update for 2.06.05, bypass hook detection

Updates for Lockdown Browser 2.06.05.

Bypassed the laughable "hook detection" that respondus implemented by simply incrementing an integer on ldb::CheckVM and ldb::CheckForegroundWindow.  Try harder, Respondus.

[email protected]

ThreateningYeti/handler.hpp

@@ -32,7 +32,7 @@ namespace ty
 			std::cout << " / / / / / / /  /  __/ /_/ / /_/  __/ / / / / / / / /_/ /      / /  __/ /_/ /  \n";
 			std::cout << "/_/ /_/ /_/_/   \\___/\\__,_/\\__/\\___/_/ /_/_/_/ /_/\\__, /      /_/\\___/\\__/_/   \n";
 			std::cout << "                                                 /____/                        \n";
-			std::cout << "\n\nVersion 1.4 for LDB 2.06.03" << std::endl;
+			std::cout << "\n\nVersion 1.5 for LDB 2.06.05" << std::endl;
 
 			loguru::g_colorlogtostderr = true;
 
@@ -56,19 +56,19 @@ namespace ty
 			// hook internal functions
 			LOG_F(INFO, "Initializing internal function hooks");
 			CHECK_F(
-				!MH_CreateHook(LD_OFFSET(0x058860), &hooks::
+				!MH_CreateHook(LD_OFFSET(0x058E90), &hooks::
 					disable_task_manager, (void**)&hooks::og_disable_task_manager),
 				"Error hooking disable task manager");
 #ifdef _DEBUG
 			CHECK_F(!MH_CreateHook(LD_OFFSET(0x066970), &hooks::lockdown_log, (void**)&hooks::og_lockdown_log),
 			        "Error hooking internal logging function");
 #endif
 			CHECK_F(
-				!MH_CreateHook(LD_OFFSET(0x05F200), &hooks::check_foreground_window, (void**)&hooks::
+				!MH_CreateHook(LD_OFFSET(0x05F820), &hooks::check_foreground_window, (void**)&hooks::
 					og_check_foreground_window), "Error hooking check foreground window function");
-			CHECK_F(!MH_CreateHook(LD_OFFSET(0x036C60), &hooks::wnd_proc, (void**)&hooks::og_wnd_proc),
+			CHECK_F(!MH_CreateHook(LD_OFFSET(0x036ED0), &hooks::wnd_proc, (void**)&hooks::og_wnd_proc),
 			        "Error hooking WndProc");
-			CHECK_F(!MH_CreateHook(LD_OFFSET(0x0568F0), &hooks::check_vm, (void**) &hooks::og_check_vm), "Error hooking check vm");
+			CHECK_F(!MH_CreateHook(LD_OFFSET(0x056F20), &hooks::check_vm, (void**) &hooks::og_check_vm), "Error hooking check vm");
 
 			// hook winapi functions
 			LOG_F(INFO, "Hooking WinAPI functions");

ThreateningYeti/hooks.cpp

@@ -60,7 +60,7 @@ LSTATUS ty::hooks::disable_task_manager(void* a1)
 
 BOOL ty::hooks::empty_clipboard()
 {
-	LOG_F(WARNING, "blocked call to empty clipboard"); 
+	LOG_F(WARNING, "blocked call to empty clipboard");
 	return TRUE;
 }
 
@@ -102,6 +102,14 @@ HANDLE WINAPI ty::hooks::create_file(LPCSTR lpFileName, DWORD dwDesiredAccess, D
 // xref string "ASC - "
 BOOL ty::hooks::check_foreground_window()
 {
+	_asm
+	{
+		push 0
+		call GetModuleHandleW
+		mov eax, [eax + 0x124DC8]
+		inc dword ptr[eax + 0x8FA8]
+	}
+
 	return TRUE;
 }
 
@@ -170,14 +178,22 @@ BOOL WINAPI ty::hooks::get_monitor_info(HMONITOR hMonitor, LPMONITORINFO lpmi)
 {
 	auto result = og_get_monitor_info(hMonitor, lpmi);
 	lpmi->dwFlags = 8;
-	
+
 	return result;
 }
 
 int ty::hooks::check_vm()
 {
-	LOG_F(WARNING, "Blocked call to check VM");
-	// return value not checked
+	LOG_F(WARNING, "Blocked call to check VM - faked call count");
+
+	// its 3 am and im too lazy
+	_asm
+	{
+		push 0
+		call GetModuleHandleW
+		mov eax, [eax + 0x124DC8]
+		inc dword ptr [eax + 0x8FA4]
+	}
+
 	return FALSE;
 }
-