Removed spdlog, using fmt wrapper instead.

More process class changes, support for 32/64bit processes. Injection process improvements. Other small changes.
author: auth12 <[email protected]> 2020-07-27 09:46:17 -0700
committer: auth12 <[email protected]> 2020-07-27 09:46:17 -0700
commit: a2e89fde1acc5b189c55e0b8b38146194e455cd0 (patch)
tree: 1f130027975733e0704a583aebb1a1832a22ec11 /client/src/util
parent: Compile fix. (diff)
download: loader-a2e89fde1acc5b189c55e0b8b38146194e455cd0.tar.xz
loader-a2e89fde1acc5b189c55e0b8b38146194e455cd0.zip
7 files changed, 134 insertions, 77 deletions
diff --git a/client/src/util/io.cpp b/client/src/util/io.cpp
index f6048ba..7e783c2 100644
--- a/client/src/util/io.cpp
+++ b/client/src/util/io.cpp
@@ -1,20 +1,10 @@
 #include "../include.h"
 #include "io.h"
 
-std::shared_ptr<spdlog::logger> io::logger;
-
-void io::init() {
-	spdlog::sink_ptr sink =
-		std::make_shared<spdlog::sinks::stdout_color_sink_mt>();
-	sink->set_pattern("%^~>%$ %v");
-
-	logger = std::make_shared<spdlog::logger>("client", sink);
-}
-
 bool io::read_file(const std::string_view name, std::vector<char>& out) {
 	std::ifstream file(name.data(), std::ios::binary);
 	if (!file.good()) {
-		io::logger->error("{} isnt valid.", name);
+		log_error("{} isnt valid.", name);
 		return false;
 	}
 
diff --git a/client/src/util/io.h b/client/src/util/io.h
index 0678e9f..c1ee932 100644
--- a/client/src/util/io.h
+++ b/client/src/util/io.h
@@ -1,12 +1,29 @@
 #pragma once
 
-#include <spdlog/spdlog.h>
-#include <spdlog/sinks/basic_file_sink.h>
-#include <spdlog/sinks/stdout_color_sinks.h>
+#include <fmt/format.h>
+#include <fmt/color.h>
+
 
 namespace io {
-	extern std::shared_ptr<spdlog::logger> logger;
+	template<typename... Args>
+	void log(const std::string_view str, Args... params) {
+		fmt::print(fg(fmt::color::green) | fmt::emphasis::bold, "$> ");
+
+		std::string msg{str};
+		msg.append("\n");
+
+		fmt::print(msg, std::forward<Args>(params)...);
+	}
+
+	template<typename... Args>
+	void log_error(const std::string_view str, Args... params) {
+		fmt::print(fg(fmt::color::red) | fmt::emphasis::bold, "$> ");
+
+		std::string msg{str};
+		msg.append("\n");
+
+		fmt::print(msg, std::forward<Args>(params)...);
+	}
 
-	void init();
 	bool read_file(const std::string_view name, std::vector<char>& out);
 };  // namespace io
diff --git a/client/src/util/native.h b/client/src/util/native.h
index 735a6cb..dada567 100644
--- a/client/src/util/native.h
+++ b/client/src/util/native.h
@@ -206,6 +206,10 @@ namespace native {
 		uint32_t				ReferenceCount;
 	};
 
+
+	template<bool x64, typename base_type = typename std::conditional<x64, IMAGE_NT_HEADERS64, IMAGE_NT_HEADERS32>::type>
+	struct nt_headers_t : base_type {};
+
 	template<class P>
 	struct peb_t {
 		std::uint8_t _ignored[4];
@@ -248,7 +252,95 @@ namespace native {
 		unicode_string_t<P> FullDllName;
 	};
 
-	using NtQuerySystemInformation = NTSTATUS(__stdcall*)(SYSTEM_INFORMATION_CLASS, PVOID, SIZE_T, PULONG);
+	typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION
+	{
+		SIZE_T Size; // set to sizeof structure on input
+		PROCESS_BASIC_INFORMATION BasicInfo;
+		union
+		{
+			ULONG Flags;
+			struct
+			{
+				ULONG IsProtectedProcess : 1;
+				ULONG IsWow64Process : 1;
+				ULONG IsProcessDeleting : 1;
+				ULONG IsCrossSessionCreate : 1;
+				ULONG IsFrozen : 1;
+				ULONG IsBackground : 1;
+				ULONG IsStronglyNamed : 1;
+				ULONG IsSecureProcess : 1;
+				ULONG IsSubsystemProcess : 1;
+				ULONG SpareBits : 23;
+			};
+		};
+	} PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION;
+
+
+	typedef enum _SYSTEM_INFORMATION_CLASS {
+		SystemBasicInformation,
+		SystemProcessorInformation,
+		SystemPerformanceInformation,
+		SystemTimeOfDayInformation,
+		SystemPathInformation,
+		SystemProcessInformation,
+		SystemCallCountInformation,
+		SystemDeviceInformation,
+		SystemProcessorPerformanceInformation,
+		SystemFlagsInformation,
+		SystemCallTimeInformation,
+		SystemModuleInformation,
+		SystemLocksInformation,
+		SystemStackTraceInformation,
+		SystemPagedPoolInformation,
+		SystemNonPagedPoolInformation,
+		SystemHandleInformation,
+		SystemObjectInformation,
+		SystemPageFileInformation,
+		SystemVdmInstemulInformation,
+		SystemVdmBopInformation,
+		SystemFileCacheInformation,
+		SystemPoolTagInformation,
+		SystemInterruptInformation,
+		SystemDpcBehaviorInformation,
+		SystemFullMemoryInformation,
+		SystemLoadGdiDriverInformation,
+		SystemUnloadGdiDriverInformation,
+		SystemTimeAdjustmentInformation,
+		SystemSummaryMemoryInformation,
+		SystemNextEventIdInformation,
+		SystemEventIdsInformation,
+		SystemCrashDumpInformation,
+		SystemExceptionInformation,
+		SystemCrashDumpStateInformation,
+		SystemKernelDebuggerInformation,
+		SystemContextSwitchInformation,
+		SystemRegistryQuotaInformation,
+		SystemExtendServiceTableInformation,
+		SystemPrioritySeperation,
+		SystemPlugPlayBusInformation,
+		SystemDockInformation,
+		SystemPowerInformation,
+		SystemProcessorSpeedInformation,
+		SystemCurrentTimeZoneInformation,
+		SystemLookasideInformation
+	} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
+
+	typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
+		USHORT UniqueProcessId;
+		USHORT CreatorBackTraceIndex;
+		UCHAR ObjectTypeIndex;
+		UCHAR HandleAttributes;
+		USHORT HandleValue;
+		PVOID Object;
+		ULONG GrantedAccess;
+	} SYSTEM_HANDLE_TABLE_ENTRY_INFO, * PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
+
+	typedef struct _SYSTEM_HANDLE_INFORMATION {
+		ULONG NumberOfHandles;
+		SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
+	} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+	using NtQuerySystemInformation = NTSTATUS(__stdcall*)(native::SYSTEM_INFORMATION_CLASS, PVOID, SIZE_T, PULONG);
 	using NtOpenProcess = NTSTATUS(__stdcall*)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*);
 	using NtReadVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID, PVOID, SIZE_T, PULONG);
 	using NtAllocateVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID*, ULONG_PTR, PSIZE_T, ULONG, ULONG);
diff --git a/client/src/util/syscalls.cpp b/client/src/util/syscalls.cpp
index d7d4254..42f3f8e 100644
--- a/client/src/util/syscalls.cpp
+++ b/client/src/util/syscalls.cpp
@@ -1,6 +1,7 @@
 #include "../include.h"
 #include "io.h"
 #include "util.h"
+#include "../injection/pe.h"
 #include "syscalls.h"
 
 syscalls g_syscalls;
@@ -8,14 +9,8 @@ syscalls g_syscalls;
 syscalls::syscalls() {
 	m_call_table = VirtualAlloc(0, 0x100000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
 	std::memset(m_call_table, 0x90, 0x100000);
-}
-
-syscalls::~syscalls() {
-	VirtualFree(m_call_table, 0, MEM_RELEASE);
-}
 
-void syscalls::init() {
-	auto nt = util::ntdll();
+	static auto nt = pe::virtual_image("ntdll.dll");
 	for (auto& exp : nt.exports()) {
 		auto addr = exp.second;
 
@@ -31,23 +26,25 @@ void syscalls::init() {
 
 			m_stub.resize(s);
 
-			std::memcpy(&m_stub[0], (void*)addr, s);
+			std::memcpy(&m_stub[0], reinterpret_cast<void*>(addr), s);
 		}
 	}
 
-	io::logger->info("call table : {:x}", uintptr_t(m_call_table));
-
-	for (auto& syscall : m_indexes) {
-		auto idx = syscall.second.first;
+	for (auto& [name, pair] : m_indexes) {
+		auto& [idx, offset] = pair;
 
 		auto addr = uintptr_t(m_call_table) + (idx * m_stub.size());
 		std::memcpy(reinterpret_cast<void*>(addr), m_stub.data(), m_stub.size());
 
 		*reinterpret_cast<uint8_t*>(addr + m_stub.size() - 1) = 0xc3;
-		*reinterpret_cast<uint16_t*>(addr + syscall.second.second + 1) = idx;
+		*reinterpret_cast<uint16_t*>(addr + offset + 1) = idx;
 	}
 }
 
+syscalls::~syscalls() {
+	VirtualFree(m_call_table, 0, MEM_RELEASE);
+}
+
 bool syscalls::valid(const uintptr_t addr, const size_t& size) {
 	auto func = reinterpret_cast<uint8_t*>(addr);
 
diff --git a/client/src/util/syscalls.h b/client/src/util/syscalls.h
index 45d0ee1..713e24c 100644
--- a/client/src/util/syscalls.h
+++ b/client/src/util/syscalls.h
@@ -8,7 +8,6 @@ class syscalls {
 public:
 	syscalls();
 	~syscalls();
-	void init();
 	bool valid(const uintptr_t func, const size_t& size);
 	uint16_t get_index(const uintptr_t va, uint16_t& offset);
 	size_t func_size(const uint8_t* func);
@@ -17,6 +16,10 @@ public:
 	T get(const std::string_view func) {
 		return reinterpret_cast<T>(uintptr_t(m_call_table) + (m_indexes[func.data()].first * m_stub.size()));
 	};
+
+	uintptr_t operator()() {
+		return uintptr_t(m_call_table);
+	}
 };
 
 extern syscalls g_syscalls;
 \ No newline at end of file
diff --git a/client/src/util/util.cpp b/client/src/util/util.cpp
index b79f6cd..1847780 100644
--- a/client/src/util/util.cpp
+++ b/client/src/util/util.cpp
@@ -3,8 +3,6 @@
 #include "io.h"
 #include "syscalls.h"
 
-std::unordered_map<std::string, pe::virtual_image> util::loaded_modules;
-
 std::string util::wide_to_multibyte(const std::wstring& str) {
 	std::string ret;
 	size_t str_len;
@@ -40,36 +38,9 @@ std::wstring util::multibyte_to_wide(const std::string& str) {
 	return out;
 }
 
-
-native::_PEB* util::cur_peb() {
-	return reinterpret_cast<native::_PEB*>(__readgsqword(0x60));
-}
-
-bool util::init() {
-	auto peb = cur_peb();
-	if (!peb) return false;
-
-	if (!peb->Ldr->InMemoryOrderModuleList.Flink) return false;
-
-	auto* list = &peb->Ldr->InMemoryOrderModuleList;
-
-	for (auto i = list->Flink; i != list; i = i->Flink) {
-		auto entry = CONTAINING_RECORD(i, native::LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
-		if (!entry)
-			continue;
-
-		auto name = wide_to_multibyte(entry->BaseDllName.Buffer);
-		std::transform(name.begin(), name.end(), name.begin(), ::tolower);
-
-		loaded_modules[name] = pe::virtual_image(entry->DllBase);
-	}
-
-	return true;
-}
-
 bool util::close_handle(HANDLE handle) {
 	if (!handle) {
-		io::logger->error("invalid handle specified to close.");
+		io::log_error("invalid handle specified to close.");
 		return false;
 	}
 
@@ -77,7 +48,7 @@ bool util::close_handle(HANDLE handle) {
 
 	auto status = nt_close(handle);
 	if (!NT_SUCCESS(status)) {
-		io::logger->error("failed to close {}, status {:#X}.", handle, (status & 0xFFFFFFFF));
+		io::log_error("failed to close {}, status {:#X}.", handle, (status & 0xFFFFFFFF));
 		return false;
 	}
 
diff --git a/client/src/util/util.h b/client/src/util/util.h
index 8734bd9..0a1e17f 100644
--- a/client/src/util/util.h
+++ b/client/src/util/util.h
@@ -1,26 +1,13 @@
 #pragma once
 
 #include "native.h"
-#include "../injection/pe.h"
 
 namespace util {
-
-	extern std::unordered_map<std::string, pe::virtual_image> loaded_modules;
-
 	std::string wide_to_multibyte(const std::wstring& str);
 	std::wstring multibyte_to_wide(const std::string& str);
 
-	native::_PEB* cur_peb();
-
-	bool init();
-
-	static pe::virtual_image& ntdll() {
-		static pe::virtual_image nt{};
-		if (!nt) {
-			nt = loaded_modules["ntdll.dll"];
-			nt.parse_exports();
-		}
-		return nt;
+	__forceinline native::_PEB* peb() {
+		return reinterpret_cast<native::_PEB*>(__readgsqword(0x60));
 	}
 
 	bool close_handle(HANDLE handle);
author	auth12 <[email protected]>	2020-07-27 09:46:17 -0700
committer	auth12 <[email protected]>	2020-07-27 09:46:17 -0700
commit	a2e89fde1acc5b189c55e0b8b38146194e455cd0 (patch)
tree	1f130027975733e0704a583aebb1a1832a22ec11 /client/src/util
parent	Compile fix. (diff)
download	loader-a2e89fde1acc5b189c55e0b8b38146194e455cd0.tar.xz loader-a2e89fde1acc5b189c55e0b8b38146194e455cd0.zip