From 3ca2c0dbec416068e6acd7bec63594e840abc28e Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Tue, 8 Nov 2022 17:58:57 +0100
Subject: [PATCH] Small cleanup and utils

---
 src/client/component/arxan.cpp           |  8 +++++---
 src/common/utils/hardware_breakpoint.cpp | 22 ++++++++++++++++++++++
 src/common/utils/hardware_breakpoint.hpp |  4 ++++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/client/component/arxan.cpp b/src/client/component/arxan.cpp
index e6dee545..06de10a1 100644
--- a/src/client/component/arxan.cpp
+++ b/src/client/component/arxan.cpp
@@ -10,8 +10,9 @@
 #include "utils/thread.hpp"
 
 #define ProcessDebugPort 7
-#define ProcessDebugObjectHandle 30 // WinXP source says 31?
-#define ProcessDebugFlags 31 // WinXP source says 32?
+#define ProcessDebugObjectHandle 30
+#define ProcessDebugFlags 31
+#define ProcessImageFileNameWin32 43
 
 namespace arxan
 {
@@ -310,7 +311,8 @@ namespace arxan
 					*static_cast<HANDLE*>(info) = nullptr;
 					return static_cast<LONG>(0xC0000353);
 				}
-				else if (info_class == ProcessImageFileName || static_cast<int>(info_class) == 43 /* ? */)
+				else if (info_class == ProcessImageFileName || static_cast<int>(info_class) ==
+					ProcessImageFileNameWin32)
 				{
 					remove_evil_keywords_from_string(*static_cast<UNICODE_STRING*>(info));
 				}
diff --git a/src/common/utils/hardware_breakpoint.cpp b/src/common/utils/hardware_breakpoint.cpp
index 8d39d7fc..035ae699 100644
--- a/src/common/utils/hardware_breakpoint.cpp
+++ b/src/common/utils/hardware_breakpoint.cpp
@@ -125,6 +125,28 @@ namespace utils::hardware_breakpoint
 		return activate(address, length, cond, context);
 	}
 
+	void deactivate_address(const uint64_t address, CONTEXT& context)
+	{
+		for (auto i = 0; i < 4; ++i)
+		{
+			if ((&context.Dr0)[i] == address)
+			{
+				deactivate(i, context);
+			}
+		}
+	}
+
+	void deactivate_address(void* address, const uint32_t thread_id)
+	{
+		return deactivate_address(reinterpret_cast<uint64_t>(address), thread_id);
+	}
+
+	void deactivate_address(const uint64_t address, const uint32_t thread_id)
+	{
+		debug_context context(thread_id);
+		deactivate_address(address, context);
+	}
+
 	void deactivate(const uint32_t index, CONTEXT& context)
 	{
 		validate_index(index);
diff --git a/src/common/utils/hardware_breakpoint.hpp b/src/common/utils/hardware_breakpoint.hpp
index 0e66f77a..b740c395 100644
--- a/src/common/utils/hardware_breakpoint.hpp
+++ b/src/common/utils/hardware_breakpoint.hpp
@@ -19,6 +19,10 @@ namespace utils::hardware_breakpoint
 	uint32_t activate(void* address, uint32_t length, condition cond, uint32_t thread_id = GetCurrentThreadId());
 	uint32_t activate(uint64_t address, uint32_t length, condition cond, uint32_t thread_id = GetCurrentThreadId());
 
+	void deactivate_address(uint64_t address, CONTEXT& context);
+	void deactivate_address(void* address, uint32_t thread_id = GetCurrentThreadId());
+	void deactivate_address(uint64_t address, uint32_t thread_id = GetCurrentThreadId());
+
 	void deactivate(uint32_t index, CONTEXT& context);
 	void deactivate(uint32_t index, uint32_t thread_id = GetCurrentThreadId());