Skip to content

Commit

Permalink
v 1.0.0
Browse files Browse the repository at this point in the history 
Further work for #5
Scan to be on-demand.
Added hotkeys for some menu items (scan, help, settings).
Generic usage help to be displayed at program start of by request (menu/hotkey).
  • Loading branch information
@hfiref0x
hfiref0x committed Nov 26, 2023
1 parent 0d914e4 commit db0fcbd
Show file tree
Hide file tree
Showing 9 changed files with 218 additions and 97 deletions.
Binary file modified Bin/Skilla.exe
View file
Binary file not shown.
1 change: 1 addition & 0 deletions Source/global.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
extern HWND hwndList;
extern HWND hwndStatusBar;
extern ULONG g_cAnomalies;
extern volatile LONG gbScanRunning;

#include "consts.h"
#include "ntos.h"
Expand Down
136 changes: 72 additions & 64 deletions Source/main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*
* VERSION: 1.00
*
* DATE: 01 Jul 2023
* DATE: 25 Nov 2023
*
* CodeName: Skilla
*
Expand Down Expand Up @@ -34,6 +34,7 @@ HWND hwndList = NULL;
HWND hwndStatusBar = NULL;
HINSTANCE thisInstance = NULL;
PROBE_STARTUP_INFO gProbeParams;
volatile LONG gbScanRunning = FALSE;

/*
* InsertRunAsMainMenuEntry
Expand Down Expand Up @@ -143,9 +144,9 @@ VOID SettingsReadWrite(
probeSettings.Flags |= ctrlMap[i].FlagValue;
}
}

if (!supWriteConfiguration(&probeSettings)) {

StringCchPrintf(szErrorMsg,
RTL_NUMBER_OF(szErrorMsg),
TEXT("There is an error with code %lu while saving probes settings"),
Expand Down Expand Up @@ -196,6 +197,12 @@ INT_PTR CALLBACK SettingsDialogProc(
return EndDialog(hwndDlg, ERROR_CANCELLED);
case IDOK:
SettingsReadWrite(hwndDlg, TRUE);

supReportEvent(evtInformation,
(LPWSTR)TEXT("Settings has been modified and will be used during next scan"),
NULL,
NULL);

return EndDialog(hwndDlg, ERROR_SUCCESS);
}

Expand Down Expand Up @@ -269,33 +276,56 @@ VOID MainWindowSetViewReady()
columnData,
RTL_NUMBER_OF(columnData));

WCHAR szText[200];

LARGE_INTEGER startTime;
TIME_FIELDS systemTime;

GetSystemTimeAsFileTime((LPFILETIME)&startTime);
FileTimeToLocalFileTime((PFILETIME)&startTime, (PFILETIME)&startTime);
RtlTimeToTimeFields((PLARGE_INTEGER)&startTime, (PTIME_FIELDS)&systemTime);

StringCchPrintf(szText,
RTL_NUMBER_OF(szText),
L"%ws v%lu.%lu.%lu, started at %02hd.%02hd.%04hd %02hd:%02hd:%02hd",
PROGRAM_NAME,
SK_VERSION_MAJOR,
SK_VERSION_MINOR,
SK_VERSION_BUILD,
systemTime.Day,
systemTime.Month,
systemTime.Year,
systemTime.Hour,
systemTime.Minute,
systemTime.Second);

supReportEvent(evtInformation,
szText,
NULL,
NULL);
}

VOID MainWindowHandleWMCommand(
_In_ HWND hwnd,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
UNREFERENCED_PARAMETER(lParam);
ULONG wId = GET_WM_COMMAND_ID(wParam, lParam);

switch (wId) {
case ID_FILE_SCAN:
gProbeParams.MainWindow = hwnd;
supReadConfiguration(&gProbeParams.Settings);
SkStartProbe(&gProbeParams);
return;
case IDCANCEL:
case ID_FILE_EXIT:
SendMessage(hwnd, WM_CLOSE, 0, 0);
return;
}

if (gbScanRunning != FALSE)
return;

switch (wId) {

case ID_HELP_ABOUT:
DialogBoxParam(thisInstance, MAKEINTRESOURCE(IDD_ABOUT), hwnd, AboutDialogProc, 0);
break;

case ID_HELP_SHOWHELP:
ListView_DeleteAllItems(hwndList);
supShowWelcomeBanner();
break;

case ID_PROBES_SAVETOFILE:
supListViewExportToFile(TEXT("probes.csv"), hwnd, hwndList);
break;

case ID_PROBES_SETTINGS:
DialogBoxParam(thisInstance, MAKEINTRESOURCE(IDD_SETTINGS), hwnd, SettingsDialogProc, 0);
break;

case ID_FILE_RUNASADMIN:
supRunAsAdmin();
break;

}
}

LRESULT CALLBACK MainWindowProc(
Expand Down Expand Up @@ -340,37 +370,7 @@ LRESULT CALLBACK MainWindowProc(
break;

case WM_COMMAND:
switch (GET_WM_COMMAND_ID(wParam, lParam)) {

case ID_FILE_SCAN:
gProbeParams.IsFirstRun = FALSE;
gProbeParams.MainWindow = hwnd;
supReadConfiguration(&gProbeParams.Settings);
SkStartProbe(&gProbeParams);
break;

case ID_HELP_ABOUT:
DialogBoxParam(thisInstance, MAKEINTRESOURCE(IDD_ABOUT), hwnd, AboutDialogProc, 0);
break;

case IDCANCEL:
case ID_FILE_EXIT:
SendMessage(hwnd, WM_CLOSE, 0, 0);
break;

case ID_PROBES_SAVETOFILE:
supListViewExportToFile(TEXT("probes.csv"), hwnd, hwndList);
break;

case ID_PROBES_SETTINGS:
DialogBoxParam(thisInstance, MAKEINTRESOURCE(IDD_SETTINGS), hwnd, SettingsDialogProc, 0);
break;

case ID_FILE_RUNASADMIN:
supRunAsAdmin();
break;

}
MainWindowHandleWMCommand(hwnd, wParam, lParam);
break;

case WM_ACTIVATE:
Expand All @@ -388,9 +388,11 @@ DWORD RunMainDialog()
WNDCLASSEX wndClass;
BOOL bResult;
MSG message;
HACCEL acceleratorTable;
INITCOMMONCONTROLSEX iccx;

thisInstance = GetModuleHandle(NULL);
acceleratorTable = LoadAccelerators(thisInstance, MAKEINTRESOURCE(IDR_ACCELERATOR1));

gProbeWait = CreateMutex(NULL, FALSE, NULL);
if (gProbeWait == NULL)
Expand Down Expand Up @@ -448,10 +450,10 @@ DWORD RunMainDialog()
UpdateWindow(hwndMain);
InsertRunAsMainMenuEntry(hwndMain);

gProbeParams.IsFirstRun = TRUE;
supShowWelcomeBanner();

gProbeParams.MainWindow = hwndMain;
supReadConfiguration(&gProbeParams.Settings);
SkStartProbe(&gProbeParams);

do {

Expand All @@ -463,6 +465,9 @@ DWORD RunMainDialog()
TranslateMessage(&message);
DispatchMessage(&message);
}
else {
TranslateAccelerator(hwndMain, acceleratorTable, &message);
}

} while (bResult != 0);

Expand All @@ -471,6 +476,9 @@ DWORD RunMainDialog()
return GetLastError();
}

if (acceleratorTable)
DestroyAcceleratorTable(acceleratorTable);

UnregisterClass(CLASSNAME, thisInstance);

return 0;
Expand All @@ -484,7 +492,7 @@ INT EntryPoint()
RtlSetUnhandledExceptionFilter(supUnhandledExceptionFilter);
HeapSetInformation(NtCurrentPeb()->ProcessHeap, HeapEnableTerminationOnCorruption, NULL, 0);
supSetMitigationPolicies();
supCacheKnownDllsEntries();
supCacheKnownDllsEntries();
ntStatus = supInitializeKnownSids();
if (!NT_SUCCESS(ntStatus)) {
exitProcessCode = ntStatus;
Expand Down
74 changes: 45 additions & 29 deletions Source/probes.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,12 +111,12 @@ NTSTATUS SkValidateClientInfo(
//
// Validate PEB ptr for some stubborns.
//
ntStatus = NtQueryInformationProcess(hObject,
ProcessBasicInformation,
&pbi,
sizeof(pbi),
ntStatus = NtQueryInformationProcess(hObject,
ProcessBasicInformation,
&pbi,
sizeof(pbi),
&returnLength);

if (!NT_SUCCESS(ntStatus)) {
NtClose(hObject);
return ntStatus;
Expand Down Expand Up @@ -294,6 +294,39 @@ VOID SkDestroyContext(
*Context = NULL;
}

/*
* SkpEnableControls
*
* Purpose:
*
* Enable or disable menu controls during scan.
*
*/
VOID SkpEnableControls(
_In_ HWND MainWindow,
_In_ BOOL fEnable
)
{
DWORD dwFlags = MF_BYCOMMAND;
HMENU hMenu = GetMenu(MainWindow);

ULONG ulControls[] = {
ID_FILE_RUNASADMIN,
ID_PROBES_SETTINGS,
ID_PROBES_SAVETOFILE,
ID_HELP_SHOWHELP,
ID_HELP_ABOUT
};

if (fEnable)
dwFlags |= MF_ENABLED;
else
dwFlags |= MF_DISABLED;

for (ULONG i = 0; i < RTL_NUMBER_OF(ulControls); i++)
EnableMenuItem(hMenu, ulControls[i], dwFlags);
}

/*
* SkStartProbe
*
Expand All @@ -315,16 +348,14 @@ DWORD SkpProbeThread(
dwWaitResult = WaitForSingleObject(gProbeWait, INFINITE);
if (dwWaitResult == WAIT_OBJECT_0) {

EnableMenuItem(GetMenu(si.MainWindow), ID_PROBES_SETTINGS, MF_BYCOMMAND | MF_DISABLED);
EnableMenuItem(GetMenu(si.MainWindow), ID_PROBES_SAVETOFILE, MF_BYCOMMAND | MF_DISABLED);

InterlockedExchange(&gbScanRunning, TRUE);
SkpEnableControls(si.MainWindow, FALSE);
supStatusBarSetText(hwndStatusBar, 0, (LPCWSTR)TEXT("Scan in progress, please wait..."));

szBuffer[0] = 0;
SkiInitializeAnomalyCount();

if (si.IsFirstRun == FALSE)
ListView_DeleteAllItems(hwndList);
ListView_DeleteAllItems(hwndList);

if (gProbeContext) {
SkDestroyContext(&gProbeContext);
Expand Down Expand Up @@ -529,10 +560,9 @@ DWORD SkpProbeThread(
NULL);

supStatusBarSetText(hwndStatusBar, 0, szBuffer);

SkpEnableControls(si.MainWindow, TRUE);
InterlockedExchange(&gbScanRunning, FALSE);
ReleaseMutex(gProbeWait);
EnableMenuItem(GetMenu(si.MainWindow), ID_PROBES_SAVETOFILE, MF_BYCOMMAND | MF_ENABLED);
EnableMenuItem(GetMenu(si.MainWindow), ID_PROBES_SETTINGS, MF_BYCOMMAND | MF_ENABLED);
}

ExitThread(ERROR_SUCCESS);
Expand All @@ -552,22 +582,8 @@ VOID SkStartProbe(
{
DWORD threadId;

if (StartupInfo->IsFirstRun)
{
if (FAILED(CoInitializeSecurity(NULL,
-1,
NULL,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_SECURE_REFS,
NULL)))
{
REPORT_RIP(TEXT("Could not initialize COM security"));
return;
}
}
if (!supInitializeSecurityForCOM())
return;

HANDLE threadHandle = CreateThread(NULL, 0,
(LPTHREAD_START_ROUTINE)SkpProbeThread,
Expand Down
1 change: 0 additions & 1 deletion Source/probes.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@ typedef struct _PROBE_SETTINGS {
#define PROBE_FLAGS_CHECK_PROCESS_MEMORY (0x80000)

typedef struct _PROBE_STARTUP_INFO {
BOOL IsFirstRun;
HWND MainWindow;
PROBE_SETTINGS Settings;
} PROBE_STARTUP_INFO, * PPROBE_STARTUP_INFO;
Expand Down
6 changes: 4 additions & 2 deletions Source/resource.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#define IDR_MENU 105
#define IDD_ABOUT 106
#define IDD_SETTINGS 124
#define IDR_ACCELERATOR1 126
#define IDI_ICON_MAIN 200
#define IDI_ICON_DETECTION 201
#define IDI_ICON_WUBBABOO 202
Expand Down Expand Up @@ -43,13 +44,14 @@
#define ID_PROBES_SAVETOFILE 40004
#define ID_FILE_RUNASADMIN 40005
#define ID_PROBES_SETTINGS 40006
#define ID_HELP_SHOWHELP 40013

// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 126
#define _APS_NEXT_COMMAND_VALUE 40007
#define _APS_NEXT_RESOURCE_VALUE 127
#define _APS_NEXT_COMMAND_VALUE 40016
#define _APS_NEXT_CONTROL_VALUE 1008
#define _APS_NEXT_SYMED_VALUE 101
#endif
Expand Down
Binary file modified Source/resource.rc
View file
Binary file not shown.
Loading

0 comments on commit db0fcbd

Please sign in to comment.