2014-01-12T00:16:57  *** Nazeo has joined #thcrap
2014-01-12T01:11:40  <Nmlgc> So I now applied digital signatures to the thcrap binaries as promised, but as far as I can tell, self-signed certificates don't have any effect on Windows... Nazeo, could you try this on your end?
2014-01-12T01:12:14  <Ruusento> Nmlgc, why you would need a certificate on your binaries?
2014-01-12T01:12:35  <Ruusento> do you need to verify a signature inside the binaries themselves?
2014-01-12T01:13:27  <Ruusento> also, it won't suppress the UAC warning, even if the cert is signed by a trusted CA
2014-01-12T01:15:26  <Nmlgc> Yes, but shouldn't it at least then show who signed the binary, instead of "Unknown Publisher"?
2014-01-12T01:16:27  <Nmlgc> And that the file hasn't been modified since then.
2014-01-12T02:41:19  *** natsurou_ has quit IRC
2014-01-12T02:47:10  *** natsurou has joined #thcrap
2014-01-12T03:49:24  *** Nmlgc has quit IRC
2014-01-12T04:31:03  * Nazeo sleepily trys it out.
2014-01-12T06:09:33  *** Ibaraki_Ibuki has quit IRC
2014-01-12T12:02:41  *** Nmlgc has joined #thcrap
2014-01-12T12:08:07  *** Johnny7 has quit IRC
2014-01-12T12:08:08  *** nurupo has quit IRC
2014-01-12T12:47:50  *** nurupo has joined #thcrap
2014-01-12T12:51:12  *** Johnny7 has joined #thcrap
2014-01-12T13:28:12  *** Nazeo has quit IRC
2014-01-12T16:10:14  *** nortti is now known as shikherr
2014-01-12T16:10:29  *** shikherr is now known as nortti
2014-01-12T18:21:01  *** Ibaraki_Ibuki has joined #thcrap
2014-01-12T18:24:53  *** Tosiaki has joined #thcrap
2014-01-12T18:24:55  *** zertap has quit IRC
2014-01-12T18:28:46  *** zertap has joined #thcrap
2014-01-12T20:39:48  *** Learch has joined #thcrap
2014-01-12T20:40:08  <Learch> Hai
2014-01-12T20:40:17  <Learch> Halp pl0x
2014-01-12T20:41:29  <Learch> thcrap was working fine until I started using the latest build. Now when I try to run it, it gives the "Cannot load dll: thcrap.dll" error.
2014-01-12T20:42:02  <Learch> Apparently this was a bug a long time ago, but they claimed to have fixed it: was apparently caused by loading hierarchies being bad.
2014-01-12T20:42:34  <Learch> However, I don't have thcrap.dll anywhere else on my computer, so it can't be that either.
2014-01-12T20:47:51  *** primesit has joined #thcrap
2014-01-12T20:49:30  <Nmlgc> Hmm... OK, this will probably take a while until I found the problem, so please bear with me. :)
2014-01-12T20:49:38  <Nmlgc> First, let's check the dependencies of thcrap.dll.
2014-01-12T20:49:49  <Nmlgc> http://www.dependencywalker.com/depends22_x86.zip
2014-01-12T20:50:21  <Nmlgc> Open depends.exe, load thcrap.dll and post a screenshot of the program window.
2014-01-12T20:55:40  <Nmlgc> ... oh, wait, I just noticed something.
2014-01-12T20:56:34  <Nmlgc> Did the message box show the correct absolute path to thcrap.dll? If it didn't, the loader did inject an older version after all.
2014-01-12T21:02:26  *** primesit has quit IRC
2014-01-12T21:17:30  *** Tosiaki has quit IRC
2014-01-12T21:23:41  <Learch> Yeah, it showed the correct absolute path.
2014-01-12T21:25:25  <Learch> Gimme a bit, I'll do that thing.
2014-01-12T21:27:04  <Learch> http://imgur.com/YJqhsq0 Is the error I get
2014-01-12T21:27:07  <[Bot]MagicStone> Title: imgur: the simple image sharer (at imgur.com)
2014-01-12T21:28:40  <Learch> And now I kinda see what's wrong.
2014-01-12T21:29:20  <Learch> http://imgur.com/hWUva40 is the thing I see when I run depends.exe
2014-01-12T21:29:25  <[Bot]MagicStone> Title: imgur: the simple image sharer (at imgur.com)
2014-01-12T21:29:31  <Learch> And it's clear to me that I need gpsvc.dll and ieshims.dll
2014-01-12T21:30:18  <Learch> Mildly off topic: Does depends.exe also do something like this on C++ code?
2014-01-12T21:30:40  <Learch> It occurs to me that I could probably use this kind of thing for other things.
2014-01-12T21:31:33  <Learch> And now for the on topic thing, where can I get those dlls? Should I just be able to google them, or should they be part of a larger package?
2014-01-12T21:32:06  <nurupo> Learch: yes, depends.exe does for other applications
2014-01-12T21:32:18  <Nmlgc> It should basically work, apart from the function names not looking too pretty since overloading information has to be encoded in them.
2014-01-12T21:32:53  <Nmlgc> Actually you don't need these DLLs, I don't have them either.
2014-01-12T21:32:59  <Learch> Eh? That's pretty cool.
2014-01-12T21:33:29  <Nmlgc> Could you collapse shlwapi.dll and all the rest so that all DLLs imported by thcrap.dll are visible?
2014-01-12T21:34:22  <Learch> Like this? http://imgur.com/RGxTm1R
2014-01-12T21:34:23  <[Bot]MagicStone> Title: imgur: the simple image sharer (at imgur.com)
2014-01-12T21:35:42  <Nmlgc> OK, everything seems to be alright as far as imports are concerned.
2014-01-12T21:38:55  <nurupo> Nmlgc: are both github and wiki link to the same version?
2014-01-12T21:39:04  <Nmlgc> Yes.
2014-01-12T21:41:44  <Nmlgc> https://dl.dropboxusercontent.com/u/13801415/Touhou/mi/debug/thcrap-learch.zip << OK, let's try it with the old injection system, but all the other changes from the new build.
2014-01-12T21:42:18  <Nmlgc> Just overwrite the old files and use the same shortcuts, you don't have to reconfigure anything.
2014-01-12T21:44:45  <Learch> That worked.
2014-01-12T21:44:52  <Learch> What was wrong with it?
2014-01-12T21:45:12  <Nmlgc> Well, that's what we've got to find out now.
2014-01-12T21:45:24  <Learch> Oh right, you used the old injection system. You said as much. >.>
2014-01-12T21:46:24  <Learch> OK. So, should I stick around until you can reproduce?
2014-01-12T21:46:37  <Nmlgc> That would certainly help.
2014-01-12T21:46:47  <Nmlgc> https://github.com/nmlgc/thcrap/commit/f4b1db75e905a443b814b5dddd1e28f49233f6c9 << So, the problem is somewhere in here...
2014-01-12T21:46:48  <[Bot]MagicStone> Title: Use LoadLibraryEx() in the injection payload to guarantee the correct DL... · f4b1db7 · nmlgc/thcrap · GitHub (at github.com)
2014-01-12T21:50:37  <Learch> Oh.
2014-01-12T21:50:54  <Learch>  HMODULE h = LoadLibraryEx(dll_fn, NULL, LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR); is returning 0 for some reason, right?
2014-01-12T21:51:16  <Learch> (As a wild guess.)
2014-01-12T21:51:36  *** Johnny5 has joined #thcrap
2014-01-12T21:51:37  <Nmlgc> That's merely part of a comment that explains what happens in the assembly code below.
2014-01-12T21:51:57  <Nmlgc> ... but yes, it does.
2014-01-12T21:52:30  <Learch> Oh fuck.
2014-01-12T21:52:48  <Learch> That's why I couldn't read the rest of that. :P
2014-01-12T21:54:13  *** Johnny7 has quit IRC
2014-01-12T22:25:15  <Learch> Oi, Nmlgc: Does any of that code rely on the fact that it doesn't hurt for something to overflow for some reason?
2014-01-12T22:25:53  <Learch> Like, I see *p++ = 0xFF; which probably overflows if I can half-read this.
2014-01-12T22:26:17  <Learch> But I'd imagine that on some architectures, the entire thing decides to stop if it detects an overflow.
2014-01-12T22:26:50  <Learch> Or some implementations of something or another.
2014-01-12T22:31:53  <Nmlgc> Well, the size of the injection payload buffer where all code, paths and error strings are stored (and where p points to) is 2048 (more than enough to hold the code) plus the length of all the strings, so I can't really see it overflowing.
2014-01-12T22:33:18  <Learch> OK.
2014-01-12T22:33:32  <Learch> (Time for me to stop pretending I know anything about this code nao.)
2014-01-12T22:42:49  <Nmlgc> https://dl.dropboxusercontent.com/u/13801415/Touhou/mi/debug/thcrap-learch-getlasterror.zip << Alright, I built rudimentary error reporting on top of the new injection system. This should now print a number instead of the error message.
2014-01-12T22:44:32  <Learch> 87
2014-01-12T22:45:50  <Learch> Seems to be the same error regardless of which game I play, too. >.>
2014-01-12T22:53:19  *** Tosiaki has joined #thcrap
2014-01-12T22:55:24  *** Tosiaki1 has joined #thcrap
2014-01-12T22:56:25  *** Tosiaki has quit IRC
2014-01-12T23:03:11  <Nmlgc> OK, the only explanation that makes sense to me points to you not having installed this Windows update: http://support.microsoft.com/kb/2533623
2014-01-12T23:03:12  <[Bot]MagicStone> Title: Microsoft Security Advisory: Insecure library loading could allow remote code execution (at support.microsoft.com)
2014-01-12T23:10:33  <Learch> That sounds like a very reasonable explanation.
2014-01-12T23:10:46  <Learch> Considering that I never mess with the updates n'stuff.
2014-01-12T23:10:48  <Learch> >.>
2014-01-12T23:11:45  *** Tosiaki1 has quit IRC
2014-01-12T23:12:58  <Learch> Restarting to check that out.
2014-01-12T23:13:03  *** Learch has quit IRC
2014-01-12T23:13:38  *** Nazeo has joined #thcrap
2014-01-12T23:16:31  *** Learch has joined #thcrap
2014-01-12T23:16:38  <Learch> Works nao.
2014-01-12T23:16:42  <Learch> Thanks nmlgc!
2014-01-12T23:16:51  <Nmlgc> You're welcome.
2014-01-12T23:17:02  <Nmlgc> Whelp, time to add a vanilla Windows 7 to my testing systems.
2014-01-12T23:17:19  <Learch> Lol.
2014-01-12T23:17:33  <Learch> Imma gtfo nao.
2014-01-12T23:17:38  <Learch> Kbai.
2014-01-12T23:17:42  <Nmlgc> \o
2014-01-12T23:17:52  <Learch> o/
2014-01-12T23:17:57  *** Learch has quit IRC
2014-01-12T23:18:11  <Nmlgc> So, Nazeo, have you got time to test the certificate thingy now?
2014-01-12T23:18:31  <Nazeo> I do...! Just came back from Shock and Awe. Everything hurts but I think I can manage.
2014-01-12T23:19:10  <Nmlgc> Alright...
2014-01-12T23:19:46  <Nmlgc> http://nmlgc.net/nmlgc.cer << First, get this, click it, and install it to your system.
2014-01-12T23:23:03  <Nazeo> Okies, downloaded and now installing.
2014-01-12T23:24:03  <Nazeo> Ok, good.
2014-01-12T23:25:00  <Nmlgc> https://dl.dropboxusercontent.com/u/13801415/Touhou/mi/debug/thcrap-learch-getlasterror.zip << Then, replace your thcrap installation with this one, and try starting thcrap_configure.
2014-01-12T23:25:42  <Nmlgc> Normally, you should see some warning whether you really want to run this program as it came from the internet, etc... Does this look differently now?
2014-01-12T23:26:38  <Nazeo> Clear
2014-01-12T23:26:39  <Nazeo> :)
2014-01-12T23:26:48  <Nmlgc> Can I have a screenshot?
2014-01-12T23:27:11  <Nazeo> Sure!
2014-01-12T23:28:21  <Nmlgc> Oh, it didn't show a Windows warning before?
2014-01-12T23:29:01  <Nazeo> Nopw
2014-01-12T23:29:04  <Nazeo> *Nope
2014-01-12T23:29:19  <Nmlgc> But it did before, didn't it?
2014-01-12T23:29:36  <Nazeo> Mhm!
2014-01-12T23:31:59  <Nmlgc> https://dl.dropboxusercontent.com/u/13801415/Touhou/mi/debug/thcrap_configure_malicious.zip << OK, now replace thcrap_configure with this one and try starting it again.
2014-01-12T23:32:21  <Nmlgc> (I just modified some text to invalidate the signature.)
2014-01-12T23:33:03  <Nazeo> Roger!
2014-01-12T23:36:18  <Nazeo> Works without trigger
2014-01-12T23:36:57  <Nmlgc> :(.
2014-01-12T23:37:00  <Nazeo> ?
2014-01-12T23:37:03  <Nazeo> Is that bad?
2014-01-12T23:38:59  <Nmlgc> Well, yeah. If it doesn't trigger for modified binaries with therefore invalid signatures, it kind of defeats the whole purpose of signing the files in the first place.
2014-01-12T23:39:48  <Nmlgc> Oh well, maybe we can still use this system to safely update the patcher itself.
2014-01-12T23:41:45  <Nazeo> How? :o
2014-01-12T23:45:00  <Nmlgc> If there's a new build on the server, we download its archive and check the signature of every binary inside. If the signature is the same as the one the current version was signed with *and* the contents of the binary correspond to the signature, we replace it.
2014-01-12T23:46:43  <Nmlgc> That should work until the signature expires at January 1, 2040. :)
2014-01-12T23:50:31  <Nazeo> :o
2014-01-12T23:50:38  <Nazeo> Like magic!