diff --git a/vnr/ntinspect/ntinspect.cc b/vnr/ntinspect/ntinspect.cc deleted file mode 100644 index ea44161..0000000 --- a/vnr/ntinspect/ntinspect.cc +++ /dev/null @@ -1,209 +0,0 @@ -// ntinspect.cc -// 4/20/2014 jichi -#include "ntdll/ntdll.h" -#include "ntinspect/ntinspect.h" - -// https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral -EXTERN_C IMAGE_DOS_HEADER __ImageBase; - -//#ifdef _MSC_VER -//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch -//#endif // _MSC_VER - -namespace { // unnamed - -// Replacement of wcscpy_s which is not available on Windows XP's msvcrt -// http://sakuradite.com/topic/247 -errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source) -{ - size_t len = min(bufferSize - 1, wcslen(source)); - buffer[len] = 0; - if (len) - memcpy(buffer, source, len * 2); - return 0; -} -} // unnamed namespace - -NTINSPECT_BEGIN_NAMESPACE - -// https://social.msdn.microsoft.com/Forums/vstudio/en-US/4cb11cd3-8ce0-49d7-9dda-d62e9ae0180b/how-to-get-current-module-handle?forum=vcgeneral -HMODULE getCurrentModuleHandle() { return (HMODULE)&__ImageBase; } - -/** Memory range */ - -BOOL getProcessName(LPWSTR buffer, int bufferSize) -{ - //assert(name); - PLDR_DATA_TABLE_ENTRY it; - __asm - { - mov eax,fs:[0x30] - mov eax,[eax+0xc] - mov eax,[eax+0xc] - mov it,eax - } - // jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll - //return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer); - return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer); -} - -// See: ITH FillRange -BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound) -{ - //assert(lower); - //assert(upper); - PLDR_DATA_TABLE_ENTRY it; - LIST_ENTRY *begin; - __asm - { - mov eax,fs:[0x30] - mov eax,[eax+0xc] - mov eax,[eax+0xc] - mov it,eax - mov begin,eax - } - - while (it->SizeOfImage) { - if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) { - DWORD lower = (DWORD)it->DllBase; - if (lowerBound) - *lowerBound = lower; - - if (upperBound) { - DWORD upper = lower; - MEMORY_BASIC_INFORMATION mbi = {}; - DWORD size = 0; - do { - DWORD len; - // Nt function is needed instead of VirtualQuery, which only works for the current process - ::NtQueryVirtualMemory(GetCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len); - if (mbi.Protect & PAGE_NOACCESS) { - it->SizeOfImage = size; - break; - } - size += mbi.RegionSize; - upper += mbi.RegionSize; - } while (size < it->SizeOfImage); - - *upperBound = upper; - } - return TRUE; - } - it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink; - if (it->InLoadOrderModuleList.Flink == begin) - break; - } - return FALSE; -} - -BOOL getProcessMemoryRange(DWORD *lowerBound, DWORD *upperBound) -{ - WCHAR procName[MAX_PATH]; // cached - *lowerBound = 0; - *upperBound = 0; - return getProcessName(procName, MAX_PATH) - && getModuleMemoryRange(procName, lowerBound, upperBound); -} - -/** Module header */ - -// See: ITH AddAllModules -bool iterModule(const iter_module_fun_t &fun) -{ - // Iterate loaded modules - PPEB ppeb; - __asm { - mov eax, fs:[0x30] - mov ppeb, eax - } - const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList; - for (auto it = (PLDR_DATA_TABLE_ENTRY)start; - it->SizeOfImage && *(DWORD *)it != start; - it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink) - if (!fun((HMODULE)it->DllBase, it->BaseDllName.Buffer)) - return false; - return true; -} - - -// See: ITH AddAllModules -DWORD getExportFunction(LPCSTR funcName) -{ - // Iterate loaded modules - PPEB ppeb; - __asm { - mov eax, fs:[0x30] - mov ppeb, eax - } - const DWORD start = *(DWORD *)&ppeb->Ldr->InLoadOrderModuleList; - for (auto it = (PLDR_DATA_TABLE_ENTRY)start; - it->SizeOfImage && *(DWORD *)it != start; - it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink) { - //if (moduleName && ::wcscmp(moduleName, it->BaseDllName.Buffer)) // BaseDllName.Buffer == moduleName - // continue; - if (DWORD addr = getModuleExportFunction((HMODULE)it->DllBase, funcName)) - return addr; - } - return 0; -} - -// See: ITH AddModule -DWORD getModuleExportFunction(HMODULE hModule, LPCSTR funcName) -{ - if (!hModule) - return 0; - DWORD startAddress = (DWORD)hModule; - IMAGE_DOS_HEADER *DosHdr = (IMAGE_DOS_HEADER *)hModule; - if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { - DWORD dwReadAddr = startAddress + DosHdr->e_lfanew; - IMAGE_NT_HEADERS *NtHdr = (IMAGE_NT_HEADERS *)dwReadAddr; - if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { - DWORD dwExportAddr = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; - if (dwExportAddr == 0) - return 0; - dwExportAddr += startAddress; - IMAGE_EXPORT_DIRECTORY *ExtDir = (IMAGE_EXPORT_DIRECTORY *)dwExportAddr; - dwExportAddr = startAddress + ExtDir->AddressOfNames; - for (UINT uj = 0; uj < ExtDir->NumberOfNames; uj++) { - DWORD dwFuncName = *(DWORD *)dwExportAddr; - LPCSTR pcFuncName = (LPCSTR)(startAddress + dwFuncName); - if (::strcmp(funcName, pcFuncName) == 0) { - char *pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfNameOrdinals+(uj * sizeof(WORD))); - WORD word = *(WORD *)pcFuncPtr; - pcFuncPtr = (char *)(startAddress + (DWORD)ExtDir->AddressOfFunctions+(word * sizeof(DWORD))); - return startAddress + *(DWORD *)pcFuncPtr; // absolute address - } - dwExportAddr += sizeof(DWORD); - } - } - } - return 0; -} - -// See: ITH FindImportEntry -DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress) -{ - if (!hModule) - return 0; - DWORD startAddress = (DWORD)hModule; - IMAGE_DOS_HEADER *DosHdr = (IMAGE_DOS_HEADER *)hModule; - if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { - IMAGE_NT_HEADERS *NtHdr = (IMAGE_NT_HEADERS *)(startAddress + DosHdr->e_lfanew); - if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { - DWORD IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress; - DWORD end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size; - IAT += startAddress; - end += IAT; - for (DWORD pt = IAT; pt < end; pt += 4) { - DWORD addr = *(DWORD *)pt; - if (addr == (DWORD)exportAddress) - return pt; - } - } - } - return 0; -} - -NTINSPECT_END_NAMESPACE - -// EOF diff --git a/vnr/ntinspect/ntinspect.h b/vnr/ntinspect/ntinspect.h deleted file mode 100644 index a4c3d4e..0000000 --- a/vnr/ntinspect/ntinspect.h +++ /dev/null @@ -1,90 +0,0 @@ -#pragma once - -// ntinspect.h -// 4/20/2014 jichi - -#include -#ifndef MEMDBG_NO_STL -# include -#endif // MEMDBG_NO_STL - -#ifndef NTINSPECT_BEGIN_NAMESPACE -# define NTINSPECT_BEGIN_NAMESPACE namespace NtInspect { -#endif -#ifndef NTINSPECT_END_NAMESPACE -# define NTINSPECT_END_NAMESPACE } // NtInspect -#endif - -NTINSPECT_BEGIN_NAMESPACE - -// Get the module handle of the current module (not the current process that is GetModuleHandleA(0)) -HMODULE getCurrentModuleHandle(); - -/// Get current module name in fs:0x30 -BOOL getProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize); - -/** - * Get the memory range of the module if succeed - * @param moduleName - * @param[out[ lowerBound - * @param[out] upperBound - * @return if succeed - */ -BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound); - -/// Get memory of the current process module -BOOL getProcessMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound); - -#ifndef NTINSPECT_NO_STL -/// Iterate module information and return false if abort iteration. -typedef std::function iter_module_fun_t; -#else -typedef bool (* iter_module_fun_t)(HMODULE hModule, LPCWSTR moduleName); -#endif // NTINSPECT_NO_STL - -/** - * Iterate all modules - * @param fun the first parameter is the address of the caller, and the second parameter is the address of the call itself - * @return false if return early, and true if iterate all elements - */ -bool iterModule(const iter_module_fun_t &fun); - -/** - * Return the absolute address of the function imported from the given module - * @param functionName - * @param* hModule find from any module when null - * @return function address or 0 - */ -DWORD getModuleExportFunction(HMODULE hModule, LPCSTR functionName); - -inline DWORD getModuleExportFunctionA(LPCSTR moduleName, LPCSTR functionName) -{ return getModuleExportFunction(::GetModuleHandleA(moduleName), functionName); } - -inline DWORD getModuleExportFunctionW(LPCWSTR moduleName, LPCSTR functionName) -{ return getModuleExportFunction(::GetModuleHandleW(moduleName), functionName); } - -/// Get the function address exported from any module -DWORD getExportFunction(LPCSTR functionName); - -/** - * Get the import address in the specified module - * @param hModule - * @param exportAddress absolute address of the function exported from other modules - * @return function address or 0 - */ -DWORD getModuleImportAddress(HMODULE hModule, DWORD exportAddress); - -inline DWORD getModuleImportAddressA(LPCSTR moduleName, DWORD exportAddress) -{ return getModuleImportAddress(::GetModuleHandleA(moduleName), exportAddress); } - -inline DWORD getModuleImportAddressW(LPCWSTR moduleName, DWORD exportAddress) -{ return getModuleImportAddress(::GetModuleHandleW(moduleName), exportAddress); } - -/// Get the import address in the current executable -inline DWORD getProcessImportAddress(DWORD exportAddress) -{ return getModuleImportAddress(::GetModuleHandleA(nullptr), exportAddress); } - - -NTINSPECT_END_NAMESPACE - -// EOF diff --git a/vnr/vnrhook/CMakeLists.txt b/vnr/vnrhook/CMakeLists.txt index 514571c..9ad980d 100644 --- a/vnr/vnrhook/CMakeLists.txt +++ b/vnr/vnrhook/CMakeLists.txt @@ -47,8 +47,6 @@ set(vnrhook_src ${PROJECT_SOURCE_DIR}/memdbg/memdbg.h ${PROJECT_SOURCE_DIR}/memdbg/memsearch.cc ${PROJECT_SOURCE_DIR}/memdbg/memsearch.h - ${PROJECT_SOURCE_DIR}/ntinspect/ntinspect.cc - ${PROJECT_SOURCE_DIR}/ntinspect/ntinspect.h ${PROJECT_SOURCE_DIR}/mono/monoobject.h ${PROJECT_SOURCE_DIR}/mono/monotype.h ) diff --git a/vnr/vnrhook/src/engine/engine.cc b/vnr/vnrhook/src/engine/engine.cc index 9dbe4ac..20b607d 100644 --- a/vnr/vnrhook/src/engine/engine.cc +++ b/vnr/vnrhook/src/engine/engine.cc @@ -1400,7 +1400,7 @@ bool KiriKiriZHook1(DWORD esp_base, HookParam *) bool InsertKiriKiriZHook1() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:KiriKiriZ1: failed to get memory range"); return false; } @@ -2653,7 +2653,7 @@ void SpecialHookSiglus4(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, DWORD bool InsertSiglus4Hook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Siglus4: failed to get memory range"); return false; } @@ -4114,7 +4114,7 @@ bool InsertMajiroHook() { // jichi 7/12/2014: Change to accurate memory ranges ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Majiro: failed to get memory range"); return false; } @@ -4171,7 +4171,7 @@ bool InsertCMVS1Hook() { // jichi 7/12/2014: Change to accurate memory ranges ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:CMVS1: failed to get memory range"); return false; } @@ -5549,9 +5549,7 @@ bool InsertSystem43Hook() //bool patched = Util::CheckFile(L"AliceRunPatch.dll"); bool patched = ::GetModuleHandleA("AliceRunPatch.dll"); ULONG startAddress, stopAddress; - if (patched ? - !NtInspect::getModuleMemoryRange(L"AliceRunPatch.dll", &startAddress, &stopAddress) : - !NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { + if (!FillRange(process_name_,&startAddress, &stopAddress)) { ConsoleOutput("vnreng:System43: failed to get memory range"); return false; } @@ -6315,7 +6313,7 @@ bool InsertCotophaHook() { // jichi 7/12/2014: Change to accurate memory ranges ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Cotopha: failed to get memory range"); return false; } @@ -6497,7 +6495,7 @@ bool InsertCatSystemHook() // jichi 7/12/2014: Change to accurate memory ranges ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:CatSystem2: failed to get memory range"); return false; } @@ -8270,7 +8268,7 @@ void SpecialHookDebonosuName(DWORD esp_base, HookParam *hp, BYTE, DWORD *data, D bool InsertDebonosuNameHook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Silkys: failed to get memory range"); return false; } @@ -8764,7 +8762,7 @@ void SpecialHookWolf2(DWORD esp_base, HookParam *, BYTE, DWORD *data, DWORD *spl bool InsertWolf2Hook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:WolfRPG2: failed to get memory range"); return false; } @@ -9105,7 +9103,7 @@ namespace { // unnamed static bool InsertWillPlusHook2() // jichi 1/18/2015: Add new hook { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:WillPlus2: failed to get memory range"); return false; } @@ -9740,7 +9738,7 @@ static bool InsertGXP1Hook() static bool InsertGXP2Hook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { + if (!FillRange(process_name_,&startAddress, &stopAddress)) { ConsoleOutput("vnreng:GXP2: failed to get memory range"); return false; } @@ -9941,7 +9939,7 @@ bool InsertNextonHook() }; enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8 ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { + if (!FillRange(process_name_,&startAddress, &stopAddress)) { ConsoleOutput("vnreng:NEXTON: failed to get memory range"); return false; } @@ -10203,7 +10201,7 @@ bool InsertNexton1Hook() // Use accurate stopAddress in case of running out of memory // Since the file pattern for Nexton1 is not accurate. ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { + if (!FillRange(process_name_,&startAddress, &stopAddress)) { ConsoleOutput("vnreng:NEXTON1: failed to get memory range"); return false; } @@ -11843,7 +11841,7 @@ static void SpecialHookSilkys(DWORD esp_base, HookParam *, BYTE, DWORD *data, DW bool InsertSilkysHook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Silkys: failed to get memory range"); return false; } @@ -12321,7 +12319,7 @@ bool InsertSilkysHook() bool InsertEushullyHook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:Eushully: failed to get memory range"); return false; } @@ -15905,7 +15903,7 @@ bool InsertShinyDaysGameHook() bool InsertLovaGameHook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:LOVA: failed to get memory range"); return false; } @@ -16584,7 +16582,7 @@ bool InsertPPSSPPHLEHooks() { ConsoleOutput("vnreng: PPSSPP HLE: enter"); ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng:PPSSPP HLE: failed to get memory range"); return false; } @@ -19218,7 +19216,7 @@ static void SpecialPPSSPPHookOtomate(DWORD esp_base, HookParam *hp, BYTE, DWORD bool InsertOtomatePPSSPPHook() { ULONG startAddress, stopAddress; - if (!NtInspect::getProcessMemoryRange(&startAddress, &stopAddress)) { // need accurate stopAddress + if (!FillRange(process_name_,&startAddress, &stopAddress)) { // need accurate stopAddress ConsoleOutput("vnreng: Otomate PPSSPP: failed to get memory range"); return false; }