#include #include #include #include #include #include #include /* * * SHELLFIX.C * * SHELLFIX will change the version number of the kernel * so that GetVersionEx will return an appropriate version * number for the shell update. * */ #define VER_STRING_351 "3.51\0" #define VER_STRING_399 "3.99\0" #define VER_LENGTH 5 #define KERNEL_NAME "ntoskrnl.exe" void CleanupandExit(HANDLE hfile, HANDLE hmap, LPVOID lpdata, BOOL failure) { if (lpdata) UnmapViewOfFile(lpdata); if (hmap) CloseHandle(hmap); if (hfile) CloseHandle(hfile); if (failure) exit(1); } void Usage() { fprintf(stderr,"Usage: SHELLFIX [-?] [-t | -u] path\n"); fprintf(stderr," [-?] display this message\n"); fprintf(stderr," [-t] will change your version number to 3.99\n"); fprintf(stderr," [-u] will change your version number back to 3.51\n"); exit(1); } main(int argc, char *argv[]) { HANDLE hfileKernel; // Handle to the Kernel File HANDLE hmapKernel; // Handle to the File Mapping Object UCHAR *lpBaseKernel; // Base address of the Mapped File ULONG Offset; CHAR search_string[VER_LENGTH], replace_string[VER_LENGTH]; CHAR kernel_path[MAX_PATH]; ULONG CheckSum; ULONG FileLength; ULONG HeaderSum; ULONG OldCheckSum; PIMAGE_NT_HEADERS NtHeaders; if ((argc <= 1) || (argc > 3) || !_strcmpi(argv[1], "-?")) Usage(); if (!_strcmpi(argv[1], "-T")) { strcpy(search_string, VER_STRING_351); strcpy(replace_string, VER_STRING_399); } else { if (!_strcmpi(argv[1], "-U")) { strcpy(search_string, VER_STRING_399); strcpy(replace_string, VER_STRING_351); } else Usage(); } if(argc==3) { strcpy(kernel_path, argv[2]); strcat(kernel_path, "\\"); } else *kernel_path = NULL; strcat(kernel_path, KERNEL_NAME); if ((hfileKernel=CreateFile( kernel_path, GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL)) == INVALID_HANDLE_VALUE) { fprintf(stderr,"Unable to open %s for write access (%d)\n", kernel_path, GetLastError()); exit(1); } if (!(hmapKernel=CreateFileMapping( hfileKernel, NULL, PAGE_READWRITE, 0, 0, NULL))) { fprintf(stderr, "Unable to create file mapping (%d)\n", GetLastError()); CleanupandExit(hfileKernel, NULL, NULL, TRUE); } if (!(lpBaseKernel=MapViewOfFile( hmapKernel, FILE_MAP_WRITE, 0, 0, 0))) { fprintf(stderr, "Unable to map the file (%d)\n", GetLastError()); CleanupandExit(hfileKernel, hmapKernel, NULL, TRUE); } FileLength=GetFileSize(hfileKernel, NULL); for (Offset=0;Offset= FileLength) { fprintf(stderr,"Unable to find version number %s in %s\n", search_string, kernel_path); CleanupandExit(hfileKernel, hmapKernel, lpBaseKernel, TRUE); } memcpy((lpBaseKernel+Offset), replace_string, VER_LENGTH); if (!FlushViewOfFile((lpBaseKernel+Offset), VER_LENGTH)) { fprintf(stderr,"FlushViewOfFile failed (%d)\n", GetLastError()); CleanupandExit(hfileKernel, hmapKernel, lpBaseKernel, TRUE); } fprintf(stderr,"Version number %s was sucessfully replaced with %s\n", search_string, replace_string); NtHeaders = ImageNtHeader(lpBaseKernel); OldCheckSum = NtHeaders->OptionalHeader.CheckSum; (VOID) CheckSumMappedFile( lpBaseKernel, FileLength, &HeaderSum, &CheckSum ); NtHeaders->OptionalHeader.CheckSum = CheckSum; FlushViewOfFile(lpBaseKernel, FileLength); TouchFileTimes(hfileKernel, NULL); CleanupandExit(hfileKernel, hmapKernel, lpBaseKernel, FALSE); return (0); }