mirror of
https://github.com/Detanup01/gbe_fork.git
synced 2024-11-27 05:04:01 +08:00
Merge pull request #88 from otavepto/dev
support a bind variant from 2014
This commit is contained in:
commit
ca1ed5fef4
@ -29,7 +29,7 @@ typedef struct _StubSnrDetails_t {
|
|||||||
} StubSnrDetails_t;
|
} StubSnrDetails_t;
|
||||||
|
|
||||||
typedef struct _BindSnrDetails_t {
|
typedef struct _BindSnrDetails_t {
|
||||||
std::string bind_detection_patt{}; // inside .bind
|
std::vector<std::string> bind_detection_patts{}; // any pattern inside .bind
|
||||||
std::vector<StubSnrDetails_t> stub_details{};
|
std::vector<StubSnrDetails_t> stub_details{};
|
||||||
} BindSnrDetails_t;
|
} BindSnrDetails_t;
|
||||||
|
|
||||||
@ -38,16 +38,18 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
// x64
|
// x64
|
||||||
#if defined(_WIN64)
|
#if defined(_WIN64)
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF 94 24 ?? ?? ?? ?? 88 44 24 ?? 0F BE 44 24 ?? 83 ?? 30 74 ?? E9", // appid 1684350
|
"FF 94 24 ?? ?? ?? ?? 88 44 24 ?? 0F BE 44 24 ?? 83 ?? 30 74 ?? E9", // appid 1684350
|
||||||
// stub_details
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"??",
|
"??",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
||||||
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
||||||
@ -65,16 +67,18 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF D? 44 0F B6 ?? 3C 30 0F 85", // appid: 537450 (rare, only found in this appid!)
|
"FF D? 44 0F B6 ?? 3C 30 0F 85", // appid: 537450 (rare, only found in this appid!)
|
||||||
// stub_details
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"??",
|
"??",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
||||||
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
||||||
@ -96,16 +100,18 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
// x32
|
// x32
|
||||||
#if !defined(_WIN64)
|
#if !defined(_WIN64)
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF 95 ?? ?? ?? ?? 88 45 ?? 0F BE 4D ?? 83 ?? 30 74 ?? E9", // appid 588650
|
"FF 95 ?? ?? ?? ?? 88 45 ?? 0F BE 4D ?? 83 ?? 30 74 ?? E9", // appid 588650
|
||||||
// stub_details
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"??",
|
"??",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
// patt 1 is a bunch of checks for registry + files validity (including custom DOS stub)
|
||||||
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
// patt 2 is again a bunch of checks + creates some interfaces via steamclient + calls getappownershipticket()
|
||||||
@ -123,16 +129,18 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF 95 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? 89 ?? ?? ?? ?? ?? 83 A5 ?? ?? ?? ?? ?? EB", // appid 201790
|
"FF 95 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? 89 ?? ?? ?? ?? ?? 83 A5 ?? ?? ?? ?? ?? EB", // appid 201790
|
||||||
// stub_details
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"??",
|
"??",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
true, // appid 48000
|
true, // appid 48000
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
"F6 C? 02 0F 85 ?? ?? ?? ?? 5? FF ?? 6?",
|
"F6 C? 02 0F 85 ?? ?? ?? ?? 5? FF ?? 6?",
|
||||||
@ -152,16 +160,19 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF D? 88 45 ?? 3C 30 0F 85 ?? ?? ?? ?? B8 4D 5A",
|
"FF D? 88 45 ?? 3C 30 0F 85 ?? ?? ?? ?? B8 4D 5A",
|
||||||
// stub_details
|
"FF D? 88 45 ?? 3C 30 0F 84 ?? ?? ?? ?? FF 9?", // appid 251390
|
||||||
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"??",
|
"??",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
"5? E8 ?? ?? ?? ?? 83 C4 ?? 88 45 ?? 3C 30 0F 84",
|
"5? E8 ?? ?? ?? ?? 83 C4 ?? 88 45 ?? 3C 30 0F 84",
|
||||||
@ -177,16 +188,18 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
// bind_detection_patt
|
// bind_detection_patts[]
|
||||||
|
{
|
||||||
"FF 95 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 83 A5 ?? ?? ?? ?? ?? EB", // appids: 31290, 94530, 37010
|
"FF 95 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 83 A5 ?? ?? ?? ?? ?? EB", // appids: 31290, 94530, 37010
|
||||||
// stub_details
|
},
|
||||||
|
// stub_details[]
|
||||||
{
|
{
|
||||||
{ // appid 31290, 37010
|
{ // appid 31290, 37010
|
||||||
// stub_detection_patt
|
// stub_detection_patt
|
||||||
"F6 05 ?? ?? ?? ?? 04 0F 85 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89",
|
"F6 05 ?? ?? ?? ?? 04 0F 85 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
"F6 C? 02 89 ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 0F 85",
|
"F6 C? 02 89 ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 0F 85",
|
||||||
@ -200,7 +213,7 @@ static const std::vector<BindSnrDetails_t> all_bind_details {
|
|||||||
"84 ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89",
|
"84 ?? ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89",
|
||||||
// change memory pages access to r/w/e
|
// change memory pages access to r/w/e
|
||||||
false,
|
false,
|
||||||
// stub_snr_units
|
// stub_snr_units[]
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
"F6 C? 02 89 ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 0F 85",
|
"F6 C? 02 89 ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 0F 85",
|
||||||
@ -312,9 +325,9 @@ static void patch_if_possible(void *ret_addr)
|
|||||||
if (mem) {
|
if (mem) {
|
||||||
anything_found = true;
|
anything_found = true;
|
||||||
|
|
||||||
auto size_until_match = (uint8_t *)mem - (uint8_t *)page_details.BaseAddress;
|
auto size_until_match = mem - (uint8_t *)page_details.BaseAddress;
|
||||||
bool ok = pe_helpers::replace_memory(
|
bool ok = pe_helpers::replace_memory(
|
||||||
(uint8_t *)mem,
|
mem,
|
||||||
page_details.RegionSize - size_until_match,
|
page_details.RegionSize - size_until_match,
|
||||||
snr_unit.replace_patt,
|
snr_unit.replace_patt,
|
||||||
GetCurrentProcess());
|
GetCurrentProcess());
|
||||||
@ -487,18 +500,22 @@ bool stubdrm::patch()
|
|||||||
auto addrOfEntry = exe_addr_base + pe_helpers::get_optional_header((HMODULE)exe_addr_base)->AddressOfEntryPoint;
|
auto addrOfEntry = exe_addr_base + pe_helpers::get_optional_header((HMODULE)exe_addr_base)->AddressOfEntryPoint;
|
||||||
if (addrOfEntry < bind_addr_base || addrOfEntry >= bind_addr_end) return false; // entry addr is not inside .bind
|
if (addrOfEntry < bind_addr_base || addrOfEntry >= bind_addr_end) return false; // entry addr is not inside .bind
|
||||||
|
|
||||||
// find .bind variant
|
// detect .bind variant, search for a known pattern inside the .bind section itself
|
||||||
for (const auto &patt : all_bind_details) {
|
for (const auto &bind_details : all_bind_details) {
|
||||||
|
// multiple variants of .bind sections can share the same details,
|
||||||
|
// hence similar ones are grouped together, their detection patterns are added to the same array
|
||||||
|
for (const auto &bind_detection_patt : bind_details.bind_detection_patts) {
|
||||||
auto mem = pe_helpers::search_memory(
|
auto mem = pe_helpers::search_memory(
|
||||||
bind_addr_base,
|
bind_addr_base,
|
||||||
static_cast<size_t>(bind_addr_end - bind_addr_base),
|
static_cast<size_t>(bind_addr_end - bind_addr_base),
|
||||||
patt.bind_detection_patt);
|
bind_detection_patt);
|
||||||
|
|
||||||
if (mem) {
|
if (mem) {
|
||||||
current_bind_idx = static_cast<size_t>(&patt - &all_bind_details[0]);
|
current_bind_idx = static_cast<size_t>(&bind_details - &all_bind_details[0]);
|
||||||
return redirect_win32_apis();
|
return redirect_win32_apis();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user