Cleaned and renamed code

Cleaned and renamed code to make it more understandable.
crvvdev · Sep 27, 2020 · 3e79de1 · 3e79de1
1 parent 03d042e
commit 3e79de1
Show file tree

Hide file tree

Showing 13 changed files with 966 additions and 897 deletions.
diff --git a/MasterHide/MasterHide.vcxproj b/MasterHide/MasterHide.vcxproj
@@ -98,6 +98,7 @@
     <ClInclude Include="..\KasperskyHook\KasperskyHookDrv\kernel_modules.hpp" />
     <ClInclude Include="..\KasperskyHook\KasperskyHookDrv\pe.hpp" />
     <ClInclude Include="..\KasperskyHook\KasperskyHookDrv\utils.hpp" />
+    <ClInclude Include="globals.hpp" />
     <ClInclude Include="mh_hooks.h" />
     <ClInclude Include="shadow_ssdt.h" />
     <ClInclude Include="ssdt.h" />

diff --git a/MasterHide/MasterHide.vcxproj.filters b/MasterHide/MasterHide.vcxproj.filters
@@ -81,5 +81,8 @@
     <ClInclude Include="mh_hooks.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="globals.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>
diff --git a/MasterHide/globals.hpp b/MasterHide/globals.hpp
@@ -0,0 +1,61 @@
+#pragma once
+
+namespace masterhide
+{
+	namespace globals
+	{
+		//
+		// Custom MAC Address
+		//
+		static UCHAR szFakeMAC[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0x01, 0x2 };
+
+		//
+		// Custom HD Serial and Model
+		//
+		static char szFakeSerial[] = "XJEBA1973M2";
+
+		static char* szFakeModels[] =
+		{
+			"Samsung EVO 970",
+			//...
+		};
+
+		//
+		// Those drivers will not appear on drivers list
+		//
+		static char* szProtectedDrivers[] =
+		{
+			"dbk64",
+			"processhacker2",
+			//...
+		};
+
+		//
+		// Those processes will not appear on process list or via window methods
+		//
+		static wchar_t* wsProtectedProcesses[] =
+		{
+			L"cheatengine",
+			L"ProcessHacker"
+			//...
+		};
+
+		//
+		// Those processes will be monitored 
+		//
+		static wchar_t* wsMonitoredProcesses[] =
+		{
+			L"Tibia",
+			//...
+		};
+
+		//
+		// Those processess will be blacklisted to query data on protect processes
+		//
+		static wchar_t* wsBlacklistedProcessess[] =
+		{
+			L"Tibia",
+			//...
+		};
+	}
+};
diff --git a/MasterHide/main.cpp b/MasterHide/main.cpp
@@ -1,54 +1,11 @@
 #include "stdafx.h"
 
-using namespace Tools;
-
 void OnDriverUnload( PDRIVER_OBJECT pDriverObject )
 {
 	UNREFERENCED_PARAMETER( pDriverObject );
 
-#ifndef USE_KASPERSKY
-	DestroySSDT();
-	DestroyShadowSSDT();
-#else
-	if ( kaspersky::is_klhk_loaded() )
-	{
-		if ( !kaspersky::unhook_shadow_ssdt_routine( SYSCALL_NTUSERBUILDWNDLIST, oNtUserBuildHwndList ) )
-			DBGPRINT( "Failed to unhook NtUserBuildHwndList" );
-
-		if ( !kaspersky::unhook_shadow_ssdt_routine( SYSCALL_NTUSERWNDFROMPOINT, oNtUserWindowFromPoint ) )
-			DBGPRINT( "Failed to unhook NtUserWindowFromPoint" );
-
-		if ( !kaspersky::unhook_shadow_ssdt_routine( SYSCALL_NTUSERFINDWNDEX, oNtUserFindWindowEx ) )
-			DBGPRINT( "Failed to unhook NtUserFindWindowEx" );
-
-		if ( !kaspersky::unhook_shadow_ssdt_routine( SYSCALL_NTGETFOREGROUNDWND, oNtUserGetForegroundWindow ) )
-			DBGPRINT( "Failed to unhook NtUserGetForegroundWindow" );
-
-		if ( !kaspersky::unhook_shadow_ssdt_routine( SYSCALL_NTUSERQUERYWND, oNtUserQueryWindow ) )
-			DBGPRINT( "Failed to unhook NtUserQueryWindow" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTQUERYSYSINFO, oNtQuerySystemInformation ) )
-			DBGPRINT( "Failed to unhook NtQuerySystemInformation" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTOPENPROCESS, oNtOpenProcess ) )
-			DBGPRINT( "Failed to unhook NtOpenProcess" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTALLOCVIRTUALMEM, oNtAllocateVirtualMemory ) )
-			DBGPRINT( "Failed to unhook NtAllocateVirtualMemory" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTFREEVIRTUALMEM, oNtFreeVirtualMemory ) )
-			DBGPRINT( "Failed to unhook NtFreeVirtualMemory" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTWRITEVIRTUALMEM, oNtWriteVirtualMemory ) )
-			DBGPRINT( "Failed to unhook NtWriteVirtualMemory" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTDEVICEIOCTRLFILE, oNtDeviceIoControlFile ) )
-			DBGPRINT( "Failed to unhook NtDeviceIoControlFile" );
-
-		if ( !kaspersky::unhook_ssdt_routine( SYSCALL_NTLOADDRIVER, oNtLoadDriver ) )
-			DBGPRINT( "Failed to unhook NtLoadDriver" );
-	}
-#endif
+	ssdt::Destroy();
+	sssdt::Destroy();
 
 	//
 	// Delay the execution for a second to make sure no thread is executing the hooked function
@@ -57,7 +14,7 @@ void OnDriverUnload( PDRIVER_OBJECT pDriverObject )
 	LargeInteger.QuadPart = -11000000;
 
 	KeDelayExecutionThread( KernelMode, FALSE, &LargeInteger );
-	UnloadImages();
+	tools::UnloadImages();
 
 	DBGPRINT( "Driver unload routine triggered!\n" );
 }
@@ -100,49 +57,39 @@ extern "C" NTSTATUS NTAPI DriverEntry( PDRIVER_OBJECT pDriverObject, PUNICODE_ST
 		//
 		if ( !bIsWin7 )
 		{
-			SYSCALL_NTUSERQUERYWND = Tools::GetWin32Syscall( "NtUserQueryWindow" );
-			SYSCALL_NTUSERFINDWNDEX = Tools::GetWin32Syscall( "NtUserFindWindowEx" );
-			SYSCALL_NTUSERWNDFROMPOINT = Tools::GetWin32Syscall( "NtUserWindowFromPoint" );
-			SYSCALL_NTUSERBUILDWNDLIST = Tools::GetWin32Syscall( "NtUserBuildHwndList" );
-			SYSCALL_NTGETFOREGROUNDWND = Tools::GetWin32Syscall( "NtUserGetForegroundWindow" );
+			SYSCALL_NTUSERQUERYWND = tools::GetWin32Syscall( "NtUserQueryWindow" );
+			SYSCALL_NTUSERFINDWNDEX = tools::GetWin32Syscall( "NtUserFindWindowEx" );
+			SYSCALL_NTUSERWNDFROMPOINT = tools::GetWin32Syscall( "NtUserWindowFromPoint" );
+			SYSCALL_NTUSERBUILDWNDLIST = tools::GetWin32Syscall( "NtUserBuildHwndList" );
+			SYSCALL_NTGETFOREGROUNDWND = tools::GetWin32Syscall( "NtUserGetForegroundWindow" );
 
-			SYSCALL_NTOPENPROCESS = Tools::GetNtSyscall( "NtOpenProcess" );
-			SYSCALL_NTDEVICEIOCTRLFILE = Tools::GetNtSyscall( "NtDeviceIoControlFile" );
-			SYSCALL_NTQUERYSYSINFO = Tools::GetNtSyscall( "NtQuerySystemInformation" );
-			SYSCALL_NTALLOCVIRTUALMEM = Tools::GetNtSyscall( "NtAllocateVirtualMemory" );
-			SYSCALL_NTFREEVIRTUALMEM = Tools::GetNtSyscall( "NtFreeVirtualMemory" );
-			SYSCALL_NTWRITEVIRTUALMEM = Tools::GetNtSyscall( "NtWriteVirtualMemory" );
-			SYSCALL_NTLOADDRIVER = Tools::GetNtSyscall( "NtLoadDriver" );
+			SYSCALL_NTOPENPROCESS = tools::GetNtSyscall( "NtOpenProcess" );
+			SYSCALL_NTDEVICEIOCTRLFILE = tools::GetNtSyscall( "NtDeviceIoControlFile" );
+			SYSCALL_NTQUERYSYSINFO = tools::GetNtSyscall( "NtQuerySystemInformation" );
+			SYSCALL_NTALLOCVIRTUALMEM = tools::GetNtSyscall( "NtAllocateVirtualMemory" );
+			SYSCALL_NTFREEVIRTUALMEM = tools::GetNtSyscall( "NtFreeVirtualMemory" );
+			SYSCALL_NTWRITEVIRTUALMEM = tools::GetNtSyscall( "NtWriteVirtualMemory" );
+			SYSCALL_NTLOADDRIVER = tools::GetNtSyscall( "NtLoadDriver" );
 		}
 
 #ifndef USE_KASPERSKY
 		//
 		// (S)SSDT Hooks are only Win7 compatible ( hardcoded )
 		//
-		if ( bIsWin7 )
-		{
-			DBGPRINT( "Using normal SSDT Hooking!\n" );
-			InitializeSSDT();
-			InitializeShadowSSDT();
-		}
-		else
-		{
-			DBGPRINT( "Not using kaspersky but (S)SSDT is not supported!\n" );
-			return STATUS_NOT_SUPPORTED;
-		}
+		DBGPRINT( "Not using Kaspersky to hook, Shadow SSDT is unstable!\n" );
 #else
-		DBGPRINT( "Using kaspersky!\n" );
+		DBGPRINT( "Using Kaspersky!\n" );
 
 		if ( !kaspersky::is_klhk_loaded() )
 		{
-			UnloadImages();
+			tools::UnloadImages();
 			DBGPRINT( "Kaspersky not loaded!\n" );
 			return STATUS_UNSUCCESSFUL;
 		}
 
 		if ( !kaspersky::initialize() )
 		{
-			UnloadImages();
+			tools::UnloadImages();
 			DBGPRINT( "Kaspersky init failed!\n" );
 			return STATUS_UNSUCCESSFUL;
 		}
@@ -151,103 +98,15 @@ extern "C" NTSTATUS NTAPI DriverEntry( PDRIVER_OBJECT pDriverObject, PUNICODE_ST
 
 		if ( !kaspersky::hvm_init() )
 		{
-			UnloadImages();
+			tools::UnloadImages();
 			DBGPRINT( "Hypervisor not loaded!\n" );
 			return STATUS_UNSUCCESSFUL;
 		}
 
 		DBGPRINT( "Hypervisor loaded!\n" );
-
-		//
-		// SSDT
-		//
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTOPENPROCESS, hkNtOpenProcess, reinterpret_cast< PVOID* >( &oNtOpenProcess ) ) )
-		{
-			DBGPRINT( "NtOpenProcess ( 0x%X ) hooked successfully!\n", SYSCALL_NTOPENPROCESS );
-		}
-		else
-			DBGPRINT( "Failed to hook NtOpenProcess!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTDEVICEIOCTRLFILE, hkNtDeviceIoControlFile, reinterpret_cast< PVOID* >( &oNtDeviceIoControlFile ) ) )
-		{
-			DBGPRINT( "NtDeviceIoControlFile ( 0x%X ) hooked successfully!\n", SYSCALL_NTDEVICEIOCTRLFILE );
-		}
-		else
-			DBGPRINT( "Failed to hook NtDeviceIoControlFile!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTQUERYSYSINFO, hkNtQuerySystemInformation, reinterpret_cast< PVOID* >( &oNtQuerySystemInformation ) ) )
-		{
-			DBGPRINT( "NtQuerySystemInformation ( 0x%X ) hooked successfully!\n", SYSCALL_NTQUERYSYSINFO );
-		}
-		else
-			DBGPRINT( "Failed to hook NtQuerySystemInformation!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTALLOCVIRTUALMEM, hkNtAllocateVirtualMemory, reinterpret_cast< PVOID* >( &oNtAllocateVirtualMemory ) ) )
-		{
-			DBGPRINT( "NtAllocateVirtualMemory ( 0x%X ) hooked successfully!\n", SYSCALL_NTALLOCVIRTUALMEM );
-		}
-		else
-			DBGPRINT( "Failed to hook NtAllocateVirtualMemory!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTFREEVIRTUALMEM, hkNtFreeVirtualMemory, reinterpret_cast< PVOID* >( &oNtFreeVirtualMemory ) ) )
-		{
-			DBGPRINT( "NtFreeVirtualMemory ( 0x%X ) hooked successfully!\n", SYSCALL_NTFREEVIRTUALMEM );
-		}
-		else
-			DBGPRINT( "Failed to hook NtFreeVirtualMemory!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTWRITEVIRTUALMEM, hkNtWriteVirtualMemory, reinterpret_cast< PVOID* >( &oNtWriteVirtualMemory ) ) )
-		{
-			DBGPRINT( "NtWriteVirtualMemory ( 0x%X ) hooked successfully!\n", SYSCALL_NTWRITEVIRTUALMEM );
-		}
-		else
-			DBGPRINT( "Failed to hook NtWriteVirtualMemory!\n" );
-
-		if ( kaspersky::hook_ssdt_routine( SYSCALL_NTLOADDRIVER, hkNtLoadDriver, reinterpret_cast< PVOID* >( &oNtLoadDriver ) ) )
-		{
-			DBGPRINT( "NtLoadDriver ( 0x%X ) hooked successfully!\n", SYSCALL_NTLOADDRIVER );
-		}
-		else
-			DBGPRINT( "Failed to hook NtLoadDriver!\n" );
-
-		//
-		// Shadow SSDT
-		//
-		if ( kaspersky::hook_shadow_ssdt_routine( SYSCALL_NTUSERQUERYWND, hkNtUserQueryWindow, reinterpret_cast< PVOID* >( &oNtUserQueryWindow ) ) )
-		{
-			DBGPRINT( "NtUserQueryWindow ( 0x%X ) hooked successfully!\n", SYSCALL_NTUSERQUERYWND );
-		}
-		else
-			DBGPRINT( "Failed to hook NtUserQueryWindow!\n" );
-
-		if ( kaspersky::hook_shadow_ssdt_routine( SYSCALL_NTUSERFINDWNDEX, hkNtUserFindWindowEx, reinterpret_cast< PVOID* >( &oNtUserFindWindowEx ) ) )
-		{
-			DBGPRINT( "NtUserFindWindowEx ( 0x%X ) hooked successfully!\n", SYSCALL_NTUSERFINDWNDEX );
-		}
-		else
-			DBGPRINT( "Failed to hook NtUserFindWindowEx!\n" );
-
-		if ( kaspersky::hook_shadow_ssdt_routine( SYSCALL_NTUSERWNDFROMPOINT, hkNtUserWindowFromPoint, reinterpret_cast< PVOID* >( &oNtUserWindowFromPoint ) ) )
-		{
-			DBGPRINT( "NtUserWindowFromPoint ( 0x%X ) hooked successfully!\n", SYSCALL_NTUSERWNDFROMPOINT );
-		}
-		else
-			DBGPRINT( "Failed to hook NtUserWindowFromPoint!\n" );
-
-		if ( kaspersky::hook_shadow_ssdt_routine( SYSCALL_NTUSERBUILDWNDLIST, hkNtUserBuildHwndList, reinterpret_cast< PVOID* >( &oNtUserBuildHwndList ) ) )
-		{
-			DBGPRINT( "NtUserBuildHwndList ( 0x%X ) hooked successfully!\n", SYSCALL_NTUSERBUILDWNDLIST );
-		}
-		else
-			DBGPRINT( "Failed to hook NtUserBuildHwndList!\n" );
-
-		if ( kaspersky::hook_shadow_ssdt_routine( SYSCALL_NTGETFOREGROUNDWND, hkNtUserGetForegroundWindow, reinterpret_cast< PVOID* >( &oNtUserGetForegroundWindow ) ) )
-		{
-			DBGPRINT( "NtUserGetForegroundWindow ( 0x%X ) hooked successfully!\n", SYSCALL_NTGETFOREGROUNDWND );
-		}
-		else
-			DBGPRINT( "Failed to hook NtUserGetForegroundWindow!\n" );
 #endif
+		ssdt::Init();
+		sssdt::Init();
 	}
 	else
 		// No support for other OS