From c393d29115475999ea7c2b9f205324cf3ec0365b Mon Sep 17 00:00:00 2001 From: Akash Mozumdar Date: Wed, 13 Jun 2018 16:24:52 -0400 Subject: [PATCH] start migrating off ntdll --- vnr/ithsys/ithsys.cc | 18 +++++++------- vnr/texthook/host/hookman.cc | 22 ++++++++-------- vnr/vnrhook/include/const.h | 2 ++ vnr/vnrhook/src/engine/engine.cc | 4 +-- vnr/vnrhook/src/engine/match.cc | 5 ++-- vnr/vnrhook/src/hijack/texthook.cc | 16 +++++------- vnr/vnrhook/src/main.cc | 40 ++++++++---------------------- vnr/vnrhook/src/util/util.cc | 2 +- 8 files changed, 44 insertions(+), 65 deletions(-) diff --git a/vnr/ithsys/ithsys.cc b/vnr/ithsys/ithsys.cc index 128f51f..d813b71 100644 --- a/vnr/ithsys/ithsys.cc +++ b/vnr/ithsys/ithsys.cc @@ -331,7 +331,7 @@ public: if (NT_SUCCESS(NtReadVirtualMemory(hProc, (PVOID)addr, buffer, 8, &len))) if (::memcmp(buffer, normal_routine, 4) == 0) flag = 1; - NtClose(hProc); + CloseHandle(hProc); } if (flag == 0) { for (j = i; j < count; j++) @@ -885,7 +885,7 @@ BOOL IthInitSystemService() if (!NT_SUCCESS(NtCreateSection(&codepage_section, SECTION_MAP_READ, &oa,0, PAGE_READONLY, SEC_COMMIT, codepage_file))) return FALSE; - NtClose(codepage_file); + CloseHandle(codepage_file); size = 0; ::page = nullptr; if (!NT_SUCCESS(NtMapViewOfSection(::codepage_section, NtCurrentProcess(), @@ -917,13 +917,13 @@ void IthCloseSystemService() { if (::page_locale != 0x3a4) { NtUnmapViewOfSection(NtCurrentProcess(), ::page); - NtClose(::codepage_section); + CloseHandle(::codepage_section); } if (ITH_ENABLE_THREADMAN) { NtUnmapViewOfSection(NtCurrentProcess(), ::thread_man_); - NtClose(::thread_man_section); + CloseHandle(::thread_man_section); } - NtClose(::root_obj); + CloseHandle(::root_obj); #ifdef ITH_HAS_HEAP RtlDestroyHeap(::hHeap); #endif // ITH_HAS_HEAP @@ -974,7 +974,7 @@ BOOL IthCheckFile(LPCWSTR file) OBJECT_ATTRIBUTES oa = { sizeof(oa), dir_obj, &us, 0, 0, 0}; // jichi 9/22/2013: Following code does not work in Wine if (NT_SUCCESS(NtCreateFile(&hFile, FILE_READ_DATA, &oa, &isb, 0, 0, FILE_SHARE_READ, FILE_OPEN, 0, 0, 0))) { - NtClose(hFile); + CloseHandle(hFile); return TRUE; } } @@ -1009,7 +1009,7 @@ BOOL IthFindFile(LPCWSTR file) else RtlInitUnicodeString(&us, file); status = NtQueryDirectoryFile(h,0,0,0,&ios,info,0x400,FileBothDirectoryInformation,TRUE,&us,TRUE); - NtClose(h); + CloseHandle(h); return NT_SUCCESS(status); } return FALSE; @@ -1037,7 +1037,7 @@ BOOL IthGetFileInfo(LPCWSTR file, LPVOID info, DWORD size) RtlInitUnicodeString(&us,file); status = NtQueryDirectoryFile(h,0,0,0,&ios,info,size,FileBothDirectoryInformation,0,&us,0); status = NT_SUCCESS(status); - NtClose(h); + CloseHandle(h); } else status = FALSE; return status; @@ -1052,7 +1052,7 @@ BOOL IthCheckFileFullPath(LPCWSTR file) HANDLE hFile; IO_STATUS_BLOCK isb; if (NT_SUCCESS(NtCreateFile(&hFile,FILE_READ_DATA,&oa,&isb,0,0,FILE_SHARE_READ,FILE_OPEN,0,0,0))) { - NtClose(hFile); + CloseHandle(hFile); return TRUE; } else return FALSE; diff --git a/vnr/texthook/host/hookman.cc b/vnr/texthook/host/hookman.cc index 8fcc59a..9f48bd3 100644 --- a/vnr/texthook/host/hookman.cc +++ b/vnr/texthook/host/hookman.cc @@ -108,9 +108,9 @@ HookManager::~HookManager() //LARGE_INTEGER timeout={-1000*1000,-1}; //IthBreak(); //NtWaitForSingleObject(destroy_event, 0, 0); - //NtClose(destroy_event); - //NtClose(cmd_pipes[0]); - //NtClose(recv_threads[0]); + //CloseHandle(destroy_event); + //CloseHandle(cmd_pipes[0]); + //CloseHandle(recv_threads[0]); //delete thread_table; //delete head.key; //DeleteCriticalSection(&hmcs); @@ -197,10 +197,10 @@ void HookManager::RegisterProcess(DWORD pid, HANDLE hostPipe) ProcessRecord* record = processRecordsByIds[pid] = new ProcessRecord; record->hostPipe = hostPipe; - record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (std::wstring(ITH_SECTION_) + std::to_wstring(pid)).c_str()); + record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (ITH_SECTION_ + std::to_wstring(pid)).c_str()); record->hookman_map = MapViewOfFile(record->hookman_section, FILE_MAP_READ, 0, 0, HOOK_SECTION_SIZE / 2); // jichi 1/16/2015: Changed to half to hook section size record->process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); - record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (std::wstring(ITH_HOOKMAN_MUTEX_) + std::to_wstring(pid)).c_str()); + record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (ITH_HOOKMAN_MUTEX_ + std::to_wstring(pid)).c_str()); //if (NT_SUCCESS(NtOpenProcess(&hProc, // PROCESS_QUERY_INFORMATION| // PROCESS_CREATE_THREAD| @@ -226,18 +226,18 @@ void HookManager::UnRegisterProcess(DWORD pid) CloseHandle(pr.process_handle); CloseHandle(pr.hookman_section); processRecordsByIds.erase(pid); - //NtClose(text_pipes[i]); - //NtClose(cmd_pipes[i]); - //NtClose(recv_threads[i]); - //NtClose(record[i].hookman_mutex); + //CloseHandle(text_pipes[i]); + //CloseHandle(cmd_pipes[i]); + //CloseHandle(recv_threads[i]); + //CloseHandle(record[i].hookman_mutex); ////if (::ith_has_section) //NtUnmapViewOfSection(NtCurrentProcess(), record[i].hookman_map); ////else //// delete[] record[i].hookman_map; - //NtClose(record[i].process_handle); - //NtClose(record[i].hookman_section); + //CloseHandle(record[i].process_handle); + //CloseHandle(record[i].hookman_section); //for (; i < MAX_REGISTER; i++) { // record[i] = record[i+1]; diff --git a/vnr/vnrhook/include/const.h b/vnr/vnrhook/include/const.h index ebf2079..23a3cee 100644 --- a/vnr/vnrhook/include/const.h +++ b/vnr/vnrhook/include/const.h @@ -248,4 +248,6 @@ enum { , IHF_FILTER_CAPACITY = IHF_FILTER_COUNT + 1 // one more than the dll count }; +#define TIMEOUT 5000 // 5 seconds + // EOF diff --git a/vnr/vnrhook/src/engine/engine.cc b/vnr/vnrhook/src/engine/engine.cc index 5e5506f..efdcc34 100644 --- a/vnr/vnrhook/src/engine/engine.cc +++ b/vnr/vnrhook/src/engine/engine.cc @@ -5796,7 +5796,7 @@ int GetShinaRioVersion() enum { BufferSize = 0x40 }; char buffer[BufferSize]; NtReadFile(hFile, 0, 0, 0, &ios, buffer, BufferSize, 0, 0); - NtClose(hFile); + CloseHandle(hFile); if (buffer[0] == '[') { buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow if (char *version = ::strstr(buffer, "v2.")) @@ -8191,7 +8191,7 @@ bool IsPensilSetup() NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0, &info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE); NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0); - NtClose(hFile); + CloseHandle(hFile); BYTE *b = (BYTE *)buffer; DWORD len = info.EndOfFile.LowPart & ~1; if (len == info.AllocationSize.LowPart) diff --git a/vnr/vnrhook/src/engine/match.cc b/vnr/vnrhook/src/engine/match.cc index 1a8dd12..3d95589 100644 --- a/vnr/vnrhook/src/engine/match.cc +++ b/vnr/vnrhook/src/engine/match.cc @@ -921,9 +921,8 @@ void Engine::hijack() void Engine::terminate() { if (hijackThread) { - const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds - NtWaitForSingleObject(hijackThread, 0, (PLARGE_INTEGER)&timeout); - NtClose(hijackThread); + WaitForSingleObject(hijackThread, TIMEOUT); + CloseHandle(hijackThread); hijackThread = 0; } } diff --git a/vnr/vnrhook/src/hijack/texthook.cc b/vnr/vnrhook/src/hijack/texthook.cc index 16845d4..e5eb269 100644 --- a/vnr/vnrhook/src/hijack/texthook.cc +++ b/vnr/vnrhook/src/hijack/texthook.cc @@ -490,10 +490,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn) IthCoolDown(); // jichi 9/28/2013: cool down to prevent parallelization in wine //CliLockPipe(); - if (STATUS_PENDING == NtWriteFile(::hookPipe, 0, 0, 0, &ios, pbData, dwCount + HEADER_SIZE, 0, 0)) { - NtWaitForSingleObject(::hookPipe, 0, 0); - NtFlushBuffersFile(::hookPipe, &ios); - } + WriteFile(::hookPipe, pbData, dwCount + HEADER_SIZE, nullptr, nullptr); //CliUnlockPipe(); } if (pbData != pbSmallBuff) @@ -506,7 +503,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn) int TextHook::InsertHook() { //ConsoleOutput("vnrcli:InsertHook: enter"); - NtWaitForSingleObject(hmMutex, 0, 0); + WaitForSingleObject(hmMutex, 0); int ok = InsertHookCode(); IthReleaseMutex(hmMutex); if (hp.type & HOOK_ADDITIONAL) { @@ -678,7 +675,7 @@ int TextHook::UnsafeInsertHookCode() int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) { - NtWaitForSingleObject(hmMutex, 0, 0); + WaitForSingleObject(hmMutex, 0); hp.address = (DWORD)addr; hp.offset = data; hp.index = data_ind; @@ -697,7 +694,7 @@ int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, int TextHook::InitHook(const HookParam &h, LPCSTR name, WORD set_flag) { - NtWaitForSingleObject(hmMutex, 0, 0); + WaitForSingleObject(hmMutex, 0); hp = h; hp.type |= set_flag; if (name && name != hook_name) { @@ -717,8 +714,7 @@ int TextHook::RemoveHook() if (!hp.address) return no; ConsoleOutput("vnrcli:RemoveHook: enter"); - const LONGLONG timeout = -50000000; // jichi 9/28/2012: in 100ns, wait at most for 5 seconds - NtWaitForSingleObject(hmMutex, 0, (PLARGE_INTEGER)&timeout); + WaitForSingleObject(hmMutex, TIMEOUT); // jichi 9/28/2012: wait at most for 5 seconds DWORD l = hp.hook_len; //with_seh({ // jichi 9/17/2013: might crash >< // jichi 12/25/2013: Actually, __try cannot catch such kind of exception @@ -735,7 +731,7 @@ int TextHook::RemoveHook() int TextHook::ClearHook() { - NtWaitForSingleObject(hmMutex, 0, 0); + WaitForSingleObject(hmMutex, 0); int err = RemoveHook(); if (hook_name) { delete[] hook_name; diff --git a/vnr/vnrhook/src/main.cc b/vnr/vnrhook/src/main.cc index ea688c9..36bae95 100644 --- a/vnr/vnrhook/src/main.cc +++ b/vnr/vnrhook/src/main.cc @@ -155,33 +155,18 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused) DisableThreadLibraryCalls(hModule); - //if (!IthInitSystemService()) { - // GROWL_WARN(L"Initialization failed.\nAre you running game on a network drive?"); - // return FALSE; - //} - // No longer checking if SystemService fails, which could happen on non-Japanese OS - IthInitSystemService(); + IthInitSystemService(); swprintf(hm_section, ITH_SECTION_ L"%d", current_process_id); // jichi 9/25/2013: Interprocedural communication with vnrsrv. - hSection = IthCreateSection(hm_section, HOOK_SECTION_SIZE, PAGE_EXECUTE_READWRITE); - ::hookman = nullptr; - NtMapViewOfSection(hSection, NtCurrentProcess(), - (LPVOID *)&::hookman, 0, hook_buff_len, 0, &hook_buff_len, ViewUnmap, 0, - PAGE_EXECUTE_READWRITE); - //PAGE_EXECUTE_READWRITE); + hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section); + ::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2); GetProcessName(::processName); FillRange(::processName, &::processStartAddress, &::processStopAddress); //NtInspect::getProcessMemoryRange(&::processStartAddress, &::processStopAddress); - //if (!::hookman) { - // ith_has_section = false; - // ::hookman = new TextHook[MAX_HOOK]; - // memset(::hookman, 0, MAX_HOOK * sizeof(TextHook)); - //} - { wchar_t hm_mutex[0x100]; swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", current_process_id); @@ -216,13 +201,11 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused) ::running = false; ::live = false; - const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds - Engine::terminate(); if (pipeThread) { - NtWaitForSingleObject(pipeThread, 0, (PLARGE_INTEGER)&timeout); - NtClose(pipeThread); + WaitForSingleObject(pipeThread, TIMEOUT); + CloseHandle(pipeThread); } for (TextHook *man = ::hookman; man->RemoveHook(); man++); @@ -233,15 +216,14 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused) for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++) man->ClearHook(); //if (ith_has_section) - NtUnmapViewOfSection(NtCurrentProcess(), ::hookman); - //else - // delete[] ::hookman; - NtClose(hSection); - NtClose(hMutex); + UnmapViewOfFile(::hookman); + + CloseHandle(hSection); + CloseHandle(hMutex); + IthCloseSystemService(); delete ::tree; - IthCloseSystemService(); - NtClose(hmMutex); + CloseHandle(hmMutex); //} ITH_EXCEPT {} } break; } diff --git a/vnr/vnrhook/src/util/util.cc b/vnr/vnrhook/src/util/util.cc index efbdd03..67d774f 100644 --- a/vnr/vnrhook/src/util/util.cc +++ b/vnr/vnrhook/src/util/util.cc @@ -312,7 +312,7 @@ bool Util::unloadCurrentModule() if (HANDLE h = ::IthCreateThread(fun, (DWORD)&__ImageBase)) { //const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds //NtWaitForSingleObject(h, 0, (PLARGE_INTEGER)&timeout); - NtClose(h); + CloseHandle(h); return true; }