Do some cleanup

This commit is contained in:
momo5502 2022-05-26 10:29:29 +02:00
parent 50ffdc3a3a
commit 59ee54ce18

View File

@ -14,7 +14,7 @@ namespace arxan
namespace namespace
{ {
const auto pseudo_steam_id = 0x1337; const auto pseudo_steam_id = 0x1337;
const auto pseudo_steam_handle = HANDLE(uint64_t(INVALID_HANDLE_VALUE) - pseudo_steam_id); const auto pseudo_steam_handle = reinterpret_cast<HANDLE>(reinterpret_cast<uint64_t>(INVALID_HANDLE_VALUE) - pseudo_steam_id);
utils::hook::detour nt_close_hook; utils::hook::detour nt_close_hook;
utils::hook::detour nt_query_system_information_hook; utils::hook::detour nt_query_system_information_hook;
@ -24,7 +24,7 @@ namespace arxan
HANDLE process_id_to_handle(const DWORD pid) HANDLE process_id_to_handle(const DWORD pid)
{ {
return HANDLE(DWORD64(pid)); return reinterpret_cast<HANDLE>(static_cast<DWORD64>(pid));
} }
void check_steam_install() void check_steam_install()
@ -163,7 +163,7 @@ namespace arxan
const auto info = reinterpret_cast<SYSTEM_PROCESS_INFORMATION*>(addr); const auto info = reinterpret_cast<SYSTEM_PROCESS_INFORMATION*>(addr);
remove_evil_keywords_from_string(info->ImageName); remove_evil_keywords_from_string(info->ImageName);
static auto our_pid = process_id_to_handle(GetCurrentProcessId()); static const auto our_pid = process_id_to_handle(GetCurrentProcessId());
if (!injected_steam && info->UniqueProcessId != our_pid) if (!injected_steam && info->UniqueProcessId != our_pid)
{ {
@ -190,9 +190,9 @@ namespace arxan
return status; return status;
} }
bool handle_steam_process(HANDLE handle, const PROCESSINFOCLASS info_class, bool handle_pseudo_steam_process(const HANDLE handle, const PROCESSINFOCLASS info_class,
const PVOID info, const PVOID info,
const ULONG info_length, const PULONG ret_length, NTSTATUS* status) const ULONG info_length, const PULONG ret_length, NTSTATUS* status)
{ {
if (handle != pseudo_steam_handle || info_class != 43) if (handle != pseudo_steam_handle || info_class != 43)
{ {
@ -229,20 +229,17 @@ namespace arxan
return true; return true;
} }
NTSTATUS WINAPI nt_query_information_process_stub(HANDLE handle, const PROCESSINFOCLASS info_class, NTSTATUS WINAPI nt_query_information_process_stub(const HANDLE handle, const PROCESSINFOCLASS info_class,
const PVOID info, const PVOID info,
const ULONG info_length, const PULONG ret_length) const ULONG info_length, const PULONG ret_length)
{ {
NTSTATUS status{0}; NTSTATUS status{0};
if (handle_steam_process(handle, info_class, info, info_length, ret_length, &status)) if (handle_pseudo_steam_process(handle, info_class, info, info_length, ret_length, &status))
{ {
return status; return status;
} }
auto* orig = static_cast<decltype(NtQueryInformationProcess)*>(nt_query_information_process_hook. status = nt_query_information_process_hook.invoke<NTSTATUS>(handle, info_class, info, info_length, ret_length);
get_original());
status = orig(handle, info_class, info, info_length, ret_length);
if (NT_SUCCESS(status)) if (NT_SUCCESS(status))
{ {
@ -282,8 +279,7 @@ namespace arxan
char info[16]; char info[16];
if (NtQueryObject(handle, OBJECT_INFORMATION_CLASS(4), &info, 2, nullptr) >= 0 && size_t(handle) != 0x12345) if (NtQueryObject(handle, OBJECT_INFORMATION_CLASS(4), &info, 2, nullptr) >= 0 && size_t(handle) != 0x12345)
{ {
auto* orig = static_cast<decltype(NtClose)*>(nt_close_hook.get_original()); return nt_close_hook.invoke<NTSTATUS>(handle);
return orig(handle);
} }
return STATUS_INVALID_HANDLE; return STATUS_INVALID_HANDLE;
@ -306,7 +302,7 @@ namespace arxan
void hide_being_debugged() void hide_being_debugged()
{ {
auto* const peb = PPEB(__readgsqword(0x60)); auto* const peb = reinterpret_cast<PPEB>(__readgsqword(0x60));
peb->BeingDebugged = false; peb->BeingDebugged = false;
*reinterpret_cast<PDWORD>(LPSTR(peb) + 0xBC) &= ~0x70; *reinterpret_cast<PDWORD>(LPSTR(peb) + 0xBC) &= ~0x70;
} }