CESigMaker.cpp

1. #include "loader.h"
2.  
3. #include <iostream>
4. #include <windows.h>
5. #include <psapi.h>
6. #include <iomanip>
7. #include <sstream>
8. #include <string>
9.  
10. static CE_EXPORTED_FUNCTIONS exports;
11. static lua_State* lua = nullptr;
12.  
13. static int memory_view_tab_pluginid = -1;
14.  
15. static CE_MEMORY_VIEW_PLUGIN_INIT memory_view_tab;
16. static CE_DISASSEMBLER_CONTEXT_INIT disassembler_context_option;
17.  
18. static size_t sig_size = 18;
19.  
20. void set_clipboard(const std::string& str) {
21.     OpenClipboard(0);
22.     EmptyClipboard();
23.    
24.     auto buf = GlobalAlloc(GMEM_MOVEABLE, str.size());
25.    
26.     if (!buf) {
27.         CloseClipboard();
28.         return;
29.     }
30.  
31.     std::memcpy(GlobalLock(buf), str.c_str(), str.size());
32.    
33.     GlobalUnlock(buf);
34.     SetClipboardData(CF_TEXT, buf);
35.     CloseClipboard();
36.     GlobalFree(buf);
37. }
38.  
39. unsigned char* read_bytes(uintptr_t address, size_t size, bool vprotect) {
40.     auto  result = new unsigned char[size] {};
41.     DWORD oldprotection = {};
42.  
43.     if (vprotect) {
44.         VirtualProtect(reinterpret_cast<LPVOID>(address), size, PAGE_EXECUTE_READWRITE, &oldprotection);
45.         memcpy_s(result, size, reinterpret_cast<PVOID>(address), size);
46.         VirtualProtect(reinterpret_cast<LPVOID>(address), size, oldprotection, &oldprotection);
47.     }
48.     else {
49.         memcpy_s(result, size, reinterpret_cast<PVOID>(address), size);
50.     }
51.     return result;
52. }
53.  
54. BOOL CE_CONV on_makesig(uintptr_t* selected_address) {
55.     std::ostringstream stream;
56.     HDE hs;
57.  
58.     auto size = sig_size + 2;
59.     auto handle = *exports.OpenedProcessHandle;
60.     auto buffer = new unsigned char[size];
61.  
62.     std::memset(buffer, 0, sig_size);
63.     ReadProcessMemory(handle, reinterpret_cast<void*>(*selected_address - sig_size), buffer, size, nullptr);
64.  
65.     for (int i = 0; i < size; i++) {
66.         unsigned char c = buffer[i];
67.         HDE_DISASM(buffer + i, &hs);
68.  
69.         switch (hs.opcode) {
70.         case 0xE8: // call
71.         case 0xE9: // jmp
72.             i += hs.len;
73.             for (int k = 0; k < hs.len; k++)
74.                 stream << "\\?";
75.             continue;
76.         }
77.  
78.         stream << "\\x" << std::hex << std::setfill('0') << std::setw(2) << std::uppercase << static_cast<int>(c);
79.     }
80.  
81.     delete[] buffer;
82.  
83.     auto str = stream.str();
84.     auto res = stream.str().substr(0, str.size() - 3);
85.  
86.     set_clipboard(res);
87.  
88.     exports.ShowMessage("Copied signature to clipboard!");
89.  
90.     return true;
91. }
92.  
93. BOOL CE_CONV on_rightclick(uintptr_t selected_address, const char** name_address, BOOL* show) {
94.     return true;
95. }
96.  
97. BOOL CE_CONV on_settings_click(uintptr_t* disassembler_address, uintptr_t* selected_disassembler_address, uintptr_t* hexview_address) {
98.  
99.     return TRUE;
100. }
101.  
102. BOOL CE_CONV CEPlugin_GetVersion(CE_PLUGIN_VERSION* version, int version_size) {
103.     version->plugin_name = "SigMaker";
104.     version->version = 1.0;
105.  
106.     return sizeof(CE_PLUGIN_VERSION) == version_size;
107. }
108.  
109. BOOL CE_CONV CEPlugin_InitializePlugin(CE_EXPORTED_FUNCTIONS* ef, int pluginid) {
110.     exports = *ef;
111.     lua = reinterpret_cast<lua_State*>(exports.GetLuaState());
112.  
113.     memory_view_tab.name = "SigMaker: Settings";
114.     memory_view_tab.callback_routine = on_settings_click;
115.     memory_view_tab.shortcut = "Ctrl+E";
116.  
117.     disassembler_context_option.name = "SigMaker: Create signature";
118.     disassembler_context_option.callback_routine = &on_makesig;
119.     disassembler_context_option.callback_routine_onpopup = &on_rightclick;
120.  
121.     exports.RegisterFunction(pluginid, CE_PLUGIN_TYPE_DISASSEMBLER_CONTEXT, &disassembler_context_option);
122.     memory_view_tab_pluginid = exports.RegisterFunction(pluginid, CE_PLUGIN_TYPE_MEMORY_VIEW, &memory_view_tab); //adds a plugin menu item to the memory view
123.  
124.     return true;
125. }
126.  
127. BOOL CE_CONV CEPlugin_DisablePlugin() {
128.     return true;
129. }