Skip to content
This repository has been archived by the owner on Sep 10, 2024. It is now read-only.

Commit

Permalink
Beta 2 - Fix #2
Browse files Browse the repository at this point in the history
[+] Add Hook Address
[+] Implementing Api schema forworder fix issue #2
[+] Change disassembler from Capstone to Zydis Engine
[√] improvements for SEH handling
[√] improvements with JS to API handle
[√] Improve API detection by address or name or ordinal
  • Loading branch information
Coldzer0 committed Aug 5, 2019
1 parent 97582a7 commit 805b373
Show file tree
Hide file tree
Showing 28 changed files with 1,465 additions and 446 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ __recovery/
samples/VMProtect
PEParser
Core/Duktabe
Core/QJS
unicorn-engine-pascal
CTF
GDT
Expand Down
843 changes: 843 additions & 0 deletions Build/Apiset.json

Large diffs are not rendered by default.

10 changes: 10 additions & 0 deletions Build/hooks/address.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,14 @@
// var _parse_cmdline = new ApiHook();
// _parse_cmdline.OnCallBack = function () {

// var PC = Emu.ReadDword(Emu.ReadReg(REG_ESP));

// info('PC : 0x',PC.toString(16));

// info(Emu.SetReg(REG_EIP, PC));
// return true;
// };
// _parse_cmdline.install(0x00403383);

// _wcmdln fix

Expand Down
8 changes: 0 additions & 8 deletions Build/hooks/advapi32.js
Original file line number Diff line number Diff line change
Expand Up @@ -267,8 +267,6 @@ RegCloseKey.OnCallBack = function (Emu, API,ret) {
};
RegCloseKey.install('advapi32.dll', 'RegCloseKey');

RegCloseKey.install('api-ms-win-core-localregistry-l1-1-0.dll', 'RegCloseKey');

/*
###################################################################################################
###################################################################################################
Expand Down Expand Up @@ -373,9 +371,6 @@ RegOpenKeyEx.install('advapi32.dll', 'RegOpenKeyExA');
RegOpenKeyEx.install('advapi32.dll', 'RegOpenKeyExW');


RegOpenKeyEx.install('api-ms-win-core-localregistry-l1-1-0.dll', 'RegOpenKeyExA');
RegOpenKeyEx.install('api-ms-win-core-localregistry-l1-1-0.dll', 'RegOpenKeyExW');

/*
###################################################################################################
###################################################################################################
Expand Down Expand Up @@ -434,9 +429,6 @@ RegQueryValueEx.OnCallBack = function (Emu, API, ret) {
RegQueryValueEx.install('advapi32.dll', 'RegQueryValueExA');
RegQueryValueEx.install('advapi32.dll', 'RegQueryValueExW');

RegQueryValueEx.install('api-ms-win-core-localregistry-l1-1-0.dll', 'RegQueryValueExA');
RegQueryValueEx.install('api-ms-win-core-localregistry-l1-1-0.dll', 'RegQueryValueExW');


/*
###################################################################################################
Expand Down
22 changes: 11 additions & 11 deletions Build/hooks/c_runtime.js
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
'use strict';


var exit = new ApiHook();
exit.OnCallBack = function (Emu, API,ret) {
// var exit = new ApiHook();
// exit.OnCallBack = function (Emu, API,ret) {

Emu.Stop();
// Emu.Stop();

error('0x{0} : {1}'.format(
ret.toString(16),
API.name
));
// error('0x{0} : {1}'.format(
// ret.toString(16),
// API.name
// ));

return true; // true if you handle it false if you want Emu to handle it and set PC .
};
exit.install('api-ms-win-crt-runtime-l1-1-0.dll', 'exit');
exit.install('api-ms-win-crt-runtime-l1-1-0.dll', '_exit');
// return true; // true if you handle it false if you want Emu to handle it and set PC .
// };
// exit.install('api-ms-win-crt-runtime-l1-1-0.dll', 'exit');
// exit.install('api-ms-win-crt-runtime-l1-1-0.dll', '_exit');

/*
###################################################################################################
Expand Down
7 changes: 0 additions & 7 deletions Build/hooks/kernek32_strings.js
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ MultiByteToWideChar.OnCallBack = function (Emu, API, ret) {
};

MultiByteToWideChar.install('kernel32.dll', 'MultiByteToWideChar');
MultiByteToWideChar.install('api-ms-win-core-string-l1-1-0.dll', 'MultiByteToWideChar');

/*
###################################################################################################
Expand Down Expand Up @@ -114,7 +113,6 @@ WideCharToMultiByte.OnCallBack = function (Emu, API, ret) {
};

WideCharToMultiByte.install('kernel32.dll', 'WideCharToMultiByte');
WideCharToMultiByte.install('api-ms-win-core-string-l1-1-0.dll', 'WideCharToMultiByte');

/*
###################################################################################################
Expand Down Expand Up @@ -175,8 +173,6 @@ LCMapString.OnCallBack = function (Emu, API, ret) {
LCMapString.install('kernel32.dll', 'LCMapStringA');
LCMapString.install('kernel32.dll', 'LCMapStringW');

LCMapString.install('api-ms-win-core-localization-l1-1-0.dll', 'LCMapStringW');


/*
###################################################################################################
Expand Down Expand Up @@ -255,7 +251,6 @@ GetStringTypeW.OnCallBack = function (Emu, API, ret) {
};

GetStringTypeW.install('kernel32.dll', 'GetStringTypeW');
GetStringTypeW.install('api-ms-win-core-string-l1-1-0.dll', 'GetStringTypeW');

/*
###################################################################################################
Expand Down Expand Up @@ -297,8 +292,6 @@ lstrlen.OnCallBack = function (Emu, API, ret) {
lstrlen.install('kernel32.dll', 'lstrlen');
lstrlen.install('kernelbase.dll', 'lstrlenW');
lstrlen.install('kernelbase.dll', 'lstrlenA');
lstrlen.install('api-ms-win-core-misc-l1-1-0.dll', 'lstrlenW');
lstrlen.install('api-ms-win-core-misc-l1-1-0.dll', 'lstrlenA');
lstrlen.install('kernel32.dll', 'lstrlenW');
lstrlen.install('kernel32.dll', 'lstrlenA');

Expand Down
Loading

0 comments on commit 805b373

Please sign in to comment.