crash.software
Projects
Pull Requests
Issues
Builds
ThreadStackSpoofer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ThreadStackSpoofer Commits 147fc1ea
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    ThreadStackSpoofer/header.h
    skipped 64 lines
    65 65   bool initialized;
    66 66   CallStackFrame spoofedFrame[MaxStackFramesToSpoof];
    67 67   size_t spoofedFrames;
    68  - ULONG_PTR legitTebBaseLow;
    69  - ULONG_PTR legitTebBaseHigh;
    70  - ULONG_PTR origTebBaseLow;
    71  - ULONG_PTR origTebBaseHigh;
    72 68  };
    73 69   
    74 70  struct HookedSleep
    skipped 37 lines
  • ■ ■ ■ ■ ■
    ThreadStackSpoofer/main.cpp
    skipped 10 lines
    11 11   const volatile DWORD dwMilliseconds = _dwMilliseconds;
    12 12   
    13 13   // Perform this (current) thread call stack spoofing.
    14  - //spoofCallStack(true);
     14 + spoofCallStack(true);
    15 15   
    16 16   log("\n===> MySleep(", std::dec, dwMilliseconds, ")\n");
    17 17   
    18  - PULONG_PTR ptr = (PULONG_PTR)_AddressOfReturnAddress();
    19  - ptr--;
    20  - 
    21  - 
    22  - Start_Of_TEB* teb = (Start_Of_TEB*)NtCurrentTeb();
    23  - g_stackTraceSpoofing.origTebBaseLow = (ULONG_PTR)teb->StackBase;
    24  - g_stackTraceSpoofing.origTebBaseHigh = (ULONG_PTR)teb->StackLimit;
    25  - 
    26  - teb->StackBase = (void*)g_stackTraceSpoofing.legitTebBaseLow;
    27  - teb->StackLimit = (void*)g_stackTraceSpoofing.legitTebBaseHigh;
    28  - 
    29 18   // Perform sleep emulating originally hooked functionality.
    30 19   ::SleepEx(dwMilliseconds, false);
    31 20   
    32  - 
    33  - teb->StackBase = (void*)g_stackTraceSpoofing.origTebBaseLow;
    34  - teb->StackLimit = (void*)g_stackTraceSpoofing.origTebBaseHigh;
    35  -
    36 21   // Restore original thread's call stack.
    37  - //spoofCallStack(false);
     22 + spoofCallStack(false);
    38 23  }
    39 24   
    40 25  bool fastTrampoline(bool installHook, BYTE* addressToHook, LPVOID jumpAddress, HookTrampolineBuffers* buffers /*= NULL*/)
    skipped 420 lines
    461 446   return (NULL != thread.get());
    462 447  }
    463 448   
    464  - 
    465  -void WINAPI _acquireLegitimateThreadStack(LPVOID param)
    466  -{
    467  - Start_Of_TEB* teb = (Start_Of_TEB*)NtCurrentTeb();
    468  - g_stackTraceSpoofing.legitTebBaseLow = (ULONG_PTR)teb->StackBase;
    469  - g_stackTraceSpoofing.legitTebBaseHigh = (ULONG_PTR)teb->StackLimit;
    470  - 
    471  - ::SleepEx(INFINITE, false);
    472  -}
    473  - 
    474  -bool acquireLegitimateThreadStack()
    475  -{
    476  - CallStackFrame frames[MaxStackFramesToSpoof] = { 0 };
    477  - size_t numOfFrames = 0;
    478  - 
    479  - HandlePtr secondThread(::CreateThread(
    480  - NULL,
    481  - 0,
    482  - //(LPTHREAD_START_ROUTINE)::Sleep,
    483  - (LPTHREAD_START_ROUTINE)_acquireLegitimateThreadStack,
    484  - (LPVOID)INFINITE,
    485  - 0,
    486  - 0
    487  - ), &::CloseHandle);
    488  - 
    489  - Sleep(1000);
    490  - 
    491  - return true;
    492  -}
    493  - 
    494 449  int main(int argc, char** argv)
    495 450  {
    496 451   if (argc < 3)
    skipped 18 lines
    515 470   if (!initStackSpoofing())
    516 471   {
    517 472   log("[!] Could not initialize stack spoofing!");
    518  - return 1;
    519  - }
    520  - 
    521  - if (!acquireLegitimateThreadStack())
    522  - {
    523  - log("[!] Could not acquire legitimate thread's stack.");
    524 473   return 1;
    525 474   }
    526 475   
    skipped 25 lines
Please wait...
Page is in error, reload to recover