCompile Include="..\minirtl\itostr.c" />
<ClCompile Include="..\minirtl\strtoi.c" />
<ClCompile Include="..\minirtl\strtoi64.c" />
<ClCompile Include="..\minirtl\strtou64.c" />
<ClCompile Include="..\minirtl\strtoul.c" />
<ClCompile Include="..\minirtl\u64tohex.c" />
<ClCompile Include="..\minirtl\u64tostr.c" />
<ClCompile Include="..\minirtl\ultohex.c" />
<ClCompile Include="..\minirtl\ultostr.c" />
<ClCompile Include="..\minirtl\_filename.c" />
<ClCompile Include="..\minirtl\_strcat.c" />
<ClCompile Include="..\minirtl\_strcmp.c" />
<ClCompile Include="..\minirtl\_strcmpi.c" />
<ClCompile Include="..\minirtl\_strcpy.c" />
<ClCompile Include="..\minirtl\_strend.c" />
<ClCompile Include="..\minirtl\_strlen.c" />
<ClCompile Include="..\minirtl\_strncmp.c" />
<ClCompile Include="..\minirtl\_strncmpi.c" />
<ClCompile Include="..\minirtl\_strncpy.c" />
<ClCompile Include="..\minirtl\_strstr.c" />
<ClCompile Include="..\minirtl\_strstri.c" />
<ClCompile Include="..\shared\ea.c" />
<ClCompile Include="..\shared\ldr.c" />
<ClCompile Include="..\shared\md5.c" />
<ClCompile Include="..\shared\rc4.c" />
<ClCompile Include="..\shared\util.c" />
<ClCompile Include="..\shared\za_crypto.c" />
<ClCompile Include="gui.c" />
<ClCompile Include="main.c" />
<ClCompile Include="p2p.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\minirtl\cmdline.h" />
<ClInclude Include="..\minirtl\minirtl.h" />
<ClInclude Include="..\minirtl\rtltypes.h" />
<ClInclude Include="..\minirtl\_filename.h" />
<ClInclude Include="..\shared\ea.h" />
<ClInclude Include="..\shared\global.h" />
<ClInclude Include="..\shared\ldr.h" />
<ClInclude Include="..\shared\md5.h" />
<ClInclude Include="..\shared\ntos.h" />
<ClInclude Include="..\shared\rc4.h" />
<ClInclude Include="..\shared\util.h" />
<ClInclude Include="..\shared\za.h" />
<ClInclude Include="..\shared\za_crypto.h" />
<ClInclude Include="..\shared\za_rkey.h" />
<ClInclude Include="gui.h" />
<ClInclude Include="p2p.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: Source/Yuudachi/Yuudachi.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="minirtl">
<UniqueIdentifier>{b28fb8f1-e665-449f-80f8-3eae4258df44}</UniqueIdentifier>
</Filter>
<Filter Include="shared">
<UniqueIdentifier>{43bb3fdd-e398-4c7f-b3df-b6c20917a390}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="gui.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="p2p.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcat.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strcpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strend.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strlen.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmp.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncmpi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strncpy.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_strstri.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\cmdline.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\hextoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\i64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\itostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoi64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtou64.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\strtoul.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\u64tostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\ultostr.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="..\shared\ea.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\md5.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\rc4.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\util.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\ldr.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\shared\za_crypto.c">
<Filter>shared</Filter>
</ClCompile>
<ClCompile Include="..\minirtl\_filename.c">
<Filter>minirtl</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="gui.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="p2p.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\cmdline.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\minirtl.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\rtltypes.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="..\shared\ea.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\global.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\md5.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ntos.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\rc4.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\util.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za_rkey.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\ldr.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\shared\za_crypto.h">
<Filter>shared</Filter>
</ClInclude>
<ClInclude Include="..\minirtl\_filename.h">
<Filter>minirtl</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>
================================================
FILE: Source/Yuudachi/Yuudachi.vcxproj.user
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>
================================================
FILE: Source/Yuudachi/gui.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
*
* TITLE: GUI.C
*
* VERSION: 1.01
*
* DATE: 22 Jan 2016
*
* Yuudachi GUI support routines.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#define OEMRESOURCE
#include "..\shared\global.h"
#include "p2p.h"
#include "gui.h"
#include <commctrl.h>
#pragma comment(lib, "ComCtl32.Lib")
static const WCHAR T_SFWNDTITLE[] = TEXT("ZeroAccess monitor");
static const WCHAR T_SFMAINWNDCLASS[] = TEXT("za root class");
ZA_GUI_CONTEXT g_guictx;
/*
* SfUIAddEvent
*
* Purpose:
*
* Output event.
*
*/
VOID SfUIAddEvent(
_In_opt_ PVOID ScanContext,
_In_ ULONG Event,
_In_opt_ LPWSTR lpValue
)
{
LVITEM lvitem;
INT index;
ULONG n;
LPWSTR lpEvent;
WCHAR szBuffer[MAX_PATH];
ZA_SCANCTX *pCtx = (ZA_SCANCTX*)ScanContext;
switch (Event) {
case GUI_EVENT_ERROR:
lpEvent = TEXT("Error");
break;
case GUI_EVENT_CONNECTION:
lpEvent = TEXT("Connection");
break;
case GUI_EVENT_PACKET_RECV:
lpEvent = TEXT("PacketReceived");
break;
case GUI_EVENT_PACKET_SEND:
lpEvent = TEXT("PacketSend");
break;
case GUI_EVENT_DOWNLOAD_FILE:
lpEvent = TEXT("FileDownload");
break;
case GUI_EVENT_FILE_HEADER:
lpEvent = TEXT("FileHeader");
break;
case GUI_EVENT_PEER_HEADER:
lpEvent = TEXT("PeerHeader");
break;
case GUI_EVENT_NEWROUND:
lpEvent = TEXT("NewRound");
break;
case GUI_EVENT_PACKET_HEADER:
lpEvent = TEXT("PacketHeader");
break;
case GUI_EVENT_INFORMATION:
lpEvent = TEXT("Information");
break;
case GUI_EVENT_THREAD_STARTED:
case GUI_EVENT_THREAD_TERMINATED:
lpEvent = TEXT("Thread");
break;
default:
lpEvent = TEXT("UnnamedEvent");
break;
}
//Event
RtlSecureZeroMemory(&lvitem, sizeof(lvitem));
lvitem.mask = LVIF_TEXT;
lvitem.iSubItem = 0;
lvitem.iItem = MAXINT;
lvitem.iImage = 0;
lvitem.pszText = lpEvent;
index = ListView_InsertItem(g_guictx.OutputWindow, &lvitem);
//Value
lvitem.mask = LVIF_TEXT;
lvitem.iSubItem = 1;
lvitem.pszText = lpValue;
lvitem.iItem = index;
ListView_SetItem(g_guictx.OutputWindow, &lvitem);
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
_strcpy(szBuffer, TEXT("TotalEvents: "));
ultostr(ListView_GetItemCount(g_guictx.OutputWindow), _strend(szBuffer));
SendMessage(g_guictx.StatusBar, SB_SETTEXT, (WPARAM)0, (LPARAM)&szBuffer);
if (pCtx) {
_strcpy(szBuffer, TEXT("Peers: "));
n = RtlNumberGenericTableElementsAvl(&pCtx->PeersTable);
ultostr(n, _strend(szBuffer));
SendMessage(g_guictx.StatusBar, SB_SETTEXT, (WPARAM)1, (LPARAM)&szBuffer);
_strcpy(szBuffer, TEXT("Peers in dump: "));
n = RtlNumberGenericTableElementsAvl(&pCtx->PeersTableDump);
ultostr(n, _strend(szBuffer));
SendMessage(g_guictx.StatusBar, SB_SETTEXT, (WPARAM)2, (LPARAM)&szBuffer);
_strcpy(szBuffer, TEXT("Files: "));
ultostr(pCtx->NumberOfFiles, _strend(szBuffer));
SendMessage(g_guictx.StatusBar, SB_SETTEXT, (WPARAM)3, (LPARAM)&szBuffer);
}
ListView_RedrawItems(g_guictx.OutputWindow, ListView_GetItemCount(g_guictx.OutputWindow), -1);
UpdateWindow(g_guictx.OutputWindow);
}
/*
* SfUIMainWindowResize
*
* Purpose:
*
* Main window WM_SIZE handler.
*
*/
VOID SfUIMainWindowResize(
VOID
)
{
RECT r1, StatusBarRect;
LONG sizeY;
SendMessage(g_guictx.StatusBar, WM_SIZE, 0, 0);
RtlSecureZeroMemory(&StatusBarRect, sizeof(StatusBarRect));
GetWindowRect(g_guictx.StatusBar, &StatusBarRect);
if (g_guictx.OutputWindow) {
RtlSecureZeroMemory(&r1, sizeof(r1));
GetClientRect(g_guictx.MainWindow, &r1);
sizeY = StatusBarRect.bottom - StatusBarRect.top;
SetWindowPos(g_guictx.OutputWindow, NULL, 0, 0,
r1.right,
r1.bottom - sizeY,
SWP_NOMOVE | SWP_NOZORDER);
}
}
/*
* SfUIMainWindowProc
*
* Purpose:
*
* Main window message handler.
*
*/
LRESULT CALLBACK SfUIMainWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg) {
case WM_GETMINMAXINFO:
if (lParam) {
((PMINMAXINFO)lParam)->ptMinTrackSize.x = 400;
((PMINMAXINFO)lParam)->ptMinTrackSize.y = 256;
}
break;
case WM_SIZE:
if (!IsIconic(hwnd)) {
SfUIMainWindowResize();
}
break;
case WM_CLOSE:
InterlockedExchange((PLONG)&g_guictx.bShutdown, (LONG)TRUE);
PostQuitMessage(0);
break;
default:
break;
}
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
/*
* SfUICreateControls
*
* Purpose:
*
* Initialize gui controls.
*
*/
void SfUICreateControls(
HWND hwndParent
)
{
LVCOLUMNW col;
INT status_parts[5];
RECT client_rect;
GetClientRect(g_guictx.MainWindow, &client_rect);
g_guictx.StatusBar = CreateWindowEx(0, STATUSCLASSNAME, NULL,
WS_VISIBLE | WS_CHILD | SBARS_SIZEGRIP, 0,
client_rect.bottom - client_rect.top - 20,
client_rect.right - client_rect.left,
20,
g_guictx.MainWindow, (HMENU)1001, g_guictx.hInstance, NULL);
if (g_guictx.StatusBar) {
status_parts[0] = 200;
status_parts[1] = 400;
status_parts[2] = 600;
status_parts[3] = 700;
status_parts[4] = -1;
SendMessage(g_guictx.StatusBar, SB_SETPARTS, (WPARAM)4, (LPARAM)&status_parts);
}
g_guictx.OutputWindow = CreateWindowEx(
0,
WC_LISTVIEW,
NULL,
WS_CHILD | WS_VISIBLE | LVS_REPORT | LVS_SINGLESEL,
0, 0, 0, 0,
hwndParent,
(HMENU)0,
(HINSTANCE)g_guictx.hInstance,
NULL);
if (g_guictx.OutputWindow) {
ListView_SetExtendedListViewStyle(g_guictx.OutputWindow,
LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_GRIDLINES | LVS_EX_LABELTIP);
RtlSecureZeroMemory(&col, sizeof(col));
col.mask = LVCF_TEXT | LVCF_SUBITEM | LVCF_FMT | LVCF_WIDTH | LVCF_ORDER;
col.iSubItem = 1;
col.pszText = L"Event";
col.fmt = LVCFMT_LEFT;
col.iOrder = 0;
col.iImage = - 1;
col.cx = 120;
ListView_InsertColumn(g_guictx.OutputWindow, 1, &col);
col.iSubItem = 2;
col.pszText = L"Value";
col.iOrder = 1;
col.cx = 600;
ListView_InsertColumn(g_guictx.OutputWindow, 2, &col);
}
}
/*
* SfUImain
*
* Purpose:
*
* Create main window and all components.
*
*/
void SfUImain(
VOID
)
{
MSG msg1;
WNDCLASSEX wincls;
BOOL rv = TRUE, cond = FALSE;
ATOM class_atom = 0;
INITCOMMONCONTROLSEX icex;
RtlSecureZeroMemory(&g_guictx, sizeof(g_guictx));
icex.dwSize = sizeof(INITCOMMONCONTROLSEX);
icex.dwICC = ICC_LISTVIEW_CLASSES | ICC_BAR_CLASSES;
InitCommonControlsEx(&icex);
g_guictx.hInstance = GetModuleHandle(NULL);
wincls.cbSize = sizeof(WNDCLASSEX);
wincls.style = 0;
wincls.lpfnWndProc = &SfUIMainWindowProc;
wincls.cbClsExtra = 0;
wincls.cbWndExtra = 0;
wincls.hInstance = g_guictx.hInstance;
wincls.hIcon = NULL;
wincls.hCursor = (HCURSOR)LoadImage(NULL, MAKEINTRESOURCE(OCR_NORMAL), IMAGE_CURSOR, 0, 0, LR_SHARED);
wincls.hbrBackground = 0;
wincls.lpszMenuName = NULL;
wincls.lpszClassName = T_SFMAINWNDCLASS;
wincls.hIconSm = 0;
do {
class_atom = RegisterClassEx(&wincls);
if (class_atom == 0)
break;
g_guictx.MainWindow = CreateWindowEx(0, MAKEINTATOM(class_atom), T_SFWNDTITLE,
WS_BORDER | WS_VISIBLE | WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 800, 600, NULL, NULL, g_guictx.hInstance, NULL);
if (g_guictx.MainWindow == NULL)
break;
SfUICreateControls(g_guictx.MainWindow);
SendMessage(g_guictx.MainWindow, WM_SIZE, 0, 0);
SfNMain();
do {
rv = GetMessage(&msg1, NULL, 0, 0);
if (rv == -1)
break;
if (IsDialogMessage(g_guictx.MainWindow, &msg1))
continue;
TranslateMessage(&msg1);
DispatchMessage(&msg1);
} while (rv != 0);
} while (cond);
if (class_atom != 0)
UnregisterClass(MAKEINTATOM(class_atom), g_guictx.hInstance);
}
================================================
FILE: Source/Yuudachi/gui.h
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
*
* TITLE: GUI.H
*
* VERSION: 1.00
*
* DATE: 17 Jan 2016
*
* Yuudachi GUI support routines header file.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
typedef struct _ZA_GUI_CONTEXT {
HINSTANCE hInstance;
HWND MainWindow;
HWND OutputWindow;
HWND StatusBar;
BOOL bShutdown;
} ZA_GUI_CONTEXT, *PZA_GUI_CONTEXT;
extern ZA_GUI_CONTEXT g_guictx;
#define GUI_EVENT_ERROR 0
#define GUI_EVENT_CONNECTION 1
#define GUI_EVENT_PACKET_RECV 2
#define GUI_EVENT_PACKET_SEND 3
#define GUI_EVENT_DOWNLOAD_FILE 4
#define GUI_EVENT_FILE_HEADER 5
#define GUI_EVENT_PEER_HEADER 6
#define GUI_EVENT_NEWROUND 7
#define GUI_EVENT_PACKET_HEADER 8
#define GUI_EVENT_INFORMATION 100
#define GUI_EVENT_THREAD_STARTED 1000
#define GUI_EVENT_THREAD_TERMINATED 2000
void SfUImain(
VOID
);
VOID SfUIAddEvent(
_In_opt_ PVOID ScanContext,
_In_ ULONG Event,
_In_opt_ LPWSTR lpValue
);
================================================
FILE: Source/Yuudachi/main.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
*
* TITLE: MAIN.C
*
* VERSION: 1.00
*
* DATE: 17 Jan 2016
*
* Yuudachi program entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "..\shared\global.h"
#include "gui.h"
#include "p2p.h"
/*
* SfMain
*
* Purpose:
*
* Yuudachi main.
*
*/
void SfMain(
VOID
)
{
WSADATA wsaData;
__security_init_cookie();
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) {
ExitProcess((UINT)-1);
}
SfUImain();
WSACleanup();
ExitProcess(0);
}
================================================
FILE: Source/Yuudachi/p2p.c
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
*
* TITLE: P2P.C
*
* VERSION: 1.01
*
* DATE: 22 Jan 2016
*
* Yuudachi poi2poi.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "p2p.h"
#include "gui.h"
#include "..\shared\za_crypto.h"
#include "..\shared\ea.h"
typedef void (__cdecl *pfnqsort)(
_Inout_updates_bytes_(_NumOfElements * _SizeOfElements) void* _Base,
_In_ size_t _NumOfElements,
_In_ size_t _SizeOfElements,
_In_ int(__cdecl* _PtFuncCompare)(void const*, void const*)
);
static ZA_SCANCTX g_zascan;
pfnqsort _qsort;
/*
* SfAvlCompareCallback
*
* Purpose:
*
* AVL table compare callback.
*
*/
RTL_GENERIC_COMPARE_RESULTS NTAPI SfAvlCompareCallback(
_In_ struct _RTL_AVL_TABLE *Table,
_In_ PVOID FirstStruct,
_In_ PVOID SecondStruct
)
{
RTL_GENERIC_COMPARE_RESULTS res;
ZA_PEERINFO *Peer1 = (ZA_PEERINFO*)FirstStruct;
ZA_PEERINFO *Peer2 = (ZA_PEERINFO*)SecondStruct;
UNREFERENCED_PARAMETER(Table);
if ((Peer1->IP == Peer2->IP) && (Peer1->Port == Peer2->Port))
return GenericEqual;
if (Peer1->IP > Peer2->IP)
res = GenericGreaterThan;
else
res = GenericLessThan;
return res;
}
/*
* SfAvlAllocateCallback
*
* Purpose:
*
* AVL table allocate memory callback.
*
*/
PVOID NTAPI SfAvlAllocateCallback(
_In_ struct _RTL_AVL_TABLE *Table,
_In_ ULONG ByteSize
)
{
UNREFERENCED_PARAMETER(Table);
return RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, ByteSize);
}
/*
* SfAvlFreeCallback
*
* Purpose:
*
* AVL table free memory callback.
*
*/
VOID NTAPI SfAvlFreeCallback(
_In_ _RTL_AVL_TABLE *Table,
_In_ _Post_invalid_ PVOID Buffer
)
{
UNREFERENCED_PARAMETER(Table);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, Buffer);
}
/*
* SfQSortCompare
*
* Purpose:
*
* qsort callback.
*
*/
int __cdecl SfQSortCompare(
void const* first,
void const* second
)
{
int i;
ZA_PEERINFO *Peer1 = (ZA_PEERINFO*)first;
ZA_PEERINFO *Peer2 = (ZA_PEERINFO*)second;
if (Peer1->TimeStamp <= Peer2->TimeStamp)
i = (Peer1->TimeStamp < Peer2->TimeStamp);
else
i = -1;
return i;
}
/*
* SfNStoreFile
*
* Purpose:
*
* Save file in U directory and add EA for Harusame.
*
*/
BOOL SfNStoreFile(
_In_ ZA_SCANCTX *ScanContext,
_In_ LPWSTR FileName,
_In_ PVOID FileBuffer,
_In_ ULONG FileSize,
_In_ ZA_FILEHEADER *FileHeader
)
{
BOOL bResult = FALSE;
HANDLE hFile;
NTSTATUS status;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING usName;
RtlSecureZeroMemory(&usName, sizeof(usName));
RtlInitUnicodeString(&usName, FileName);
InitializeObjectAttributes(&ObjectAttributes, &usName, OBJ_CASE_INSENSITIVE,
ScanContext->RootDirectoryHandle, NULL);
status = NtCreateFile(&hFile, FILE_GENERIC_WRITE, &ObjectAttributes,
&IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (NT_SUCCESS(status)) {
if (NT_SUCCESS(NtWriteFile(hFile, NULL, NULL, NULL,
&IoStatusBlock, FileBuffer, FileSize, NULL, NULL)))
{
bResult = SfNtfsSetFileHeaderToEa(hFile, FileHeader);
}
NtClose(hFile);
}
return bResult;
}
/*
* SfNDownloadFile
*
* Purpose:
*
* Download file from p2p network.
*
*/
BOOL SfNDownloadFile(
_In_ ZA_SCANCTX *ScanContext,
_In_ ZA_FILEHEADER *FileHeader,
_In_ ZA_PEERINFO *in_peer
)
{
BOOL cond = FALSE, bResult = FALSE;
SOCKET st = INVALID_SOCKET;
struct sockaddr_in io_addr;
MD5_CTX ctx;
rc4_state rc4ctx;
PBYTE recvbuffer = NULL;
int recv_size;
SIZE_T sz;
WCHAR szText[MAX_PATH];
do {
st = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (st == INVALID_SOCKET)
break;
RtlSecureZeroMemory(&io_addr, sizeof(io_addr));
io_addr.sin_family = AF_INET;
io_addr.sin_port = htons(TCP_PORT);
if (bind(st, (struct sockaddr *)&io_addr, sizeof(io_addr)) != 0)
break;
RtlSecureZeroMemory(&io_addr, sizeof(io_addr));
io_addr.sin_family = AF_INET;
io_addr.sin_port = htons((u_short)(P2P_UDP_PORT_ADJUST + in_peer->Port));
io_addr.sin_addr.S_un.S_addr = in_peer->IP;
_strcpy(szText, TEXT(">>> trying connect to -> "));
RtlIpv4AddressToStringW((const struct in_addr*)&io_addr.sin_addr, _strend(szText));
_strcat(szText, TEXT(":"));
ultostr(ntohs(io_addr.sin_port), _strend(szText));
SfUIAddEvent(ScanContext, GUI_EVENT_DOWNLOAD_FILE, szText);
if (connect(st, (struct sockaddr *)&io_addr, sizeof(io_addr)) != 0) {
_strcpy(szText, TEXT(">>> "));
RtlIpv4AddressToStringW((const struct in_addr*)&io_addr.sin_addr, _strend(szText));
_strcat(szText, TEXT(":"));
ultostr(ntohs(io_addr.sin_port), _strend(szText));
_strcat(szText, TEXT(" <- connection attempt timed out"));
SfUIAddEvent(ScanContext, GUI_EVENT_DOWNLOAD_FILE, szText);
break;
}
SfUIAddEvent(ScanContext, GUI_EVENT_DOWNLOAD_FILE, TEXT(">>> <- connected OK"));
sz = RECV_BUFFER_SIZE * 4;
recvbuffer = NULL;
NtAllocateVirtualMemory(NtCurrentProcess(), &recvbuffer, 0, &sz, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (recvbuffer == NULL)
break;
send(st, (const char *)FileHeader, 12, 0);
recv_size = recv(st, (char *)recvbuffer, RECV_BUFFER_SIZE, 0);
if (recv_size <= 0)
break;
if ((ULONG)recv_size < FileHeader->Size) {
SfUIAddEvent(ScanContext, GUI_EVENT_DOWNLOAD_FILE, TEXT(">>> received size is not equal to the header"));
break;
}
MD5Init(&ctx);
MD5Update(&ctx, (const unsigned char *)FileHeader, 12);
MD5Final(&ctx);
rc4_init(&rc4ctx, (const unsigned char *)&ctx.digest, sizeof(ctx.digest));
rc4_crypt(&rc4ctx, recvbuffer, recvbuffer, recv_size);
_strcpy(szText, TEXT("U\\ip-"));
RtlIpv4AddressToStringW((const struct in_addr*)&io_addr.sin_addr, _strend(szText));
_strcat(szText, TEXT("-port-"));
ultostr(ntohs(io_addr.sin_port), _strend(szText));
_strcat(szText, TEXT("-id-"));
ultohex(FileHeader->Name, _strend(szText));
#ifdef _WIN64
_strcat(szText, TEXT("-64"));
#else
_strcat(szText, TEXT("-32"));
#endif
_strcat(szText, TEXT(".bin"));
bResult = SfNStoreFile(ScanContext, szText, recvbuffer, recv_size, FileHeader);
if (bResult) {
_strcat(szText, TEXT(" file saved OK"));
SfUIAddEvent(ScanContext, GUI_EVENT_DOWNLOAD_FILE, szText);
}
else {
SfUIAddEvent(ScanContext, GUI_EVENT_ERROR, TEXT(">>> error saving file"));
}
} while (cond);
if (recvbuffer != NULL) {
sz = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &recvbuffer, &sz, MEM_RELEASE);
}
if (st != INVALID_SOCKET) {
shutdown(st, SD_BOTH);
closesocket(st);
}
return bResult;
}
/*
* SfNAddFileHeader
*
* Purpose:
*
* Process file header, validate and download.
*
*/
VOID SfNAddFileHeader(
_In_ ZA_SCANCTX *ScanContext,
_In_ ZA_FILEHEADER *hdr,
_In_ ZA_PEERINFO *in_peer
)
{
ULONG c;
WCHAR text[MAX_PATH];
LARGE_INTEGER ftime;
SYSTEMTIME st1;
if (ScanContext->NumberOfFiles >= MAXIMUM_FILES)
return;
for (c = 0; c < ScanContext->NumberOfFiles; c++) {
if (memcmp(&ScanContext->FileHeaders[c], hdr, sizeof(ZA_FILEHEADER)) == 0) {
#ifdef _DEBUG
OutputDebugString(TEXT("Received file header already in the list\r\n"));
#endif
return;
}
}
_strcpy(text, TEXT(">> new file header received ->Name: "));
ultohex(hdr->Name, _strend(text));
_strcat(text, TEXT(", TimeStamp: "));
RtlSecondsSince1980ToTime(hdr->Time, &ftime);
if (FileTimeToSystemTime((PFILETIME)&ftime, &st1)) {
ultostr(st1.wDay, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wMonth, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wYear, _strend(text));
_strcat(text, TEXT(" "));
ultostr(st1.wHour, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wMinute, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wSecond, _strend(text));
}
else {
ultohex(hdr->Time, _strend(text));
}
_strcat(text, TEXT(", Size: "));
ultostr(hdr->Size, _strend(text));
SfUIAddEvent(ScanContext, GUI_EVENT_FILE_HEADER, text);
_strcpy(text, TEXT(">> checking file header signature "));
if (SfcValidateFileHeader(ScanContext->CryptoProv, ScanContext->CryptoKey, hdr)) {
_strcat(text, TEXT(" -> verified OK, processing download"));
if (SfNDownloadFile(ScanContext, hdr, in_peer)) {
RtlCopyMemory(&ScanContext->FileHeaders[ScanContext->NumberOfFiles], hdr, sizeof(ZA_FILEHEADER));
ScanContext->NumberOfFiles++;
}
}
else {
_strcat(text, TEXT(" -> verification FAILED, file header tampered"));
}
SfUIAddEvent(ScanContext, GUI_EVENT_FILE_HEADER, text);
}
/*
* SfNFormatPrintPeer
*
* Purpose:
*
* Output peer info to listview.
*
*/
void SfNFormatPrintPeer(
ZA_SCANCTX *ScanContext,
ZA_PEERINFO *peer
)
{
TCHAR text[128];
LARGE_INTEGER ftime;
SYSTEMTIME st1;
RtlSecureZeroMemory(text, sizeof(text));
_strcpy(text, TEXT(">> peer record received ->"));
RtlIpv4AddressToStringW((const struct in_addr *)&peer->IP, _strend(text));
_strcat(text, TEXT(":"));
ultostr(P2P_UDP_PORT_ADJUST + peer->Port, _strend(text));
_strcat(text, TEXT(" "));
RtlSecondsSince1980ToTime((peer->TimeStamp * 3600) - 0xbf000000, &ftime);
RtlSecureZeroMemory(&st1, sizeof(st1));
if (FileTimeToSystemTime((PFILETIME)&ftime, &st1)) {
ultostr(st1.wDay, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wMonth, _strend(text));
_strcat(text, TEXT("/"));
ultostr(st1.wYear, _strend(text));
_strcat(text, TEXT(" "));
ultostr(st1.wHour, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wMinute, _strend(text));
_strcat(text, TEXT(":"));
ultostr(st1.wSecond, _strend(text));
}
SfUIAddEvent(ScanContext, GUI_EVENT_PEER_HEADER, text);
}
/*
* SfNAddToTable
*
* Purpose:
*
* Insert new peer element to AVL tables.
*
*/
VOID SfNAddToTable(
ZA_SCANCTX *ScanContext,
ZA_PEERINFO *peer
)
{
IO_STATUS_BLOCK IoStatusBlock;
LARGE_INTEGER Position;
ZA_PEERINFO *LookupElement;
BOOLEAN NewElement = FALSE;
RtlEnterCriticalSection(&ScanContext->csTableLock);
//add new element to table, check before if it already in
LookupElement = RtlLookupElementGenericTableAvl(&ScanContext->PeersTable, (PVOID)peer);
if (LookupElement == NULL) {
RtlInsertElementGenericTableAvl(&ScanContext->PeersTable, peer, sizeof(ZA_PEERINFO), &NewElement);
}
#ifdef _DEBUG
else {
OutputDebugString(TEXT("Duplicate peer entry found\r\n"));
}
#endif
RtlLeaveCriticalSection(&ScanContext->csTableLock);
//this is new element, collect it and send to listview
RtlEnterCriticalSection(&ScanContext->csTableDumpLock);
if (LookupElement == NULL) {
LookupElement = RtlLookupElementGenericTableAvl(&ScanContext->PeersTableDump, (PVOID)peer);
if (LookupElement == NULL) {
RtlInsertElementGenericTableAvl(&ScanContext->PeersTableDump, peer, sizeof(ZA_PEERINFO), &NewElement);
Position.LowPart = FILE_WRITE_TO_END_OF_FILE;
Position.HighPart = -1;
if (NT_SUCCESS(NtWriteFile(ScanContext->DumpFileHandle, 0, NULL, NULL,
&IoStatusBlock, peer, sizeof(ZA_PEERINFO), &Position, NULL)))
{
NtFlushBuffersFile(ScanContext->DumpFileHandle, &IoStatusBlock);
}
SfNFormatPrintPeer(ScanContext, peer);
}
#ifdef _DEBUG
else {
OutputDebugString(TEXT("Duplicate peer entry in dump found\r\n"));
}
#endif
}
RtlLeaveCriticalSection(&ScanContext->csTableDumpLock);
}
/*
* SfNgetLSender
*
* Purpose:
*
* getL processing thread.
*
*/
DWORD WINAPI SfNgetLSender(
_In_ PZA_SCANCTX ScanContext
)
{
TCHAR textbuf[256];
struct sockaddr_in io_addr;
ULONG c = 0, n = 0;
ZA_PACKETHEADER packet;
USHORT port;
ZA_PEERINFO *TableEntry;
ZA_PEERINFO *CurrentState;
SIZE_T memIO;
RtlSecureZeroMemory(&textbuf, sizeof(textbuf));
_strcpy(textbuf, TEXT("> getL thread started, sid=0x"));
ultohex(ScanContext->SessionId, _strend(textbuf));
SfUIAddEvent(ScanContext, GUI_EVENT_THREAD_STARTED, textbuf);
RtlEnterCriticalSection(&ScanContext->csTableLock);
n = RtlNumberGenericTableElementsAvl(&ScanContext->PeersTable);
memIO = n * sizeof(ZA_PEERINFO);
CurrentState = NULL;
NtAllocateVirtualMemory(NtCurrentProcess(), &CurrentState, 0, &memIO, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (CurrentState) {
RtlSecureZeroMemory(CurrentState, memIO);
for (
TableEntry = RtlEnumerateGenericTableAvl(&ScanContext->PeersTable, TRUE), c = 0;
TableEntry != NULL;
TableEntry = RtlEnumerateGenericTableAvl(&ScanContext->PeersTable, FALSE), c += 1)
{
RtlCopyMemory(&CurrentState[c], TableEntry, sizeof(ZA_PEERINFO));
}
}
RtlLeaveCriticalSection(&ScanContext->csTableLock);
//memory error
if (CurrentState == NULL)
return (DWORD)-1;
c = 0;
_qsort(CurrentState, n, sizeof(ZA_PEERINFO), &SfQSortCompare);
while (!g_guictx.bShutdown) {
RtlSecureZeroMemory(&io_addr, sizeof(io_addr));
io_addr.sin_family = AF_INET;
port = (USHORT)(P2P_UDP_PORT_ADJUST + CurrentState[c].Port);
io_addr.sin_port = htons((u_short)port);
io_addr.sin_addr.S_un.S_addr = CurrentState[c].IP;
packet.CRC = 0;
packet.Command = 'getL';
packet.SessionID = ScanContext->SessionId;
packet.Opt1 = 0x0000;
packet.Opt2 = c & 0x3ff;
packet.CRC = RtlComputeCrc32(0, (PUCHAR)&packet, sizeof(packet));
SfuDecodeStream((PBYTE)&packet, sizeof(packet), '1234');
_strcpy(textbuf, TEXT("> sending getL -> "));
RtlIpv4AddressToStringW((const struct in_addr*)&io_addr.sin_addr, _strend(textbuf));
_strcat(textbuf, TEXT(":"));
ultostr(ntohs(io_addr.sin_port), _strend(textbuf));
SfUIAddEvent(ScanContext, GUI_EVENT_PACKET_SEND, textbuf);
sendto(ScanContext->su, (const char *)&packet, sizeof(packet), 0, (struct sockaddr *)&io_addr, sizeof(io_addr));
c += 1;
if (c >= n) {
SfUIAddEvent(ScanContext, GUI_EVENT_NEWROUND, TEXT("New round!"));
memIO = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &CurrentState, &memIO, MEM_RELEASE);
CurrentState = NULL;
RtlEnterCriticalSection(&ScanContext->csTableLock);
n = RtlNumberGenericTableElementsAvl(&ScanContext->PeersTable);
memIO = n * sizeof(ZA_PEERINFO);
NtAllocateVirtualMemory(NtCurrentProcess(), &CurrentState, 0, &memIO, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (CurrentState) {
RtlSecureZeroMemory(CurrentState, memIO);
for (
TableEntry = RtlEnumerateGenericTableAvl(&ScanContext->PeersTable, TRUE), c = 0;
TableEntry != NULL;
TableEntry = RtlEnumerateGenericTableAvl(&ScanContext->PeersTable, FALSE), c += 1)
{
RtlCopyMemory(&CurrentState[c], TableEntry, sizeof(ZA_PEERINFO));
}
}
RtlLeaveCriticalSection(&ScanContext->csTableLock);
//memory error
if (CurrentState == NULL)
break;
c = 0;
_qsort(CurrentState, n, sizeof(ZA_PEERINFO), &SfQSortCompare);
Sleep(1000);
continue;
}
Sleep(1000);
}
SfUIAddEvent(ScanContext, GUI_EVENT_THREAD_TERMINATED, TEXT("getL thread terminated."));
return 0;
}
/*
* SfNP2PListener
*
* Purpose:
*
* Listener thread.
*
*/
DWORD WINAPI SfNP2PListener(
_In_ PZA_SCANCTX ScanContext
)
{
WCHAR textbuf[MAX_PATH];
struct sockaddr_in io_addr;
int addr_len, recv_bytes;
char *recvbuffer = NULL, *sendbuffer = NULL;
PZA_PACKET recvpacket, sendpacket;
ULONG crc, k, l;
USHORT Port;
BOOL cond = FALSE;
SIZE_T memIO;
ZA_PEERINFO in_peer;
RtlSecureZeroMemory(&textbuf, sizeof(textbuf));
_strcpy(textbuf, TEXT("> p2p listener thread started, sid=0x"));
ultohex(ScanContext->SessionId, _strend(textbuf));
SfUIAddEvent(ScanContext, GUI_EVENT_THREAD_STARTED, textbuf);
do {
memIO = UDP_BUFFER_SIZE;
NtAllocateVirtualMemory(NtCurrentProcess(), &recvbuffer, 0, &memIO, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (recvbuffer == NULL)
break;
memIO = UDP_BUFFER_SIZE;
NtAllocateVirtualMemory(NtCurrentProcess(), &sendbuffer, 0, &memIO, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (sendbuffer == NULL)
break;
recvpacket = (PZA_PACKET)recvbuffer;
sendpacket = (PZA_PACKET)sendbuffer;
do {
RtlSecureZeroMemory(&io_addr, sizeof(io_addr));
addr_len = sizeof(io_addr);
recv_bytes = recvfrom(ScanContext->su, recvbuffer, UDP_BUFFER_SIZE, 0, (struct sockaddr *)&io_addr, &addr_len);
if (recv_bytes <= 0)
continue;
Port = ntohs(io_addr.sin_port);
_strcpy(textbuf, TEXT("> received packet <- "));
RtlIpv4AddressToStringW((const struct in_addr*)&io_addr.sin_addr, _strend(textbuf));
_strcat(textbuf, TEXT(":"));
ultostr(Port, _strend(textbuf));
SfUIAddEvent(ScanContext, GUI_EVENT_PACKET_RECV, textbuf);
SfuDecodeStream((PBYTE)recvbuffer, recv_bytes, '1234');
crc = recvpacket->Header.CRC;
recvpacket->Header.CRC = 0;
if (RtlComputeCrc32(0, (PUCHAR)recvbuffer, recv_bytes) == crc) {
_strcpy(textbuf, TEXT(">> CRC-ok, cmd="));
switch (recvpacket->Header.Command) {
case 'getL':
_strcat(textbuf, TEXT("getL"));
break;
case 'retL':
_strcat(textbuf, TEXT("retL"));
break;
default:
_strcat(textbuf, TEXT("UnknownCmd"));
break;
}
_strcat(textbuf, TEXT(" size="));
ultostr(recv_bytes, _strend(textbuf));
_strcat(textbuf, TEXT(" sid=0x"));
ultohex(recvpacket->Header.SessionID, _strend(textbuf));
_strcat(textbuf, TEXT(" opts="));
ultohex(recvpacket->Header.Opt1, _strend(textbuf));
_strcat(textbuf, TEXT(":"));
ultohex(recvpacket->Header.Opt2, _strend(textbuf));
if ((Port >= P2P_WIN32_PORT_RANGE_BEGIN) && (Port <= P2P_WIN32_PORT_RANGE_END)) {
_strcat(textbuf, TEXT(" (Win32 bot)"));
}
else
if ((Port >= P2P_WIN64_PORT_RANGE_BEGIN) && (Port <= P2P_WIN64_PORT_RANGE_END)) {
_strcat(textbuf, TEXT(" (Win64 bot)"));
}
else {
_strcat(textbuf, TEXT(" (Unknown bot port range)"));
}
SfUIAddEvent(ScanContext, GUI_EVENT_PACKET_HEADER, textbuf);
switch (recvpacket->Header.Command) {
case 'getL':
if ((recvpacket->Header.Opt2 & P2P_GETFILELIST) == 0) {
sendpacket->Header.CRC = 0;
sendpacket->Header.Command = 'retL';
sendpacket->Header.SessionID = ScanContext->SessionId;
sendpacket->Header.Opt1 = 0x0000;
sendpacket->Header.Opt2 = recvpacket->Header.Opt2 & P2P_SESSION_MASK;
RtlCopyMemory(&sendpacket->PeerList, ScanContext->LastPeerList, sizeof(sendpacket->PeerList));
sendpacket->Header.CRC = RtlComputeCrc32(0, (PUCHAR)sendbuffer, sizeof(ZA_PACKET));
SfuDecodeStream((PBYTE)sendbuffer, sizeof(ZA_PACKET), '1234');
sendto(ScanContext->su, (const char *)sendbuffer, sizeof(ZA_PACKET), 0, (struct sockaddr *)&io_addr, addr_len);
}
break;
case 'retL':
RtlCopyMemory(ScanContext->LastPeerList, recvpacket->PeerList, sizeof(ScanContext->LastPeerList));
in_peer.IP = io_addr.sin_addr.S_un.S_addr;
in_peer.Port = Port;
in_peer.TimeStamp = 0;
for (k = 0; k < recvpacket->Header.Opt1; k++) {
l = sizeof(ZA_PACKET) + (k + 1)*sizeof(ZA_FILEHEADER);
if (l <= (ULONG)recv_bytes)
SfNAddFileHeader(
ScanContext,
(PZA_FILEHEADER)(recvbuffer + sizeof(ZA_PACKET) + k*sizeof(ZA_FILEHEADER)),
&in_peer
);
}
for (k = 0; k < 16; k++)
SfNAddToTable(ScanContext, &recvpacket->PeerList[k]);
break;
default:
break;
}
}
else {
SfUIAddEvent(ScanContext, GUI_EVENT_ERROR, TEXT(">> received CRC mismatch, corrupted packet header"));
}
} while (!g_guictx.bShutdown);
} while (cond);
if (recvbuffer != NULL) {
memIO = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &recvbuffer, &memIO, MEM_RELEASE);
}
if (sendbuffer != NULL) {
memIO = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &sendbuffer, &memIO, MEM_RELEASE);
}
SfUIAddEvent(ScanContext, GUI_EVENT_THREAD_TERMINATED, TEXT("Listener thread terminated."));
return 0;
}
/*
* SfNWorkerThread
*
* Purpose:
*
* Scan worker thread.
*
*/
VOID WINAPI SfNWorkerThread(
_In_ PZA_SCANCTX ScanContext
)
{
BOOL cond = FALSE;
SIZE_T sz;
SOCKET su = INVALID_SOCKET;
HANDLE hThread = NULL, hFile = NULL;
ULONG nBootstrap = 0, k;
NTSTATUS status;
PVOID Wow64 = NULL;
PZA_PEERINFO Bootstrap = NULL;
struct sockaddr_in io_addr;
UNICODE_STRING usName;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
FILE_STANDARD_INFORMATION fsi;
WCHAR szText[MAX_PATH];
BOOLEAN NewElement = FALSE;
RtlInitializeCriticalSection(&ScanContext->csTableLock);
RtlInitializeCriticalSection(&ScanContext->csTableDumpLock);
do {
if (!CryptAcquireContext(&ScanContext->CryptoProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
break;
k = ~GetTickCount();
ScanContext->SessionId = RtlRandomEx(&k);
if (!CryptGenRandom(ScanContext->CryptoProv, (DWORD)sizeof(ULONG), (BYTE*)&ScanContext->SessionId))
break;
if (!CryptImportKey(ScanContext->CryptoProv, (const BYTE *)RSA_KEY, sizeof(RSA_KEY), 0, 0, &ScanContext->CryptoKey))
break;
RtlInitializeGenericTableAvl(&ScanContext->PeersTable,
(PRTL_AVL_COMPARE_ROUTINE)&SfAvlCompareCallback,
(PRTL_AVL_ALLOCATE_ROUTINE)&SfAvlAllocateCallback,
(PRTL_AVL_FREE_ROUTINE)&SfAvlFreeCallback,
(PVOID)ScanContext);
RtlInitializeGenericTableAvl(&ScanContext->PeersTableDump,
(PRTL_AVL_COMPARE_ROUTINE)&SfAvlCompareCallback,
(PRTL_AVL_ALLOCATE_ROUTINE)&SfAvlAllocateCallback,
(PRTL_AVL_FREE_ROUTINE)&SfAvlFreeCallback,
(PVOID)ScanContext);
_strcpy(szText, TEXT("Loading bootstrap list "));
_strcat(szText, P2P_BOOTSTRAP_NAME);
#ifdef _WIN64
_strcat(szText, TEXT(", running in x86-64 mode"));
#else
_strcat(szText, TEXT(", running in x86-32 mode"));
#endif
SfUIAddEvent(NULL, GUI_EVENT_INFORMATION, szText);
usName.Buffer = P2P_BOOTSTRAP_NAME;
usName.Length = sizeof(P2P_BOOTSTRAP_NAME) - sizeof(WCHAR);
usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
InitializeObjectAttributes(&ObjectAttributes, &usName, OBJ_CASE_INSENSITIVE, ScanContext->RootDirectoryHandle, NULL);
if (!NT_SUCCESS(SfuLoadPeerList(&ObjectAttributes, &Bootstrap, &nBootstrap))) {
SfUIAddEvent(NULL, GUI_EVENT_ERROR, TEXT("Could not read bootstrap peer list."));
break;
}
_strcpy(szText, TEXT("Bootstrap loaded OK, peers count: "));
ultostr(nBootstrap, _strend(szText));
SfUIAddEvent(NULL, GUI_EVENT_INFORMATION, szText);
_qsort(Bootstrap, nBootstrap, sizeof(ZA_PEERINFO), SfQSortCompare);
//SfuWriteBufferToFile(L"test64.bin", Bootstrap, nBootstrap * sizeof(ZA_PEERINFO), FALSE, FALSE);
for (k = 0; k < nBootstrap; k++) {
NewElement = FALSE;
if (!RtlInsertElementGenericTableAvl(&ScanContext->PeersTable, &Bootstrap[k], sizeof(ZA_PEERINFO), &NewElement))
break;
}
sz = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &Bootstrap, &sz, MEM_RELEASE);
Bootstrap = NULL;
_strcpy(szText, TEXT("Loading dumped bootstrap list "));
_strcat(szText, P2P_BOOTSTRAP_SAVE_NAME);
SfUIAddEvent(NULL, GUI_EVENT_INFORMATION, szText);
usName.Buffer = P2P_BOOTSTRAP_SAVE_NAME;
usName.Length = sizeof(P2P_BOOTSTRAP_SAVE_NAME) - sizeof(WCHAR);
usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
status = NtCreateFile(&hFile, FILE_READ_ACCESS | FILE_WRITE_ACCESS | SYNCHRONIZE, &ObjectAttributes,
&IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(status)) {
SfUIAddEvent(NULL, GUI_EVENT_ERROR, TEXT("Could not create output peer list."));
break;
}
ScanContext->DumpFileHandle = hFile;
RtlSecureZeroMemory(&fsi, sizeof(fsi));
if (NT_SUCCESS(NtQueryInformationFile(hFile, &IoStatusBlock, &fsi, sizeof(fsi), FileStandardInformation))) {
sz = fsi.EndOfFile.LowPart;
if ((sz % sizeof(ZA_PEERINFO)) == 0) {
Bootstrap = NULL;
NtAllocateVirtualMemory(NtCurrentProcess(), &Bootstrap, 0, &sz, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (Bootstrap) {
if (NT_SUCCESS(NtReadFile(hFile, NULL, NULL, NULL, &IoStatusBlock, Bootstrap, fsi.EndOfFile.LowPart, NULL, NULL))) {
nBootstrap = fsi.EndOfFile.LowPart / sizeof(ZA_PEERINFO);
_strcpy(szText, TEXT("Dump bootstrap loaded OK, peers count: "));
ultostr(nBootstrap, _strend(szText));
SfUIAddEvent(NULL, GUI_EVENT_INFORMATION, szText);
for (k = 0; k < nBootstrap; k++) {
NewElement = FALSE;
if (!RtlInsertElementGenericTableAvl(&ScanContext->PeersTableDump, &Bootstrap[k], sizeof(ZA_PEERINFO), &NewElement))
break;
}
}
sz = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &Bootstrap, &sz, MEM_RELEASE);
Bootstrap = NULL;
}
}
}
su = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (su == INVALID_SOCKET)
break;
ScanContext->su = su;
RtlSecureZeroMemory(&io_addr, sizeof(io_addr));
io_addr.sin_family = AF_INET;
io_addr.sin_port = htons((u_short)UDP_PORT);
if (bind(su, (struct sockaddr *)&io_addr, sizeof(io_addr)) != 0)
break;
NtQueryInformationProcess(NtCurrentProcess(), ProcessWow64Information, &Wow64, sizeof(PVOID), NULL);
_strcpy(szText, TEXT("ZeroAccess monitor, mode="));
ultostr((Wow64 != NULL) ? 32 : 64, _strend(szText));
_strcat(szText, TEXT(", port: "));
ultostr(UDP_PORT, _strend(szText));
_strcat(szText, TEXT(", sid=0x"));
ultohex(ScanContext->SessionId, _strend(szText));
SetWindowText(g_guictx.MainWindow, szText);
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&SfNgetLSender, (LPVOID)ScanContext, 0, NULL);
if (hThread != NULL) {
CloseHandle(hThread);
}
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&SfNP2PListener, (LPVOID)ScanContext, 0, NULL);
if (hThread != NULL) {
CloseHandle(hThread);
}
while (g_guictx.bShutdown == FALSE) {
Sleep(1000);
}
} while (cond);
//cleanup
if (su != INVALID_SOCKET) {
shutdown(su, SD_BOTH);
closesocket(su);
}
if (ScanContext->RootDirectoryHandle != NULL) {
NtClose(ScanContext->RootDirectoryHandle);
}
if (ScanContext->DumpFileHandle != NULL) {
NtClose(ScanContext->DumpFileHandle);
}
if (Bootstrap != NULL) {
sz = 0;
NtFreeVirtualMemory(NtCurrentProcess(), &Bootstrap, &sz, MEM_RELEASE);
}
if (ScanContext->CryptoKey) {
CryptDestroyKey(ScanContext->CryptoKey);
}
if (ScanContext->CryptoProv) {
CryptReleaseContext(ScanContext->CryptoProv, 0);
}
RtlDeleteCriticalSection(&ScanContext->csTableLock);
RtlDeleteCriticalSection(&ScanContext->csTableDumpLock);
}
/*
* SfNStartup
*
* Purpose:
*
* Create/Open directories and start worker thread.
*
*/
BOOL SfNStartup(
_In_ ZA_SCANCTX *ScanContext
)
{
UNICODE_STRING usName;
ANSI_STRING str;
NTSTATUS status;
HANDLE RootDirectoryHandle = NULL;
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes;
PVOID DllImageBase = NULL;
BOOL bResult = FALSE, cond = FALSE;
RtlSecureZeroMemory(&usName, sizeof(usName));
do {
RtlInitUnicodeString(&usName, L"ntdll.dll");
if (NT_SUCCESS(LdrGetDllHandle(NULL, NULL, &usName, &DllImageBase))) {
RtlInitString(&str, "qsort");
LdrGetProcedureAddress(DllImageBase, &str, 0, (PVOID)&_qsort);
if (_qsort == NULL) {
break;
}
}
bResult = RtlDosPathNameToNtPathName_U(
RtlGetCurrentPeb()->ProcessParameters->CurrentDirectory.DosPath.Buffer,
&usName, NULL, NULL
);
if (bResult == FALSE)
break;
InitializeObjectAttributes(&ObjectAttributes,
&usName,
OBJ_CASE_INSENSITIVE, 0, NULL);
status = NtCreateFile(&RootDirectoryHandle,
FILE_GENERIC_READ | FILE_GENERIC_WRITE,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_READONLY,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_OPEN,
FILE_DIRECTORY_FILE,
NULL,
0
);
RtlFreeUnicodeString(&usName);
if (!NT_SUCCESS(status))
break;
usName.Buffer = L"U";
usName.Length = 2;
usName.MaximumLength = 4;
ObjectAttributes.RootDirectory = RootDirectoryHandle;
bResult = SfuCreateDirectory(&ObjectAttributes);
if (bResult) {
/*we dont use*/
usName.Buffer = L"L";
ObjectAttributes.RootDirectory = RootDirectoryHandle;
bResult = SfuCreateDirectory(&ObjectAttributes);
if (bResult == FALSE) {
SfUIAddEvent(NULL, GUI_EVENT_ERROR, TEXT("Could not create working L directory."));
break;
}
}
else {
SfUIAddEvent(NULL, GUI_EVENT_ERROR, TEXT("Could not create working U directory."));
break;
}
} while (cond);
if (!bResult) {
if (RootDirectoryHandle)
NtClose(RootDirectoryHandle);
}
else {
if (RootDirectoryHandle) {
ScanContext->RootDirectoryHandle = RootDirectoryHandle;
}
}
return bResult;
}
/*
* SfNMain
*
* Purpose:
*
* Scan entry point.
*
*/
VOID SfNMain(
VOID
)
{
HANDLE hThread;
RtlSecureZeroMemory(&g_zascan, sizeof(g_zascan));
SfNStartup(&g_zascan);
if (SfInitMD5()) {
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&SfNWorkerThread, &g_zascan, 0, NULL);
if (hThread) {
CloseHandle(hThread);
}
}
}
================================================
FILE: Source/Yuudachi/p2p.h
================================================
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: P2P.H
*
* VERSION: 1.01
*
* DATE: 01 Dec 2016
*
* P2P header file.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
#include "..\shared\global.h"
#include "..\shared\za_rkey.h"
//some consts, we tested it and it looks ok (c)
#define UDP_BUFFER_SIZE 4096
#define MAXIMUM_FILES 32
#define RECV_BUFFER_SIZE 262144
//client udp port
#ifdef _WIN64
#define UDP_PORT 45167
#else
#define UDP_PORT 21833
#endif
//client tcp port
#define TCP_PORT UDP_PORT
//p2p protocol const
#define P2P_GETFILELIST 0x8000
#define P2P_SESSION_MASK 0x03ff
//upd port possible ranges
#define P2P_WIN32_PORT_RANGE_BEGIN 0x4000
#define P2P_WIN32_PORT_RANGE_END 0x7fff
#define P2P_WIN64_PORT_RANGE_BEGIN 0x8000
#define P2P_WIN64_PORT_RANGE_END 0xbfff
//udp port adjust value
#ifdef _WIN64
#define P2P_UDP_PORT_ADJUST 0x8000
#else
#define P2P_UDP_PORT_ADJUST 0x4000
#endif
//bootstrap
#ifdef _WIN64
#define P2P_BOOTSTRAP_NAME TEXT("s64")
#else
#define P2P_BOOTSTRAP_NAME TEXT("s32")
#endif
#ifdef _WIN64
#define P2P_BOOTSTRAP_SAVE_NAME TEXT("out64")
#else
#define P2P_BOOTSTRAP_SAVE_NAME TEXT("out32")
#endif
//crypto key
#ifdef _WIN64
#define RSA_KEY ZA_key64
#else
#define RSA_KEY ZA_key32
#endif
typedef struct _ZA_SCANCTX {
SOCKET su;
ULONG NumberOfFiles;
ULONG SessionId;
HCRYPTPROV CryptoProv;
HCRYPTKEY CryptoKey;
HANDLE DumpFileHandle;
HANDLE RootDirectoryHandle;
CRITICAL_SECTION csTableLock;
CRITICAL_SECTION csTableDumpLock;
RTL_AVL_TABLE PeersTable;
RTL_AVL_TABLE PeersTableDump;
ZA_PEERINFO LastPeerList[16];
ZA_FILEHEADER FileHeaders[MAXIMUM_FILES];
} ZA_SCANCTX, *PZA_SCANCTX;
BOOL SfNStartup(
_In_ ZA_SCANCTX *ScanContext
);
VOID SfNMain(
VOID
);
================================================
FILE: Source/Yuudachi/za.manifest
================================================
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<assemblyIdentity
type="win32"
name="ZeroAccess"
version="1.0.0.0"
processorArchitecture="*"
/>
<description> ZeroAccess </description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
</application>
</compatibility>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"
/>
</dependentAssembly>
</dependency>
</assembly>
================================================
FILE: Source/ZeroAccess.sln
================================================
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14
VisualStudioVersion = 14.0.24720.0
MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "minirtl", "minirtl", "{ED3257FC-CB8E-4406-8BCE-F3E5500B41F8}"
ProjectSection(SolutionItems) = preProject
minirtl\_filename.c = minirtl\_filename.c
minirtl\_filename.h = minirtl\_filename.h
minirtl\_strcat.c = minirtl\_strcat.c
minirtl\_strcmp.c = minirtl\_strcmp.c
minirtl\_strcmpi.c = minirtl\_strcmpi.c
minirtl\_strcpy.c = minirtl\_strcpy.c
minirtl\_strend.c = minirtl\_strend.c
minirtl\_strlen.c = minirtl\_strlen.c
minirtl\_strncmp.c = minirtl\_strncmp.c
minirtl\_strncmpi.c = minirtl\_strncmpi.c
minirtl\_strncpy.c = minirtl\_strncpy.c
minirtl\_strstr.c = minirtl\_strstr.c
minirtl\_strstri.c = minirtl\_strstri.c
minirtl\cmdline.c = minirtl\cmdline.c
..\minirtl\cmdline.h = ..\minirtl\cmdline.h
minirtl\cmdline.h = minirtl\cmdline.h
minirtl\hextou64.c = minirtl\hextou64.c
minirtl\hextoul.c = minirtl\hextoul.c
minirtl\i64tostr.c = minirtl\i64tostr.c
minirtl\itostr.c = minirtl\itostr.c
..\minirtl\minirtl.h = ..\minirtl\minirtl.h
minirtl\minirtl.h = minirtl\minirtl.h
..\minirtl\rtltypes.h = ..\minirtl\rtltypes.h
minirtl\rtltypes.h = minirtl\rtltypes.h
minirtl\strtoi.c = minirtl\strtoi.c
minirtl\strtoi64.c = minirtl\strtoi64.c
minirtl\strtou64.c = minirtl\strtou64.c
minirtl\strtoul.c = minirtl\strtoul.c
minirtl\u64tohex.c = minirtl\u64tohex.c
minirtl\u64tostr.c = minirtl\u64tostr.c
minirtl\ultohex.c = minirtl\ultohex.c
minirtl\ultostr.c = minirtl\ultostr.c
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Umikaze", "Umikaze\Umikaze.vcxproj", "{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Shigure", "Shigure\Shigure.vcxproj", "{77AD1A3E-BA02-4376-976D-BA356F98F32F}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Harusame", "Harusame\Harusame.vcxproj", "{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Yuudachi", "Yuudachi\Yuudachi.vcxproj", "{14358883-8E74-44F5-BCC4-C32D41A3A662}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Murasame", "Murasame\Murasame.vcxproj", "{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Debug|x64.ActiveCfg = Debug|x64
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Debug|x64.Build.0 = Debug|x64
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Debug|x86.ActiveCfg = Debug|Win32
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Debug|x86.Build.0 = Debug|Win32
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Release|x64.ActiveCfg = Release|x64
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Release|x64.Build.0 = Release|x64
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Release|x86.ActiveCfg = Release|Win32
{06E37BF4-003C-43F6-B0D5-6B9DAE05D4F7}.Release|x86.Build.0 = Release|Win32
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Debug|x64.ActiveCfg = Debug|x64
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Debug|x64.Build.0 = Debug|x64
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Debug|x86.ActiveCfg = Debug|Win32
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Debug|x86.Build.0 = Debug|Win32
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Release|x64.ActiveCfg = Release|x64
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Release|x64.Build.0 = Release|x64
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Release|x86.ActiveCfg = Release|Win32
{77AD1A3E-BA02-4376-976D-BA356F98F32F}.Release|x86.Build.0 = Release|Win32
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Debug|x64.ActiveCfg = Debug|x64
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Debug|x64.Build.0 = Debug|x64
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Debug|x86.ActiveCfg = Debug|Win32
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Debug|x86.Build.0 = Debug|Win32
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Release|x64.ActiveCfg = Release|x64
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Release|x64.Build.0 = Release|x64
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Release|x86.ActiveCfg = Release|Win32
{169C0A78-64AD-4862-A6B6-17E7A3CA9AE3}.Release|x86.Build.0 = Release|Win32
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Debug|x64.ActiveCfg = Debug|x64
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Debug|x64.Build.0 = Debug|x64
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Debug|x86.ActiveCfg = Debug|Win32
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Debug|x86.Build.0 = Debug|Win32
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Release|x64.ActiveCfg = Release|x64
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Release|x64.Build.0 = Release|x64
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Release|x86.ActiveCfg = Release|Win32
{14358883-8E74-44F5-BCC4-C32D41A3A662}.Release|x86.Build.0 = Release|Win32
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Debug|x64.ActiveCfg = Debug|x64
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Debug|x64.Build.0 = Debug|x64
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Debug|x86.ActiveCfg = Debug|Win32
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Debug|x86.Build.0 = Debug|Win32
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Release|x64.ActiveCfg = Release|x64
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Release|x64.Build.0 = Release|x64
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Release|x86.ActiveCfg = Release|Win32
{37B4EC5C-3DEA-49A2-9461-DD33E7D55ED6}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
================================================
FILE: Source/minirtl/_filename.c
================================================
#include <Windows.h>
#include "minirtl.h"
char *_filename_a(const char *f)
{
char *p = (char *)f;
if (f == 0)
return 0;
while (*f != (char)0) {
if (*f == '\\')
p = (char *)f + 1;
f++;
}
return p;
}
wchar_t *_filename_w(const wchar_t *f)
{
wchar_t *p = (wchar_t *)f;
if (f == 0)
return 0;
while (*f != (wchar_t)0) {
if (*f == (wchar_t)'\\')
p = (wchar_t *)f + 1;
f++;
}
return p;
}
char *_fileext_a(const char *f)
{
char *p = 0;
if (f == 0)
return 0;
while (*f != (char)0) {
if (*f == '.')
p = (char *)f;
f++;
}
if (p == 0)
p = (char *)f;
return p;
}
wchar_t *_fileext_w(const wchar_t *f)
{
wchar_t *p = 0;
if (f == 0)
return 0;
while (*f != (wchar_t)0) {
if (*f == (wchar_t)'.')
p = (wchar_t *)f;
f++;
}
if (p == 0)
p = (wchar_t *)f;
return p;
}
char *_filename_noext_a(char *dest, const char *f)
{
char *p, *l, *dot;
if ((f == 0) || (dest == 0))
return 0;
p = _filename_a(f);
if (p == 0)
return 0;
dot = _strend_a(p);
if (dot == 0)
return 0;
l = p;
while (*l != (char)0)
{
if (*l == '.')
dot = l;
l++;
}
while (p<dot)
{
*dest = *p;
p++;
dest++;
}
*dest = 0;
return dest;
}
wchar_t *_filename_noext_w(wchar_t *dest, const wchar_t *f)
{
wchar_t *p, *l, *dot;
if ((f == 0) || (dest == 0))
return 0;
p = _filename_w(f);
if (p == 0)
return 0;
dot = _strend_w(p);
if (dot == 0)
return 0;
l = p;
while (*l != (wchar_t)0)
{
if (*l == (wchar_t)'.')
dot = l;
l++;
}
while (p<dot)
{
*dest = *p;
p++;
dest++;
}
*dest = 0;
return dest;
}
char *_filepath_a(const char *fname, char *fpath)
{
char *p = (char *)fname, *p0 = (char*)fname, *p1 = (char*)fpath;
if ((fname == 0) || (fpath == NULL))
return 0;
while (*fname != (char)0) {
if (*fname == '\\')
p = (char *)fname + 1;
fname++;
}
while (p0 < p) {
*p1 = *p0;
p1++;
p0++;
}
*p1 = 0;
return fpath;
}
wchar_t *_filepath_w(const wchar_t *fname, wchar_t *fpath)
{
wchar_t *p = (wchar_t *)fname, *p0 = (wchar_t*)fname, *p1 = (wchar_t*)fpath;
if ((fname == 0) || (fpath == NULL))
return 0;
while (*fname != (wchar_t)0) {
if (*fname == '\\')
p = (wchar_t *)fname + 1;
fname++;
}
while (p0 < p) {
*p1 = *p0;
p1++;
p0++;
}
*p1 = 0;
return fpath;
}
================================================
FILE: Source/minirtl/_filename.h
================================================
#pragma once
#ifndef _FILENAMEH_
#define _FILENAMEH_
char *_filename_a(const char *f);
wchar_t *_filename_w(const wchar_t *f);
char *_fileext_a(const char *f);
wchar_t *_fileext_w(const wchar_t *f);
char *_filename_noext_a(char *dest, const char *f);
wchar_t *_filename_noext_w(wchar_t *dest, const wchar_t *f);
char *_filepath_a(const char *fname, char *fpath);
wchar_t *_filepath_w(const wchar_t *fname, wchar_t *fpath);
#ifdef UNICODE
#define _filename _filename_w
#define _fileext _fileext_w
#define _filepath _filepath_w
#define _filename_noext _filename_noext_w
#else // ANSI
#define _filename _filename_a
#define _fileext _fileext_a
#define _filepath _filepath_a
#define _filename_noext _filename_noext_a
#endif
#endif /* _FILENAMEH_ */
================================================
FILE: Source/minirtl/_strcat.c
================================================
#include "rtltypes.h"
char *_strcat_a(char *dest, const char *src)
{
if ( (dest==0) || (src==0) )
return dest;
while ( *dest!=0 )
dest++;
while ( *src!=0 ) {
*dest = *src;
dest++;
src++;
}
*dest = 0;
return dest;
}
wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
{
if ( (dest==0) || (src==0) )
return dest;
while ( *dest!=0 )
dest++;
while ( *src!=0 ) {
*dest = *src;
dest++;
src++;
}
*dest = 0;
return dest;
}
================================================
FILE: Source/minirtl/_strcmp.c
================================================
#include "rtltypes.h"
int _strcmp_a(const char *s1, const char *s2)
{
char c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
do {
c1 = *s1;
c2 = *s2;
s1++;
s2++;
} while ( (c1 != 0) && (c1 == c2) );
return (int)(c1 - c2);
}
int _strcmp_w(const wchar_t *s1, const wchar_t *s2)
{
wchar_t c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
do {
c1 = *s1;
c2 = *s2;
s1++;
s2++;
} while ( (c1 != 0) && (c1 == c2) );
return (int)(c1 - c2);
}
================================================
FILE: Source/minirtl/_strcmpi.c
================================================
#include "rtltypes.h"
int _strcmpi_a(const char *s1, const char *s2)
{
char c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
do {
c1 = locase_a(*s1);
c2 = locase_a(*s2);
s1++;
s2++;
} while ( (c1 != 0) && (c1 == c2) );
return (int)(c1 - c2);
}
int _strcmpi_w(const wchar_t *s1, const wchar_t *s2)
{
wchar_t c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
do {
c1 = locase_w(*s1);
c2 = locase_w(*s2);
s1++;
s2++;
} while ( (c1 != 0) && (c1 == c2) );
return (int)(c1 - c2);
}
================================================
FILE: Source/minirtl/_strcpy.c
================================================
#include "rtltypes.h"
char *_strcpy_a(char *dest, const char *src)
{
char *p;
if ( (dest==0) || (src==0) )
return dest;
if (dest == src)
return dest;
p = dest;
while ( *src!=0 ) {
*p = *src;
p++;
src++;
}
*p = 0;
return dest;
}
wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
{
wchar_t *p;
if ((dest == 0) || (src == 0))
return dest;
if (dest == src)
return dest;
p = dest;
while ( *src!=0 ) {
*p = *src;
p++;
src++;
}
*p = 0;
return dest;
}
================================================
FILE: Source/minirtl/_strend.c
================================================
#include "rtltypes.h"
char *_strend_a(const char *s)
{
if ( s==0 )
return 0;
while ( *s!=0 )
s++;
return (char *)s;
}
wchar_t *_strend_w(const wchar_t *s)
{
if ( s==0 )
return 0;
while ( *s!=0 )
s++;
return (wchar_t *)s;
}
================================================
FILE: Source/minirtl/_strlen.c
================================================
#include "rtltypes.h"
size_t _strlen_a(const char *s)
{
char *s0 = (char *)s;
if ( s==0 )
return 0;
while ( *s!=0 )
s++;
return (s-s0);
}
size_t _strlen_w(const wchar_t *s)
{
wchar_t *s0 = (wchar_t *)s;
if ( s==0 )
return 0;
while ( *s!=0 )
s++;
return (s-s0);
}
================================================
FILE: Source/minirtl/_strncmp.c
================================================
#include "rtltypes.h"
int _strncmp_a(const char *s1, const char *s2, size_t cchars)
{
char c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
if ( cchars==0 )
return 0;
do {
c1 = *s1;
c2 = *s2;
s1++;
s2++;
cchars--;
} while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
return (int)(c1 - c2);
}
int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
{
wchar_t c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
if ( cchars==0 )
return 0;
do {
c1 = *s1;
c2 = *s2;
s1++;
s2++;
cchars--;
} while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
return (int)(c1 - c2);
}
================================================
FILE: Source/minirtl/_strncmpi.c
================================================
#include "rtltypes.h"
int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
{
char c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
if ( cchars==0 )
return 0;
do {
c1 = locase_a(*s1);
c2 = locase_a(*s2);
s1++;
s2++;
cchars--;
} while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
return (int)(c1 - c2);
}
int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
{
wchar_t c1, c2;
if ( s1==s2 )
return 0;
if ( s1==0 )
return -1;
if ( s2==0 )
return 1;
if ( cchars==0 )
return 0;
do {
c1 = locase_w(*s1);
c2 = locase_w(*s2);
s1++;
s2++;
cchars--;
} while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
return (int)(c1 - c2);
}
================================================
FILE: Source/minirtl/_strncpy.c
================================================
#include "rtltypes.h"
char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)
{
char *p;
if ( (dest==0) || (src==0) || (ccdest==0) )
return dest;
ccdest--;
p = dest;
while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
*p = *src;
p++;
src++;
ccdest--;
ccsrc--;
}
*p = 0;
return dest;
}
wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc)
{
wchar_t *p;
if ( (dest==0) || (src==0) || (ccdest==0) )
return dest;
ccdest--;
p = dest;
while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
*p = *src;
p++;
src++;
ccdest--;
ccsrc--;
}
*p = 0;
return dest;
}
================================================
FILE: Source/minirtl/_strstr.c
================================================
#include "rtltypes.h"
char *_strstr_a(const char *s, const char *sub_s)
{
char c0, c1, c2, *tmps, *tmpsub;
if (s == sub_s)
return (char *)s;
if (s == 0)
return 0;
if (sub_s == 0)
return 0;
c0 = *sub_s;
while (c0 != 0) {
while (*s != 0) {
c2 = *s;
if (c2 == c0)
break;
s++;
}
if (*s == 0)
return 0;
tmps = (char *)s;
tmpsub = (char *)sub_s;
do {
c1 = *tmps;
c2 = *tmpsub;
tmps++;
tmpsub++;
} while ((c1 == c2) && (c2 != 0));
if (c2 == 0)
return (char *)s;
s++;
}
return 0;
}
wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s)
{
wchar_t c0, c1, c2, *tmps, *tmpsub;
if (s == sub_s)
return (wchar_t *)s;
if (s == 0)
return 0;
if (sub_s == 0)
return 0;
c0 = *sub_s;
while (c0 != 0) {
while (*s != 0) {
c2 = *s;
if (c2 == c0)
break;
s++;
}
if (*s == 0)
return 0;
tmps = (wchar_t *)s;
tmpsub = (wchar_t *)sub_s;
do {
c1 = *tmps;
c2 = *tmpsub;
tmps++;
tmpsub++;
} while ((c1 == c2) && (c2 != 0));
if (c2 == 0)
return (wchar_t *)s;
s++;
}
return 0;
}
================================================
FILE: Source/minirtl/_strstri.c
================================================
#include "rtltypes.h"
char *_strstri_a(const char *s, const char *sub_s)
{
char c0, c1, c2, *tmps, *tmpsub;
if (s == sub_s)
return (char *)s;
if (s == 0)
return 0;
if (sub_s == 0)
return 0;
c0 = locase_a(*sub_s);
while (c0 != 0) {
while (*s != 0) {
c2 = locase_a(*s);
if (c2 == c0)
break;
s++;
}
if (*s == 0)
return 0;
tmps = (char *)s;
tmpsub = (char *)sub_s;
do {
c1 = locase_a(*tmps);
c2 = locase_a(*tmpsub);
tmps++;
tmpsub++;
} while ((c1 == c2) && (c2 != 0));
if (c2 == 0)
return (char *)s;
s++;
}
return 0;
}
wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s)
{
wchar_t c0, c1, c2, *tmps, *tmpsub;
if (s == sub_s)
return (wchar_t *)s;
if (s == 0)
return 0;
if (sub_s == 0)
return 0;
c0 = locase_w(*sub_s);
while (c0 != 0) {
while (*s != 0) {
c2 = locase_w(*s);
if (c2 == c0)
break;
s++;
}
if (*s == 0)
return 0;
tmps = (wchar_t *)s;
tmpsub = (wchar_t *)sub_s;
do {
c1 = locase_w(*tmps);
c2 = locase_w(*tmpsub);
tmps++;
tmpsub++;
} while ((c1 == c2) && (c2 != 0));
if (c2 == 0)
return (wchar_t *)s;
s++;
}
return 0;
}
================================================
FILE: Source/minirtl/cmdline.c
================================================
#include <windows.h>
BOOL GetCommandLineParamW(
IN LPCWSTR CmdLine,
IN ULONG ParamIndex,
OUT LPWSTR Buffer,
IN ULONG BufferSize,
OUT PULONG ParamLen
)
{
ULONG c, plen = 0;
TCHAR divider;
if (ParamLen != NULL)
*ParamLen = 0;
if (CmdLine == NULL) {
if ((Buffer != NULL) && (BufferSize > 0))
*Buffer = 0;
return FALSE;
}
for (c = 0; c <= ParamIndex; c++) {
plen = 0;
while (*CmdLine == ' ')
CmdLine++;
switch (*CmdLine) {
case 0:
goto zero_term_exit;
case '"':
CmdLine++;
divider = '"';
break;
default:
divider = ' ';
}
while ((*CmdLine != '"') && (*CmdLine != divider) && (*CmdLine != 0)) {
plen++;
if (c == ParamIndex)
if ((plen < BufferSize) && (Buffer != NULL)) {
*Buffer = *CmdLine;
Buffer++;
}
CmdLine++;
}
if (*CmdLine != 0)
CmdLine++;
}
zero_term_exit:
if ((Buffer != NULL) && (BufferSize > 0))
*Buffer = 0;
if (ParamLen != NULL)
*ParamLen = plen;
if (plen < BufferSize)
return TRUE;
else
return FALSE;
}
BOOL GetCommandLineParamA(
IN LPCSTR CmdLine,
IN ULONG ParamIndex,
OUT LPSTR Buffer,
IN ULONG BufferSize,
OUT PULONG ParamLen
)
{
ULONG c, plen = 0;
TCHAR divider;
if (CmdLine == NULL)
return FALSE;
if (ParamLen != NULL)
*ParamLen = 0;
for (c = 0; c <= ParamIndex; c++) {
plen = 0;
while (*CmdLine == ' ')
CmdLine++;
switch (*CmdLine) {
case 0:
goto zero_term_exit;
case '"':
CmdLine++;
divider = '"';
break;
default:
divider = ' ';
}
while ((*CmdLine != '"') && (*CmdLine != divider) && (*CmdLine != 0)) {
plen++;
if (c == ParamIndex)
if ((plen < BufferSize) && (Buffer != NULL)) {
*Buffer = *CmdLine;
Buffer++;
}
CmdLine++;
}
if (*CmdLine != 0)
CmdLine++;
}
zero_term_exit:
if ((Buffer != NULL) && (BufferSize > 0))
*Buffer = 0;
if (ParamLen != NULL)
*ParamLen = plen;
if (plen < BufferSize)
return TRUE;
else
return FALSE;
}
char *ExtractFilePathA(const char *FileName, char *FilePath)
{
char *p = (char *)FileName, *p0 = (char *)FileName;
if ((FileName == 0) || (FilePath == 0))
return 0;
while (*FileName != 0) {
if (*FileName == '\\')
p = (char *)FileName + 1;
FileName++;
}
while (p0 < p) {
*FilePath = *p0;
FilePath++;
p0++;
}
*FilePath = 0;
return FilePath;
}
wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath)
{
wchar_t *p = (wchar_t *)FileName, *p0 = (wchar_t *)FileName;
if ((FileName == 0) || (FilePath == 0))
return 0;
while (*FileName != 0) {
if (*FileName == '\\')
p = (wchar_t *)FileName + 1;
FileName++;
}
while (p0 < p) {
*FilePath = *p0;
FilePath++;
p0++;
}
*FilePath = 0;
return FilePath;
}
================================================
FILE: Source/minirtl/cmdline.h
================================================
#ifndef _CMDLINEH_
#define _CMDLINEH_
BOOL GetCommandLineParamW(
IN LPCWSTR CmdLine,
IN ULONG ParamIndex,
OUT LPWSTR Buffer,
IN ULONG BufferSize,
OUT PULONG ParamLen
);
BOOL GetCommandLineParamA(
IN LPCSTR CmdLine,
IN ULONG ParamIndex,
OUT LPSTR Buffer,
IN ULONG BufferSize,
OUT PULONG ParamLen
);
char *ExtractFilePathA(const char *FileName, char *FilePath);
wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath);
#ifdef UNICODE
#define ExtractFilePath ExtractFilePathW
#define GetCommandLineParam GetCommandLineParamW
#else // ANSI
#define ExtractFilePath ExtractFilePathA
#define GetCommandLineParam GetCommandLineParamA
#endif
#endif /* _CMDLINEH_ */
================================================
FILE: Source/minirtl/hextou64.c
================================================
#include "rtltypes.h"
unsigned long long hextou64_a(char *s)
{
unsigned long long r = 0;
char c;
if (s == 0)
return 0;
while (*s != 0) {
c = locase_a(*s);
s++;
if (_isdigit_a(c))
r = 16 * r + (c - '0');
else
if ((c >= 'a') && (c <= 'f'))
r = 16 * r + (c - 'a' + 10);
else
break;
}
return r;
}
unsigned long long hextou64_w(wchar_t *s)
{
unsigned long long r = 0;
wchar_t c;
if ( s==0 )
return 0;
while ( *s!=0 ) {
c = locase_w(*s);
s++;
if (_isdigit_w(c))
r = 16*r + (c-L'0');
else
if ((c >= L'a') && (c <= L'f'))
r = 16*r + (c-L'a'+10);
else
break;
}
return r;
}
================================================
FILE: Source/minirtl/hextoul.c
================================================
#include "rtltypes.h"
unsigned long hextoul_a(char *s)
{
unsigned long r = 0;
char c;
if (s == 0)
return 0;
while (*s != 0) {
c = locase_a(*s);
s++;
if (_isdigit_a(c))
r = 16 * r + (c - '0');
else
if ((c >= 'a') && (c <= 'f'))
r = 16 * r + (c - 'a' + 10);
else
break;
}
return r;
}
unsigned long hextoul_w(wchar_t *s)
{
unsigned long r = 0;
wchar_t c;
if ( s==0 )
return 0;
while ( *s!=0 ) {
c = locase_w(*s);
s++;
if (_isdigit_w(c))
r = 16*r + (c-L'0');
else
if ((c >= L'a') && (c <= L'f'))
r = 16*r + (c-L'a'+10);
else
break;
}
return r;
}
================================================
FILE: Source/minirtl/i64tostr.c
================================================
#include "rtltypes.h"
size_t i64tostr_a(signed long long x, char *s)
{
signed long long t=x;
size_t i, r=1, sign;
if (x < 0) {
sign = 1;
while (t <= -10) {
t /= 10;
r++;
}
}
else {
sign = 0;
while (t >= 10) {
t /= 10;
r++;
}
}
if (s == 0)
return r + sign;
if (sign) {
*s = '-';
s++;
}
for (i = r; i != 0; i--) {
s[i - 1] = (char)byteabs(x % 10) + '0';
x /= 10;
}
s[r] = (char)0;
return r + sign;
}
size_t i64tostr_w(signed long long x, wchar_t *s)
{
signed long long t=x;
size_t i, r=1, sign;
if (x < 0) {
sign = 1;
while (t <= -10) {
t /= 10;
r++;
}
} else {
sign = 0;
while (t >= 10) {
t /= 10;
r++;
}
}
if (s == 0)
return r+sign;
if (sign) {
*s = '-';
s++;
}
for (i = r; i != 0; i--) {
s[i-1] = (wchar_t)byteabs(x % 10) + L'0';
x /= 10;
}
s[r] = (wchar_t)0;
return r+sign;
}
================================================
FILE: Source/minirtl/itostr.c
================================================
#include "rtltypes.h"
size_t itostr_a(int x, char *s)
{
int t;
size_t i, r = 1, sign;
t = x;
if (x < 0) {
sign = 1;
while (t <= -10) {
t /= 10;
r++;
}
}
else {
sign = 0;
while (t >= 10) {
t /= 10;
r++;
}
}
if (s == 0)
return r + sign;
if (sign) {
*s = '-';
s++;
}
for (i = r; i != 0; i--) {
s[i - 1] = (char)byteabs(x % 10) + '0';
x /= 10;
}
s[r] = (char)0;
return r + sign;
}
size_t itostr_w(int x, wchar_t *s)
{
int t;
size_t i, r = 1, sign;
t = x;
if (x < 0) {
sign = 1;
while (t <= -10) {
t /= 10;
r++;
}
}
else {
sign = 0;
while (t >= 10) {
t /= 10;
r++;
}
}
if (s == 0)
return r + sign;
if (sign) {
*s = '-';
s++;
}
for (i = r; i != 0; i--) {
s[i - 1] = (wchar_t)byteabs(x % 10) + L'0';
x /= 10;
}
s[r] = (wchar_t)0;
return r + sign;
}
================================================
FILE: Source/minirtl/minirtl.h
================================================
/*
Module name:
minirtl.h
Description:
header for string handling and conversion routines
Date:
1 Mar 2015
*/
#ifndef _MINIRTL_
#define _MINIRTL_
// string copy/concat/length
char *_strend_a(const char *s);
wchar_t *_strend_w(const wchar_t *s);
char *_strcpy_a(char *dest, const char *src);
wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src);
char *_strcat_a(char *dest, const char *src);
wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src);
char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc);
wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc);
size_t _strlen_a(const char *s);
size_t _strlen_w(const wchar_t *s);
// comparing
int _strcmp_a(const char *s1, const char *s2);
int _strcmp_w(const wchar_t *s1, const wchar_t *s2);
int _strncmp_a(const char *s1, const char *s2, size_t cchars);
int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
int _strcmpi_a(const char *s1, const char *s2);
int _strcmpi_w(const wchar_t *s1, const wchar_t *s2);
int _strncmpi_a(const char *s1, const char *s2, size_t cchars);
int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
char *_strstr_a(const char *s, const char *sub_s);
wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s);
char *_strstri_a(const char *s, const char *sub_s);
wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s);
// conversion of integer types to string, returning string length
size_t ultostr_a(unsigned long x, char *s);
size_t ultostr_w(unsigned long x, wchar_t *s);
size_t ultohex_a(unsigned long x, char *s);
size_t ultohex_w(unsigned long x, wchar_t *s);
size_t itostr_a(int x, char *s);
size_t itostr_w(int x, wchar_t *s);
size_t i64tostr_a(signed long long x, char *s);
size_t i64tostr_w(signed long long x, wchar_t *s);
size_t u64tostr_a(unsigned long long x, char *s);
size_t u64tostr_w(unsigned long long x, wchar_t *s);
size_t u64tohex_a(unsigned long long x, char *s);
size_t u64tohex_w(unsigned long long x, wchar_t *s);
// string to integers conversion
unsigned long strtoul_a(char *s);
unsigned long strtoul_w(wchar_t *s);
unsigned long long strtou64_a(char *s);
unsigned long long strtou64_w(wchar_t *s);
unsigned long hextoul_a(char *s);
unsigned long hextoul_w(wchar_t *s);
int strtoi_a(char *s);
int strtoi_w(wchar_t *s);
signed long long strtoi64_a(char *s);
signed long long strtoi64_w(wchar_t *s);
unsigned long long hextou64_a(char *s);
unsigned long long hextou64_w(wchar_t *s);
/* =================================== */
#ifdef UNICODE
#define _strend _strend_w
#define _strcpy _strcpy_w
#define _strcat _strcat_w
#define _strlen _strlen_w
#define _strncpy _strncpy_w
#define _strcmp _strcmp_w
#define _strncmp _strncmp_w
#define _strcmpi _strcmpi_w
#define _strncmpi _strncmpi_w
#define _strstr _strstr_w
#define _strstri _strstri_w
#define ultostr ultostr_w
#define ultohex ultohex_w
#define itostr itostr_w
#define i64tostr i64tostr_w
#define u64tostr u64tostr_w
#define u64tohex u64tohex_w
#define strtoul strtoul_w
#define hextoul hextoul_w
#define strtoi strtoi_w
#define strtoi64 strtoi64_w
#define strtou64 strtou64_w
#define hextou64 hextou64_w
#else // ANSI
#define _strend _strend_a
#define _strcpy _strcpy_a
#define _strcat _strcat_a
#define _strlen _strlen_a
#define _strncpy _strncpy_a
#define _strcmp _strcmp_a
#define _strcmp _strcmp_a
#define _strncmp _strncmp_a
#define _strcmpi _strcmpi_a
#define _strncmpi _strncmpi_a
#define _strstr _strstr_a
#define _strstri _strstri_a
#define ultostr ultostr_a
#define ultohex ultohex_a
#define itostr itostr_a
#define i64tostr i64tostr_a
#define u64tostr u64tostr_a
#define u64tohex u64tohex_a
#define strtoul strtoul_a
#define hextoul hextoul_a
#define strtoi strtoi_a
#define strtoi64 strtoi64_a
#define strtou64 strtou64_a
#define hextou64 hextou64_a
#endif
#endif /* _MINIRTL_ */
================================================
FILE: Source/minirtl/rtltypes.h
================================================
#ifndef _WCHAR_T_DEFINED
typedef unsigned short wchar_t;
#define _WCHAR_T_DEFINED
#endif /* _WCHAR_T_DEFINED */
#ifndef _SIZE_T_DEFINED
#ifdef _WIN64
typedef unsigned __int64 size_t;
#else /* _WIN64 */
typedef __w64 unsigned int size_t;
#endif /* _WIN64 */
#define _SIZE_T_DEFINED
#endif /* _SIZE_T_DEFINED */
__forceinline char locase_a(char c)
{
if ((c >= 'A') && (c <= 'Z'))
return c + 0x20;
else
return c;
}
__forceinline wchar_t locase_w(wchar_t c)
{
if ((c >= 'A') && (c <= 'Z'))
return c + 0x20;
else
return c;
}
__forceinline char byteabs(char x) {
if (x < 0)
return -x;
return x;
}
__forceinline int _isdigit_a(char x) {
return ((x >= '0') && (x <= '9'));
}
__forceinline int _isdigit_w(wchar_t x) {
return ((x >= L'0') && (x <= L'9'));
}
================================================
FILE: Source/minirtl/strtoi.c
================================================
#include "rtltypes.h"
int strtoi_a(char *s)
{
int a = 0, sign;
char c;
if (s == 0)
return 0;
switch (*s) {
case '-':
s++;
sign = -1;
break;
case '+':
s++;
sign = 1;
break;
default:
sign = 1;
}
while (*s != 0) {
c = *s;
if (_isdigit_a(c))
a = (a*10) + (c-'0');
else
break;
s++;
}
return a*sign;
}
int strtoi_w(wchar_t *s)
{
int a = 0, sign;
wchar_t c;
if (s == 0)
return 0;
switch (*s) {
case L'-':
s++;
sign = -1;
break;
case L'+':
s++;
sign = 1;
break;
default:
sign = 1;
}
while (*s != 0) {
c = *s;
if (_isdigit_w(c))
a = (a*10)+(c-L'0');
else
break;
s++;
}
return a*sign;
}
================================================
FILE: Source/minirtl/strtoi64
gitextract_4mmdaia1/ ├── Compiled/ │ ├── s32 │ └── s64 ├── LICENSE.md ├── README.md ├── Source/ │ ├── Harusame/ │ │ ├── Harusame.vcxproj │ │ ├── Harusame.vcxproj.filters │ │ ├── Harusame.vcxproj.user │ │ ├── main.c │ │ ├── resource.h │ │ └── resource.rc │ ├── Murasame/ │ │ ├── Murasame.vcxproj │ │ ├── Murasame.vcxproj.filters │ │ ├── Murasame.vcxproj.user │ │ ├── main.c │ │ ├── resource.h │ │ └── resource.rc │ ├── Shigure/ │ │ ├── Shigure.vcxproj │ │ ├── Shigure.vcxproj.filters │ │ ├── Shigure.vcxproj.user │ │ ├── main.c │ │ ├── resource.h │ │ └── resource.rc │ ├── Umikaze/ │ │ ├── Umikaze.vcxproj │ │ ├── Umikaze.vcxproj.filters │ │ ├── Umikaze.vcxproj.user │ │ ├── main.c │ │ ├── resource.h │ │ └── resource.rc │ ├── Yuudachi/ │ │ ├── Yuudachi.vcxproj │ │ ├── Yuudachi.vcxproj.filters │ │ ├── Yuudachi.vcxproj.user │ │ ├── gui.c │ │ ├── gui.h │ │ ├── main.c │ │ ├── p2p.c │ │ ├── p2p.h │ │ ├── resource.h │ │ ├── resource.rc │ │ └── za.manifest │ ├── ZeroAccess.sln │ ├── minirtl/ │ │ ├── _filename.c │ │ ├── _filename.h │ │ ├── _strcat.c │ │ ├── _strcmp.c │ │ ├── _strcmpi.c │ │ ├── _strcpy.c │ │ ├── _strend.c │ │ ├── _strlen.c │ │ ├── _strncmp.c │ │ ├── _strncmpi.c │ │ ├── _strncpy.c │ │ ├── _strstr.c │ │ ├── _strstri.c │ │ ├── cmdline.c │ │ ├── cmdline.h │ │ ├── hextou64.c │ │ ├── hextoul.c │ │ ├── i64tostr.c │ │ ├── itostr.c │ │ ├── minirtl.h │ │ ├── rtltypes.h │ │ ├── strtoi.c │ │ ├── strtoi64.c │ │ ├── strtou64.c │ │ ├── strtoul.c │ │ ├── u64tohex.c │ │ ├── u64tostr.c │ │ ├── ultohex.c │ │ └── ultostr.c │ └── shared/ │ ├── cab.c │ ├── cab.h │ ├── cui.c │ ├── cui.h │ ├── ea.c │ ├── ea.h │ ├── gdip.c │ ├── gdip.h │ ├── global.h │ ├── ldr.c │ ├── ldr.h │ ├── md5.c │ ├── md5.h │ ├── ntos.h │ ├── rc4.c │ ├── rc4.h │ ├── util.c │ ├── util.h │ ├── za.h │ ├── za_crypto.c │ ├── za_crypto.h │ └── za_rkey.h └── ZeroAccess.sha256
SYMBOL INDEX (347 symbols across 51 files)
FILE: Source/Harusame/main.c
function UINT (line 44) | UINT SfProcessCmdLine(
function SfMain (line 139) | void SfMain(
FILE: Source/Murasame/main.c
function UINT (line 50) | UINT SfExtractDropper(
function SfMain (line 211) | void SfMain(
FILE: Source/Shigure/main.c
function UINT (line 48) | UINT SfDecryptPayload(
function SfMain (line 230) | void SfMain(
FILE: Source/Umikaze/main.c
function NTSTATUS (line 43) | NTSTATUS SfDecodePeerList(
function UINT (line 179) | UINT SfProcessCmdLine(
function SfMain (line 274) | void SfMain(
FILE: Source/Yuudachi/gui.c
function VOID (line 40) | VOID SfUIAddEvent(
function VOID (line 142) | VOID SfUIMainWindowResize(
function LRESULT (line 176) | LRESULT CALLBACK SfUIMainWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam,...
function SfUICreateControls (line 212) | void SfUICreateControls(
function SfUImain (line 281) | void SfUImain(
FILE: Source/Yuudachi/gui.h
type ZA_GUI_CONTEXT (line 22) | typedef struct _ZA_GUI_CONTEXT {
FILE: Source/Yuudachi/main.c
function SfMain (line 31) | void SfMain(
FILE: Source/Yuudachi/p2p.c
function RTL_GENERIC_COMPARE_RESULTS (line 42) | RTL_GENERIC_COMPARE_RESULTS NTAPI SfAvlCompareCallback(
function PVOID (line 73) | PVOID NTAPI SfAvlAllocateCallback(
function VOID (line 90) | VOID NTAPI SfAvlFreeCallback(
function SfQSortCompare (line 107) | int __cdecl SfQSortCompare(
function BOOL (line 131) | BOOL SfNStoreFile(
function BOOL (line 174) | BOOL SfNDownloadFile(
function VOID (line 294) | VOID SfNAddFileHeader(
function SfNFormatPrintPeer (line 364) | void SfNFormatPrintPeer(
function VOID (line 407) | VOID SfNAddToTable(
function DWORD (line 466) | DWORD WINAPI SfNgetLSender(
function DWORD (line 590) | DWORD WINAPI SfNP2PListener(
function VOID (line 755) | VOID WINAPI SfNWorkerThread(
function BOOL (line 962) | BOOL SfNStartup(
function VOID (line 1060) | VOID SfNMain(
FILE: Source/Yuudachi/p2p.h
type ZA_SCANCTX (line 83) | typedef struct _ZA_SCANCTX {
FILE: Source/minirtl/_filename.c
function wchar_t (line 19) | wchar_t *_filename_w(const wchar_t *f)
function wchar_t (line 53) | wchar_t *_fileext_w(const wchar_t *f)
function wchar_t (line 107) | wchar_t *_filename_noext_w(wchar_t *dest, const wchar_t *f)
function wchar_t (line 165) | wchar_t *_filepath_w(const wchar_t *fname, wchar_t *fpath)
FILE: Source/minirtl/_strcat.c
function wchar_t (line 21) | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
FILE: Source/minirtl/_strcmp.c
function _strcmp_a (line 3) | int _strcmp_a(const char *s1, const char *s2)
function _strcmp_w (line 26) | int _strcmp_w(const wchar_t *s1, const wchar_t *s2)
FILE: Source/minirtl/_strcmpi.c
function _strcmpi_a (line 3) | int _strcmpi_a(const char *s1, const char *s2)
function _strcmpi_w (line 26) | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2)
FILE: Source/minirtl/_strcpy.c
function wchar_t (line 24) | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
FILE: Source/minirtl/_strend.c
function wchar_t (line 14) | wchar_t *_strend_w(const wchar_t *s)
FILE: Source/minirtl/_strlen.c
function _strlen_a (line 3) | size_t _strlen_a(const char *s)
function _strlen_w (line 16) | size_t _strlen_w(const wchar_t *s)
FILE: Source/minirtl/_strncmp.c
function _strncmp_a (line 3) | int _strncmp_a(const char *s1, const char *s2, size_t cchars)
function _strncmp_w (line 30) | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
FILE: Source/minirtl/_strncmpi.c
function _strncmpi_a (line 3) | int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
function _strncmpi_w (line 30) | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
FILE: Source/minirtl/_strncpy.c
function wchar_t (line 25) | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, si...
FILE: Source/minirtl/_strstr.c
function wchar_t (line 46) | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s)
FILE: Source/minirtl/_strstri.c
function wchar_t (line 46) | wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s)
FILE: Source/minirtl/cmdline.c
function BOOL (line 3) | BOOL GetCommandLineParamW(
function BOOL (line 70) | BOOL GetCommandLineParamA(
function wchar_t (line 158) | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath)
FILE: Source/minirtl/hextou64.c
function hextou64_a (line 3) | unsigned long long hextou64_a(char *s)
function hextou64_w (line 25) | unsigned long long hextou64_w(wchar_t *s)
FILE: Source/minirtl/hextoul.c
function hextoul_a (line 3) | unsigned long hextoul_a(char *s)
function hextoul_w (line 25) | unsigned long hextoul_w(wchar_t *s)
FILE: Source/minirtl/i64tostr.c
function i64tostr_a (line 3) | size_t i64tostr_a(signed long long x, char *s)
function i64tostr_w (line 40) | size_t i64tostr_w(signed long long x, wchar_t *s)
FILE: Source/minirtl/itostr.c
function itostr_a (line 3) | size_t itostr_a(int x, char *s)
function itostr_w (line 43) | size_t itostr_w(int x, wchar_t *s)
FILE: Source/minirtl/rtltypes.h
type wchar_t (line 2) | typedef unsigned short wchar_t;
function locase_a (line 15) | __forceinline char locase_a(char c)
function wchar_t (line 23) | __forceinline wchar_t locase_w(wchar_t c)
function byteabs (line 31) | __forceinline char byteabs(char x) {
function _isdigit_a (line 37) | __forceinline int _isdigit_a(char x) {
function _isdigit_w (line 41) | __forceinline int _isdigit_w(wchar_t x) {
FILE: Source/minirtl/strtoi.c
function strtoi_a (line 3) | int strtoi_a(char *s)
function strtoi_w (line 37) | int strtoi_w(wchar_t *s)
FILE: Source/minirtl/strtoi64.c
function strtoi64_a (line 3) | signed long long strtoi64_a(char *s)
function strtoi64_w (line 37) | signed long long strtoi64_w(wchar_t *s)
FILE: Source/minirtl/strtou64.c
function strtou64_a (line 3) | unsigned long long strtou64_a(char *s)
function strtou64_w (line 22) | unsigned long long strtou64_w(wchar_t *s)
FILE: Source/minirtl/strtoul.c
function strtoul_a (line 5) | unsigned long strtoul_a(char *s)
function strtoul_w (line 28) | unsigned long strtoul_w(wchar_t *s)
FILE: Source/minirtl/u64tohex.c
function u64tohex_a (line 3) | size_t u64tohex_a(unsigned long long x, char *s)
function u64tohex_w (line 27) | size_t u64tohex_w(unsigned long long x, wchar_t *s)
FILE: Source/minirtl/u64tostr.c
function u64tostr_a (line 3) | size_t u64tostr_a(unsigned long long x, char *s)
function u64tostr_w (line 25) | size_t u64tostr_w(unsigned long long x, wchar_t *s)
FILE: Source/minirtl/ultohex.c
function ultohex_a (line 3) | size_t ultohex_a(unsigned long x, char *s)
function ultohex_w (line 27) | size_t ultohex_w(unsigned long x, wchar_t *s)
FILE: Source/minirtl/ultostr.c
function ultostr_a (line 3) | size_t ultostr_a(unsigned long x, char *s)
function ultostr_w (line 25) | size_t ultostr_w(unsigned long x, wchar_t *s)
FILE: Source/shared/cab.c
function fdiFree (line 49) | void DIAMONDAPI fdiFree(
function fdiClose (line 66) | int DIAMONDAPI fdiClose(
function INT_PTR (line 82) | INT_PTR DIAMONDAPI fdiOpen(
function UINT (line 120) | UINT DIAMONDAPI fdiRead(
function UINT (line 144) | UINT fdiWrite(
function fdiSeek (line 168) | long fdiSeek(
function INT_PTR (line 201) | INT_PTR DIAMONDAPI fdiNotify(FDINOTIFICATIONTYPE fdint, PFDINOTIFICATION...
function PVOID (line 259) | PVOID SfcabExtractMemory(
FILE: Source/shared/cab.h
type CABDATA (line 23) | typedef struct _CABDATA {
FILE: Source/shared/cui.c
function VOID (line 30) | VOID SfcuiPrintText(
FILE: Source/shared/ea.c
function BOOL (line 34) | BOOL SfNtfsQueryFileHeaderFromEa(
function BOOL (line 71) | BOOL SfNtfsSetFileHeaderToEa(
function NTSTATUS (line 110) | NTSTATUS SfNtfsDumpFileEa(
function BOOL (line 141) | BOOL TestEa(
FILE: Source/shared/gdip.c
function BOOL (line 23) | BOOL SfInitGdiPlus(
FILE: Source/shared/gdip.h
type GDI_STATUS (line 22) | typedef enum {
type GdiplusStartupInput (line 47) | typedef struct _GdiplusStartupInput {
type GdiplusStartupOutput (line 54) | typedef struct _GdiplusStartupOutput {
type GdiPlusRect (line 59) | typedef struct _GdiPlusRect {
type GdiPlusBitmapData (line 66) | typedef struct _GdiPlusBitmapData {
type ImageLockMode (line 117) | typedef enum
FILE: Source/shared/ldr.c
type ZA_THREAD_CTX (line 25) | typedef struct _ZA_THREAD_CTX {
function PBYTE (line 41) | PBYTE SfLdrQueryResourceDataEx(
function PBYTE (line 153) | PBYTE SfLdrQueryResourceData(
function VOID (line 187) | VOID NTAPI SfLdrEnumModules(
function LONG (line 211) | LONG NTAPI SfLdrVehHandler(
function VOID (line 268) | VOID SfLdrLoadPayload(
FILE: Source/shared/md5.c
function BOOLEAN (line 34) | BOOLEAN SfInitMD5(
FILE: Source/shared/md5.h
type MD5_CTX (line 22) | typedef struct {
FILE: Source/shared/ntos.h
type UNICODE_STRING (line 124) | typedef struct _UNICODE_STRING {
type UNICODE_STRING (line 129) | typedef UNICODE_STRING *PUNICODE_STRING;
type UNICODE_STRING (line 130) | typedef const UNICODE_STRING *PCUNICODE_STRING;
type STRING (line 132) | typedef struct _STRING
type STRING (line 138) | typedef STRING *PSTRING;
type STRING (line 140) | typedef STRING ANSI_STRING;
type PSTRING (line 141) | typedef PSTRING PANSI_STRING;
type STRING (line 143) | typedef STRING OEM_STRING;
type PSTRING (line 144) | typedef PSTRING POEM_STRING;
type CONST (line 145) | typedef CONST STRING* PCOEM_STRING;
type CONST (line 146) | typedef CONST char *PCSZ;
type CSTRING (line 148) | typedef struct _CSTRING
type CSTRING (line 154) | typedef CSTRING *PCSTRING;
type STRING (line 157) | typedef STRING CANSI_STRING;
type PSTRING (line 158) | typedef PSTRING PCANSI_STRING;
type OBJECT_ATTRIBUTES (line 160) | typedef struct _OBJECT_ATTRIBUTES {
type OBJECT_ATTRIBUTES (line 168) | typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
type IO_STATUS_BLOCK (line 170) | typedef struct _IO_STATUS_BLOCK {
type SEMAPHORE_INFORMATION_CLASS (line 184) | typedef enum _SEMAPHORE_INFORMATION_CLASS {
type SEMAPHORE_BASIC_INFORMATION (line 190) | typedef struct _SEMAPHORE_BASIC_INFORMATION {
type SYSTEM_MEMORY_LIST_COMMAND (line 204) | typedef enum _SYSTEM_MEMORY_LIST_COMMAND {
type SYSTEM_FILECACHE_INFORMATION (line 214) | typedef struct _SYSTEM_FILECACHE_INFORMATION {
type LONG (line 235) | typedef LONG KPRIORITY;
type THREAD_STATE (line 238) | typedef enum _THREAD_STATE {
type KWAIT_REASON (line 249) | typedef enum _KWAIT_REASON {
type CLIENT_ID (line 290) | typedef struct _CLIENT_ID {
type VM_COUNTERS (line 295) | typedef struct _VM_COUNTERS {
type SYSTEM_THREAD_INFORMATION (line 310) | typedef struct _SYSTEM_THREAD_INFORMATION {
type SYSTEM_PROCESSES_INFORMATION (line 324) | typedef struct _SYSTEM_PROCESSES_INFORMATION {
type PROCESSINFOCLASS (line 345) | typedef enum _PROCESSINFOCLASS {
type PROCESS_BASIC_INFORMATION (line 411) | typedef struct _PROCESS_BASIC_INFORMATION {
type PROCESS_BASIC_INFORMATION (line 419) | typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
type PROCESS_EXTENDED_BASIC_INFORMATION (line 421) | typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION {
type SYSTEM_INFORMATION_CLASS (line 446) | typedef enum _SYSTEM_INFORMATION_CLASS
type VOID (line 617) | typedef VOID(*PTIMER_APC_ROUTINE) (
type TIMER_TYPE (line 623) | typedef enum _TIMER_TYPE {
type TIMER_INFORMATION_CLASS (line 629) | typedef enum _TIMER_INFORMATION_CLASS {
type TIMER_BASIC_INFORMATION (line 635) | typedef struct _TIMER_BASIC_INFORMATION {
type OBJECT_DIRECTORY_INFORMATION (line 651) | typedef struct _OBJECT_DIRECTORY_INFORMATION {
type OBJECT_INFORMATION_CLASS (line 688) | typedef enum _OBJECT_INFORMATION_CLASS {
type OBJECT_BASIC_INFORMATION (line 700) | typedef struct _OBJECT_BASIC_INFORMATION {
type OBJECT_NAME_INFORMATION (line 716) | typedef struct _OBJECT_NAME_INFORMATION {
type OBJECT_TYPE_INFORMATION (line 722) | typedef struct _OBJECT_TYPE_INFORMATION {
type OBJECT_TYPE_INFORMATION_8 (line 747) | typedef struct _OBJECT_TYPE_INFORMATION_8 {
type OBJECT_TYPES_INFORMATION (line 774) | typedef struct _OBJECT_TYPES_INFORMATION
type OBJECT_HANDLE_FLAG_INFORMATION (line 782) | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
type FILE_INFORMATION_CLASS (line 839) | typedef enum _FILE_INFORMATION_CLASS
type FS_INFORMATION_CLASS (line 896) | typedef enum _FSINFOCLASS {
type FILE_BASIC_INFORMATION (line 911) | typedef struct _FILE_BASIC_INFORMATION {
type FILE_STANDARD_INFORMATION (line 919) | typedef struct _FILE_STANDARD_INFORMATION
type FILE_INTERNAL_INFORMATION (line 928) | typedef struct _FILE_INTERNAL_INFORMATION {
type FILE_EA_INFORMATION (line 932) | typedef struct _FILE_EA_INFORMATION {
type FILE_ACCESS_INFORMATION (line 936) | typedef struct _FILE_ACCESS_INFORMATION {
type FILE_POSITION_INFORMATION (line 940) | typedef struct _FILE_POSITION_INFORMATION {
type FILE_MODE_INFORMATION (line 944) | typedef struct _FILE_MODE_INFORMATION {
type FILE_ALIGNMENT_INFORMATION (line 948) | typedef struct _FILE_ALIGNMENT_INFORMATION {
type FILE_NAME_INFORMATION (line 952) | typedef struct _FILE_NAME_INFORMATION {
type FILE_ALL_INFORMATION (line 957) | typedef struct _FILE_ALL_INFORMATION {
type FILE_NETWORK_OPEN_INFORMATION (line 969) | typedef struct _FILE_NETWORK_OPEN_INFORMATION {
type FILE_ATTRIBUTE_TAG_INFORMATION (line 979) | typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION {
type FILE_ALLOCATION_INFORMATION (line 984) | typedef struct _FILE_ALLOCATION_INFORMATION {
type FILE_COMPRESSION_INFORMATION (line 988) | typedef struct _FILE_COMPRESSION_INFORMATION {
type FILE_DISPOSITION_INFORMATION (line 997) | typedef struct _FILE_DISPOSITION_INFORMATION {
type FILE_END_OF_FILE_INFORMATION (line 1001) | typedef struct _FILE_END_OF_FILE_INFORMATION {
type FILE_VALID_DATA_LENGTH_INFORMATION (line 1005) | typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION {
type FILE_LINK_INFORMATION (line 1009) | typedef struct _FILE_LINK_INFORMATION {
type FILE_MOVE_CLUSTER_INFORMATION (line 1016) | typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
type FILE_RENAME_INFORMATION (line 1023) | typedef struct _FILE_RENAME_INFORMATION {
type FILE_STREAM_INFORMATION (line 1030) | typedef struct _FILE_STREAM_INFORMATION {
type FILE_TRACKING_INFORMATION (line 1038) | typedef struct _FILE_TRACKING_INFORMATION {
type FILE_COMPLETION_INFORMATION (line 1044) | typedef struct _FILE_COMPLETION_INFORMATION {
type FILE_PIPE_INFORMATION (line 1095) | typedef struct _FILE_PIPE_INFORMATION {
type FILE_PIPE_LOCAL_INFORMATION (line 1100) | typedef struct _FILE_PIPE_LOCAL_INFORMATION {
type FILE_PIPE_REMOTE_INFORMATION (line 1113) | typedef struct _FILE_PIPE_REMOTE_INFORMATION {
type FILE_MAILSLOT_QUERY_INFORMATION (line 1118) | typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
type FILE_MAILSLOT_SET_INFORMATION (line 1126) | typedef struct _FILE_MAILSLOT_SET_INFORMATION {
type FILE_REPARSE_POINT_INFORMATION (line 1130) | typedef struct _FILE_REPARSE_POINT_INFORMATION {
type FILE_FULL_EA_INFORMATION (line 1156) | typedef struct _FILE_FULL_EA_INFORMATION {
type FILE_GET_EA_INFORMATION (line 1164) | typedef struct _FILE_GET_EA_INFORMATION {
type FILE_GET_QUOTA_INFORMATION (line 1170) | typedef struct _FILE_GET_QUOTA_INFORMATION {
type FILE_QUOTA_INFORMATION (line 1176) | typedef struct _FILE_QUOTA_INFORMATION {
type FILE_DIRECTORY_INFORMATION (line 1186) | typedef struct _FILE_DIRECTORY_INFORMATION {
type FILE_FULL_DIR_INFORMATION (line 1200) | typedef struct _FILE_FULL_DIR_INFORMATION {
type FILE_ID_FULL_DIR_INFORMATION (line 1215) | typedef struct _FILE_ID_FULL_DIR_INFORMATION {
type FILE_BOTH_DIR_INFORMATION (line 1231) | typedef struct _FILE_BOTH_DIR_INFORMATION {
type FILE_ID_BOTH_DIR_INFORMATION (line 1248) | typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
type FILE_NAMES_INFORMATION (line 1266) | typedef struct _FILE_NAMES_INFORMATION {
type FILE_OBJECTID_INFORMATION (line 1273) | typedef struct _FILE_OBJECTID_INFORMATION {
type FILE_FS_VOLUME_INFORMATION (line 1286) | typedef struct _FILE_FS_VOLUME_INFORMATION {
type SECTION_INFORMATION_CLASS (line 1303) | typedef enum _SECTION_INFORMATION_CLASS {
type SECTION_BASIC_INFORMATION (line 1311) | typedef struct _SECTIONBASICINFO {
type SECTION_IMAGE_INFORMATION (line 1317) | typedef struct _SECTION_IMAGE_INFORMATION {
type SECTION_IMAGE_INFORMATION64 (line 1341) | typedef struct _SECTION_IMAGE_INFORMATION64 {
type SECTION_INHERIT (line 1365) | typedef enum _SECTION_INHERIT {
type SYSDBG_COMMAND (line 1389) | typedef enum _SYSDBG_COMMAND {
type SYSDBG_VIRTUAL (line 1431) | typedef struct _SYSDBG_VIRTUAL
type KSERVICE_TABLE_DESCRIPTOR (line 1473) | typedef struct _KSERVICE_TABLE_DESCRIPTOR {
type SYSTEM_BOOT_ENVIRONMENT_INFORMATION_V1 (line 1488) | typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION_V1 // Size=20
type SYSTEM_BOOT_ENVIRONMENT_INFORMATION (line 1494) | typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION // Size=32
type MUTANT_INFORMATION_CLASS (line 1510) | typedef enum _MUTANT_INFORMATION_CLASS {
type MUTANT_BASIC_INFORMATION (line 1516) | typedef struct _MUTANT_BASIC_INFORMATION {
type KEY_INFORMATION_CLASS (line 1532) | typedef enum _KEY_INFORMATION_CLASS {
type KEY_FULL_INFORMATION (line 1544) | typedef struct _KEY_FULL_INFORMATION {
type KEY_BASIC_INFORMATION (line 1560) | typedef struct _KEY_BASIC_INFORMATION {
type KEY_VALUE_INFORMATION_CLASS (line 1569) | typedef enum _KEY_VALUE_INFORMATION_CLASS {
type KEY_VALUE_BASIC_INFORMATION (line 1580) | typedef struct _KEY_VALUE_BASIC_INFORMATION {
type KEY_VALUE_FULL_INFORMATION (line 1589) | typedef struct _KEY_VALUE_FULL_INFORMATION {
type KEY_VALUE_PARTIAL_INFORMATION (line 1601) | typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
type KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 (line 1610) | typedef struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 {
type KEY_VALUE_ENTRY (line 1618) | typedef struct _KEY_VALUE_ENTRY {
type IO_COMPLETION_INFORMATION_CLASS (line 1635) | typedef enum _IO_COMPLETION_INFORMATION_CLASS {
type IO_COMPLETION_BASIC_INFORMATION (line 1641) | typedef struct _IO_COMPLETION_BASIC_INFORMATION {
type EVENT_INFORMATION_CLASS (line 1658) | typedef enum _EVENT_INFORMATION_CLASS {
type EVENT_TYPE (line 1662) | typedef enum _EVENT_TYPE {
type EVENT_BASIC_INFORMATION (line 1667) | typedef struct _EVENT_BASIC_INFORMATION {
type CSHORT (line 1681) | typedef short CSHORT;
type TIME_FIELDS (line 1683) | typedef struct _TIME_FIELDS {
type TIME_FIELDS (line 1693) | typedef TIME_FIELDS *PTIME_FIELDS;
type SYSTEM_HANDLE_TABLE_ENTRY_INFO (line 1703) | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
type SYSTEM_HANDLE_INFORMATION (line 1713) | typedef struct _SYSTEM_HANDLE_INFORMATION {
type PVOID (line 1792) | typedef PVOID *PDEVICE_MAP;
type OBJECT_DIRECTORY_ENTRY (line 1794) | typedef struct _OBJECT_DIRECTORY_ENTRY {
type EX_PUSH_LOCK (line 1800) | typedef struct _EX_PUSH_LOCK {
type OBJECT_NAMESPACE_LOOKUPTABLE (line 1813) | typedef struct _OBJECT_NAMESPACE_LOOKUPTABLE {
type OBJECT_NAMESPACE_ENTRY (line 1819) | typedef struct _OBJECT_NAMESPACE_ENTRY {
type OBJECT_DIRECTORY (line 1828) | typedef struct _OBJECT_DIRECTORY {
type OBJECT_HEADER_NAME_INFO (line 1837) | typedef struct _OBJECT_HEADER_NAME_INFO {
type OBJECT_HEADER_CREATOR_INFO (line 1843) | typedef struct _OBJECT_HEADER_CREATOR_INFO {// Size=32
type OBJECT_HANDLE_COUNT_ENTRY (line 1850) | typedef struct _OBJECT_HANDLE_COUNT_ENTRY {// Size=16
type OBJECT_HEADER_HANDLE_INFO (line 1859) | typedef struct _OBJECT_HEADER_HANDLE_INFO // Size=16
type OBJECT_HEADER_PROCESS_INFO (line 1868) | typedef struct _OBJECT_HEADER_PROCESS_INFO { // Size=16
type OBJECT_HEADER_QUOTA_INFO (line 1873) | typedef struct _OBJECT_HEADER_QUOTA_INFO {
type QUAD (line 1881) | typedef struct _QUAD {
type OBJECT_CREATE_INFORMATION (line 1889) | typedef struct _OBJECT_CREATE_INFORMATION {
type POOL_TYPE (line 1901) | typedef enum _POOL_TYPE {
type OBJECT_TYPE_INITIALIZER_V1 (line 1927) | typedef struct _OBJECT_TYPE_INITIALIZER_V1 {
type OBJECT_TYPE_INITIALIZER_V2 (line 1951) | typedef struct _OBJECT_TYPE_INITIALIZER_V2 {// Size=120
type OBJECT_TYPE_INITIALIZER_V3 (line 1972) | typedef struct _OBJECT_TYPE_INITIALIZER_V3 {// Size=120
type OBJECT_TYPE_INITIALIZER (line 1996) | typedef struct _OBJECT_TYPE_INITIALIZER {// Size=120
type OBJECT_TYPE_V2 (line 2017) | typedef struct _OBJECT_TYPE_V2 {// Size=216
type OBJECT_TYPE_V3 (line 2032) | typedef struct _OBJECT_TYPE_V3 {// Size=216
type OBJECT_TYPE_COMPATIBLE (line 2047) | typedef struct _OBJECT_TYPE_COMPATIBLE {
type OBJECT_HEADER (line 2063) | typedef struct _OBJECT_HEADER {
type DISPATCHER_HEADER (line 2098) | typedef struct _DISPATCHER_HEADER {
type KEVENT (line 2224) | typedef struct _KEVENT {
type KMUTANT (line 2228) | typedef struct _KMUTANT {
type KSEMAPHORE (line 2236) | typedef struct _KSEMAPHORE {
type KTIMER (line 2241) | typedef struct _KTIMER {
type KDEVICE_QUEUE_ENTRY (line 2250) | typedef struct _KDEVICE_QUEUE_ENTRY {
type KDPC_IMPORTANCE (line 2256) | typedef enum _KDPC_IMPORTANCE {
type KDPC (line 2262) | typedef struct _KDPC {
type WAIT_CONTEXT_BLOCK (line 2281) | typedef struct _WAIT_CONTEXT_BLOCK {
type VPB (line 2302) | typedef struct _VPB {
type KQUEUE (line 2314) | typedef struct _KQUEUE {
type KDEVICE_QUEUE (line 2322) | typedef struct _KDEVICE_QUEUE {
type _KOBJECTS (line 2346) | enum _KOBJECTS {
type DEVICE_OBJECT (line 2500) | typedef struct _DEVICE_OBJECT {
type DEVOBJ_EXTENSION (line 2531) | typedef struct _DEVOBJ_EXTENSION {
type FAST_IO_DISPATCH (line 2602) | typedef struct _FAST_IO_DISPATCH {
type DRIVER_EXTENSION (line 2678) | typedef struct _DRIVER_EXTENSION {
type DRIVER_OBJECT (line 2721) | typedef struct _DRIVER_OBJECT {
type _DRIVER_OBJECT (line 2782) | struct _DRIVER_OBJECT
type LDR_RESOURCE_INFO (line 2784) | typedef struct _LDR_RESOURCE_INFO {
type LDR_DATA_TABLE_ENTRY_COMPATIBLE (line 2790) | typedef struct _LDR_DATA_TABLE_ENTRY_COMPATIBLE {
type LDR_DATA_TABLE_ENTRY_COMPATIBLE (line 2822) | typedef LDR_DATA_TABLE_ENTRY_COMPATIBLE LDR_DATA_TABLE_ENTRY;
type LDR_DATA_TABLE_ENTRY_COMPATIBLE (line 2823) | typedef LDR_DATA_TABLE_ENTRY_COMPATIBLE *PLDR_DATA_TABLE_ENTRY;
type LDR_DATA_TABLE_ENTRY (line 2824) | typedef LDR_DATA_TABLE_ENTRY *PCLDR_DATA_TABLE_ENTRY;
type RTL_PROCESS_MODULE_INFORMATION (line 2834) | typedef struct _RTL_PROCESS_MODULE_INFORMATION {
type RTL_PROCESS_MODULES (line 2847) | typedef struct _RTL_PROCESS_MODULES {
type MEMORY_INFORMATION_CLASS (line 2860) | typedef enum _MEMORY_INFORMATION_CLASS
type MEMORY_REGION_INFORMATION (line 2869) | typedef struct _MEMORY_REGION_INFORMATION {
type SYSTEM_FIRMWARE_TABLE_ACTION (line 2884) | typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
type SYSTEM_FIRMWARE_TABLE_INFORMATION (line 2890) | typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION {
type PEB_LDR_DATA (line 2905) | typedef struct _PEB_LDR_DATA
type GDI_HANDLE_ENTRY (line 2918) | typedef struct _GDI_HANDLE_ENTRY
type GDI_SHARED_MEMORY (line 2943) | typedef struct _GDI_SHARED_MEMORY
type CURDIR (line 2955) | typedef struct _CURDIR
type RTL_DRIVE_LETTER_CURDIR (line 2964) | typedef struct _RTL_DRIVE_LETTER_CURDIR
type RTL_USER_PROCESS_PARAMETERS (line 2975) | typedef struct _RTL_USER_PROCESS_PARAMETERS
type ULONG (line 3024) | typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32];
type ULONG (line 3025) | typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64];
type ULONG (line 3026) | typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
type PEB (line 3028) | typedef struct _PEB
type TEB_ACTIVE_FRAME_CONTEXT (line 3160) | typedef struct _TEB_ACTIVE_FRAME_CONTEXT
type TEB_ACTIVE_FRAME (line 3166) | typedef struct _TEB_ACTIVE_FRAME
type GDI_TEB_BATCH (line 3175) | typedef struct _GDI_TEB_BATCH {
type TEB (line 3182) | typedef struct _TEB
type _PEB (line 3325) | struct _PEB
type PORT_MESSAGE (line 3335) | typedef struct _PORT_MESSAGE {
type PORT_DATA_ENTRY (line 3364) | typedef struct _PORT_DATA_ENTRY {
type PORT_DATA_INFORMATION (line 3369) | typedef struct _PORT_DATA_INFORMATION {
type LPC_CLIENT_DIED_MSG (line 3388) | typedef struct _LPC_CLIENT_DIED_MSG {
type PORT_VIEW (line 3393) | typedef struct _PORT_VIEW {
type REMOTE_PORT_VIEW (line 3402) | typedef struct _REMOTE_PORT_VIEW {
type KSYSTEM_TIME (line 3416) | typedef struct _KSYSTEM_TIME {
type NT_PRODUCT_TYPE (line 3422) | typedef enum _NT_PRODUCT_TYPE {
type ALTERNATIVE_ARCHITECTURE_TYPE (line 3430) | typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE {
type KUSER_SHARED_DATA (line 3445) | typedef struct _KUSER_SHARED_DATA_COMPAT {
function NTAPI (line 3824) | NTAPI
type ULONG (line 3971) | typedef ULONG CLONG;
type TABLE_SEARCH_RESULT (line 3973) | typedef enum _TABLE_SEARCH_RESULT {
type RTL_GENERIC_COMPARE_RESULTS (line 3980) | typedef enum _RTL_GENERIC_COMPARE_RESULTS {
type RTL_AVL_TABLE (line 3986) | typedef struct _RTL_AVL_TABLE RTL_AVL_TABLE;
type PRTL_AVL_TABLE (line 3987) | struct PRTL_AVL_TABLE
type RTL_BALANCED_LINKS (line 4011) | typedef struct _RTL_BALANCED_LINKS {
type RTL_AVL_TABLE (line 4019) | typedef struct _RTL_AVL_TABLE {
FILE: Source/shared/rc4.c
function swap_bytes (line 42) | static __inline void
function rc4_init (line 56) | void
function rc4_crypt (line 81) | void
FILE: Source/shared/rc4.h
type rc4_state (line 43) | typedef struct _rc4_state {
FILE: Source/shared/util.c
function VOID (line 32) | VOID SfuDecodeStream(
function ULONG_PTR (line 57) | ULONG_PTR SfuWriteBufferToFile(
function LPWSTR (line 145) | LPWSTR SfuQueryEnvironmentVariableOffset(
function BOOL (line 179) | BOOL SfuBuildBotPath(
function SOCKET (line 341) | SOCKET SfuWhoisInit(
function VOID (line 388) | VOID SfuWhoisClose(
function BOOL (line 405) | BOOL SfuWhois(
function BOOLEAN (line 487) | BOOLEAN SfuCalcVolumeMD5(
function PVOID (line 536) | PVOID SfuCreateFileMappingNoExec(
function VOID (line 596) | VOID SftListThreadPriv(
function PVOID (line 652) | PVOID SfuGetSystemInfo(
function BOOL (line 701) | BOOL SfuAdjustCurrentThreadPriv(
function BOOL (line 783) | BOOL SfuElevatePriv(
function NTSTATUS (line 840) | NTSTATUS SfuLoadPeerList(
function BOOL (line 907) | BOOL SfuCreateDirectory(
FILE: Source/shared/util.h
type ZA_BOT_PATH (line 27) | typedef struct _ZA_BOT_PATH {
FILE: Source/shared/za.h
type ZA_PEERINFO (line 22) | typedef struct _ZA_PEERINFO {
type ZA_PACKETHEADER (line 33) | typedef struct _ZA_PACKETHEADER {
type ZA_FILEHEADER (line 41) | typedef struct _ZA_FILEHEADER {
type ZA_PACKET (line 48) | typedef struct _ZA_PACKET {
type ZA_CALLHOME (line 53) | typedef struct _ZA_CALLHOME {
FILE: Source/shared/za_crypto.c
function BOOL (line 31) | BOOL SfcVerifyFile(
function NTSTATUS (line 124) | NTSTATUS SfcIsFileLegit(
function BOOL (line 223) | BOOL SfcValidateFileHeader(
Condensed preview — 92 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (445K chars).
[
{
"path": "LICENSE.md",
"chars": 1286,
"preview": "Copyright (c) 2016 - 2017 ZeroAccess Project\n\nRedistribution and use in source and binary forms, with or without\nmodific"
},
{
"path": "README.md",
"chars": 2719,
"preview": "\n# ZeroAccess\n## Toolkit for ZeroAccess/Sirefef v3\n\nZeroAccess is an advanced malware family (probably most advanced fro"
},
{
"path": "Source/Harusame/Harusame.vcxproj",
"chars": 11097,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"14.0\" xmlns=\"http://schemas.micros"
},
{
"path": "Source/Harusame/Harusame.vcxproj.filters",
"chars": 5650,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuil"
},
{
"path": "Source/Harusame/Harusame.vcxproj.user",
"chars": 1044,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"14.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "Source/Harusame/main.c",
"chars": 4744,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/Harusame/resource.h",
"chars": 388,
"preview": "//{{NO_DEPENDENCIES}}\n// Microsoft Visual C++ generated include file.\n// Used by resource.rc\n\n// Next default values for"
},
{
"path": "Source/Murasame/Murasame.vcxproj",
"chars": 10729,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"14.0\" xmlns=\"http://schemas.micros"
},
{
"path": "Source/Murasame/Murasame.vcxproj.filters",
"chars": 5371,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuil"
},
{
"path": "Source/Murasame/Murasame.vcxproj.user",
"chars": 678,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"14.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "Source/Murasame/main.c",
"chars": 7452,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/Murasame/resource.h",
"chars": 388,
"preview": "//{{NO_DEPENDENCIES}}\n// Microsoft Visual C++ generated include file.\n// Used by resource.rc\n\n// Next default values for"
},
{
"path": "Source/Shigure/Shigure.vcxproj",
"chars": 10982,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"14.0\" xmlns=\"http://schemas.micros"
},
{
"path": "Source/Shigure/Shigure.vcxproj.filters",
"chars": 5369,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuil"
},
{
"path": "Source/Shigure/Shigure.vcxproj.user",
"chars": 1044,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"14.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "Source/Shigure/main.c",
"chars": 7612,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/Shigure/resource.h",
"chars": 388,
"preview": "//{{NO_DEPENDENCIES}}\n// Microsoft Visual C++ generated include file.\n// Used by resource.rc\n\n// Next default values for"
},
{
"path": "Source/Umikaze/Umikaze.vcxproj",
"chars": 10593,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"14.0\" xmlns=\"http://schemas.micros"
},
{
"path": "Source/Umikaze/Umikaze.vcxproj.filters",
"chars": 5114,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuil"
},
{
"path": "Source/Umikaze/Umikaze.vcxproj.user",
"chars": 1044,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"14.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "Source/Umikaze/main.c",
"chars": 8824,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/Umikaze/resource.h",
"chars": 388,
"preview": "//{{NO_DEPENDENCIES}}\n// Microsoft Visual C++ generated include file.\n// Used by resource.rc\n\n// Next default values for"
},
{
"path": "Source/Yuudachi/Yuudachi.vcxproj",
"chars": 11968,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"14.0\" xmlns=\"http://schemas.micros"
},
{
"path": "Source/Yuudachi/Yuudachi.vcxproj.filters",
"chars": 5900,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuil"
},
{
"path": "Source/Yuudachi/Yuudachi.vcxproj.user",
"chars": 160,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"14.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "Source/Yuudachi/gui.c",
"chars": 7877,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/Yuudachi/gui.h",
"chars": 1348,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/Yuudachi/main.c",
"chars": 851,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/Yuudachi/p2p.c",
"chars": 29707,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/Yuudachi/p2p.h",
"chars": 2461,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/Yuudachi/za.manifest",
"chars": 1674,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<assembly manifestVersion=\"1.0\" xmlns=\"urn:schemas-microsoft-com"
},
{
"path": "Source/ZeroAccess.sln",
"chars": 5769,
"preview": "\nMicrosoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio 14\nVisualStudioVersion = 14.0.24720.0\nMini"
},
{
"path": "Source/minirtl/_filename.c",
"chars": 2601,
"preview": "#include <Windows.h>\n#include \"minirtl.h\"\n\nchar *_filename_a(const char *f)\n{\n\tchar *p = (char *)f;\n\n\tif (f == 0)\n\t\tretu"
},
{
"path": "Source/minirtl/_filename.h",
"chars": 757,
"preview": "#pragma once\n\n#ifndef _FILENAMEH_\n#define _FILENAMEH_\n\nchar *_filename_a(const char *f);\nwchar_t *_filename_w(const wcha"
},
{
"path": "Source/minirtl/_strcat.c",
"chars": 459,
"preview": "#include \"rtltypes.h\"\n\nchar *_strcat_a(char *dest, const char *src)\n{\n\tif ( (dest==0) || (src==0) )\n\t\treturn dest;\n\n\twhi"
},
{
"path": "Source/minirtl/_strcmp.c",
"chars": 549,
"preview": "#include \"rtltypes.h\"\n\nint _strcmp_a(const char *s1, const char *s2)\n{\n\tchar c1, c2;\n\n\tif ( s1==s2 )\n\t\treturn 0;\n\n\tif ( "
},
{
"path": "Source/minirtl/_strcmpi.c",
"chars": 592,
"preview": "#include \"rtltypes.h\"\n\nint _strcmpi_a(const char *s1, const char *s2)\n{\n\tchar c1, c2;\n\t\n\tif ( s1==s2 )\n\t\treturn 0;\n\n\tif "
},
{
"path": "Source/minirtl/_strcpy.c",
"chars": 496,
"preview": "#include \"rtltypes.h\"\n\nchar *_strcpy_a(char *dest, const char *src)\n{\n\tchar *p;\n\n\tif ( (dest==0) || (src==0) )\n\t\treturn "
},
{
"path": "Source/minirtl/_strend.c",
"chars": 243,
"preview": "#include \"rtltypes.h\"\n\nchar *_strend_a(const char *s)\n{\n\tif ( s==0 )\n\t\treturn 0;\n\n\twhile ( *s!=0 )\n\t\ts++;\n\n\treturn (char"
},
{
"path": "Source/minirtl/_strlen.c",
"chars": 287,
"preview": "#include \"rtltypes.h\"\n\nsize_t _strlen_a(const char *s)\n{\n\tchar *s0 = (char *)s;\n\n\tif ( s==0 )\n\t\treturn 0;\n\n\twhile ( *s!="
},
{
"path": "Source/minirtl/_strncmp.c",
"chars": 695,
"preview": "#include \"rtltypes.h\"\n\nint _strncmp_a(const char *s1, const char *s2, size_t cchars)\n{\n\tchar c1, c2;\n\n\tif ( s1==s2 )\n\t\tr"
},
{
"path": "Source/minirtl/_strncmpi.c",
"chars": 737,
"preview": "#include \"rtltypes.h\"\n\nint _strncmpi_a(const char *s1, const char *s2, size_t cchars)\n{\n\tchar c1, c2;\n\n\tif ( s1==s2 )\n\t\t"
},
{
"path": "Source/minirtl/_strncpy.c",
"chars": 642,
"preview": "#include \"rtltypes.h\"\n\nchar *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)\n{\n\tchar *p;\n\n\tif ( (de"
},
{
"path": "Source/minirtl/_strstr.c",
"chars": 1096,
"preview": "#include \"rtltypes.h\"\n\nchar *_strstr_a(const char *s, const char *sub_s)\n{\n\tchar c0, c1, c2, *tmps, *tmpsub;\n\n\tif (s == "
},
{
"path": "Source/minirtl/_strstri.c",
"chars": 1178,
"preview": "#include \"rtltypes.h\"\n\nchar *_strstri_a(const char *s, const char *sub_s)\n{\n\tchar c0, c1, c2, *tmps, *tmpsub;\n\n\tif (s =="
},
{
"path": "Source/minirtl/cmdline.c",
"chars": 2725,
"preview": "#include <windows.h>\n\nBOOL GetCommandLineParamW(\n\tIN\tLPCWSTR\tCmdLine,\n\tIN\tULONG\tParamIndex,\n\tOUT\tLPWSTR\tBuffer,\n\tIN\tULON"
},
{
"path": "Source/minirtl/cmdline.h",
"chars": 698,
"preview": "#ifndef _CMDLINEH_\n#define _CMDLINEH_\n\nBOOL GetCommandLineParamW(\n\tIN\tLPCWSTR\tCmdLine,\n\tIN\tULONG\tParamIndex,\n\tOUT\tLPWSTR"
},
{
"path": "Source/minirtl/hextou64.c",
"chars": 640,
"preview": "#include \"rtltypes.h\"\n\nunsigned long long hextou64_a(char *s)\n{\n\tunsigned long long\tr = 0;\n\tchar\t\t\tc;\n\n\tif (s == 0)\n\t\tre"
},
{
"path": "Source/minirtl/hextoul.c",
"chars": 618,
"preview": "#include \"rtltypes.h\"\n\nunsigned long hextoul_a(char *s)\n{\n\tunsigned long\tr = 0;\n\tchar\t\t\tc;\n\n\tif (s == 0)\n\t\treturn 0;\n\n\tw"
},
{
"path": "Source/minirtl/i64tostr.c",
"chars": 886,
"preview": "#include \"rtltypes.h\"\n\nsize_t i64tostr_a(signed long long x, char *s)\n{\n\tsigned long long\tt=x;\n\tsize_t\t\ti, r=1, sign;\n\n\t"
},
{
"path": "Source/minirtl/itostr.c",
"chars": 855,
"preview": "#include \"rtltypes.h\"\n\nsize_t itostr_a(int x, char *s)\n{\n\tint\t\tt;\n\tsize_t\ti, r = 1, sign;\n\n\tt = x;\n\n\tif (x < 0) {\n\t\tsign"
},
{
"path": "Source/minirtl/minirtl.h",
"chars": 3882,
"preview": "/*\nModule name:\n\tminirtl.h\n\nDescription:\n\theader for string handling and conversion routines\n\nDate:\n\t1 Mar 2015\n*/\n\n#ifn"
},
{
"path": "Source/minirtl/rtltypes.h",
"chars": 781,
"preview": "#ifndef _WCHAR_T_DEFINED\ntypedef unsigned short wchar_t;\n#define _WCHAR_T_DEFINED\n#endif /* _WCHAR_T_DEFINED */\n\n#ifnde"
},
{
"path": "Source/minirtl/strtoi.c",
"chars": 675,
"preview": "#include \"rtltypes.h\"\n\nint strtoi_a(char *s)\n{\n\tint\t\ta = 0, sign;\n\tchar\tc;\n\n\tif (s == 0)\n\t\treturn 0;\n\n\tswitch (*s) {\n\tca"
},
{
"path": "Source/minirtl/strtoi64.c",
"chars": 728,
"preview": "#include \"rtltypes.h\"\n\nsigned long long strtoi64_a(char *s)\n{\n\tsigned long long\ta = 0, sign;\n\tchar\tc;\n\n\tif (s == 0)\n\t\tre"
},
{
"path": "Source/minirtl/strtou64.c",
"chars": 473,
"preview": "#include \"rtltypes.h\"\n\nunsigned long long strtou64_a(char *s)\n{\n\tunsigned long long \ta = 0;\n\tchar\t\t\t\tc;\n\n\tif (s == 0)\n\t\t"
},
{
"path": "Source/minirtl/strtoul.c",
"chars": 819,
"preview": "#include \"rtltypes.h\"\n\n#define ULONG_MAX_VALUE 0xffffffffUL\n\nunsigned long strtoul_a(char *s)\n{\n unsigned long long "
},
{
"path": "Source/minirtl/u64tohex.c",
"chars": 547,
"preview": "#include \"rtltypes.h\"\n\nsize_t u64tohex_a(unsigned long long x, char *s)\n{\n\tchar\tp;\n\tsize_t\tc;\n\n\tif (s==0)\n\t\treturn 16;\n\n"
},
{
"path": "Source/minirtl/u64tostr.c",
"chars": 576,
"preview": "#include \"rtltypes.h\"\n\nsize_t u64tostr_a(unsigned long long x, char *s)\n{\n\tunsigned long long\tt = x;\n\tsize_t\ti, r=1;\n\n\tw"
},
{
"path": "Source/minirtl/ultohex.c",
"chars": 523,
"preview": "#include \"rtltypes.h\"\n\nsize_t ultohex_a(unsigned long x, char *s)\n{\n\tchar\tp;\n\tsize_t\tc;\n\n\tif (s==0)\n\t\treturn 8;\n\n\tfor (c"
},
{
"path": "Source/minirtl/ultostr.c",
"chars": 554,
"preview": "#include \"rtltypes.h\"\n\nsize_t ultostr_a(unsigned long x, char *s)\n{\n\tunsigned long\tt=x;\n\tsize_t\t\t\ti, r=1;\n\n\twhile ( t >="
},
{
"path": "Source/shared/cab.c",
"chars": 5088,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/cab.h",
"chars": 775,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/cui.c",
"chars": 1620,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/shared/cui.h",
"chars": 703,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/ea.c",
"chars": 5362,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2006 - 2016"
},
{
"path": "Source/shared/ea.h",
"chars": 833,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/gdip.c",
"chars": 1893,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/gdip.h",
"chars": 5024,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/global.h",
"chars": 1744,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/ldr.c",
"chars": 9206,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/ldr.h",
"chars": 809,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/md5.c",
"chars": 1141,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/md5.h",
"chars": 979,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/ntos.h",
"chars": 127499,
"preview": "/************************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2015, "
},
{
"path": "Source/shared/rc4.c",
"chars": 3477,
"preview": "\n/*\n* rc4.c\n*\n* Copyright (c) 1996-2000 Whistle Communications, Inc.\n* All rights reserved.\n*\n* Subject to the following"
},
{
"path": "Source/shared/rc4.h",
"chars": 2442,
"preview": "/*\n* rc4.h\n*\n* Copyright (c) 1996-2000 Whistle Communications, Inc.\n* All rights reserved.\n*\n* Subject to the following "
},
{
"path": "Source/shared/util.c",
"chars": 24640,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016 - 2017"
},
{
"path": "Source/shared/util.h",
"chars": 1967,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/za.h",
"chars": 1433,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/za_crypto.c",
"chars": 6475,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/za_crypto.h",
"chars": 770,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "Source/shared/za_rkey.h",
"chars": 2467,
"preview": "/*******************************************************************************\n*\n* (C) COPYRIGHT AUTHORS, 2016\n*\n* T"
},
{
"path": "ZeroAccess.sha256",
"chars": 9067,
"preview": "6edc20cbc4c8464edaf25c70a3acdc72badd80428007d9393dfb5475944d2bd6 *Compiled\\s32\n7d9291fbd5ba96ede386e688584a6f873615a141a"
}
]
// ... and 8 more files (download for full content)
About this extraction
This page contains the full source code of the hfiref0x/ZeroAccess GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 92 files (402.7 KB), approximately 122.4k tokens, and a symbol index with 347 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.