MMKCMM Pspsps
#include <windows.h>
#include <stdio.h>
#define CrtInitializeConsoleIo freopen_s
#define CrtBufferIo __acrt_iob_func
#define STANDARD_INPUT 0
#define STANDARD_OUTPUT 1
#define STANDARD_ERROR 2
#define EMBEDDED_BINARY_CORRUPT 0
typedef struct __IMAGE_FILE_BLOCK {
HANDLE Handle = INVALID_HANDLE_VALUE;
WCHAR FilePath[MAX_PATH * sizeof(WCHAR)] = { 0 };
PBYTE RawData = NULL;
LONGLONG FileSize = 0;
BOOL bIsInitialized;
}IMAGE_FILE_BLOCK, * PIMAGE_FILE_BLOCK;
PWCHAR StringCopyW(_Inout_ PWCHAR String1, _In_ LPCWSTR String2)
{
PWCHAR p = String1;
while ((*p++ = *String2++) != 0);
return String1;
}
BOOL CrtCreateConsoleIo(VOID)
{
FILE* FilePointer = NULL;
BOOL bFlag = FALSE;
if (!AllocConsole())
{
MessageBoxA(NULL, "Fatal error: Unable to create output console", "Fatal Error", MB_OK);
return FALSE;
}
if (CrtInitializeConsoleIo(&FilePointer, "CONIN$", "r", CrtBufferIo(STANDARD_INPUT)) != ERROR_SUCCESS)
goto EXIT_ROUTINE;
if (CrtInitializeConsoleIo(&FilePointer, "CONOUT$", "w", CrtBufferIo(STANDARD_OUTPUT)) != ERROR_SUCCESS)
goto EXIT_ROUTINE;
if (CrtInitializeConsoleIo(&FilePointer, "CONOUT$", "w", CrtBufferIo(STANDARD_ERROR)) != ERROR_SUCCESS)
goto EXIT_ROUTINE;
bFlag = TRUE;
EXIT_ROUTINE:
if (!bFlag)
MessageBoxA(NULL, "Fatal error: Unable to set STDIO", "Fatal Error", MB_OK);
return bFlag;
}
BOOL InitializeFileBlock(PIMAGE_FILE_BLOCK File, PWCHAR FilePath)
{
LARGE_INTEGER LargeInteger = { 0 };
DWORD BytesRead = 0;
File->Handle = CreateFileW(FilePath, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (File->Handle == INVALID_HANDLE_VALUE)
return FALSE;
else
File->bIsInitialized = TRUE;
if (StringCopyW(File->FilePath, FilePath) == NULL)
return FALSE;
if (!GetFileSizeEx(File->Handle, &LargeInteger))
return FALSE;
else
File->FileSize = LargeInteger.QuadPart;
File->RawData = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, File->FileSize);
if (File->RawData == NULL)
return FALSE;
#pragma warning( push )
#pragma warning( disable : 4244)
if (!ReadFile(File->Handle, File->RawData, File->FileSize, &BytesRead, NULL))
return FALSE;
#pragma warning( pop )
return TRUE;
}
VOID FreeFileBlock(PIMAGE_FILE_BLOCK File)
{
if (File->Handle)
CloseHandle(File->Handle);
if (File->RawData)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, File->RawData);
}
LONGLONG GetEmbeddedPayloadSize(PBYTE PixelData, LONGLONG BitmapPixelDataSize)
{
LONGLONG uSize = 0;
for (INT i = 0; i < 32; i++)
{
uSize <<= 1;
uSize |= (PixelData[i] & 1);
}
if (uSize * 8 + 32 > BitmapPixelDataSize)
return EMBEDDED_BINARY_CORRUPT;
return uSize;
}
VOID GetEmbeddedPayload(PBYTE PixelData, DWORD Size, PBYTE Payload)
{
BYTE Bit = 0;
for (DWORD i = 0; i < Size * 8; i++)
{
Bit = PixelData[i + 32] & 1;
Payload[i / 8] |= (Bit << (7 - (i % 8)));
}
}
BOOL CreatePayloadFromEmbeddedImage(PWCHAR FilePath, PBYTE Data, LONGLONG BinarySize)
{
HANDLE hHandle = INVALID_HANDLE_VALUE;
DWORD BytesWritten = 0;
BOOL bFlag = FALSE;
hHandle = CreateFileW(FilePath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hHandle == INVALID_HANDLE_VALUE)
goto EXIT_ROUTINE;
#pragma warning( push )
#pragma warning( disable : 4244)
if (!WriteFile(hHandle, Data, BinarySize, &BytesWritten, NULL))
goto EXIT_ROUTINE;
#pragma warning( pop )
bFlag = TRUE;
EXIT_ROUTINE:
if (hHandle)
CloseHandle(hHandle);
return bFlag;
}
INT WINAPI wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nShowCmd)
{
LPWSTR* szArglist = NULL;
INT Arguments = 0;
IMAGE_FILE_BLOCK BitmapWithEmbeddedPayload = { 0 };
PBITMAPFILEHEADER BitmapHeader = NULL;
PBYTE BitmapPixelData = NULL;
LONGLONG BitmapPixelDataSize = 0;
LONGLONG EmbeddedBinarySize = 0;
WCHAR PayloadOutputPath[MAX_PATH * sizeof(WCHAR)] = { 0 };
PBYTE PayloadBuffer = NULL;
if (!CrtCreateConsoleIo())
goto EXIT_ROUTINE;
szArglist = CommandLineToArgvW(GetCommandLineW(), &Arguments);
if (szArglist == NULL || Arguments < 2)
{
printf("[ERROR] No commandline argument or insufficient arguments.\r\n");
goto EXIT_ROUTINE;
}
if (!InitializeFileBlock(&BitmapWithEmbeddedPayload, szArglist[1]))
goto EXIT_ROUTINE;
if (StringCopyW(PayloadOutputPath, szArglist[2]) == NULL)
goto EXIT_ROUTINE;
BitmapHeader = (PBITMAPFILEHEADER)BitmapWithEmbeddedPayload.RawData;
#pragma warning( push )
#pragma warning( disable : 6011) //IDE always crying smh. microsoft u gotta lock in
BitmapPixelData = BitmapWithEmbeddedPayload.RawData + BitmapHeader->bfOffBits;
#pragma warning( pop )
BitmapPixelDataSize = BitmapWithEmbeddedPayload.FileSize - BitmapHeader->bfOffBits;
EmbeddedBinarySize = GetEmbeddedPayloadSize(BitmapPixelData, BitmapPixelDataSize);
if (EmbeddedBinarySize == EMBEDDED_BINARY_CORRUPT)
goto EXIT_ROUTINE;
PayloadBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, EmbeddedBinarySize);
if (PayloadBuffer == NULL)
goto EXIT_ROUTINE;
#pragma warning( push )
#pragma warning( disable : 4244)
GetEmbeddedPayload(BitmapPixelData, EmbeddedBinarySize, PayloadBuffer);
#pragma warning( pop )
if (!CreatePayloadFromEmbeddedImage(PayloadOutputPath, PayloadBuffer, EmbeddedBinarySize))
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (BitmapWithEmbeddedPayload.bIsInitialized)
FreeFileBlock(&BitmapWithEmbeddedPayload);
if (PayloadBuffer)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, PayloadBuffer);
return 0;
}Last updated