refactor insertion_address (and i think fix a bug with deref offset in r codes)
This commit is contained in:
parent
c22a30400a
commit
6bef925920
@ -34,7 +34,7 @@ namespace
|
|||||||
LOCK(viewMutex);
|
LOCK(viewMutex);
|
||||||
auto hooks = (const TextHook*)view;
|
auto hooks = (const TextHook*)view;
|
||||||
for (int i = 0; i < MAX_HOOK; ++i)
|
for (int i = 0; i < MAX_HOOK; ++i)
|
||||||
if (hooks[i].hp.insertion_address == addr) return hooks[i];
|
if (hooks[i].address == addr) return hooks[i];
|
||||||
return {};
|
return {};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -49,8 +49,7 @@ struct HookParam
|
|||||||
typedef bool(*filter_fun_t)(LPVOID str, DWORD *len, HookParam *hp, BYTE index); // jichi 10/24/2014: Add filter function. Return true if skip the text
|
typedef bool(*filter_fun_t)(LPVOID str, DWORD *len, HookParam *hp, BYTE index); // jichi 10/24/2014: Add filter function. Return true if skip the text
|
||||||
typedef bool(*hook_fun_t)(DWORD esp, HookParam *hp); // jichi 10/24/2014: Add generic hook function, return false if stop execution.
|
typedef bool(*hook_fun_t)(DWORD esp, HookParam *hp); // jichi 10/24/2014: Add generic hook function, return false if stop execution.
|
||||||
|
|
||||||
uint64_t insertion_address; // absolute address
|
uint64_t address; // absolute or relative address
|
||||||
uint64_t address; // absolute or relative address (not changed by TextHook)
|
|
||||||
int offset, // offset of the data in the memory
|
int offset, // offset of the data in the memory
|
||||||
index, // deref_offset1
|
index, // deref_offset1
|
||||||
split, // offset of the split character
|
split, // offset of the split character
|
||||||
|
@ -80,7 +80,7 @@ DWORD WINAPI Pipe(LPVOID)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
hookPipe = INVALID_HANDLE_VALUE;
|
hookPipe = INVALID_HANDLE_VALUE;
|
||||||
for (int i = 0; i < MAX_HOOK; ++i) if (hooks[i].hp.insertion_address) hooks[i].Clear();
|
for (int i = 0; i < MAX_HOOK; ++i) if (hooks[i].address) hooks[i].Clear();
|
||||||
FreeLibraryAndExitThread(GetModuleHandleW(ITH_DLL), 0);
|
FreeLibraryAndExitThread(GetModuleHandleW(ITH_DLL), 0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -154,7 +154,7 @@ void NewHook(HookParam hp, LPCSTR lpname, DWORD flag)
|
|||||||
void RemoveHook(uint64_t addr, int maxOffset)
|
void RemoveHook(uint64_t addr, int maxOffset)
|
||||||
{
|
{
|
||||||
for (int i = 0; i < MAX_HOOK; i++)
|
for (int i = 0; i < MAX_HOOK; i++)
|
||||||
if (abs((long long)(hooks[i].hp.insertion_address - addr)) <= maxOffset) return hooks[i].Clear();
|
if (abs((long long)(hooks[i].address - addr)) <= maxOffset) return hooks[i].Clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
// EOF
|
// EOF
|
@ -99,7 +99,7 @@ bool TextHook::Insert(HookParam h, DWORD set_flag)
|
|||||||
{
|
{
|
||||||
LOCK(*viewMutex);
|
LOCK(*viewMutex);
|
||||||
hp = h;
|
hp = h;
|
||||||
hp.insertion_address = hp.address;
|
address = hp.address;
|
||||||
hp.type |= set_flag;
|
hp.type |= set_flag;
|
||||||
if (hp.type & USING_UTF8) hp.codepage = CP_UTF8;
|
if (hp.type & USING_UTF8) hp.codepage = CP_UTF8;
|
||||||
if (hp.type & DIRECT_READ) return InsertReadCode();
|
if (hp.type & DIRECT_READ) return InsertReadCode();
|
||||||
@ -124,7 +124,7 @@ void TextHook::Send(DWORD dwDataBase)
|
|||||||
BYTE pbData[PIPE_BUFFER_SIZE];
|
BYTE pbData[PIPE_BUFFER_SIZE];
|
||||||
DWORD dwType = hp.type;
|
DWORD dwType = hp.type;
|
||||||
|
|
||||||
dwAddr = hp.insertion_address;
|
dwAddr = address;
|
||||||
dwRetn = *(DWORD*)dwDataBase; // first value on stack (if hooked start of function, this is return address)
|
dwRetn = *(DWORD*)dwDataBase; // first value on stack (if hooked start of function, this is return address)
|
||||||
|
|
||||||
if (trigger)
|
if (trigger)
|
||||||
@ -182,17 +182,17 @@ bool TextHook::InsertHookCode()
|
|||||||
// Artikash 10/30/2018: No, I think that's impossible now that I moved to minhook
|
// Artikash 10/30/2018: No, I think that's impossible now that I moved to minhook
|
||||||
if (hp.type & MODULE_OFFSET) // Map hook offset to real address
|
if (hp.type & MODULE_OFFSET) // Map hook offset to real address
|
||||||
if (hp.type & FUNCTION_OFFSET)
|
if (hp.type & FUNCTION_OFFSET)
|
||||||
if (FARPROC function = GetProcAddress(GetModuleHandleW(hp.module), hp.function)) hp.insertion_address += (uint64_t)function;
|
if (FARPROC function = GetProcAddress(GetModuleHandleW(hp.module), hp.function)) address += (uint64_t)function;
|
||||||
else return ConsoleOutput(FUNC_MISSING), false;
|
else return ConsoleOutput(FUNC_MISSING), false;
|
||||||
else if (HMODULE moduleBase = GetModuleHandleW(hp.module)) hp.insertion_address += (uint64_t)moduleBase;
|
else if (HMODULE moduleBase = GetModuleHandleW(hp.module)) address += (uint64_t)moduleBase;
|
||||||
else return ConsoleOutput(MODULE_MISSING), false;
|
else return ConsoleOutput(MODULE_MISSING), false;
|
||||||
|
|
||||||
void* original;
|
void* original;
|
||||||
insert:
|
insert:
|
||||||
if (MH_STATUS err = MH_CreateHook((void*)hp.insertion_address, (void*)trampoline, &original))
|
if (MH_STATUS err = MH_CreateHook(location, trampoline, &original))
|
||||||
if (err == MH_ERROR_ALREADY_CREATED)
|
if (err == MH_ERROR_ALREADY_CREATED)
|
||||||
{
|
{
|
||||||
RemoveHook(hp.insertion_address);
|
RemoveHook(address);
|
||||||
goto insert; // FIXME: i'm too lazy to do this properly right now...
|
goto insert; // FIXME: i'm too lazy to do this properly right now...
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -217,23 +217,22 @@ insert:
|
|||||||
memcpy(trampoline + sizeof(common_hook) - 8, &original, sizeof(void*));
|
memcpy(trampoline + sizeof(common_hook) - 8, &original, sizeof(void*));
|
||||||
#endif // _WIN64
|
#endif // _WIN64
|
||||||
|
|
||||||
return MH_EnableHook((void*)hp.insertion_address) == MH_OK;
|
return MH_EnableHook(location) == MH_OK;
|
||||||
}
|
}
|
||||||
#endif // _WIN32
|
#endif // _WIN32
|
||||||
|
|
||||||
DWORD WINAPI TextHook::Reader(LPVOID hookPtr)
|
DWORD WINAPI TextHook::Reader(LPVOID hookPtr)
|
||||||
{
|
{
|
||||||
TextHook* hook = (TextHook*)hookPtr;
|
TextHook* This = (TextHook*)hookPtr;
|
||||||
BYTE buffer[PIPE_BUFFER_SIZE] = {};
|
BYTE buffer[PIPE_BUFFER_SIZE] = {};
|
||||||
unsigned int changeCount = 0;
|
int changeCount = 0, dataLen = 0;
|
||||||
int dataLen = 0;
|
|
||||||
__try
|
__try
|
||||||
{
|
{
|
||||||
const void* currentAddress = (void*)hook->hp.insertion_address;
|
uint64_t currentAddress = This->address;
|
||||||
while (WaitForSingleObject(hook->readerEvent, 500) == WAIT_TIMEOUT)
|
while (WaitForSingleObject(This->readerEvent, 500) == WAIT_TIMEOUT)
|
||||||
{
|
{
|
||||||
if (hook->hp.type & DATA_INDIRECT) currentAddress = *((char**)hook->hp.insertion_address + hook->hp.index);
|
if (This->hp.type & DATA_INDIRECT) currentAddress = *(uint64_t*)This->address + This->hp.index;
|
||||||
if (memcmp(buffer, currentAddress, dataLen + 1) == 0)
|
if (memcmp(buffer, (void*)currentAddress, dataLen + 1) == 0)
|
||||||
{
|
{
|
||||||
changeCount = 0;
|
changeCount = 0;
|
||||||
continue;
|
continue;
|
||||||
@ -241,23 +240,21 @@ DWORD WINAPI TextHook::Reader(LPVOID hookPtr)
|
|||||||
if (++changeCount > 10)
|
if (++changeCount > 10)
|
||||||
{
|
{
|
||||||
ConsoleOutput(GARBAGE_MEMORY);
|
ConsoleOutput(GARBAGE_MEMORY);
|
||||||
hook->Clear();
|
This->Clear();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hook->hp.type & USING_UNICODE)
|
if (This->hp.type & USING_UNICODE) dataLen = wcslen((wchar_t*)currentAddress) * 2;
|
||||||
dataLen = wcslen((const wchar_t*)currentAddress) * 2;
|
else dataLen = strlen((char*)currentAddress);
|
||||||
else
|
|
||||||
dataLen = strlen((const char*)currentAddress);
|
|
||||||
|
|
||||||
memcpy(buffer, currentAddress, dataLen + 1);
|
memcpy(buffer, (void*)currentAddress, dataLen + 1);
|
||||||
TextOutput({ GetCurrentProcessId(), hook->hp.insertion_address, 0, 0 }, buffer, dataLen);
|
TextOutput({ GetCurrentProcessId(), This->address, 0, 0 }, buffer, dataLen);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__except (EXCEPTION_EXECUTE_HANDLER)
|
__except (EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
ConsoleOutput("Textractor: Reader ERROR (likely an incorrect R-code)");
|
ConsoleOutput("Textractor: Reader ERROR (likely an incorrect R-code)");
|
||||||
hook->Clear();
|
This->Clear();
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -271,8 +268,8 @@ bool TextHook::InsertReadCode()
|
|||||||
|
|
||||||
void TextHook::RemoveHookCode()
|
void TextHook::RemoveHookCode()
|
||||||
{
|
{
|
||||||
MH_DisableHook((void*)hp.insertion_address);
|
MH_DisableHook(location);
|
||||||
MH_RemoveHook((void*)hp.insertion_address);
|
MH_RemoveHook(location);
|
||||||
}
|
}
|
||||||
|
|
||||||
void TextHook::RemoveReadCode()
|
void TextHook::RemoveReadCode()
|
||||||
@ -289,7 +286,7 @@ void TextHook::Clear()
|
|||||||
ConsoleOutput(REMOVING_HOOK, hp.name);
|
ConsoleOutput(REMOVING_HOOK, hp.name);
|
||||||
if (hp.type & DIRECT_READ) RemoveReadCode();
|
if (hp.type & DIRECT_READ) RemoveReadCode();
|
||||||
else RemoveHookCode();
|
else RemoveHookCode();
|
||||||
NotifyHookRemove(hp.insertion_address);
|
NotifyHookRemove(address);
|
||||||
memset(this, 0, sizeof(TextHook)); // jichi 11/30/2013: This is the original code of ITH
|
memset(this, 0, sizeof(TextHook)); // jichi 11/30/2013: This is the original code of ITH
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,6 +19,11 @@ class TextHook
|
|||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
HookParam hp;
|
HookParam hp;
|
||||||
|
union
|
||||||
|
{
|
||||||
|
uint64_t address;
|
||||||
|
void* location;
|
||||||
|
}; // Absolute address
|
||||||
|
|
||||||
bool Insert(HookParam hp, DWORD set_flag);
|
bool Insert(HookParam hp, DWORD set_flag);
|
||||||
void Clear();
|
void Clear();
|
||||||
|
Loading…
Reference in New Issue
Block a user