Patcher added

Vicshann · Apr 25, 2018 · 8790a32 · 8790a32
1 parent 9f8e28e
commit 8790a32
Show file tree

Hide file tree

Showing 21 changed files with 1,182 additions and 241 deletions.
diff --git a/BdsCompat.hpp b/BdsCompat.hpp
@@ -37,6 +37,8 @@
 // ArgA: EAX
 // RetAddr
 //---------------------------------------------------------------------------
+namespace BDS
+{
 template <typename R, typename... Types> constexpr int GetArgCount( R(*f)(Types ...) ){ return sizeof...(Types); }   // GetArgCount( R(*f)(Types ...) )
 
 
@@ -50,9 +52,9 @@ template <typename Ret, typename... Args> struct CountArgs<Ret(Args...)>
 #if !defined(_AMD64_)
 //---------------------------------------------------------------------------
 // Expose a proc as a BDS fastcall (MSVC proc must be declared as '_stdcall')
-// UINT64 is two DWORDS on stack but counted as ine argument!
+// UINT64 is two DWORDS on stack but counted as one argument!
 //
-#define BDSWRAP(proc) &BdsFWrap<proc, GetArgCount(proc)>      // There is some problem with GetArgCount !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#define BDSWRAP(proc) &BDS::BdsFWrap<proc, BDS::GetArgCount(proc)>      // There is some problem with GetArgCount !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 template<void* WProc, int Args> PVOID _stdcall BdsFWrap(void)   // [EAX,EDX,ECX,...] [EAX,EDX,ECX] [EAX,EDX] [EAX] []   // Use of specialization for 1 and 2 arg variants is somehow possible?
 {
  static const PVOID Addr = WProc;         // Can`t be taken by an assembler code directly(Results in Null)
@@ -153,15 +155,32 @@ static inline double UnixToDateTime(__int64 USec)
  return ((double)USec / 86400.0) + UnixStartDate;
 }
 
-static inline double _stdcall Delphi_Now(void)
+static inline double Delphi_Now(void)
 {
  return UnixToDateTime(GetTime64(true));
 }
 //---------------------------------------------------------------------------
+static inline UINT& __fastcall RndGenSeed(void)
+{
+ static UINT Seed = 0;
+ return Seed; 
+}
+//---------------------------------------------------------------------------
+static inline void __fastcall DelphiRndSeed(UINT a1)
+{
+ RndGenSeed() = a1;
+}
+//------------------------------------------------------------------------------------------------------------
+static inline int __fastcall DelphiRandom(UINT a1)
+{
+ RndGenSeed() = 0x8088405 * RndGenSeed() + 1;
+ return (RndGenSeed() * (UINT64)a1) >> 32;
+}
+//------------------------------------------------------------------------------------------------------------
 
 
 //---------------------------------------------------------------------------
-
+};
 #pragma warning(pop)
 
 //====================================================================================

diff --git a/CompileTime.hpp b/CompileTime.hpp
@@ -73,7 +73,8 @@ template <typename C, UINT32... Idx> struct ctStrHldr<C,ctCplIndexList<Idx...> >
  constexpr __forceinline ctStrHldr(const C* const Str) : Array{ Str[Idx]... } {}  // Compile-time constructor  
 
  constexpr __forceinline UINT Size(void){return (sizeof...(Idx));}
- constexpr __forceinline C* Value(void){return (C*)&this->Array;}
+ constexpr __forceinline C* Value(void){return (C*)&this->Array;}   
+ constexpr __forceinline C* Decrypt(void){return (C*)&this->Array;}  
  constexpr __forceinline operator   const C*()    {return this->Array;}
 };
 //------------------------------------------------------------------------------

diff --git a/Crc32.h → Crc32.hpp b/Crc32.h → Crc32.hpp
diff --git a/UsbDevEmul.h → DevEmulHlp.hpp b/UsbDevEmul.h → DevEmulHlp.hpp
@@ -23,10 +23,11 @@
 #include <initguid.h>
 
 //====================================================================================
-struct CUsbDevEmul
+struct CDevEmulHlp
 {
- HDEVINFO hCurUsbDevInf;  
- int  UsbDevInfoIdx; 
+ HDEVINFO hCurDevInf;  
+ PVOID LstFakeIntfDataPtr;        // PSP_DEVICE_INTERFACE_DATA
+// int  UsbDevInfoIdx;    // Useless? // Just use a first fail if 'MemberIndex'
  BYTE DevPathStr[99];       
  BYTE ClassGuidA[16];     // Device setup class GUID (For SetupDiGetClassDevs)         
  BYTE ClassGuidB[16];     // The GUID of the device's setup class (For ProcSetupDiEnumDeviceInfo)         
@@ -35,79 +36,86 @@ struct CUsbDevEmul
 public:
 void Initialize(LPSTR DevPath, PBYTE GClassA, PBYTE GClassB, PBYTE GFake)
 {
- memset(this,0,sizeof(CUsbDevEmul));
+ memset(this,0,sizeof(CDevEmulHlp));
  memcpy(&this->ClassGuidA,GClassA,16);
  memcpy(&this->ClassGuidB,GClassB,16);
  memcpy(&this->FakeGuid,GFake,16);
  lstrcpyn((LPSTR)&this->DevPathStr,DevPath,90);
- this->UsbDevInfoIdx = -1;
+// this->UsbDevInfoIdx = -1;
 }
 //---------------------------------------------------
-bool After_SetupDiGetClassDevs(GUID *ClassGuid, HDEVINFO DInf)
+int After_SetupDiGetClassDevs(GUID *ClassGuid, HDEVINFO DInf)
 {
- if(!DInf || !ClassGuid || (memcmp(ClassGuid,&this->ClassGuidA,sizeof(GUID))!=0))return false;
- LOGMSG("UsbDev Class is found: %p",DInf); 
- this->hCurUsbDevInf = DInf; 
- this->UsbDevInfoIdx = -1;
- return true;
+ if(!DInf || !ClassGuid || (memcmp(ClassGuid,&this->ClassGuidA,sizeof(GUID))!=0))return 0;
+ LOGMSG("Device Class is found: %p",DInf); 
+ this->hCurDevInf = DInf; 
+// this->UsbDevInfoIdx = -1;  // Reset index in case a new device has been connected
+ return 1;
 }
 //---------------------------------------------------
-int After_SetupDiEnumDeviceInfo(HDEVINFO DeviceInfoSet, DWORD MemberIndex, PSP_DEVINFO_DATA DeviceInfoData, int* Res)
+int After_SetupDiEnumDeviceInfo(HDEVINFO DeviceInfoSet, DWORD MemberIndex, PSP_DEVINFO_DATA DeviceInfoData, int* Res)   // Fake device at first failed MemberIndex
 {
  int LastErr = GetLastError();
- LOGMSG("Result=%u, UsbDevInfoIdx=%i, MemberIndex=%i, DeviceInfoSet=%p, hCurUsbDevInf=%p",Res,this->UsbDevInfoIdx,MemberIndex,DeviceInfoSet,this->hCurUsbDevInf);
- if(*Res && this->hCurUsbDevInf)
+ LOGMSG("Result=%u, UsbDevInfoIdx=%i, MemberIndex=%i, DeviceInfoSet=%p, hCurDevInf=%p",*Res,/*this->UsbDevInfoIdx*/0,MemberIndex,DeviceInfoSet,this->hCurDevInf);
+ if(*Res && this->hCurDevInf)
   {
-   if(memcmp(&DeviceInfoData->ClassGuid,&this->ClassGuidB,sizeof(GUID))==0){LOGMSG("Class GUID is found: %p",DeviceInfoData); this->hCurUsbDevInf = NULL;}  // A real device is present  // Abort emulation?
+   if(memcmp(&DeviceInfoData->ClassGuid,&this->ClassGuidB,sizeof(GUID))==0){LOGMSG("Class GUID is found: %p",DeviceInfoData); this->hCurDevInf = NULL;}  // A real device is present  // Abort emulation?
   } 
- if(!*Res && (this->UsbDevInfoIdx < 0) /*&& (MemberIndex < 1)*/ && (DeviceInfoSet == this->hCurUsbDevInf) && (LastErr==ERROR_NO_MORE_ITEMS))  // Set hCurUsbDevInf to NULL if a real device is found
+ if(!*Res /*&& (this->UsbDevInfoIdx < 0)*/ /*&& (MemberIndex < 1)*/ && (DeviceInfoSet == this->hCurDevInf) && (LastErr==ERROR_NO_MORE_ITEMS))  // Set hCurDevInf to NULL if a real device is found
   {
    SetLastError(0);      
    *Res = 1;
    DeviceInfoData->cbSize   = sizeof(SP_DEVINFO_DATA);
    DeviceInfoData->Reserved = 0;
    DeviceInfoData->DevInst  = NULL; 
    memcpy(&DeviceInfoData->ClassGuid,&this->ClassGuidB,sizeof(GUID));      // Make a fake record
-   this->UsbDevInfoIdx = MemberIndex;
+//   this->UsbDevInfoIdx = MemberIndex;
    LOGMSG("Set fake SP_DEVINFO_DATA: %p",DeviceInfoData); 
    return true;
   }
-// if((MemberIndex > 0)&&(this->UsbDevInfoIdx < 0)){this->hCurUsbDevInf = NULL;}    // ??????????????????????????????   
+// if((MemberIndex > 0)&&(this->UsbDevInfoIdx < 0)){this->hCurDevInf = NULL;}    // ??????????????????????????????   
  return false;
 }
 //---------------------------------------------------
-bool After_ProcSetupDiEnumDeviceInterfaces(HDEVINFO DeviceInfoSet, DWORD MemberIndex, PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, int* Res)
+int After_ProcSetupDiEnumDeviceInterfaces(HDEVINFO DeviceInfoSet, DWORD MemberIndex, PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, int* Res)  // Fake device at first failed MemberIndex
 {
- if(*Res || (MemberIndex != this->UsbDevInfoIdx) || (DeviceInfoSet != this->hCurUsbDevInf) || (GetLastError()!=ERROR_NO_MORE_ITEMS))return false;   // this->UsbDevInfoIdx must be for a fake entry
+ int LastErr = GetLastError();
+ LOGMSG("Result=%u, DeviceInfoSet=%p, hCurDevInf=%p, LastErr=%u",*Res,DeviceInfoSet,this->hCurDevInf,LastErr);
+ if(*Res || /*(MemberIndex != this->UsbDevInfoIdx) ||*/ (DeviceInfoSet != this->hCurDevInf) || (GetLastError()!=ERROR_NO_MORE_ITEMS))return 0;   // this->UsbDevInfoIdx must be for a fake entry
  SetLastError(0);      
  *Res = 1;  
+ this->LstFakeIntfDataPtr      = DeviceInterfaceData;
  DeviceInterfaceData->cbSize   = sizeof(SP_DEVICE_INTERFACE_DATA);
  DeviceInterfaceData->Reserved = 0;
  DeviceInterfaceData->Flags    = SPINT_DEFAULT|SPINT_ACTIVE;
  memcpy(&DeviceInterfaceData->InterfaceClassGuid,&this->FakeGuid,sizeof(GUID));
  LOGMSG("Match No more Items To fake!",0); 
- return true;         
+ return 1;         
 }
-//---------------------------------------------------
-int Before_SetupDiGetDeviceInterfaceDetail(HDEVINFO DeviceInfoSet, PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, PSP_DEVICE_INTERFACE_DETAIL_DATA_A DeviceInterfaceDetailData, DWORD DeviceInterfaceDetailDataSize, PDWORD RequiredSize)
+//---------------------------------------------------   
+template<typename T> int Before_SetupDiGetDeviceInterfaceDetail(HDEVINFO DeviceInfoSet, PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, T DeviceInterfaceDetailData, DWORD DeviceInterfaceDetailDataSize, PDWORD RequiredSize)   // T= PSP_DEVICE_INTERFACE_DETAIL_DATA_A/W
 {
- if((DeviceInfoSet != this->hCurUsbDevInf) || (memcmp(&DeviceInterfaceData->InterfaceClassGuid,&this->FakeGuid,sizeof(GUID))!=0))return -1;  
+ if((DeviceInfoSet != this->hCurDevInf) || (DeviceInterfaceData != this->LstFakeIntfDataPtr) || (memcmp(&DeviceInterfaceData->InterfaceClassGuid,&this->FakeGuid,sizeof(GUID))!=0))return -1;    // SetupDiEnumDeviceInterfaces must return a fake HDEVINFO entry and a Fake GUID after all existing device entries
  SetLastError(0);
  if(!DeviceInterfaceDetailData && !DeviceInterfaceDetailDataSize)
   {
    if(RequiredSize)*RequiredSize = 512;
    return 0;
   }  
- this->hCurUsbDevInf = NULL;      
+ LOGMSG("Resetting hCurDevInf: %p",this->hCurDevInf); 
+ this->hCurDevInf      = NULL;  
+ this->LstFakeIntfDataPtr = NULL;    
  return 1;
 }
 //---------------------------------------------------
-bool After_SetupDiGetDeviceInterfaceDetail(PSP_DEVICE_INTERFACE_DETAIL_DATA_A DeviceInterfaceDetailData, int Res)
+template<typename T> int After_SetupDiGetDeviceInterfaceDetail(PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, T DeviceInterfaceDetailData, int Res)         // T= PSP_DEVICE_INTERFACE_DETAIL_DATA_A/W
 {
- if(!Res || !DeviceInterfaceDetailData || (memcmp(&DeviceInterfaceDetailData->DevicePath,&this->DevPathStr,26)!=0))return false;   // 26 =  "\\\\?\\usb#vid_XXXX&pid_YYYY#"   // String compare case???
- this->hCurUsbDevInf = NULL;  
- this->UsbDevInfoIdx = -1;
- return true;
+ if(!Res || (DeviceInterfaceData != this->LstFakeIntfDataPtr) || !DeviceInterfaceDetailData || (memcmp(&DeviceInterfaceDetailData->DevicePath,&this->DevPathStr,26)!=0))return 0;   // 26 =  "\\\\?\\usb#vid_XXXX&pid_YYYY#"   // String compare case???
+ LOGMSG("Resetting hCurDevInf: %p",this->hCurDevInf); 
+ this->hCurDevInf      = NULL;  
+ this->LstFakeIntfDataPtr = NULL;
+// this->UsbDevInfoIdx = -1;
+ return 1;
 }
 //---------------------------------------------------
 

diff --git a/DotNet.hpp b/DotNet.hpp
@@ -0,0 +1,44 @@
+
+#pragma once
+
+/*
+  EnvVars:
+     JitTimeLogCsv
+     JitFuncInfoLogFile
+
+     TailCallOpt
+     JitELTHookEnabled
+     AltJit
+     JitVNMapSelBudget
+
+
+
+*/
+
+
+namespace DotNet
+{
+
+struct SCILJit
+{
+
+
+};
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+};
diff --git a/FormatPE.h b/FormatPE.h
@@ -773,7 +773,7 @@ static PVOID _stdcall GetProcedureAddress(PVOID ModuleBase, LPSTR ApiName, LPSTR
  if(InStr[namctr] == '#')
   {
    *OutProcName = 0;
-   return DecStrToNum(&InStr[++namctr]);
+   return DecStrToNum<int>(&InStr[++namctr]);
   }
    else 
     {

diff --git a/GhostDbg.hpp b/GhostDbg.hpp
@@ -217,6 +217,12 @@ int FindThreadIdxInList(SThDesc** Res, DWORD ThreadID, HANDLE hThread=NULL)
  return -1;
 }
 //------------------------------------------------------------------------------------
+SThDesc* GetThreadDesc(UINT Index)
+{
+ if(Index >= this->ThreadLst.Count())return NULL;
+ return &this->ThreadLst[Index];
+}
+//------------------------------------------------------------------------------------
 bool RemoveThreadFromList(DWORD ThreadID, HANDLE hThread=NULL)
 {
  EnterCriticalSection(&this->csec);
@@ -717,28 +723,6 @@ SNtDll(void)       // NOTE: Better call this before hooking NtMapViewOfSection
  if(Ptr)VirtualFree(Ptr,0,MEM_RELEASE);
 }
 //------------------------------------------------------------------------------------
-static PVOID FindRtlDispatchException(void)
-{
- PBYTE PBase = (PBYTE)GetProcAddress(GetModuleHandleA("ntdll.dll"),"KiUserExceptionDispatcher");
- if(!PBase)return NULL;
- PBase += 8;
- for(UINT ctr=0;;ctr++,PBase++)
-  {
-   if(ctr >= 56)return NULL;
-#ifdef _AMD64_
-   if(*(PDWORD)PBase == 0xE8D48B48){PBase+=4;          // mov RDX, RSP; call Rel32
-#else
-   if(*PBase == 0xE8){PBase++;                         // call Rel32
-#endif
-     PVOID Addr = RelAddrToAddr(PBase-1,5,*(PDWORD)PBase);
-     DBGMSG("Addr: %p",Addr);
-     return Addr;
-     break;
-    }
-  }  
- return NULL;
-}
-//------------------------------------------------------------------------------------
 /*
 RtlUserThreadStart (Callback)    // CREATE_SUSPENDED thread`s IP 
   x32  x64
@@ -1004,7 +988,8 @@ int _stdcall ProcessRequestDbg(SMsgHdr* Req)
      if(!ThreadHandle){DBGMSG("Thread handle not found: ThIdx=%i",ThIdx);}
      api.PopArg(ctx);
      HRESULT Status = STATUS_SUCCESS;
-     if(!this->ThList.GetContextVal(ThIdx, &ctx))Status = this->NtDll.NtGetContextThread(ThreadHandle, &ctx);   
+     if(!this->ThList.GetContextVal(ThIdx, &ctx))Status = this->NtDll.NtGetContextThread(ThreadHandle, &ctx);  
+       else {DBGMSG("GetContext read locally: %u",ThIdx);}     
      apo.PushArg(ctx);
      apo.PushArg(Status); 
      if(!Status && ThreadHandle){if(this->OnlyOwnHwBP)this->ThList.UpdHardwareBp(ThIdx, &ctx); if(this->OnlyOwnTF)this->ThList.UpdTraceFlag(ThIdx, &ctx);}    // Need update here?
@@ -1024,6 +1009,8 @@ int _stdcall ProcessRequestDbg(SMsgHdr* Req)
      api.PopArg(ctx);
      HRESULT Status = STATUS_SUCCESS;
      if(!this->ThList.SetContextVal(ThIdx, &ctx))Status = this->NtDll.NtSetContextThread(ThreadHandle, &ctx);
+       else {DBGMSG("SetContext stored locally: %u",ThIdx);}
+     DBGMSG("SetContext %u: Dr0=%p, Dr1=%p, Dr2=%p, Dr3=%p",ThIdx,ctx.Dr0,ctx.Dr1,ctx.Dr2,ctx.Dr3);
      apo.PushArg(Status);
      if(!Status && ThreadHandle){if(this->OnlyOwnHwBP)this->ThList.UpdHardwareBp(ThIdx, &ctx); if(this->OnlyOwnTF)this->ThList.UpdTraceFlag(ThIdx, &ctx);}
      DBGMSG("miSetThreadContext PutMsg: Status=%08X, FLAGS=%08X, Size=%u",Status,ctx.ContextFlags, apo.GetLen());
@@ -1369,7 +1356,7 @@ CDbgClient(void)
 }
 //------------------------------------------------------------------------------------
 bool Start(UINT Size=0, HANDLE hThread=NULL, PVOID IPCThProc=NULL)
-{
+{        
  if(this->IsActive()){DBGMSG("Already active!"); return false;}
  if(Size)this->IPCSize = Size;
  if(!hThread)
@@ -1379,6 +1366,7 @@ bool Start(UINT Size=0, HANDLE hThread=NULL, PVOID IPCThProc=NULL)
   }
    else
     {
+     DBGMSG("Reusing an existing thread: %p",hThread);
      this->hIPCThread = hThread;
      PVOID Param = this;
      if(!IPCThProc)IPCThProc = &CDbgClient::IPCQueueThread;
@@ -1448,7 +1436,11 @@ bool HandleException(DWORD ThID, PEXCEPTION_RECORD ExceptionRecord, PCONTEXT Con
 int GetThread(DWORD ThID, CThreadList::SThDesc** Desc=NULL)
 {
  int thidx = this->ThList.FindThreadIdxInList(Desc, ThID);
- if(thidx < 0)this->Report_CREATE_THREAD_DEBUG_EVENT(ThID,&thidx);               // First report a new thread
+ if(thidx < 0)
+  {
+   this->Report_CREATE_THREAD_DEBUG_EVENT(ThID,&thidx);               // First report a new thread
+   if((thidx >= 0) && Desc)*Desc =this->ThList.GetThreadDesc(thidx);
+  }
  return thidx;
 }
 //------------------------------------------------------------------------------------

diff --git a/HDE.h b/HDE.h
@@ -399,7 +399,7 @@ unsigned int Disasm(const void *code)
                 ht = THde::Table() + THde::DELTA_OP_ONLY_MEM;
                 table_end = ht + THde::DELTA_OP2_ONLY_MEM - THde::DELTA_OP_ONLY_MEM;
             }
-            for (; ht != table_end; ht += 2)
+            for (; ht < table_end; ht += 2)     // Fix: 'ht != table_end' crash on '41 0F B6 C6  movzx eax, r14b'
                 if (*ht++ == opcode) {
                     if (*ht++ & pref && !((*ht << m_reg) & 0x80))
                         goto error_operand;

diff --git a/InjDllLdr.hpp b/InjDllLdr.hpp
@@ -87,7 +87,7 @@ static int InjModuleIntoProcessAndExec(HANDLE hProcess, PVOID ModuleData, UINT M
    else if(Flags & mfRunRMTH)
     {
      PVOID FlagArg = PVOID((SIZE_T)RemoteAddr | 0xFF);     // Mark base address
-     HANDLE hTh = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)RemEntry,FlagArg,0,NULL);
+     HANDLE hTh = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)RemEntry,FlagArg,0,NULL);        // Firefox Quantum: It gets into LdrInitializeThunk but not into specified ThreadProc!!!!
      if(!hTh){LOGMSG("Failed to create a remote thread (%u): RemEntry=%p, FlagArg=%p", GetLastError(), RemEntry, FlagArg); return -5;}
      WaitForSingleObject(hTh, INFINITE);
     }
@@ -239,6 +239,27 @@ static int HideSelfProxyDll(PVOID DllBase, PVOID pNtDll, LPSTR RealDllPath, PVOI
  return (MapAddr == DllBase);
 }
 //------------------------------------------------------------------------------------
+static PVOID GetModuleBase(LPSTR ModName)
+{
+ PEB_LDR_DATA* ldr = NtCurrentTeb()->ProcessEnvironmentBlock->Ldr;
+ DBGMSG("PEB_LDR_DATA: %p, %s",ldr,ModName);
+ for(LDR_DATA_TABLE_ENTRY_MO* me = ldr->InMemoryOrderModuleList.Flink;me != (LDR_DATA_TABLE_ENTRY_MO*)&ldr->InMemoryOrderModuleList;me = me->InMemoryOrderLinks.Flink)     // Or just use LdrFindEntryForAddress?
+  {
+   if(!me->BaseDllName.Length || !me->BaseDllName.Buffer)continue;
+   DBGMSG("Base=%p, Name='%ls'",me->DllBase,me->BaseDllName.Buffer);    // Zero terminated?
+   bool Match = true;
+   UINT ctr = 0;
+   for(UINT tot=me->BaseDllName.Length/sizeof(WCHAR);ctr < tot;ctr++)
+    {
+     if(me->BaseDllName.Buffer[ctr] != (WCHAR)ModName[ctr]){Match=false; break;}
+    }
+   if(Match && !ModName[ctr])return me->DllBase;
+  }
+ DBGMSG("Not found for: %s",ModName);
+ return NULL;
+}
+//------------------------------------------------------------------------------------
+
 /*
 752D0000 00001000 kernel32.dll                                                                   IMG -R--- ERWC-
 752D1000 0000F000 Reserved (752D0000)                                                            IMG       ERWC-