mirror of
https://github.com/Artikash/Textractor.git
synced 2025-01-11 10:09:15 +08:00
remove more stuff from ntdll
This commit is contained in:
parent
c393d29115
commit
d89cc56d6f
@ -76,7 +76,7 @@ BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBou
|
|||||||
do {
|
do {
|
||||||
DWORD len;
|
DWORD len;
|
||||||
// Nt function is needed instead of VirtualQuery, which only works for the current process
|
// Nt function is needed instead of VirtualQuery, which only works for the current process
|
||||||
::NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
|
::NtQueryVirtualMemory(GetCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
|
||||||
if (mbi.Protect & PAGE_NOACCESS) {
|
if (mbi.Protect & PAGE_NOACCESS) {
|
||||||
it->SizeOfImage = size;
|
it->SizeOfImage = size;
|
||||||
break;
|
break;
|
||||||
|
@ -5932,7 +5932,7 @@ bool InsertWaffleDynamicHook(LPVOID addr, DWORD frame, DWORD stack)
|
|||||||
// str = *(DWORD*)stack;
|
// str = *(DWORD*)stack;
|
||||||
// if ((str >> 16) != (stack >> 16))
|
// if ((str >> 16) != (stack >> 16))
|
||||||
// {
|
// {
|
||||||
// status = NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)str,MemoryBasicInformation,&info,sizeof(info),0);
|
// status = NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)str,MemoryBasicInformation,&info,sizeof(info),0);
|
||||||
// if (!NT_SUCCESS(status) || info.Protect & PAGE_NOACCESS) continue; //Accessible
|
// if (!NT_SUCCESS(status) || info.Protect & PAGE_NOACCESS) continue; //Accessible
|
||||||
// }
|
// }
|
||||||
// if (*(WORD*)(str + 4) == ch) break;
|
// if (*(WORD*)(str + 4) == ch) break;
|
||||||
@ -8188,7 +8188,7 @@ bool IsPensilSetup()
|
|||||||
IO_STATUS_BLOCK ios;
|
IO_STATUS_BLOCK ios;
|
||||||
LPVOID buffer = nullptr;
|
LPVOID buffer = nullptr;
|
||||||
NtQueryInformationFile(hFile, &ios, &info, sizeof(info), FileStandardInformation);
|
NtQueryInformationFile(hFile, &ios, &info, sizeof(info), FileStandardInformation);
|
||||||
NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0,
|
NtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0,
|
||||||
&info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
&info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
||||||
NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0);
|
NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0);
|
||||||
CloseHandle(hFile);
|
CloseHandle(hFile);
|
||||||
@ -8199,7 +8199,7 @@ bool IsPensilSetup()
|
|||||||
b[len] = 0;
|
b[len] = 0;
|
||||||
b[len + 1] = 0;
|
b[len + 1] = 0;
|
||||||
bool ret = wcsstr((LPWSTR)buffer, L"PENSIL") || wcsstr((LPWSTR)buffer, L"Pensil");
|
bool ret = wcsstr((LPWSTR)buffer, L"PENSIL") || wcsstr((LPWSTR)buffer, L"Pensil");
|
||||||
NtFreeVirtualMemory(NtCurrentProcess(), &buffer, &info.AllocationSize.LowPart, MEM_RELEASE);
|
NtFreeVirtualMemory(GetCurrentProcess(), &buffer, &info.AllocationSize.LowPart, MEM_RELEASE);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif // if 0
|
#endif // if 0
|
||||||
@ -8853,23 +8853,23 @@ MEMORY_WORKING_SET_LIST *GetWorkingSet()
|
|||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
LPVOID buffer = 0;
|
LPVOID buffer = 0;
|
||||||
len = 0x4000;
|
len = 0x4000;
|
||||||
status = NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0, &len, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
status = NtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0, &len, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
||||||
if (!NT_SUCCESS(status)) return 0;
|
if (!NT_SUCCESS(status)) return 0;
|
||||||
status = NtQueryVirtualMemory(NtCurrentProcess(), 0, MemoryWorkingSetList, buffer, len, &retl);
|
status = NtQueryVirtualMemory(GetCurrentProcess(), 0, MemoryWorkingSetList, buffer, len, &retl);
|
||||||
if (status == STATUS_INFO_LENGTH_MISMATCH) {
|
if (status == STATUS_INFO_LENGTH_MISMATCH) {
|
||||||
len = *(DWORD*)buffer;
|
len = *(DWORD*)buffer;
|
||||||
len = ((len << 2) & 0xfffff000) + 0x4000;
|
len = ((len << 2) & 0xfffff000) + 0x4000;
|
||||||
retl = 0;
|
retl = 0;
|
||||||
NtFreeVirtualMemory(NtCurrentProcess(), &buffer, &retl, MEM_RELEASE);
|
NtFreeVirtualMemory(GetCurrentProcess(), &buffer, &retl, MEM_RELEASE);
|
||||||
buffer = 0;
|
buffer = 0;
|
||||||
status = NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0, &len, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
status = NtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0, &len, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
|
||||||
if (!NT_SUCCESS(status)) return 0;
|
if (!NT_SUCCESS(status)) return 0;
|
||||||
status = NtQueryVirtualMemory(NtCurrentProcess(), 0, MemoryWorkingSetList, buffer, len, &retl);
|
status = NtQueryVirtualMemory(GetCurrentProcess(), 0, MemoryWorkingSetList, buffer, len, &retl);
|
||||||
if (!NT_SUCCESS(status)) return 0;
|
if (!NT_SUCCESS(status)) return 0;
|
||||||
return (MEMORY_WORKING_SET_LIST*)buffer;
|
return (MEMORY_WORKING_SET_LIST*)buffer;
|
||||||
} else {
|
} else {
|
||||||
retl = 0;
|
retl = 0;
|
||||||
NtFreeVirtualMemory(NtCurrentProcess(), &buffer, &retl, MEM_RELEASE);
|
NtFreeVirtualMemory(GetCurrentProcess(), &buffer, &retl, MEM_RELEASE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -8920,7 +8920,7 @@ BOOL FindCharacteristInstruction(MEMORY_WORKING_SET_LIST *list)
|
|||||||
else {
|
else {
|
||||||
if (size > 0x2000) {
|
if (size > 0x2000) {
|
||||||
addr = base & ~0xfff;
|
addr = base & ~0xfff;
|
||||||
status = NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)addr,
|
status = NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)addr,
|
||||||
MemorySectionName,text_buffer_prev,0x1000,&retl);
|
MemorySectionName,text_buffer_prev,0x1000,&retl);
|
||||||
if (!NT_SUCCESS(status)) {
|
if (!NT_SUCCESS(status)) {
|
||||||
k = addr + size - 4;
|
k = addr + size - 4;
|
||||||
@ -8962,7 +8962,7 @@ bool InsertAB2TryHook()
|
|||||||
ConsoleOutput("vnreng:AB2Try: cannot find characteristic sequence");
|
ConsoleOutput("vnreng:AB2Try: cannot find characteristic sequence");
|
||||||
//L"Make sure you have start the game and have seen some text on the screen.");
|
//L"Make sure you have start the game and have seen some text on the screen.");
|
||||||
DWORD size = 0;
|
DWORD size = 0;
|
||||||
NtFreeVirtualMemory(NtCurrentProcess(), (PVOID *)&list, &size, MEM_RELEASE);
|
NtFreeVirtualMemory(GetCurrentProcess(), (PVOID *)&list, &size, MEM_RELEASE);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -885,7 +885,7 @@ bool DetermineEngineType()
|
|||||||
//
|
//
|
||||||
|
|
||||||
HANDLE hijackThread;
|
HANDLE hijackThread;
|
||||||
void hijackThreadProc(LPVOID unused)
|
DWORD WINAPI hijackThreadProc(LPVOID unused)
|
||||||
{
|
{
|
||||||
//CC_UNUSED(lpThreadParameter);
|
//CC_UNUSED(lpThreadParameter);
|
||||||
|
|
||||||
@ -901,6 +901,7 @@ void hijackThreadProc(LPVOID unused)
|
|||||||
|
|
||||||
FillRange(process_name_, &module_base_, &module_limit_);
|
FillRange(process_name_, &module_base_, &module_limit_);
|
||||||
DetermineEngineType();
|
DetermineEngineType();
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
}} // namespace Engine unnamed
|
}} // namespace Engine unnamed
|
||||||
@ -914,7 +915,7 @@ void Engine::hijack()
|
|||||||
{
|
{
|
||||||
if (!hijackThread) {
|
if (!hijackThread) {
|
||||||
ConsoleOutput("vnreng: hijack process");
|
ConsoleOutput("vnreng: hijack process");
|
||||||
hijackThread = IthCreateThread(hijackThreadProc, 0);
|
hijackThread = CreateRemoteThread(GetCurrentProcess(), nullptr, 0, hijackThreadProc, 0, 0, nullptr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -584,7 +584,7 @@ int TextHook::UnsafeInsertHookCode()
|
|||||||
|
|
||||||
// Verify hp.address.
|
// Verify hp.address.
|
||||||
MEMORY_BASIC_INFORMATION info = {};
|
MEMORY_BASIC_INFORMATION info = {};
|
||||||
NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)hp.address, MemoryBasicInformation, &info, sizeof(info), nullptr);
|
NtQueryVirtualMemory(GetCurrentProcess(), (LPVOID)hp.address, MemoryBasicInformation, &info, sizeof(info), nullptr);
|
||||||
if (info.Type & PAGE_NOACCESS) {
|
if (info.Type & PAGE_NOACCESS) {
|
||||||
ConsoleOutput("vnrcli:UnsafeInsertHookCode: FAILED: page no access");
|
ConsoleOutput("vnrcli:UnsafeInsertHookCode: FAILED: page no access");
|
||||||
return no;
|
return no;
|
||||||
@ -661,13 +661,13 @@ int TextHook::UnsafeInsertHookCode()
|
|||||||
// See: http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Memory%20Management/Virtual%20Memory/NtProtectVirtualMemory.html
|
// See: http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Memory%20Management/Virtual%20Memory/NtProtectVirtualMemory.html
|
||||||
// See: http://doxygen.reactos.org/d8/d6b/ndk_2mmfuncs_8h_af942709e0c57981d84586e74621912cd.html
|
// See: http://doxygen.reactos.org/d8/d6b/ndk_2mmfuncs_8h_af942709e0c57981d84586e74621912cd.html
|
||||||
DWORD addr = hp.address;
|
DWORD addr = hp.address;
|
||||||
NtProtectVirtualMemory(NtCurrentProcess(), (PVOID *)&addr, &t, PAGE_EXECUTE_READWRITE, &old);
|
NtProtectVirtualMemory(GetCurrentProcess(), (PVOID *)&addr, &t, PAGE_EXECUTE_READWRITE, &old);
|
||||||
NtWriteVirtualMemory(NtCurrentProcess(), (BYTE *)hp.address, inst, 5, &t);
|
NtWriteVirtualMemory(GetCurrentProcess(), (BYTE *)hp.address, inst, 5, &t);
|
||||||
len = hp.recover_len - 5;
|
len = hp.recover_len - 5;
|
||||||
if (len)
|
if (len)
|
||||||
NtWriteVirtualMemory(NtCurrentProcess(), (BYTE *)hp.address + 5, int3, len, &t);
|
NtWriteVirtualMemory(GetCurrentProcess(), (BYTE *)hp.address + 5, int3, len, &t);
|
||||||
NtFlushInstructionCache(NtCurrentProcess(), (LPVOID)hp.address, hp.recover_len);
|
NtFlushInstructionCache(GetCurrentProcess(), (LPVOID)hp.address, hp.recover_len);
|
||||||
NtFlushInstructionCache(NtCurrentProcess(), (LPVOID)::hookman, 0x1000);
|
NtFlushInstructionCache(GetCurrentProcess(), (LPVOID)::hookman, 0x1000);
|
||||||
//ConsoleOutput("vnrcli:UnsafeInsertHookCode: leave: succeed");
|
//ConsoleOutput("vnrcli:UnsafeInsertHookCode: leave: succeed");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -719,8 +719,8 @@ int TextHook::RemoveHook()
|
|||||||
//with_seh({ // jichi 9/17/2013: might crash ><
|
//with_seh({ // jichi 9/17/2013: might crash ><
|
||||||
// jichi 12/25/2013: Actually, __try cannot catch such kind of exception
|
// jichi 12/25/2013: Actually, __try cannot catch such kind of exception
|
||||||
ITH_TRY {
|
ITH_TRY {
|
||||||
NtWriteVirtualMemory(NtCurrentProcess(), (LPVOID)hp.address, original, hp.recover_len, &l);
|
NtWriteVirtualMemory(GetCurrentProcess(), (LPVOID)hp.address, original, hp.recover_len, &l);
|
||||||
NtFlushInstructionCache(NtCurrentProcess(), (LPVOID)hp.address, hp.recover_len);
|
NtFlushInstructionCache(GetCurrentProcess(), (LPVOID)hp.address, hp.recover_len);
|
||||||
} ITH_EXCEPT {}
|
} ITH_EXCEPT {}
|
||||||
//});
|
//});
|
||||||
hp.hook_len = 0;
|
hp.hook_len = 0;
|
||||||
@ -839,9 +839,9 @@ EXCEPTION_DISPOSITION ExceptHandler(EXCEPTION_RECORD *ExceptionRecord,
|
|||||||
//swprintf(str, L"Exception code: 0x%.8X", ExceptionRecord->ExceptionCode);
|
//swprintf(str, L"Exception code: 0x%.8X", ExceptionRecord->ExceptionCode);
|
||||||
//ConsoleOutput(str);
|
//ConsoleOutput(str);
|
||||||
//MEMORY_BASIC_INFORMATION info;
|
//MEMORY_BASIC_INFORMATION info;
|
||||||
//if (NT_SUCCESS(NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)ContextRecord->Eip,
|
//if (NT_SUCCESS(NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)ContextRecord->Eip,
|
||||||
// MemoryBasicInformation,&info,sizeof(info),0)) &&
|
// MemoryBasicInformation,&info,sizeof(info),0)) &&
|
||||||
// NT_SUCCESS(NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)ContextRecord->Eip,
|
// NT_SUCCESS(NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)ContextRecord->Eip,
|
||||||
// MemorySectionName,name,0x200,0))) {
|
// MemorySectionName,name,0x200,0))) {
|
||||||
// swprintf(str, L"Exception offset: 0x%.8X:%s",
|
// swprintf(str, L"Exception offset: 0x%.8X:%s",
|
||||||
// ContextRecord->Eip-(DWORD)info.AllocationBase,
|
// ContextRecord->Eip-(DWORD)info.AllocationBase,
|
||||||
@ -866,9 +866,9 @@ EXCEPTION_DISPOSITION ExceptHandler(EXCEPTION_RECORD *ExceptionRecord,
|
|||||||
//swprintf(str, L"Exception code: 0x%.8X", ExceptionRecord->ExceptionCode);
|
//swprintf(str, L"Exception code: 0x%.8X", ExceptionRecord->ExceptionCode);
|
||||||
//ConsoleOutput(str);
|
//ConsoleOutput(str);
|
||||||
//MEMORY_BASIC_INFORMATION info;
|
//MEMORY_BASIC_INFORMATION info;
|
||||||
//if (NT_SUCCESS(NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)ContextRecord->Eip,
|
//if (NT_SUCCESS(NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)ContextRecord->Eip,
|
||||||
// MemoryBasicInformation,&info,sizeof(info),0)) &&
|
// MemoryBasicInformation,&info,sizeof(info),0)) &&
|
||||||
// NT_SUCCESS(NtQueryVirtualMemory(NtCurrentProcess(),(PVOID)ContextRecord->Eip,
|
// NT_SUCCESS(NtQueryVirtualMemory(GetCurrentProcess(),(PVOID)ContextRecord->Eip,
|
||||||
// MemorySectionName,name,0x200,0))) {
|
// MemorySectionName,name,0x200,0))) {
|
||||||
// swprintf(str, L"Exception offset: 0x%.8X:%s",
|
// swprintf(str, L"Exception offset: 0x%.8X:%s",
|
||||||
// ContextRecord->Eip-(DWORD)info.AllocationBase,
|
// ContextRecord->Eip-(DWORD)info.AllocationBase,
|
||||||
|
@ -68,6 +68,7 @@ HANDLE
|
|||||||
hFile,
|
hFile,
|
||||||
hMutex,
|
hMutex,
|
||||||
hmMutex;
|
hmMutex;
|
||||||
|
HMODULE currentModule;
|
||||||
//DWORD current_process_id;
|
//DWORD current_process_id;
|
||||||
extern DWORD enter_count;
|
extern DWORD enter_count;
|
||||||
//extern LPWSTR current_dir;
|
//extern LPWSTR current_dir;
|
||||||
@ -157,27 +158,26 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
|
|||||||
|
|
||||||
IthInitSystemService();
|
IthInitSystemService();
|
||||||
|
|
||||||
swprintf(hm_section, ITH_SECTION_ L"%d", current_process_id);
|
swprintf(hm_section, ITH_SECTION_ L"%d", GetCurrentProcessId());
|
||||||
|
|
||||||
// jichi 9/25/2013: Interprocedural communication with vnrsrv.
|
// jichi 9/25/2013: Interprocedural communication with vnrsrv.
|
||||||
hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section);
|
hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section);
|
||||||
::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2);
|
::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2);
|
||||||
|
|
||||||
GetProcessName(::processName);
|
GetProcessName(::processName);
|
||||||
FillRange(::processName, &::processStartAddress, &::processStopAddress);
|
::processStartAddress = (DWORD)GetModuleHandleW(nullptr);
|
||||||
//NtInspect::getProcessMemoryRange(&::processStartAddress, &::processStopAddress);
|
|
||||||
|
|
||||||
{
|
{
|
||||||
wchar_t hm_mutex[0x100];
|
wchar_t hm_mutex[0x100];
|
||||||
swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", current_process_id);
|
swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", GetCurrentProcessId());
|
||||||
::hmMutex = IthCreateMutex(hm_mutex, FALSE);
|
::hmMutex = CreateMutexW(nullptr, FALSE, hm_mutex);
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
wchar_t dll_mutex[0x100];
|
wchar_t dll_mutex[0x100];
|
||||||
swprintf(dll_mutex, ITH_PROCESS_MUTEX_ L"%d", current_process_id);
|
swprintf(dll_mutex, ITH_PROCESS_MUTEX_ L"%d", GetCurrentProcessId());
|
||||||
DWORD exists;
|
DWORD exists;
|
||||||
::hMutex = IthCreateMutex(dll_mutex, TRUE, &exists); // jichi 9/18/2013: own is true, make sure the injected dll is singleton
|
::hMutex = CreateMutexW(nullptr, TRUE, dll_mutex); // jichi 9/18/2013: own is true, make sure the injected dll is singleton
|
||||||
if (exists)
|
if (GetLastError() == ERROR_ALREADY_EXISTS)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -186,8 +186,9 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
|
|||||||
::tree = new AVLTree<char, FunctionInfo, SCMP, SCPY, SLEN>;
|
::tree = new AVLTree<char, FunctionInfo, SCMP, SCPY, SLEN>;
|
||||||
AddAllModules();
|
AddAllModules();
|
||||||
InitFilterTable();
|
InitFilterTable();
|
||||||
|
::currentModule = hModule;
|
||||||
|
|
||||||
pipeThread = IthCreateThread(PipeManager, 0);
|
pipeThread = CreateRemoteThread(GetCurrentProcess(), nullptr, 0, PipeManager, 0, 0, nullptr);
|
||||||
} break;
|
} break;
|
||||||
case DLL_PROCESS_DETACH:
|
case DLL_PROCESS_DETACH:
|
||||||
{
|
{
|
||||||
@ -211,7 +212,7 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
|
|||||||
for (TextHook *man = ::hookman; man->RemoveHook(); man++);
|
for (TextHook *man = ::hookman; man->RemoveHook(); man++);
|
||||||
//LARGE_INTEGER lint = {-10000, -1};
|
//LARGE_INTEGER lint = {-10000, -1};
|
||||||
while (::enter_count)
|
while (::enter_count)
|
||||||
IthSleep(1); // jichi 9/28/2013: sleep for 1 ms
|
Sleep(1); // jichi 9/28/2013: sleep for 1 ms
|
||||||
//NtDelayExecution(0, &lint);
|
//NtDelayExecution(0, &lint);
|
||||||
for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++)
|
for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++)
|
||||||
man->ClearHook();
|
man->ClearHook();
|
||||||
|
@ -17,6 +17,7 @@
|
|||||||
#include <cstdio> // for swprintf
|
#include <cstdio> // for swprintf
|
||||||
|
|
||||||
HANDLE hookPipe;
|
HANDLE hookPipe;
|
||||||
|
extern HMODULE currentModule;
|
||||||
|
|
||||||
DWORD WINAPI PipeManager(LPVOID unused)
|
DWORD WINAPI PipeManager(LPVOID unused)
|
||||||
{
|
{
|
||||||
@ -41,7 +42,8 @@ DWORD WINAPI PipeManager(LPVOID unused)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
WriteFile(::hookPipe, &::current_process_id, sizeof(::current_process_id), nullptr, nullptr);
|
*(DWORD*)buffer = GetCurrentProcessId();
|
||||||
|
WriteFile(::hookPipe, buffer, sizeof(DWORD), nullptr, nullptr);
|
||||||
|
|
||||||
for (int i = 0, count = 0; count < ::currentHook; i++)
|
for (int i = 0, count = 0; count < ::currentHook; i++)
|
||||||
{
|
{
|
||||||
@ -112,7 +114,7 @@ DWORD WINAPI PipeManager(LPVOID unused)
|
|||||||
CloseHandle(::hookPipe);
|
CloseHandle(::hookPipe);
|
||||||
CloseHandle(hostPipe);
|
CloseHandle(hostPipe);
|
||||||
}
|
}
|
||||||
Util::unloadCurrentModule();
|
FreeLibraryAndExitThread(::currentModule, 0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -302,26 +302,4 @@ termin:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
EXTERN_C IMAGE_DOS_HEADER __ImageBase;
|
|
||||||
// See: http://stackoverflow.com/questions/3410130/dll-unloading-itself
|
|
||||||
// TODO: This doesn't always work. Fix it.
|
|
||||||
bool Util::unloadCurrentModule()
|
|
||||||
{
|
|
||||||
auto fun = ::FreeLibrary;
|
|
||||||
//auto fun = ::LdrUnloadDll;
|
|
||||||
if (HANDLE h = ::IthCreateThread(fun, (DWORD)&__ImageBase)) {
|
|
||||||
//const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
|
|
||||||
//NtWaitForSingleObject(h, 0, (PLARGE_INTEGER)&timeout);
|
|
||||||
CloseHandle(h);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// CreateThread does not always work on Windows XP. Use IthCreateThread (i.e. CreateRemoteThread under the water) instead.
|
|
||||||
//if (HANDLE h = ::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)fun, &__ImageBase, 0, NULL)) {
|
|
||||||
// ::CloseHandle(h);
|
|
||||||
// return true;
|
|
||||||
//}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// EOF
|
// EOF
|
||||||
|
Loading…
x
Reference in New Issue
Block a user