First working patch with hooking support :D

2022-09-14 20:30:10 +02:00 · 2022-09-14 20:30:10 +02:00 · 99400afa98
commit 99400afa98
parent 63d2acbde6
1 changed files with 81 additions and 46 deletions
--- a/src/client/component/arxan.cpp
+++ b/src/client/component/arxan.cpp
@ -482,6 +482,7 @@ namespace arxan
 			}
 		};

+		bool patchMode = true;
 		std::unordered_map<uint64_t, integrity_handler_data> integrity_handlers;

 		void load_handlers()
@ -686,7 +687,38 @@ namespace arxan
 				info->ContextRecord->EFlags |= 0x0100;

 				const auto data = *reinterpret_cast<uint32_t*>(info->ContextRecord->Rip);
-				if ((data & 0xFFFFFF) == 0x8A0489 && !integrity_handlers.contains(info->ContextRecord->Rip))
+				if ((data & 0xFFFFFF) == 0x8A0489)
+				{
+					auto handler = integrity_handlers.find(info->ContextRecord->Rip);
+					const auto contains = handler != integrity_handlers.end();
+
+					if (patchMode)
+					{
+						unprotect_texts();
+
+						if (!contains)
+						{
+							OutputDebugStringA("Unknown handler executed :(");
+							return EXCEPTION_CONTINUE_EXECUTION;
+						}
+
+						const auto old = info->ContextRecord->Rax;
+
+						auto h = (integrity_handler_context*)(info->ContextRecord->Rbp + handler->second.frame_offset);
+						*h->computed_checksum = *h->original_checksum;
+						info->ContextRecord->Rax = *h->original_checksum;
+
+						static bool once = false;
+						if (!once)
+						{
+							//once = true;
+							OutputDebugStringA(utils::string::va("Adjusted wrong checksum: %X -> %X (%X)", old, *h->original_checksum, handler->second.checksum));
+						}
+
+						return EXCEPTION_CONTINUE_EXECUTION;
+					}
+
+					if (!contains)
 					{
 						auto checksum = static_cast<uint32_t>(info->ContextRecord->Rax);
 						auto offset = static_cast<int64_t>(info->ContextRecord->Rcx);
@ -752,6 +784,7 @@ namespace arxan
 							write_handlers();
 						}
 					}
+				}
 				/*	OutputDebugStringA(utils::string::va("Switch at: %llX -> %llX (%llX -> %llX)", addr,
 					                                     reverse_g(addr),
 					                                     info->ContextRecord->Rip,
@ -903,6 +936,8 @@ namespace arxan
 			{
 				MessageBoxA(0, 0, 0, 0);
 				protect_texts();
+				if (patchMode)
+					utils::hook::set<uint8_t>(0x1423339C0_g, 0xC3);
 			}).detach();