From 4be523d25308e65b72915d8da491cbb708aa8a83 Mon Sep 17 00:00:00 2001 From: Bush2021 <79072750+Bush2021@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:59:14 -0400 Subject: [PATCH] refactor: replace `InstallJMP` with detours to support ARM64 https://github.com/Bush2021/chrome_plus/commit/37ede4d2b5740ac7a1b72b88ffaf7f6290e7d19e --- src/hijack.h | 53 +++++++++------------------------------------------- 1 file changed, 9 insertions(+), 44 deletions(-) diff --git a/src/hijack.h b/src/hijack.h index fb7cd21..6d40e63 100644 --- a/src/hijack.h +++ b/src/hijack.h @@ -92,48 +92,13 @@ EXPORT(VerQueryValueW) } // namespace hijack #pragma endregion -#pragma region Restore the export function -bool WriteMemory(PBYTE BaseAddress, PBYTE Buffer, DWORD nSize) { - DWORD ProtectFlag = 0; - if (VirtualProtectEx(GetCurrentProcess(), BaseAddress, nSize, - PAGE_EXECUTE_READWRITE, &ProtectFlag)) { - memcpy(BaseAddress, Buffer, nSize); - FlushInstructionCache(GetCurrentProcess(), BaseAddress, nSize); - VirtualProtectEx(GetCurrentProcess(), BaseAddress, nSize, ProtectFlag, - &ProtectFlag); - return true; - } - return false; +void InstallDetours(PBYTE pTarget, PBYTE pDetour) { + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourAttach(&(PVOID&)pTarget, pDetour); + DetourTransactionCommit(); } -// Restore the export function. -void InstallJMP(PBYTE BaseAddress, uintptr_t Function) { - if (*BaseAddress == 0xE9) { - ++BaseAddress; - BaseAddress = BaseAddress + *(uint32_t*)BaseAddress + 4; - } -#ifdef _WIN64 - BYTE move[] = {0x48, 0xB8}; // move rax,xxL); - BYTE jump[] = {0xFF, 0xE0}; // jmp rax - - WriteMemory(BaseAddress, move, sizeof(move)); - BaseAddress += sizeof(move); - - WriteMemory(BaseAddress, (PBYTE)&Function, sizeof(uintptr_t)); - BaseAddress += sizeof(uintptr_t); - - WriteMemory(BaseAddress, jump, sizeof(jump)); -#else - BYTE jump[] = {0xE9}; - WriteMemory(BaseAddress, jump, sizeof(jump)); - BaseAddress += sizeof(jump); - - uintptr_t offset = Function - (uintptr_t)BaseAddress - 4; - WriteMemory(BaseAddress, (PBYTE)&offset, sizeof(offset)); -#endif // _WIN64 -} -#pragma endregion - #pragma region Load system dll void LoadVersion(HINSTANCE hModule) { PBYTE pImageBase = (PBYTE)hModule; @@ -160,10 +125,10 @@ void LoadVersion(HINSTANCE hModule) { HINSTANCE module = LoadLibrary(szDLLPath); for (size_t i = 0; i < pimExD->NumberOfNames; ++i) { - uintptr_t Original = - (uintptr_t)GetProcAddress(module, (char*)(pImageBase + pName[i])); + PBYTE Original = + (PBYTE)GetProcAddress(module, (char*)(pImageBase + pName[i])); if (Original) { - InstallJMP(pImageBase + pFunction[pNameOrdinals[i]], Original); + InstallDetours(pImageBase + pFunction[pNameOrdinals[i]], Original); } } } @@ -175,4 +140,4 @@ void LoadSysDll(HINSTANCE hModule) { LoadVersion(hModule); } -#endif // HIJACK_H_ +#endif // HIJACK_H_ \ No newline at end of file