forked from mlghuskie/NoBastian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Main.cpp
139 lines (127 loc) · 3.64 KB
/
Main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#include "Include.h"
#include "ABServer.h"
#include "FileLogger.h"
using namespace asmjs;
FileLogger fl("C:\\ABLog.txt");
ABServer s;
HINSTANCE hThisModule;
DWORD MainThread(void*)
{
fl.Enable = true;
fl.Prefix = "[AB] ";
fl.Postfix = "\n";
fl.OpenOutput();
fl.Log("Launching ABServer ..");
s.pFl = &fl;
try
{
while (true)
{
fl.Log("Creating pipe");
s.CreatePipe();
fl.Log("Pipe has been created, awaiting client");
s.AwaitClient();
fl.Log("Client has connected, awaiting requests");
try
{
byte data[MAX_PACKET_SIZE];
while (true)
{
s.ReadPipeRaw(data);
auto cmd = ((ABRequest*)(data))->Command;
fl.Log("Acepted request: r->Command: 0x%X", cmd);
ReqAccuireProcessHandle* r1;
ReqSetProcessHandle* r2;
ReqRpm* r3;
ReqWpm* r4;
ReqVp* r5;
ReqVa* r6;
switch (cmd)
{
case C_Ping:
fl.Log("Pinging back");
s.Pong();
break;
case C_AccuireProcessHandle:
r1 = (ReqAccuireProcessHandle*)data;
fl.Log("Trying to accuire process handle with access 0x%X for process#%d", r1->DesiredAccess, r1->ProcessId);
s.AccuireProcessAccess(r1->ProcessId, r1->DesiredAccess);
break;
case C_SetProcessHandle:
r2 = (ReqSetProcessHandle*)data;
fl.Log("Setting process handle: 0x%X", r2->hProcess);
s.hProcess = r2->hProcess;
s.Pong();
break;
case C_RPM:
r3 = (ReqRpm*)data;
fl.Log("Reading memory location: Address: 0x%X, Sz: 0x%X", r3->Address, r3->DataSize);
s.RpmRaw(r3->Address, r3->DataSize);
break;
case C_WPM:
r4 = (ReqWpm*)data;
fl.Log("Writing memory location: Address: 0x%X, Sz: 0x%X", r4->Address, r4->DataSize);
s.WpmRaw(r4->Address, (&((ReqWpm*)data)->Data), r4->DataSize);
break;
case C_VirtualProtect:
r5 = (ReqVp*)data;
fl.Log("Setting protection: Address: 0x%X, Sz: 0x%X, NewProtection: 0x%X", r5->Address, r5->Size, r5->NewProtection);
s.VirtualProtect(r5->Address, r5->Size, r5->NewProtection);
break;
case C_VirtualAlloc:
r6 = (ReqVa*)data;
fl.Log("Allocating 0x%X bytes at 0x%X (AllocationType: 0x%X, Protection: 0x%X)", r6->Size, r6->Address, r6->AllocationType, r6->Protection);
s.VirtualAlloc(r6->Address, r6->Size, r6->AllocationType, r6->Protection);
break;
case C_UnloadModule:
fl.Log("Unloading ...");
FreeLibrary(hThisModule);
break;
case C_GetModuleBase:
string moduleName(((char*)(data) + sizeof(ABRequest::Command)));
fl.Log("Fetching module information for %s", moduleName.c_str());
s.GetProcessModuleBase(moduleName);
break;
}
}
}
catch (exception e)
{
if (GetLastError() == ERROR_BROKEN_PIPE)
{
fl.Log("Client has closed the connection or pipe got broken");
}
else
{
fl.Log("Exception occured: %s (0x%X)", e.what(), GetLastError());
}
fl.Log("Closing pipe..");
s.ClosePipe();
}
}
}
catch (exception e)
{
fl.Log("Fatal exception occured: %s (0x%X)", e.what(), GetLastError());
};
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD callReason, LPVOID reserved)
{
static HANDLE hThread;
hThisModule = hModule;
if (callReason == DLL_PROCESS_ATTACH)
{
hThread = CreateThread(0, 0, MainThread, 0, 0, 0);
}
if (callReason == DLL_PROCESS_DETACH)
{
if (hThread)
{
TerminateThread(hThread, 0);
s.ClosePipe();
fl.Log("Server module is getting unloaded, cya");
}
}
return TRUE;
}