INSANEMODE/VMProtect-Source
1
0
Fork 0
mirror of https://github.com/Alukym/VMProtect-Source.git synced 2025-06-12 07:48:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Alukym
2023-05-12 20:16:10 +08:00
commit a8433f06ee
1167 changed files with 1036549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

570
runtime/loader.h Normal file
View File

@ -0,0 +1,570 @@
#ifndef LOADER_H
#define LOADER_H
#pragma pack(push, 1)
struct CRC_INFO {
uint32_t Address;
uint32_t Size;
uint32_t Hash;
};
struct FILE_CRC_INFO {
uint32_t FileSize;
// CRCInfo crc_info[1]
};
struct SECTION_INFO {
uint32_t Address;
uint32_t Size;
uint32_t Type;
};
struct PACKER_INFO {
uint32_t Src;
uint32_t Dst;
};
struct IAT_INFO {
uint32_t Src;
uint32_t Dst;
uint32_t Size;
};
struct DLL_INFO {
uint32_t Name;
// IMPORT_INFO import_info[1];
};
struct IMPORT_INFO {
uint32_t Name;
uint32_t Address;
int32_t Key;
};
struct FIXUP_INFO {
uint32_t Address;
uint32_t BlockSize;
// uint32_t type_offset[1];
};
struct RELOCATION_INFO {
uint32_t Address;
uint32_t Source;
uint32_t Type;
};
struct SETUP_IMAGE_DATA {
NOINLINE SETUP_IMAGE_DATA() { empty_ = 0; }
NOINLINE uint8_t *file_base() { return reinterpret_cast<uint8_t *>(FACE_FILE_BASE) - empty_; }
NOINLINE uint8_t *image_base() { return reinterpret_cast<uint8_t *>(FACE_IMAGE_BASE) - empty_; }
NOINLINE uint32_t options() { return FACE_LOADER_OPTIONS - empty_; }
NOINLINE uint32_t storage() { return FACE_LOADER_DATA - empty_; }
NOINLINE uint32_t runtime_entry() { return FACE_RUNTIME_ENTRY - empty_; }
#ifdef __unix__
NOINLINE uint32_t relro_info() { return FACE_GNU_RELRO_INFO - empty_; }
#elif defined(__APPLE__)
#elif defined(WIN_DRIVER)
#else
NOINLINE uint32_t tls_index_info() { return FACE_TLS_INDEX_INFO - empty_; }
#endif
// file CRC information
NOINLINE uint32_t file_crc_info() { return FACE_FILE_CRC_INFO - empty_; }
NOINLINE uint32_t file_crc_info_size() { return FACE_FILE_CRC_INFO_SIZE - empty_; }
// header and loader CRC information
NOINLINE uint32_t loader_crc_info() { return FACE_LOADER_CRC_INFO - empty_; }
NOINLINE uint32_t loader_crc_info_size() { return FACE_LOADER_CRC_INFO_SIZE - empty_; }
NOINLINE uint32_t loader_crc_info_hash() { return FACE_LOADER_CRC_INFO_HASH - empty_; }
// section information
NOINLINE uint32_t section_info() { return FACE_SECTION_INFO - empty_; }
NOINLINE uint32_t section_info_size() { return FACE_SECTION_INFO_SIZE - empty_; }
// packer information
NOINLINE uint32_t packer_info() { return FACE_PACKER_INFO - empty_; }
NOINLINE uint32_t packer_info_size() { return FACE_PACKER_INFO_SIZE - empty_; }
// fixups information
NOINLINE uint32_t fixup_info() { return FACE_FIXUP_INFO - empty_; }
NOINLINE uint32_t fixup_info_size() { return FACE_FIXUP_INFO_SIZE - empty_; }
// relocations information
NOINLINE uint32_t relocation_info() { return FACE_RELOCATION_INFO - empty_; }
NOINLINE uint32_t relocation_info_size() { return FACE_RELOCATION_INFO_SIZE - empty_; }
// IAT information
NOINLINE uint32_t iat_info() { return FACE_IAT_INFO - empty_; }
NOINLINE uint32_t iat_info_size() { return FACE_IAT_INFO_SIZE - empty_; }
// import information
NOINLINE uint32_t import_info() { return FACE_IMPORT_INFO - empty_; }
NOINLINE uint32_t import_info_size() { return FACE_IMPORT_INFO_SIZE - empty_; }
// internal import information
NOINLINE uint32_t internal_import_info() { return FACE_INTERNAL_IMPORT_INFO - empty_; }
NOINLINE uint32_t internal_import_info_size() { return FACE_INTERNAL_IMPORT_INFO_SIZE - empty_; }
// memory CRC information
NOINLINE uint32_t memory_crc_info() { return FACE_MEMORY_CRC_INFO - empty_; }
NOINLINE uint32_t memory_crc_info_size() { return FACE_MEMORY_CRC_INFO_SIZE - empty_; }
NOINLINE uint32_t memory_crc_info_hash() { return FACE_MEMORY_CRC_INFO_HASH - empty_; }
// delay import information
NOINLINE uint32_t delay_import_info() { return FACE_DELAY_IMPORT_INFO - empty_; }
NOINLINE uint32_t delay_import_info_size() { return FACE_DELAY_IMPORT_INFO_SIZE - empty_; }
private:
uint32_t empty_;
};
#pragma pack(pop)
#ifndef VMP_GNU
#define MAXIMUM_FILENAME_LENGTH 256
typedef struct _SYSTEM_MODULE_ENTRY
{
#ifdef _WIN64
ULONGLONG Unknown1;
ULONGLONG Unknown2;
#else
ULONG Unknown1;
ULONG Unknown2;
#endif
PVOID BaseAddress;
ULONG Size;
ULONG Flags;
ULONG EntryIndex;
USHORT NameLength; // Length of module name not including the path, this field contains valid value only for NTOSKRNL module
USHORT PathLength; // Length of 'directory path' part of modulename
CHAR Name[MAXIMUM_FILENAME_LENGTH];
} SYSTEM_MODULE_ENTRY;
typedef struct _SYSTEM_MODULE_INFORMATION
{
ULONG Count;
#ifdef _WIN64
ULONG Unknown1;
#endif
SYSTEM_MODULE_ENTRY Module[1];
} SYSTEM_MODULE_INFORMATION;
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
{
BOOLEAN DebuggerEnabled;
BOOLEAN DebuggerNotPresent;
} SYSTEM_KERNEL_DEBUGGER_INFORMATION;
typedef enum _MEMORY_INFORMATION_CLASS {
MemoryBasicInformation
} MEMORY_INFORMATION_CLASS, *PMEMORY_INFORMATION_CLASS;
#ifdef WIN_DRIVER
#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
#define IMAGE_OS2_SIGNATURE 0x454E // NE
#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
#define IMAGE_VXD_SIGNATURE 0x454C // LE
#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
#pragma pack(push, 2)
typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
WORD e_magic; // Magic number
WORD e_cblp; // Bytes on last page of file
WORD e_cp; // Pages in file
WORD e_crlc; // Relocations
WORD e_cparhdr; // Size of header in paragraphs
WORD e_minalloc; // Minimum extra paragraphs needed
WORD e_maxalloc; // Maximum extra paragraphs needed
WORD e_ss; // Initial (relative) SS value
WORD e_sp; // Initial SP value
WORD e_csum; // Checksum
WORD e_ip; // Initial IP value
WORD e_cs; // Initial (relative) CS value
WORD e_lfarlc; // File address of relocation table
WORD e_ovno; // Overlay number
WORD e_res[4]; // Reserved words
WORD e_oemid; // OEM identifier (for e_oeminfo)
WORD e_oeminfo; // OEM information; e_oemid specific
WORD e_res2[10]; // Reserved words
LONG e_lfanew; // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
#pragma pack(pop)
typedef struct _IMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
typedef struct _IMAGE_OPTIONAL_HEADER {
//
// Standard fields.
//
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
//
// NT additional fields.
//
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD BaseOfBss;
DWORD GprMask;
DWORD CprMask[4];
DWORD GpValue;
} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
typedef struct _IMAGE_OPTIONAL_HEADER64 {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
ULONGLONG ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
ULONGLONG SizeOfStackReserve;
ULONGLONG SizeOfStackCommit;
ULONGLONG SizeOfHeapReserve;
ULONGLONG SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
typedef struct _IMAGE_NT_HEADERS64 {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
typedef struct _IMAGE_NT_HEADERS {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
typedef struct _IMAGE_ROM_HEADERS {
IMAGE_FILE_HEADER FileHeader;
IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
#ifdef _WIN64
typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS;
#else
typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS;
typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS;
#endif
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[8];
union {
DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
// IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
#define IMAGE_REL_BASED_ABSOLUTE 0
#define IMAGE_REL_BASED_HIGH 1
#define IMAGE_REL_BASED_LOW 2
#define IMAGE_REL_BASED_HIGHLOW 3
#define IMAGE_REL_BASED_HIGHADJ 4
#define IMAGE_REL_BASED_MIPS_JMPADDR 5
#define IMAGE_REL_BASED_MIPS_JMPADDR16 9
#define IMAGE_REL_BASED_IA64_IMM64 9
#define IMAGE_REL_BASED_DIR64 10
#define IMAGE_ORDINAL_FLAG64 0x8000000000000000
#define IMAGE_ORDINAL_FLAG32 0x80000000
#define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff)
#define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff)
#define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0)
#define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0)
typedef struct _IMAGE_EXPORT_DIRECTORY {
DWORD Characteristics;
DWORD TimeDateStamp;
WORD MajorVersion;
WORD MinorVersion;
DWORD Name;
DWORD Base;
DWORD NumberOfFunctions;
DWORD NumberOfNames;
DWORD AddressOfFunctions; // RVA from base of image
DWORD AddressOfNames; // RVA from base of image
DWORD AddressOfNameOrdinals; // RVA from base of image
} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
#define MAX_PATH 260
#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemModuleInformation = 0xb,
SystemKernelDebuggerInformation = 0x23,
SystemFirmwareTableInformation = 0x4c
} SYSTEM_INFORMATION_CLASS;
extern "C" {
NTKERNELAPI NTSTATUS NTAPI NtQuerySystemInformation(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength);
}
#else
#define FILE_OPEN 0x00000001
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
typedef enum _SECTION_INHERIT {
ViewShare=1,
ViewUnmap=2
} SECTION_INHERIT, *PSECTION_INHERIT;
#define SystemModuleInformation (SYSTEM_INFORMATION_CLASS)11
#define SystemKernelDebuggerInformation (SYSTEM_INFORMATION_CLASS)35
#define ThreadHideFromDebugger (THREADINFOCLASS)17
#define ProcessDebugPort (PROCESSINFOCLASS)0x7
#define ProcessDebugObjectHandle (PROCESSINFOCLASS)0x1e
#define ProcessDefaultHardErrorMode (PROCESSINFOCLASS)0x0c
#define ProcessInstrumentationCallback (PROCESSINFOCLASS)40
#define MemoryMappedFilenameInformation (MEMORY_INFORMATION_CLASS)2
#define STATUS_PORT_NOT_SET ((NTSTATUS)0xC0000353L)
#define STATUS_SERVICE_NOTIFICATION ((NTSTATUS)0x40000018L)
#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
#define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
#define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION
{
ULONG Version;
ULONG Reserved;
PVOID Callback;
} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
typedef enum HardErrorResponse {
ResponseReturnToCaller,
ResponseNotHandled,
ResponseAbort, ResponseCancel,
ResponseIgnore,
ResponseNo,
ResponseOk,
ResponseRetry,
ResponseYes
} HardErrorResponse;
typedef enum HardErrorResponseButton {
ResponseButtonOK,
ResponseButtonOKCancel,
ResponseButtonAbortRetryIgnore,
ResponseButtonYesNoCancel,
ResponseButtonYesNo,
ResponseButtonRetryCancel,
ResponseButtonCancelTryAgainContinue
} HardErrorResponseButton;
typedef enum HardErrorResponseIcon {
IconAsterisk = 0x40,
IconError = 0x10,
IconExclamation = 0x30,
IconHand = 0x10,
IconInformation = 0x40,
IconNone = 0,
IconQuestion = 0x20,
IconStop = 0x10,
IconWarning = 0x30,
IconUserIcon = 0x80
} HardErrorResponseIcon;
#define SEC_IMAGE_NO_EXECUTE (SEC_IMAGE | SEC_NOCACHE)
enum {
WINDOWS_XP = 2600,
WINDOWS_2003 = 3790,
WINDOWS_VISTA = 6000,
WINDOWS_VISTA_SP1 = 6001,
WINDOWS_VISTA_SP2 = 6002,
WINDOWS_7 = 7600,
WINDOWS_7_SP1 = 7601,
WINDOWS_8 = 9200,
WINDOWS_8_1 = 9600,
WINDOWS_10_TH1 = 10240,
WINDOWS_10_TH2 = 10586,
WINDOWS_10_RS1 = 14393,
WINDOWS_10_RS2 = 15063,
WINDOWS_10_RS3 = 16299,
WINDOWS_10_RS4 = 17134,
WINDOWS_10_RS5 = 17763,
WINDOWS_10_19H1 = 18362,
WINDOWS_10_19H2 = 18363,
WINDOWS_10_20H1 = 19041,
WINDOWS_10_20H2 = 19042,
WINDOWS_10_21H1 = 19043,
WINDOWS_10_21H2 = 19044,
WINDOWS_10_22H2 = 19045,
WINDOWS_11_21H2 = 22000,
WINDOWS_11_22H2 = 22621,
};
#define IS_KNOWN_WINDOWS_BUILD(b) ( \
(b) == WINDOWS_XP || \
(b) == WINDOWS_2003 || \
(b) == WINDOWS_VISTA || \
(b) == WINDOWS_VISTA_SP1 || \
(b) == WINDOWS_VISTA_SP2 || \
(b) == WINDOWS_7 || \
(b) == WINDOWS_7_SP1 || \
(b) == WINDOWS_8 || \
(b) == WINDOWS_8_1 || \
(b) == WINDOWS_10_TH1 || \
(b) == WINDOWS_10_TH2 || \
(b) == WINDOWS_10_RS1 || \
(b) == WINDOWS_10_RS2 || \
(b) == WINDOWS_10_RS3 || \
(b) == WINDOWS_10_RS4 || \
(b) == WINDOWS_10_RS5 || \
(b) == WINDOWS_10_19H1 || \
(b) == WINDOWS_10_19H2 || \
(b) == WINDOWS_10_20H1 || \
(b) == WINDOWS_10_20H2 || \
(b) == WINDOWS_10_21H1 || \
(b) == WINDOWS_10_21H2 || \
(b) == WINDOWS_10_22H2 \
)
#endif // WIN_DRIVER
#endif // VMP_GNU
typedef struct _PEB32 {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[0xa1];
ULONG OSMajorVersion;
ULONG OSMinorVersion;
USHORT OSBuildNumber;
} PEB32;
typedef struct _PEB64 {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[0x115];
ULONG OSMajorVersion;
ULONG OSMinorVersion;
USHORT OSBuildNumber;
} PEB64;
#endif