From 4ab9d3d7bee4623b7dd49db5f0e45ca7892b1e21 Mon Sep 17 00:00:00 2001
From: Jurriaan Bremer <jurriaanbremer@gmail.com>
Date: Mon, 4 Nov 2013 10:24:07 +0100
Subject: [PATCH] randomize startup time based on a value initialized in the
 analyzer

---
 config.c     | 3 +++
 config.h     | 3 +++
 cuckoomon.c  | 3 +++
 hook_sleep.c | 5 +++++
 hook_sleep.h | 1 +
 5 files changed, 15 insertions(+)

diff --git a/config.c b/config.c
index b1a75d0..655c3cf 100644
--- a/config.c
+++ b/config.c
@@ -59,6 +59,9 @@ void read_config()
                 else if(!strcmp(key, "first-process")) {
                     g_config.first_process = value[0] == '1';
                 }
+                else if(!strcmp(key, "startup-time")) {
+                    g_config.startup_time = atoi(value);
+                }
                 else if(!strcmp(key, "retaddr-check")) {
                     g_config.retaddr_check = value[0] == '1';
                 }
diff --git a/config.h b/config.h
index 05685a7..14a3b82 100644
--- a/config.h
+++ b/config.h
@@ -29,6 +29,9 @@ struct {
     // is this the first process or not?
     int first_process;
 
+    // how many milliseconds since startup
+    unsigned int startup_time;
+
     // do we want to enable the retaddr check?
     int retaddr_check;
 
diff --git a/cuckoomon.c b/cuckoomon.c
index eac94cf..bf4dcbf 100644
--- a/cuckoomon.c
+++ b/cuckoomon.c
@@ -391,6 +391,9 @@ BOOL APIENTRY DllMain(HANDLE hModule, DWORD dwReason, LPVOID lpReserved)
         // initialize the Sleep() skipping stuff
         init_sleep_skip(g_config.first_process);
 
+        // we skip a random given amount of milliseconds each run
+        init_startup_time(g_config.startup_time);
+
         // disable the retaddr check if the user wants so
         if(g_config.retaddr_check == 0) {
             hook_disable_retaddr_check();
diff --git a/hook_sleep.c b/hook_sleep.c
index 574bc14..f7a74eb 100644
--- a/hook_sleep.c
+++ b/hook_sleep.c
@@ -134,3 +134,8 @@ void init_sleep_skip(int first_process)
         disable_sleep_skip();
     }
 }
+
+void init_startup_time(unsigned int startup_time)
+{
+    time_skipped.QuadPart += (unsigned __int64) startup_time * 10000;
+}
diff --git a/hook_sleep.h b/hook_sleep.h
index 0c39c55..aab53a0 100644
--- a/hook_sleep.h
+++ b/hook_sleep.h
@@ -18,3 +18,4 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 void disable_sleep_skip();
 void init_sleep_skip(int first_process);
+void init_startup_time(unsigned int startup_time);