From a2e89fde1acc5b189c55e0b8b38146194e455cd0 Mon Sep 17 00:00:00 2001 From: auth12 <67507608+auth12@users.noreply.github.com> Date: Mon, 27 Jul 2020 09:46:17 -0700 Subject: Removed spdlog, using fmt wrapper instead. More process class changes, support for 32/64bit processes. Injection process improvements. Other small changes. --- client/src/util/syscalls.cpp | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'client/src/util/syscalls.cpp') diff --git a/client/src/util/syscalls.cpp b/client/src/util/syscalls.cpp index d7d4254..42f3f8e 100644 --- a/client/src/util/syscalls.cpp +++ b/client/src/util/syscalls.cpp @@ -1,6 +1,7 @@ #include "../include.h" #include "io.h" #include "util.h" +#include "../injection/pe.h" #include "syscalls.h" syscalls g_syscalls; @@ -8,14 +9,8 @@ syscalls g_syscalls; syscalls::syscalls() { m_call_table = VirtualAlloc(0, 0x100000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); std::memset(m_call_table, 0x90, 0x100000); -} - -syscalls::~syscalls() { - VirtualFree(m_call_table, 0, MEM_RELEASE); -} -void syscalls::init() { - auto nt = util::ntdll(); + static auto nt = pe::virtual_image("ntdll.dll"); for (auto& exp : nt.exports()) { auto addr = exp.second; @@ -31,23 +26,25 @@ void syscalls::init() { m_stub.resize(s); - std::memcpy(&m_stub[0], (void*)addr, s); + std::memcpy(&m_stub[0], reinterpret_cast(addr), s); } } - io::logger->info("call table : {:x}", uintptr_t(m_call_table)); - - for (auto& syscall : m_indexes) { - auto idx = syscall.second.first; + for (auto& [name, pair] : m_indexes) { + auto& [idx, offset] = pair; auto addr = uintptr_t(m_call_table) + (idx * m_stub.size()); std::memcpy(reinterpret_cast(addr), m_stub.data(), m_stub.size()); *reinterpret_cast(addr + m_stub.size() - 1) = 0xc3; - *reinterpret_cast(addr + syscall.second.second + 1) = idx; + *reinterpret_cast(addr + offset + 1) = idx; } } +syscalls::~syscalls() { + VirtualFree(m_call_table, 0, MEM_RELEASE); +} + bool syscalls::valid(const uintptr_t addr, const size_t& size) { auto func = reinterpret_cast(addr); -- cgit v1.2.3