chenx221/Textractor_test
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove fillRange

Browse Source
This commit is contained in:
Akash Mozumdar 2018-07-01 02:08:51 -04:00
parent 9bc95191ff
commit 1a2672604a
7 changed files with 263 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
vnr/ithsys/ithsys.cc
View File

@ -34,43 +34,6 @@ BYTE LeadByteTable[0x100] = {
// - API functions -
extern "C" {
int FillRange(LPCWSTR name, DWORD *lower, DWORD *upper)
{
PLDR_DATA_TABLE_ENTRY it;
LIST_ENTRY *begin;
__asm
{
mov eax,fs:[0x30]
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov it,eax
mov begin,eax
}
while (it->SizeOfImage) {
if (::_wcsicmp(it->BaseDllName.Buffer, name) == 0) {
*lower = *upper = (DWORD)it->DllBase;
MEMORY_BASIC_INFORMATION info = {};
DWORD l,size;
size = 0;
do {
NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)(*upper), MemoryBasicInformation, &info, sizeof(info), &l);
if (info.Protect&PAGE_NOACCESS) {
it->SizeOfImage=size;
break;
}
size += info.RegionSize;
*upper += info.RegionSize;
} while (size < it->SizeOfImage);
return 1;
}
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
if (it->InLoadOrderModuleList.Flink == begin)
break;
}
return 0;
}
DWORD SearchPattern(DWORD base, DWORD base_length, LPCVOID search, DWORD search_length) // KMP
{
__asm

1
vnr/ithsys/ithsys.h
View File

@ -11,7 +11,6 @@
// jichi 8/24/2013: Why extern "C"? Any specific reason to use C instead of C++ naming?
extern "C" {
int FillRange(LPCWSTR name,DWORD *lower, DWORD *upper);
// jichi 10/1/2013: Return 0 if failed. So, it is ambiguous if the search pattern starts at 0
DWORD SearchPattern(DWORD base, DWORD base_length, LPCVOID search, DWORD search_length); // KMP

566
vnr/vnrhook/src/engine/engine.cc
View File

File diff suppressed because it is too large Load Diff

8
vnr/vnrhook/src/engine/engine.h
View File

@ -8,13 +8,13 @@
struct HookParam; // defined in ith types.h
extern DWORD processStartAddress, processStopAddress;
namespace Engine {
// Global variables
extern wchar_t *process_name_, // cached
process_path_[MAX_PATH]; // cached
extern DWORD process_base,
process_limit;
extern wchar_t *processName, // cached
processPath[MAX_PATH]; // cached
//extern LPVOID trigger_addr;
typedef bool (* trigger_fun_t)(LPVOID addr, DWORD frame, DWORD stack);

57
vnr/vnrhook/src/engine/match.cc
View File

@ -24,8 +24,8 @@ enum { MAX_REL_ADDR = 0x200000 }; // jichi 8/18/2013: maximum relative address
namespace Engine {
WCHAR *process_name_, // cached
process_path_[MAX_PATH]; // cached
WCHAR *processName, // cached
processPath[MAX_PATH]; // cached
DWORD process_base,
process_limit;
@ -419,7 +419,7 @@ bool DetermineEngineByFile4()
bool DetermineEngineByProcessName()
{
WCHAR str[MAX_PATH];
wcscpy(str, process_name_);
wcscpy(str, processName);
_wcslwr(str); // lower case
if (wcsstr(str,L"reallive") || Util::CheckFile(L"Reallive.exe") || Util::CheckFile(L"REALLIVEDATA\\Start.ini")) {
@ -478,7 +478,7 @@ bool DetermineEngineByProcessName()
// return true;
//}
if (wcsstr(process_name_, L"SAISYS") || Util::CheckFile(L"SaiSys.exe")) { // jichi 4/19/2014: Marine Heart
if (wcsstr(processName, L"SAISYS") || Util::CheckFile(L"SaiSys.exe")) { // jichi 4/19/2014: Marine Heart
InsertMarineHeartHook();
return true;
}
@ -766,16 +766,16 @@ bool DetermineNoEngine()
return true;
}
if (wcsstr(process_name_, L"lcsebody") || !wcsncmp(process_name_, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")) { // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA
if (wcsstr(processName, L"lcsebody") || !wcsncmp(processName, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")) { // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA
ConsoleOutput("vnreng: IGNORE lcsebody");
return true;
}
wchar_t str[MAX_PATH];
DWORD i;
for (i = 0; process_name_[i]; i++) {
str[i] = process_name_[i];
if (process_name_[i] == L'.')
for (i = 0; processName[i]; i++) {
str[i] = processName[i];
if (processName[i] == L'.')
break;
}
*(DWORD *)(str + i + 1) = 0x630068; //.hcb
@ -791,15 +791,15 @@ bool DetermineNoEngine()
EXCEPTION_DISPOSITION ExceptHandler(PEXCEPTION_RECORD ExceptionRecord, LPVOID, PCONTEXT, LPVOID)
{
if (ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION) {
process_limit = ExceptionRecord->ExceptionInformation[1];
processStopAddress = ExceptionRecord->ExceptionInformation[1];
//OutputDWORD(process_limit);
__asm
{
mov eax,fs:[0x30] // jichi 12/13/2013: get PEB
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov ecx,process_limit
sub ecx,process_base
mov ecx,processStopAddress
sub ecx,processStartAddress
mov [eax+0x20],ecx
}
}
@ -884,22 +884,10 @@ bool DetermineEngineType()
HANDLE hijackThread;
DWORD WINAPI hijackThreadProc(LPVOID unused)
{
//CC_UNUSED(lpThreadParameter);
//static bool done = false;
//if (done)
// return;
//done = true;
// jichi 12/18/2013: Though FillRange could raise, it should never raise for he current process
// So, SEH is not used here.
// Initialize shared process name and path
wchar_t* p = GetModuleFileNameW(nullptr, process_path_, MAX_PATH) + process_path_;
while (*(--p) != L'\\');
process_name_ = p + 1;
GetModuleFileNameW(nullptr, processPath, MAX_PATH);
processName = wcsrchr(processPath, L'\\') + 1;
FillRange(process_name_, &process_base, &process_limit);
DetermineEngineType();
return 0;
}
@ -929,22 +917,3 @@ void Engine::terminate()
}
// EOF
/*
extern "C" {
// http://gmogre3d.googlecode.com/svn-history/r815/trunk/OgreMain/src/WIN32/OgreMinGWSupport.cpp
// http://forum.osdev.org/viewtopic.php?f=8&t=22352
//#pragma data_seg()
//#pragma comment(linker, "/merge:.CRT=.data") // works fine in visual c++ 6
//#pragma data_seg()
//#pragma comment(linker, "/merge:.CRT=.rdata")
// MSVC libs use _chkstk for stack-probing. MinGW equivalent is _alloca.
//void _alloca();
//void _chkstk() { _alloca(); }
// MSVC uses security cookies to prevent some buffer overflow attacks.
// provide dummy implementations.
//void _fastcall __security_check_cookie(intptr_t i) {}
void __declspec(naked) __fastcall __security_check_cookie(UINT_PTR cookie) {}
}
*/

8
vnr/vnrhook/src/hijack/texthook.h
View File

@ -29,14 +29,6 @@ extern DWORD trigger;
extern DWORD processStartAddress,
processStopAddress;
struct FunctionInfo {
DWORD addr;
DWORD module;
DWORD size;
LPWSTR name;
};
extern std::unordered_map<std::string, FunctionInfo> functionInfoByName;
void InitFilterTable();
// jichi 9/25/2013: This class will be used by NtMapViewOfSectionfor

6
vnr/vnrhook/src/main.cc
View File

@ -9,6 +9,7 @@
#endif // _MSC_VER
#include "src/main.h"
#include "src/engine/engine.h"
#include "src/engine/match.h"
#include "src/hijack/texthook.h"
#include "src/util/growl.h"
@ -85,6 +86,11 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
::processStartAddress = (DWORD)GetModuleHandleW(nullptr);
// Artikash 7/1/2018: No idea how the everliving fuck this works, but it finds the process stop address.
PROCESS_BASIC_INFORMATION info;
NtQueryInformationProcess(GetCurrentProcess(), ProcessBasicInformation, &info, sizeof(PROCESS_BASIC_INFORMATION), 0);
::processStopAddress = ::processStartAddress + ((LDR_DATA_TABLE_ENTRY*)&info.PebBaseAddress->Ldr->InLoadOrderModuleList.Flink->Flink)->SizeOfImage;
{
wchar_t hm_mutex[0x100];
swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", GetCurrentProcessId());