Add a few more hooks to eliminate noise

spender-sandbox · Jan 27, 2016 · a354f43 · a354f43
1 parent ed63d31
commit a354f43
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 1 deletion.
diff --git a/cuckoomon.c b/cuckoomon.c
@@ -375,6 +375,7 @@ static hook_t g_hooks[] = {
 	HOOK(imgutil, DecodeImage),
 	HOOK(advapi32, LsaOpenPolicy),
 	HOOK(mpr, WNetGetProviderNameW),
+	HOOK(rasapi32, RasValidateEntryNameW),
 
 	//
     // Network Hooks
@@ -520,6 +521,8 @@ static hook_t g_hooks[] = {
 	HOOK(advapi32, CryptExportKey),
 	HOOK(advapi32, CryptGenKey),
 	HOOK(advapi32, CryptCreateHash),
+	HOOK(advapi32, CryptEnumProvidersA),
+	HOOK(advapi32, CryptEnumProvidersW),
 
 	HOOK(wintrust, HTTPSCertificateTrust),
 	HOOK(wintrust, HTTPSFinalProv),
@@ -544,6 +547,8 @@ static hook_t g_hooks[] = {
 	HOOK(cryptsp, CryptExportKey),
 	HOOK(cryptsp, CryptGenKey),
 	HOOK(cryptsp, CryptCreateHash),
+	HOOK(cryptsp, CryptEnumProvidersA),
+	HOOK(cryptsp, CryptEnumProvidersW),
 };
 
 void set_hooks_dll(const wchar_t *library)

diff --git a/hook_crypto.c b/hook_crypto.c
@@ -324,4 +324,30 @@ HOOKDEF(BOOL, WINAPI, CryptImportPublicKeyInfo,
 	BOOL ret = Old_CryptImportPublicKeyInfo(hCryptProv, dwCertEncodingType, pInfo, phKey);
 	LOQ_bool("crypto", "hsb", "CertEncodingType", dwCertEncodingType, "AlgOID", pInfo->Algorithm.pszObjId, "Blob", pInfo->PublicKey.cbData, pInfo->PublicKey.pbData);
 	return ret;
-}
+}
+
+HOOKDEF(BOOL, WINAPI, CryptEnumProvidersA,
+	_In_    DWORD  dwIndex,
+	_In_    DWORD  *pdwReserved,
+	_In_    DWORD  dwFlags,
+	_Out_   DWORD  *pdwProvType,
+	_Out_   LPSTR pszProvName,
+	_Inout_ DWORD  *pcbProvName
+) {
+	BOOL ret = Old_CryptEnumProvidersA(dwIndex, pdwReserved, dwFlags, pdwProvType, pszProvName, pcbProvName);
+	LOQ_bool("crypto", "is", "Index", dwIndex, "ProviderName", pszProvName);
+	return ret;
+}
+
+HOOKDEF(BOOL, WINAPI, CryptEnumProvidersW,
+	_In_    DWORD  dwIndex,
+	_In_    DWORD  *pdwReserved,
+	_In_    DWORD  dwFlags,
+	_Out_   DWORD  *pdwProvType,
+	_Out_   LPWSTR pszProvName,
+	_Inout_ DWORD  *pcbProvName
+) {
+	BOOL ret = Old_CryptEnumProvidersW(dwIndex, pdwReserved, dwFlags, pdwProvType, pszProvName, pcbProvName);
+	LOQ_bool("crypto", "iu", "Index", dwIndex, "ProviderName", pszProvName);
+	return ret;
+}
diff --git a/hook_misc.c b/hook_misc.c
@@ -800,3 +800,12 @@ HOOKDEF(DWORD, WINAPI, WNetGetProviderNameW,
 
 	return ret;
 }
+
+HOOKDEF(DWORD, WINAPI, RasValidateEntryNameW,
+	_In_ LPCWSTR lpszPhonebook,
+	_In_ LPCWSTR lpszEntry
+) {
+	DWORD ret = Old_RasValidateEntryNameW(lpszPhonebook, lpszEntry);
+	LOQ_zero("misc", "uu", "Phonebook", lpszPhonebook, "Entry", lpszEntry);
+	return ret;
+}
diff --git a/hooks.h b/hooks.h
@@ -1170,6 +1170,11 @@ extern HOOKDEF(NTSTATUS, WINAPI, RtlCreateUserThread,
 // Misc Hooks
 //
 
+extern HOOKDEF(DWORD, WINAPI, RasValidateEntryNameW,
+	_In_ LPCWSTR lpszPhonebook,
+	_In_ LPCWSTR lpszEntry
+);
+
 extern HOOKDEF(void, WINAPI, GetSystemInfo,
 	__out LPSYSTEM_INFO lpSystemInfo
 );
@@ -2287,6 +2292,25 @@ extern HOOKDEF(BOOL, WINAPI, CryptCreateHash,
 	_Out_  HCRYPTHASH *phHash
 );
 
+extern HOOKDEF(BOOL, WINAPI, CryptEnumProvidersA,
+	_In_    DWORD  dwIndex,
+	_In_    DWORD  *pdwReserved,
+	_In_    DWORD  dwFlags,
+	_Out_   DWORD  *pdwProvType,
+	_Out_   LPSTR pszProvName,
+	_Inout_ DWORD  *pcbProvName
+);
+
+extern HOOKDEF(BOOL, WINAPI, CryptEnumProvidersW,
+	_In_    DWORD  dwIndex,
+	_In_    DWORD  *pdwReserved,
+	_In_    DWORD  dwFlags,
+	_Out_   DWORD  *pdwProvType,
+	_Out_   LPWSTR pszProvName,
+	_Inout_ DWORD  *pcbProvName
+);
+
+
 extern HOOKDEF(HRESULT, WINAPI, HTTPSCertificateTrust,
 	PVOID data // PCRYPT_PROVIDER_DATA
 );