small refactors

This commit is contained in:
Akash Mozumdar 2018-10-28 02:35:19 -04:00
parent 6bc8143980
commit dddbc00694
3 changed files with 35 additions and 35 deletions

View File

@ -209,7 +209,7 @@ namespace Host
void DetachProcess(DWORD processId) void DetachProcess(DWORD processId)
{ {
int command = HOST_COMMAND_DETACH; auto command = HOST_COMMAND_DETACH;
WriteFile(processRecordsByIds[processId].hostPipe, &command, sizeof(command), DUMMY, nullptr); WriteFile(processRecordsByIds[processId].hostPipe, &command, sizeof(command), DUMMY, nullptr);
} }
@ -258,7 +258,7 @@ namespace Host
ReadProcessMemory(pr.processHandle, hooks[i].hook_name, buffer.data(), hooks[i].name_length, nullptr); ReadProcessMemory(pr.processHandle, hooks[i].hook_name, buffer.data(), hooks[i].name_length, nullptr);
} }
ReleaseMutex(pr.sectionMutex); ReleaseMutex(pr.sectionMutex);
return StringToWideString(buffer.c_str(), CP_UTF8); return StringToWideString(buffer, CP_UTF8);
} }
TextThread* GetThread(ThreadParam tp) TextThread* GetThread(ThreadParam tp)

View File

@ -2,6 +2,5 @@
#include "common.h" #include "common.h"
#include <QString> #include <QString>
#include <QStringList>
#include <QVector> #include <QVector>
#include <QRegularExpression> #include <QRegularExpression>

View File

@ -25,10 +25,30 @@ DWORD SigMask(DWORD sig)
return 0xffffffff >> (count << 3); return 0xffffffff >> (count << 3);
} }
uint64_t SafeSearchMemory(uint64_t startAddr, uint64_t endAddr, const BYTE* bytes, short length)
{
__try
{
for (int i = 0; i < endAddr - startAddr - length; ++i)
for (int j = 0; j <= length; ++j)
if (j == length) return startAddr + i; // not sure about this algorithm...
else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != 0x11) break; // 0x11 = wildcard
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
ConsoleOutput("Textractor: SearchMemory ERROR (Textractor will likely still work fine, but please let Artikash know if this happens a lot!)");
return 0;
}
return 0;
}
} // namespace unnamed } // namespace unnamed
namespace Util
{
// jichi 8/24/2013: binary search? // jichi 8/24/2013: binary search?
DWORD Util::GetCodeRange(DWORD hModule,DWORD *low, DWORD *high) DWORD GetCodeRange(DWORD hModule,DWORD *low, DWORD *high)
{ {
IMAGE_DOS_HEADER *DosHdr; IMAGE_DOS_HEADER *DosHdr;
IMAGE_NT_HEADERS *NtHdr; IMAGE_NT_HEADERS *NtHdr;
@ -49,7 +69,7 @@ DWORD Util::GetCodeRange(DWORD hModule,DWORD *low, DWORD *high)
return 0; return 0;
} }
DWORD Util::FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig) DWORD FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig)
{ {
//WCHAR str[0x40]; //WCHAR str[0x40];
enum { reverse_length = 0x800 }; enum { reverse_length = 0x800 };
@ -91,7 +111,7 @@ DWORD Util::FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig)
return 0; return 0;
} }
DWORD Util::FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp) DWORD FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp)
{ {
BYTE sig = (jmp) ? 0xe9 : 0xe8; BYTE sig = (jmp) ? 0xe9 : 0xe8;
for (DWORD i = 0x1000; i < size - 4; i++) for (DWORD i = 0x1000; i < size - 4; i++)
@ -106,7 +126,7 @@ DWORD Util::FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp)
return 0; return 0;
} }
DWORD Util::FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp) DWORD FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp)
{ {
WORD sig = jmp ? 0x25ff : 0x15ff; WORD sig = jmp ? 0x25ff : 0x15ff;
for (DWORD i = 0x1000; i < size - 4; i++) for (DWORD i = 0x1000; i < size - 4; i++)
@ -122,7 +142,7 @@ DWORD Util::FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp)
return 0; return 0;
} }
DWORD Util::FindCallBoth(DWORD fun, DWORD size, DWORD pt) DWORD FindCallBoth(DWORD fun, DWORD size, DWORD pt)
{ {
for (DWORD i = 0x1000; i < size - 4; i++) { for (DWORD i = 0x1000; i < size - 4; i++) {
if (*(BYTE *)(pt + i) == 0xe8) { if (*(BYTE *)(pt + i) == 0xe8) {
@ -143,7 +163,7 @@ DWORD Util::FindCallBoth(DWORD fun, DWORD size, DWORD pt)
return 0; return 0;
} }
DWORD Util::FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig) DWORD FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig)
{ {
//WCHAR str[0x40]; //WCHAR str[0x40];
enum { reverse_length = 0x800 }; enum { reverse_length = 0x800 };
@ -168,7 +188,7 @@ DWORD Util::FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig)
return 0; return 0;
} }
DWORD Util::FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig) DWORD FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig)
{ {
//WCHAR str[0x40]; //WCHAR str[0x40];
enum { reverse_length = 0x800 }; enum { reverse_length = 0x800 };
@ -184,7 +204,7 @@ DWORD Util::FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig)
return 0; return 0;
} }
bool Util::CheckFile(LPCWSTR name) bool CheckFile(LPCWSTR name)
{ {
WIN32_FIND_DATAW unused; WIN32_FIND_DATAW unused;
HANDLE file = FindFirstFileW(name, &unused); HANDLE file = FindFirstFileW(name, &unused);
@ -206,7 +226,7 @@ bool Util::CheckFile(LPCWSTR name)
return false; return false;
} }
DWORD Util::FindEntryAligned(DWORD start, DWORD back_range) DWORD FindEntryAligned(DWORD start, DWORD back_range)
{ {
start &= ~0xf; start &= ~0xf;
for (DWORD i = start, j = start - back_range; i > j; i-=0x10) { for (DWORD i = start, j = start - back_range; i > j; i-=0x10) {
@ -236,7 +256,7 @@ DWORD Util::FindEntryAligned(DWORD start, DWORD back_range)
return 0; return 0;
} }
DWORD Util::FindImportEntry(DWORD hModule, DWORD fun) DWORD FindImportEntry(DWORD hModule, DWORD fun)
{ {
IMAGE_DOS_HEADER *DosHdr; IMAGE_DOS_HEADER *DosHdr;
IMAGE_NT_HEADERS *NtHdr; IMAGE_NT_HEADERS *NtHdr;
@ -260,7 +280,7 @@ DWORD Util::FindImportEntry(DWORD hModule, DWORD fun)
} }
// Search string in rsrc section. This section usually contains version and copyright info. // Search string in rsrc section. This section usually contains version and copyright info.
bool Util::SearchResourceString(LPCWSTR str) bool SearchResourceString(LPCWSTR str)
{ {
DWORD hModule = (DWORD)GetModuleHandleW(nullptr); DWORD hModule = (DWORD)GetModuleHandleW(nullptr);
IMAGE_DOS_HEADER *DosHdr; IMAGE_DOS_HEADER *DosHdr;
@ -283,27 +303,7 @@ bool Util::SearchResourceString(LPCWSTR str)
return false; return false;
} }
namespace std::vector<uint64_t> SearchMemory(const BYTE* bytes, short length, DWORD protect)
{
uint64_t SafeSearchMemory(uint64_t startAddr, uint64_t endAddr, const BYTE* bytes, short length)
{
__try
{
for (int i = 0; i < endAddr - startAddr - length; ++i)
for (int j = 0; j <= length; ++j)
if (j == length) return startAddr + i; // not sure about this algorithm...
else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != 0x11) break; // 0x11 = wildcard
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
ConsoleOutput("Textractor: SearchMemory ERROR (Textractor will likely still work fine, but please let Artikash know if this happens a lot!)");
return 0;
}
return 0;
}
}
std::vector<uint64_t> Util::SearchMemory(const BYTE* bytes, short length, DWORD protect)
{ {
std::vector<std::pair<uint64_t, uint64_t>> validMemory; std::vector<std::pair<uint64_t, uint64_t>> validMemory;
for (BYTE* probe = NULL; (uint64_t)probe < 0x80000000;) // end of user memory space for (BYTE* probe = NULL; (uint64_t)probe < 0x80000000;) // end of user memory space
@ -330,5 +330,6 @@ std::vector<uint64_t> Util::SearchMemory(const BYTE* bytes, short length, DWORD
return ret; return ret;
} }
}
// EOF // EOF