Factfinder Posted December 10, 2016 Share Posted December 10, 2016 Hello, I have been trying to convert this script: https://www.ntkernel.com/microsoft-edge-protectedhomepages/ The function will decrypt/unobfuscate value data set as the home page in MS Edge. I'm not good at reading/understanding advanced C++ script. So I can't read these two lines of script and couldn't find a C++ reference explaining similar value setting: Quote rand_seed = *(int*)input_buffer_ptr moving_input_ptr = (BYTE*)((int*)input_buffer_ptr + 1) I appreciate if anyone can assist in converting or pointing me to a reference explaining similar value settings. This is the part of script I'm working on: expandcollapse popupFunc _UnobfuscateData($input_buffer_ptr, $input_buffer_size, $output_buffer_ptr = "", $output_buffer_size_ptr = "") ;SIZE_T output_buffer_size; ;BYTE* decrypted_buffer; ;int rand_seed; ;BYTE* moving_input_ptr; ;BYTE* moving_output_ptr; ;size_t i; ;char v14; ;char v15; ;unsigned int v16; ;unsigned int v17; ;char v19; ;bool result; ;int v21; Local $decrypted_buffer, $rand_seed, $moving_input_ptr, $moving_output_ptr, $i, $v15, $v16, $v17, $v19, $v21, $result ;output_buffer_size = input_buffer_size - 4 $output_buffer_size = $input_buffer_size - 4 ;*output_buffer_size_ptr = output_buffer_size $soutput_buffer_size = DllStructCreate('uint') DllStructSetData($soutput_buffer_size, 1, $output_buffer_size) $output_buffer_size_ptr = DllStructGetPtr($soutput_buffer_size) ;if (input_buffer_size == 4) ;{ ;*output_buffer_ptr = nullptr; ;result = true; ;} ;Else If $input_buffer_size == 4 Then $output_buffer_size_ptr = 0 $result = True Else ;decrypted_buffer = (BYTE*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, output_buffer_size) $GetProcessHeap = DllCall("Kernel32.dll", "hwnd", "GetProcessHeap") If @error Or Not $GetProcessHeap[0] Then Return $HeapAlloc = DllCall("Kernel32.dll", "ptr", "HeapAlloc", "hwnd", $GetProcessHeap[0], "dword", 0x00000008, "long", $output_buffer_size) If @error Or Not $HeapAlloc[0] Then Return False $decrypted_buffer = $HeapAlloc[0] ;*output_buffer_ptr = decrypted_buffer $soutput_buffer_ptr = DllStructCreate('ptr') DllStructSetData($soutput_buffer_ptr, 1, $decrypted_buffer) $output_buffer_ptr = DllStructGetPtr($soutput_buffer_ptr) ;memset(decrypted_buffer, 0, *output_buffer_size_ptr); DllCall("msvcrt.dll", "ptr:cdecl", "memset", "ptr", $decrypted_buffer, "int", 0, "int", $output_buffer_size) ;rand_seed = *(int*)input_buffer_ptr ;moving_input_ptr = (BYTE*)((int*)input_buffer_ptr + 1) EndFunc Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now