Rim/t7x
Rim/t7x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Small cleanup and utils

Browse Source
This commit is contained in:
momo5502 2022-11-08 17:58:57 +01:00
parent 3fce9f6fdd
commit 3ca2c0dbec
3 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/client/component/arxan.cpp
View File

@ -10,8 +10,9 @@
#include "utils/thread.hpp"
#define ProcessDebugPort 7
#define ProcessDebugObjectHandle 30 // WinXP source says 31?
#define ProcessDebugFlags 31 // WinXP source says 32?
#define ProcessDebugObjectHandle 30
#define ProcessDebugFlags 31
#define ProcessImageFileNameWin32 43
namespace arxan
{
@ -310,7 +311,8 @@ namespace arxan
*static_cast<HANDLE*>(info) = nullptr;
return static_cast<LONG>(0xC0000353);
}
else if (info_class == ProcessImageFileName || static_cast<int>(info_class) == 43 /* ? */)
else if (info_class == ProcessImageFileName || static_cast<int>(info_class) ==
ProcessImageFileNameWin32)
{
remove_evil_keywords_from_string(*static_cast<UNICODE_STRING*>(info));
}

22
src/common/utils/hardware_breakpoint.cpp
View File

@ -125,6 +125,28 @@ namespace utils::hardware_breakpoint
return activate(address, length, cond, context);
}
void deactivate_address(const uint64_t address, CONTEXT& context)
{
for (auto i = 0; i < 4; ++i)
{
if ((&context.Dr0)[i] == address)
{
deactivate(i, context);
}
}
}
void deactivate_address(void* address, const uint32_t thread_id)
{
return deactivate_address(reinterpret_cast<uint64_t>(address), thread_id);
}
void deactivate_address(const uint64_t address, const uint32_t thread_id)
{
debug_context context(thread_id);
deactivate_address(address, context);
}
void deactivate(const uint32_t index, CONTEXT& context)
{
validate_index(index);

4
src/common/utils/hardware_breakpoint.hpp
View File

@ -19,6 +19,10 @@ namespace utils::hardware_breakpoint
uint32_t activate(void* address, uint32_t length, condition cond, uint32_t thread_id = GetCurrentThreadId());
uint32_t activate(uint64_t address, uint32_t length, condition cond, uint32_t thread_id = GetCurrentThreadId());
void deactivate_address(uint64_t address, CONTEXT& context);
void deactivate_address(void* address, uint32_t thread_id = GetCurrentThreadId());
void deactivate_address(uint64_t address, uint32_t thread_id = GetCurrentThreadId());
void deactivate(uint32_t index, CONTEXT& context);
void deactivate(uint32_t index, uint32_t thread_id = GetCurrentThreadId());