CoCalc -- modules.cpp

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/external/source/byakugan/detours/modules.cpp
Views: ¹¹⁷⁷⁸
1
//////////////////////////////////////////////////////////////////////////////
2
//
3
//  Module Enumeration Functions (modules.cpp of detours.lib)
4
//
5
//  Microsoft Research Detours Package, Version 2.1.
6
//
7
//  Copyright (c) Microsoft Corporation.  All rights reserved.
8
//
9
//  Module enumeration functions.
10
//
11

12
#include <windows.h>
13
#if (_MSC_VER < 1310)
14
#else
15
#include <strsafe.h>
16
#endif
17

18
//#define DETOUR_DEBUG 1
19
#define DETOURS_INTERNAL
20
#include "detours.h"
21

22
//////////////////////////////////////////////////////////////////////////////
23
//
24
#ifndef _STRSAFE_H_INCLUDED_
25
static inline HRESULT StringCchLengthA(const char* psz, size_t cchMax, size_t* pcch)
26
{
27
    HRESULT hr = S_OK;
28
    size_t cchMaxPrev = cchMax;
29

30
    if (cchMax > 2147483647)
31
    {
32
        return ERROR_INVALID_PARAMETER;
33
    }
34

35
    while (cchMax && (*psz != '\0'))
36
    {
37
        psz++;
38
        cchMax--;
39
    }
40

41
    if (cchMax == 0)
42
    {
43
        // the string is longer than cchMax
44
        hr = ERROR_INVALID_PARAMETER;
45
    }
46

47
    if (SUCCEEDED(hr) && pcch)
48
    {
49
        *pcch = cchMaxPrev - cchMax;
50
    }
51

52
    return hr;
53
}
54

55

56
static inline HRESULT StringCchCopyA(char* pszDest, size_t cchDest, const char* pszSrc)
57
{
58
    HRESULT hr = S_OK;
59

60
    if (cchDest == 0)
61
    {
62
        // can not null terminate a zero-byte dest buffer
63
        hr = ERROR_INVALID_PARAMETER;
64
    }
65
    else
66
    {
67
        while (cchDest && (*pszSrc != '\0'))
68
        {
69
            *pszDest++ = *pszSrc++;
70
            cchDest--;
71
        }
72

73
        if (cchDest == 0)
74
        {
75
            // we are going to truncate pszDest
76
            pszDest--;
77
            hr = ERROR_INVALID_PARAMETER;
78
        }
79

80
        *pszDest= '\0';
81
    }
82

83
    return hr;
84
}
85

86
static inline HRESULT StringCchCatA(char* pszDest, size_t cchDest, const char* pszSrc)
87
{
88
    HRESULT hr;
89
    size_t cchDestCurrent;
90

91
    if (cchDest > 2147483647)
92
    {
93
        return ERROR_INVALID_PARAMETER;
94
    }
95

96
    hr = StringCchLengthA(pszDest, cchDest, &cchDestCurrent);
97

98
    if (SUCCEEDED(hr))
99
    {
100
        hr = StringCchCopyA(pszDest + cchDestCurrent,
101
                            cchDest - cchDestCurrent,
102
                            pszSrc);
103
    }
104

105
    return hr;
106
}
107

108
#endif
109

110
//////////////////////////////////////////////////////////////////////////////
111
//
112
const GUID DETOUR_EXE_RESTORE_GUID = {
113
    0x2ed7a3ff, 0x3339, 0x4a8d,
114
    { 0x80, 0x5c, 0xd4, 0x98, 0x15, 0x3f, 0xc2, 0x8f }};
115

116
//////////////////////////////////////////////////////////////////////////////
117
//
118
PDETOUR_SYM_INFO DetourLoadImageHlp(VOID)
119
{
120
    static DETOUR_SYM_INFO symInfo;
121
    static PDETOUR_SYM_INFO pSymInfo = NULL;
122
    static BOOL failed = false;
123

124
    if (failed) {
125
        return NULL;
126
    }
127
    if (pSymInfo != NULL) {
128
        return pSymInfo;
129
    }
130

131
    ZeroMemory(&symInfo, sizeof(symInfo));
132
    // Create a real handle to the process.
133
#if 0
134
    DuplicateHandle(GetCurrentProcess(),
135
                    GetCurrentProcess(),
136
                    GetCurrentProcess(),
137
                    &symInfo.hProcess,
138
                    0,
139
                    FALSE,
140
                    DUPLICATE_SAME_ACCESS);
141
#else
142
    symInfo.hProcess = GetCurrentProcess();
143
#endif
144

145
    symInfo.hDbgHelp = LoadLibraryA("dbghelp.dll");
146
    if (symInfo.hDbgHelp == NULL) {
147
      abort:
148
        failed = true;
149
        if (symInfo.hDbgHelp != NULL) {
150
            FreeLibrary(symInfo.hDbgHelp);
151
        }
152
        symInfo.pfImagehlpApiVersionEx = NULL;
153
        symInfo.pfSymInitialize = NULL;
154
        symInfo.pfSymSetOptions = NULL;
155
        symInfo.pfSymGetOptions = NULL;
156
        symInfo.pfSymLoadModule64 = NULL;
157
        symInfo.pfSymGetModuleInfo64 = NULL;
158
        symInfo.pfSymFromName = NULL;
159
        return NULL;
160
    }
161

162
    symInfo.pfImagehlpApiVersionEx
163
        = (PF_ImagehlpApiVersionEx)GetProcAddress(symInfo.hDbgHelp,
164
                                                  "ImagehlpApiVersionEx");
165
    symInfo.pfSymInitialize
166
        = (PF_SymInitialize)GetProcAddress(symInfo.hDbgHelp, "SymInitialize");
167
    symInfo.pfSymSetOptions
168
        = (PF_SymSetOptions)GetProcAddress(symInfo.hDbgHelp, "SymSetOptions");
169
    symInfo.pfSymGetOptions
170
        = (PF_SymGetOptions)GetProcAddress(symInfo.hDbgHelp, "SymGetOptions");
171
    symInfo.pfSymLoadModule64
172
        = (PF_SymLoadModule64)GetProcAddress(symInfo.hDbgHelp, "SymLoadModule64");
173
    symInfo.pfSymGetModuleInfo64
174
        = (PF_SymGetModuleInfo64)GetProcAddress(symInfo.hDbgHelp, "SymGetModuleInfo64");
175
    symInfo.pfSymFromName
176
        = (PF_SymFromName)GetProcAddress(symInfo.hDbgHelp, "SymFromName");
177

178
    API_VERSION av;
179
    ZeroMemory(&av, sizeof(av));
180
    av.MajorVersion = API_VERSION_NUMBER;
181

182
    if (symInfo.pfImagehlpApiVersionEx == NULL ||
183
        symInfo.pfSymInitialize == NULL ||
184
        symInfo.pfSymLoadModule64 == NULL ||
185
        symInfo.pfSymGetModuleInfo64 == NULL ||
186
        symInfo.pfSymFromName == NULL) {
187
        goto abort;
188
    }
189

190
    symInfo.pfImagehlpApiVersionEx(&av);
191
    if (av.MajorVersion < API_VERSION_NUMBER) {
192
        goto abort;
193
    }
194

195
    if (!symInfo.pfSymInitialize(symInfo.hProcess, NULL, FALSE)) {
196
        // We won't retry the initialize if it fails.
197
        goto abort;
198
    }
199

200
    if (symInfo.pfSymGetOptions != NULL && symInfo.pfSymSetOptions != NULL) {
201
        DWORD dw = symInfo.pfSymGetOptions();
202

203
        dw &= ~(SYMOPT_CASE_INSENSITIVE |
204
                SYMOPT_UNDNAME |
205
                SYMOPT_DEFERRED_LOADS |
206
                0);
207
        dw |= (
208
#if defined(SYMOPT_EXACT_SYMBOLS)
209
               SYMOPT_EXACT_SYMBOLS |
210
#endif
211
#if defined(SYMOPT_NO_UNQUALIFIED_LOADS)
212
               SYMOPT_NO_UNQUALIFIED_LOADS |
213
#endif
214
               SYMOPT_DEFERRED_LOADS |
215
#if defined(SYMOPT_FAIL_CRITICAL_ERRORS)
216
               SYMOPT_FAIL_CRITICAL_ERRORS |
217
#endif
218
#if defined(SYMOPT_INCLUDE_32BIT_MODULES)
219
               SYMOPT_INCLUDE_32BIT_MODULES |
220
#endif
221
               0);
222
        symInfo.pfSymSetOptions(dw);
223
    }
224

225
    pSymInfo = &symInfo;
226
    return pSymInfo;
227
}
228

229
PVOID WINAPI DetourFindFunction(PCSTR pszModule, PCSTR pszFunction)
230
{
231
    /////////////////////////////////////////////// First, try GetProcAddress.
232
    //
233
    HMODULE hModule = LoadLibraryA(pszModule);
234
    if (hModule == NULL) {
235
        return NULL;
236
    }
237

238
    PBYTE pbCode = (PBYTE)GetProcAddress(hModule, pszFunction);
239
    if (pbCode) {
240
        return pbCode;
241
    }
242

243
    ////////////////////////////////////////////////////// Then try ImageHelp.
244
    //
245
    DETOUR_TRACE(("DetourFindFunction(%s, %s)\n", pszModule, pszFunction));
246
    PDETOUR_SYM_INFO pSymInfo = DetourLoadImageHlp();
247
    if (pSymInfo == NULL) {
248
        DETOUR_TRACE(("DetourLoadImageHlp failed: %d\n",
249
                      GetLastError()));
250
        return NULL;
251
    }
252

253
    if (pSymInfo->pfSymLoadModule64(pSymInfo->hProcess, NULL,
254
                                    (PCHAR)pszModule, NULL,
255
                                    (DWORD64)hModule, 0) == 0) {
256
        DETOUR_TRACE(("SymLoadModule64(%p) failed: %d\n",
257
                      pSymInfo->hProcess, GetLastError()));
258
        // We don't stop because some version of dbghelp fail secondary calls.
259
        //return NULL;
260
    }
261

262
    HRESULT hrRet;
263
    CHAR szFullName[512];
264
    IMAGEHLP_MODULE64 modinfo;
265
    ZeroMemory(&modinfo, sizeof(modinfo));
266
    modinfo.SizeOfStruct = sizeof(modinfo);
267
    if (!pSymInfo->pfSymGetModuleInfo64(pSymInfo->hProcess, (DWORD64)hModule, &modinfo)) {
268
        DETOUR_TRACE(("SymGetModuleInfo64(%p, %p) failed: %d\n",
269
                      pSymInfo->hProcess, hModule, GetLastError()));
270
        return NULL;
271
    }
272

273
    hrRet = StringCchCopyA(szFullName, sizeof(szFullName)/sizeof(CHAR), modinfo.ModuleName);
274
    if (FAILED(hrRet)) {
275
        DETOUR_TRACE(("StringCchCopyA failed: %08x\n", hrRet));
276
        return NULL;
277
    }
278
    hrRet = StringCchCatA(szFullName, sizeof(szFullName)/sizeof(CHAR), "!");
279
    if (FAILED(hrRet)) {
280
        DETOUR_TRACE(("StringCchCatA failed: %08x\n", hrRet));
281
        return NULL;
282
    }
283
    hrRet = StringCchCatA(szFullName, sizeof(szFullName)/sizeof(CHAR), pszFunction);
284
    if (FAILED(hrRet)) {
285
        DETOUR_TRACE(("StringCchCatA failed: %08x\n", hrRet));
286
        return NULL;
287
    }
288

289
    struct CFullSymbol : SYMBOL_INFO {
290
        CHAR szRestOfName[512];
291
    } symbol;
292
    ZeroMemory(&symbol, sizeof(symbol));
293
    //symbol.ModBase = (ULONG64)hModule;
294
    symbol.SizeOfStruct = sizeof(SYMBOL_INFO);
295
#ifdef DBHLPAPI
296
    symbol.MaxNameLen = sizeof(symbol.szRestOfName)/sizeof(symbol.szRestOfName[0]);
297
#else
298
    symbol.MaxNameLength = sizeof(symbol.szRestOfName)/sizeof(symbol.szRestOfName[0]);
299
#endif
300

301
    if (!pSymInfo->pfSymFromName(pSymInfo->hProcess, szFullName, &symbol)) {
302
        DETOUR_TRACE(("SymFromName(%s) failed: %d\n", szFullName, GetLastError()));
303
        return NULL;
304
    }
305

306
#ifdef DETOURS_IA64
307
    // On the IA64, we get a raw code pointer from the symbol engine
308
    // and have to convert it to a wrapped [code pointer, global pointer].
309
    //
310
    PPLABEL_DESCRIPTOR pldEntry = (PPLABEL_DESCRIPTOR)DetourGetEntryPoint(hModule);
311
    PPLABEL_DESCRIPTOR pldSymbol = new PLABEL_DESCRIPTOR;
312

313
    pldSymbol->EntryPoint = symbol.Address;
314
    pldSymbol->GlobalPointer = pldEntry->GlobalPointer;
315
    return (PBYTE)pldSymbol;
316
#else
317
    return (PBYTE)symbol.Address;
318
#endif
319
}
320

321
//////////////////////////////////////////////////// Module Image Functions.
322
//
323
HMODULE WINAPI DetourEnumerateModules(HMODULE hModuleLast)
324
{
325
    PBYTE pbLast;
326

327
    if (hModuleLast == NULL) {
328
        pbLast = (PBYTE)0x10000;
329
    }
330
    else {
331
        pbLast = (PBYTE)hModuleLast + 0x10000;
332
    }
333

334
    MEMORY_BASIC_INFORMATION mbi;
335
    ZeroMemory(&mbi, sizeof(mbi));
336

337
    // Find the next memory region that contains a mapped PE image.
338
    //
339
    for (;; pbLast = (PBYTE)mbi.BaseAddress + mbi.RegionSize) {
340
        if (VirtualQuery((PVOID)pbLast, &mbi, sizeof(mbi)) <= 0) {
341
            break;
342
        }
343

344
        // Skip uncommitted regions and guard pages.
345
        //
346
        if ((mbi.State != MEM_COMMIT) || (mbi.Protect & PAGE_GUARD)) {
347
            continue;
348
        }
349

350
        __try {
351
            PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pbLast;
352
            if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
353
                continue;
354
            }
355

356
            PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
357
                                                              pDosHeader->e_lfanew);
358
            if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
359
                continue;
360
            }
361

362
            return (HMODULE)pDosHeader;
363
        }
364
        __except(EXCEPTION_EXECUTE_HANDLER) {
365
            return NULL;
366
        }
367
    }
368
    return NULL;
369
}
370

371
PVOID WINAPI DetourGetEntryPoint(HMODULE hModule)
372
{
373
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
374
    if (hModule == NULL) {
375
        pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
376
    }
377

378
    __try {
379
        if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
380
            SetLastError(ERROR_BAD_EXE_FORMAT);
381
            return NULL;
382
        }
383

384
        PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
385
                                                          pDosHeader->e_lfanew);
386
        if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
387
            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
388
            return NULL;
389
        }
390
        if (pNtHeader->FileHeader.SizeOfOptionalHeader == 0) {
391
            SetLastError(ERROR_EXE_MARKED_INVALID);
392
            return NULL;
393
        }
394
        SetLastError(NO_ERROR);
395
        return ((PBYTE)pDosHeader) +
396
            pNtHeader->OptionalHeader.AddressOfEntryPoint;
397
    }
398
    __except(EXCEPTION_EXECUTE_HANDLER) {
399
        SetLastError(ERROR_EXE_MARKED_INVALID);
400
        return NULL;
401
    }
402
}
403

404
ULONG WINAPI DetourGetModuleSize(HMODULE hModule)
405
{
406
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
407
    if (hModule == NULL) {
408
        pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
409
    }
410

411
    __try {
412
        if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
413
            SetLastError(ERROR_BAD_EXE_FORMAT);
414
            return NULL;
415
        }
416

417
        PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
418
                                                          pDosHeader->e_lfanew);
419
        if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
420
            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
421
            return NULL;
422
        }
423
        if (pNtHeader->FileHeader.SizeOfOptionalHeader == 0) {
424
            SetLastError(ERROR_EXE_MARKED_INVALID);
425
            return NULL;
426
        }
427
        SetLastError(NO_ERROR);
428

429
        return (pNtHeader->OptionalHeader.SizeOfImage);
430
    }
431
    __except(EXCEPTION_EXECUTE_HANDLER) {
432
        SetLastError(ERROR_EXE_MARKED_INVALID);
433
        return NULL;
434
    }
435
}
436

437
static inline PBYTE RvaAdjust(PIMAGE_DOS_HEADER pDosHeader, DWORD raddr)
438
{
439
    if (raddr != NULL) {
440
        return ((PBYTE)pDosHeader) + raddr;
441
    }
442
    return NULL;
443
}
444

445
BOOL WINAPI DetourEnumerateExports(HMODULE hModule,
446
                                   PVOID pContext,
447
                                   PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport)
448
{
449
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
450
    if (hModule == NULL) {
451
        pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
452
    }
453

454
    __try {
455
        if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
456
            SetLastError(ERROR_BAD_EXE_FORMAT);
457
            return NULL;
458
        }
459

460
        PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
461
                                                          pDosHeader->e_lfanew);
462
        if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
463
            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
464
            return FALSE;
465
        }
466
        if (pNtHeader->FileHeader.SizeOfOptionalHeader == 0) {
467
            SetLastError(ERROR_EXE_MARKED_INVALID);
468
            return FALSE;
469
        }
470

471
        PIMAGE_EXPORT_DIRECTORY pExportDir
472
            = (PIMAGE_EXPORT_DIRECTORY)
473
            RvaAdjust(pDosHeader,
474
                      pNtHeader->OptionalHeader
475
                      .DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
476

477
        if (pExportDir == NULL) {
478
            SetLastError(ERROR_EXE_MARKED_INVALID);
479
            return FALSE;
480
        }
481

482
        PDWORD pdwFunctions = (PDWORD)RvaAdjust(pDosHeader, pExportDir->AddressOfFunctions);
483
        PDWORD pdwNames = (PDWORD)RvaAdjust(pDosHeader, pExportDir->AddressOfNames);
484
        PWORD pwOrdinals = (PWORD)RvaAdjust(pDosHeader, pExportDir->AddressOfNameOrdinals);
485

486
        for (DWORD nFunc = 0; nFunc < pExportDir->NumberOfFunctions; nFunc++) {
487
            PBYTE pbCode = (pdwFunctions != NULL)
488
                ? (PBYTE)RvaAdjust(pDosHeader, pdwFunctions[nFunc]) : NULL;
489
            PCHAR pszName = NULL;
490
            for (DWORD n = 0; n < pExportDir->NumberOfNames; n++) {
491
                if (pwOrdinals[n] == nFunc) {
492
                    pszName = (pdwNames != NULL)
493
                        ? (PCHAR)RvaAdjust(pDosHeader, pdwNames[n]) : NULL;
494
                    break;
495
                }
496
            }
497
            ULONG nOrdinal = pExportDir->Base + nFunc;
498

499
            if (!pfExport(pContext, nOrdinal, pszName, pbCode)) {
500
                break;
501
            }
502
        }
503
        SetLastError(NO_ERROR);
504
        return TRUE;
505
    }
506
    __except(EXCEPTION_EXECUTE_HANDLER) {
507
        SetLastError(ERROR_EXE_MARKED_INVALID);
508
        return NULL;
509
    }
510
}
511

512
static PDETOUR_LOADED_BINARY WINAPI GetPayloadSectionFromModule(HMODULE hModule)
513
{
514
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
515
    if (hModule == NULL) {
516
        pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
517
    }
518

519
    __try {
520
        if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
521
            SetLastError(ERROR_BAD_EXE_FORMAT);
522
            return NULL;
523
        }
524

525
        PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
526
                                                          pDosHeader->e_lfanew);
527
        if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
528
            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
529
            return NULL;
530
        }
531
        if (pNtHeader->FileHeader.SizeOfOptionalHeader == 0) {
532
            SetLastError(ERROR_EXE_MARKED_INVALID);
533
            return NULL;
534
        }
535

536
        PIMAGE_SECTION_HEADER pSectionHeaders
537
            = (PIMAGE_SECTION_HEADER)((PBYTE)pNtHeader
538
                                      + sizeof(pNtHeader->Signature)
539
                                      + sizeof(pNtHeader->FileHeader)
540
                                      + pNtHeader->FileHeader.SizeOfOptionalHeader);
541

542
        for (DWORD n = 0; n < pNtHeader->FileHeader.NumberOfSections; n++) {
543
            if (strcmp((PCHAR)pSectionHeaders[n].Name, ".detour") == 0) {
544
                if (pSectionHeaders[n].VirtualAddress == 0 ||
545
                    pSectionHeaders[n].SizeOfRawData == 0) {
546

547
                    break;
548
                }
549

550
                PBYTE pbData = (PBYTE)pDosHeader + pSectionHeaders[n].VirtualAddress;
551
                DETOUR_SECTION_HEADER *pHeader = (DETOUR_SECTION_HEADER *)pbData;
552
                if (pHeader->cbHeaderSize < sizeof(DETOUR_SECTION_HEADER) ||
553
                    pHeader->nSignature != DETOUR_SECTION_HEADER_SIGNATURE) {
554

555
                    break;
556
                }
557

558
                if (pHeader->nDataOffset == 0) {
559
                    pHeader->nDataOffset = pHeader->cbHeaderSize;
560
                }
561
                SetLastError(NO_ERROR);
562
                return (PBYTE)pHeader;
563
            }
564
        }
565
        SetLastError(ERROR_EXE_MARKED_INVALID);
566
        return NULL;
567
    }
568
    __except(EXCEPTION_EXECUTE_HANDLER) {
569
        SetLastError(ERROR_EXE_MARKED_INVALID);
570
        return NULL;
571
    }
572
}
573

574
DWORD WINAPI DetourGetSizeOfPayloads(HMODULE hModule)
575
{
576
    PDETOUR_LOADED_BINARY pBinary = GetPayloadSectionFromModule(hModule);
577
    if (pBinary == NULL) {
578
        // Error set by GetPayloadSectonFromModule.
579
        return 0;
580
    }
581

582
    __try {
583
        DETOUR_SECTION_HEADER *pHeader = (DETOUR_SECTION_HEADER *)pBinary;
584
        if (pHeader->cbHeaderSize < sizeof(DETOUR_SECTION_HEADER) ||
585
            pHeader->nSignature != DETOUR_SECTION_HEADER_SIGNATURE) {
586

587
            SetLastError(ERROR_INVALID_HANDLE);
588
            return 0;
589
        }
590
        SetLastError(NO_ERROR);
591
        return pHeader->cbDataSize;
592
    }
593
    __except(EXCEPTION_EXECUTE_HANDLER) {
594
        SetLastError(ERROR_INVALID_HANDLE);
595
        return 0;
596
    }
597
}
598

599
PVOID WINAPI DetourFindPayload(HMODULE hModule, REFGUID rguid, DWORD * pcbData)
600
{
601
    PBYTE pbData = NULL;
602
    if (pcbData) {
603
        *pcbData = 0;
604
    }
605

606
    PDETOUR_LOADED_BINARY pBinary = GetPayloadSectionFromModule(hModule);
607
    if (pBinary == NULL) {
608
        // Error set by GetPayloadSectonFromModule.
609
        return NULL;
610
    }
611

612
    __try {
613
        DETOUR_SECTION_HEADER *pHeader = (DETOUR_SECTION_HEADER *)pBinary;
614
        if (pHeader->cbHeaderSize < sizeof(DETOUR_SECTION_HEADER) ||
615
            pHeader->nSignature != DETOUR_SECTION_HEADER_SIGNATURE) {
616

617
            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
618
            return NULL;
619
        }
620

621
        PBYTE pbBeg = ((PBYTE)pHeader) + pHeader->nDataOffset;
622
        PBYTE pbEnd = ((PBYTE)pHeader) + pHeader->cbDataSize;
623

624
        for (pbData = pbBeg; pbData < pbEnd;) {
625
            DETOUR_SECTION_RECORD *pSection = (DETOUR_SECTION_RECORD *)pbData;
626

627
            if (pSection->guid.Data1 == rguid.Data1 &&
628
                pSection->guid.Data2 == rguid.Data2 &&
629
                pSection->guid.Data3 == rguid.Data3 &&
630
                pSection->guid.Data4[0] == rguid.Data4[0] &&
631
                pSection->guid.Data4[1] == rguid.Data4[1] &&
632
                pSection->guid.Data4[2] == rguid.Data4[2] &&
633
                pSection->guid.Data4[3] == rguid.Data4[3] &&
634
                pSection->guid.Data4[4] == rguid.Data4[4] &&
635
                pSection->guid.Data4[5] == rguid.Data4[5] &&
636
                pSection->guid.Data4[6] == rguid.Data4[6] &&
637
                pSection->guid.Data4[7] == rguid.Data4[7]) {
638

639
                if (pcbData) {
640
                    *pcbData = pSection->cbBytes - sizeof(*pSection);
641
                    SetLastError(NO_ERROR);
642
                    return (PBYTE)(pSection + 1);
643
                }
644
            }
645

646
            pbData = (PBYTE)pSection + pSection->cbBytes;
647
        }
648
        SetLastError(ERROR_INVALID_HANDLE);
649
        return NULL;
650
    }
651
    __except(EXCEPTION_EXECUTE_HANDLER) {
652
        SetLastError(ERROR_INVALID_HANDLE);
653
        return NULL;
654
    }
655
}
656

657
BOOL WINAPI DetourRestoreAfterWithEx(PVOID pvData, DWORD cbData)
658
{
659
    PDETOUR_EXE_RESTORE pder = (PDETOUR_EXE_RESTORE)pvData;
660

661
    if (pder->cb != sizeof(*pder) || pder->cb > cbData) {
662
        SetLastError(ERROR_BAD_EXE_FORMAT);
663
        return FALSE;
664
    }
665

666
    DWORD dwPermIdh;
667
    DWORD dwPermInh;
668
    DWORD dwPermClr;
669
    DWORD dwOld;
670
    BOOL fSucceeded = FALSE;
671

672
    if (!VirtualProtect(pder->pidh, sizeof(pder->idh),
673
                        PAGE_EXECUTE_READWRITE, &dwPermIdh)) {
674
        goto end0;
675
    }
676
    if (!VirtualProtect(pder->pinh, sizeof(pder->inh),
677
                        PAGE_EXECUTE_READWRITE, &dwPermInh)) {
678
        goto end1;
679
    }
680
    if (pder->pclrFlags != NULL) {
681
        if (!VirtualProtect(pder->pclrFlags, sizeof(pder->clrFlags),
682
                            PAGE_EXECUTE_READWRITE, &dwPermClr)) {
683
            goto end2;
684
        }
685
    }
686

687
    CopyMemory(pder->pidh, &pder->idh, sizeof(pder->idh));
688
    CopyMemory(pder->pinh, &pder->inh, sizeof(pder->inh));
689

690
    if (pder->pclrFlags != NULL) {
691
        CopyMemory(pder->pclrFlags, &pder->clrFlags, sizeof(pder->clrFlags));
692
    }
693
    fSucceeded = TRUE;
694

695
    if (pder->pclrFlags != NULL) {
696
        VirtualProtect(pder->pclrFlags, sizeof(pder->clrFlags), dwPermIdh, &dwOld);
697
    }
698
  end2:
699
    VirtualProtect(pder->pinh, sizeof(pder->inh), dwPermInh, &dwOld);
700
  end1:
701
    VirtualProtect(pder->pidh, sizeof(pder->idh), dwPermIdh, &dwOld);
702
  end0:
703
    return fSucceeded;
704
}
705

706
BOOL WINAPI DetourRestoreAfterWith()
707
{
708
    for (HMODULE hMod = NULL; (hMod = DetourEnumerateModules(hMod)) != NULL;) {
709
        PVOID pvData;
710
        DWORD cbData;
711

712
        pvData = DetourFindPayload(hMod, DETOUR_EXE_RESTORE_GUID, &cbData);
713

714
        if (pvData == NULL || cbData == 0) {
715
            continue;
716
        }
717

718
        return DetourRestoreAfterWithEx(pvData, cbData);
719
    }
720
    SetLastError(ERROR_MOD_NOT_FOUND);
721
    return FALSE;
722
}
723

724
//  End of File
725

726
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
