From ecc56d4cbc2d958005c012f202704f89f58d073f Mon Sep 17 00:00:00 2001 From: FunkyFr3sh Date: Fri, 20 Oct 2023 10:19:46 +0200 Subject: [PATCH] add some more error checks to IAT hooker --- inc/utils.h | 1 + src/hook.c | 42 ++++++++++++++---------------------------- src/utils.c | 25 +++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 28 deletions(-) diff --git a/inc/utils.h b/inc/utils.h index fdb6b7f..4eee8a6 100644 --- a/inc/utils.h +++ b/inc/utils.h @@ -5,6 +5,7 @@ #include +BOOL util_is_bad_read_ptr(void* p); BOOL util_is_minimized(HWND hwnd); BOOL util_is_avx_supported(); void util_limit_game_ticks(); diff --git a/src/hook.c b/src/hook.c index 224e411..ba2ad7e 100644 --- a/src/hook.c +++ b/src/hook.c @@ -188,20 +188,23 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, while (import_desc->FirstThunk) { + if (!import_desc->Name) + { + import_desc++; + continue; + } + for (int i = 0; hooks[i].module_name[0]; i++) { char* imp_module_name = (char*)((DWORD)dos_header + (DWORD)(import_desc->Name)); if (_stricmp(imp_module_name, hooks[i].module_name) == 0) { - HMODULE cur_mod = GetModuleHandle(hooks[i].module_name); + HMODULE cur_mod = GetModuleHandleA(hooks[i].module_name); PIMAGE_THUNK_DATA first_thunk = (PIMAGE_THUNK_DATA)((DWORD)dos_header + (DWORD)import_desc->FirstThunk); - PIMAGE_THUNK_DATA original_first_thunk = - (PIMAGE_THUNK_DATA)((DWORD)dos_header + (DWORD)import_desc->OriginalFirstThunk); - while (first_thunk->u1.Function) { for (int x = 0; hooks[i].data[x].function_name[0]; x++) @@ -260,7 +263,6 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, } first_thunk++; - original_first_thunk++; } } } @@ -298,6 +300,12 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc while (import_desc->FirstThunk) { + if (!import_desc->OriginalFirstThunk || !import_desc->Name) + { + import_desc++; + continue; + } + for (int i = 0; hooks[i].module_name[0]; i++) { char* imp_module_name = (char*)((DWORD)dos_header + (DWORD)(import_desc->Name)); @@ -325,30 +333,8 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc if (!is_local && (hooks[i].data[x].flags & HOOK_LOCAL_ONLY)) continue; - /* avoid exceptions with obfuscated binaries in debug build */ -#if defined(_DEBUG) || defined(__GNUC__) - MEMORY_BASIC_INFORMATION mbi = { 0 }; - if (VirtualQuery((void*)import->Name, &mbi, sizeof(mbi))) - { - DWORD mask = ( - PAGE_READONLY | - PAGE_READWRITE | - PAGE_WRITECOPY | - PAGE_EXECUTE_READ | - PAGE_EXECUTE_READWRITE | - PAGE_EXECUTE_WRITECOPY); - - BOOL b = !(mbi.Protect & mask); - - if (mbi.Protect & (PAGE_GUARD | PAGE_NOACCESS)) - b = TRUE; - - if (b) - continue; - } - else + if (util_is_bad_read_ptr((void*)import->Name)) continue; -#endif if (_stricmp((const char*)import->Name, hooks[i].data[x].function_name) == 0) { diff --git a/src/utils.c b/src/utils.c index bddc06b..446d342 100644 --- a/src/utils.c +++ b/src/utils.c @@ -11,6 +11,31 @@ #include "config.h" +BOOL util_is_bad_read_ptr(void* p) +{ + MEMORY_BASIC_INFORMATION mbi = { 0 }; + if (VirtualQuery(p, &mbi, sizeof(mbi))) + { + DWORD mask = ( + PAGE_READONLY | + PAGE_READWRITE | + PAGE_WRITECOPY | + PAGE_EXECUTE_READ | + PAGE_EXECUTE_READWRITE | + PAGE_EXECUTE_WRITECOPY); + + BOOL b = !(mbi.Protect & mask); + + if (mbi.Protect & (PAGE_GUARD | PAGE_NOACCESS)) + b = TRUE; + + if (!b) + return b; + } + + return TRUE; +} + BOOL util_is_minimized(HWND hwnd) { RECT rc = { 0 };