Commits

Billy O'Neal committed f10b530

Added RIMPORT32 and RIMPORT64. (This is a massive hack -- but then again this whole product is a pile of nasty hacks)

Comments (0)

Files changed (5)

 	else if (iequals(firstArgument, L"TIME"))
 		return times::main(argc, argv);
 	else if (iequals(firstArgument, L"RIMPORT"))
-		return regImport::main(argc, argv);
+        return regImport::main(argc, argv);
+	else if (iequals(firstArgument, L"RIMPORT32"))
+        return regImport::main(argc, argv, KEY_WOW64_32KEY);
+	else if (iequals(firstArgument, L"RIMPORT64"))
+		return regImport::main(argc, argv, KEY_WOW64_64KEY);
 	else if (iequals(firstArgument, L"MOVEEX"))
 		return moveex::main(argc, argv);
 	else if (iequals(firstArgument, L"SC"))

pevLib/regImport.cpp

 
 void import(const std::wstring& fileName);
 
-int main(int argc, wchar_t* argv[])
+int main(int argc, wchar_t* argv[], DWORD wow64flags)
 {
 	if (argc <= 1) throw std::invalid_argument("At least one argument is required to RIMPORT!");
 	bool loose = false;
 	{
 		op.parse(loadFileAsString(argv[num]));
 	}
+    op.SetWow64Flags(wow64Flags);
 #ifdef NDEBUG
 	if (loose || op.succeeded())
 		op.execute();

pevLib/regImport.h

 
 namespace regImport
 {
-	int main(int argc, wchar_t* argv[]);
+	int main(int argc, wchar_t* argv[], DWORD wow64Flags);
 };
 #endif _REG_IMPORT_H_INCLUDED

pevLib/regscriptCompiler.cpp

 #include <boost/algorithm/string/predicate.hpp>
 #include "regscriptCompiler.h"
 
+void regscriptCompiler::SetWow64Flags(DWORD flags)
+{
+    this->wow64Flags = flags;
+}
+
 regscriptCompiler::~regscriptCompiler()
 {
     for (std::vector<opCode>::iterator it = parsedResults.begin(); it != parsedResults.end(); it++)
 
 void regscriptCompiler::execute()
 {
+    DWORD extraFlags = this->wow64Flags;
+    OSVERSIONINFOW verInfo;
+    verInfo.dwOSVersionInfoSize = sizeof(verInfo);
+    if (::GetVersionExW(&verInfo) != 0)
+    {
+        if (verInfo.dwMajorVersion == 5 && verInfo.dwMinorVersion == 0)
+        {
+            // Windows 2000 doesn't support WOW64
+            extraFlags = 0;
+        }
+    }
+    
 	HKEY hRun = (HKEY) INVALID_HANDLE_VALUE;
 	HKEY hRoot = (HKEY) INVALID_HANDLE_VALUE;
 	LPBYTE dataPtr = NULL;
 			dataPtrLen = (DWORD)it->dataLength;
 			break;
 		case createKey:
-			if (RegCreateKeyEx(hRoot, namePtr, NULL, NULL, NULL, KEY_SET_VALUE, NULL, &hRun, NULL) != ERROR_SUCCESS)
+			if (RegCreateKeyEx(hRoot, namePtr, 0, nullptr, extraFlags, KEY_SET_VALUE, nullptr, &hRun, nullptr) != ERROR_SUCCESS)
 				hRun = (HKEY) INVALID_HANDLE_VALUE;
 			break;
 		case closeKey:

pevLib/regscriptCompiler.h

 	DWORD parseDword();
     std::basic_stringstream<wchar_t> outputText;
 	bool fixNull;
+    DWORD wow64Flags;
 public:
+    void SetWow64Flags(DWORD flags);
     bool parse(boost::iterator_range<std::wstring::const_iterator> inputScript);
     ~regscriptCompiler();
     std::wstring getOutput() { return outputText.str(); };