Skip to content

Commit

Permalink
Hooking GetUserName* GetComputerName* APIs. Closes cuckoosandbox#28. …
Browse files Browse the repository at this point in the history
…Must be verified, has inconsistent arg count
  • Loading branch information
Thorsten-Sick committed Jul 18, 2014
1 parent d969cf4 commit 0b98cb0
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 0 deletions.
4 changes: 4 additions & 0 deletions cuckoomon.c
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,10 @@ static hook_t g_hooks[] = {
HOOK(kernel32, WriteConsoleW),
HOOK(user32, GetSystemMetrics),
HOOK(user32, GetCursorPos),
HOOK(kernel32, GetComputerNameA),
HOOK(kernel32, GetComputerNameW),
HOOK(advapi32, GetUserNameA),
HOOK(advapi32, GetUserNameW),

//
// Network Hooks
Expand Down
48 changes: 48 additions & 0 deletions hook_misc.c
Original file line number Diff line number Diff line change
Expand Up @@ -260,3 +260,51 @@ HOOKDEF(BOOL, WINAPI, GetCursorPos,
"y", lpPoint != NULL ? lpPoint->y : 0);
return ret;
}

HOOKDEF(BOOL, WINAPI, GetComputerNameA,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
) {
IS_SUCCESS_BOOL();

static const char *category = "misc";
BOOL ret = Old_GetComputerNameA(lpBuffer, lpnSize);
LOQ("s", "ComputerName", lpBuffer);
return ret;
}

HOOKDEF(BOOL, WINAPI, GetComputerNameW,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
) {
IS_SUCCESS_BOOL();

static const char *category = "misc";
BOOL ret = Old_GetComputerNameW(lpBuffer, lpnSize);
LOQ("u", "ComputerName", lpBuffer);
return ret;
}

HOOKDEF(BOOL, WINAPI, GetUserNameA,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
) {
IS_SUCCESS_BOOL();

static const char *category = "misc";
BOOL ret = Old_GetUserNameA(lpBuffer, lpnSize);
LOQ("s", "Name", lpBuffer);
return ret;
}

HOOKDEF(BOOL, WINAPI, GetUserNameW,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
) {
IS_SUCCESS_BOOL();

static const char *category = "misc";
BOOL ret = Old_GetUserNameW(lpBuffer, lpnSize);
LOQ("u", "Name", lpBuffer);
return ret;
}
20 changes: 20 additions & 0 deletions hooks.h
Original file line number Diff line number Diff line change
Expand Up @@ -1001,6 +1001,26 @@ extern HOOKDEF(BOOL, WINAPI, GetCursorPos,
_Out_ LPPOINT lpPoint
);

extern HOOKDEF(BOOL, WINAPI, GetComputerNameA,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
);

extern HOOKDEF(BOOL, WINAPI, GetComputerNameW,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
);

extern HOOKDEF(BOOL, WINAPI, GetUserNameA,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
);

extern HOOKDEF(BOOL, WINAPI, GetUserNameW,
_Out_ LPTSTR lpBuffer,
_Inout_ LPDWORD lpnSize
);

//
// Network Hooks
//
Expand Down

0 comments on commit 0b98cb0

Please sign in to comment.