#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>
#define DbgOut(x) OutputDebugStringA(x)
typedef signed char int8_t;
typedef short int16_t;
typedef int int32_t;
typedef long long int64_t;
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
typedef unsigned long long uint64_t;
#define LOWER_HALFBYTE(x) ((x) & 0xF)
#define UPPER_HALFBYTE(x) (((x) >> 4) & 0xF)
static inline wchar_t* ANSI_To_Unicode(const char* szANSI)
{
DWORD dwNum = MultiByteToWideChar(CP_ACP, 0, szANSI, -1, NULL, 0);
wchar_t *pwUnicode;
pwUnicode = new wchar_t[dwNum];
if (!pwUnicode)
{
delete[]pwUnicode;
}
MultiByteToWideChar(CP_ACP, 0, szANSI, -1, pwUnicode, dwNum);
return pwUnicode;
}
static inline char* Unicode_To_ANSI(const wchar_t* wszUnicode)
{
DWORD dwNum = WideCharToMultiByte(CP_OEMCP, NULL, wszUnicode, -1, NULL, 0, NULL, FALSE);
char *psANSI;
psANSI = new char[dwNum];
if (!psANSI)
{
delete[]psANSI;
}
WideCharToMultiByte(CP_OEMCP, NULL, wszUnicode, -1, psANSI, dwNum, NULL, FALSE);
return psANSI;
}
static inline DWORD GetMainThreadId(DWORD ProcessID)
{
THREADENTRY32 te;
DWORD ThreadID;
te.dwSize = sizeof(THREADENTRY32);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (Thread32First(hSnapshot, &te)) // 第一个线程
{
do
{
if (ProcessID == te.th32OwnerProcessID) // 认为找到的第一个该进程的线程为主线程
{
ThreadID = te.th32ThreadID;
break;
}
} while (Thread32Next(hSnapshot, &te)); // 下一个线程
}
CloseHandle(hSnapshot); // 删除快照
return ThreadID;
}
static inline DWORD GetProcessIDFromName(WCHAR* szName)
{
DWORD id = 0; // 进程ID
PROCESSENTRY32 pe; // 进程信息
pe.dwSize = sizeof(PROCESSENTRY32);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); // 获取系统进程列表
if (Process32First(hSnapshot, &pe)) // 返回系统中第一个进程的信息
{
do
{
if (0 == wcscmp(pe.szExeFile, szName)) // 不区分大小写比较
{
id = pe.th32ProcessID;
break;
}
} while (Process32Next(hSnapshot, &pe)); // 下一个进程
}
CloseHandle(hSnapshot); // 删除快照
return id;
}
static inline void deobfuscate_str(char *str, uint64_t val)
{
uint8_t *dec_val = (uint8_t*)&val;
int i = 0;
while (*str != 0) {
int pos = i / 2;
bool bottom = (i % 2) == 0;
uint8_t *ch = (uint8_t*)str;
uint8_t xor = bottom ?
LOWER_HALFBYTE(dec_val[pos]):
UPPER_HALFBYTE(dec_val[pos]);
*ch ^= xor;
if (++i == sizeof(uint64_t) * 2)
i = 0;
str++;
}
}
static inline void *get_obfuscated_func(HMODULE module, const char *str, uint64_t val)
{
char new_name[128];
strcpy(new_name, str);
deobfuscate_str(new_name, val);
return GetProcAddress(module, new_name);
}
#if !defined(__cplusplus) && !defined(inline)
#define inline __inline
#endif
#define GC_EVENT_FLAGS (EVENT_MODIFY_STATE | SYNCHRONIZE)
#define GC_MUTEX_FLAGS (SYNCHRONIZE)
static inline HANDLE create_event(const wchar_t *name)
{
return CreateEventW(NULL, false, false, name);
}
static inline HANDLE open_event(const wchar_t *name)
{
return OpenEventW(GC_EVENT_FLAGS, false, name);
}
static inline HANDLE create_mutex(const wchar_t *name)
{
return CreateMutexW(NULL, false, name);
}
static inline HANDLE open_mutex(const wchar_t *name)
{
return OpenMutexW(GC_MUTEX_FLAGS, false, name);
}
static inline HANDLE create_event_plus_id(const wchar_t *name, DWORD id)
{
wchar_t new_name[64];
_snwprintf(new_name, 64, L"%s%lu", name, id);
return create_event(new_name);
}
static inline HANDLE create_mutex_plus_id(const wchar_t *name, DWORD id)
{
wchar_t new_name[64];
_snwprintf(new_name, 64, L"%s%lu", name, id);
return create_mutex(new_name);
}
static inline bool object_signalled(HANDLE event)
{
if (!event)
return false;
return WaitForSingleObject(event, 0) == WAIT_OBJECT_0;
}
static inline void hlogv(const char *format, va_list args)
{
char message[1024] = "";
int num = _vsprintf_p(message, 1024, format, args);
freopen("log.txt","w",stdout);
std::cout<<message<<std::endl;
freopen("CON", "w", stdout);
std::cout<<message<<std::endl;
}
void hlog(const char *format, ...)
{
va_list args;
va_start(args, format);
hlogv(format, args);
va_end(args);
}
