From a0b8b787278e0ed08a22cb576751f41355cc1dab Mon Sep 17 00:00:00 2001 From: Akash Mozumdar Date: Thu, 6 Dec 2018 01:52:41 -0500 Subject: [PATCH] make TextHook consistent with code in host --- vnrhook/texthook.cc | 30 +++++++++--------------------- vnrhook/texthook.h | 15 +++++++++------ 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/vnrhook/texthook.cc b/vnrhook/texthook.cc index 0f9a63e..2de79f8 100644 --- a/vnrhook/texthook.cc +++ b/vnrhook/texthook.cc @@ -144,21 +144,13 @@ void TextHook::Send(DWORD dwDataBase) hp.text_fun(dwDataBase, &hp, 0, &dwDataIn, &dwSplit, &dwCount); } else { - if (dwDataIn == 0) - return; - if (dwType & FIXING_SPLIT) - dwSplit = FIXED_SPLIT_VALUE; // fuse all threads, and prevent floating + if (dwDataIn == 0) return; + if (dwType & FIXING_SPLIT) dwSplit = FIXED_SPLIT_VALUE; // fuse all threads, and prevent floating else if (dwType & USING_SPLIT) { dwSplit = *(DWORD *)(dwDataBase + hp.split); - if (dwType & SPLIT_INDIRECT) { - if (IthGetMemoryRange((LPVOID)(dwSplit + hp.split_index), 0, 0)) dwSplit = *(DWORD *)(dwSplit + hp.split_index); - else return; - } - } - if (dwType & DATA_INDIRECT) { - if (IthGetMemoryRange((LPVOID)(dwDataIn + hp.index), 0, 0)) dwDataIn = *(DWORD *)(dwDataIn + hp.index); - else return; + if (dwType & SPLIT_INDIRECT) dwSplit = *(DWORD *)(dwSplit + hp.split_index); } + if (dwType & DATA_INDIRECT) dwDataIn = *(DWORD *)(dwDataIn + hp.index); dwCount = GetLength(dwDataBase, dwDataIn); } @@ -166,19 +158,15 @@ void TextHook::Send(DWORD dwDataBase) if (hp.length_offset == 1) { dwDataIn &= 0xffff; - if ((dwType & BIG_ENDIAN) && (dwDataIn >> 8)) - dwDataIn = _byteswap_ushort(dwDataIn & 0xffff); - if (dwCount == 1) - dwDataIn &= 0xff; + if ((dwType & BIG_ENDIAN) && (dwDataIn >> 8)) dwDataIn = _byteswap_ushort(dwDataIn & 0xffff); + if (dwCount == 1) dwDataIn &= 0xff; *(WORD*)pbData = dwDataIn & 0xffff; } - else - ::memcpy(pbData, (void*)dwDataIn, dwCount); + else ::memcpy(pbData, (void*)dwDataIn, dwCount); if (hp.filter_fun && !hp.filter_fun(pbData, &dwCount, &hp, 0) || dwCount <= 0) return; - if (dwType & (NO_CONTEXT | FIXING_SPLIT)) - dwRetn = 0; + if (dwType & (NO_CONTEXT | FIXING_SPLIT)) dwRetn = 0; TextOutput({ GetCurrentProcessId(), dwAddr, dwRetn, dwSplit }, pbData, dwCount); } @@ -233,7 +221,7 @@ insert: } #endif // _WIN32 -DWORD WINAPI Reader(LPVOID hookPtr) +DWORD WINAPI TextHook::Reader(LPVOID hookPtr) { TextHook* hook = (TextHook*)hookPtr; BYTE buffer[PIPE_BUFFER_SIZE] = {}; diff --git a/vnrhook/texthook.h b/vnrhook/texthook.h index ab5a14a..81df71b 100644 --- a/vnrhook/texthook.h +++ b/vnrhook/texthook.h @@ -17,21 +17,24 @@ void SetTrigger(); class TextHook { +public: + HookParam hp; + + bool Insert(HookParam hp, DWORD set_flag); + void Clear(); + +private: + static DWORD WINAPI Reader(LPVOID hookPtr); bool InsertHookCode(); bool InsertReadCode(); + void Send(DWORD dwDatabase); int GetLength(DWORD base, DWORD in); // jichi 12/25/2013: Return 0 if failed void RemoveHookCode(); void RemoveReadCode(); HANDLE readerThread, readerEvent; BYTE trampoline[120]; -public: - HookParam hp; - bool Insert(HookParam hp, DWORD set_flag); - void Send(DWORD dwDataBase); - void Clear(); - friend DWORD WINAPI Reader(LPVOID hookPtr); }; enum { MAX_HOOK = 300, HOOK_BUFFER_SIZE = MAX_HOOK * sizeof(TextHook), HOOK_SECTION_SIZE = HOOK_BUFFER_SIZE * 2 };