Rim/t7x
Rim/t7x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Allow having IDA open

Browse Source
This commit is contained in:
momo5502 2022-05-22 15:46:30 +02:00
parent 75ed941297
commit 0dabe137cb
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/client/component/arxan.cpp
View File

@ -30,6 +30,17 @@ namespace arxan
utils::hook::detour nt_close_hook; utils::hook::detour nt_close_hook;
utils::hook::detour nt_query_information_process_hook; utils::hook::detour nt_query_information_process_hook;
utils::hook::detour create_mutex_ex_a_hook;
HANDLE create_mutex_ex_a_stub(const LPSECURITY_ATTRIBUTES attributes, const LPCSTR name, const DWORD flags, const DWORD access)
{
if (name == "$ IDA trusted_idbs"s || name == "$ IDA registry mutex $"s)
{
return nullptr;
}
return create_mutex_ex_a_hook.invoke<HANDLE>(attributes, name, flags, access);
}
NTSTATUS WINAPI nt_query_information_process_stub(const HANDLE handle, const PROCESSINFOCLASS info_class, NTSTATUS WINAPI nt_query_information_process_stub(const HANDLE handle, const PROCESSINFOCLASS info_class,
const PVOID info, const PVOID info,
@ -109,6 +120,8 @@ namespace arxan
hide_being_debugged(); hide_being_debugged();
scheduler::loop(hide_being_debugged, scheduler::pipeline::async); scheduler::loop(hide_being_debugged, scheduler::pipeline::async);
create_mutex_ex_a_hook.create(CreateMutexExA, create_mutex_ex_a_stub);
const utils::nt::library ntdll("ntdll.dll"); const utils::nt::library ntdll("ntdll.dll");
nt_close_hook.create(ntdll.get_proc<void*>("NtClose"), nt_close_stub); nt_close_hook.create(ntdll.get_proc<void*>("NtClose"), nt_close_stub);
nt_query_information_process_hook.create(ntdll.get_proc<void*>("NtQueryInformationProcess"), nt_query_information_process_hook.create(ntdll.get_proc<void*>("NtQueryInformationProcess"),