From 2fbc1a33d776c5503bcbae8bbe19c267f4dc09a1 Mon Sep 17 00:00:00 2001
From: qtkite <kite@uwu.icu>
Date: Tue, 8 Jun 2021 01:18:24 +1000
Subject: [PATCH] more hooks xd

---
 src/dumper/dumper.cpp | 49 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/src/dumper/dumper.cpp b/src/dumper/dumper.cpp
index 8ed075c..e005cf6 100644
--- a/src/dumper/dumper.cpp
+++ b/src/dumper/dumper.cpp
@@ -18,6 +18,45 @@ std::string wide_to_string(const std::wstring& s) {
 
 namespace RegHooks
 {
+  // 0x33FA4
+  //
+  using StartProcWrapper_t = BOOL(__stdcall*)(LPWSTR);
+  uintptr_t StartProcWrapper_addr;
+
+  BOOL __stdcall hk_StartProcWrapper(LPWSTR lpCommandLine)
+  {
+    std::cout << "[Start Proc Wrapper]" << std::endl;
+    return (reinterpret_cast<StartProcWrapper_t>(StartProcWrapper_addr))(lpCommandLine);
+  }
+
+  // cmdlinestuff, 10/10 naming im tired
+  // 0x63F19
+  //
+  using cmdlinestuff_t = int(__stdcall*)(DWORD*, char, char, int, int);
+  uintptr_t cmdlinestuff_addr;
+
+  int __stdcall hk_cmdlinestuff(DWORD* a1, char a2, char a3, int a4, int a5)
+  {
+    std::cout << "[cmd stuff]" << std::endl;
+
+    return (reinterpret_cast<cmdlinestuff_t>(cmdlinestuff_addr))
+      (a1, a2, a3, a4, a5);
+  }
+
+
+  // 0x57C08
+  //
+  using execute_shell_stuff_t = int(__stdcall*)(DWORD*, char, int, unsigned int, DWORD*);
+  uintptr_t execute_shell_stuff_addr;
+
+  int __stdcall hk_execute_shell_stuff(DWORD* a1, char a2, int a3, unsigned int a4, DWORD* a5)
+  {
+    std::cout << "[shell execute stuff]" << std::endl;
+
+    return (reinterpret_cast<execute_shell_stuff_t>(execute_shell_stuff_addr))
+      (a1, a2, a3, a4, a5);
+  }
+
   // 0x464DC  
   // 
   using alt_start_proc_t = char(__stdcall*)(LPCWSTR, LPCWSTR, LPCWSTR, LPVOID, LPWSTR,
@@ -506,6 +545,16 @@ void thread_main()
   RegHooks::alt_start_proc_addr = (uintptr_t)GetModuleHandleA(0) + 0x464DC;
   DetourHelper::perf_hook((PVOID*)&RegHooks::alt_start_proc_addr, RegHooks::hk_alt_start_proc);
 
+  RegHooks::cmdlinestuff_addr = (uintptr_t)GetModuleHandleA(0) + 0x63F19;
+  DetourHelper::perf_hook((PVOID*)&RegHooks::cmdlinestuff_addr, RegHooks::hk_cmdlinestuff);
+
+  RegHooks::StartProcWrapper_addr = (uintptr_t)GetModuleHandleA(0) + 0x33FA4;
+  DetourHelper::perf_hook((PVOID*)&RegHooks::StartProcWrapper_addr, RegHooks::hk_StartProcWrapper);
+
+
+  RegHooks::execute_shell_stuff_addr = (uintptr_t)GetModuleHandleA(0) + 0x33FA4;
+  DetourHelper::perf_hook((PVOID*)&RegHooks::execute_shell_stuff_addr, RegHooks::hk_execute_shell_stuff);
+   
 }
 
 BOOL APIENTRY DllMain(HMODULE hModule,