Skip to content

Commit

Permalink
Enhanced /RecordCrypto
Browse files Browse the repository at this point in the history 
- Added padding to process identifier and thread identifier for better output alignment.
- Updated version for next release.
- Modified project file for newer SDK build.
  • Loading branch information
@NoMoreFood
NoMoreFood committed Feb 3, 2019
1 parent ededaf8 commit 8f4c654
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 8 deletions.
Binary file modified WinPriv/WinPrivResource.rc
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion WinPrivCmd/WinPrivCmd.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<ProjectGuid>{B35AA3D9-40D7-479D-A407-FF3B21FABB0E}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>WinPriv</RootNamespace>
<WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
<ProjectName>WinPrivCmd</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
Expand Down
2 changes: 1 addition & 1 deletion WinPrivLibrary/WinPrivLibrary.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
<ProjectGuid>{EEDFCE80-EA9C-4AC1-B97B-D72370FAD96F}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>WinPrivLibrary</RootNamespace>
<WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
<ProjectName>WinPrivLibrary</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
Expand Down
13 changes: 8 additions & 5 deletions WinPrivLibrary/WinPrivLibraryDetours.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
#include <ws2ipdef.h>
#include <ws2tcpip.h>
#include <mstcpip.h>
#include <dpapi.h>
#include <wincrypt.h>

#define _NTDEF_
Expand Down Expand Up @@ -550,6 +549,12 @@ BOOL APIENTRY DetourCheckTokenMembership(_In_opt_ HANDLE TokenHandle,
// \__, | \ | | \__/ | \ |___ \__, \__/ | \ |__/
//

std::wstring IntToString(int iValue, int iPadding = 5)
{
std::wstring sValue = std::to_wstring(iValue);
return std::wstring(iPadding - sValue.length(), '0') + sValue;
}

void RecordCryptoData(LPCWSTR sFunction, PUCHAR pData, DWORD iDataLen)
{
// remove 'Detour' from the function name
Expand All @@ -574,10 +579,8 @@ void RecordCryptoData(LPCWSTR sFunction, PUCHAR pData, DWORD iDataLen)
{
// formulate the file name to write to
static std::atomic<int> iOrder = 0;
std::wstring sEnumerator = std::to_wstring(iOrder++);
sEnumerator = std::wstring(5 - sEnumerator.length(), '0') + sEnumerator;
std::wstring sFilePath = std::wstring(sCryptoValue) + L"\\" + sEnumerator + L"-PID"
+ std::to_wstring(GetCurrentProcessId()) + L"-TID" + std::to_wstring(GetCurrentThreadId())
std::wstring sFilePath = std::wstring(sCryptoValue) + L"\\" + IntToString(iOrder++) + L"-PID"
+ IntToString(GetCurrentProcessId()) + L"-TID" + IntToString(GetCurrentThreadId())
+ L"-" + sFunction + L".bin";

// create the crypto data file
Expand Down
2 changes: 1 addition & 1 deletion WinPrivShared/WinPrivShared.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
<ProjectGuid>{582D212A-66B9-4E99-A7D3-36B1C249D637}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>WinPrivLibrary</RootNamespace>
<WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
<ProjectName>WinPrivShared</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
Expand Down

0 comments on commit 8f4c654

Please sign in to comment.