Commit 4cef93c2 authored by SR_team's avatar SR_team 💬

Fix hook remove, remove offsetof

parent 469d7602
......@@ -136,22 +136,20 @@ namespace SRHook {
memsafe::copy( originalCode, (void *)originalAddr, size );
}
auto cpu_offset = (CPU *)( (uint32_t)this + offsetof( SRHook::Hook<Args...>, cpu ) );
// Копирование EAX в класс
pusha<uint8_t>( 0xA3, &cpu_offset->EAX );
pusha<uint8_t>( 0xA3, &cpu.EAX );
// Перемещение адреса возврата в класс (обязательно до копирования ESP)
auto ret_offset = ( (uint32_t)this + offsetof( SRHook::Hook<Args...>, retAddr ) );
pusha<uint8_t, uint8_t>( 0x58, 0xA3, ret_offset );
pusha<uint8_t, uint8_t>( 0x58, 0xA3, &retAddr );
// Копирование остальных регистров в класс
pusha<uint8_t, uint8_t>( 0x89, 0x0D, &cpu_offset->ECX );
pusha<uint8_t, uint8_t>( 0x89, 0x15, &cpu_offset->EDX );
pusha<uint8_t, uint8_t>( 0x89, 0x1D, &cpu_offset->EBX );
pusha<uint8_t, uint8_t>( 0x89, 0x25, &cpu_offset->ESP );
pusha<uint8_t, uint8_t>( 0x89, 0x2D, &cpu_offset->EBP );
pusha<uint8_t, uint8_t>( 0x89, 0x35, &cpu_offset->ESI );
pusha<uint8_t, uint8_t>( 0x89, 0x3D, &cpu_offset->EDI );
pusha<uint8_t, uint8_t>( 0x89, 0x0D, &cpu.ECX );
pusha<uint8_t, uint8_t>( 0x89, 0x15, &cpu.EDX );
pusha<uint8_t, uint8_t>( 0x89, 0x1D, &cpu.EBX );
pusha<uint8_t, uint8_t>( 0x89, 0x25, &cpu.ESP );
pusha<uint8_t, uint8_t>( 0x89, 0x2D, &cpu.EBP );
pusha<uint8_t, uint8_t>( 0x89, 0x35, &cpu.ESI );
pusha<uint8_t, uint8_t>( 0x89, 0x3D, &cpu.EDI );
// Копирование флагов в класс
pusha<uint8_t, uint8_t, uint8_t>( 0x9C, 0x58, 0xA3, &cpu_offset->EFLAGS );
pusha<uint8_t, uint8_t, uint8_t>( 0x9C, 0x58, 0xA3, &cpu.EFLAGS );
// Копирование аргументов со стека
for ( int i = sizeof...( Args ) - 1; i >= 0; --i ) {
......@@ -169,17 +167,17 @@ namespace SRHook {
pusha<uint8_t, uint8_t>( 0x0F, 0x85, 108 + size ); // jnz j_after
// Восстановление флагов из класса
pusha<uint8_t>( 0xA1, &cpu_offset->EFLAGS );
pusha<uint8_t>( 0xA1, &cpu.EFLAGS );
pusha<uint8_t, uint8_t>( 0x50, 0x9D );
// Восстановление регистров из класса
pusha<uint8_t>( 0xA1, &cpu_offset->EAX );
pusha<uint8_t, uint8_t>( 0x8B, 0x0D, &cpu_offset->ECX );
pusha<uint8_t, uint8_t>( 0x8B, 0x15, &cpu_offset->EDX );
pusha<uint8_t, uint8_t>( 0x8B, 0x1D, &cpu_offset->EBX );
pusha<uint8_t, uint8_t>( 0x8B, 0x25, &cpu_offset->ESP );
pusha<uint8_t, uint8_t>( 0x8B, 0x2D, &cpu_offset->EBP );
pusha<uint8_t, uint8_t>( 0x8B, 0x35, &cpu_offset->ESI );
pusha<uint8_t, uint8_t>( 0x8B, 0x3D, &cpu_offset->EDI );
pusha<uint8_t>( 0xA1, &cpu.EAX );
pusha<uint8_t, uint8_t>( 0x8B, 0x0D, &cpu.ECX );
pusha<uint8_t, uint8_t>( 0x8B, 0x15, &cpu.EDX );
pusha<uint8_t, uint8_t>( 0x8B, 0x1D, &cpu.EBX );
pusha<uint8_t, uint8_t>( 0x8B, 0x25, &cpu.ESP );
pusha<uint8_t, uint8_t>( 0x8B, 0x2D, &cpu.EBP );
pusha<uint8_t, uint8_t>( 0x8B, 0x35, &cpu.ESI );
pusha<uint8_t, uint8_t>( 0x8B, 0x3D, &cpu.EDI );
// оригинальный код
if ( !pushOriginal() ) {
......@@ -188,16 +186,16 @@ namespace SRHook {
}
// Копирование регистров в класс
pusha<uint8_t>( 0xA3, &cpu_offset->EAX );
pusha<uint8_t, uint8_t>( 0x89, 0x0D, &cpu_offset->ECX );
pusha<uint8_t, uint8_t>( 0x89, 0x15, &cpu_offset->EDX );
pusha<uint8_t, uint8_t>( 0x89, 0x1D, &cpu_offset->EBX );
pusha<uint8_t, uint8_t>( 0x89, 0x25, &cpu_offset->ESP );
pusha<uint8_t, uint8_t>( 0x89, 0x2D, &cpu_offset->EBP );
pusha<uint8_t, uint8_t>( 0x89, 0x35, &cpu_offset->ESI );
pusha<uint8_t, uint8_t>( 0x89, 0x3D, &cpu_offset->EDI );
pusha<uint8_t>( 0xA3, &cpu.EAX );
pusha<uint8_t, uint8_t>( 0x89, 0x0D, &cpu.ECX );
pusha<uint8_t, uint8_t>( 0x89, 0x15, &cpu.EDX );
pusha<uint8_t, uint8_t>( 0x89, 0x1D, &cpu.EBX );
pusha<uint8_t, uint8_t>( 0x89, 0x25, &cpu.ESP );
pusha<uint8_t, uint8_t>( 0x89, 0x2D, &cpu.EBP );
pusha<uint8_t, uint8_t>( 0x89, 0x35, &cpu.ESI );
pusha<uint8_t, uint8_t>( 0x89, 0x3D, &cpu.EDI );
// Копирование флагов в класс
pusha<uint8_t, uint8_t, uint8_t>( 0x9C, 0x58, 0xA3, &cpu_offset->EFLAGS );
pusha<uint8_t, uint8_t, uint8_t>( 0x9C, 0x58, 0xA3, &cpu.EFLAGS );
// j_after
// Копирование аргументов со стека
......@@ -211,24 +209,22 @@ namespace SRHook {
relAddr = getRelAddr( (size_t)code + codeLength, (size_t)fn2void( &Hook<Args...>::after ) );
pusha<uint8_t>( 0xE8, relAddr ); // call after
// j_restore
// Восстановление флагов из класса
pusha<uint8_t>( 0xA1, &cpu_offset->EFLAGS );
pusha<uint8_t>( 0xA1, &cpu.EFLAGS );
pusha<uint8_t, uint8_t>( 0x50, 0x9D );
// Восстановление регистров из класса
pusha<uint8_t, uint8_t>( 0x8B, 0x3D, &cpu_offset->EDI );
pusha<uint8_t, uint8_t>( 0x8B, 0x35, &cpu_offset->ESI );
pusha<uint8_t, uint8_t>( 0x8B, 0x2D, &cpu_offset->EBP );
pusha<uint8_t, uint8_t>( 0x8B, 0x25, &cpu_offset->ESP );
pusha<uint8_t, uint8_t>( 0x8B, 0x1D, &cpu_offset->EBX );
pusha<uint8_t, uint8_t>( 0x8B, 0x15, &cpu_offset->EDX );
pusha<uint8_t, uint8_t>( 0x8B, 0x0D, &cpu_offset->ECX );
pusha<uint8_t, uint8_t>( 0x8B, 0x3D, &cpu.EDI );
pusha<uint8_t, uint8_t>( 0x8B, 0x35, &cpu.ESI );
pusha<uint8_t, uint8_t>( 0x8B, 0x2D, &cpu.EBP );
pusha<uint8_t, uint8_t>( 0x8B, 0x25, &cpu.ESP );
pusha<uint8_t, uint8_t>( 0x8B, 0x1D, &cpu.EBX );
pusha<uint8_t, uint8_t>( 0x8B, 0x15, &cpu.EDX );
pusha<uint8_t, uint8_t>( 0x8B, 0x0D, &cpu.ECX );
// Восстановление адреса возврата из класса
ret_offset = ( (uint32_t)this + offsetof( SRHook::Hook<Args...>, retAddr ) );
pusha<uint8_t>( 0xA1, ret_offset ); // mov eax, retAddr
pusha<uint8_t>( 0xA1, &retAddr ); // mov eax, retAddr
push<uint8_t>( 0x50 ); // push eax
// Восстановление EAX из класса
pusha<uint8_t>( 0xA1, &cpu_offset->EAX );
pusha<uint8_t>( 0xA1, &cpu.EAX );
// Выход из хука
push<uint8_t>( 0xC3 ); // ret
......@@ -266,12 +262,27 @@ namespace SRHook {
codeLength = 0;
// Копирование EAX в класс
pusha<uint8_t>( 0xA3, &cpu.EAX );
// Перемещение адреса возврата в класс (обязательно до копирования ESP)
pusha<uint8_t, uint8_t>( 0x58, 0xA3, &retAddr );
// Восстановление EAX из класса
pusha<uint8_t>( 0xA1, &cpu.EAX );
// оригинальный код
if ( !pushOriginal() ) {
stage = CallingStage::wait;
return false;
}
// Копирование EAX в класс
pusha<uint8_t>( 0xA3, &cpu.EAX );
// Восстановление адреса возврата из класса
pusha<uint8_t>( 0xA1, &retAddr ); // mov eax, retAddr
push<uint8_t>( 0x50 ); // push eax
// Восстановление EAX из класса
pusha<uint8_t>( 0xA1, &cpu.EAX );
push<uint8_t>( 0xC3 ); // ret
stage = CallingStage::wait;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment