Works

ww898 · Jan 25, 2020 · 2068f4d · 2068f4d
1 parent 908819f
commit 2068f4d
Show file tree

Hide file tree

Showing 12 changed files with 494 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,7 @@
+*.orig
+.vs/
+.idea/
+_ReSharper.Caches/
+obj/
+bin/
+*.user
diff --git a/AELoader.Disable.reg b/AELoader.Disable.reg
diff --git a/AELoader.Enable.reg b/AELoader.Enable.reg
diff --git a/AELoader.ini b/AELoader.ini
@@ -0,0 +1,3 @@
+[AELoader]
+EnableEventLogs=1
+CommandLine=C:\Windows\System32\cmd.exe
diff --git a/AELoader.sln b/AELoader.sln
@@ -0,0 +1,41 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.27428.2043
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AELoader", "AELoader\AELoader.vcxproj", "{83977805-314D-4D28-B38C-B9667C3FA8E2}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Test", "Test\Test.vcxproj", "{CC45B53C-8838-4609-9CDE-49302F3BBB1A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Debug|x64.ActiveCfg = Debug|x64
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Debug|x64.Build.0 = Debug|x64
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Debug|x86.ActiveCfg = Debug|Win32
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Debug|x86.Build.0 = Debug|Win32
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Release|x64.ActiveCfg = Release|x64
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Release|x64.Build.0 = Release|x64
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Release|x86.ActiveCfg = Release|Win32
+		{83977805-314D-4D28-B38C-B9667C3FA8E2}.Release|x86.Build.0 = Release|Win32
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Debug|x64.ActiveCfg = Debug|x64
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Debug|x64.Build.0 = Debug|x64
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Debug|x86.ActiveCfg = Debug|Win32
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Debug|x86.Build.0 = Debug|Win32
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Release|x64.ActiveCfg = Release|x64
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Release|x64.Build.0 = Release|x64
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Release|x86.ActiveCfg = Release|Win32
+		{CC45B53C-8838-4609-9CDE-49302F3BBB1A}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {42A3F79C-3C9F-40F7-A74C-085508EC39FB}
+	EndGlobalSection
+EndGlobal
diff --git a/AELoader/AELoader.vcxproj b/AELoader/AELoader.vcxproj
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{83977805-314D-4D28-B38C-B9667C3FA8E2}</ProjectGuid>
+    <RootNamespace>AELoader</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.18362.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <IntDir>$(SolutionDir)obj\$(ProjectName)\$(Platform)\$(Configuration)\</IntDir>
+    <OutDir>$(SolutionDir)bin\$(Platform)\$(Configuration)\</OutDir>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <IntDir>$(SolutionDir)obj\$(ProjectName)\$(Platform)\$(Configuration)\</IntDir>
+    <OutDir>$(SolutionDir)bin\$(Platform)\$(Configuration)\</OutDir>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <IntDir>$(SolutionDir)obj\$(ProjectName)\$(Platform)\$(Configuration)\</IntDir>
+    <OutDir>$(SolutionDir)bin\$(Platform)\$(Configuration)\</OutDir>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <IntDir>$(SolutionDir)obj\$(ProjectName)\$(Platform)\$(Configuration)\</IntDir>
+    <OutDir>$(SolutionDir)bin\$(Platform)\$(Configuration)\</OutDir>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <OmitFramePointers>false</OmitFramePointers>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <OmitFramePointers>false</OmitFramePointers>
+    </ClCompile>
+    <Link>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="declarations.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/AELoader/declarations.hpp b/AELoader/declarations.hpp
@@ -0,0 +1,13 @@
+#pragma once
+
+namespace jbhack {
+
+constexpr WCHAR ini_file_pattern[] = L"%ProgramData%\\AELoader.ini";
+
+constexpr WCHAR app_name[] = L"AELoader";
+constexpr WCHAR dll_name[] = L"AELoader.dll";
+
+constexpr WCHAR key_enable_event_logs[] = L"EnableEventLogs";
+constexpr WCHAR key_command_line[] = L"CommandLine";
+
+}
diff --git a/AELoader/main.cpp b/AELoader/main.cpp
@@ -0,0 +1,99 @@
+#include <windows.h>
+#include <wchar.h>
+
+#include "declarations.hpp"
+
+namespace jbhack {
+
+struct event_log_reporter final
+{
+    explicit event_log_reporter(bool const enable) noexcept :
+        handle_(enable ? RegisterEventSourceW(nullptr, app_name) : nullptr)
+    {
+    }
+
+    ~event_log_reporter() noexcept
+    {
+        if (handle_)
+            DeregisterEventSource(handle_);
+    }
+
+    void report(WORD const type, DWORD const eventId) const noexcept
+    {
+        if (handle_)
+            ReportEventW(handle_, type, 0, eventId, nullptr, 0, 0, nullptr, nullptr);
+    }
+
+    void report(WORD const type, DWORD const eventId, WCHAR const * const text) const noexcept
+    {
+        if (handle_)
+        {
+            LPCWSTR strings[] = {text};
+            ReportEventW(handle_, type, 0, eventId, nullptr, 1, 0, strings, nullptr);
+        }
+    }
+
+private:
+    HANDLE const handle_;
+};
+
+template<typename Type, DWORD size>
+constexpr DWORD elements_of(Type (&)[size]) noexcept { return size; }
+
+bool do_hack() noexcept
+{
+    WCHAR ini_file[1024];
+    if (!ExpandEnvironmentStringsW(ini_file_pattern, ini_file, elements_of(ini_file)))
+        return false;
+
+    event_log_reporter const reporter(GetPrivateProfileIntW(app_name, key_enable_event_logs, 0, ini_file) != 0);
+
+    {
+        WCHAR executable[1024];
+        if (GetModuleFileNameW(nullptr, executable, elements_of(executable)) == elements_of(executable))
+        {
+            reporter.report(EVENTLOG_ERROR_TYPE, 101, executable);
+            return false;
+        }
+        LPCWSTR ptr = wcsrchr(executable, L'\\');
+        if (!ptr || _wcsicmp(++ptr, L"recdisc.exe"))
+        {
+            reporter.report(EVENTLOG_ERROR_TYPE, 102, executable);
+            return false;
+        }
+        reporter.report(EVENTLOG_INFORMATION_TYPE, 100, executable);
+    }
+
+    {
+        WCHAR command_line[4096];
+        GetPrivateProfileStringW(app_name, key_command_line, nullptr, command_line, elements_of(command_line), ini_file);
+        if (!*command_line)
+        {
+            reporter.report(EVENTLOG_ERROR_TYPE, 201);
+            return false;
+        }
+        STARTUPINFOW si = {sizeof(si)};
+        PROCESS_INFORMATION pi;
+        if (!CreateProcessW(nullptr, command_line, nullptr, nullptr, false, CREATE_DEFAULT_ERROR_MODE, nullptr, nullptr, &si, &pi))
+        {
+            reporter.report(EVENTLOG_ERROR_TYPE, 202, command_line);
+            return false;
+        }
+        CloseHandle(pi.hThread);
+        CloseHandle(pi.hProcess);
+        reporter.report(EVENTLOG_INFORMATION_TYPE, 200, command_line);
+    }
+
+    return true;
+}
+
+}
+
+BOOL WINAPI DllMain(HINSTANCE, DWORD const reason, LPVOID)
+{
+    if (reason != DLL_PROCESS_ATTACH)
+        return true;
+    if (!jbhack::do_hack())
+        return false;
+    ExitProcess(0);
+}
diff --git a/README.md b/README.md
@@ -0,0 +1,14 @@
+# Installation
+
+1. Copy `<architecture>\AELoader.dll` to `%WinDir%\System32`
+2. Update or create `%ProgramData%\AELoader.ini`.
+3. Run `AELoader.Enable.reg` to activate the injection. To deactivate run  `AELoader.Disable.reg`.
+4. Run `%WinDir%\System32\recdisc.exe` to execute the command line from `%ProgramData%\AELoader.ini`.
+
+`AELoader.ini` format:
+```
+[AELoader]
+EnableEventLogs=<The value 1 activates event logs>
+CommandLine=<command line to execute under elevated account>
+```
+