start migrating off ntdll

This commit is contained in:
Akash Mozumdar 2018-06-13 16:24:52 -04:00
parent c5d847f310
commit c393d29115
8 changed files with 44 additions and 65 deletions

View File

@ -331,7 +331,7 @@ public:
if (NT_SUCCESS(NtReadVirtualMemory(hProc, (PVOID)addr, buffer, 8, &len)))
if (::memcmp(buffer, normal_routine, 4) == 0)
flag = 1;
NtClose(hProc);
CloseHandle(hProc);
}
if (flag == 0) {
for (j = i; j < count; j++)
@ -885,7 +885,7 @@ BOOL IthInitSystemService()
if (!NT_SUCCESS(NtCreateSection(&codepage_section, SECTION_MAP_READ,
&oa,0, PAGE_READONLY, SEC_COMMIT, codepage_file)))
return FALSE;
NtClose(codepage_file);
CloseHandle(codepage_file);
size = 0;
::page = nullptr;
if (!NT_SUCCESS(NtMapViewOfSection(::codepage_section, NtCurrentProcess(),
@ -917,13 +917,13 @@ void IthCloseSystemService()
{
if (::page_locale != 0x3a4) {
NtUnmapViewOfSection(NtCurrentProcess(), ::page);
NtClose(::codepage_section);
CloseHandle(::codepage_section);
}
if (ITH_ENABLE_THREADMAN) {
NtUnmapViewOfSection(NtCurrentProcess(), ::thread_man_);
NtClose(::thread_man_section);
CloseHandle(::thread_man_section);
}
NtClose(::root_obj);
CloseHandle(::root_obj);
#ifdef ITH_HAS_HEAP
RtlDestroyHeap(::hHeap);
#endif // ITH_HAS_HEAP
@ -974,7 +974,7 @@ BOOL IthCheckFile(LPCWSTR file)
OBJECT_ATTRIBUTES oa = { sizeof(oa), dir_obj, &us, 0, 0, 0};
// jichi 9/22/2013: Following code does not work in Wine
if (NT_SUCCESS(NtCreateFile(&hFile, FILE_READ_DATA, &oa, &isb, 0, 0, FILE_SHARE_READ, FILE_OPEN, 0, 0, 0))) {
NtClose(hFile);
CloseHandle(hFile);
return TRUE;
}
}
@ -1009,7 +1009,7 @@ BOOL IthFindFile(LPCWSTR file)
else
RtlInitUnicodeString(&us, file);
status = NtQueryDirectoryFile(h,0,0,0,&ios,info,0x400,FileBothDirectoryInformation,TRUE,&us,TRUE);
NtClose(h);
CloseHandle(h);
return NT_SUCCESS(status);
}
return FALSE;
@ -1037,7 +1037,7 @@ BOOL IthGetFileInfo(LPCWSTR file, LPVOID info, DWORD size)
RtlInitUnicodeString(&us,file);
status = NtQueryDirectoryFile(h,0,0,0,&ios,info,size,FileBothDirectoryInformation,0,&us,0);
status = NT_SUCCESS(status);
NtClose(h);
CloseHandle(h);
} else
status = FALSE;
return status;
@ -1052,7 +1052,7 @@ BOOL IthCheckFileFullPath(LPCWSTR file)
HANDLE hFile;
IO_STATUS_BLOCK isb;
if (NT_SUCCESS(NtCreateFile(&hFile,FILE_READ_DATA,&oa,&isb,0,0,FILE_SHARE_READ,FILE_OPEN,0,0,0))) {
NtClose(hFile);
CloseHandle(hFile);
return TRUE;
} else
return FALSE;

View File

@ -108,9 +108,9 @@ HookManager::~HookManager()
//LARGE_INTEGER timeout={-1000*1000,-1};
//IthBreak();
//NtWaitForSingleObject(destroy_event, 0, 0);
//NtClose(destroy_event);
//NtClose(cmd_pipes[0]);
//NtClose(recv_threads[0]);
//CloseHandle(destroy_event);
//CloseHandle(cmd_pipes[0]);
//CloseHandle(recv_threads[0]);
//delete thread_table;
//delete head.key;
//DeleteCriticalSection(&hmcs);
@ -197,10 +197,10 @@ void HookManager::RegisterProcess(DWORD pid, HANDLE hostPipe)
ProcessRecord* record = processRecordsByIds[pid] = new ProcessRecord;
record->hostPipe = hostPipe;
record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (std::wstring(ITH_SECTION_) + std::to_wstring(pid)).c_str());
record->hookman_section = OpenFileMappingW(FILE_MAP_READ, FALSE, (ITH_SECTION_ + std::to_wstring(pid)).c_str());
record->hookman_map = MapViewOfFile(record->hookman_section, FILE_MAP_READ, 0, 0, HOOK_SECTION_SIZE / 2); // jichi 1/16/2015: Changed to half to hook section size
record->process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (std::wstring(ITH_HOOKMAN_MUTEX_) + std::to_wstring(pid)).c_str());
record->hookman_mutex = OpenMutexW(MUTEX_ALL_ACCESS, FALSE, (ITH_HOOKMAN_MUTEX_ + std::to_wstring(pid)).c_str());
//if (NT_SUCCESS(NtOpenProcess(&hProc,
// PROCESS_QUERY_INFORMATION|
// PROCESS_CREATE_THREAD|
@ -226,18 +226,18 @@ void HookManager::UnRegisterProcess(DWORD pid)
CloseHandle(pr.process_handle);
CloseHandle(pr.hookman_section);
processRecordsByIds.erase(pid);
//NtClose(text_pipes[i]);
//NtClose(cmd_pipes[i]);
//NtClose(recv_threads[i]);
//NtClose(record[i].hookman_mutex);
//CloseHandle(text_pipes[i]);
//CloseHandle(cmd_pipes[i]);
//CloseHandle(recv_threads[i]);
//CloseHandle(record[i].hookman_mutex);
////if (::ith_has_section)
//NtUnmapViewOfSection(NtCurrentProcess(), record[i].hookman_map);
////else
//// delete[] record[i].hookman_map;
//NtClose(record[i].process_handle);
//NtClose(record[i].hookman_section);
//CloseHandle(record[i].process_handle);
//CloseHandle(record[i].hookman_section);
//for (; i < MAX_REGISTER; i++) {
// record[i] = record[i+1];

View File

@ -248,4 +248,6 @@ enum {
, IHF_FILTER_CAPACITY = IHF_FILTER_COUNT + 1 // one more than the dll count
};
#define TIMEOUT 5000 // 5 seconds
// EOF

View File

@ -5796,7 +5796,7 @@ int GetShinaRioVersion()
enum { BufferSize = 0x40 };
char buffer[BufferSize];
NtReadFile(hFile, 0, 0, 0, &ios, buffer, BufferSize, 0, 0);
NtClose(hFile);
CloseHandle(hFile);
if (buffer[0] == '[') {
buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow
if (char *version = ::strstr(buffer, "v2."))
@ -8191,7 +8191,7 @@ bool IsPensilSetup()
NtAllocateVirtualMemory(NtCurrentProcess(), &buffer, 0,
&info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0);
NtClose(hFile);
CloseHandle(hFile);
BYTE *b = (BYTE *)buffer;
DWORD len = info.EndOfFile.LowPart & ~1;
if (len == info.AllocationSize.LowPart)

View File

@ -921,9 +921,8 @@ void Engine::hijack()
void Engine::terminate()
{
if (hijackThread) {
const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
NtWaitForSingleObject(hijackThread, 0, (PLARGE_INTEGER)&timeout);
NtClose(hijackThread);
WaitForSingleObject(hijackThread, TIMEOUT);
CloseHandle(hijackThread);
hijackThread = 0;
}
}

View File

@ -490,10 +490,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn)
IthCoolDown(); // jichi 9/28/2013: cool down to prevent parallelization in wine
//CliLockPipe();
if (STATUS_PENDING == NtWriteFile(::hookPipe, 0, 0, 0, &ios, pbData, dwCount + HEADER_SIZE, 0, 0)) {
NtWaitForSingleObject(::hookPipe, 0, 0);
NtFlushBuffersFile(::hookPipe, &ios);
}
WriteFile(::hookPipe, pbData, dwCount + HEADER_SIZE, nullptr, nullptr);
//CliUnlockPipe();
}
if (pbData != pbSmallBuff)
@ -506,7 +503,7 @@ DWORD TextHook::UnsafeSend(DWORD dwDataBase, DWORD dwRetn)
int TextHook::InsertHook()
{
//ConsoleOutput("vnrcli:InsertHook: enter");
NtWaitForSingleObject(hmMutex, 0, 0);
WaitForSingleObject(hmMutex, 0);
int ok = InsertHookCode();
IthReleaseMutex(hmMutex);
if (hp.type & HOOK_ADDITIONAL) {
@ -678,7 +675,7 @@ int TextHook::UnsafeInsertHookCode()
int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind,
DWORD split_off, DWORD split_ind, WORD type, DWORD len_off)
{
NtWaitForSingleObject(hmMutex, 0, 0);
WaitForSingleObject(hmMutex, 0);
hp.address = (DWORD)addr;
hp.offset = data;
hp.index = data_ind;
@ -697,7 +694,7 @@ int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind,
int TextHook::InitHook(const HookParam &h, LPCSTR name, WORD set_flag)
{
NtWaitForSingleObject(hmMutex, 0, 0);
WaitForSingleObject(hmMutex, 0);
hp = h;
hp.type |= set_flag;
if (name && name != hook_name) {
@ -717,8 +714,7 @@ int TextHook::RemoveHook()
if (!hp.address)
return no;
ConsoleOutput("vnrcli:RemoveHook: enter");
const LONGLONG timeout = -50000000; // jichi 9/28/2012: in 100ns, wait at most for 5 seconds
NtWaitForSingleObject(hmMutex, 0, (PLARGE_INTEGER)&timeout);
WaitForSingleObject(hmMutex, TIMEOUT); // jichi 9/28/2012: wait at most for 5 seconds
DWORD l = hp.hook_len;
//with_seh({ // jichi 9/17/2013: might crash ><
// jichi 12/25/2013: Actually, __try cannot catch such kind of exception
@ -735,7 +731,7 @@ int TextHook::RemoveHook()
int TextHook::ClearHook()
{
NtWaitForSingleObject(hmMutex, 0, 0);
WaitForSingleObject(hmMutex, 0);
int err = RemoveHook();
if (hook_name) {
delete[] hook_name;

View File

@ -155,33 +155,18 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
DisableThreadLibraryCalls(hModule);
//if (!IthInitSystemService()) {
// GROWL_WARN(L"Initialization failed.\nAre you running game on a network drive?");
// return FALSE;
//}
// No longer checking if SystemService fails, which could happen on non-Japanese OS
IthInitSystemService();
swprintf(hm_section, ITH_SECTION_ L"%d", current_process_id);
// jichi 9/25/2013: Interprocedural communication with vnrsrv.
hSection = IthCreateSection(hm_section, HOOK_SECTION_SIZE, PAGE_EXECUTE_READWRITE);
::hookman = nullptr;
NtMapViewOfSection(hSection, NtCurrentProcess(),
(LPVOID *)&::hookman, 0, hook_buff_len, 0, &hook_buff_len, ViewUnmap, 0,
PAGE_EXECUTE_READWRITE);
//PAGE_EXECUTE_READWRITE);
hSection = CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr, PAGE_EXECUTE_READWRITE, 0, HOOK_SECTION_SIZE, hm_section);
::hookman = (TextHook*)MapViewOfFile(hSection, FILE_MAP_ALL_ACCESS, 0, 0, HOOK_SECTION_SIZE / 2);
GetProcessName(::processName);
FillRange(::processName, &::processStartAddress, &::processStopAddress);
//NtInspect::getProcessMemoryRange(&::processStartAddress, &::processStopAddress);
//if (!::hookman) {
// ith_has_section = false;
// ::hookman = new TextHook[MAX_HOOK];
// memset(::hookman, 0, MAX_HOOK * sizeof(TextHook));
//}
{
wchar_t hm_mutex[0x100];
swprintf(hm_mutex, ITH_HOOKMAN_MUTEX_ L"%d", current_process_id);
@ -216,13 +201,11 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
::running = false;
::live = false;
const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
Engine::terminate();
if (pipeThread) {
NtWaitForSingleObject(pipeThread, 0, (PLARGE_INTEGER)&timeout);
NtClose(pipeThread);
WaitForSingleObject(pipeThread, TIMEOUT);
CloseHandle(pipeThread);
}
for (TextHook *man = ::hookman; man->RemoveHook(); man++);
@ -233,15 +216,14 @@ BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID unused)
for (TextHook *man = ::hookman; man < ::hookman + MAX_HOOK; man++)
man->ClearHook();
//if (ith_has_section)
NtUnmapViewOfSection(NtCurrentProcess(), ::hookman);
//else
// delete[] ::hookman;
NtClose(hSection);
NtClose(hMutex);
UnmapViewOfFile(::hookman);
CloseHandle(hSection);
CloseHandle(hMutex);
IthCloseSystemService();
delete ::tree;
IthCloseSystemService();
NtClose(hmMutex);
CloseHandle(hmMutex);
//} ITH_EXCEPT {}
} break;
}

View File

@ -312,7 +312,7 @@ bool Util::unloadCurrentModule()
if (HANDLE h = ::IthCreateThread(fun, (DWORD)&__ImageBase)) {
//const LONGLONG timeout = -50000000; // in nanoseconds = 5 seconds
//NtWaitForSingleObject(h, 0, (PLARGE_INTEGER)&timeout);
NtClose(h);
CloseHandle(h);
return true;
}