Public-Mirror/Textractor
1
0
Fork 1
mirror of https://github.com/Artikash/Textractor.git synced 2024-12-24 01:14:12 +08:00
Code Issues Projects Releases Wiki Activity

start migrating off ntdll

Browse Source
This commit is contained in:
Akash Mozumdar 2018-06-13 16:24:52 -04:00
parent c5d847f310
commit c393d29115
8 changed files with 44 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
vnr/ithsys/ithsys.cc
View File

@ -331,7 +331,7 @@ public:
if (NT_SUCCESS(NtReadVirtualMemory(hProc, (PVOID)addr, buffer, 8, &len))) if (NT_SUCCESS(NtReadVirtualMemory(hProc, (PVOID)addr, buffer, 8, &len)))
if (::memcmp(buffer, normal_routine, 4) == 0) if (::memcmp(buffer, normal_routine, 4) == 0)
flag = 1; flag = 1;
NtClose(hProc); CloseHandle(hProc);
} }
if (flag == 0) { if (flag == 0) {
for (j = i; j < count; j++) for (j = i; j < count; j++)
@ -885,7 +885,7 @@ BOOL IthInitSystemService()
if (!NT_SUCCESS(NtCreateSection(&codepage_section, SECTION_MAP_READ, if (!NT_SUCCESS(NtCreateSection(&codepage_section, SECTION_MAP_READ,
&oa,0, PAGE_READONLY, SEC_COMMIT, codepage_file))) &oa,0, PAGE_READONLY, SEC_COMMIT, codepage_file)))
return FALSE; return FALSE;
NtClose(codepage_file); CloseHandle(codepage_file);
size = 0; size = 0;
::page = nullptr; ::page = nullptr;
if (!NT_SUCCESS(NtMapViewOfSection(::codepage_section, NtCurrentProcess(), if (!NT_SUCCESS(NtMapViewOfSection(::codepage_section, NtCurrentProcess(),
@ -917,13 +917,13 @@ void IthCloseSystemService()
{ {
if (::page_locale != 0x3a4) { if (::page_locale != 0x3a4) {
NtUnmapViewOfSection(NtCurrentProcess(), ::page); NtUnmapViewOfSection(NtCurrentProcess(), ::page);
NtClose(::codepage_section); CloseHandle(::codepage_section);
} }
if (ITH_ENABLE_THREADMAN) { if (ITH_ENABLE_THREADMAN) {
NtUnmapViewOfSection(NtCurrentProcess(), ::thread_man_); NtUnmapViewOfSection(NtCurrentProcess(), ::thread_man_);
NtClose(::thread_man_section); CloseHandle(::thread_man_section);
} }
NtClose(::root_obj); CloseHandle(::root_obj);
#ifdef ITH_HAS_HEAP #ifdef ITH_HAS_HEAP
RtlDestroyHeap(::hHeap); RtlDestroyHeap(::hHeap);
#endif // ITH_HAS_HEAP #endif // ITH_HAS_HEAP
@ -974,7 +974,7 @@ BOOL IthCheckFile(LPCWSTR file)
OBJECT_ATTRIBUTES oa = { sizeof(oa), dir_obj, &us, 0, 0, 0}; OBJECT_ATTRIBUTES oa = { sizeof(oa), dir_obj, &us, 0, 0, 0};
// jichi 9/22/2013: Following code does not work in Wine // jichi 9/22/2013: Following code does not work in Wine
if (NT_SUCCESS(NtCreateFile(&hFile, FILE_READ_DATA, &oa, &isb, 0, 0, FILE_SHARE_READ, FILE_OPEN, 0, 0, 0))) { if (NT_SUCCESS(NtCreateFile(&hFile, FILE_READ_DATA, &oa, &isb, 0, 0, FILE_SHARE_READ, FILE_OPEN, 0, 0, 0))) {
NtClose(hFile); CloseHandle(hFile);
return TRUE; return TRUE;
} }
} }
@ -1009,7 +1009,7 @@ BOOL IthFindFile(LPCWSTR file)
else else
RtlInitUnicodeString(&us, file); RtlInitUnicodeString(&us, file);
status = NtQueryDirectoryFile(h,0,0,0,&ios,info,0x400,FileBothDirectoryInformation,TRUE,&us,TRUE); status = NtQueryDirectoryFile(h,0,0,0,&ios,info,0x400,FileBothDirectoryInformation,TRUE,&us,TRUE);
NtClose(h); CloseHandle(h);
return NT_SUCCESS(status); return NT_SUCCESS(status);
} }
return FALSE; return FALSE;
@ -1037,7 +1037,7 @@ BOOL IthGetFileInfo(LPCWSTR file, LPVOID info, DWORD size)
RtlInitUnicodeString(&us,file); RtlInitUnicodeString(&us,file);
status = NtQueryDirectoryFile(h,0,0,0,&ios,info,size,FileBothDirectoryInformation,0,&us,0); status = NtQueryDirectoryFile(h,0,0,0,&ios,info,size,FileBothDirectoryInformation,0,&us,0);
status = NT_SUCCESS(status); status = NT_SUCCESS(status);
NtClose(h); CloseHandle(h);
} else } else
status = FALSE; status = FALSE;
return status; return status;
@ -1052,7 +1052,7 @@ BOOL IthCheckFileFullPath(LPCWSTR file)
HANDLE hFile; HANDLE hFile;
IO_STATUS_BLOCK isb; IO_STATUS_BLOCK isb;
if (NT_SUCCESS(NtCreateFile(&hFile,FILE_READ_DATA,&oa,&isb,0,0,FILE_SHARE_READ,FILE_OPEN,0,0,0))) { if (NT_SUCCESS(NtCreateFile(&hFile,FILE_READ_DATA,&oa,&isb,0,0,FILE_SHARE_READ,FILE_OPEN,0,0,0))) {
NtClose(hFile); CloseHandle(hFile);
return TRUE; return TRUE;
} else } else
return FALSE; return FALSE;

22
vnr/texthook/host/hookman.cc
View File

@ -108,9 +108,9 @@ HookManager::~HookManager()
//LARGE_INTEGER timeout={-1000*1000,-1}; //LARGE_INTEGER timeout={-1000*1000,-1};
//IthBreak(); //IthBreak();
//NtWaitForSingleObject(destroy_event, 0, 0); //NtWaitForSingleObject(destroy_event, 0, 0);
//NtClose(destroy_event); //CloseHandle(destroy_event);
//NtClose(cmd_pipes[0]); //CloseHandle(cmd_pipes[0]);
//NtClose(recv_threads[0]); //CloseHandle(recv_threads[0]);
//delete thread_table; //delete thread_table;
//delete head.key; //delete head.key;
//DeleteCriticalSection(&hmcs); //DeleteCriticalSection(&hmcs);
@ -197,10 +197,10 @@ void HookManager::RegisterProcess(DWORD pid, HANDLE hostPipe)
ProcessRecord* record = processRecordsByIds[pid] = new ProcessRecord; ProcessRecord* record = processRecordsByIds[pid] = new ProcessRecord;
record->hostPipe = hostPipe; record->hostPipe = hostPipe;
record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (std::wstring(ITH_SECTION_) + std::to_wstring(pid)).c_str()); record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (ITH_SECTION_ + std::to_wstring(pid)).c_str());
record->hookman_map = MapViewOfFile(record->hookman_section, FILE_MAP_READ, 0, 0, HOOK_SECTION_SIZE / 2); // jichi 1/16/2015: Changed to half to hook section size record->hookman_map = MapViewOfFile(record->hookman_section, FILE_MAP_READ, 0, 0, HOOK_SECTION_SIZE / 2); // jichi 1/16/2015: Changed to half to hook section size
record->process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); record->process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (std::wstring(ITH_HOOKMAN_MUTEX_) + std::to_wstring(pid)).c_str()); record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (ITH_HOOKMAN_MUTEX_ + std::to_wstring(pid)).c_str());
//if (NT_SUCCESS(NtOpenProcess(&hProc, //if (NT_SUCCESS(NtOpenProcess(&hProc,
// PROCESS_QUERY_INFORMATION| // PROCESS_QUERY_INFORMATION|
// PROCESS_CREATE_THREAD| // PROCESS_CREATE_THREAD|
@ -226,18 +226,18 @@ void HookManager::UnRegisterProcess(DWORD pid)
CloseHandle(pr.process_handle); CloseHandle(pr.process_handle);
CloseHandle(pr.hookman_section); CloseHandle(pr.hookman_section);
processRecordsByIds.erase(pid); processRecordsByIds.erase(pid);
//NtClose(text_pipes[i]); //CloseHandle(text_pipes[i]);
//NtClose(cmd_pipes[i]); //CloseHandle(cmd_pipes[i]);
//NtClose(recv_threads[i]); //CloseHandle(recv_threads[i]);
//NtClose(record[i].hookman_mutex); //CloseHandle(record[i].hookman_mutex);
////if (::ith_has_section) ////if (::ith_has_section)
//NtUnmapViewOfSection(NtCurrentProcess(), record[i].hookman_map); //NtUnmapViewOfSection(NtCurrentProcess(), record[i].hookman_map);
////else ////else
//// delete[] record[i].hookman_map; //// delete[] record[i].hookman_map;
//NtClose(record[i].process_handle); //CloseHandle(record[i].process_handle);
//NtClose(record[i].hookman_section); //CloseHandle(record[i].hookman_section);
//for (; i < MAX_REGISTER; i++) { //for (; i < MAX_REGISTER; i++) {
// record[i] = record[i+1]; // record[i] = record[i+1];

2
vnr/vnrhook/include/const.h
View File

@ -248,4 +248,6 @@ enum {
, IHF_FILTER_CAPACITY = IHF_FILTER_COUNT + 1 // one more than the dll count , IHF_FILTER_CAPACITY = IHF_FILTER_COUNT + 1 // one more than the dll count
}; };
#define TIMEOUT 5000 // 5 seconds
// EOF // EOF

4
vnr/vnrhook/src/engine/engine.cc
View File

@ -5796,7 +5796,7 @@ int GetShinaRioVersion()
enum { BufferSize = 0x40 }; enum { BufferSize = 0x40 };
char buffer[BufferSize]; char buffer[BufferSize];
NtReadFile(hFile, 0, 0, 0, &ios, buffer, BufferSize, 0, 0); NtReadFile(hFile, 0, 0, 0, &ios, buffer, BufferSize, 0, 0);
NtClose(hFile); CloseHandle(hFile);
if (buffer[0] == '[') { if (buffer[0] == '[') {
buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow
if (char *version = ::strstr(buffer, "v2.")) if (char *version = ::strstr(buffer, "v2."))
@ -8191,7 +8191,7 @@ bool IsPensilSetup()
NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0, NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0,
&info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE); &info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0); NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0);
NtClose(hFile); CloseHandle(hFile);
BYTE *b = (BYTE *)buffer; BYTE *b = (BYTE *)buffer;
DWORD len = info.EndOfFile.LowPart & ~1; DWORD len = info.EndOfFile.LowPart & ~1;
if (len == info.AllocationSize.LowPart) if (len == info.AllocationSize.LowPart)

5
vnr/vnrhook/src/engine/match.cc
View File

@ -921,9 +921,8 @@ void Engine::hijack()
void Engine::terminate() void Engine::terminate()
{ {
if (hijackThread) { if (hijackThread) {
const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds WaitForSingleObject(hijackThread, TIMEOUT);
NtWaitForSingleObject(hijackThread, 0, (PLARGE_INTEGER)&timeout); CloseHandle(hijackThread);
NtClose(hijackThread);
hijackThread = 0; hijackThread = 0;
} }
} }

16
vnr/vnrhook/src/hijack/texthook.cc
View File

@ -490,10 +490,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn)
IthCoolDown(); // jichi 9/28/2013: cool down to prevent parallelization in wine IthCoolDown(); // jichi 9/28/2013: cool down to prevent parallelization in wine
//CliLockPipe(); //CliLockPipe();
if (STATUS_PENDING == NtWriteFile(::hookPipe, 0, 0, 0, &ios, pbData, dwCount + HEADER_SIZE, 0, 0)) { WriteFile(::hookPipe, pbData, dwCount + HEADER_SIZE, nullptr, nullptr);
NtWaitForSingleObject(::hookPipe, 0, 0);
NtFlushBuffersFile(::hookPipe, &ios);
}
//CliUnlockPipe(); //CliUnlockPipe();
} }
if (pbData != pbSmallBuff) if (pbData != pbSmallBuff)
@ -506,7 +503,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn)
int TextHook::InsertHook() int TextHook::InsertHook()
{ {
//ConsoleOutput("vnrcli:InsertHook: enter"); //ConsoleOutput("vnrcli:InsertHook: enter");
NtWaitForSingleObject(hmMutex, 0, 0); WaitForSingleObject(hmMutex, 0);
int ok = InsertHookCode(); int ok = InsertHookCode();
IthReleaseMutex(hmMutex); IthReleaseMutex(hmMutex);
if (hp.type & HOOK_ADDITIONAL) { if (hp.type & HOOK_ADDITIONAL) {
@ -678,7 +675,7 @@ int TextHook::UnsafeInsertHookCode()
int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind,
DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) DWORD split_off, DWORD split_ind, WORD type, DWORD len_off)
{ {
NtWaitForSingleObject(hmMutex, 0, 0); WaitForSingleObject(hmMutex, 0);
hp.address = (DWORD)addr; hp.address = (DWORD)addr;
hp.offset = data; hp.offset = data;
hp.index = data_ind; hp.index = data_ind;
@ -697,7 +694,7 @@ int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind,
int TextHook::InitHook(const HookParam &h, LPCSTR name, WORD set_flag) int TextHook::InitHook(const HookParam &h, LPCSTR name, WORD set_flag)
{ {
NtWaitForSingleObject(hmMutex, 0, 0); WaitForSingleObject(hmMutex, 0);
hp = h; hp = h;
hp.type |= set_flag; hp.type |= set_flag;
if (name && name != hook_name) { if (name && name != hook_name) {
@ -717,8 +714,7 @@ int TextHook::RemoveHook()
if (!hp.address) if (!hp.address)
return no; return no;
ConsoleOutput("vnrcli:RemoveHook: enter"); ConsoleOutput("vnrcli:RemoveHook: enter");
const LONGLONG timeout = -50000000; // jichi 9/28/2012: in 100ns, wait at most for 5 seconds WaitForSingleObject(hmMutex, TIMEOUT); // jichi 9/28/2012: wait at most for 5 seconds
NtWaitForSingleObject(hmMutex, 0, (PLARGE_INTEGER)&timeout);
DWORD l = hp.hook_len; DWORD l = hp.hook_len;
//with_seh({ // jichi 9/17/2013: might crash >< //with_seh({ // jichi 9/17/2013: might crash ><
// jichi 12/25/2013: Actually, __try cannot catch such kind of exception // jichi 12/25/2013: Actually, __try cannot catch such kind of exception
@ -735,7 +731,7 @@ int TextHook::RemoveHook()
int TextHook::ClearHook() int TextHook::ClearHook()
{ {
NtWaitForSingleObject(hmMutex, 0, 0); WaitForSingleObject(hmMutex, 0);
int err = RemoveHook(); int err = RemoveHook();
if (hook_name) { if (hook_name) {
delete[] hook_name; delete[] hook_name;

40
vnr/vnrhook/src/main.cc
View File

@ -155,33 +155,18 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
DisableThreadLibraryCalls(hModule); DisableThreadLibraryCalls(hModule);
//if (!IthInitSystemService()) { IthInitSystemService();
// GROWL_WARN(L"Initialization failed.\nAre you running game on a network drive?");
// return FALSE;
//}
// No longer checking if SystemService fails, which could happen on non-Japanese OS
IthInitSystemService();
swprintf(hm_section, ITH_SECTION_ L"%d", current_process_id); swprintf(hm_section, ITH_SECTION_ L"%d", current_process_id);
// jichi 9/25/2013: Interprocedural communication with vnrsrv. // jichi 9/25/2013: Interprocedural communication with vnrsrv.
hSection = IthCreateSection(hm_section, HOOK_SECTION_SIZE, PAGE_EXECUTE_READWRITE); hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section);
::hookman = nullptr; ::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2);
NtMapViewOfSection(hSection, NtCurrentProcess(),
(LPVOID *)&::hookman, 0, hook_buff_len, 0, &hook_buff_len, ViewUnmap, 0,
PAGE_EXECUTE_READWRITE);
//PAGE_EXECUTE_READWRITE);
GetProcessName(::processName); GetProcessName(::processName);
FillRange(::processName, &::processStartAddress, &::processStopAddress); FillRange(::processName, &::processStartAddress, &::processStopAddress);
//NtInspect::getProcessMemoryRange(&::processStartAddress, &::processStopAddress); //NtInspect::getProcessMemoryRange(&::processStartAddress, &::processStopAddress);
//if (!::hookman) {
// ith_has_section = false;
// ::hookman = new TextHook[MAX_HOOK];
// memset(::hookman, 0, MAX_HOOK * sizeof(TextHook));
//}
{ {
wchar_t hm_mutex[0x100]; wchar_t hm_mutex[0x100];
swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", current_process_id); swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", current_process_id);
@ -216,13 +201,11 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
::running = false; ::running = false;
::live = false; ::live = false;
const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
Engine::terminate(); Engine::terminate();
if (pipeThread) { if (pipeThread) {
NtWaitForSingleObject(pipeThread, 0, (PLARGE_INTEGER)&timeout); WaitForSingleObject(pipeThread, TIMEOUT);
NtClose(pipeThread); CloseHandle(pipeThread);
} }
for (TextHook *man = ::hookman; man->RemoveHook(); man++); for (TextHook *man = ::hookman; man->RemoveHook(); man++);
@ -233,15 +216,14 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++) for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++)
man->ClearHook(); man->ClearHook();
//if (ith_has_section) //if (ith_has_section)
NtUnmapViewOfSection(NtCurrentProcess(), ::hookman); UnmapViewOfFile(::hookman);
//else
// delete[] ::hookman; CloseHandle(hSection);
NtClose(hSection); CloseHandle(hMutex);
NtClose(hMutex); IthCloseSystemService();
delete ::tree; delete ::tree;
IthCloseSystemService(); CloseHandle(hmMutex);
NtClose(hmMutex);
//} ITH_EXCEPT {} //} ITH_EXCEPT {}
} break; } break;
} }

2
vnr/vnrhook/src/util/util.cc
View File

@ -312,7 +312,7 @@ bool Util::unloadCurrentModule()
if (HANDLE h = ::IthCreateThread(fun, (DWORD)&__ImageBase)) { if (HANDLE h = ::IthCreateThread(fun, (DWORD)&__ImageBase)) {
//const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds //const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
//NtWaitForSingleObject(h, 0, (PLARGE_INTEGER)&timeout); //NtWaitForSingleObject(h, 0, (PLARGE_INTEGER)&timeout);
NtClose(h); CloseHandle(h);
return true; return true;
} }