API tools faq
paste
Advertisement
CracksStuff

retcheck bypass fixed

CracksStuff
Sep 17th, 2019
204
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 14.62 KB | None | 0 0
raw download clone embed print report
  1. // again fixed retcheck
  2. // might have some issues
  3.  
  4. #pragma once
  5.  
  6. #include <Windows.h>
  7. #include <map>
  8.  
  9. #include <string.h>
  10. #include <stdint.h>
  11.  
  12. #define F_MODRM         0x00000001
  13. #define F_SIB           0x00000002
  14. #define F_IMM8          0x00000004
  15. #define F_IMM16         0x00000008
  16. #define F_IMM32         0x00000010
  17. #define F_DISP8         0x00000020
  18. #define F_DISP16        0x00000040
  19. #define F_DISP32        0x00000080
  20. #define F_RELATIVE      0x00000100
  21. #define F_2IMM16        0x00000800
  22. #define F_ERROR         0x00001000
  23. #define F_ERROR_OPCODE  0x00002000
  24. #define F_ERROR_LENGTH  0x00004000
  25. #define F_ERROR_LOCK    0x00008000
  26. #define F_ERROR_OPERAND 0x00010000
  27. #define F_PREFIX_REPNZ  0x01000000
  28. #define F_PREFIX_REPX   0x02000000
  29. #define F_PREFIX_REP    0x03000000
  30. #define F_PREFIX_66     0x04000000
  31. #define F_PREFIX_67     0x08000000
  32. #define F_PREFIX_LOCK   0x10000000
  33. #define F_PREFIX_SEG    0x20000000
  34. #define F_PREFIX_ANY    0x3f000000
  35.  
  36. #define PREFIX_SEGMENT_CS   0x2e
  37. #define PREFIX_SEGMENT_SS   0x36
  38. #define PREFIX_SEGMENT_DS   0x3e
  39. #define PREFIX_SEGMENT_ES   0x26
  40. #define PREFIX_SEGMENT_FS   0x64
  41. #define PREFIX_SEGMENT_GS   0x65
  42. #define PREFIX_LOCK         0xf0
  43. #define PREFIX_REPNZ        0xf2
  44. #define PREFIX_REPX         0xf3
  45. #define PREFIX_OPERAND_SIZE 0x66
  46. #define PREFIX_ADDRESS_SIZE 0x67
  47.  
  48. #pragma pack(push,1)
  49.  
  50. typedef struct {
  51.     uint8_t len;
  52.     uint8_t p_rep;
  53.     uint8_t p_lock;
  54.     uint8_t p_seg;
  55.     uint8_t p_66;
  56.     uint8_t p_67;
  57.     uint8_t opcode;
  58.     uint8_t opcode2;
  59.     uint8_t modrm;
  60.     uint8_t modrm_mod;
  61.     uint8_t modrm_reg;
  62.     uint8_t modrm_rm;
  63.     uint8_t sib;
  64.     uint8_t sib_scale;
  65.     uint8_t sib_index;
  66.     uint8_t sib_base;
  67.     union {
  68.         uint8_t imm8;
  69.         uint16_t imm16;
  70.         uint32_t imm32;
  71.     } imm;
  72.     union {
  73.         uint8_t disp8;
  74.         uint16_t disp16;
  75.         uint32_t disp32;
  76.     } disp;
  77.     uint32_t flags;
  78. } hde32s;
  79.  
  80. #pragma pack(pop)
  81.  
  82. #ifdef __cplusplus
  83. extern "C" {
  84. #endif
  85.  
  86.     /* __cdecl */
  87.     static unsigned int hde32_disasm(const void *code, hde32s *hs);
  88.  
  89. #ifdef __cplusplus
  90. }
  91. #endif
  92.  
  93. #define C_NONE    0x00
  94. #define C_MODRM   0x01
  95. #define C_IMM8    0x02
  96. #define C_IMM16   0x04
  97. #define C_IMM_P66 0x10
  98. #define C_REL8    0x20
  99. #define C_REL32   0x40
  100. #define C_GROUP   0x80
  101. #define C_ERROR   0xff
  102.  
  103. #define PRE_ANY  0x00
  104. #define PRE_NONE 0x01
  105. #define PRE_F2   0x02
  106. #define PRE_F3   0x04
  107. #define PRE_66   0x08
  108. #define PRE_67   0x10
  109. #define PRE_LOCK 0x20
  110. #define PRE_SEG  0x40
  111. #define PRE_ALL  0xff
  112.  
  113. #define DELTA_OPCODES      0x4a
  114. #define DELTA_FPU_REG      0xf1
  115. #define DELTA_FPU_MODRM    0xf8
  116. #define DELTA_PREFIXES     0x130
  117. #define DELTA_OP_LOCK_OK   0x1a1
  118. #define DELTA_OP2_LOCK_OK  0x1b9
  119. #define DELTA_OP_ONLY_MEM  0x1cb
  120. #define DELTA_OP2_ONLY_MEM 0x1da
  121.  
  122. static unsigned char hde32_table[] = {
  123.     0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,
  124.     0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f,
  125.     0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3,
  126.     0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa,
  127.     0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90,
  128.     0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f,
  129.     0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d,
  130.     0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59,
  131.     0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,
  132.     0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0,
  133.     0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01,
  134.     0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11,
  135.     0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8,
  136.     0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca,
  137.     0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff,
  138.     0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03,
  139.     0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,
  140.     0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,
  141.     0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  142.     0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  143.     0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f,
  144.     0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a,
  145.     0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,
  146.     0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a,
  147.     0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06,
  148.     0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06,
  149.     0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
  150.     0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08,
  151.     0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,
  152.     0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,
  153.     0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,
  154.     0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,
  155.     0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,
  156.     0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,
  157.     0xe7,0x08,0x00,0xf0,0x02,0x00
  158. };
  159.  
  160.  
  161. #ifdef _MSC_VER
  162. #pragma warning(disable:4701)
  163. #endif
  164.  
  165. unsigned int hde32_disasm(const void *code, hde32s *hs)
  166. {
  167.     uint8_t x, c, *p = (uint8_t*)code, cflags, opcode, pref = 0;
  168.     uint8_t* ht = hde32_table, m_mod, m_reg, m_rm, disp_size = 0;
  169.  
  170.     memset(hs, 0, sizeof(hde32s));
  171.  
  172.     for (x = 16; x; x--)
  173.         switch (c = *p++) {
  174.         case 0xf3:
  175.             hs->p_rep = c;
  176.             pref |= PRE_F3;
  177.             break;
  178.         case 0xf2:
  179.             hs->p_rep = c;
  180.             pref |= PRE_F2;
  181.             break;
  182.         case 0xf0:
  183.             hs->p_lock = c;
  184.             pref |= PRE_LOCK;
  185.             break;
  186.         case 0x26: case 0x2e: case 0x36:
  187.         case 0x3e: case 0x64: case 0x65:
  188.             hs->p_seg = c;
  189.             pref |= PRE_SEG;
  190.             break;
  191.         case 0x66:
  192.             hs->p_66 = c;
  193.             pref |= PRE_66;
  194.             break;
  195.         case 0x67:
  196.             hs->p_67 = c;
  197.             pref |= PRE_67;
  198.             break;
  199.         default:
  200.             goto pref_done;
  201.         }
  202. pref_done:
  203.  
  204.     hs->flags = (uint32_t)pref << 23;
  205.  
  206.     if (!pref)
  207.         pref |= PRE_NONE;
  208.  
  209.     if ((hs->opcode = c) == 0x0f) {
  210.         hs->opcode2 = c = *p++;
  211.         ht += DELTA_OPCODES;
  212.     }
  213.     else if (c >= 0xa0 && c <= 0xa3) {
  214.         if (pref & PRE_67)
  215.             pref |= PRE_66;
  216.         else
  217.             pref &= ~PRE_66;
  218.     }
  219.  
  220.     opcode = c;
  221.     cflags = ht[ht[opcode / 4] + (opcode % 4)];
  222.  
  223.     if (cflags == C_ERROR) {
  224.         hs->flags |= F_ERROR | F_ERROR_OPCODE;
  225.         cflags = 0;
  226.         if ((opcode & -3) == 0x24)
  227.             cflags++;
  228.     }
  229.  
  230.     x = 0;
  231.     if (cflags & C_GROUP) {
  232.         uint16_t t;
  233.         t = *(uint16_t*)(ht + (cflags & 0x7f));
  234.         cflags = (uint8_t)t;
  235.         x = (uint8_t)(t >> 8);
  236.     }
  237.  
  238.     if (hs->opcode2) {
  239.         ht = hde32_table + DELTA_PREFIXES;
  240.         if (ht[ht[opcode / 4] + (opcode % 4)] & pref)
  241.             hs->flags |= F_ERROR | F_ERROR_OPCODE;
  242.     }
  243.  
  244.     if (cflags & C_MODRM) {
  245.         hs->flags |= F_MODRM;
  246.         hs->modrm = c = *p++;
  247.         hs->modrm_mod = m_mod = c >> 6;
  248.         hs->modrm_rm = m_rm = c & 7;
  249.         hs->modrm_reg = m_reg = (c & 0x3f) >> 3;
  250.  
  251.         if (x && ((x << m_reg) & 0x80))
  252.             hs->flags |= F_ERROR | F_ERROR_OPCODE;
  253.  
  254.         if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) {
  255.             uint8_t t = opcode - 0xd9;
  256.             if (m_mod == 3) {
  257.                 ht = hde32_table + DELTA_FPU_MODRM + t * 8;
  258.                 t = ht[m_reg] << m_rm;
  259.             }
  260.             else {
  261.                 ht = hde32_table + DELTA_FPU_REG;
  262.                 t = ht[t] << m_reg;
  263.             }
  264.             if (t & 0x80)
  265.                 hs->flags |= F_ERROR | F_ERROR_OPCODE;
  266.         }
  267.  
  268.         if (pref & PRE_LOCK) {
  269.             if (m_mod == 3) {
  270.                 hs->flags |= F_ERROR | F_ERROR_LOCK;
  271.             }
  272.             else {
  273.                 uint8_t* table_end, op = opcode;
  274.                 if (hs->opcode2) {
  275.                     ht = hde32_table + DELTA_OP2_LOCK_OK;
  276.                     table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK;
  277.                 }
  278.                 else {
  279.                     ht = hde32_table + DELTA_OP_LOCK_OK;
  280.                     table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK;
  281.                     op &= -2;
  282.                 }
  283.                 for (; ht != table_end; ht++)
  284.                     if (*ht++ == op) {
  285.                         if (!((*ht << m_reg) & 0x80))
  286.                             goto no_lock_error;
  287.                         else
  288.                             break;
  289.                     }
  290.                 hs->flags |= F_ERROR | F_ERROR_LOCK;
  291.             no_lock_error:
  292.                 ;
  293.             }
  294.         }
  295.  
  296.         if (hs->opcode2) {
  297.             switch (opcode) {
  298.             case 0x20: case 0x22:
  299.                 m_mod = 3;
  300.                 if (m_reg > 4 || m_reg == 1)
  301.                     goto error_operand;
  302.                 else
  303.                     goto no_error_operand;
  304.             case 0x21: case 0x23:
  305.                 m_mod = 3;
  306.                 if (m_reg == 4 || m_reg == 5)
  307.                     goto error_operand;
  308.                 else
  309.                     goto no_error_operand;
  310.             }
  311.         }
  312.         else {
  313.             switch (opcode) {
  314.             case 0x8c:
  315.                 if (m_reg > 5)
  316.                     goto error_operand;
  317.                 else
  318.                     goto no_error_operand;
  319.             case 0x8e:
  320.                 if (m_reg == 1 || m_reg > 5)
  321.                     goto error_operand;
  322.                 else
  323.                     goto no_error_operand;
  324.             }
  325.         }
  326.  
  327.         if (m_mod == 3) {
  328.             uint8_t* table_end;
  329.             if (hs->opcode2) {
  330.                 ht = hde32_table + DELTA_OP2_ONLY_MEM;
  331.                 table_end = ht + sizeof(hde32_table) - DELTA_OP2_ONLY_MEM;
  332.             }
  333.             else {
  334.                 ht = hde32_table + DELTA_OP_ONLY_MEM;
  335.                 table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM;
  336.             }
  337.             for (; ht != table_end; ht += 2)
  338.                 if (*ht++ == opcode) {
  339.                     if ((*ht++ & pref) && !((*ht << m_reg) & 0x80))
  340.                         goto error_operand;
  341.                     else
  342.                         break;
  343.                 }
  344.             goto no_error_operand;
  345.         }
  346.         else if (hs->opcode2) {
  347.             switch (opcode) {
  348.             case 0x50: case 0xd7: case 0xf7:
  349.                 if (pref & (PRE_NONE | PRE_66))
  350.                     goto error_operand;
  351.                 break;
  352.             case 0xd6:
  353.                 if (pref & (PRE_F2 | PRE_F3))
  354.                     goto error_operand;
  355.                 break;
  356.             case 0xc5:
  357.                 goto error_operand;
  358.             }
  359.             goto no_error_operand;
  360.         }
  361.         else
  362.             goto no_error_operand;
  363.  
  364.     error_operand:
  365.         hs->flags |= F_ERROR | F_ERROR_OPERAND;
  366.     no_error_operand:
  367.  
  368.         c = *p++;
  369.         if (m_reg <= 1) {
  370.             if (opcode == 0xf6)
  371.                 cflags |= C_IMM8;
  372.             else if (opcode == 0xf7)
  373.                 cflags |= C_IMM_P66;
  374.         }
  375.  
  376.         switch (m_mod) {
  377.         case 0:
  378.             if (pref & PRE_67) {
  379.                 if (m_rm == 6)
  380.                     disp_size = 2;
  381.             }
  382.             else
  383.                 if (m_rm == 5)
  384.                     disp_size = 4;
  385.             break;
  386.         case 1:
  387.             disp_size = 1;
  388.             break;
  389.         case 2:
  390.             disp_size = 2;
  391.             if (!(pref & PRE_67))
  392.                 disp_size <<= 1;
  393.             break;
  394.         }
  395.  
  396.         if (m_mod != 3 && m_rm == 4 && !(pref & PRE_67)) {
  397.             hs->flags |= F_SIB;
  398.             p++;
  399.             hs->sib = c;
  400.             hs->sib_scale = c >> 6;
  401.             hs->sib_index = (c & 0x3f) >> 3;
  402.             if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1))
  403.                 disp_size = 4;
  404.         }
  405.  
  406.         p--;
  407.         switch (disp_size) {
  408.         case 1:
  409.             hs->flags |= F_DISP8;
  410.             hs->disp.disp8 = *p;
  411.             break;
  412.         case 2:
  413.             hs->flags |= F_DISP16;
  414.             hs->disp.disp16 = *(uint16_t*)p;
  415.             break;
  416.         case 4:
  417.             hs->flags |= F_DISP32;
  418.             hs->disp.disp32 = *(uint32_t*)p;
  419.             break;
  420.         }
  421.         p += disp_size;
  422.     }
  423.     else if (pref & PRE_LOCK)
  424.         hs->flags |= F_ERROR | F_ERROR_LOCK;
  425.  
  426.     if (cflags & C_IMM_P66) {
  427.         if (cflags & C_REL32) {
  428.             if (pref & PRE_66) {
  429.                 hs->flags |= F_IMM16 | F_RELATIVE;
  430.                 hs->imm.imm16 = *(uint16_t*)p;
  431.                 p += 2;
  432.                 goto disasm_done;
  433.             }
  434.             goto rel32_ok;
  435.         }
  436.         if (pref & PRE_66) {
  437.             hs->flags |= F_IMM16;
  438.             hs->imm.imm16 = *(uint16_t*)p;
  439.             p += 2;
  440.         }
  441.         else {
  442.             hs->flags |= F_IMM32;
  443.             hs->imm.imm32 = *(uint32_t*)p;
  444.             p += 4;
  445.         }
  446.     }
  447.  
  448.     if (cflags & C_IMM16) {
  449.         if (hs->flags & F_IMM32) {
  450.             hs->flags |= F_IMM16;
  451.             hs->disp.disp16 = *(uint16_t*)p;
  452.         }
  453.         else if (hs->flags & F_IMM16) {
  454.             hs->flags |= F_2IMM16;
  455.             hs->disp.disp16 = *(uint16_t*)p;
  456.         }
  457.         else {
  458.             hs->flags |= F_IMM16;
  459.             hs->imm.imm16 = *(uint16_t*)p;
  460.         }
  461.         p += 2;
  462.     }
  463.     if (cflags & C_IMM8) {
  464.         hs->flags |= F_IMM8;
  465.         hs->imm.imm8 = *p++;
  466.     }
  467.  
  468.     if (cflags & C_REL32) {
  469.     rel32_ok:
  470.         hs->flags |= F_IMM32 | F_RELATIVE;
  471.         hs->imm.imm32 = *(uint32_t*)p;
  472.         p += 4;
  473.     }
  474.     else if (cflags & C_REL8) {
  475.         hs->flags |= F_IMM8 | F_RELATIVE;
  476.         hs->imm.imm8 = *p++;
  477.     }
  478.  
  479. disasm_done:
  480.  
  481.     if ((hs->len = (uint8_t)(p - (uint8_t*)code)) > 15) {
  482.         hs->flags |= F_ERROR | F_ERROR_LENGTH;
  483.         hs->len = 15;
  484.     }
  485.  
  486.     return (unsigned int)hs->len;
  487. }
  488.  
  489.  
  490. //-------------------------------------------------
  491.  
  492.  
  493. class Ret
  494. {
  495. public:
  496.     template<typename T>
  497.     static T unprotect(BYTE* funcaddr)
  498.     {
  499.         static int total_alloc;
  500.         static std::map<DWORD, DWORD> cache;
  501.         try
  502.         {
  503.             DWORD& cached_func = cache.at((DWORD)funcaddr);
  504.             return (T)(cached_func);
  505.         }
  506.         catch (std::out_of_range&) {} //cache miss, do nothing and continue
  507.  
  508.         DWORD func_size = get_func_end(funcaddr) - funcaddr;
  509.         total_alloc += func_size;
  510.         if (total_alloc > max_alloc)
  511.             return (T)(funcaddr); //failsafe, using too much memory (over 1MB)
  512.  
  513.         void* new_func = VirtualAlloc(NULL, func_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  514.         if (new_func == NULL)
  515.             return (T)(funcaddr); //alloc failed
  516.  
  517.         memcpy(new_func, funcaddr, func_size);
  518.         cache.emplace((DWORD)funcaddr, (DWORD)new_func);
  519.  
  520.         if (disable_retcheck((DWORD)new_func, func_size))
  521.         {
  522.             fix_calls((DWORD)new_func, (DWORD)funcaddr, func_size);
  523.             return (T)(new_func);
  524.         }
  525.  
  526.         //no retcheck was found, abort
  527.         VirtualFree(new_func, func_size, MEM_RELEASE);
  528.         return (T)(funcaddr);
  529.     }
  530.  
  531. private:
  532.     static const int max_alloc = 1024 * 1024;
  533.  
  534.     static bool is_prolog(BYTE* addr)
  535.     {
  536.         return addr[0] == 0x55 && addr[1] == 0x8B && addr[2] == 0xEC;
  537.     }
  538.  
  539.     static BYTE* get_func_end(BYTE* funcaddr) //terrible
  540.     {
  541.         BYTE* addr = funcaddr;
  542.         do
  543.         {
  544.             addr += 0x10;
  545.         } while (!is_prolog(addr));
  546.         return addr;
  547.     }
  548.  
  549.     static bool disable_retcheck(DWORD new_func, DWORD func_len)
  550.     {
  551.         bool has_retcheck = false;
  552.         DWORD disasm_ptr = new_func;
  553.         while (disasm_ptr - new_func < func_len)
  554.         {
  555.             hde32s disasm = { 0 };
  556.             hde32_disasm((void*)disasm_ptr, &disasm);
  557.             if (disasm.opcode == 0x3B) //CMP
  558.             {
  559.                 DWORD ptr = disasm.disp.disp32;
  560.                 if (ptr > 0xFF)
  561.                 {
  562.                     memcpy((void*)(disasm_ptr), "\xF9\x90\x90\x90\x90\x90", 6); //setc nop nop nop nop nop
  563.                     has_retcheck = true;
  564.                 }
  565.             }
  566.             disasm_ptr += disasm.len;
  567.         }
  568.         return has_retcheck;
  569.     }
  570.  
  571.     static void fix_calls(DWORD new_func, DWORD orig_func, DWORD func_len)
  572.     {
  573.         DWORD disasm_ptr = new_func;
  574.         while (disasm_ptr - new_func < func_len)
  575.         {
  576.             hde32s disasm = { 0 };
  577.             hde32_disasm((void*)disasm_ptr, &disasm);
  578.             if (disasm.opcode == 0xE8) //CALL
  579.             {
  580.                 DWORD rel_addr = disasm.imm.imm32;
  581.                 DWORD orig_call_instr = orig_func + (disasm_ptr - new_func);
  582.                 DWORD orig_called_func = orig_call_instr + rel_addr + 5;
  583.                 if (orig_called_func % 0x10 == 0) //functions aligned to 0x10 bytes
  584.                 {
  585.                     DWORD new_called_func = unprotect<DWORD>((BYTE*)orig_called_func);
  586.                     DWORD new_rel_addr = new_called_func - disasm_ptr - 5;
  587.                     memcpy((void*)(disasm_ptr + 1), &new_rel_addr, 4);
  588.                 }
  589.             }
  590.             disasm_ptr += disasm.len;
  591.         }
  592.     }
  593. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!