This repository has been archived by the owner on Dec 31, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdump.cpp
93 lines (74 loc) · 3.62 KB
/
dump.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
//////////////////////////////////////////
/*
* Copyright (c) 2020 Nukem9 <email:[email protected]>
* Copyright (c) 2020-2021 Perchik71 <email:[email protected]>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of this
* software and associated documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software, and to permit
* persons to whom the Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or
* substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
//////////////////////////////////////////
#include "common.h"
#include <atomic>
#include "api/runhandler.h"
CHAR TempNTSIT[16];
ULONG_PTR TempNTSITAddress;
std::atomic_uint32_t g_DumpTargetThreadId;
typedef BOOL(USSEAPI* StartFunc_t)(DWORD dwUnk);
StartFunc_t g_StartFunc;
LONG(NTAPI * NtSetInformationThread)(HANDLE ThreadHandle, LONG ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength);
VOID USSEAPI Sys_DumpDisableBreakpoint(VOID);
VOID USSEAPI Sys_DumpEnableBreakpoint(VOID);
VOID USSEAPI Sys_ApplyPatches(VOID);
BOOL WINAPI hk_StartFunc(DWORD dwUnk) {
// Restore the original pointer
Sys_DumpDisableBreakpoint();
// Notify debugger
__try {
__debugbreak();
}
__except (EXCEPTION_EXECUTE_HANDLER)
{}
Sys_ApplyPatches();
return g_StartFunc(dwUnk);
}
VOID USSEAPI Sys_DumpEnableBreakpoint(VOID) {
uintptr_t moduleBase = (uintptr_t)usse::api::RunHandler.GetThisExeHandle();
PIMAGE_NT_HEADERS64 ntHeaders = (PIMAGE_NT_HEADERS64)(moduleBase + ((PIMAGE_DOS_HEADER)moduleBase)->e_lfanew);
// Get the load configuration section which holds the security cookie address
auto dataDirectory = ntHeaders->OptionalHeader.DataDirectory;
auto sectionRVA = dataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress;
auto sectionSize = dataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size;
auto loadConfig = (PIMAGE_LOAD_CONFIG_DIRECTORY)(moduleBase + sectionRVA);
Assert(sectionRVA > 0 && sectionSize > 0);
AssertMsg(loadConfig->SecurityCookie, "SecurityCookie is a null pointer!");
// Determine the module/code section addresses and sizes
g_ModuleBase = moduleBase;
g_ModuleSize = ntHeaders->OptionalHeader.SizeOfImage;
Assert(XUtil::GetPESectionRange(moduleBase, ".text", &g_CodeBase, &g_CodeEnd));
Assert(XUtil::GetPESectionRange(moduleBase, ".rdata", &g_RdataBase, &g_RdataEnd));
Assert(XUtil::GetPESectionRange(moduleBase, ".data", &g_DataBase, &g_DataEnd));
uintptr_t tempBssStart;
uintptr_t tempBssEnd;
if (XUtil::GetPESectionRange(moduleBase, ".textbss", &tempBssStart, &tempBssEnd)) {
g_CodeBase = std::min(g_CodeBase, tempBssStart);
g_CodeEnd = std::max(g_CodeEnd, tempBssEnd);
}
*(uintptr_t*)&g_StartFunc = Detours::X64::DetourFunctionClass(OFFSET(0x2E47188), &hk_StartFunc);
}
VOID USSEAPI Sys_DumpDisableBreakpoint(VOID) {
// Restore
Detours::X64::DetourFunctionClass(OFFSET(0x2E47188), g_StartFunc);
}