API tools faq
paste
mavythegamer

c++ssssssss

mavythegamer
May 29th, 2018
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.83 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2.  
  3. #include <Windows.h>
  4. #include <map>
  5.  
  6. /*
  7. * @ Title: Retcheck bypass
  8. * @ Author: Chilarity
  9. * @ Last modified: 15-03-2018
  10. *
  11. */
  12.  
  13. //-------------------------------------------------\\
  14.  
  15. /*
  16. * Hacker Disassembler Engine 32 C
  17. * Copyright (c) 2008-2009, Vyacheslav Patkov.
  18. * All rights reserved.
  19. *
  20. */
  21.  
  22. #include <string.h>
  23. #include <stdint.h>
  24.  
  25. #define F_MODRM 0x00000001
  26. #define F_SIB 0x00000002
  27. #define F_IMM8 0x00000004
  28. #define F_IMM16 0x00000008
  29. #define F_IMM32 0x00000010
  30. #define F_DISP8 0x00000020
  31. #define F_DISP16 0x00000040
  32. #define F_DISP32 0x00000080
  33. #define F_RELATIVE 0x00000100
  34. #define F_2IMM16 0x00000800
  35. #define F_ERROR 0x00001000
  36. #define F_ERROR_OPCODE 0x00002000
  37. #define F_ERROR_LENGTH 0x00004000
  38. #define F_ERROR_LOCK 0x00008000
  39. #define F_ERROR_OPERAND 0x00010000
  40. #define F_PREFIX_REPNZ 0x01000000
  41. #define F_PREFIX_REPX 0x02000000
  42. #define F_PREFIX_REP 0x03000000
  43. #define F_PREFIX_66 0x04000000
  44. #define F_PREFIX_67 0x08000000
  45. #define F_PREFIX_LOCK 0x10000000
  46. #define F_PREFIX_SEG 0x20000000
  47. #define F_PREFIX_ANY 0x3f000000
  48.  
  49. #define PREFIX_SEGMENT_CS 0x2e
  50. #define PREFIX_SEGMENT_SS 0x36
  51. #define PREFIX_SEGMENT_DS 0x3e
  52. #define PREFIX_SEGMENT_ES 0x26
  53. #define PREFIX_SEGMENT_FS 0x64
  54. #define PREFIX_SEGMENT_GS 0x65
  55. #define PREFIX_LOCK 0xf0
  56. #define PREFIX_REPNZ 0xf2
  57. #define PREFIX_REPX 0xf3
  58. #define PREFIX_OPERAND_SIZE 0x66
  59. #define PREFIX_ADDRESS_SIZE 0x67
  60.  
  61. #pragma pack(push,1)
  62.  
  63. typedef struct {
  64. uint8_t len;
  65. uint8_t p_rep;
  66. uint8_t p_lock;
  67. uint8_t p_seg;
  68. uint8_t p_66;
  69. uint8_t p_67;
  70. uint8_t opcode;
  71. uint8_t opcode2;
  72. uint8_t modrm;
  73. uint8_t modrm_mod;
  74. uint8_t modrm_reg;
  75. uint8_t modrm_rm;
  76. uint8_t sib;
  77. uint8_t sib_scale;
  78. uint8_t sib_index;
  79. uint8_t sib_base;
  80. union {
  81. uint8_t imm8;
  82. uint16_t imm16;
  83. uint32_t imm32;
  84. } imm;
  85. union {
  86. uint8_t disp8;
  87. uint16_t disp16;
  88. uint32_t disp32;
  89. } disp;
  90. uint32_t flags;
  91. } hde32s;
  92.  
  93. #pragma pack(pop)
  94.  
  95. #ifdef __cplusplus
  96. extern "C" {
  97. #endif
  98.  
  99. /* __cdecl */
  100. static unsigned int hde32_disasm(const void *code, hde32s *hs);
  101.  
  102. #ifdef __cplusplus
  103. }
  104. #endif
  105.  
  106. #define C_NONE 0x00
  107. #define C_MODRM 0x01
  108. #define C_IMM8 0x02
  109. #define C_IMM16 0x04
  110. #define C_IMM_P66 0x10
  111. #define C_REL8 0x20
  112. #define C_REL32 0x40
  113. #define C_GROUP 0x80
  114. #define C_ERROR 0xff
  115.  
  116. #define PRE_ANY 0x00
  117. #define PRE_NONE 0x01
  118. #define PRE_F2 0x02
  119. #define PRE_F3 0x04
  120. #define PRE_66 0x08
  121. #define PRE_67 0x10
  122. #define PRE_LOCK 0x20
  123. #define PRE_SEG 0x40
  124. #define PRE_ALL 0xff
  125.  
  126. #define DELTA_OPCODES 0x4a
  127. #define DELTA_FPU_REG 0xf1
  128. #define DELTA_FPU_MODRM 0xf8
  129. #define DELTA_PREFIXES 0x130
  130. #define DELTA_OP_LOCK_OK 0x1a1
  131. #define DELTA_OP2_LOCK_OK 0x1b9
  132. #define DELTA_OP_ONLY_MEM 0x1cb
  133. #define DELTA_OP2_ONLY_MEM 0x1da
  134.  
  135. static unsigned char hde32_table[] = {
  136. 0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,
  137. 0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f,
  138. 0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3,
  139. 0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa,
  140. 0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90,
  141. 0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f,
  142. 0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d,
  143. 0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59,
  144. 0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,
  145. 0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0,
  146. 0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01,
  147. 0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11,
  148. 0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8,
  149. 0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca,
  150. 0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff,
  151. 0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03,
  152. 0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,
  153. 0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,
  154. 0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  155. 0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  156. 0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f,
  157. 0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a,
  158. 0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,
  159. 0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a,
  160. 0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06,
  161. 0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06,
  162. 0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
  163. 0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08,
  164. 0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,
  165. 0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,
  166. 0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,
  167. 0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,
  168. 0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,
  169. 0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,
  170. 0xe7,0x08,0x00,0xf0,0x02,0x00
  171. };
  172.  
  173.  
  174. #ifdef _MSC_VER
  175. #pragma warning(disable:4701)
  176. #endif
  177.  
  178. unsigned int hde32_disasm(const void *code, hde32s *hs)
  179. {
  180. uint8_t x, c, *p = (uint8_t*)code, cflags, opcode, pref = 0;
  181. uint8_t* ht = hde32_table, m_mod, m_reg, m_rm, disp_size = 0;
  182.  
  183. memset(hs, 0, sizeof(hde32s));
  184.  
  185. for (x = 16; x; x--)
  186. switch (c = *p++) {
  187. case 0xf3:
  188. hs->p_rep = c;
  189. pref |= PRE_F3;
  190. break;
  191. case 0xf2:
  192. hs->p_rep = c;
  193. pref |= PRE_F2;
  194. break;
  195. case 0xf0:
  196. hs->p_lock = c;
  197. pref |= PRE_LOCK;
  198. break;
  199. case 0x26: case 0x2e: case 0x36:
  200. case 0x3e: case 0x64: case 0x65:
  201. hs->p_seg = c;
  202. pref |= PRE_SEG;
  203. break;
  204. case 0x66:
  205. hs->p_66 = c;
  206. pref |= PRE_66;
  207. break;
  208. case 0x67:
  209. hs->p_67 = c;
  210. pref |= PRE_67;
  211. break;
  212. default:
  213. goto pref_done;
  214. }
  215. pref_done:
  216.  
  217. hs->flags = (uint32_t)pref << 23;
  218.  
  219. if (!pref)
  220. pref |= PRE_NONE;
  221.  
  222. if ((hs->opcode = c) == 0x0f) {
  223. hs->opcode2 = c = *p++;
  224. ht += DELTA_OPCODES;
  225. }
  226. else if (c >= 0xa0 && c <= 0xa3) {
  227. if (pref & PRE_67)
  228. pref |= PRE_66;
  229. else
  230. pref &= ~PRE_66;
  231. }
  232.  
  233. opcode = c;
  234. cflags = ht[ht[opcode / 4] + (opcode % 4)];
  235.  
  236. if (cflags == C_ERROR) {
  237. hs->flags |= F_ERROR | F_ERROR_OPCODE;
  238. cflags = 0;
  239. if ((opcode & -3) == 0x24)
  240. cflags++;
  241. }
  242.  
  243. x = 0;
  244. if (cflags & C_GROUP) {
  245. uint16_t t;
  246. t = *(uint16_t*)(ht + (cflags & 0x7f));
  247. cflags = (uint8_t)t;
  248. x = (uint8_t)(t >> 8);
  249. }
  250.  
  251. if (hs->opcode2) {
  252. ht = hde32_table + DELTA_PREFIXES;
  253. if (ht[ht[opcode / 4] + (opcode % 4)] & pref)
  254. hs->flags |= F_ERROR | F_ERROR_OPCODE;
  255. }
  256.  
  257. if (cflags & C_MODRM) {
  258. hs->flags |= F_MODRM;
  259. hs->modrm = c = *p++;
  260. hs->modrm_mod = m_mod = c >> 6;
  261. hs->modrm_rm = m_rm = c & 7;
  262. hs->modrm_reg = m_reg = (c & 0x3f) >> 3;
  263.  
  264. if (x && ((x << m_reg) & 0x80))
  265. hs->flags |= F_ERROR | F_ERROR_OPCODE;
  266.  
  267. if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) {
  268. uint8_t t = opcode - 0xd9;
  269. if (m_mod == 3) {
  270. ht = hde32_table + DELTA_FPU_MODRM + t * 8;
  271. t = ht[m_reg] << m_rm;
  272. }
  273. else {
  274. ht = hde32_table + DELTA_FPU_REG;
  275. t = ht[t] << m_reg;
  276. }
  277. if (t & 0x80)
  278. hs->flags |= F_ERROR | F_ERROR_OPCODE;
  279. }
  280.  
  281. if (pref & PRE_LOCK) {
  282. if (m_mod == 3) {
  283. hs->flags |= F_ERROR | F_ERROR_LOCK;
  284. }
  285. else {
  286. uint8_t* table_end, op = opcode;
  287. if (hs->opcode2) {
  288. ht = hde32_table + DELTA_OP2_LOCK_OK;
  289. table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK;
  290. }
  291. else {
  292. ht = hde32_table + DELTA_OP_LOCK_OK;
  293. table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK;
  294. op &= -2;
  295. }
  296. for (; ht != table_end; ht++)
  297. if (*ht++ == op) {
  298. if (!((*ht << m_reg) & 0x80))
  299. goto no_lock_error;
  300. else
  301. break;
  302. }
  303. hs->flags |= F_ERROR | F_ERROR_LOCK;
  304. no_lock_error:
  305. ;
  306. }
  307. }
  308.  
  309. if (hs->opcode2) {
  310. switch (opcode) {
  311. case 0x20: case 0x22:
  312. m_mod = 3;
  313. if (m_reg > 4 || m_reg == 1)
  314. goto error_operand;
  315. else
  316. goto no_error_operand;
  317. case 0x21: case 0x23:
  318. m_mod = 3;
  319. if (m_reg == 4 || m_reg == 5)
  320. goto error_operand;
  321. else
  322. goto no_error_operand;
  323. }
  324. }
  325. else {
  326. switch (opcode) {
  327. case 0x8c:
  328. if (m_reg > 5)
  329. goto error_operand;
  330. else
  331. goto no_error_operand;
  332. case 0x8e:
  333. if (m_reg == 1 || m_reg > 5)
  334. goto error_operand;
  335. else
  336. goto no_error_operand;
  337. }
  338. }
  339.  
  340. if (m_mod == 3) {
  341. uint8_t* table_end;
  342. if (hs->opcode2) {
  343. ht = hde32_table + DELTA_OP2_ONLY_MEM;
  344. table_end = ht + sizeof(hde32_table) - DELTA_OP2_ONLY_MEM;
  345. }
  346. else {
  347. ht = hde32_table + DELTA_OP_ONLY_MEM;
  348. table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM;
  349. }
  350. for (; ht != table_end; ht += 2)
  351. if (*ht++ == opcode) {
  352. if ((*ht++ & pref) && !((*ht << m_reg) & 0x80))
  353. goto error_operand;
  354. else
  355. break;
  356. }
  357. goto no_error_operand;
  358. }
  359. else if (hs->opcode2) {
  360. switch (opcode) {
  361. case 0x50: case 0xd7: case 0xf7:
  362. if (pref & (PRE_NONE | PRE_66))
  363. goto error_operand;
  364. break;
  365. case 0xd6:
  366. if (pref & (PRE_F2 | PRE_F3))
  367. goto error_operand;
  368. break;
  369. case 0xc5:
  370. goto error_operand;
  371. }
  372. goto no_error_operand;
  373. }
  374. else
  375. goto no_error_operand;
  376.  
  377. error_operand:
  378. hs->flags |= F_ERROR | F_ERROR_OPERAND;
  379. no_error_operand:
  380.  
  381. c = *p++;
  382. if (m_reg <= 1) {
  383. if (opcode == 0xf6)
  384. cflags |= C_IMM8;
  385. else if (opcode == 0xf7)
  386. cflags |= C_IMM_P66;
  387. }
  388.  
  389. switch (m_mod) {
  390. case 0:
  391. if (pref & PRE_67) {
  392. if (m_rm == 6)
  393. disp_size = 2;
  394. }
  395. else
  396. if (m_rm == 5)
  397. disp_size = 4;
  398. break;
  399. case 1:
  400. disp_size = 1;
  401. break;
  402. case 2:
  403. disp_size = 2;
  404. if (!(pref & PRE_67))
  405. disp_size <<= 1;
  406. break;
  407. }
  408.  
  409. if (m_mod != 3 && m_rm == 4 && !(pref & PRE_67)) {
  410. hs->flags |= F_SIB;
  411. p++;
  412. hs->sib = c;
  413. hs->sib_scale = c >> 6;
  414. hs->sib_index = (c & 0x3f) >> 3;
  415. if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1))
  416. disp_size = 4;
  417. }
  418.  
  419. p--;
  420. switch (disp_size) {
  421. case 1:
  422. hs->flags |= F_DISP8;
  423. hs->disp.disp8 = *p;
  424. break;
  425. case 2:
  426. hs->flags |= F_DISP16;
  427. hs->disp.disp16 = *(uint16_t*)p;
  428. break;
  429. case 4:
  430. hs->flags |= F_DISP32;
  431. hs->disp.disp32 = *(uint32_t*)p;
  432. break;
  433. }
  434. p += disp_size;
  435. }
  436. else if (pref & PRE_LOCK)
  437. hs->flags |= F_ERROR | F_ERROR_LOCK;
  438.  
  439. if (cflags & C_IMM_P66) {
  440. if (cflags & C_REL32) {
  441. if (pref & PRE_66) {
  442. hs->flags |= F_IMM16 | F_RELATIVE;
  443. hs->imm.imm16 = *(uint16_t*)p;
  444. p += 2;
  445. goto disasm_done;
  446. }
  447. goto rel32_ok;
  448. }
  449. if (pref & PRE_66) {
  450. hs->flags |= F_IMM16;
  451. hs->imm.imm16 = *(uint16_t*)p;
  452. p += 2;
  453. }
  454. else {
  455. hs->flags |= F_IMM32;
  456. hs->imm.imm32 = *(uint32_t*)p;
  457. p += 4;
  458. }
  459. }
  460.  
  461. if (cflags & C_IMM16) {
  462. if (hs->flags & F_IMM32) {
  463. hs->flags |= F_IMM16;
  464. hs->disp.disp16 = *(uint16_t*)p;
  465. }
  466. else if (hs->flags & F_IMM16) {
  467. hs->flags |= F_2IMM16;
  468. hs->disp.disp16 = *(uint16_t*)p;
  469. }
  470. else {
  471. hs->flags |= F_IMM16;
  472. hs->imm.imm16 = *(uint16_t*)p;
  473. }
  474. p += 2;
  475. }
  476. if (cflags & C_IMM8) {
  477. hs->flags |= F_IMM8;
  478. hs->imm.imm8 = *p++;
  479. }
  480.  
  481. if (cflags & C_REL32) {
  482. rel32_ok:
  483. hs->flags |= F_IMM32 | F_RELATIVE;
  484. hs->imm.imm32 = *(uint32_t*)p;
  485. p += 4;
  486. }
  487. else if (cflags & C_REL8) {
  488. hs->flags |= F_IMM8 | F_RELATIVE;
  489. hs->imm.imm8 = *p++;
  490. }
  491.  
  492. disasm_done:
  493.  
  494. if ((hs->len = (uint8_t)(p - (uint8_t*)code)) > 15) {
  495. hs->flags |= F_ERROR | F_ERROR_LENGTH;
  496. hs->len = 15;
  497. }
  498.  
  499. return (unsigned int)hs->len;
  500. }
  501.  
  502.  
  503. //-------------------------------------------------
  504.  
  505.  
  506. class Ret
  507. {
  508. public:
  509. template<typename T>
  510. static T unprotect(BYTE* funcaddr)
  511. {
  512. static int total_alloc;
  513. static std::map<DWORD, DWORD> cache;
  514. try
  515. {
  516. DWORD& cached_func = cache.at((DWORD)funcaddr);
  517. return (T)(cached_func);
  518. }
  519. catch (std::out_of_range&) {} //cache miss, do nothing and continue
  520.  
  521. DWORD func_size = get_func_end(funcaddr) - funcaddr;
  522. total_alloc += func_size;
  523. if (total_alloc > max_alloc)
  524. return (T)(funcaddr); //failsafe, using too much memory (over 1MB)
  525.  
  526. void* new_func = VirtualAlloc(NULL, func_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  527. if (new_func == NULL)
  528. return (T)(funcaddr); //alloc failed
  529.  
  530. memcpy(new_func, funcaddr, func_size);
  531. cache.emplace((DWORD)funcaddr, (DWORD)new_func);
  532.  
  533. if (disable_retcheck((DWORD)new_func, func_size))
  534. {
  535. fix_calls((DWORD)new_func, (DWORD)funcaddr, func_size);
  536. return (T)(new_func);
  537. }
  538.  
  539. //no retcheck was found, abort
  540. VirtualFree(new_func, func_size, MEM_RELEASE);
  541. return (T)(funcaddr);
  542. }
  543.  
  544. private:
  545. static const int max_alloc = 1024 * 1024;
  546.  
  547. static bool is_prolog(BYTE* addr)
  548. {
  549. return addr[0] == 0x55 && addr[1] == 0x8B && addr[2] == 0xEC;
  550. }
  551.  
  552. static BYTE* get_func_end(BYTE* funcaddr) //terrible
  553. {
  554. BYTE* addr = funcaddr;
  555. do
  556. {
  557. addr += 0x10;
  558. } while (!is_prolog(addr));
  559. return addr;
  560. }
  561.  
  562. static bool disable_retcheck(DWORD new_func, DWORD func_len)
  563. {
  564. bool has_retcheck = false;
  565. DWORD disasm_ptr = new_func;
  566. while (disasm_ptr - new_func < func_len)
  567. {
  568. hde32s disasm = { 0 };
  569. hde32_disasm((void*)disasm_ptr, &disasm);
  570. if (disasm.opcode == 0x3B) //CMP
  571. {
  572. DWORD ptr = disasm.disp.disp32;
  573. if (ptr > 0xFF)
  574. {
  575. memcpy((void*)(disasm_ptr), "\xF9\x90\x90\x90\x90\x90", 6); //setc nop nop nop nop nop
  576. has_retcheck = true;
  577. }
  578. }
  579. disasm_ptr += disasm.len;
  580. }
  581. return has_retcheck;
  582. }
  583.  
  584. static void fix_calls(DWORD new_func, DWORD orig_func, DWORD func_len)
  585. {
  586. DWORD disasm_ptr = new_func;
  587. while (disasm_ptr - new_func < func_len)
  588. {
  589. hde32s disasm = { 0 };
  590. hde32_disasm((void*)disasm_ptr, &disasm);
  591. if (disasm.opcode == 0xE8) //CALL
  592. {
  593. DWORD rel_addr = disasm.imm.imm32;
  594. DWORD orig_call_instr = orig_func + (disasm_ptr - new_func);
  595. DWORD orig_called_func = orig_call_instr + rel_addr + 5;
  596. if (orig_called_func % 0x10 == 0) //functions aligned to 0x10 bytes
  597. {
  598. DWORD new_called_func = unprotect<DWORD>((BYTE*)orig_called_func);
  599. DWORD new_rel_addr = new_called_func - disasm_ptr - 5;
  600. memcpy((void*)(disasm_ptr + 1), &new_rel_addr, 4);
  601. }
  602. }
  603. disasm_ptr += disasm.len;
  604. }
  605. }
  606. };
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!