Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Wednesday, October 27 2021 @ 09:59 PM CEST

GetDriveType API Hooker (GUI)

   

CodingLevel : beginner

OS : windows
Language : MASM

Well, as you can see a simple API Hooker with nice GUI.

I was too lazy to comment all the code, but I left enough spaces for it to be readable for you guys. IMHO you will understand it easily since it's all APIs, no unusual algos or whatever hehe.

You can find all source files here : attachment ;)


.386
.model flat, stdcall
option casemap :none

include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc

includelib masm32libuser32.lib
includelib masm32libkernel32.lib

WndProc    PROTO :HWND,:UINT,:WPARAM,:LPARAM

.data
theProgram    db "CDDISABLE", 0
appName       db "GetDriveType() hooker by BoR0", 0

thekernel     db "kernel32.dll", 0
getdrivetype  db "GetDriveTypeW", 0

tempbuffer    db 512 dup(0)
myprefix      db "0x%8X", 0

msg_1         db "The drive type cannot be determined.", 0
msg_2         db "The root directory does not exist.",0
msg_3         db "The drive can be removed from the drive.",0
msg_4         db "The disk cannot be removed from the drive.",0
msg_5         db "The drive is a remote (network) drive.",0
msg_6         db "The drive is a CD-ROM drive.",0
msg_7         db "The drive is a RAM disk.",0

err_1         db "Make sure you select an option first.", 0
err_2         db "Unable to create process. Make sure you", 13, 10,
                 "have access rights or check if the file exists.", 0
err_3         db "WriteProcessMemory failed due to unknown reason.",13,10,
                 "Terminating process...",0

soon          db "This feature soon to come, I was too lazy to code it ;-)", 0

succ          db "Successfully hooked GetDriveType() :-)", 0

toWriteresult db 0B8h, 10, 3 dup(0) ;MOV EAX, RESULTVALUE
                      db 0C2h, 4, 0 ; RET 4

Startup STARTUPINFO <>
processinfo PROCESS_INFORMATION <>

.data?
hInstance     dd ?
bytwrit       dd ?
sleepvar      dd ?

.code
start:

invoke GetModuleHandle, NULL
mov hInstance, eax

invoke DialogBoxParam, hInstance, ADDR theProgram, 0, ADDR WndProc, 0

WndProc proc hWin:DWORD, uMsg:DWORD, wParam:DWORD, lParam:DWORD

.if uMsg == WM_INITDIALOG
invoke LoadIcon, hInstance, 500
invoke PostMessage, hWin, WM_SETICON, ICON_BIG, eax

invoke LoadLibrary, ADDR thekernel
push eax
invoke wsprintf, ADDR tempbuffer, ADDR myprefix, eax
invoke SetDlgItemText, hWin, 11, ADDR tempbuffer
pop eax

invoke GetProcAddress, eax, ADDR getdrivetype
mov dword ptr [getdrivetype], eax ;first 4 bytes of getdrivetype will now contain the address of kernel32.getdrivetypew

invoke wsprintf, ADDR tempbuffer, ADDR myprefix, eax
invoke SetDlgItemText, hWin, 12, ADDR tempbuffer
invoke SetWindowText, hWin, ADDR appName

.elseif uMsg == WM_CLOSE
invoke ExitProcess, 0

.elseif wParam == 14
invoke MessageBox,hWin,ADDR soon,ADDR appName,MB_ICONERROR

.elseif wParam == 100
cmp byte ptr [toWriteresult+1], 10
jne @F

invoke MessageBox,hWin,ADDR err_1,ADDR appName,MB_ICONERROR
ret

@@:
invoke GetDlgItemText, hWin, 13, ADDR tempbuffer, 511
test eax, eax
jne @F

invoke MessageBox,hWin,ADDR err_2,ADDR appName,MB_ICONERROR
ret

@@:
invoke GetDlgItemInt, hWin, 15, 0, 0
mov sleepvar, eax

invoke CreateProcess, ADDR tempbuffer, 0, 0, 0, 0, 0, 0, 0, ADDR Startup, ADDR processinfo
test eax, eax
jne @F

invoke MessageBox,hWin,ADDR err_2,ADDR appName,MB_ICONERROR
ret

@@:
push eax

invoke Sleep,sleepvar

invoke WriteProcessMemory,processinfo.hProcess,dword ptr getdrivetype,ADDR toWriteresult,8,bytwrit
test eax, eax
jne @F

invoke TerminateProcess,processinfo.hProcess,0
invoke MessageBox,hWin,ADDR err_3,ADDR appName,MB_ICONERROR

@foo:
pop eax
invoke CloseHandle, eax

ret

@@:
invoke MessageBox,hWin,ADDR succ,ADDR appName,MB_ICONINFORMATION
jmp @foo

.elseif wParam == 200
invoke SetDlgItemText, hWin, 10, ADDR msg_1
mov byte ptr [toWriteresult+1], 0

.elseif wParam == 201
invoke SetDlgItemText, hWin, 10, ADDR msg_2
mov byte ptr [toWriteresult+1], 1

.elseif wParam == 202
invoke SetDlgItemText, hWin, 10, ADDR msg_3
mov byte ptr [toWriteresult+1], 2

.elseif wParam == 203
invoke SetDlgItemText, hWin, 10, ADDR msg_4
mov byte ptr [toWriteresult+1], 3

.elseif wParam == 204
invoke SetDlgItemText, hWin, 10, ADDR msg_5
mov byte ptr [toWriteresult+1], 4

.elseif wParam == 205
invoke SetDlgItemText, hWin, 10, ADDR msg_6
mov byte ptr [toWriteresult+1], 5

.elseif wParam == 206
invoke SetDlgItemText, hWin, 10, ADDR msg_7
mov byte ptr [toWriteresult+1], 6

.else
mov eax, FALSE
ret

.endif
mov eax, TRUE
ret

WndProc endp

end start




What's Related

Story Options

GetDriveType API Hooker (GUI) | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
GetDriveType API Hooker (GUI)
Authored by: KaGra on Tuesday, May 17 2005 @ 04:45 PM CEST
siga thn malakia...

GetDriveType API Hooker (GUI)
Authored by: thomasantony on Monday, November 28 2005 @ 03:37 PM CET
You could at least have used some ID_ constants for making the code a little bit more clear instead of using numbers as such for control IDs. Anyway, I haven't read the full thing.

Thomas
 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.85 seconds