mirror of
synced 2025-01-11 10:09:15 +08:00
remove ntinspect
This commit is contained in:
@ -1,209 +0,0 @@
// ntinspect.cc
// 4/20/2014 jichi
#include "ntdll/ntdll.h"
#include "ntinspect/ntinspect.h"
// https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral
//#ifdef _MSC_VER
//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch
//#endif // _MSC_VER
namespace { // unnamed
// Replacement of wcscpy_s which is not available on Windows XP's msvcrt
// http://sakuradite.com/topic/247
errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source)
size_t len = min(bufferSize - 1, wcslen(source));
buffer[len] = 0;
if (len)
memcpy(buffer, source, len * 2);
return 0;
} // unnamed namespace
// https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral
HMODULE getCurrentModuleHandle() { return (HMODULE)&__ImageBase; }
/** Memory range */
BOOL getProcessName(LPWSTR buffer, int bufferSize)
mov eax,fs:[0x30]
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov it,eax
// jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll
//return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer);
return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer);
// See: ITH FillRange
BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound)
LIST_ENTRY *begin;
mov eax,fs:[0x30]
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov it,eax
mov begin,eax
while (it->SizeOfImage) {
if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) {
DWORD lower = (DWORD)it->DllBase;
if (lowerBound)
*lowerBound = lower;
if (upperBound) {
DWORD upper = lower;
DWORD size = 0;
do {
DWORD len;
// Nt function is needed instead of VirtualQuery, which only works for the current process
::NtQueryVirtualMemory(GetCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
if (mbi.Protect & PAGE_NOACCESS) {
it->SizeOfImage = size;
size += mbi.RegionSize;
upper += mbi.RegionSize;
} while (size < it->SizeOfImage);
*upperBound = upper;
return TRUE;
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
if (it->InLoadOrderModuleList.Flink == begin)
return FALSE;
BOOL getProcessMemoryRange(DWORD *lowerBound, DWORD *upperBound)
WCHAR procName[MAX_PATH]; // cached
*lowerBound = 0;
*upperBound = 0;
return getProcessName(procName, MAX_PATH)
&& getModuleMemoryRange(procName, lowerBound, upperBound);
/** Module header */
// See: ITH AddAllModules
bool iterModule(const iter_module_fun_t &fun)
// Iterate loaded modules
PPEB ppeb;
__asm {
mov eax, fs:[0x30]
mov ppeb, eax
const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList;
for (auto it = (PLDR_DATA_TABLE_ENTRY)start;
it->SizeOfImage && *(DWORD *)it != start;
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink)
if (!fun((HMODULE)it->DllBase, it->BaseDllName.Buffer))
return false;
return true;
// See: ITH AddAllModules
DWORD getExportFunction(LPCSTR funcName)
// Iterate loaded modules
PPEB ppeb;
__asm {
mov eax, fs:[0x30]
mov ppeb, eax
const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList;
for (auto it = (PLDR_DATA_TABLE_ENTRY)start;
it->SizeOfImage && *(DWORD *)it != start;
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink) {
//if (moduleName && ::wcscmp(moduleName, it->BaseDllName.Buffer)) // BaseDllName.Buffer == moduleName
// continue;
if (DWORD addr = getModuleExportFunction((HMODULE)it->DllBase, funcName))
return addr;
return 0;
// See: ITH AddModule
DWORD getModuleExportFunction(HMODULE hModule, LPCSTR funcName)
if (!hModule)
return 0;
DWORD startAddress = (DWORD)hModule;
if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
DWORD dwReadAddr = startAddress + DosHdr->e_lfanew;
if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
DWORD dwExportAddr = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if (dwExportAddr == 0)
return 0;
dwExportAddr += startAddress;
dwExportAddr = startAddress + ExtDir->AddressOfNames;
for (UINT uj = 0; uj < ExtDir->NumberOfNames; uj++) {
DWORD dwFuncName = *(DWORD *)dwExportAddr;
LPCSTR pcFuncName = (LPCSTR)(startAddress + dwFuncName);
if (::strcmp(funcName, pcFuncName) == 0) {
char *pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfNameOrdinals+(uj * sizeof(WORD)));
WORD word = *(WORD *)pcFuncPtr;
pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfFunctions+(word * sizeof(DWORD)));
return startAddress + *(DWORD *)pcFuncPtr; // absolute address
dwExportAddr += sizeof(DWORD);
return 0;
// See: ITH FindImportEntry
DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress)
if (!hModule)
return 0;
DWORD startAddress = (DWORD)hModule;
if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) {
IMAGE_NT_HEADERS *NtHdr = (IMAGE_NT_HEADERS *)(startAddress + DosHdr->e_lfanew);
if (IMAGE_NT_SIGNATURE == NtHdr->Signature) {
DWORD IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress;
DWORD end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size;
IAT += startAddress;
end += IAT;
for (DWORD pt = IAT; pt < end; pt += 4) {
DWORD addr = *(DWORD *)pt;
if (addr == (DWORD)exportAddress)
return pt;
return 0;
// EOF
@ -1,90 +0,0 @@
#pragma once
// ntinspect.h
// 4/20/2014 jichi
#include <windows.h>
# include <functional>
#endif // MEMDBG_NO_STL
# define NTINSPECT_BEGIN_NAMESPACE namespace NtInspect {
# define NTINSPECT_END_NAMESPACE } // NtInspect
// Get the module handle of the current module (not the current process that is GetModuleHandleA(0))
HMODULE getCurrentModuleHandle();
/// Get current module name in fs:0x30
BOOL getProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize);
* Get the memory range of the module if succeed
* @param moduleName
* @param[out[ lowerBound
* @param[out] upperBound
* @return if succeed
BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
/// Get memory of the current process module
BOOL getProcessMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
/// Iterate module information and return false if abort iteration.
typedef std::function<bool (HMODULE hModule, LPCWSTR moduleName)> iter_module_fun_t;
typedef bool (* iter_module_fun_t)(HMODULE hModule, LPCWSTR moduleName);
* Iterate all modules
* @param fun the first parameter is the address of the caller, and the second parameter is the address of the call itself
* @return false if return early, and true if iterate all elements
bool iterModule(const iter_module_fun_t &fun);
* Return the absolute address of the function imported from the given module
* @param functionName
* @param* hModule find from any module when null
* @return function address or 0
DWORD getModuleExportFunction(HMODULE hModule, LPCSTR functionName);
inline DWORD getModuleExportFunctionA(LPCSTR moduleName, LPCSTR functionName)
{ return getModuleExportFunction(::GetModuleHandleA(moduleName), functionName); }
inline DWORD getModuleExportFunctionW(LPCWSTR moduleName, LPCSTR functionName)
{ return getModuleExportFunction(::GetModuleHandleW(moduleName), functionName); }
/// Get the function address exported from any module
DWORD getExportFunction(LPCSTR functionName);
* Get the import address in the specified module
* @param hModule
* @param exportAddress absolute address of the function exported from other modules
* @return function address or 0
DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress);
inline DWORD getModuleImportAddressA(LPCSTR moduleName, DWORD exportAddress)
{ return getModuleImportAddress(::GetModuleHandleA(moduleName), exportAddress); }
inline DWORD getModuleImportAddressW(LPCWSTR moduleName, DWORD exportAddress)
{ return getModuleImportAddress(::GetModuleHandleW(moduleName), exportAddress); }
/// Get the import address in the current executable
inline DWORD getProcessImportAddress(DWORD exportAddress)
{ return getModuleImportAddress(::GetModuleHandleA(nullptr), exportAddress); }
// EOF
@ -47,8 +47,6 @@ set(vnrhook_src
@ -1400,7 +1400,7 @@ bool KiriKiriZHook1(DWORD esp_base, HookParam *)
bool InsertKiriKiriZHook1()
bool InsertKiriKiriZHook1()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:KiriKiriZ1: failed to get memory range");
ConsoleOutput("vnreng:KiriKiriZ1: failed to get memory range");
return false;
return false;
@ -2653,7 +2653,7 @@ void SpecialHookSiglus4(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, DWORD
bool InsertSiglus4Hook()
bool InsertSiglus4Hook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Siglus4: failed to get memory range");
ConsoleOutput("vnreng:Siglus4: failed to get memory range");
return false;
return false;
@ -4114,7 +4114,7 @@ bool InsertMajiroHook()
// jichi 7/12/2014: Change to accurate memory ranges
// jichi 7/12/2014: Change to accurate memory ranges
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Majiro: failed to get memory range");
ConsoleOutput("vnreng:Majiro: failed to get memory range");
return false;
return false;
@ -4171,7 +4171,7 @@ bool InsertCMVS1Hook()
// jichi 7/12/2014: Change to accurate memory ranges
// jichi 7/12/2014: Change to accurate memory ranges
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:CMVS1: failed to get memory range");
ConsoleOutput("vnreng:CMVS1: failed to get memory range");
return false;
return false;
@ -5549,9 +5549,7 @@ bool InsertSystem43Hook()
//bool patched = Util::CheckFile(L"AliceRunPatch.dll");
//bool patched = Util::CheckFile(L"AliceRunPatch.dll");
bool patched = ::GetModuleHandleA("AliceRunPatch.dll");
bool patched = ::GetModuleHandleA("AliceRunPatch.dll");
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (patched ?
if (!FillRange(process_name_,&startAddress, &stopAddress)) {
!NtInspect::getModuleMemoryRange(L"AliceRunPatch.dll", &startAddress, &stopAddress) :
!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
ConsoleOutput("vnreng:System43: failed to get memory range");
ConsoleOutput("vnreng:System43: failed to get memory range");
return false;
return false;
@ -6315,7 +6313,7 @@ bool InsertCotophaHook()
// jichi 7/12/2014: Change to accurate memory ranges
// jichi 7/12/2014: Change to accurate memory ranges
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Cotopha: failed to get memory range");
ConsoleOutput("vnreng:Cotopha: failed to get memory range");
return false;
return false;
@ -6497,7 +6495,7 @@ bool InsertCatSystemHook()
// jichi 7/12/2014: Change to accurate memory ranges
// jichi 7/12/2014: Change to accurate memory ranges
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:CatSystem2: failed to get memory range");
ConsoleOutput("vnreng:CatSystem2: failed to get memory range");
return false;
return false;
@ -8270,7 +8268,7 @@ void SpecialHookDebonosuName(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, D
bool InsertDebonosuNameHook()
bool InsertDebonosuNameHook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Silkys: failed to get memory range");
ConsoleOutput("vnreng:Silkys: failed to get memory range");
return false;
return false;
@ -8764,7 +8762,7 @@ void SpecialHookWolf2(DWORD esp_base, HookParam *, BYTE, DWORD *data, DWORD *spl
bool InsertWolf2Hook()
bool InsertWolf2Hook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:WolfRPG2: failed to get memory range");
ConsoleOutput("vnreng:WolfRPG2: failed to get memory range");
return false;
return false;
@ -9105,7 +9103,7 @@ namespace { // unnamed
static bool InsertWillPlusHook2() // jichi 1/18/2015: Add new hook
static bool InsertWillPlusHook2() // jichi 1/18/2015: Add new hook
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:WillPlus2: failed to get memory range");
ConsoleOutput("vnreng:WillPlus2: failed to get memory range");
return false;
return false;
@ -9740,7 +9738,7 @@ static bool InsertGXP1Hook()
static bool InsertGXP2Hook()
static bool InsertGXP2Hook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
if (!FillRange(process_name_,&startAddress, &stopAddress)) {
ConsoleOutput("vnreng:GXP2: failed to get memory range");
ConsoleOutput("vnreng:GXP2: failed to get memory range");
return false;
return false;
@ -9941,7 +9939,7 @@ bool InsertNextonHook()
enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8
enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
if (!FillRange(process_name_,&startAddress, &stopAddress)) {
ConsoleOutput("vnreng:NEXTON: failed to get memory range");
ConsoleOutput("vnreng:NEXTON: failed to get memory range");
return false;
return false;
@ -10203,7 +10201,7 @@ bool InsertNexton1Hook()
// Use accurate stopAddress in case of running out of memory
// Use accurate stopAddress in case of running out of memory
// Since the file pattern for Nexton1 is not accurate.
// Since the file pattern for Nexton1 is not accurate.
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) {
if (!FillRange(process_name_,&startAddress, &stopAddress)) {
ConsoleOutput("vnreng:NEXTON1: failed to get memory range");
ConsoleOutput("vnreng:NEXTON1: failed to get memory range");
return false;
return false;
@ -11843,7 +11841,7 @@ static void SpecialHookSilkys(DWORD esp_base, HookParam *, BYTE, DWORD *data, DW
bool InsertSilkysHook()
bool InsertSilkysHook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Silkys: failed to get memory range");
ConsoleOutput("vnreng:Silkys: failed to get memory range");
return false;
return false;
@ -12321,7 +12319,7 @@ bool InsertSilkysHook()
bool InsertEushullyHook()
bool InsertEushullyHook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:Eushully: failed to get memory range");
ConsoleOutput("vnreng:Eushully: failed to get memory range");
return false;
return false;
@ -15905,7 +15903,7 @@ bool InsertShinyDaysGameHook()
bool InsertLovaGameHook()
bool InsertLovaGameHook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:LOVA: failed to get memory range");
ConsoleOutput("vnreng:LOVA: failed to get memory range");
return false;
return false;
@ -16584,7 +16582,7 @@ bool InsertPPSSPPHLEHooks()
ConsoleOutput("vnreng: PPSSPP HLE: enter");
ConsoleOutput("vnreng: PPSSPP HLE: enter");
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng:PPSSPP HLE: failed to get memory range");
ConsoleOutput("vnreng:PPSSPP HLE: failed to get memory range");
return false;
return false;
@ -19218,7 +19216,7 @@ static void SpecialPPSSPPHookOtomate(DWORD esp_base, HookParam *hp, BYTE, DWORD
bool InsertOtomatePPSSPPHook()
bool InsertOtomatePPSSPPHook()
ULONG startAddress, stopAddress;
ULONG startAddress, stopAddress;
if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress
if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress
ConsoleOutput("vnreng: Otomate PPSSPP: failed to get memory range");
ConsoleOutput("vnreng: Otomate PPSSPP: failed to get memory range");
return false;
return false;
Reference in New Issue
Block a user