feat: initial commit of the files

2024-11-06 17:05:11 +01:00
commit ddeb2faa21
26 changed files with 1769 additions and 0 deletions
--- a/EdomResu/EdomResu.vcxproj
+++ b/EdomResu/EdomResu.vcxproj
@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{2a246068-e114-49a5-bdbd-1e4be88d97a8}</ProjectGuid>
+    <RootNamespace>EdomResu</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+    <ClCompile Include="Operations.cpp" />
+    <ClCompile Include="Registry.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Operations.hpp" />
+    <ClInclude Include="Registry.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/EdomResu/EdomResu.vcxproj.filters
+++ b/EdomResu/EdomResu.vcxproj.filters
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Fichiers sources">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Fichiers d%27en-tête">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Fichiers de ressources">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Driver">
+      <UniqueIdentifier>{f2a6166a-1bee-4280-b122-413668ba2688}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp">
+      <Filter>Fichiers sources</Filter>
+    </ClCompile>
+    <ClCompile Include="Operations.cpp">
+      <Filter>Driver</Filter>
+    </ClCompile>
+    <ClCompile Include="Registry.cpp">
+      <Filter>Driver</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Operations.hpp">
+      <Filter>Driver</Filter>
+    </ClInclude>
+    <ClInclude Include="Registry.hpp">
+      <Filter>Driver</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
--- a/EdomResu/EdomResu.vcxproj.user
+++ b/EdomResu/EdomResu.vcxproj.user
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>
--- a/EdomResu/Operations.cpp
+++ b/EdomResu/Operations.cpp
@@ -0,0 +1,68 @@
+#include "Operations.hpp"
+#include "Registry.hpp"
+
+QWORD GetProcess(const std::wstring &process_name) {
+	bool status = true;
+
+	status = SetRegistryValue(L"Process", process_name);
+	if (!status) return 0;
+
+	BYTE operation = OPERATION_GET_PROCESS;
+	status = SetRegistryValue(L"Operation", REG_BINARY, &operation, sizeof(BYTE));
+	if (!status) return 0;
+
+	BYTE go = 0x01;
+	status = SetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+	if (!status) return 0;
+
+	do {
+		status = GetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+		if (!status) return 0;
+	} while (go == 0x01);
+
+	QWORD res = 0;
+	GetRegistryValue(L"Out", REG_QWORD, &res, sizeof(QWORD));
+
+	return res;
+}
+
+QWORD GetProcessModule(const std::wstring &process_name, const std::wstring &module_name) {
+	bool status = true;
+
+	status = SetRegistryValue(L"Process", process_name);
+	if (!status) return 0;
+
+	status = SetRegistryValue(L"Module", module_name);
+	if (!status) return 0;
+
+	BYTE operation = OPERATION_GET_PROCESS_MODULE;
+	status = SetRegistryValue(L"Operation", REG_BINARY, &operation, sizeof(BYTE));
+	if (!status) return 0;
+
+	BYTE go = 0x01;
+	status = SetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+	if (!status) return 0;
+
+	do {
+		status = GetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+		if (!status) return 0;
+	} while (go == 0x01);
+
+	QWORD res = 0;
+	GetRegistryValue(L"Out", REG_QWORD, &res, sizeof(QWORD));
+
+	return res;
+}
+
+void DriverUnload(void) {
+	bool status = true;
+
+	BYTE unload = 0x01;
+	status = SetRegistryValue(L"Unload", REG_BINARY, &unload, sizeof(BYTE));
+	if (!status) return;
+
+	do {
+		status = GetRegistryValue(L"Unload", REG_BINARY, &unload, sizeof(BYTE));
+		if (!status) return;
+	} while (unload == 0x01);
+}
--- a/EdomResu/Operations.hpp
+++ b/EdomResu/Operations.hpp
@@ -0,0 +1,76 @@
+#pragma once
+#include <Windows.h>
+#include <iostream>
+
+#include "Registry.hpp"
+
+typedef unsigned __int64 QWORD;
+
+enum Operation {
+    OPERATION_WPM,
+    OPERATION_RPM,
+    OPERATION_GET_PROCESS,
+    OPERATION_GET_PROCESS_MODULE
+};
+
+template<typename TYPE>
+TYPE RPM(QWORD address) {
+    TYPE buffer = { 0 };
+    bool status = true;
+
+    BYTE operation = OPERATION_RPM;
+    status = SetRegistryValue(L"Operation", REG_BINARY, &operation, sizeof(BYTE));
+    if (!status) return 0;
+
+    SIZE_T size = sizeof(TYPE);
+    status = SetRegistryValue(L"Size", REG_DWORD, &size, sizeof(DWORD));
+    if (!status) return 0;
+
+    status = SetRegistryValue(L"Address", REG_QWORD, &address, sizeof(QWORD));
+    if (!status) return 0;
+
+    BYTE go = 0x01;
+    status = SetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+    if (!status) return 0;
+
+    do {
+        status = GetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+        if (!status) return 0;
+    } while (go == 0x01);
+
+    GetRegistryValue(L"Out", REG_QWORD, &buffer, sizeof(QWORD));
+
+    return buffer;
+}
+
+template<typename TYPE>
+void WPM(QWORD address, TYPE data) {
+    bool status = true;
+
+    BYTE operation = OPERATION_WPM;
+    status = SetRegistryValue(L"Operation", REG_BINARY, &operation, sizeof(BYTE));
+    if (!status) return;
+
+    SIZE_T size = sizeof(TYPE);
+    status = SetRegistryValue(L"Size", REG_DWORD, &size, sizeof(DWORD));
+    if (!status) return;
+
+    status = SetRegistryValue(L"Address", REG_QWORD, &address, sizeof(QWORD));
+    if (!status) return;
+
+    status = SetRegistryValue(L"Data", REG_BINARY, &data, sizeof(TYPE));
+    if (!status) return;
+
+    BYTE go = 0x01;
+    status = SetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+    if (!status) return;
+
+    do {
+        status = GetRegistryValue(L"Go", REG_BINARY, &go, sizeof(BYTE));
+        if (!status) return;
+    } while (go == 0x01);
+}
+
+QWORD GetProcess(const std::wstring& process_name);
+QWORD GetProcessModule(const std::wstring& process_name, const std::wstring& module_name);
+void DriverUnload(void);
--- a/EdomResu/Registry.cpp
+++ b/EdomResu/Registry.cpp
@@ -0,0 +1,88 @@
+#include "Registry.hpp"
+#include <Windows.h>
+#include <iostream>
+
+const HKEY HKEY_ROOT = HKEY_LOCAL_MACHINE;
+const LPCWSTR SUBKEY = L"SOFTWARE\\Revird";
+
+bool SetRegistryValue(LPCWSTR valueName, const std::wstring& data) {
+    HKEY hKey;
+    LONG result = RegCreateKeyEx(HKEY_ROOT, SUBKEY, 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to open or create registry key. Error: " << result << std::endl;
+        return false;
+    }
+
+    result = RegSetValueEx(hKey, valueName, 0, REG_SZ, reinterpret_cast<const BYTE*>(data.c_str()),
+        (DWORD)((data.size() + 1) * sizeof(wchar_t)));
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to set registry value. Error: " << result << std::endl;
+        RegCloseKey(hKey);
+        return false;
+    }
+
+    RegCloseKey(hKey);
+    return true;
+}
+
+bool GetRegistryValue(LPCWSTR valueName, std::wstring& data) {
+    HKEY hKey;
+    LONG result = RegOpenKeyEx(HKEY_ROOT, SUBKEY, 0, KEY_READ, &hKey);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to open registry key. Error: " << result << std::endl;
+        return false;
+    }
+
+    DWORD type = REG_SZ;
+    wchar_t buffer[256];
+    DWORD bufferSize = sizeof(buffer);
+
+    result = RegQueryValueEx(hKey, valueName, 0, &type, reinterpret_cast<LPBYTE>(buffer), &bufferSize);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to read registry value. Error: " << result << std::endl;
+        RegCloseKey(hKey);
+        return false;
+    }
+
+    data.assign(buffer);
+    RegCloseKey(hKey);
+    return true;
+}
+
+bool SetRegistryValue(LPCWSTR valueName, DWORD type, const void* data, DWORD dataSize) {
+    HKEY hKey;
+    LONG result = RegCreateKeyEx(HKEY_ROOT, SUBKEY, 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to open or create registry key. Error: " << result << std::endl;
+        return false;
+    }
+
+    result = RegSetValueEx(hKey, valueName, 0, type, static_cast<const BYTE*>(data), dataSize);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to set registry value. Error: " << result << std::endl;
+        RegCloseKey(hKey);
+        return false;
+    }
+
+    RegCloseKey(hKey);
+    return true;
+}
+
+bool GetRegistryValue(LPCWSTR valueName, DWORD type, void* data, DWORD dataSize) {
+    HKEY hKey;
+    LONG result = RegOpenKeyEx(HKEY_ROOT, SUBKEY, 0, KEY_READ, &hKey);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to open registry key. Error: " << result << std::endl;
+        return false;
+    }
+
+    result = RegQueryValueEx(hKey, valueName, 0, &type, static_cast<LPBYTE>(data), &dataSize);
+    if (result != ERROR_SUCCESS) {
+        std::wcerr << L"Failed to read registry value. Error: " << result << std::endl;
+        RegCloseKey(hKey);
+        return false;
+    }
+
+    RegCloseKey(hKey);
+    return true;
+}
--- a/EdomResu/Registry.hpp
+++ b/EdomResu/Registry.hpp
@@ -0,0 +1,9 @@
+#pragma once
+#include <iostream>
+#include <Windows.h>
+
+bool SetRegistryValue(LPCWSTR valueName, DWORD type, const void* data, DWORD dataSize);
+bool SetRegistryValue(LPCWSTR valueName, const std::wstring& data);
+
+bool GetRegistryValue(LPCWSTR valueName, DWORD type, void* data, DWORD dataSize);
+bool GetRegistryValue(LPCWSTR valueName, std::wstring& data);
--- a/EdomResu/main.cpp
+++ b/EdomResu/main.cpp
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include "Operations.hpp"
+
+int main(void) {
+	QWORD proc_addr = GetProcess(L"explorer.exe");
+	QWORD mod_addr = GetProcessModule(L"explorer.exe", L"kernel32.dll");
+	BYTE mz = RPM<BYTE>(proc_addr);
+
+	printf("Address of explorer.exe : 0x%p\n", (void*)proc_addr);
+	printf("Address of kernel32.dll in explorer.exe : 0x%p\n", (void*)mod_addr);
+	printf("Header of explorer.exe : 0x%X\n", mz);
+	printf("Unloading driver...");
+	DriverUnload();
+	printf("ok.\n");
+	return 0;
+}