STRLCPY/SearchAvailableExe

修改进程结束等待时间
maoku committed 2 months ago

c3042999

1 parent fd891759

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.vcxproj.user

1	1		<?xml version="1.0" encoding="utf-8"?>
2	2		<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	3		<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
4		-	<LocalDebuggerCommandArguments>-i "D:\envPath\java\jdk1.8\bin" -c 2</LocalDebuggerCommandArguments>
	4	+	<LocalDebuggerCommandArguments>-i "D:"</LocalDebuggerCommandArguments>
5	5		<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
6	6		</PropertyGroup>
7	7		<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
	8	+	<LocalDebuggerCommandArguments>-i "D:"</LocalDebuggerCommandArguments>
	9	+	<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
	10	+	</PropertyGroup>
	11	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
8	12		<LocalDebuggerCommandArguments>-i "D:\software\WPS Office"</LocalDebuggerCommandArguments>
9	13		<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
10	14		</PropertyGroup>
		skipped 1 lines

■ ■ ■ ■ ■ ■

SearchAvailableExe/Tools.cpp

		skipped 258 lines
259	259		ImportTable++;
260	260		}
261	261
	262	+	bool isSearchLoadLibrary = false;
	263	+	bool isSearchWindow = false;
	264	+
262	265		ImportTable = PIMAGE_IMPORT_DESCRIPTOR(rvaToFOA(buffer, directory.VirtualAddress) + buffer);
263	266		while (ImportTable->Name)
264	267		{
		skipped 2 lines
267	270		PIMAGE_THUNK_DATA INT = PIMAGE_THUNK_DATA(rvaToFOA(buffer, ImportTable->OriginalFirstThunk) + buffer);
268	271		PIMAGE_IMPORT_BY_NAME temp = { 0 };
269	272		int count = 0;
	273	+
270	274		while (INT->u1.AddressOfData)//当遍历到的是最后一个是时候是会为0，所以随便遍历一个就好
271	275		{
272	276		if (!(INT->u1.Ordinal & 0x80000000))
		skipped 2 lines
275	279		if ((BYTE*)temp == buffer) {
276	280		break;
277	281		}
278		-	else if (containsIgnoreCase(temp->Name, "loadlibrary") != NULL)
	282	+	else if (!isSearchLoadLibrary && containsIgnoreCase(temp->Name, "loadlibrary") != NULL)
279	283		{
	284	+	isSearchLoadLibrary = true;
280	285		searchDll(buffer, result, filePath, dllsName, fileDir);
281		-	break;
282	286		}
283		-	else if (containsIgnoreCase(temp->Name, "CreateDialogParam") != NULL \|\| containsIgnoreCase(temp->Name, "CreateWindow") != NULL \|\| containsIgnoreCase(temp->Name, "CreateProcess") != NULL)
	287	+	else if (!isSearchWindow && (containsIgnoreCase(temp->Name, "CreateDialogParam") != NULL \|\| containsIgnoreCase(temp->Name, "CreateWindow") != NULL \|\| containsIgnoreCase(temp->Name, "CreateProcess") != NULL))
284	288		{
	289	+	isSearchWindow = true;
285	290		result->isCreateWindow = true;
286		-	break;
287	291		}
288	292		}
289	293		INT = PIMAGE_THUNK_DATA((PBYTE)INT + THUNK_DATA_SIZE);//INT在INT数组中下移
		skipped 581 lines
871	875		TerminateProcess(pi.hProcess, 0);
872	876
873	877		// 获取进程的退出码
874		-	DWORD exitCode;
	878	+	DWORD exitCode = 0;
875	879		GetExitCodeProcess(pi.hProcess, &exitCode);
876	880
877	881		// 关闭进程和线程句柄
		skipped 26 lines
904	908		exitCode++;
905	909		}
906	910
907		-	DWORD retExitCode = TestCreateProcess(runFilePath, 500);
	911	+	DWORD retExitCode = TestCreateProcess(runFilePath, 1500);
908	912		result->exploitDllPath = hookDllMap[retExitCode];
909	913
910	914		if (result->exploitDllPath != "") {
		skipped 21 lines

修改进程结束等待时间