cuckoosandbox / cuckoomon Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED - replaced with "monitor"
DEPRECATED - replaced with "monitor"
More networking stuff
Other stuff
Besides that, a bunch of functions should be hooked on a lower level, such as hooking NtResumeThread instead of ResumeThread.
Also hook e.g. VirtualAlloc in order not to confuse a beginner with the Process Handle in VirtualAllocEx, or convert such functions to their simpler variant while processing.
Do not close this issue, instead, keep it alive so anyone can add hook requests.
Probably using a pre-allocated cyclic buffer. From there either write everything once every X times (or when a part of the buffer is filled), or start an additional thread which handles all writes.
This becomes more important when memory dumps are being dumped.
Implemented a basic version of the improved logging. Simply fills a 4k buffer before doing a fwrite call. There's still plenty of room for improvement, especially when handling memory dumps.
Dump raw memory of functions such as send()
, recv()
, WriteProcessMemory()
, but do this to a special directory, i.e. not in the main log.
kernel32.dll.GetComputerNameW
advapi32.dll.GetUserNameW
Manually check all hooked functions to make sure that we don't lose any function calls over ascii/unicode stuff.
out[1] = 0x80 + (((c >> 8) & 0x1f) << 2) + ((c >> 6) & 0x3);
should be
out[1] = 0x80 + (((c >> 8) & 0xf) << 2) + ((c >> 6) & 0x3);
Read existing source to see which hooks need to pipe information back to the cuckoo daemon.
kernel32.dll.SetUnhandledExceptionFilter
user32.dll.EnumWindows
Place a hook on LdrLoadDll()
. When a new DLL is loaded, check against the hook table if we should hook anything.
i went to add some new APIs to cuckoomon dll and delete some APIs but i'm noob and i don't know which file i need to modify so pleas help me. thanks
API that i went to add :
(kernel32, LocalFree)
(kernel32, GetModuleFileNameA)
(kernel32, LoadLibraryA)
(kernel32, GetVersion)
(user32, LoadImageA)
(user32, DefWindowProcA)
(user32, CreateWindowExA)
(user32, GetWindowThreadProcessId)
(advapi32, RegOpenKeyA)
(user32, GetFocus)
(user32, GetWindow)
(kernel32,CloseHandle)
(kernel32, GetPrivateProfileStringA)
(kernel32, GetWindowsDirectoryA)
(user32, WindowFromPoint)
(kernel32, LoadLibraryW)
(kernel32, FindFirstFileA)
(kernel32, FindNextFileA)
(user32, GetDlgItem)
(kernel32, RegOpenCurrentUser)
(advapi32, RegOpenKeyW)
(user32, LoadStringW)
(user32, SystemParametersInfoA)
(kernel32, GetSystemDirectoryA)
(advapi32, RegCreateKeyW)
(kernel32, CreateFileA)
(kernel32, ReadFile)
(kernel32, WriteFile)
(kernel32,CreateFileMappingA)
(kernel32, CreateFileW)
(kernel32, FreeResource)
(kernel32, CreateProcessW)
(kernel32, SetFileAttributesA)
(kernel32, FindFirstFileW)
(advapi32, RegCreateKeyA)
(kernel32, OpenProcess)
(kernel32, CreateDirectoryA)
(user32, SendDlgItemMessageA)
(wininet, InternetSetOptionA)
(kernel32, FindResourceExA)
(kernel32, GetCommandLineW)
(kernel32, IsValidLocale)
(kernel32, Process32Next)
(kernel32, CreateProcessA)
kernel32, MoveFileA)
(kernel32, GlobalReAlloc)
(kernel32, SetEndOfFile)
(advapi32, GetSecurityDescriptorDacl)
(user32, SetWindowTextW)
(kernel32, GetStartupInfoW)
(wininet, InternetSetOptionW)
(kernel32, TerminateProcess)
(kernel32, MoveFileExA)
(user32, CharUpperW)
(kernel32, GetConsoleOutputCP)
(kernel32, MoveFileExW)
Several functions offer an optional return length
parameter, which is used to return the amount of bytes that were actually read / whatever. However, as they are optional, they might be set to NULL
. Introduce ENSURE_DWORD
and similar macro's which ensure that the parameter is set, i.e. if such parameter is NULL
, then we assign it a stack value.
This will improve the dump buffer
functionality, because otherwise we'd have to guess the length etc.
In Old_*
the Last Error should be preserved. Then, when returning from a hooking function, the last error
can be restored. To offer full functionality, additional hook_get_last_error()
and hook_set_last_error()
functions should be introduced as well.
In order to condense the categories and the filtering of API calls in the reporting, change the category of threading-related hooked APIs from "threading" to "process".
NtTerminateThread and *Process do not owrk, because they are terminated before anything can be logged.
The DLL should request paths to store logs and files through the cuckoo pipe
.
Check if .NET Support works fine.
Print all of the strings from the running process memory.
this could help analyzing some malwares with packers.
I do:
git clone ...
git checkout cuckoo1.0.1
make
Then:
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c hook_thread.c -o objects/hook_thread.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c hook_reg_native.c -o objects/hook_reg_native.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c hook_socket.c -o objects/hook_socket.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c config.c -o objects/config.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c log.c -o objects/log.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c cuckoomon.c -o objects/cuckoomon.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c hook_misc.c -o objects/hook_misc.o
i586-mingw32msvc-cc -Wall -std=c99 -s -O2 -Idistorm3.2-package/include -Ibson -c hook_reg.c -o objects/hook_reg.o
In file included from log.c:25:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from log.c:22:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from log.c:25:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from log.c:22:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from log.c:25:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from log.c:22:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from log.c:25:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from log.c:22:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from log.c:25:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from log.c:22:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from log.c:25:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from log.c:22:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
In file included from cuckoomon.c:21:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from cuckoomon.c:21:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from cuckoomon.c:21:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from cuckoomon.c:21:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from log.c:26:0:
misc.h:36:5: error: conflicting types for ‘wcsnicmp’
int wcsnicmp(const wchar_t *a, const wchar_t *b, int len);
^
In file included from log.c:20:0:
/usr/share/mingw-w64/include/string.h:163:15: note: previous declaration of ‘wcsnicmp’ was here
int __cdecl wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2,size_t _MaxCount) __MINGW_ATTRIB_DEPRECATED_MSVC2005;
^
In file included from hook_misc.c:22:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_misc.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from hook_misc.c:22:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_misc.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from hook_misc.c:22:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_misc.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_misc.c:22:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_misc.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_misc.c:22:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_misc.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from hook_misc.c:22:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_misc.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
In file included from hook_misc.c:25:0:
misc.h:36:5: error: conflicting types for ‘wcsnicmp’
int wcsnicmp(const wchar_t *a, const wchar_t *b, int len);
^
In file included from /usr/share/mingw-w64/include/guiddef.h:148:0,
from /usr/share/mingw-w64/include/winnt.h:602,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_misc.c:20:
/usr/share/mingw-w64/include/string.h:163:15: note: previous declaration of ‘wcsnicmp’ was here
int __cdecl wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2,size_t _MaxCount) __MINGW_ATTRIB_DEPRECATED_MSVC2005;
^
In file included from hook_thread.c:22:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_thread.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from hook_thread.c:22:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_thread.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from hook_thread.c:22:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_thread.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_thread.c:22:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_thread.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_thread.c:22:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_thread.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from hook_thread.c:22:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_thread.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
In file included from cuckoomon.c:21:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from cuckoomon.c:21:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
In file included from cuckoomon.c:22:0:
misc.h:36:5: error: conflicting types for ‘wcsnicmp’
int wcsnicmp(const wchar_t *a, const wchar_t *b, int len);
^
In file included from /usr/share/mingw-w64/include/guiddef.h:148:0,
from /usr/share/mingw-w64/include/winnt.h:602,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from cuckoomon.c:20:
/usr/share/mingw-w64/include/string.h:163:15: note: previous declaration of ‘wcsnicmp’ was here
int __cdecl wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2,size_t _MaxCount) __MINGW_ATTRIB_DEPRECATED_MSVC2005;
^
In file included from hook_reg_native.c:22:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from hook_reg_native.c:22:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from hook_reg_native.c:22:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_reg_native.c:22:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_reg_native.c:22:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from hook_reg_native.c:22:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg_native.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
In file included from hook_thread.c:25:0:
misc.h:36:5: error: conflicting types for ‘wcsnicmp’
int wcsnicmp(const wchar_t *a, const wchar_t *b, int len);
^
In file included from /usr/share/mingw-w64/include/guiddef.h:148:0,
from /usr/share/mingw-w64/include/winnt.h:602,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_thread.c:20:
/usr/share/mingw-w64/include/string.h:163:15: note: previous declaration of ‘wcsnicmp’ was here
int __cdecl wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2,size_t _MaxCount) __MINGW_ATTRIB_DEPRECATED_MSVC2005;
^
In file included from hook_socket.c:21:0:
/usr/share/mingw-w64/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]warning Please include winsock2.h before windows.h
^
In file included from hook_reg.c:22:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from hook_reg.c:22:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from hook_reg.c:22:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_reg.c:22:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_reg.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_reg.c:22:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from hook_reg.c:22:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_reg.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
hook_reg.c: In function ‘New_RegOpenKeyExA’:
hook_reg.c:37:9: error: ‘ret’ undeclared (first use in this function)
ret = 1;
^
hook_reg.c:37:9: note: each undeclared identifier is reported only once for each function it appears in
hook_reg.c:39:47: error: lvalue required as left operand of assignment
} else if (strstr(lpSubKey, "ControlSet") =! NULL) {
^
hook_reg.c:35:10: warning: unused variable ‘et’ [-Wunused-variable]
LONG et;
^
In file included from hook_socket.c:23:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_socket.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
In file included from hook_socket.c:23:0:
ntapi.h:295:16: error: redefinition of ‘struct TRANSMIT_FILE_BUFFERS’
typedef struct TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_socket.c:20:
/usr/share/mingw-w64/include/psdk_inc/xmitfile.h:10:16: note: originally defined here
typedef struct TRANSMIT_FILE_BUFFERS {
^
In file included from hook_socket.c:23:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_socket.c:20:
/usr/share/mingw-w64/include/psdk_inc/xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_socket.c:23:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from hook_socket.c:20:
/usr/share/mingw-w64/include/psdk_inc/xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from hook_socket.c:23:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_socket.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from hook_socket.c:23:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from hook_socket.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
Makefile:41: recipe for target 'objects/hook_misc.o' failed
make: ** [objects/hook_misc.o] Error 1
make: *** Se espera a que terminen otras tareas....
In file included from cuckoomon.c:23:0:
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention *Old##apiname)(VA_ARGS);
^
hooks.h:1154:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, getaddrinfo,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_getaddrinfo’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1154:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, getaddrinfo,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention *Old##apiname)(VA_ARGS);
^
hooks.h:1161:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, GetAddrInfoW,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_GetAddrInfoW’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1161:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, GetAddrInfoW,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1284:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(struct hostent *, WSAAPI, gethostbyname,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_gethostbyname’
return_value calling_convention New_##apiname(VA_ARGS)
^
hooks.h:1284:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(struct hostent *, WSAAPI, gethostbyname,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1288:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, socket,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_socket’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1288:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, socket,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1294:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, connect,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_connect’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1294:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, connect,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1300:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, send,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_send’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1300:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, send,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1307:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, sendto,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_sendto’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1307:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, sendto,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1316:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, recv,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_recv’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1316:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, recv,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1323:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, recvfrom,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_recvfrom’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1323:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, recvfrom,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1332:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, accept,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_accept’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1332:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, accept,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1338:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, bind,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_bind’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1338:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, bind,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1344:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, listen,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_listen’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1344:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, listen,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1349:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, select,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_select’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1349:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, select,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1357:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, setsockopt,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_setsockopt’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1357:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, setsockopt,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1365:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, ioctlsocket,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_ioctlsocket’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1365:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, ioctlsocket,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1371:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, closesocket,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_closesocket’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1371:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, closesocket,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1375:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, shutdown,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_shutdown’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1375:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, shutdown,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1380:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSARecv,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSARecv’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1380:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSARecv,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1390:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSARecvFrom,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSARecvFrom’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1390:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSARecvFrom,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1402:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSASend,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSASend’
return_value calling_convention New##apiname(VA_ARGS)
^
hooks.h:1402:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSASend,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention Old##apiname)(VA_ARGS);
^
hooks.h:1412:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSASendTo,
^
Makefile:41: recipe for target 'objects/hook_thread.o' failed
make: ** [objects/hook_thread.o] Error 1
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSASendTo’
return_value calling_convention New_##apiname(VA_ARGS)
^
hooks.h:1412:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(int, WSAAPI, WSASendTo,
^
Makefile:41: recipe for target 'objects/hook_reg_native.o' failed
make: *** [objects/hook_reg_native.o] Error 1
Makefile:41: recipe for target 'objects/log.o' failed
make: *** [objects/log.o] Error 1
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention *Old##apiname)(VA_ARGS);
^
hooks.h:1424:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, WSASocketA,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSASocketA’
return_value calling_convention New_##apiname(VA_ARGS)
^
hooks.h:1424:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, WSASocketA,
^
hooking.h:106:38: error: expected ‘)’ before ‘’ token
return_value (calling_convention *Old##apiname)(VA_ARGS);
^
hooks.h:1433:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, WSASocketW,
^
hooking.h:107:37: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘New_WSASocketW’
return_value calling_convention New_##apiname(VA_ARGS)
^
hooks.h:1433:8: note: in expansion of macro ‘HOOKDEF’
extern HOOKDEF(SOCKET, WSAAPI, WSASocketW,
^
In file included from config.c:21:0:
ntapi.h:75:0: warning: "ARRAYSIZE" redefineddefine ARRAYSIZE(a) (sizeof(a) / sizeof(*(a)))
^
Makefile:41: recipe for target 'objects/hook_socket.o' failed
make: *** [objects/hook_socket.o] Error 1
In file included from /usr/share/mingw-w64/include/minwindef.h:146:0,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from config.c:20:
/usr/share/mingw-w64/include/winnt.h:635:0: note: this is the location of the previous definitiondefine ARRAYSIZE(A) RTL_NUMBER_OF_V2(A)
^
hook_reg.c:47:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
cuckoomon.c:33:6: error: ‘New_getaddrinfo’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:267:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, getaddrinfo),
^
cuckoomon.c:33:33: error: ‘Old_getaddrinfo’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:267:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, getaddrinfo),
^
cuckoomon.c:33:6: error: ‘New_GetAddrInfoW’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:268:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, GetAddrInfoW),
^
cuckoomon.c:33:33: error: ‘Old_GetAddrInfoW’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:268:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, GetAddrInfoW),
^
cuckoomon.c:33:6: error: ‘New_gethostbyname’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:300:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, gethostbyname),
^
cuckoomon.c:33:33: error: ‘Old_gethostbyname’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:300:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, gethostbyname),
^
cuckoomon.c:33:6: error: ‘New_socket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:301:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, socket),
^
cuckoomon.c:33:33: error: ‘Old_socket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:301:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, socket),
^
cuckoomon.c:33:6: error: ‘New_connect’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:302:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, connect),
^
cuckoomon.c:33:33: error: ‘Old_connect’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:302:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, connect),
^
cuckoomon.c:33:6: error: ‘New_send’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:303:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, send),
^
cuckoomon.c:33:33: error: ‘Old_send’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:303:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, send),
^
cuckoomon.c:33:6: error: ‘New_sendto’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:304:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, sendto),
^
cuckoomon.c:33:33: error: ‘Old_sendto’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:304:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, sendto),
^
cuckoomon.c:33:6: error: ‘New_recv’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:305:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, recv),
^
cuckoomon.c:33:33: error: ‘Old_recv’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:305:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, recv),
^
cuckoomon.c:33:6: error: ‘New_recvfrom’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:306:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, recvfrom),
^
cuckoomon.c:33:33: error: ‘Old_recvfrom’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:306:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, recvfrom),
^
cuckoomon.c:33:6: error: ‘New_accept’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:307:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, accept),
^
cuckoomon.c:33:33: error: ‘Old_accept’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:307:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, accept),
^
cuckoomon.c:33:6: error: ‘New_bind’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:308:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, bind),
^
cuckoomon.c:33:33: error: ‘Old_bind’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:308:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, bind),
^
cuckoomon.c:33:6: error: ‘New_listen’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:309:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, listen),
^
cuckoomon.c:33:33: error: ‘Old_listen’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:309:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, listen),
^
cuckoomon.c:33:6: error: ‘New_select’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:310:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, select),
^
cuckoomon.c:33:33: error: ‘Old_select’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:310:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, select),
^
cuckoomon.c:33:6: error: ‘New_setsockopt’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:311:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, setsockopt),
^
cuckoomon.c:33:33: error: ‘Old_setsockopt’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:311:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, setsockopt),
^
cuckoomon.c:33:6: error: ‘New_ioctlsocket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:312:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, ioctlsocket),
^
cuckoomon.c:33:33: error: ‘Old_ioctlsocket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:312:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, ioctlsocket),
^
cuckoomon.c:33:6: error: ‘New_closesocket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:313:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, closesocket),
^
cuckoomon.c:33:33: error: ‘Old_closesocket’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:313:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, closesocket),
^
cuckoomon.c:33:6: error: ‘New_shutdown’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:314:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, shutdown),
^
cuckoomon.c:33:33: error: ‘Old_shutdown’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:314:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, shutdown),
^
cuckoomon.c:33:6: error: ‘New_WSARecv’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:316:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSARecv),
^
cuckoomon.c:33:33: error: ‘Old_WSARecv’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:316:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSARecv),
^
cuckoomon.c:33:6: error: ‘New_WSARecvFrom’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:317:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSARecvFrom),
^
cuckoomon.c:33:33: error: ‘Old_WSARecvFrom’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:317:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSARecvFrom),
^
cuckoomon.c:33:6: error: ‘New_WSASend’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:318:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASend),
^
cuckoomon.c:33:33: error: ‘Old_WSASend’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:318:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASend),
^
cuckoomon.c:33:6: error: ‘New_WSASendTo’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:319:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASendTo),
^
cuckoomon.c:33:33: error: ‘Old_WSASendTo’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:319:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASendTo),
^
cuckoomon.c:33:6: error: ‘New_WSASocketA’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:320:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASocketA),
^
cuckoomon.c:33:33: error: ‘Old_WSASocketA’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:320:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASocketA),
^
cuckoomon.c:33:6: error: ‘New_WSASocketW’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:321:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASocketW),
^
cuckoomon.c:33:33: error: ‘Old_WSASocketW’ undeclared here (not in a function)
&New_##funcname, (void *) &Old##funcname}
^
cuckoomon.c:321:5: note: in expansion of macro ‘HOOK’
HOOK(ws2_32, WSASocketW),
^
In file included from config.c:21:0:
ntapi.h:295:16: error: redefinition of ‘struct _TRANSMIT_FILE_BUFFERS’
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from config.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:10:16: note: originally defined here
typedef struct _TRANSMIT_FILE_BUFFERS {
^
In file included from config.c:21:0:
ntapi.h:300:3: error: conflicting types for ‘TRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, _LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from config.c:20:
/usr/share/mingw-w64/include/psdk_inc/_xmitfile.h:15:3: note: previous declaration of ‘TRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from config.c:21:0:
ntapi.h:300:27: error: conflicting types for ‘LPTRANSMIT_FILE_BUFFERS’
} TRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from /usr/share/mingw-w64/include/winsock.h:40:0,
from /usr/share/mingw-w64/include/windows.h:92,
from config.c:20:
/usr/share/mingw-w64/include/psdk_inc/xmitfile.h:15:52: note: previous declaration of ‘LPTRANSMIT_FILE_BUFFERS’ was here
} TRANSMIT_FILE_BUFFERS, *PTRANSMIT_FILE_BUFFERS, *LPTRANSMIT_FILE_BUFFERS;
^
In file included from config.c:21:0:
ntapi.h:386:28: error: conflicting types for ‘__readfsdword’
static inline unsigned int __readfsdword(unsigned int index)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from config.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1246:1: note: previous definition of ‘__readfsdword’ was here
__buildreadseg(__readfsdword, unsigned __LONG32, "fs")
^
In file included from config.c:21:0:
ntapi.h:393:20: error: conflicting types for ‘__writefsdword’
static inline void __writefsdword(unsigned int index, unsigned int value)
^
In file included from /usr/share/mingw-w64/include/winnt.h:26:0,
from /usr/share/mingw-w64/include/minwindef.h:146,
from /usr/share/mingw-w64/include/windef.h:8,
from /usr/share/mingw-w64/include/windows.h:69,
from config.c:20:
/usr/share/mingw-w64/include/psdk_inc/intrin-impl.h:1267:1: note: previous definition of ‘__writefsdword’ was here
__buildwriteseg(__writefsdword, unsigned __LONG32, "fs")
^
config.c: In function ‘read_config’:
config.c:29:9: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘DWORD’ [-Wformat=]
getenv("TEMP"), GetCurrentProcessId());
^
Makefile:41: recipe for target 'objects/hook_reg.o' failed
make: ** [objects/hook_reg.o] Error 1
Makefile:41: recipe for target 'objects/cuckoomon.o' failed
make: *** [objects/cuckoomon.o] Error 1
Makefile:41: recipe for target 'objects/config.o' failed
make: *** [objects/config.o] Error 1
Add an additional LOG:
format for the pipe, and place log statements wherever useful.
When a binary executes a new binary (creates a new process), inject into the new binary as following;
NtResumeThread()
kernel32.dll.GetFileType
kernel32.dll.GetFileSizeEx
kernel32.dll.GetFileSize
kernel32.dll.GetFileInformationByHandle
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.SizeofResource
i want to add some new APIs to cuckoomon dll and delete some APIs but i'm noob and i don't know which file i need to modify so pleas help me. thanks
API that i want to add :
(kernel32, LocalFree)
(kernel32, GetModuleFileNameA)
(kernel32, LoadLibraryA)
(kernel32, GetVersion)
(user32, LoadImageA)
(user32, DefWindowProcA)
(user32, CreateWindowExA)
(user32, GetWindowThreadProcessId)
(advapi32, RegOpenKeyA)
(user32, GetFocus)
(user32, GetWindow)
(kernel32,CloseHandle)
(kernel32, GetPrivateProfileStringA)
(kernel32, GetWindowsDirectoryA)
(user32, WindowFromPoint)
(kernel32, LoadLibraryW)
(kernel32, FindFirstFileA)
(kernel32, FindNextFileA)
(user32, GetDlgItem)
(kernel32, RegOpenCurrentUser)
(advapi32, RegOpenKeyW)
(user32, LoadStringW)
(user32, SystemParametersInfoA)
(kernel32, GetSystemDirectoryA)
(advapi32, RegCreateKeyW)
(kernel32, CreateFileA)
(kernel32, ReadFile)
(kernel32, WriteFile)
(kernel32,CreateFileMappingA)
(kernel32, CreateFileW)
(kernel32, FreeResource)
(kernel32, CreateProcessW)
(kernel32, SetFileAttributesA)
(kernel32, FindFirstFileW)
(advapi32, RegCreateKeyA)
(kernel32, OpenProcess)
(kernel32, CreateDirectoryA)
(user32, SendDlgItemMessageA)
(wininet, InternetSetOptionA)
(kernel32, FindResourceExA)
(kernel32, GetCommandLineW)
(kernel32, IsValidLocale)
(kernel32, Process32Next)
(kernel32, CreateProcessA)
kernel32, MoveFileA)
(kernel32, GlobalReAlloc)
(kernel32, SetEndOfFile)
(advapi32, GetSecurityDescriptorDacl)
(user32, SetWindowTextW)
(kernel32, GetStartupInfoW)
(wininet, InternetSetOptionW)
(kernel32, TerminateProcess)
(kernel32, MoveFileExA)
(user32, CharUpperW)
(kernel32, GetConsoleOutputCP)
(kernel32, MoveFileExW)
Translate Handles to their corresponding Process Identifer and Process name. This helps when reading the logs.
Add process_id
and thread_id
fields to the LOQ
macro.
This is useful for logging the current process_id
and thread_id
for every function call, as well as the process_id
(and optionally thread_id
) of any referenced handles (to functions such as WriteProcessMemory
.)
Statically link the distorm3 library.
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32NextW
kernel32.dll.Process32First
kernel32.dll.Module32Next
kernel32.dll.Module32First
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.