From b7764ad8605177b48d2e93f6c588556daa8ac989 Mon Sep 17 00:00:00 2001 From: Akash Mozumdar Date: Thu, 14 Jun 2018 11:51:09 -0400 Subject: [PATCH] remove ntdll from util.h --- vnr/vnrhook/src/engine/engine.h | 2 +- vnr/vnrhook/src/engine/match.cc | 9 +++++--- vnr/vnrhook/src/hijack/texthook.cc | 11 +++++---- vnr/vnrhook/src/main.cc | 19 ---------------- vnr/vnrhook/src/util/util.h | 36 +----------------------------- 5 files changed, 13 insertions(+), 64 deletions(-) diff --git a/vnr/vnrhook/src/engine/engine.h b/vnr/vnrhook/src/engine/engine.h index 4e16193..d60095c 100644 --- a/vnr/vnrhook/src/engine/engine.h +++ b/vnr/vnrhook/src/engine/engine.h @@ -11,7 +11,7 @@ struct HookParam; // defined in ith types.h namespace Engine { // Global variables -extern wchar_t process_name_[MAX_PATH], // cached +extern wchar_t *process_name_, // cached process_path_[MAX_PATH]; // cached extern DWORD module_base_, module_limit_; diff --git a/vnr/vnrhook/src/engine/match.cc b/vnr/vnrhook/src/engine/match.cc index c058298..274e517 100644 --- a/vnr/vnrhook/src/engine/match.cc +++ b/vnr/vnrhook/src/engine/match.cc @@ -24,7 +24,7 @@ enum { MAX_REL_ADDR = 0x200000 }; // jichi 8/18/2013: maximum relative address namespace Engine { -WCHAR process_name_[MAX_PATH], // cached +WCHAR *process_name_, // cached process_path_[MAX_PATH]; // cached DWORD module_base_, @@ -896,8 +896,11 @@ DWORD WINAPI hijackThreadProc(LPVOID unused) // jichi 12/18/2013: Though FillRange could raise, it should never raise for he current process // So, SEH is not used here. - Util::GetProcessName(process_name_); // Initialize shared process name - Util::GetProcessPath(process_path_); // Initialize shared process path + + // Initialize shared process name and path + wchar_t* p = GetModuleFileNameW(nullptr, process_path_, MAX_PATH) + process_path_; + while (*(--p) != L'\\'); + process_name_ = p + 1; FillRange(process_name_, &module_base_, &module_limit_); DetermineEngineType(); diff --git a/vnr/vnrhook/src/hijack/texthook.cc b/vnr/vnrhook/src/hijack/texthook.cc index aa9d168..9f546eb 100644 --- a/vnr/vnrhook/src/hijack/texthook.cc +++ b/vnr/vnrhook/src/hijack/texthook.cc @@ -488,7 +488,6 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn) if (dwCount) { IO_STATUS_BLOCK ios = {}; - IthCoolDown(); // jichi 9/28/2013: cool down to prevent parallelization in wine //CliLockPipe(); WriteFile(::hookPipe, pbData, dwCount + HEADER_SIZE, nullptr, nullptr); //CliUnlockPipe(); @@ -505,7 +504,7 @@ int TextHook::InsertHook() //ConsoleOutput("vnrcli:InsertHook: enter"); WaitForSingleObject(hmMutex, 0); int ok = InsertHookCode(); - IthReleaseMutex(hmMutex); + ReleaseMutex(hmMutex); if (hp.type & HOOK_ADDITIONAL) { NotifyHookInsert(hp.address); //ConsoleOutput(hook_name); @@ -688,7 +687,7 @@ int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, currentHook++; if (current_available >= this) for (current_available = this + 1; current_available->Address(); current_available++); - IthReleaseMutex(hmMutex); + ReleaseMutex(hmMutex); return this - hookman; } @@ -704,7 +703,7 @@ int TextHook::InitHook(const HookParam &h, LPCSTR name, WORD set_flag) current_available = this+1; while (current_available->Address()) current_available++; - IthReleaseMutex(hmMutex); + ReleaseMutex(hmMutex); return 1; } @@ -724,7 +723,7 @@ int TextHook::RemoveHook() } ITH_EXCEPT {} //}); hp.hook_len = 0; - IthReleaseMutex(hmMutex); + ReleaseMutex(hmMutex); ConsoleOutput("vnrcli:RemoveHook: leave"); return yes; } @@ -741,7 +740,7 @@ int TextHook::ClearHook() //if (current_available>this) // current_available = this; currentHook--; - IthReleaseMutex(hmMutex); + ReleaseMutex(hmMutex); return err; } diff --git a/vnr/vnrhook/src/main.cc b/vnr/vnrhook/src/main.cc index d0f3d17..aaa0a0b 100644 --- a/vnr/vnrhook/src/main.cc +++ b/vnr/vnrhook/src/main.cc @@ -32,24 +32,6 @@ DWORD processStartAddress, processStopAddress; -namespace { // unnamed -wchar_t processName[MAX_PATH]; - -inline void GetProcessName(wchar_t *name) -{ - //assert(name); - PLDR_DATA_TABLE_ENTRY it; - __asm - { - mov eax,fs:[0x30] - mov eax,[eax+0xc] - mov eax,[eax+0xc] - mov it,eax - } - wcscpy(name, it->BaseDllName.Buffer); -} -} // unmaed namespace - enum { HOOK_BUFFER_SIZE = MAX_HOOK * sizeof(TextHook) }; //#define MAX_HOOK (HOOK_BUFFER_SIZE/sizeof(TextHook)) DWORD hook_buff_len = HOOK_BUFFER_SIZE; @@ -164,7 +146,6 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused) hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section); ::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2); - GetProcessName(::processName); ::processStartAddress = (DWORD)GetModuleHandleW(nullptr); { diff --git a/vnr/vnrhook/src/util/util.h b/vnr/vnrhook/src/util/util.h index 7b712d2..45d0d0c 100644 --- a/vnr/vnrhook/src/util/util.h +++ b/vnr/vnrhook/src/util/util.h @@ -3,7 +3,7 @@ // util.h // 8/23/2013 jichi -#include "ntdll/ntdll.h" +#include namespace Util { @@ -24,40 +24,6 @@ DWORD FindModuleBase(DWORD hash); bool SearchResourceString(LPCWSTR str); -/** - * @param name process name without path deliminator - */ -inline void GetProcessName(wchar_t *name) -{ - //assert(name); - PLDR_DATA_TABLE_ENTRY it; - __asm - { - mov eax,fs:[0x30] - mov eax,[eax+0xc] - mov eax,[eax+0xc] - mov it,eax - } - ::wcscpy(name, it->BaseDllName.Buffer); -} - -/** - * @param path with process name and directy name - */ -inline void GetProcessPath(wchar_t *path) -{ - //assert(path); - PLDR_DATA_TABLE_ENTRY it; - __asm - { - mov eax,fs:[0x30] - mov eax,[eax+0xc] - mov eax,[eax+0xc] - mov it,eax - } - ::wcscpy(path, it->FullDllName.Buffer); -} - /** * @return HANDLE module handle */