ViewVC Help
View File | Revision Log | View Changeset | Root Listing
root/Oni2/Daodan/src/Daodan_Patch.c
Revision: 993
Committed: Sun Apr 6 17:06:02 2014 UTC (11 years, 6 months ago) by alloc
Content type: text/x-csrc
File size: 7876 byte(s)
Log Message: 
Daodan:
- Fix #74
- Fix #75
- Fix #72

File Contents

# Content
1 #include "Daodan_Patch.h"
2 #include "Daodan_Utility.h"
3 #include <beaengine/BeaEngine.h>
4
5 #include <windows.h>
6 #include <stdlib.h>
7 #include <string.h>
8
9 bool DDrPatch_MakeJump(void* from, void* to)
10 {
11 DWORD oldp;
12
13 if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
14 {
15 *((unsigned char*)from) = 0xe9; // jmp rel32
16 from = (char*)from + 1;
17 *(int*)from = (unsigned int)to - (unsigned int)from - 4;
18 VirtualProtect(from, 5, oldp, &oldp);
19 return true;
20 }
21 else
22 return false;
23 }
24
25 bool DDrPatch_MakeCall(void* from, void* to)
26 {
27 DWORD oldp;
28
29 if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
30 {
31 *((unsigned char*)from) = 0xe8; // call rel32
32 from = (char*)from + 1;
33 *(int*)from = (unsigned int)to - (unsigned int)from - 4;
34 VirtualProtect(from, 5, oldp, &oldp);
35 return true;
36 }
37 else
38 return false;
39 }
40
41 void* DDrPatch_MakeDetour(void* from, void* to)
42 {
43 int len = 0;
44 /*
45 DISASM MyDisasm;
46 int i = 0;
47 STARTUPMESSAGE("", 0);
48 STARTUPMESSAGE("", 0);
49
50 memset (&MyDisasm, 0, sizeof(DISASM));
51 MyDisasm.EIP = (UIntPtr) from;
52 i = 0;
53 STARTUPMESSAGE("Orig before @ 0x%06x", from);
54 while (i<10){
55 len = Disasm(&MyDisasm);
56 if (len != UNKNOWN_OPCODE) {
57 STARTUPMESSAGE("%s, Opcode: 0x%x, len: %d, branch: %d, to: 0x%06x", MyDisasm.CompleteInstr, MyDisasm.Instruction.Opcode, len, MyDisasm.Instruction.BranchType, MyDisasm.Instruction.AddrValue);
58 STARTUPMESSAGE(" Cat: 0x%04x, prefix count: %d", MyDisasm.Instruction.Category & 0xffff, MyDisasm.Prefix.Number );
59 MyDisasm.EIP += (UIntPtr)len;
60 i++;
61 }
62 };
63 STARTUPMESSAGE("", 0);
64 */
65
66 DISASM disasm;
67 memset(&disasm, 0, sizeof(DISASM));
68 disasm.EIP = (UIntPtr) from;
69
70 char* trampoline = malloc(40);
71 DDrPatch_NOOP(trampoline, 40);
72 int pos = 0;
73 int branches = 0;
74
75 while (((void*)disasm.EIP - from) < 5) {
76 len = Disasm(&disasm);
77 if (len != UNKNOWN_OPCODE) {
78 if ((disasm.Instruction.Category & 0xffff) == CONTROL_TRANSFER) {
79 if (disasm.Prefix.Number > 0) {
80 STARTUPMESSAGE("Detour: Branch in trampoline area from address 0x%08x with prefixes", from);
81 return (void*)-1;
82 }
83 branches++;
84 int target = disasm.Instruction.AddrValue;
85 bool targetInTrampoline = ((void*)disasm.Instruction.AddrValue - from) < 5;
86 switch (disasm.Instruction.BranchType) {
87 case JmpType:
88 case CallType:
89 if (targetInTrampoline) {
90 int offset = disasm.Instruction.AddrValue - disasm.EIP;
91 if (disasm.Instruction.BranchType == JmpType)
92 DDrPatch_MakeJump(&trampoline[pos], &trampoline[pos]+offset);
93 else
94 DDrPatch_MakeCall(&trampoline[pos], &trampoline[pos]+offset);
95 } else {
96 if (disasm.Instruction.BranchType == JmpType)
97 DDrPatch_MakeJump(&trampoline[pos], (void*)target);
98 else
99 DDrPatch_MakeCall(&trampoline[pos], (void*)target);
100 }
101 pos += 5;
102 break;
103 case RetType:
104 case JECXZ:
105 memcpy(&trampoline[pos], (void*)disasm.EIP, len);
106 pos += len;
107 break;
108 // Opcode +1
109 case JO:
110 case JC:
111 case JE:
112 case JNA:
113 case JS:
114 case JP:
115 case JL:
116 case JNG:
117 if (targetInTrampoline) {
118 memcpy(&trampoline[pos], (void*)disasm.EIP, len);
119 pos += len;
120 } else {
121 trampoline[pos++] = disasm.Instruction.Opcode + 1;
122 trampoline[pos++] = 5;
123 DDrPatch_MakeJump(&trampoline[pos], (void*)target);
124 pos += 5;
125 }
126 break;
127 // Opcode -1
128 case JNO:
129 case JNC:
130 case JNE:
131 case JA:
132 case JNS:
133 case JNP:
134 case JNL:
135 case JG:
136 if (targetInTrampoline) {
137 memcpy(&trampoline[pos], (void*)disasm.EIP, len);
138 pos += len;
139 } else {
140 trampoline[pos++] = disasm.Instruction.Opcode - 1;
141 trampoline[pos++] = 5;
142 DDrPatch_MakeJump(&trampoline[pos], (void*)target);
143 pos += 5;
144 }
145 break;
146 default:
147 STARTUPMESSAGE("Detour: Unknown branch in trampoline area from address 0x%08x", from);
148 return (void*)-1;
149 }
150 } else {
151 memcpy(&trampoline[pos], (void*)disasm.EIP, len);
152 pos += len;
153 }
154 disasm.EIP += (UIntPtr)len;
155 }
156 else {
157 STARTUPMESSAGE("Detour: Unknown opcode in trampoline area from address 0x%08x", from);
158 return (void*)-1;
159 }
160 }
161
162 if (branches > 1) {
163 STARTUPMESSAGE("Detour: Too many branches in trampoline'd code from address 0x%08x: %d", from, branches);
164 return (void*)-1;
165 }
166
167
168 DDrPatch_MakeJump(&trampoline[pos], (void*)disasm.EIP);
169 DDrPatch_NOOP(from, (void*)disasm.EIP - from);
170
171 DWORD oldp;
172 if (!VirtualProtect(trampoline, 40, PAGE_EXECUTE_READWRITE, &oldp)) {
173 STARTUPMESSAGE("Detour: Could not mark page for trampoline as executable: from address 0x%08x", from);
174 return (void*)-1;
175 }
176 DDrPatch_MakeJump(from, to);
177 /*
178 memset (&MyDisasm, 0, sizeof(DISASM));
179 MyDisasm.EIP = (UIntPtr) trampoline;
180 i = 0;
181 STARTUPMESSAGE("Trampoline @ 0x%06x", trampoline);
182 while (i<10){
183 len = Disasm(&MyDisasm);
184 if (len != UNKNOWN_OPCODE) {
185 STARTUPMESSAGE("%s", MyDisasm.CompleteInstr);
186 MyDisasm.EIP += (UIntPtr)len;
187 i++;
188 }
189 };
190 STARTUPMESSAGE("", 0);
191
192 memset (&MyDisasm, 0, sizeof(DISASM));
193 MyDisasm.EIP = disasm.EIP;
194 i = 0;
195 STARTUPMESSAGE("Orig after @ 0x%06x", disasm.EIP);
196 while (i<7){
197 len = Disasm(&MyDisasm);
198 if (len != UNKNOWN_OPCODE) {
199 STARTUPMESSAGE("%s", MyDisasm.CompleteInstr);
200 MyDisasm.EIP += (UIntPtr)len;
201 i++;
202 }
203 };
204 STARTUPMESSAGE("", 0);
205
206 memset (&MyDisasm, 0, sizeof(DISASM));
207 MyDisasm.EIP = (UIntPtr) from;
208 i = 0;
209 STARTUPMESSAGE("Orig start after @ 0x%06x", from);
210 while (i<3){
211 len = Disasm(&MyDisasm);
212 if (len != UNKNOWN_OPCODE) {
213 STARTUPMESSAGE("%s", MyDisasm.CompleteInstr);
214 MyDisasm.EIP += (UIntPtr)len;
215 i++;
216 }
217 };
218 STARTUPMESSAGE("", 0);
219 STARTUPMESSAGE("", 0);
220 STARTUPMESSAGE("", 0);
221 */
222
223 return trampoline;
224 }
225
226 bool DDrPatch_String(char* dest, const unsigned char* string, int length)
227 {
228 DWORD oldp;
229
230 if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
231 {
232 memcpy(dest, string, length);
233 VirtualProtect(dest, length, oldp, &oldp);
234 return true;
235 }
236 else
237 return false;
238 }
239
240 bool DDrPatch_Byte(char* dest, unsigned char value)
241 {
242 DWORD oldp;
243
244 if (VirtualProtect(dest, 1, PAGE_EXECUTE_READWRITE, &oldp))
245 {
246 *dest = value;
247 VirtualProtect(dest, 1, oldp, &oldp);
248 return true;
249 }
250 else
251 return false;
252 }
253
254 bool DDrPatch_Int32(int* dest, unsigned int value)
255 {
256 DWORD oldp;
257
258 if (VirtualProtect(dest, 4, PAGE_EXECUTE_READWRITE, &oldp))
259 {
260 *dest = value;
261 VirtualProtect(dest, 4, oldp, &oldp);
262 return true;
263 }
264 else
265 return false;
266 }
267
268 bool DDrPatch_Int16(short* dest, unsigned short value)
269 {
270 DWORD oldp;
271
272 if (VirtualProtect(dest, 2, PAGE_EXECUTE_READWRITE, &oldp))
273 {
274 *dest = value;
275 VirtualProtect(dest, 2, oldp, &oldp);
276 return true;
277 }
278 else
279 return false;
280 }
281
282 bool DDrPatch__strdup(int* dest, const char* value)
283 {
284 DWORD oldp;
285
286 if (VirtualProtect(dest, 4, PAGE_EXECUTE_READWRITE, &oldp))
287 {
288 *dest = (int)_strdup(value);
289 VirtualProtect(dest, 4, oldp, &oldp);
290 return true;
291 }
292 else
293 return false;
294 }
295
296 bool DDrPatch_NOOP(char* dest, unsigned int length)
297 {
298 DWORD oldp;
299
300 if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
301 {
302 memset(dest, 0x90, length);
303 VirtualProtect(dest, length, oldp, &oldp);
304 return true;
305 }
306 else
307 return false;
308 }