forked from xiaobfly/DisPg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Except.c
117 lines (108 loc) · 3.6 KB
/
Except.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/*
*
* Copyright (c) 2015-2018 by blindtiger ( blindtiger@foxmail.com )
*
* The contents of this file are subject to the Mozilla Public License Version
* 2.0 (the "License")); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. SEe the License
* for the specific language governing rights and limitations under the
* License.
*
* The Initial Developer of the Original e is blindtiger.
*
*/
#include <OsDefs.h>
#include <StubsApi.h>
#include "Except.h"
#include "Reload.h"
#include "Testis.h"
ULONG
NTAPI
EncodeSystemPointer(
__in ULONG Pointer
)
{
return ((SharedUserData->Cookie ^
Pointer) >> (SharedUserData->Cookie & 0x1f)) |
((SharedUserData->Cookie ^ Pointer) <<
(32 - (SharedUserData->Cookie & 0x1f)));
}
ULONG
NTAPI
DecodeSystemPointer(
__in ULONG Pointer
)
{
return SharedUserData->Cookie ^
((Pointer >> (32 - (SharedUserData->Cookie & 0x1f))) |
(Pointer << (SharedUserData->Cookie & 0x1f)));
}
VOID
NTAPI
CaptureImageExceptionValues(
__in PVOID Base,
__out PVOID * FunctionTable,
__out PULONG TableSize
)
{
PIMAGE_NT_HEADERS NtHeaders = NULL;
PIMAGE_LOAD_CONFIG_DIRECTORY32 LoadConfig = NULL;
ULONG LoadConfigSize = 0;
PIMAGE_COR20_HEADER Cor20Header = NULL;
ULONG Cor20HeaderSize = 0;
NtHeaders = RtlImageNtHeader(Base);
if (NULL != NtHeaders) {
if (IMAGE_NT_OPTIONAL_HDR32_MAGIC == NtHeaders->OptionalHeader.Magic) {
if (IMAGE_DLLCHARACTERISTICS_NO_SEH == FlagOn(
((PIMAGE_NT_HEADERS32)NtHeaders)->OptionalHeader.DllCharacteristics,
IMAGE_DLLCHARACTERISTICS_NO_SEH)) {
*FunctionTable = LongToPtr(-1);
*TableSize = -1;
}
else {
LoadConfig = (PIMAGE_LOAD_CONFIG_DIRECTORY32)
RtlImageDirectoryEntryToData(
Base,
TRUE,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
&LoadConfigSize);
if (NULL != LoadConfig &&
LoadConfig->Size >= RTL_SIZEOF_THROUGH_FIELD(
IMAGE_LOAD_CONFIG_DIRECTORY32,
SEHandlerCount) &&
0 != LoadConfig->SEHandlerTable &&
0 != LoadConfig->SEHandlerCount) {
*FunctionTable = ULongToPtr(LoadConfig->SEHandlerTable);
*TableSize = LoadConfig->SEHandlerCount;
}
else {
Cor20Header = RtlImageDirectoryEntryToData(
Base,
TRUE,
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
&Cor20HeaderSize);
if (Cor20Header && ((Cor20Header->Flags & COMIMAGE_FLAGS_ILONLY) ==
COMIMAGE_FLAGS_ILONLY)) {
*FunctionTable = LongToPtr(-1);
*TableSize = -1;
}
else {
*FunctionTable = 0;
*TableSize = 0;
}
}
}
}
else if (IMAGE_NT_OPTIONAL_HDR64_MAGIC == NtHeaders->OptionalHeader.Magic) {
*FunctionTable = RtlImageDirectoryEntryToData(
Base,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXCEPTION,
TableSize);
}
}
}