#include <ctime>
#include <vector>
#include <cstdio>
#include <cstdlib>
#include <iostream>
#include <windows.h>
/*
SMBIOS information can be found at http://d...content-available-to-author-only...f.org/sites/default/files/standards/documents/DSP0134_2.7.1.pdf
*/
using namespace std;
typedef __int8 int8;
typedef __int16 int16;
typedef __int32 int32;
typedef __int64 int64;
typedef unsigned __int8 uint8;
typedef unsigned __int16 uint16;
typedef unsigned __int32 uint32;
typedef unsigned __int64 uint64;
typedef vector<uint8> BufferType;
#define JMP_HOOK_SIZE 5
typedef struct _HookData
{
LPVOID pTargetAddress;
BYTE OrgData[JMP_HOOK_SIZE];
}HookData;
#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
typedef LONG (WINAPI *pZwQuerySystemInformation)(
DWORD SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
pZwQuerySystemInformation ZwQuerySystemInformation;
#define SYSTEMINFO_CLASS_FIRM_TABLE 0x4C
#define SMBIOS_STRUCTURE_SEPARATOR_SIZE 2
#define SMBIOS_STRUCTURE_SEPARATOR "\0\0"
#define SMBIOS_TABLE_SIGNATURE 0x52534D42
#define XNADDR_LEN 0x1C
#define ADDRESS_XUID 0x05A7B1D8
#define ADDRESS_PLAYER_INFO 0x05CCB138
#define ADDRESS_XNADDRESS_BUFFER 0x00464A58
#define ADDRESS_UNNAMEDPLAYER_NAME 0x007E5AC4
inline uint32 rand32( void )
{
return (rand() << 0x11) | (rand() << 2) | (rand() & 3);
}
namespace SMBIOS
{
typedef struct _StructureHeader
{
uint8 Type;
uint8 FormattedSize;
uint16 Handle; //Unique handle for this structure for later recall
uint8 Data[];
}StructureHeader;
enum StructureType
{
BIOS_INFO_TYPE = 0x00,
SYSTEM_INFO_TYPE = 0x01,
BASEBOARD_INFO_TYPE = 0x02,
CHASSIS_INFO_TYPE = 0x03,
PROCESSOR_INFO_TYPE = 0x04,
CACHE_INFO_TYPE = 0x07,
PORTS_INFO_TYPE = 0x08,
SYSTEMSLOTS_INFO_TYPE = 0x09,
ONBOARDDEVS_INFO_TYPE = 0x0A,
OEMSTRING_INFO_TYPE = 0x0B,
SYSTEMCONFIG_INFO_TYPE = 0x0C,
BIOSLANG_INFO_TYPE = 0x0D,
GROUPASSOCS_INFO_TYPE = 0x0E,
SYSLOG_INFO_TYPE = 0x0F,
PHYSMEM_INFO_TYPE = 0x10,
MEMDEV_INFO_TYPE = 0x11,
MEMERROR32_INFO_TYPE = 0x12,
MEMARRAYMAPPED_INFO_TYPE = 0x13,
MEMDEVMAPPED_INFO_TYPE = 0x14,
BUILTINPTRDEV_INFO_TYPE = 0x15,
BATTERY_INFO_TYPE = 0x16,
SYSRESET_INFO_TYPE = 0x17,
HARDSEC_INFO_TYPE = 0x18,
SYSPOWER_INFO_TYPE = 0x19,
VOLTPROBE_INFO_TYPE = 0x1A,
COOLINGDEV_INFO_TYPE = 0x1B,
TEMPPROBE_INFO_TYPE = 0x1C,
ELECPROBE_INFO_TYPE = 0x1D,
OOBRA_INFO_TYPE = 0x1E,
SYSBOOT_INFO_TYPE = 0x20,
MEMERROR64_INFO_TYPE = 0x21,
MNGDEV_INFO_TYPE = 0x22,
MNGDEVCOMP_INFO_TYPE = 0x23,
MNGDEVTHRES_INFO_TYPE = 0x24,
MEMCHAN_INFO_TYPE = 0x25,
IPMIDEV_INFO_TYPE = 0x26,
POWERSUPPLY_INFO_TYPE = 0x27,
ADDITIONAL_INFO_TYPE = 0x28,
ONBOARDDEVSEX_INFO_TYPE = 0x29,
MNGCTRLHOSTIF_INFO_TYPE = 0x2A,
INACTIVE_INFO_TYPE = 0x7E,
EOF_INFO_TYPE = 0x7F,
};
class AlterInfo
{
public:
AlterInfo(uint8 *_buffer, uint32 _size) : m_Buffer(_buffer), m_BufferSize(_size), m_BufferPtr(sizeof(uint32) + sizeof(uint32)){} //Skip version and length
void Process( void )
{
static const char *rand32StrMask = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
int32 currentStLen = 0;
uint8 rand32MaskLen = strlen(rand32StrMask);
while((currentStLen = GetStructureLen()) > (SMBIOS_STRUCTURE_SEPARATOR_SIZE+sizeof(uint32)))
{
StructureHeader* pHeader = ((StructureHeader *)&m_Buffer[m_BufferPtr]);
char *pStringBuffer = ((char *)&m_Buffer[m_BufferPtr+pHeader->FormattedSize]);
while(*pStringBuffer)
{
//Fill strings with rand32om chars within the mask
while(*pStringBuffer)
{
*pStringBuffer = rand32StrMask[rand32() % rand32MaskLen];
++pStringBuffer;
}
++pStringBuffer;
}
switch(pHeader->Type)
{
case BIOS_INFO_TYPE:
StCallback_BiosInfo(pHeader);
break;
case SYSTEM_INFO_TYPE:
StCallback_SysInfo(pHeader);
break;
case BASEBOARD_INFO_TYPE:
StCallback_MBInfo(pHeader);
break;
case CHASSIS_INFO_TYPE:
StCallback_ChassisInfo(pHeader);
break;
case PROCESSOR_INFO_TYPE:
StCallback_CpuInfo(pHeader);
break;
case CACHE_INFO_TYPE:
StCallback_CacheInfo(pHeader);
break;
case PORTS_INFO_TYPE:
StCallback_PortsInfo(pHeader);
break;
case SYSTEMSLOTS_INFO_TYPE:
StCallback_SystemSlotsInfo(pHeader);
break;
case ONBOARDDEVS_INFO_TYPE:
StCallback_OnBoardDevsInfo(pHeader);
break;
case OEMSTRING_INFO_TYPE:
StCallback_OemStringsInfo(pHeader);
break;
case SYSTEMCONFIG_INFO_TYPE:
StCallback_SysConfigInfo(pHeader);
break;
case BIOSLANG_INFO_TYPE:
StCallback_BiosLangInfo(pHeader);
break;
case GROUPASSOCS_INFO_TYPE:
StCallback_GroupAssocsInfo(pHeader);
break;
case SYSLOG_INFO_TYPE:
StCallback_SysLogInfo(pHeader);
break;
case PHYSMEM_INFO_TYPE:
StCallback_PhysMemInfo(pHeader);
break;
case MEMDEV_INFO_TYPE:
StCallback_MemDevInfo(pHeader);
break;
case MEMERROR32_INFO_TYPE:
StCallback_MemError32Info(pHeader);
break;
case MEMARRAYMAPPED_INFO_TYPE:
StCallback_MemArrayMappedInfo(pHeader);
break;
case MEMDEVMAPPED_INFO_TYPE:
StCallback_MemDevMappedInfo(pHeader);
break;
case BUILTINPTRDEV_INFO_TYPE:
StCallback_BuiltInPtrDevInfo(pHeader);
break;
case BATTERY_INFO_TYPE:
StCallback_BatteryInfo(pHeader);
break;
case SYSRESET_INFO_TYPE:
StCallback_SysResetInfo(pHeader);
break;
case HARDSEC_INFO_TYPE:
StCallback_HardwareSecurityInfo(pHeader);
break;
case SYSPOWER_INFO_TYPE:
StCallback_SysPowerInfo(pHeader);
break;
case VOLTPROBE_INFO_TYPE:
StCallback_VoltageProbeInfo(pHeader);
break;
case COOLINGDEV_INFO_TYPE:
StCallback_CoolingDevInfo(pHeader);
break;
case TEMPPROBE_INFO_TYPE:
StCallback_TempProbeInfo(pHeader);
break;
case ELECPROBE_INFO_TYPE:
StCallback_ElectricalProbeInfo(pHeader);
break;
case OOBRA_INFO_TYPE:
StCallback_OobRemoteAccessInfo(pHeader);
break;
case SYSBOOT_INFO_TYPE:
StCallback_SysBootInfo(pHeader);
break;
case MEMERROR64_INFO_TYPE:
StCallback_MemError64Info(pHeader);
break;
case MNGDEV_INFO_TYPE:
StCallback_ManageDevInfo(pHeader);
break;
case MNGDEVCOMP_INFO_TYPE:
StCallback_ManageDevCompInfo(pHeader);
break;
case MNGDEVTHRES_INFO_TYPE:
StCallback_ManageDevThresholdInfo(pHeader);
break;
case MEMCHAN_INFO_TYPE:
StCallback_MemChannelInfo(pHeader);
break;
case IPMIDEV_INFO_TYPE:
StCallback_IpmiDevInfo(pHeader);
break;
case POWERSUPPLY_INFO_TYPE:
StCallback_PowerSupplyInfo(pHeader);
break;
case ADDITIONAL_INFO_TYPE:
StCallback_AdditionalInfo(pHeader);
break;
case ONBOARDDEVSEX_INFO_TYPE:
StCallback_OnBoardDevExInfo(pHeader);
break;
case MNGCTRLHOSTIF_INFO_TYPE:
StCallback_ManageControlHostInterfaceInfo(pHeader);
break;
}
m_BufferPtr+=currentStLen;
}
}
private:
int32 GetStructureLen( void )
{
uint16 Offset = m_BufferPtr;
uint16 BufferLen = m_BufferSize;
StructureHeader* pHeader = ((StructureHeader *)&m_Buffer[m_BufferPtr]);
Offset+=pHeader->FormattedSize;
while(Offset < BufferLen)
if(!memcmp(&m_Buffer[Offset], SMBIOS_STRUCTURE_SEPARATOR, SMBIOS_STRUCTURE_SEPARATOR_SIZE))
return Offset-m_BufferPtr+SMBIOS_STRUCTURE_SEPARATOR_SIZE;
else ++Offset;
return -1;
}
//BIOS_INFO_TYPE:
void StCallback_BiosInfo(StructureHeader *Header)
{
uint8 rTo = Header->FormattedSize-sizeof(uint32);
*((uint16 *)(Header->Data + 0x02)) = rand32() & 0xFFFF;
Header->Data[0x05] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x06)) = rand32();
*((uint32 *)(Header->Data + 0x0A)) = rand32();
for(uint8 i = 0x0E; i < rTo; ++i)
Header->Data[i] = rand32() & 0xFF;
}
//SYSTEM_INFO_TYPE:
void StCallback_SysInfo(StructureHeader *Header)
{
if(Header->FormattedSize < 0x19)
return;
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint32 *)(Header->Data + 0x08)) = rand32();
*((uint32 *)(Header->Data + 0x0C)) = rand32();
*((uint32 *)(Header->Data + 0x10)) = rand32();
Header->Data[0x14] = rand32() & 0xFF;
}
//BASEBOARD_INFO_TYPE:
void StCallback_MBInfo(StructureHeader *Header)
{
uint8 rTo = Header->FormattedSize-sizeof(uint32);
Header->Data[0x05] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x07)) = rand32() & 0xFFFF;
Header->Data[0x09] = rand32() & 0xFF;
Header->Data[0x0A] = rand32() & 0xFF;
for(uint8 i = 0x0B; i < rTo; ++i)
Header->Data[i] = rand32() & 0xFF;
}
//CHASSIS_INFO_TYPE:
void StCallback_ChassisInfo(StructureHeader *Header)
{
uint8 rTo = Header->FormattedSize-sizeof(uint8)-sizeof(uint32);
Header->Data[0x01] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x05)) = rand32();
*((uint32 *)(Header->Data + 0x09)) = rand32();
*((uint32 *)(Header->Data + 0x0D)) = rand32();
for(uint8 i = 0x11; i < rTo; ++i)
Header->Data[i] = rand32() & 0xFF;
}
//PROCESSOR_INFO_TYPE:
void StCallback_CpuInfo(StructureHeader *Header)
{
*((uint16 *)(Header->Data + 0x01)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint32 *)(Header->Data + 0x08)) = rand32();
Header->Data[0x0D] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x0E)) = rand32();
*((uint32 *)(Header->Data + 0x12)) = rand32();
*((uint32 *)(Header->Data + 0x16)) = rand32();
*((uint16 *)(Header->Data + 0x1A)) = rand32() & 0xFFFF;
Header->Data[0x1F] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x20)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x22)) = rand32();
}
//CACHE_INFO_TYPE:
void StCallback_CacheInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x01)) = rand32();
*((uint32 *)(Header->Data + 0x05)) = rand32();
*((uint32 *)(Header->Data + 0x09)) = rand32();
*((uint16 *)(Header->Data + 0x0D)) = rand32() & 0xFFFF;
}
//PORTS_INFO_TYPE:
void StCallback_PortsInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x03)) = rand32() & 0xFFFF;
}
//SYSTEMSLOTS_INFO_TYPE:
void StCallback_SystemSlotsInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x01)) = rand32();
*((uint32 *)(Header->Data + 0x05)) = rand32();
*((uint32 *)(Header->Data + 0x09)) = rand32();
}
//ONBOARDDEVS_INFO_TYPE:
void StCallback_OnBoardDevsInfo(StructureHeader *Header)
{
uint8 devCount = (Header->FormattedSize - sizeof(uint32))/sizeof(uint16);
for(uint8 i = 0; i < devCount; ++i)
Header->Data[2*i] = rand32() & 0xFF;
}
//OEMSTRING_INFO_TYPE:
void StCallback_OemStringsInfo(StructureHeader *Header)
{//Nothing to do here
}
//SYSTEMCONFIG_INFO_TYPE:
void StCallback_SysConfigInfo(StructureHeader *Header)
{//Nothing to do here
}
//BIOSLANG_INFO_TYPE:
void StCallback_BiosLangInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0x01;
}
//GROUPASSOCS_INFO_TYPE:
void StCallback_GroupAssocsInfo(StructureHeader *Header)
{
uint8 rTo = Header->FormattedSize-sizeof(uint32);
for(uint8 i = 0x01; i < rTo; ++i)
Header->Data[i] = rand32() & 0xFF;
}
//SYSLOG_INFO_TYPE:
void StCallback_SysLogInfo(StructureHeader *Header)
{
uint8 rTo = Header->FormattedSize-sizeof(uint32);
*((uint16 *)(Header->Data + 0x06)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x08)) = rand32();
*((uint32 *)(Header->Data + 0x0C)) = rand32();
Header->Data[0x10] = rand32() & 0xFF;
for(uint8 i = 0x13; i < rTo; ++i)
Header->Data[i] = rand32() & 0xFF;
}
//PHYSMEM_INFO_TYPE:
void StCallback_PhysMemInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x01)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x03)) = rand32();
*((uint16 *)(Header->Data + 0x09)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x0B)) = rand32();
*((uint32 *)(Header->Data + 0x0F)) = rand32();
}
//MEMDEV_INFO_TYPE:
void StCallback_MemDevInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint32 *)(Header->Data + 0x08)) = rand32();
Header->Data[0x0E] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x0F)) = rand32();
Header->Data[0x17] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x18)) = rand32();
*((uint16 *)(Header->Data + 0x1C)) = rand32() & 0xFFFF;
}
//MEMERROR32_INFO_TYPE:
void StCallback_MemError32Info(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x01)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x03)) = rand32();
*((uint32 *)(Header->Data + 0x07)) = rand32();
*((uint32 *)(Header->Data + 0x0B)) = rand32();
*((uint32 *)(Header->Data + 0x0F)) = rand32();
}
//MEMARRAYMAPPED_INFO_TYPE:
void StCallback_MemArrayMappedInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x00)) = rand32();
*((uint32 *)(Header->Data + 0x04)) = rand32();
Header->Data[0x0A] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x0B)) = rand32();
*((uint32 *)(Header->Data + 0x0F)) = rand32();
*((uint32 *)(Header->Data + 0x13)) = rand32();
*((uint32 *)(Header->Data + 0x17)) = rand32();
}
//MEMDEVMAPPED_INFO_TYPE:
void StCallback_MemDevMappedInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x00)) = rand32();
*((uint32 *)(Header->Data + 0x04)) = rand32();
Header->Data[0x0C] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x0D)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x0F)) = rand32();
*((uint32 *)(Header->Data + 0x13)) = rand32();
*((uint32 *)(Header->Data + 0x17)) = rand32();
*((uint32 *)(Header->Data + 0x1B)) = rand32();
}
//BUILTINPTRDEV_INFO_TYPE:
void StCallback_BuiltInPtrDevInfo(StructureHeader *Header)
{
*((uint16 *)(Header->Data + 0x00)) = rand32() & 0xFFFF;
}
//BATTERY_INFO_TYPE:
void StCallback_BatteryInfo(StructureHeader *Header)
{
Header->Data[0x05] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x06)) = rand32();
Header->Data[0x0B] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x0C)) = rand32();
Header->Data[0x11] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x12)) = rand32();
}
//SYSRESET_INFO_TYPE:
void StCallback_SysResetInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x01)) = rand32();
*((uint32 *)(Header->Data + 0x05)) = rand32();
}
//HARDSEC_INFO_TYPE:
void StCallback_HardwareSecurityInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
}
//SYSPOWER_INFO_TYPE:
void StCallback_SysPowerInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x01)) = rand32();
}
//VOLTPROBE_INFO_TYPE:
void StCallback_VoltageProbeInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x02)) = rand32();
*((uint32 *)(Header->Data + 0x06)) = rand32();
*((uint32 *)(Header->Data + 0x0A)) = rand32();
*((uint32 *)(Header->Data + 0x0E)) = rand32();
}
//COOLINGDEV_INFO_TYPE:
void StCallback_CoolingDevInfo(StructureHeader *Header)
{
*((uint16 *)(Header->Data + 0x02)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint16 *)(Header->Data + 0x08)) = rand32() & 0xFFFF;
}
//TEMPPROBE_INFO_TYPE:
void StCallback_TempProbeInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x02)) = rand32();
*((uint32 *)(Header->Data + 0x06)) = rand32();
*((uint16 *)(Header->Data + 0x0A)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x0C)) = rand32();
*((uint16 *)(Header->Data + 0x10)) = rand32() & 0xFFFF;
}
//ELECPROBE_INFO_TYPE:
void StCallback_ElectricalProbeInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x02)) = rand32();
*((uint32 *)(Header->Data + 0x06)) = rand32();
*((uint16 *)(Header->Data + 0x0A)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x0C)) = rand32();
*((uint16 *)(Header->Data + 0x10)) = rand32() & 0xFFFF;
}
//OOBRA_INFO_TYPE:
void StCallback_OobRemoteAccessInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
}
//SYSBOOT_INFO_TYPE:
void StCallback_SysBootInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x06)) = rand32();
*((uint32 *)(Header->Data + 0x0A)) = rand32();
*((uint16 *)(Header->Data + 0x0A)) = rand32() & 0xFFFF;
}
//MEMERROR64_INFO_TYPE:
void StCallback_MemError64Info(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint16 *)(Header->Data + 0x01)) = rand32() & 0xFFFF;
*((uint32 *)(Header->Data + 0x03)) = rand32();
*((uint32 *)(Header->Data + 0x07)) = rand32();
*((uint32 *)(Header->Data + 0x0B)) = rand32();
*((uint32 *)(Header->Data + 0x0F)) = rand32();
*((uint32 *)(Header->Data + 0x13)) = rand32();
*((uint32 *)(Header->Data + 0x17)) = rand32();
}
//MNGDEV_INFO_TYPE:
void StCallback_ManageDevInfo(StructureHeader *Header)
{
Header->Data[0x01] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x02)) = rand32();
Header->Data[0x06] = rand32() & 0xFF;
}
//MNGDEVCOMP_INFO_TYPE:
void StCallback_ManageDevCompInfo(StructureHeader *Header)
{//Nothing to do
}
//MNGDEVTHRES_INFO_TYPE:
void StCallback_ManageDevThresholdInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x00)) = rand32();
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint32 *)(Header->Data + 0x08)) = rand32();
}
//MEMCHAN_INFO_TYPE:
void StCallback_MemChannelInfo(StructureHeader *Header)
{
uint8 DevCount = (Header->FormattedSize-sizeof(uint32)-sizeof(uint16)-sizeof(uint8))/(sizeof(uint16) + sizeof(uint8));
*((uint16 *)(Header->Data + 0x00)) = rand32() & 0xFFFF;
for(uint8 i = 0x00; i < DevCount; ++i)
Header->Data[0x03 + 3*i] = rand32() & 0xFF;
}
//IPMIDEV_INFO_TYPE:
void StCallback_IpmiDevInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x00)) = rand32();
*((uint32 *)(Header->Data + 0x04)) = rand32();
*((uint32 *)(Header->Data + 0x08)) = rand32();
*((uint16 *)(Header->Data + 0x0C)) = rand32() & 0xFFFF;
}
//POWERSUPPLY_INFO_TYPE:
void StCallback_PowerSupplyInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
*((uint32 *)(Header->Data + 0x08)) = rand32();
*((uint32 *)(Header->Data + 0x0C)) = rand32();
*((uint16 *)(Header->Data + 0x10)) = rand32() & 0xFFFF;
}
//ADDITIONAL_INFO_TYPE:
void StCallback_AdditionalInfo(StructureHeader *Header)
{//Fomart has not a fix std, so we don't modify it
}
//ONBOARDDEVSEX_INFO_TYPE:
void StCallback_OnBoardDevExInfo(StructureHeader *Header)
{
*((uint32 *)(Header->Data + 0x01)) = rand32();
*((uint16 *)(Header->Data + 0x05)) = rand32() & 0xFFFF;
}
//MNGCTRLHOSTIF_INFO_TYPE:
void StCallback_ManageControlHostInterfaceInfo(StructureHeader *Header)
{
Header->Data[0x00] = rand32() & 0xFF;
}
protected:
uint8 *m_Buffer;
uint32 m_BufferPtr;
uint32 m_BufferSize;
};
};
uint8 *g_XnaddrData = NULL;
HookData g_HookGetSystemFirmwareTable;
void Unban_NullName( void )
{
//Change Name to nothing
DWORD dwProtection = PAGE_EXECUTE_READWRITE;
LPBYTE pPlayerName = LPBYTE(*LPDWORD(ADDRESS_PLAYER_INFO)+0x142);
VirtualProtect(pPlayerName, sizeof(uint8), dwProtection, &dwProtection);
*pPlayerName = 0;
VirtualProtect(pPlayerName, sizeof(uint8), dwProtection, &dwProtection);
}
void Unban_ChangeXuid( void )
{
//Change XUID
*LPDWORD(ADDRESS_XUID) = rand32();
*LPDWORD(ADDRESS_XUID + 0x04) = rand32();
}
void Unban_ChangeXnaddr( void )
{
//Change XNADDR
for(uint8 i = 0; i < XNADDR_LEN;)
g_XnaddrData[i++] = rand32() & 0xFF;
}
void Unban_ChangeSteamId( void )
{
LPDWORD pSteamId = LPDWORD(*LPDWORD(ADDRESS_PLAYER_INFO)+0x13A);
pSteamId[0] = rand32(); pSteamId[1] = rand32();
}
UINT GetSystemFirmwareTableReal
(
DWORD FirmwareTableProviderSignature,
DWORD FirmwareTableID,
PVOID pFirmwareTableBuffer,
DWORD BufferSize
)
{
ULONG uReturnedLen = 0;
LPBYTE pBuffer = LPBYTE(MALLOC(BufferSize+0x10));
*LPDWORD(&pBuffer[0x00]) = FirmwareTableProviderSignature;
*LPDWORD(&pBuffer[0x04]) = 0x00000001;
*LPDWORD(&pBuffer[0x08]) = FirmwareTableID;
*LPDWORD(&pBuffer[0x0C]) = BufferSize;
LONG fnRet = ZwQuerySystemInformation(SYSTEMINFO_CLASS_FIRM_TABLE, pBuffer, BufferSize+0x10, NULL);
uReturnedLen = *LPDWORD(&pBuffer[0x0C]);
if(fnRet < 0)
{
if(fnRet != 0xC0000023)
uReturnedLen = 0;
}
else
memcpy(pFirmwareTableBuffer, &pBuffer[0x10], uReturnedLen);
FREE(pBuffer);
return uReturnedLen;
}
UINT Hook_GetSystemFirmwareTable
(
DWORD FirmwareTableProviderSignature,
DWORD FirmwareTableID,
PVOID pFirmwareTableBuffer,
DWORD BufferSize
)
{
UINT fnReturn = GetSystemFirmwareTableReal(FirmwareTableProviderSignature, FirmwareTableID, pFirmwareTableBuffer, BufferSize);
if(BufferSize && fnReturn)
{
Unban_NullName();
Unban_ChangeXuid();
Unban_ChangeXnaddr();
Unban_ChangeSteamId();
//Change SMBIOS Info
SMBIOS::AlterInfo *alterSmBios = new SMBIOS::AlterInfo((uint8 *)pFirmwareTableBuffer, fnReturn);
alterSmBios->Process();
delete alterSmBios;
}
return fnReturn;
}
void Hook( void )
{
srand(time(NULL));
DWORD dwProtection = PAGE_EXECUTE_READWRITE;
ZwQuerySystemInformation = pZwQuerySystemInformation(GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwQuerySystemInformation"));
g_HookGetSystemFirmwareTable.pTargetAddress = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetSystemFirmwareTable");
LPBYTE pTargetAddress = LPBYTE(Hook_GetSystemFirmwareTable);
LPBYTE pHookAddress = LPBYTE(g_HookGetSystemFirmwareTable.pTargetAddress);
VirtualProtect(pHookAddress, JMP_HOOK_SIZE, dwProtection, &dwProtection);
memcpy(g_HookGetSystemFirmwareTable.OrgData, pHookAddress, JMP_HOOK_SIZE);
*pHookAddress = 0xE9; *LPDWORD(pHookAddress + 1) = pTargetAddress-pHookAddress-JMP_HOOK_SIZE;
VirtualProtect(pHookAddress, JMP_HOOK_SIZE, dwProtection, &dwProtection);
//Zero fill unnamed player name string
dwProtection = PAGE_EXECUTE_READWRITE;
LPBYTE pUnnamedPlayerName = LPBYTE(ADDRESS_UNNAMEDPLAYER_NAME);
VirtualProtect(pUnnamedPlayerName, sizeof(uint8), dwProtection, &dwProtection);
*pUnnamedPlayerName = 0;
VirtualProtect(pUnnamedPlayerName, sizeof(uint8), dwProtection, &dwProtection);
//Change XNADDR Buffer
if(g_XnaddrData == NULL)
g_XnaddrData = ((uint8 *)MALLOC(XNADDR_LEN));
LPDWORD pXnAddrBuffer = LPDWORD(ADDRESS_XNADDRESS_BUFFER);
VirtualProtect(pXnAddrBuffer, sizeof(uint32), dwProtection, &dwProtection);
*pXnAddrBuffer = DWORD(g_XnaddrData);
VirtualProtect(pXnAddrBuffer, sizeof(uint32), dwProtection, &dwProtection);
Unban_ChangeXuid();
Unban_ChangeXnaddr();
Unban_ChangeSteamId();
}
void Unhook( void )
{
DWORD dwProtection = PAGE_EXECUTE_READWRITE;
LPBYTE pHookAddress = LPBYTE(g_HookGetSystemFirmwareTable.pTargetAddress);
VirtualProtect(pHookAddress, JMP_HOOK_SIZE, dwProtection, &dwProtection);
memcpy(pHookAddress, g_HookGetSystemFirmwareTable.OrgData, JMP_HOOK_SIZE);
VirtualProtect(pHookAddress, JMP_HOOK_SIZE, dwProtection, &dwProtection);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
static bool bLoaded = false;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(!bLoaded)
{
Hook();
bLoaded = true;
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}