Skip to content
This repository has been archived by the owner on Sep 10, 2024. It is now read-only.

Commit

Permalink
Fix for apisetschema forwarder
Browse files Browse the repository at this point in the history
Hope this will fix it for ever :P
  • Loading branch information
Coldzer0 committed Aug 6, 2019
1 parent cbd8fcb commit dd20a4d
Show file tree
Hide file tree
Showing 8 changed files with 166 additions and 157 deletions.
8 changes: 8 additions & 0 deletions Build/Apiset.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@
{name:"api-ms-win-core-debug-minidump-l1-1-0", count:1, red: ["dbgcore.dll"]},
{name:"api-ms-win-core-delayload-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-delayload-l1-1-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-enclave-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-enclave-l1-1-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-errorhandling-l1-1-0", count:1, red: ["kernel32.dll"]},
{name:"api-ms-win-core-errorhandling-l1-1-3", count:1, red: ["kernelbase.dll"]},
Expand Down Expand Up @@ -128,11 +129,14 @@
{name:"api-ms-win-core-localregistry-l1-1-0", count:1, red: ["kernel32.dll"]},
{name:"api-ms-win-core-marshal-l1-1-0", count:1, red: ["combase.dll"]},
{name:"api-ms-win-core-memory-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-memory-l1-1-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-memory-l1-1-2", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-memory-l1-1-6", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-misc-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-multipleproviderrouter-l1-1-0", count:1, red: ["mpr.dll"]},
{name:"api-ms-win-core-namedpipe-ansi-l1-1-1", count:1, red: ["kernel32.dll"]},
{name:"api-ms-win-core-namedpipe-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-namedpipe-l1-2-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-namedpipe-l1-2-2", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-namespace-ansi-l1-1-0", count:1, red: ["kernel32.dll"]},
{name:"api-ms-win-core-namespace-l1-1-0", count:1, red: ["kernelbase.dll"]},
Expand All @@ -150,6 +154,7 @@
{name:"api-ms-win-core-processsecurity-l1-1-0", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
{name:"api-ms-win-core-processsnapshot-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-processthreads-l1-1-0", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
{name:"api-ms-win-core-processthreads-l1-1-2", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
{name:"api-ms-win-core-processthreads-l1-1-1", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
{name:"api-ms-win-core-processthreads-l1-1-3", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
{name:"api-ms-win-core-processtopology-l1-1-0", count:1, red: ["kernelbase.dll"]},
Expand Down Expand Up @@ -201,6 +206,8 @@
{name:"api-ms-win-core-synch-l1-2-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l1-1-0", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l1-1-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l1-2-1", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l1-2-2", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l1-2-4", count:1, red: ["kernelbase.dll"]},
{name:"api-ms-win-core-sysinfo-l2-1-0", count:1, red: ["advapi32.dll"]},
{name:"api-ms-win-core-systemtopology-l1-1-1", count:1, red: ["kernelbase.dll"]},
Expand Down Expand Up @@ -548,6 +555,7 @@
{name:"ext-ms-win-gdi-path-l1-1-0", count:1, red: ["gdi32full.dll"]},
{name:"ext-ms-win-gdi-print-l1-1-0", count:1, red: ["gdi32full.dll"]},
{name:"ext-ms-win-gdi-private-l1-1-0", count:1, red: ["gdi32full.dll"]},
{name:"ext-ms-win-gdi-desktop-l1-1-0", count:1, red: ["gdi32.dll"]},
{name:"ext-ms-win-gdi-render-l1-1-0", count:1, red: ["gdi32.dll"]},
{name:"ext-ms-win-gdi-rgn-l1-1-0", count:1, red: ["gdi32full.dll"]},
{name:"ext-ms-win-gdi-wcs-l1-1-0", count:1, red: ["gdi32full.dll"]},
Expand Down
66 changes: 8 additions & 58 deletions Build/hooks/address.js
Original file line number Diff line number Diff line change
@@ -1,61 +1,11 @@
// var _parse_cmdline = new ApiHook();
// _parse_cmdline.OnCallBack = function () {
var addr_hook_example = new ApiHook();
addr_hook_example.OnCallBack = function () {

// var PC = Emu.ReadDword(Emu.ReadReg(REG_ESP));
info('EDI = ',Emu.ReadReg(REG_EDI).toString(16))
info('ESI = ',Emu.ReadReg(REG_ESI).toString(16))
info('Module : ',Emu.ReadStringA(Emu.ReadReg(REG_EAX)))

// info('PC : 0x',PC.toString(16));

// info(Emu.SetReg(REG_EIP, PC));
// return true;
// };
// _parse_cmdline.install(0x00403383);

// _wcmdln fix

// var Path = '"C:\\pla\\' + Emu.Filename + '"'; // :D
// var _wcmdln_ptr = Emu.GetProcAddr(Emu.GetModuleHandle('msvcr90.dll'), '_wcmdln');
// var po =
// Emu.WriteStringW(_wcmdln_ptr,Path) : Emu.WriteStringA(_wcmdln_ptr,Path);




// var tmpx = new ApiHook();
// tmpx.OnCallBack = function () {


// info('EDI = ',Emu.ReadReg(REG_EDI).toString(16))
// info('ESI = ',Emu.ReadReg(REG_ESI).toString(16))
// info('Module : ',Emu.ReadStringA(Emu.ReadReg(REG_EAX)))

// return true;
// };

// tmpx.install(0x401369);

// var tmpx = new ApiHook();
// tmpx.OnCallBack = function () {

// info('esi = ',Emu.ReadReg(REG_ESI).toString(16))
// info('ecx = ',Emu.ReadReg(REG_ECX).toString(16))

// info('Module : ',Emu.ReadStringW(Emu.ReadReg(REG_ESI)))

// return true;
// };

// tmpx.install(0x401037);


// var tmpz = new ApiHook();
// tmpz.OnCallBack = function () {

// info('esi = ',Emu.ReadReg(REG_ESI).toString(16))

// info('API : ',Emu.ReadStringA(Emu.ReadReg(REG_ESI)))

// return true;
// };

// tmpz.install(0x401068);
return true;
};

addr_hook_example.install(0x401369);
Loading

0 comments on commit dd20a4d

Please sign in to comment.