Public-Mirror/Textractor
1
0
Fork 1
mirror of https://github.com/Artikash/Textractor.git synced 2024-12-24 01:14:12 +08:00
Code Issues Projects Releases Wiki Activity

fix buffer overrun

Browse Source
This commit is contained in:
Akash Mozumdar 2019-01-22 15:18:28 -05:00
parent 4e65d29978
commit 38d011271e
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
vnrhook/texthook.cc
View File

@ -89,6 +89,8 @@ namespace { // unnamed
#endif #endif
bool trigger = false; bool trigger = false;
enum { TEXT_BUFFER_SIZE = PIPE_BUFFER_SIZE - sizeof(ThreadParam) };
} // unnamed namespace } // unnamed namespace
void SetTrigger() void SetTrigger()
@ -141,8 +143,9 @@ void TextHook::Send(uintptr_t dwDataBase)
dwCount = GetLength(dwDataBase, dwDataIn); dwCount = GetLength(dwDataBase, dwDataIn);
} }
if (dwCount == 0 || dwCount > PIPE_BUFFER_SIZE - sizeof(ThreadParam)) return; if (dwCount == 0) return;
BYTE pbData[PIPE_BUFFER_SIZE]; if (dwCount > TEXT_BUFFER_SIZE) dwCount = TEXT_BUFFER_SIZE;
BYTE pbData[TEXT_BUFFER_SIZE];
if (hp.length_offset == 1) { if (hp.length_offset == 1) {
dwDataIn &= 0xffff; dwDataIn &= 0xffff;
if ((hp.type & BIG_ENDIAN) && (dwDataIn >> 8)) dwDataIn = _byteswap_ushort(dwDataIn & 0xffff); if ((hp.type & BIG_ENDIAN) && (dwDataIn >> 8)) dwDataIn = _byteswap_ushort(dwDataIn & 0xffff);
@ -170,7 +173,8 @@ void TextHook::Send(uintptr_t dwDataBase)
count = GetLength(dwDataBase, data); count = GetLength(dwDataBase, data);
if (count == 0) return; if (count == 0) return;
BYTE pbData[PIPE_BUFFER_SIZE]; if (count > TEXT_BUFFER_SIZE) count = TEXT_BUFFER_SIZE;
BYTE pbData[TEXT_BUFFER_SIZE];
if (hp.length_offset == 1) if (hp.length_offset == 1)
{ {
data &= 0xffff; data &= 0xffff;
@ -222,7 +226,7 @@ bool TextHook::InsertHookCode()
DWORD WINAPI TextHook::Reader(LPVOID hookPtr) DWORD WINAPI TextHook::Reader(LPVOID hookPtr)
{ {
TextHook* This = (TextHook*)hookPtr; TextHook* This = (TextHook*)hookPtr;
BYTE buffer[PIPE_BUFFER_SIZE] = {}; BYTE buffer[TEXT_BUFFER_SIZE] = {};
int changeCount = 0, dataLen = 0; int changeCount = 0, dataLen = 0;
__try __try
{ {
@ -244,7 +248,7 @@ DWORD WINAPI TextHook::Reader(LPVOID hookPtr)
if (This->hp.type & USING_UNICODE) dataLen = wcslen((wchar_t*)currentAddress) * 2; if (This->hp.type & USING_UNICODE) dataLen = wcslen((wchar_t*)currentAddress) * 2;
else dataLen = strlen((char*)currentAddress); else dataLen = strlen((char*)currentAddress);
if (dataLen > PIPE_BUFFER_SIZE - 2) continue; // results in silly error msg but oh well if (dataLen > TEXT_BUFFER_SIZE - 2) dataLen = TEXT_BUFFER_SIZE - 2;
memcpy(buffer, (void*)currentAddress, dataLen + 2); memcpy(buffer, (void*)currentAddress, dataLen + 2);
TextOutput({ GetCurrentProcessId(), This->address, 0, 0 }, buffer, dataLen); TextOutput({ GetCurrentProcessId(), This->address, 0, 0 }, buffer, dataLen);
} }