From cbeffa867f5d364e4c74c3afacc93a31f7ef4b4a Mon Sep 17 00:00:00 2001 From: FunkyFr3sh Date: Thu, 5 Oct 2023 01:47:43 +0200 Subject: [PATCH] avoid exceptions with obfuscated binaries in debug build --- src/hook.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/hook.c b/src/hook.c index 4aa653d..6ae412a 100644 --- a/src/hook.c +++ b/src/hook.c @@ -323,6 +323,23 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc if (!is_local && (hooks[i].data[x].flags & HOOK_LOCAL_ONLY)) continue; + /* avoid exceptions with obfuscated binaries in debug build */ +#if defined(_DEBUG) + MEMORY_BASIC_INFORMATION mbi = { 0 }; + if (VirtualQuery((void*)import->Name, & mbi, sizeof(mbi))) + { + DWORD mask = (PAGE_READONLY | PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY); + BOOL b = !(mbi.Protect & mask); + // check the page is not a guard page + if (mbi.Protect & (PAGE_GUARD | PAGE_NOACCESS)) b = TRUE; + + if (b) + continue; + } + else + continue; +#endif + if (_stricmp((const char*)import->Name, hooks[i].data[x].function_name) == 0) { DWORD op;