Merge pull request #233 from EasyHook/develop

Merge from develop for 2.7.6682.0
EasyHook · Apr 18, 2018 · dbab5b6 · dbab5b6
2 parents 6327219 + 44485a5
commit dbab5b6
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 18 deletions.
diff --git a/EasyHook.nuspec b/EasyHook.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>EasyHook</id>
-        <version>2.7.6578.0</version>
+        <version>2.7.6682.0</version>
         <title>EasyHook</title>
         <authors>EasyHook</authors>
         <owners>EasyHook</owners>
@@ -13,7 +13,12 @@
 
 EasyHook currently supports injecting assemblies built for .NET Framework 3.5 and 4.0 and can also inject native DLLs.</description>
         <summary>The reinvention of Windows API Hooking</summary>
-        <releaseNotes>2.7.6578.0:
+        <releaseNotes>2.7.6682.0:
+1. Quoted service path to avoid path spaces vulnerability (outlined in CVE-2005-1185, CVE-2005-2938 and CVE-2000-1128)
+2. Rename CLIENT_ID struct to DBG_CLIENT_ID (fix build error on Windows SDK 10.0.16299.0) (#225)
+3. NuGet support for VS2017 (v141) native C/C++ package (#181)
+
+2.7.6578.0:
 1. Allow EasyLoad library path to be specified within Config class - only impacts managed remote hook (#220)
 
 2.7.6270.0:

diff --git a/EasyHookDll/LocalHook/debug.cpp b/EasyHookDll/LocalHook/debug.cpp
@@ -69,17 +69,17 @@ typedef LONG ZwQueryObject_PROC(
             ULONG InInfoSize,
             PULONG OutRequiredSize);
 
-typedef struct _CLIENT_ID
+typedef struct _DBG_CLIENT_ID
 {
     DWORD	    UniqueProcess;
     DWORD	    UniqueThread;
-}CLIENT_ID, * PCLIENT_ID;
+}DBG_CLIENT_ID, * PDBG_CLIENT_ID;
 
 typedef struct _THREAD_BASIC_INFORMATION
 {
     LONG ExitStatus;
     PNT_TIB TebBaseAddress;
-    CLIENT_ID ClientId;
+	DBG_CLIENT_ID ClientId;
     DWORD AffinityMask;
     LONG Priority;
     LONG BasePriority;

diff --git a/EasyHookDll/RemoteHook/service.c b/EasyHookDll/RemoteHook/service.c
@@ -24,6 +24,7 @@
 // about the project and latest updates.
 
 #include "stdafx.h"
+#include <shlwapi.h>
 
 EASYHOOK_NT_EXPORT RtlInstallService(
             WCHAR* InServiceName,
@@ -71,6 +72,8 @@ EASYHOOK_NT_EXPORT RtlInstallService(
     NTSTATUS            NtStatus;
     LPCWSTR		        StartParams[1] = {InChannelName};
     ULONG               res;
+	ULONG				inExePathLength;
+	WCHAR*				quotedInExePath;
 
 	if((hSCManager = OpenSCManagerW(NULL, NULL, SC_MANAGER_ALL_ACCESS)) == NULL)
 		THROW(STATUS_ACCESS_DENIED, L"Unable to open service control manager. Check for administrator privileges!");
@@ -98,17 +101,29 @@ EASYHOOK_NT_EXPORT RtlInstallService(
         THROW(STATUS_ALREADY_REGISTERED, L"The service is already registered. Use the service control manager to remove it!");
 	}
 
+	// quote InExePath 	
+	inExePathLength = RtlUnicodeLength(InExePath);	
+	if ((quotedInExePath = (WCHAR *)RtlAllocateMemory(TRUE,(inExePathLength+3)*sizeof(WCHAR)))==NULL)		
+		THROW(STATUS_NO_MEMORY, L"Unable to allocate memory to perform a string quote.");
+
+	RtlCopyMemory(quotedInExePath,InExePath,inExePathLength*sizeof(WCHAR));
+	PathQuoteSpacesW(quotedInExePath);
+
 	// install service
-	if((hService = CreateServiceW(
-			hSCManager,              
-			InServiceName,            
-			InServiceName,           
-			SERVICE_ALL_ACCESS,        
-			SERVICE_WIN32_OWN_PROCESS,
-			SERVICE_DEMAND_START,    
-			SERVICE_ERROR_NORMAL,     
-			InExePath,            
-			NULL, NULL, NULL, NULL, NULL)) == NULL)
+	hService = CreateServiceW(
+		hSCManager,              
+		InServiceName,            
+		InServiceName,           
+		SERVICE_ALL_ACCESS,        
+		SERVICE_WIN32_OWN_PROCESS,
+		SERVICE_DEMAND_START,    
+		SERVICE_ERROR_NORMAL,     
+		quotedInExePath,            
+		NULL, NULL, NULL, NULL, NULL);
+
+	RtlFreeMemory(quotedInExePath);
+
+	if(hService == NULL)
 		THROW(STATUS_INTERNAL_ERROR, L"Unable to install service as system process.");
 
     // start service

diff --git a/EasyHookNative.autopkg b/EasyHookNative.autopkg
@@ -4,13 +4,13 @@
     Toolset 
     {
         key : "PlatformToolset"; // this is CoApp pre-defined key
-        choices: { v140, v120, v110, v100 };
+        choices: { v141, v140, v120, v110, v100 };
     };
 }
 nuget {
    nuspec {
       id = EasyHookNativePackage;
-      version : 2.7.6270.0;
+      version : 2.7.6682.0;
       title: EasyHook Native Package;
       authors: {EasyHook};
       owners: {EasyHook};
@@ -20,7 +20,15 @@ nuget {
       summary:The reinvention of Windows API Hooking;
       description: @"This project supports extending (hooking) unmanaged code (APIs) on 32- or 64-bit
 Windows XP SP2, Windows Vista x64, Windows Server 2008 x64, Windows 7, Windows 8.1, and Windows 10.";
-      releaseNotes: @"2.7.6270.0:
+      releaseNotes: @"2.7.6682.0:
+1. Quoted service path to avoid path spaces vulnerability (outlined in CVE-2005-1185, CVE-2005-2938 and CVE-2000-1128)
+2. Rename CLIENT_ID struct to DBG_CLIENT_ID (fix build error on Windows SDK 10.0.16299.0) (#225)
+3. NuGet support for VS2017 (v141) native C/C++ package (#181)
+
+2.7.6578.0:
+1. Allow EasyLoad library path to be specified within Config class - only impacts managed remote hook (#220)
+
+2.7.6270.0:
 1. CreateAndInject now supports long command lines (#84 / #170)
 2. RhCreateRemoveStealthThread now works for 64-bit targets (#91 / #159)
 3. Added LhGetHookBypassAddress / LocalHook.HookBypassAddress to allow bypassing the hook and call original directly without having to be within the hook handler (#155)
@@ -104,6 +112,28 @@ Windows XP SP2, Windows Vista x64, Windows Server 2008 x64, Windows 7, Windows 8
          symbols: { .\Build\netfx4-Debug\x64\EasyHook64.pdb; }
          bin:     { .\Build\netfx4-Debug\x64\EasyHook64.dll; }
       };
+
+      // v141 - VS2017
+      [x86,v141,release] {
+         lib:     { .\Build\netfx4-Release\x86\EasyHook32.lib; }
+         symbols: { .\Build\netfx4-Release\x86\EasyHook32.pdb; }
+         bin:     { .\Build\netfx4-Release\x86\EasyHook32.dll; }
+      };
+      [x86,v141,debug] {
+         lib:     { .\Build\netfx4-Debug\x86\EasyHook32.lib; }
+         symbols: { .\Build\netfx4-Debug\x86\EasyHook32.pdb; }
+         bin:     { .\Build\netfx4-Debug\x86\EasyHook32.dll; }
+      };
+      [x64,v141,release] {
+         lib:     { .\Build\netfx4-Release\x64\EasyHook64.lib; }
+         symbols: { .\Build\netfx4-Release\x64\EasyHook64.pdb; }
+         bin:     { .\Build\netfx4-Release\x64\EasyHook64.dll; }
+      };
+      [x64,v141,debug] {
+         lib:     { .\Build\netfx4-Debug\x64\EasyHook64.lib; }
+         symbols: { .\Build\netfx4-Debug\x64\EasyHook64.pdb; }
+         bin:     { .\Build\netfx4-Debug\x64\EasyHook64.dll; }
+      };      
       // The debug here works for any config that contains debug
       // Examples : Debug ENU,  DEBUG-ENU,  Debug DEU
       //[x86,v120,debug] {