Daodan/src/Daodan_Patch.c

#include "Daodan_Patch.h"
#include "Patches/Utility.h"
#include <beaengine/BeaEngine.h>

#include <windows.h>
#include <stdlib.h>
#include <string.h>

bool DDrPatch_MakeJump(void* from, void* to)
{
        DWORD oldp;
        
        if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
        {
                *((unsigned char*)from) = 0xe9; // jmp rel32
                from = (char*)from + 1;
                *(int*)from = (unsigned int)to - (unsigned int)from - 4;
                VirtualProtect(from, 5, oldp, &oldp);
                return true;
        }
        else
                return false;
}

bool DDrPatch_MakeCall(void* from, void* to)
{
        DWORD oldp;
        
        if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
        {
                *((unsigned char*)from) = 0xe8; // call rel32
                from = (char*)from + 1;
                *(int*)from = (unsigned int)to - (unsigned int)from - 4;
                VirtualProtect(from, 5, oldp, &oldp);
                return true;
        }
        else
                return false;
}

void* DDrPatch_MakeDetour(void* from, void* to)
{
        int len = 0;

/*
        STARTUPMESSAGE("Orig before", 0);
        DDrPatch_PrintDisasm(from, 10, 0);
*/
        DISASM disasm;
        memset(&disasm, 0, sizeof(DISASM));
        disasm.EIP = (UIntPtr) from;

        char* trampoline = malloc(40);
        DDrPatch_NOOP(trampoline, 40);
        int pos = 0;
        int branches = 0;

        while (((void*)disasm.EIP - from) < 5) {
                len = Disasm(&disasm);
                if (len != UNKNOWN_OPCODE) {
                        if ((disasm.Instruction.Category & 0xffff) == CONTROL_TRANSFER) {
                                if (disasm.Prefix.Number > 0) {
                                                STARTUPMESSAGE("Detour: Branch in trampoline area from address 0x%08x with prefixes", from);
                                                return (void*)-1;
                                }
                                branches++;
                                int target = disasm.Instruction.AddrValue;
                                bool targetInTrampoline = ((void*)disasm.Instruction.AddrValue - from) < 5;
                                switch (disasm.Instruction.BranchType) {
                                        case JmpType:
                                        case CallType:
                                                if (targetInTrampoline) {
                                                        int offset = disasm.Instruction.AddrValue - disasm.EIP;
                                                        if (disasm.Instruction.BranchType == JmpType)
                                                                DDrPatch_MakeJump(&trampoline[pos], &trampoline[pos]+offset);
                                                        else
                                                                DDrPatch_MakeCall(&trampoline[pos], &trampoline[pos]+offset);
                                                } else {
                                                        if (disasm.Instruction.BranchType == JmpType)
                                                                DDrPatch_MakeJump(&trampoline[pos], (void*)target);
                                                        else
                                                                DDrPatch_MakeCall(&trampoline[pos], (void*)target);
                                                }
                                                pos += 5;
                                                break;
                                        case RetType:
                                        case JECXZ:
                                                memcpy(&trampoline[pos], (void*)disasm.EIP, len);
                                                pos += len;
                                                break;
                                        // Opcode +1
                                        case JO:
                                        case JC:
                                        case JE:
                                        case JNA:
                                        case JS:
                                        case JP:
                                        case JL:
                                        case JNG:
                                                if (targetInTrampoline) {
                                                        memcpy(&trampoline[pos], (void*)disasm.EIP, len);
                                                        pos += len;
                                                } else {
                                                        trampoline[pos++] = disasm.Instruction.Opcode + 1;
                                                        trampoline[pos++] = 5;
                                                        DDrPatch_MakeJump(&trampoline[pos], (void*)target);
                                                        pos += 5;
                                                }
                                                break;
                                        // Opcode -1
                                        case JNO:
                                        case JNC:
                                        case JNE:
                                        case JA:
                                        case JNS:
                                        case JNP:
                                        case JNL:
                                        case JG:
                                                if (targetInTrampoline) {
                                                        memcpy(&trampoline[pos], (void*)disasm.EIP, len);
                                                        pos += len;
                                                } else {
                                                        trampoline[pos++] = disasm.Instruction.Opcode - 1;
                                                        trampoline[pos++] = 5;
                                                        DDrPatch_MakeJump(&trampoline[pos], (void*)target);
                                                        pos += 5;
                                                }
                                                break;
                                        default:
                                                STARTUPMESSAGE("Detour: Unknown branch in trampoline area from address 0x%08x", from);
                                                return (void*)-1;
                                }
                        } else {
                                memcpy(&trampoline[pos], (void*)disasm.EIP, len);
                                pos += len;
                        }
                        disasm.EIP += (UIntPtr)len;
                }
                else {
                        STARTUPMESSAGE("Detour: Unknown opcode in trampoline area from address 0x%08x", from);
                        return (void*)-1;
                }
        }

        if (branches > 1) {
                STARTUPMESSAGE("Detour: Too many branches in trampoline'd code from address 0x%08x: %d", from, branches);
                return (void*)-1;
        }


        DDrPatch_MakeJump(&trampoline[pos], (void*)disasm.EIP);
        DDrPatch_NOOP(from, (void*)disasm.EIP - from);

        DWORD oldp;
        if (!VirtualProtect(trampoline, 40, PAGE_EXECUTE_READWRITE, &oldp)) {
                STARTUPMESSAGE("Detour: Could not mark page for trampoline as executable: from address 0x%08x", from);
                return (void*)-1;
        }
        DDrPatch_MakeJump(from, to);

/*
        STARTUPMESSAGE("Trampoline", 0);
        DDrPatch_PrintDisasm(trampoline, 10, 6);

        STARTUPMESSAGE("Orig after", 0);
        DDrPatch_PrintDisasm(disasm.EIP, 7, 0);

        STARTUPMESSAGE("Orig start after", 0);
        DDrPatch_PrintDisasm(from, 3, 6);
*/
        return trampoline;
}

bool DDrPatch_String(char* dest, const unsigned char* string, int length)
{
        DWORD oldp;
        
        if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
        {
                memcpy(dest, string, length);
                VirtualProtect(dest, length, oldp, &oldp);
                return true;
        }
        else
                return false;
}

bool DDrPatch_Byte(char* dest, unsigned char value)
{
        DWORD oldp;
        
        if (VirtualProtect(dest, 1, PAGE_EXECUTE_READWRITE, &oldp))
        {
                *dest = value;
                VirtualProtect(dest, 1, oldp, &oldp);
                return true;
        }
        else
                return false;
}

bool DDrPatch_Int32(int* dest, unsigned int value)
{
        DWORD oldp;
        
        if (VirtualProtect(dest, 4, PAGE_EXECUTE_READWRITE, &oldp))
        {
                *dest = value;
                VirtualProtect(dest, 4, oldp, &oldp);
                return true;
        }
        else
                return false;
}

bool DDrPatch_Int16(short* dest, unsigned short value)
{
        DWORD oldp;
        
        if (VirtualProtect(dest, 2, PAGE_EXECUTE_READWRITE, &oldp))
        {
                *dest = value;
                VirtualProtect(dest, 2, oldp, &oldp);
                return true;
        }
        else
                return false;
}

bool DDrPatch_NOOP(char* dest, unsigned int length)
{
        DWORD oldp;
        
        if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
        {
                memset(dest, 0x90, length);
                VirtualProtect(dest, length, oldp, &oldp);
                return true;
        }
        else
                return false;
}


void DDrPatch_PrintDisasm(void* addr, int instLimit, int sizeLimit)
{
        DISASM MyDisasm;
        int len = 0;
        int size = 0;
        int i = 0;

        memset(&MyDisasm, 0, sizeof(DISASM));

        MyDisasm.EIP = (UIntPtr) addr;

        STARTUPMESSAGE("", 0);
        STARTUPMESSAGE("Disassembly @ 0x%06x", addr);

        if (sizeLimit <= 0)
                sizeLimit = 20 * instLimit;

        while ((i < instLimit) && (size < sizeLimit)) {
                len = Disasm(&MyDisasm);
                if (len != UNKNOWN_OPCODE) {
                        size += len;
                        STARTUPMESSAGE("    %s, Opcode: 0x%x, len: %d, branch: %d, to: 0x%06x", MyDisasm.CompleteInstr, MyDisasm.Instruction.Opcode, len, MyDisasm.Instruction.BranchType, MyDisasm.Instruction.AddrValue);
                        STARTUPMESSAGE("          Cat: 0x%04x, prefix count: %d", MyDisasm.Instruction.Category & 0xffff, MyDisasm.Prefix.Number );

                        MyDisasm.EIP += (UIntPtr)len;
                        i++;
                }
        };

        STARTUPMESSAGE("", 0);
}

Revision:	995
Committed:	Wed Apr 9 00:10:18 2014 UTC (11 years, 6 months ago) by alloc
Content type:	text/x-csrc
File size:	6776 byte(s)
Log Message:	Daodan: Revamped some code, added quite a few comments to patches, updated options/patches names and descriptions
#	Content
1	#include "Daodan_Patch.h"
2	#include "Patches/Utility.h"
3	#include <beaengine/BeaEngine.h>
4
5	#include <windows.h>
6	#include <stdlib.h>
7	#include <string.h>
8
9	bool DDrPatch_MakeJump(void* from, void* to)
10	{
11	DWORD oldp;
12
13	if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
14	{
15	((unsigned char)from) = 0xe9; // jmp rel32
16	from = (char*)from + 1;
17	(int)from = (unsigned int)to - (unsigned int)from - 4;
18	VirtualProtect(from, 5, oldp, &oldp);
19	return true;
20	}
21	else
22	return false;
23	}
24
25	bool DDrPatch_MakeCall(void* from, void* to)
26	{
27	DWORD oldp;
28
29	if (VirtualProtect(from, 5, PAGE_EXECUTE_READWRITE, &oldp))
30	{
31	((unsigned char)from) = 0xe8; // call rel32
32	from = (char*)from + 1;
33	(int)from = (unsigned int)to - (unsigned int)from - 4;
34	VirtualProtect(from, 5, oldp, &oldp);
35	return true;
36	}
37	else
38	return false;
39	}
40
41	void* DDrPatch_MakeDetour(void* from, void* to)
42	{
43	int len = 0;
44
45	/*
46	STARTUPMESSAGE("Orig before", 0);
47	DDrPatch_PrintDisasm(from, 10, 0);
48	*/
49	DISASM disasm;
50	memset(&disasm, 0, sizeof(DISASM));
51	disasm.EIP = (UIntPtr) from;
52
53	char* trampoline = malloc(40);
54	DDrPatch_NOOP(trampoline, 40);
55	int pos = 0;
56	int branches = 0;
57
58	while (((void*)disasm.EIP - from) < 5) {
59	len = Disasm(&disasm);
60	if (len != UNKNOWN_OPCODE) {
61	if ((disasm.Instruction.Category & 0xffff) == CONTROL_TRANSFER) {
62	if (disasm.Prefix.Number > 0) {
63	STARTUPMESSAGE("Detour: Branch in trampoline area from address 0x%08x with prefixes", from);
64	return (void*)-1;
65	}
66	branches++;
67	int target = disasm.Instruction.AddrValue;
68	bool targetInTrampoline = ((void*)disasm.Instruction.AddrValue - from) < 5;
69	switch (disasm.Instruction.BranchType) {
70	case JmpType:
71	case CallType:
72	if (targetInTrampoline) {
73	int offset = disasm.Instruction.AddrValue - disasm.EIP;
74	if (disasm.Instruction.BranchType == JmpType)
75	DDrPatch_MakeJump(&trampoline[pos], &trampoline[pos]+offset);
76	else
77	DDrPatch_MakeCall(&trampoline[pos], &trampoline[pos]+offset);
78	} else {
79	if (disasm.Instruction.BranchType == JmpType)
80	DDrPatch_MakeJump(&trampoline[pos], (void*)target);
81	else
82	DDrPatch_MakeCall(&trampoline[pos], (void*)target);
83	}
84	pos += 5;
85	break;
86	case RetType:
87	case JECXZ:
88	memcpy(&trampoline[pos], (void*)disasm.EIP, len);
89	pos += len;
90	break;
91	// Opcode +1
92	case JO:
93	case JC:
94	case JE:
95	case JNA:
96	case JS:
97	case JP:
98	case JL:
99	case JNG:
100	if (targetInTrampoline) {
101	memcpy(&trampoline[pos], (void*)disasm.EIP, len);
102	pos += len;
103	} else {
104	trampoline[pos++] = disasm.Instruction.Opcode + 1;
105	trampoline[pos++] = 5;
106	DDrPatch_MakeJump(&trampoline[pos], (void*)target);
107	pos += 5;
108	}
109	break;
110	// Opcode -1
111	case JNO:
112	case JNC:
113	case JNE:
114	case JA:
115	case JNS:
116	case JNP:
117	case JNL:
118	case JG:
119	if (targetInTrampoline) {
120	memcpy(&trampoline[pos], (void*)disasm.EIP, len);
121	pos += len;
122	} else {
123	trampoline[pos++] = disasm.Instruction.Opcode - 1;
124	trampoline[pos++] = 5;
125	DDrPatch_MakeJump(&trampoline[pos], (void*)target);
126	pos += 5;
127	}
128	break;
129	default:
130	STARTUPMESSAGE("Detour: Unknown branch in trampoline area from address 0x%08x", from);
131	return (void*)-1;
132	}
133	} else {
134	memcpy(&trampoline[pos], (void*)disasm.EIP, len);
135	pos += len;
136	}
137	disasm.EIP += (UIntPtr)len;
138	}
139	else {
140	STARTUPMESSAGE("Detour: Unknown opcode in trampoline area from address 0x%08x", from);
141	return (void*)-1;
142	}
143	}
144
145	if (branches > 1) {
146	STARTUPMESSAGE("Detour: Too many branches in trampoline'd code from address 0x%08x: %d", from, branches);
147	return (void*)-1;
148	}
149
150
151	DDrPatch_MakeJump(&trampoline[pos], (void*)disasm.EIP);
152	DDrPatch_NOOP(from, (void*)disasm.EIP - from);
153
154	DWORD oldp;
155	if (!VirtualProtect(trampoline, 40, PAGE_EXECUTE_READWRITE, &oldp)) {
156	STARTUPMESSAGE("Detour: Could not mark page for trampoline as executable: from address 0x%08x", from);
157	return (void*)-1;
158	}
159	DDrPatch_MakeJump(from, to);
160
161	/*
162	STARTUPMESSAGE("Trampoline", 0);
163	DDrPatch_PrintDisasm(trampoline, 10, 6);
164
165	STARTUPMESSAGE("Orig after", 0);
166	DDrPatch_PrintDisasm(disasm.EIP, 7, 0);
167
168	STARTUPMESSAGE("Orig start after", 0);
169	DDrPatch_PrintDisasm(from, 3, 6);
170	*/
171	return trampoline;
172	}
173
174	bool DDrPatch_String(char* dest, const unsigned char* string, int length)
175	{
176	DWORD oldp;
177
178	if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
179	{
180	memcpy(dest, string, length);
181	VirtualProtect(dest, length, oldp, &oldp);
182	return true;
183	}
184	else
185	return false;
186	}
187
188	bool DDrPatch_Byte(char* dest, unsigned char value)
189	{
190	DWORD oldp;
191
192	if (VirtualProtect(dest, 1, PAGE_EXECUTE_READWRITE, &oldp))
193	{
194	*dest = value;
195	VirtualProtect(dest, 1, oldp, &oldp);
196	return true;
197	}
198	else
199	return false;
200	}
201
202	bool DDrPatch_Int32(int* dest, unsigned int value)
203	{
204	DWORD oldp;
205
206	if (VirtualProtect(dest, 4, PAGE_EXECUTE_READWRITE, &oldp))
207	{
208	*dest = value;
209	VirtualProtect(dest, 4, oldp, &oldp);
210	return true;
211	}
212	else
213	return false;
214	}
215
216	bool DDrPatch_Int16(short* dest, unsigned short value)
217	{
218	DWORD oldp;
219
220	if (VirtualProtect(dest, 2, PAGE_EXECUTE_READWRITE, &oldp))
221	{
222	*dest = value;
223	VirtualProtect(dest, 2, oldp, &oldp);
224	return true;
225	}
226	else
227	return false;
228	}
229
230	bool DDrPatch_NOOP(char* dest, unsigned int length)
231	{
232	DWORD oldp;
233
234	if (VirtualProtect(dest, length, PAGE_EXECUTE_READWRITE, &oldp))
235	{
236	memset(dest, 0x90, length);
237	VirtualProtect(dest, length, oldp, &oldp);
238	return true;
239	}
240	else
241	return false;
242	}
243
244
245	void DDrPatch_PrintDisasm(void* addr, int instLimit, int sizeLimit)
246	{
247	DISASM MyDisasm;
248	int len = 0;
249	int size = 0;
250	int i = 0;
251
252	memset(&MyDisasm, 0, sizeof(DISASM));
253
254	MyDisasm.EIP = (UIntPtr) addr;
255
256	STARTUPMESSAGE("", 0);
257	STARTUPMESSAGE("Disassembly @ 0x%06x", addr);
258
259	if (sizeLimit <= 0)
260	sizeLimit = 20 * instLimit;
261
262	while ((i < instLimit) && (size < sizeLimit)) {
263	len = Disasm(&MyDisasm);
264	if (len != UNKNOWN_OPCODE) {
265	size += len;
266	STARTUPMESSAGE(" %s, Opcode: 0x%x, len: %d, branch: %d, to: 0x%06x", MyDisasm.CompleteInstr, MyDisasm.Instruction.Opcode, len, MyDisasm.Instruction.BranchType, MyDisasm.Instruction.AddrValue);
267	STARTUPMESSAGE(" Cat: 0x%04x, prefix count: %d", MyDisasm.Instruction.Category & 0xffff, MyDisasm.Prefix.Number );
268
269	MyDisasm.EIP += (UIntPtr)len;
270	i++;
271	}
272	};
273
274	STARTUPMESSAGE("", 0);
275	}
276