From cbeffa867f5d364e4c74c3afacc93a31f7ef4b4a Mon Sep 17 00:00:00 2001
From: FunkyFr3sh <cc.red.alert.1@googlemail.com>
Date: Thu, 5 Oct 2023 01:47:43 +0200
Subject: [PATCH] avoid exceptions with obfuscated binaries in debug build

---
 src/hook.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/hook.c b/src/hook.c
index 4aa653d..6ae412a 100644
--- a/src/hook.c
+++ b/src/hook.c
@@ -323,6 +323,23 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc
                                 if (!is_local && (hooks[i].data[x].flags & HOOK_LOCAL_ONLY))
                                     continue;
 
+                                /* avoid exceptions with obfuscated binaries in debug build */
+#if defined(_DEBUG)
+                                MEMORY_BASIC_INFORMATION mbi = { 0 };
+                                if (VirtualQuery((void*)import->Name, & mbi, sizeof(mbi)))
+                                {
+                                    DWORD mask = (PAGE_READONLY | PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY);
+                                    BOOL b = !(mbi.Protect & mask);
+                                    // check the page is not a guard page
+                                    if (mbi.Protect & (PAGE_GUARD | PAGE_NOACCESS)) b = TRUE;
+
+                                    if (b)
+                                        continue;
+                                }
+                                else
+                                    continue;
+#endif
+
                                 if (_stricmp((const char*)import->Name, hooks[i].data[x].function_name) == 0)
                                 {
                                     DWORD op;