mirror of
https://github.com/FunkyFr3sh/cnc-ddraw.git
synced 2025-03-25 01:57:47 +01:00
tweak IAT hooks
This commit is contained in:
FunkyFr3sh
parent
b0ec4851ae
commit
3a6075b928
38
src/hook.c
38
src/hook.c
@ -210,17 +210,15 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks,
|
|||||||
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header + (DWORD)dos_header->e_lfanew);
|
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)hmod + (DWORD)dos_header->e_lfanew);
|
||||||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
|
if (!import_desc_rva)
|
||||||
|
|
||||||
if (import_desc_rva == 0 || import_desc_size == 0)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
|
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)hmod + import_desc_rva);
|
||||||
|
|
||||||
while (import_desc->FirstThunk)
|
while (import_desc->FirstThunk)
|
||||||
{
|
{
|
||||||
@ -232,13 +230,13 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks,
|
|||||||
|
|
||||||
for (int i = 0; hooks[i].module_name[0]; i++)
|
for (int i = 0; hooks[i].module_name[0]; i++)
|
||||||
{
|
{
|
||||||
char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name);
|
char* imp_module_name = (char*)((DWORD)hmod + import_desc->Name);
|
||||||
|
|
||||||
if (_stricmp(imp_module_name, hooks[i].module_name) == 0)
|
if (_stricmp(imp_module_name, hooks[i].module_name) == 0)
|
||||||
{
|
{
|
||||||
HMODULE cur_mod = GetModuleHandleA(hooks[i].module_name);
|
HMODULE cur_mod = GetModuleHandleA(hooks[i].module_name);
|
||||||
|
|
||||||
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)dos_header + import_desc->FirstThunk);
|
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)hmod + import_desc->FirstThunk);
|
||||||
|
|
||||||
while (first_thunk->u1.Function)
|
while (first_thunk->u1.Function)
|
||||||
{
|
{
|
||||||
@ -332,17 +330,15 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc
|
|||||||
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header + (DWORD)dos_header->e_lfanew);
|
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)hmod + (DWORD)dos_header->e_lfanew);
|
||||||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
|
if (!import_desc_rva)
|
||||||
|
|
||||||
if (import_desc_rva == 0 || import_desc_size == 0)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
|
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)hmod + import_desc_rva);
|
||||||
|
|
||||||
while (import_desc->FirstThunk)
|
while (import_desc->FirstThunk)
|
||||||
{
|
{
|
||||||
@ -354,12 +350,12 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc
|
|||||||
|
|
||||||
for (int i = 0; hooks[i].module_name[0]; i++)
|
for (int i = 0; hooks[i].module_name[0]; i++)
|
||||||
{
|
{
|
||||||
char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name);
|
char* imp_module_name = (char*)((DWORD)hmod + import_desc->Name);
|
||||||
|
|
||||||
if (_stricmp(imp_module_name, hooks[i].module_name) == 0)
|
if (_stricmp(imp_module_name, hooks[i].module_name) == 0)
|
||||||
{
|
{
|
||||||
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)dos_header + import_desc->FirstThunk);
|
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)hmod + import_desc->FirstThunk);
|
||||||
PIMAGE_THUNK_DATA o_first_thunk = (void*)((DWORD)dos_header + import_desc->OriginalFirstThunk);
|
PIMAGE_THUNK_DATA o_first_thunk = (void*)((DWORD)hmod + import_desc->OriginalFirstThunk);
|
||||||
|
|
||||||
while (first_thunk->u1.Function)
|
while (first_thunk->u1.Function)
|
||||||
{
|
{
|
||||||
@ -450,27 +446,25 @@ BOOL hook_got_ddraw_import(HMODULE mod, BOOL check_imported_dlls)
|
|||||||
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header + (DWORD)dos_header->e_lfanew);
|
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)mod + (DWORD)dos_header->e_lfanew);
|
||||||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
|
if (!import_desc_rva)
|
||||||
|
|
||||||
if (import_desc_rva == 0 || import_desc_size == 0)
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
|
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)mod + import_desc_rva);
|
||||||
|
|
||||||
while (import_desc->FirstThunk)
|
while (import_desc->FirstThunk)
|
||||||
{
|
{
|
||||||
if (import_desc->Name)
|
if (import_desc->Name)
|
||||||
{
|
{
|
||||||
char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name);
|
char* imp_module_name = (char*)((DWORD)mod + import_desc->Name);
|
||||||
|
|
||||||
if (_stricmp(imp_module_name, "ddraw.dll") == 0)
|
if (_stricmp(imp_module_name, "ddraw.dll") == 0)
|
||||||
{
|
{
|
||||||
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)dos_header + import_desc->FirstThunk);
|
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)mod + import_desc->FirstThunk);
|
||||||
|
|
||||||
if (first_thunk->u1.Function)
|
if (first_thunk->u1.Function)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|||||||
16
src/utils.c
16
src/utils.c
@ -117,17 +117,15 @@ FARPROC util_get_iat_proc(HMODULE mod, char* module_name, char* function_name)
|
|||||||
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)dos_header + (DWORD)dos_header->e_lfanew);
|
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD)mod + (DWORD)dos_header->e_lfanew);
|
||||||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
DWORD import_desc_rva = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
DWORD import_desc_size = nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size;
|
if (!import_desc_rva)
|
||||||
|
|
||||||
if (import_desc_rva == 0 || import_desc_size == 0)
|
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)dos_header + import_desc_rva);
|
PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)mod + import_desc_rva);
|
||||||
|
|
||||||
while (import_desc->FirstThunk)
|
while (import_desc->FirstThunk)
|
||||||
{
|
{
|
||||||
@ -137,12 +135,12 @@ FARPROC util_get_iat_proc(HMODULE mod, char* module_name, char* function_name)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
char* imp_module_name = (char*)((DWORD)dos_header + import_desc->Name);
|
char* imp_module_name = (char*)((DWORD)mod + import_desc->Name);
|
||||||
|
|
||||||
if (_stricmp(imp_module_name, module_name) == 0)
|
if (_stricmp(imp_module_name, module_name) == 0)
|
||||||
{
|
{
|
||||||
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)dos_header + import_desc->FirstThunk);
|
PIMAGE_THUNK_DATA first_thunk = (void*)((DWORD)mod + import_desc->FirstThunk);
|
||||||
PIMAGE_THUNK_DATA o_first_thunk = (void*)((DWORD)dos_header + import_desc->OriginalFirstThunk);
|
PIMAGE_THUNK_DATA o_first_thunk = (void*)((DWORD)mod + import_desc->OriginalFirstThunk);
|
||||||
|
|
||||||
while (first_thunk->u1.Function)
|
while (first_thunk->u1.Function)
|
||||||
{
|
{
|
||||||
@ -153,7 +151,7 @@ FARPROC util_get_iat_proc(HMODULE mod, char* module_name, char* function_name)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
PIMAGE_IMPORT_BY_NAME import = (void*)((DWORD)dos_header + o_first_thunk->u1.AddressOfData);
|
PIMAGE_IMPORT_BY_NAME import = (void*)((DWORD)mod + o_first_thunk->u1.AddressOfData);
|
||||||
|
|
||||||
if ((o_first_thunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) == 0)
|
if ((o_first_thunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) == 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user