Permalink
Browse files

dll tester

  • Loading branch information...
1 parent 46f9e0e commit a3b7fa892f9ad81b32b3fb360e91ad7cba6ae13a @NtQuery committed Jan 11, 2014
@@ -0,0 +1,28 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ScyllaDllTest", "ScyllaDllTest\ScyllaDllTest.vcxproj", "{D7886EB7-3C3B-4AA7-B983-DD85E72798DD}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ScyllaTestExe", "ScyllaTestExe\ScyllaTestExe.vcxproj", "{756E4AF7-342C-417F-86DC-3B2A78E782C9}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Release|Win32 = Release|Win32
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {D7886EB7-3C3B-4AA7-B983-DD85E72798DD}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D7886EB7-3C3B-4AA7-B983-DD85E72798DD}.Debug|Win32.Build.0 = Debug|Win32
+ {D7886EB7-3C3B-4AA7-B983-DD85E72798DD}.Release|Win32.ActiveCfg = Release|Win32
+ {D7886EB7-3C3B-4AA7-B983-DD85E72798DD}.Release|Win32.Build.0 = Release|Win32
+ {756E4AF7-342C-417F-86DC-3B2A78E782C9}.Debug|Win32.ActiveCfg = Release|Win32
+ {756E4AF7-342C-417F-86DC-3B2A78E782C9}.Debug|Win32.Build.0 = Release|Win32
+ {756E4AF7-342C-417F-86DC-3B2A78E782C9}.Release|Win32.ActiveCfg = Release|Win32
+ {756E4AF7-342C-417F-86DC-3B2A78E782C9}.Release|Win32.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{D7886EB7-3C3B-4AA7-B983-DD85E72798DD}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>ScyllaDllTest</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>v120</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>v120</PlatformToolset>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <ClCompile Include="Source.cpp" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
@@ -0,0 +1,118 @@
+#define _CRT_SECURE_NO_WARNINGS
+#include <windows.h>
+#include <stdio.h>
+#include <string.h>
+#include <tlhelp32.h>
+#include <tchar.h>
+
+
+typedef const WCHAR * (WINAPI * def_ScyllaVersionInformationW)();
+typedef const char * (WINAPI * def_ScyllaVersionInformationA)();
+typedef DWORD (WINAPI * def_ScyllaVersionInformationDword)();
+typedef int (WINAPI * def_ScyllaIatSearch)(DWORD dwProcessId, DWORD_PTR * iatStart, DWORD * iatSize, DWORD_PTR searchStart, BOOL advancedSearch);
+typedef int (WINAPI * def_ScyllaStartGui)(DWORD dwProcessId, HINSTANCE mod);
+
+def_ScyllaIatSearch ScyllaIatSearch = 0;
+def_ScyllaStartGui ScyllaStartGui = 0;
+def_ScyllaVersionInformationW ScyllaVersionInformationW = 0;
+def_ScyllaVersionInformationA ScyllaVersionInformationA = 0;
+def_ScyllaVersionInformationDword ScyllaVersionInformationDword = 0;
+
+
+void testGui();
+void testIatSearch();
+DWORD_PTR GetExeModuleBase(DWORD dwProcessId);
+
+
+STARTUPINFOW si = { 0 };
+PROCESS_INFORMATION pi = { 0 };
+WCHAR target[] = L"ScyllaTestExe.exe";
+HMODULE hScylla = 0;
+
+int main(int argc, char *argv[])
+{
+#ifdef _WIN64
+ hScylla = LoadLibraryW(L"ScyllaDLLx64.dll");
+#else
+ hScylla = LoadLibraryW(L"ScyllaDLLx86.dll");
+#endif
+
+ if (hScylla)
+ {
+ ScyllaIatSearch = (def_ScyllaIatSearch)GetProcAddress(hScylla, "ScyllaIatSearch");
+ ScyllaStartGui = (def_ScyllaStartGui)GetProcAddress(hScylla, "ScyllaStartGui");
+
+ ScyllaVersionInformationW = (def_ScyllaVersionInformationW)GetProcAddress(hScylla, "ScyllaVersionInformationW");
+ ScyllaVersionInformationA = (def_ScyllaVersionInformationA)GetProcAddress(hScylla, "ScyllaVersionInformationA");
+ ScyllaVersionInformationDword = (def_ScyllaVersionInformationDword)GetProcAddress(hScylla, "ScyllaVersionInformationDword");
+
+ printf("Scylla DLL: %s - %08X\n", ScyllaVersionInformationA(), ScyllaVersionInformationDword());
+
+ testIatSearch();
+ //testGui();
+ }
+
+ getchar();
+ return 0;
+}
+
+void testGui()
+{
+ printf("----------------\nGUI TEST\n----------------\n");
+
+ si.cb = sizeof(STARTUPINFOW);
+
+ if (CreateProcessW(0, target, 0, 0, TRUE, 0, 0, 0, &si, &pi))
+ {
+ Sleep(1000);
+
+
+ DWORD_PTR hMod = GetExeModuleBase(pi.dwProcessId);
+ printf("GetExeModuleBase %X\n", hMod);
+
+ ScyllaStartGui(pi.dwProcessId, 0);
+
+ TerminateProcess(pi.hProcess, 0);
+ CloseHandle(pi.hThread);
+ CloseHandle(pi.hProcess);
+ }
+}
+
+
+void testIatSearch()
+{
+ printf("----------------\nIAT Search Test\n----------------\n");
+
+ si.cb = sizeof(STARTUPINFOW);
+
+ if (CreateProcessW(0, target, 0, 0, TRUE, 0, 0, 0, &si, &pi))
+ {
+ Sleep(1000);
+
+ DWORD_PTR iatStart = 0;
+ DWORD iatSize = 0;
+
+ DWORD_PTR hMod = GetExeModuleBase(pi.dwProcessId);
+ printf("GetExeModuleBase %X\n", hMod);
+
+ int error = ScyllaIatSearch(pi.dwProcessId, &iatStart, &iatSize, hMod + 0x00001028, FALSE);
+
+ printf("error %d iatStart %X iatSize %X\n", error, iatStart, iatSize);
+
+ TerminateProcess(pi.hProcess, 0);
+ CloseHandle(pi.hThread);
+ CloseHandle(pi.hProcess);
+ }
+}
+
+DWORD_PTR GetExeModuleBase(DWORD dwProcessId)
+{
+ MODULEENTRY32 lpModuleEntry = { 0 };
+ HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
+ lpModuleEntry.dwSize = sizeof(lpModuleEntry);
+ Module32First(hSnapShot, &lpModuleEntry);
+
+ CloseHandle(hSnapShot);
+
+ return (DWORD_PTR)lpModuleEntry.modBaseAddr;
+}
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{756E4AF7-342C-417F-86DC-3B2A78E782C9}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>ScyllaTestExe</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>v120</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>v120</PlatformToolset>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ <GenerateManifest>false</GenerateManifest>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Windows</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ </ClCompile>
+ <Link>
+ <SubSystem>Windows</SubSystem>
+ <GenerateDebugInformation>false</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <ClCompile Include="main.cpp" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
@@ -0,0 +1,14 @@
+#include <Windows.h>
+
+
+
+int CALLBACK WinMain(
+ _In_ HINSTANCE hInstance,
+ _In_ HINSTANCE hPrevInstance,
+ _In_ LPSTR lpCmdLine,
+ _In_ int nCmdShow
+ )
+{
+ MessageBoxW(0, L"Test", L"Test", MB_OK);
+ return 0;
+}

0 comments on commit a3b7fa8

Please sign in to comment.