backup/cnc-ddraw
1
0
Fork 0
mirror of https://github.com/FunkyFr3sh/cnc-ddraw.git synced 2025-03-24 17:49:52 +01:00
Code Issues Projects Releases Activity

tweak IAT hooker checks

Browse Source
This commit is contained in:
FunkyFr3sh 2023-11-01 12:16:22 +01:00
parent f3cafda373
commit 275e68137b
1 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/hook.c
View File

@ -181,12 +181,14 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks,
if (nt_headers->Signature != IMAGE_NT_SIGNATURE) if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
return; return;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
(DWORD)(nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress)); DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
if (import_desc == (PIMAGE_IMPORT_DESCRIPTOR)nt_headers) if (import_desc_rva == 0 || import_desc_size == 0)
return; return;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
while (import_desc->FirstThunk) while (import_desc->FirstThunk)
{ {
if (!import_desc->Name) if (!import_desc->Name)
@ -301,12 +303,14 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc
if (nt_headers->Signature != IMAGE_NT_SIGNATURE) if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
return; return;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
(DWORD)(nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress)); DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
if (import_desc == (PIMAGE_IMPORT_DESCRIPTOR)nt_headers) if (import_desc_rva == 0 || import_desc_size == 0)
return; return;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
while (import_desc->FirstThunk) while (import_desc->FirstThunk)
{ {
if (!import_desc->OriginalFirstThunk || !import_desc->Name) if (!import_desc->OriginalFirstThunk || !import_desc->Name)
@ -416,25 +420,24 @@ BOOL hook_got_ddraw_import()
if (nt_headers->Signature != IMAGE_NT_SIGNATURE) if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
return FALSE; return FALSE;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
(DWORD)(nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress)); DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
if (import_desc == (PIMAGE_IMPORT_DESCRIPTOR)nt_headers) if (import_desc_rva == 0 || import_desc_size == 0)
return FALSE; return FALSE;
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
while (import_desc->FirstThunk) while (import_desc->FirstThunk)
{ {
if (!import_desc->Name) if (import_desc->Name)
{ {
import_desc++; char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name);
continue;
}
char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name); if (_stricmp(imp_module_name, "ddraw.dll") == 0)
{
if (_stricmp(imp_module_name, "ddraw.dll") == 0) return TRUE;
{ }
return TRUE;
} }
import_desc++; import_desc++;