remove ntinspect

2024-12-24 01:14:12 +08:00 · 2018-06-16 03:49:56 -04:00 · 2018-06-16 03:49:56 -04:00 · e3f64131f6
commit e3f64131f6
parent 8cfb3def97
4 changed files with 18 additions and 321 deletions
--- a/vnr/ntinspect/ntinspect.cc
+++ b/vnr/ntinspect/ntinspect.cc
@ -1,209 +0,0 @@
 // ntinspect.cc
 // 4/20/2014 jichi
 #include "ntdll/ntdll.h"
 #include "ntinspect/ntinspect.h"
 // https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral
 EXTERN_C IMAGE_DOS_HEADER __ImageBase;
 //#ifdef _MSC_VER
 //# pragma warning(disable:4018) // C4018: signed/unsigned mismatch
 //#endif // _MSC_VER
 namespace { // unnamed
 // Replacement of wcscpy_s which is not available on Windows XP's msvcrt
 // http://sakuradite.com/topic/247
 errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source)
 {
  size_t len = min(bufferSize - 1, wcslen(source));
  buffer[len] = 0;
  if (len)
    memcpy(buffer, source, len * 2);
  return 0;
 }
 } // unnamed namespace
 NTINSPECT_BEGIN_NAMESPACE
 // https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral
 HMODULE getCurrentModuleHandle() { return (HMODULE)&__ImageBase; }
 /** Memory range */
 BOOL getProcessName(LPWSTR buffer, int bufferSize)
 {
  //assert(name);
  PLDR_DATA_TABLE_ENTRY it;
  __asm
  {
    mov eax,fs:[0x30]
    mov eax,[eax+0xc]
    mov eax,[eax+0xc]
    mov it,eax
  }
  // jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll
  //return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer);
  return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer);
 }
 // See: ITH FillRange
 BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound)
 {
  //assert(lower);
  //assert(upper);
  PLDR_DATA_TABLE_ENTRY it;
  LIST_ENTRY *begin;
  __asm
  {
    mov eax,fs:[0x30]
    mov eax,[eax+0xc]
    mov eax,[eax+0xc]
    mov it,eax
    mov begin,eax
  }
  while (it->SizeOfImage) {
    if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) {
      DWORD lower = (DWORD)it->DllBase;
      if (lowerBound)
        *lowerBound = lower;
      if (upperBound) {
        DWORD upper = lower;
        MEMORY_BASIC_INFORMATION mbi = {};
        DWORD size = 0;
        do {
          DWORD len;
          // Nt function is needed instead of VirtualQuery, which only works for the current process
          ::NtQueryVirtualMemory(GetCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
          if (mbi.Protect & PAGE_NOACCESS) {
            it->SizeOfImage = size;
            break;
          }
          size += mbi.RegionSize;
          upper += mbi.RegionSize;
        } while (size < it->SizeOfImage);
        *upperBound = upper;
      }
      return TRUE;
    }
    it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
    if (it->InLoadOrderModuleList.Flink == begin)
      break;
  }
  return FALSE;
 }
 BOOL getProcessMemoryRange(DWORD *lowerBound, DWORD *upperBound)
 {
  WCHAR procName[MAX_PATH]; // cached
  *lowerBound = 0;
  *upperBound = 0;
  return getProcessName(procName, MAX_PATH)
      && getModuleMemoryRange(procName, lowerBound, upperBound);
 }
 /** Module header */
 // See: ITH AddAllModules
 bool iterModule(const iter_module_fun_t &fun)
 {
  // Iterate loaded modules
  PPEB ppeb;
  __asm {
    mov eax, fs:[0x30]
    mov ppeb, eax
  }
  const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList;
  for (auto it = (PLDR_DATA_TABLE_ENTRY)start;
      it->SizeOfImage && *(DWORD *)it != start;
      it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink)
    if (!fun((HMODULE)it->DllBase, it->BaseDllName.Buffer))
      return false;
  return true;
 }
 // See: ITH AddAllModules
 DWORD getExportFunction(LPCSTR funcName)
 {
  // Iterate loaded modules
  PPEB ppeb;
  __asm {
    mov eax, fs:[0x30]
    mov ppeb, eax
  }
  const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList;
  for (auto it = (PLDR_DATA_TABLE_ENTRY)start;
      it->SizeOfImage && *(DWORD *)it != start;
      it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink) {
    //if (moduleName && ::wcscmp(moduleName, it->BaseDllName.Buffer)) // BaseDllName.Buffer == moduleName
    //  continue;
    if (DWORD addr = getModuleExportFunction((HMODULE)it->DllBase, funcName))
      return addr;
  }
  return 0;
 }
 // See: ITH AddModule
 DWORD getModuleExportFunction(HMODULE hModule, LPCSTR funcName)
 {
  if (!hModule)
    return 0;
  DWORD startAddress = (DWORD)hModule;
  IMAGE_DOS_HEADER *DosHdr = (IMAGE_DOS_HEADER *)hModule;
  if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
    DWORD dwReadAddr = startAddress + DosHdr->e_lfanew;
    IMAGE_NT_HEADERS *NtHdr = (IMAGE_NT_HEADERS *)dwReadAddr;
    if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
      DWORD dwExportAddr = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
      if (dwExportAddr == 0)
        return 0;
      dwExportAddr += startAddress;
      IMAGE_EXPORT_DIRECTORY *ExtDir = (IMAGE_EXPORT_DIRECTORY *)dwExportAddr;
      dwExportAddr = startAddress + ExtDir->AddressOfNames;
      for (UINT uj = 0; uj < ExtDir->NumberOfNames; uj++) {
        DWORD dwFuncName = *(DWORD *)dwExportAddr;
        LPCSTR pcFuncName = (LPCSTR)(startAddress + dwFuncName);
        if (::strcmp(funcName, pcFuncName) == 0) {
          char *pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfNameOrdinals+(uj * sizeof(WORD)));
          WORD word = *(WORD *)pcFuncPtr;
          pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfFunctions+(word * sizeof(DWORD)));
          return startAddress + *(DWORD *)pcFuncPtr; // absolute address
        }
        dwExportAddr += sizeof(DWORD);
      }
    }
  }
  return 0;
 }
 // See: ITH FindImportEntry
 DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress)
 {
  if (!hModule)
    return 0;
  DWORD startAddress = (DWORD)hModule;
  IMAGE_DOS_HEADER *DosHdr = (IMAGE_DOS_HEADER *)hModule;
  if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
    IMAGE_NT_HEADERS *NtHdr = (IMAGE_NT_HEADERS *)(startAddress + DosHdr->e_lfanew);
    if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
      DWORD IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress;
      DWORD end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size;
      IAT += startAddress;
      end += IAT;
      for (DWORD pt = IAT; pt < end; pt += 4) {
        DWORD addr = *(DWORD *)pt;
        if (addr == (DWORD)exportAddress)
          return pt;
      }
    }
  }
  return 0;
 }
 NTINSPECT_END_NAMESPACE
 // EOF
--- a/vnr/ntinspect/ntinspect.h
+++ b/vnr/ntinspect/ntinspect.h
@ -1,90 +0,0 @@
 #pragma once
 // ntinspect.h
 // 4/20/2014 jichi
 #include <windows.h>
 #ifndef MEMDBG_NO_STL
 # include <functional>
 #endif // MEMDBG_NO_STL
 #ifndef NTINSPECT_BEGIN_NAMESPACE
 # define NTINSPECT_BEGIN_NAMESPACE  namespace NtInspect {
 #endif
 #ifndef NTINSPECT_END_NAMESPACE
 # define NTINSPECT_END_NAMESPACE    } // NtInspect
 #endif
 NTINSPECT_BEGIN_NAMESPACE
 // Get the module handle of the current module (not the current process that is GetModuleHandleA(0))
 HMODULE getCurrentModuleHandle();
 ///  Get current module name in fs:0x30
 BOOL getProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize);
 /**
 *  Get the memory range of the module if succeed
 *  @param  moduleName
 *  @param[out[  lowerBound
 *  @param[out]  upperBound
 *  @return  if succeed
 */
 BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
 ///  Get memory of the current process module
 BOOL getProcessMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
 #ifndef NTINSPECT_NO_STL
 ///  Iterate module information and return false if abort iteration.
 typedef std::function<bool (HMODULE hModule, LPCWSTR moduleName)> iter_module_fun_t;
 #else
 typedef bool (* iter_module_fun_t)(HMODULE hModule, LPCWSTR moduleName);
 #endif // NTINSPECT_NO_STL
 /**
 *  Iterate all modules
 *  @param  fun  the first parameter is the address of the caller, and the second parameter is the address of the call itself
 *  @return  false if return early, and true if iterate all elements
 */
 bool iterModule(const iter_module_fun_t &fun);
 /**
 *  Return the absolute address of the function imported from the given module
 *  @param  functionName
 *  @param* hModule  find from any module when null
 *  @return  function address or 0
 */
 DWORD getModuleExportFunction(HMODULE hModule, LPCSTR functionName);
 inline DWORD getModuleExportFunctionA(LPCSTR moduleName, LPCSTR functionName)
 { return getModuleExportFunction(::GetModuleHandleA(moduleName), functionName); }
 inline DWORD getModuleExportFunctionW(LPCWSTR moduleName, LPCSTR functionName)
 { return getModuleExportFunction(::GetModuleHandleW(moduleName), functionName); }
 ///  Get the function address exported from any module
 DWORD getExportFunction(LPCSTR functionName);
 /**
 *  Get the import address in the specified module
 *  @param  hModule
 *  @param  exportAddress  absolute address of the function exported from other modules
 *  @return  function address or 0
 */
 DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress);
 inline DWORD getModuleImportAddressA(LPCSTR moduleName, DWORD exportAddress)
 { return getModuleImportAddress(::GetModuleHandleA(moduleName), exportAddress); }
 inline DWORD getModuleImportAddressW(LPCWSTR moduleName, DWORD exportAddress)
 { return getModuleImportAddress(::GetModuleHandleW(moduleName), exportAddress); }
 ///  Get the import address in the current executable
 inline DWORD getProcessImportAddress(DWORD exportAddress)
 { return getModuleImportAddress(::GetModuleHandleA(nullptr), exportAddress); }
 NTINSPECT_END_NAMESPACE
 // EOF
--- a/vnr/vnrhook/CMakeLists.txt
+++ b/vnr/vnrhook/CMakeLists.txt
@ -47,8 +47,6 @@ set(vnrhook_src
  ${PROJECT_SOURCE_DIR}/memdbg/memdbg.h
  ${PROJECT_SOURCE_DIR}/memdbg/memsearch.cc
  ${PROJECT_SOURCE_DIR}/memdbg/memsearch.h
  ${PROJECT_SOURCE_DIR}/ntinspect/ntinspect.cc
  ${PROJECT_SOURCE_DIR}/ntinspect/ntinspect.h
  ${PROJECT_SOURCE_DIR}/mono/monoobject.h
  ${PROJECT_SOURCE_DIR}/mono/monotype.h
 )
--- a/vnr/vnrhook/src/engine/engine.cc
+++ b/vnr/vnrhook/src/engine/engine.cc
@ -1400,7 +1400,7 @@ bool KiriKiriZHook1(DWORD esp_base, HookParam *)
 bool InsertKiriKiriZHook1()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:KiriKiriZ1: failed to get memory range");
    return false;
  }
@ -2653,7 +2653,7 @@ void SpecialHookSiglus4(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, DWORD
 bool InsertSiglus4Hook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Siglus4: failed to get memory range");
    return false;
  }
@ -4114,7 +4114,7 @@ bool InsertMajiroHook()
 {
  // jichi 7/12/2014: Change to accurate memory ranges
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Majiro: failed to get memory range");
    return false;
  }
@ -4171,7 +4171,7 @@ bool InsertCMVS1Hook()
 {
  // jichi 7/12/2014: Change to accurate memory ranges
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:CMVS1: failed to get memory range");
    return false;
  }
@ -5549,9 +5549,7 @@ bool InsertSystem43Hook()
  //bool patched = Util::CheckFile(L"AliceRunPatch.dll");
  bool patched = ::GetModuleHandleA("AliceRunPatch.dll");
  ULONG startAddress, stopAddress;
-  if (patched ?
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) {
      !NtInspect::getModuleMemoryRange(L"AliceRunPatch.dll", &startAddress, &stopAddress) :
      !NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
    ConsoleOutput("vnreng:System43: failed to get memory range");
    return false;
  }
@ -6315,7 +6313,7 @@ bool InsertCotophaHook()
 {
  // jichi 7/12/2014: Change to accurate memory ranges
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Cotopha: failed to get memory range");
    return false;
  }
@ -6497,7 +6495,7 @@ bool InsertCatSystemHook()
  // jichi 7/12/2014: Change to accurate memory ranges
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:CatSystem2: failed to get memory range");
    return false;
  }
@ -8270,7 +8268,7 @@ void SpecialHookDebonosuName(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, D
 bool InsertDebonosuNameHook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Silkys: failed to get memory range");
    return false;
  }
@ -8764,7 +8762,7 @@ void SpecialHookWolf2(DWORD esp_base, HookParam *, BYTE, DWORD *data, DWORD *spl
 bool InsertWolf2Hook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:WolfRPG2: failed to get memory range");
    return false;
  }
@ -9105,7 +9103,7 @@ namespace { // unnamed
 static bool InsertWillPlusHook2() // jichi 1/18/2015: Add new hook
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:WillPlus2: failed to get memory range");
    return false;
  }
@ -9740,7 +9738,7 @@ static bool InsertGXP1Hook()
 static bool InsertGXP2Hook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) {
    ConsoleOutput("vnreng:GXP2: failed to get memory range");
    return false;
  }
@ -9941,7 +9939,7 @@ bool InsertNextonHook()
  };
  enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) {
    ConsoleOutput("vnreng:NEXTON: failed to get memory range");
    return false;
  }
@ -10203,7 +10201,7 @@ bool InsertNexton1Hook()
  // Use accurate stopAddress in case of running out of memory
  // Since the file pattern for Nexton1 is not accurate.
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) {
    ConsoleOutput("vnreng:NEXTON1: failed to get memory range");
    return false;
  }
@ -11843,7 +11841,7 @@ static void SpecialHookSilkys(DWORD esp_base, HookParam *, BYTE, DWORD *data, DW
 bool InsertSilkysHook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Silkys: failed to get memory range");
    return false;
  }
@ -12321,7 +12319,7 @@ bool InsertSilkysHook()
 bool InsertEushullyHook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:Eushully: failed to get memory range");
    return false;
  }
@ -15905,7 +15903,7 @@ bool InsertShinyDaysGameHook()
 bool InsertLovaGameHook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:LOVA: failed to get memory range");
    return false;
  }
@ -16584,7 +16582,7 @@ bool InsertPPSSPPHLEHooks()
 {
  ConsoleOutput("vnreng: PPSSPP HLE: enter");
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng:PPSSPP HLE: failed to get memory range");
    return false;
  }
@ -19218,7 +19216,7 @@ static void SpecialPPSSPPHookOtomate(DWORD esp_base, HookParam *hp, BYTE, DWORD
 bool InsertOtomatePPSSPPHook()
 {
  ULONG startAddress, stopAddress;
-  if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
+  if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
    ConsoleOutput("vnreng: Otomate PPSSPP: failed to get memory range");
    return false;
  }