fix stack overflow

This commit is contained in:
Akash Mozumdar 2020-03-23 19:37:11 -06:00
parent 402b685820
commit af2ba72f39
4 changed files with 13 additions and 16 deletions

View File

@ -300,7 +300,7 @@ void PcHooks::hookOtherPcFunctions()
if (HMODULE module = GetModuleHandleW(L"OLEAUT32.dll")) if (HMODULE module = GetModuleHandleW(L"OLEAUT32.dll"))
{ {
NEW_MODULE_HOOK(module, SysAllocString, s_arg1, 0, 0, 0, USING_UNICODE|USING_STRING, 0) NEW_MODULE_HOOK(module, SysAllocString, s_arg1, 0, 0, 0, USING_UNICODE|USING_STRING, 0)
NEW_MODULE_HOOK(module, SysAllocStringLen, s_arg1, 0, 0, 0, USING_UNICODE|USING_STRING, s_arg2 / arg_sz) NEW_MODULE_HOOK(module, SysAllocStringLen, s_arg1, 0, 0, 0, USING_UNICODE|USING_STRING|KNOWN_UNSTABLE, s_arg2 / arg_sz)
} }
} }

View File

@ -86,13 +86,10 @@ DWORD WINAPI Pipe(LPVOID)
FreeLibraryAndExitThread(GetModuleHandleW(ITH_DLL), 0); FreeLibraryAndExitThread(GetModuleHandleW(ITH_DLL), 0);
} }
void TextOutput(ThreadParam tp, BYTE* text, int len) void TextOutput(ThreadParam tp, BYTE (*buffer)[PIPE_BUFFER_SIZE], int len)
{ {
if (len < 0) return; if (len < 0 || len > PIPE_BUFFER_SIZE - sizeof(tp)) ConsoleOutput("Textractor: something went very wrong (invalid length %d at hook address %I64d)", len, tp.addr);
if (len > PIPE_BUFFER_SIZE - sizeof(tp)) len = PIPE_BUFFER_SIZE - sizeof(tp);
BYTE buffer[PIPE_BUFFER_SIZE] = {};
*(ThreadParam*)buffer = tp; *(ThreadParam*)buffer = tp;
memcpy(buffer + sizeof(tp), text, len);
WriteFile(hookPipe, buffer, sizeof(tp) + len, DUMMY, nullptr); WriteFile(hookPipe, buffer, sizeof(tp) + len, DUMMY, nullptr);
} }

View File

@ -7,7 +7,7 @@
#include "common.h" #include "common.h"
#include "types.h" #include "types.h"
void TextOutput(ThreadParam tp, BYTE* text, int len); void TextOutput(ThreadParam tp, BYTE (*buffer)[PIPE_BUFFER_SIZE], int len);
void ConsoleOutput(LPCSTR text, ...); void ConsoleOutput(LPCSTR text, ...);
void NotifyHookFound(HookParam hp, wchar_t* text); void NotifyHookFound(HookParam hp, wchar_t* text);
void NotifyHookRemove(uint64_t addr, LPCSTR name); void NotifyHookRemove(uint64_t addr, LPCSTR name);

View File

@ -92,6 +92,7 @@ namespace { // unnamed
int this_offset = 50, send_offset = 60, original_offset = 126; int this_offset = 50, send_offset = 60, original_offset = 126;
#endif #endif
thread_local BYTE buffer[PIPE_BUFFER_SIZE];
enum { TEXT_BUFFER_SIZE = PIPE_BUFFER_SIZE - sizeof(ThreadParam) }; enum { TEXT_BUFFER_SIZE = PIPE_BUFFER_SIZE - sizeof(ThreadParam) };
} // unnamed namespace } // unnamed namespace
@ -114,6 +115,7 @@ bool TextHook::Insert(HookParam hp, DWORD set_flag)
// - dwDataBase: the stack address // - dwDataBase: the stack address
void TextHook::Send(uintptr_t dwDataBase) void TextHook::Send(uintptr_t dwDataBase)
{ {
BYTE(*buffer)[PIPE_BUFFER_SIZE] = &::buffer, *pbData = *buffer + sizeof(ThreadParam);
_InterlockedIncrement(&useCount); _InterlockedIncrement(&useCount);
__try __try
{ {
@ -145,9 +147,8 @@ void TextHook::Send(uintptr_t dwDataBase)
dwCount = GetLength(dwDataBase, dwDataIn); dwCount = GetLength(dwDataBase, dwDataIn);
} }
if (dwCount == 0) goto done; if (dwCount <= 0) goto done;
if (dwCount > TEXT_BUFFER_SIZE) dwCount = TEXT_BUFFER_SIZE; if (dwCount > TEXT_BUFFER_SIZE) dwCount = TEXT_BUFFER_SIZE;
BYTE pbData[TEXT_BUFFER_SIZE];
if (hp.length_offset == 1) { if (hp.length_offset == 1) {
dwDataIn &= 0xffff; dwDataIn &= 0xffff;
if ((hp.type & BIG_ENDIAN) && (dwDataIn >> 8)) dwDataIn = _byteswap_ushort(dwDataIn & 0xffff); if ((hp.type & BIG_ENDIAN) && (dwDataIn >> 8)) dwDataIn = _byteswap_ushort(dwDataIn & 0xffff);
@ -160,7 +161,7 @@ void TextHook::Send(uintptr_t dwDataBase)
if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) dwRetn = 0; if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) dwRetn = 0;
TextOutput({ GetCurrentProcessId(), address, dwRetn, dwSplit }, pbData, dwCount); TextOutput({ GetCurrentProcessId(), address, dwRetn, dwSplit }, buffer, dwCount);
#else // _WIN32 #else // _WIN32
if (hp.type & HOOK_EMPTY) goto done; // jichi 10/24/2014: dummy hook only for dynamic hook if (hp.type & HOOK_EMPTY) goto done; // jichi 10/24/2014: dummy hook only for dynamic hook
int count = 0; int count = 0;
@ -176,9 +177,8 @@ void TextHook::Send(uintptr_t dwDataBase)
data += hp.padding; data += hp.padding;
count = GetLength(dwDataBase, data); count = GetLength(dwDataBase, data);
if (count == 0) goto done; if (count <= 0) goto done;
if (count > TEXT_BUFFER_SIZE) count = TEXT_BUFFER_SIZE; if (count > TEXT_BUFFER_SIZE) count = TEXT_BUFFER_SIZE;
BYTE pbData[TEXT_BUFFER_SIZE];
if (hp.length_offset == 1) if (hp.length_offset == 1)
{ {
data &= 0xffff; data &= 0xffff;
@ -190,7 +190,7 @@ void TextHook::Send(uintptr_t dwDataBase)
if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) tp.ctx = 0; if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) tp.ctx = 0;
TextOutput(tp, pbData, count); TextOutput(tp, buffer, count);
#endif // _WIN64 #endif // _WIN64
} }
__except (EXCEPTION_EXECUTE_HANDLER) __except (EXCEPTION_EXECUTE_HANDLER)
@ -232,14 +232,14 @@ bool TextHook::InsertHookCode()
void TextHook::Read() void TextHook::Read()
{ {
BYTE buffer[TEXT_BUFFER_SIZE] = {};
int dataLen = 1; int dataLen = 1;
BYTE(*buffer)[PIPE_BUFFER_SIZE] = &::buffer, *pbData = *buffer + sizeof(ThreadParam);
__try __try
{ {
while (WaitForSingleObject(readerEvent, 500) == WAIT_TIMEOUT) if (memcmp(buffer, location, dataLen) != 0) if (int currentLen = HookStrlen((BYTE*)location)) while (WaitForSingleObject(readerEvent, 500) == WAIT_TIMEOUT) if (memcmp(pbData, location, dataLen) != 0) if (int currentLen = HookStrlen((BYTE*)location))
{ {
dataLen = min(currentLen, TEXT_BUFFER_SIZE); dataLen = min(currentLen, TEXT_BUFFER_SIZE);
memcpy(buffer, location, dataLen); memcpy(pbData, location, dataLen);
TextOutput({ GetCurrentProcessId(), address, 0, 0 }, buffer, dataLen); TextOutput({ GetCurrentProcessId(), address, 0, 0 }, buffer, dataLen);
} }
} }