2008-11-14 11:04:02 +01:00
|
|
|
/* ======== SourceHook ========
|
2010-10-17 08:21:58 +02:00
|
|
|
* Copyright (C) 2004-2010 Metamod:Source Development Team
|
2008-11-14 11:04:02 +01:00
|
|
|
* No warranties of any kind
|
|
|
|
*
|
|
|
|
* License: zlib/libpng
|
|
|
|
*
|
|
|
|
* Author(s): Pavol "PM OnoTo" Marko, Scott "Damaged Soul" Ehlert
|
|
|
|
* Contributors: lancevorgin, XAD, theqizmo
|
|
|
|
* ============================
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __SHINT_MEMORY_H__
|
|
|
|
#define __SHINT_MEMORY_H__
|
|
|
|
|
|
|
|
// Feb 17 / 2005:
|
|
|
|
// Unprotect now sets to readwrite
|
|
|
|
// The vtable doesn't need to be executable anyway
|
|
|
|
|
2009-11-24 14:19:57 +01:00
|
|
|
# if SH_XP == SH_XP_WINAPI
|
2008-11-14 11:04:02 +01:00
|
|
|
# include <windows.h>
|
|
|
|
# define SH_MEM_READ 1
|
|
|
|
# define SH_MEM_WRITE 2
|
|
|
|
# define SH_MEM_EXEC 4
|
2009-11-24 14:19:57 +01:00
|
|
|
# elif SH_XP == SH_XP_POSIX
|
2008-11-14 11:04:02 +01:00
|
|
|
# include <sys/mman.h>
|
|
|
|
# include <stdio.h>
|
|
|
|
# include <signal.h>
|
|
|
|
# include <setjmp.h>
|
2009-02-16 21:52:46 +01:00
|
|
|
# include <stdint.h>
|
2008-11-14 11:04:02 +01:00
|
|
|
// http://www.die.net/doc/linux/man/man2/mprotect.2.html
|
|
|
|
# include <limits.h>
|
|
|
|
# ifndef PAGESIZE
|
|
|
|
# define PAGESIZE 4096
|
|
|
|
# endif
|
|
|
|
# define SH_MEM_READ PROT_READ
|
|
|
|
# define SH_MEM_WRITE PROT_WRITE
|
|
|
|
# define SH_MEM_EXEC PROT_EXEC
|
|
|
|
|
|
|
|
// We need to align addr down to pagesize on linux
|
|
|
|
// We assume PAGESIZE is a power of two
|
2009-02-16 21:52:46 +01:00
|
|
|
# define SH_LALIGN(x) (void*)((uintptr_t)(x) & ~(PAGESIZE-1))
|
|
|
|
# define SH_LALDIF(x) ((uintptr_t)(x) % PAGESIZE)
|
2008-11-14 11:04:02 +01:00
|
|
|
# else
|
|
|
|
# error Unsupported OS/Compiler
|
|
|
|
# endif
|
2011-10-16 07:16:50 +02:00
|
|
|
#if SH_SYS == SH_SYS_APPLE
|
|
|
|
# include <mach/mach.h>
|
|
|
|
# include <mach/vm_region.h>
|
|
|
|
# include <mach/mach_traps.h>
|
|
|
|
#endif
|
2008-11-14 11:04:02 +01:00
|
|
|
|
|
|
|
#include "sh_list.h"
|
|
|
|
|
|
|
|
namespace SourceHook
|
|
|
|
{
|
2011-10-16 07:16:50 +02:00
|
|
|
static inline bool GetPageBits(void *addr, int *bits)
|
|
|
|
{
|
|
|
|
#if SH_SYS == SH_SYS_LINUX
|
|
|
|
// On linux, first check /proc/self/maps
|
|
|
|
unsigned long laddr = reinterpret_cast<unsigned long>(addr);
|
|
|
|
|
2023-10-07 19:45:54 +02:00
|
|
|
bool bFound = false;
|
2011-10-16 07:16:50 +02:00
|
|
|
FILE *pF = fopen("/proc/self/maps", "r");
|
|
|
|
if (pF) {
|
|
|
|
// Linux /proc/self/maps -> parse
|
|
|
|
// Format:
|
|
|
|
// lower upper prot stuff path
|
|
|
|
// 08048000-0804c000 r-xp 00000000 03:03 1010107 /bin/cat
|
|
|
|
unsigned long rlower, rupper;
|
|
|
|
char r, w, x;
|
2023-10-07 19:45:54 +02:00
|
|
|
char *buffer = NULL;
|
|
|
|
size_t bufsize = 0;
|
|
|
|
while (getline(&buffer, &bufsize, pF) != -1) {
|
|
|
|
char *addr_split;
|
|
|
|
char *prot_split;
|
|
|
|
rlower = strtoul(buffer, &addr_split, 16);
|
|
|
|
rupper = strtoul(&addr_split[1], &prot_split, 16);
|
2011-10-16 07:16:50 +02:00
|
|
|
// Check whether we're IN THERE!
|
|
|
|
if (laddr >= rlower && laddr < rupper) {
|
2023-10-07 19:45:54 +02:00
|
|
|
r = prot_split[1];
|
|
|
|
w = prot_split[2];
|
|
|
|
x = prot_split[3];
|
2011-10-16 07:16:50 +02:00
|
|
|
*bits = 0;
|
|
|
|
if (r == 'r')
|
|
|
|
*bits |= SH_MEM_READ;
|
|
|
|
if (w == 'w')
|
|
|
|
*bits |= SH_MEM_WRITE;
|
|
|
|
if (x == 'x')
|
|
|
|
*bits |= SH_MEM_EXEC;
|
2023-10-07 19:45:54 +02:00
|
|
|
bFound = true;
|
2011-10-16 07:16:50 +02:00
|
|
|
break;
|
2023-10-07 19:45:54 +02:00
|
|
|
}
|
2011-10-16 07:16:50 +02:00
|
|
|
}
|
2023-10-07 19:45:54 +02:00
|
|
|
free(buffer);
|
2011-10-16 07:16:50 +02:00
|
|
|
fclose(pF);
|
2023-10-07 19:45:54 +02:00
|
|
|
return bFound;
|
2011-10-16 07:16:50 +02:00
|
|
|
}
|
|
|
|
pF = fopen("/proc/curproc/map", "r");
|
|
|
|
if (pF) {
|
|
|
|
// FreeBSD /proc/curproc/map -> parse
|
|
|
|
// 0x804800 0x805500 13 15 0xc6e18960 r-x 21 0x0 COW NC vnode
|
|
|
|
unsigned long rlower, rupper, ignoreLong;
|
|
|
|
int ignoreInt;
|
|
|
|
char r, w, x;
|
|
|
|
while (fscanf(pF, "0x%lx 0x%lx %d %d 0x%lx %c%c%c", &rlower, &rupper, &ignoreInt,
|
|
|
|
&ignoreInt, &ignoreLong, &r, &w, &x) != EOF) {
|
|
|
|
// Check whether we're IN THERE!
|
|
|
|
if (laddr >= rlower && laddr < rupper) {
|
|
|
|
fclose(pF);
|
|
|
|
*bits = 0;
|
|
|
|
if (r == 'r')
|
|
|
|
*bits |= SH_MEM_READ;
|
|
|
|
if (r == 'w')
|
|
|
|
*bits |= SH_MEM_WRITE;
|
|
|
|
if (r == 'x')
|
|
|
|
*bits |= SH_MEM_EXEC;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
// Read to end of line
|
|
|
|
int c;
|
|
|
|
while ((c = fgetc(pF)) != '\n') {
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fclose(pF);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
#elif SH_SYS == SH_SYS_APPLE
|
|
|
|
vm_size_t ignoreSize;
|
|
|
|
vm_address_t vmaddr = (vm_address_t)addr;
|
2017-12-20 08:11:57 +01:00
|
|
|
memory_object_name_t obj;
|
|
|
|
#if defined(__i386__)
|
2011-10-16 07:16:50 +02:00
|
|
|
vm_region_basic_info_data_t info;
|
|
|
|
vm_region_flavor_t flavor = VM_REGION_BASIC_INFO;
|
|
|
|
mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT;
|
|
|
|
kern_return_t kr = vm_region(mach_task_self(), &vmaddr, &ignoreSize, flavor,
|
|
|
|
(vm_region_info_t)&info, &count, &obj);
|
2017-12-20 08:11:57 +01:00
|
|
|
#elif defined(__x86_64__)
|
|
|
|
vm_region_basic_info_data_64_t info;
|
|
|
|
vm_region_flavor_t flavor = VM_REGION_BASIC_INFO_64;
|
|
|
|
mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64;
|
|
|
|
kern_return_t kr = vm_region_64(mach_task_self(), &vmaddr, &ignoreSize, flavor,
|
|
|
|
(vm_region_info_64_t)&info, &count, &obj);
|
|
|
|
#endif
|
2011-10-16 07:16:50 +02:00
|
|
|
if (kr != KERN_SUCCESS)
|
|
|
|
return false;
|
|
|
|
*bits = 0;
|
|
|
|
if (info.protection & VM_PROT_READ)
|
|
|
|
*bits |= SH_MEM_READ;
|
|
|
|
if (info.protection & VM_PROT_WRITE)
|
|
|
|
*bits |= SH_MEM_WRITE;
|
|
|
|
if (info.protection & VM_PROT_EXECUTE)
|
|
|
|
*bits |= SH_MEM_EXEC;
|
|
|
|
return true;
|
|
|
|
#elif SH_XP == SH_XP_WINAPI
|
|
|
|
SYSTEM_INFO info;
|
|
|
|
GetSystemInfo(&info);
|
|
|
|
|
|
|
|
MEMORY_BASIC_INFORMATION mem;
|
|
|
|
size_t base = size_t(addr) & ~size_t(info.dwPageSize - 1);
|
|
|
|
if (!VirtualQuery((void *)base, &mem, sizeof(mem)))
|
|
|
|
return false;
|
|
|
|
switch (mem.Protect) {
|
|
|
|
case PAGE_EXECUTE:
|
|
|
|
*bits = SH_MEM_EXEC;
|
|
|
|
break;
|
|
|
|
case PAGE_EXECUTE_READ:
|
|
|
|
*bits = SH_MEM_EXEC | SH_MEM_READ;
|
|
|
|
break;
|
|
|
|
case PAGE_EXECUTE_READWRITE:
|
|
|
|
case PAGE_EXECUTE_WRITECOPY:
|
|
|
|
*bits = SH_MEM_EXEC | SH_MEM_READ | SH_MEM_WRITE;
|
|
|
|
break;
|
|
|
|
case PAGE_NOACCESS:
|
|
|
|
*bits = 0;
|
|
|
|
break;
|
|
|
|
case PAGE_READONLY:
|
|
|
|
*bits = SH_MEM_READ;
|
|
|
|
break;
|
|
|
|
case PAGE_READWRITE:
|
|
|
|
case PAGE_WRITECOPY:
|
|
|
|
*bits = SH_MEM_READ | SH_MEM_WRITE;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2008-11-14 11:04:02 +01:00
|
|
|
inline bool SetMemAccess(void *addr, size_t len, int access)
|
|
|
|
{
|
2009-11-24 14:19:57 +01:00
|
|
|
# if SH_XP == SH_XP_POSIX
|
2008-11-14 11:04:02 +01:00
|
|
|
return mprotect(SH_LALIGN(addr), len + SH_LALDIF(addr), access)==0 ? true : false;
|
2009-11-24 14:19:57 +01:00
|
|
|
# elif SH_XP == SH_XP_WINAPI
|
2008-11-14 11:04:02 +01:00
|
|
|
DWORD tmp;
|
|
|
|
DWORD prot;
|
|
|
|
switch (access)
|
|
|
|
{
|
|
|
|
case SH_MEM_READ:
|
|
|
|
prot = PAGE_READONLY; break;
|
|
|
|
case SH_MEM_READ | SH_MEM_WRITE:
|
|
|
|
prot = PAGE_READWRITE; break;
|
|
|
|
case SH_MEM_READ | SH_MEM_EXEC:
|
|
|
|
prot = PAGE_EXECUTE_READ; break;
|
|
|
|
default:
|
|
|
|
case SH_MEM_READ | SH_MEM_WRITE | SH_MEM_EXEC:
|
|
|
|
prot = PAGE_EXECUTE_READWRITE; break;
|
|
|
|
}
|
|
|
|
return VirtualProtect(addr, len, prot, &tmp) ? true : false;
|
|
|
|
# endif
|
|
|
|
}
|
|
|
|
|
2011-10-16 07:16:50 +02:00
|
|
|
inline bool MakePageWritable(void *addr)
|
|
|
|
{
|
|
|
|
int bits;
|
|
|
|
if (GetPageBits(addr, &bits)) {
|
|
|
|
if (bits & SH_MEM_WRITE)
|
|
|
|
return true;
|
|
|
|
bits |= SH_MEM_WRITE;
|
|
|
|
} else {
|
|
|
|
bits = SH_MEM_READ | SH_MEM_WRITE | SH_MEM_EXEC;
|
|
|
|
}
|
|
|
|
return SetMemAccess(addr, sizeof(void *), bits);
|
|
|
|
}
|
|
|
|
|
2009-11-24 14:19:57 +01:00
|
|
|
#if SH_XP == SH_XP_POSIX
|
2008-11-14 11:04:02 +01:00
|
|
|
namespace
|
|
|
|
{
|
|
|
|
bool g_BadReadCalled;
|
|
|
|
jmp_buf g_BadReadJmpBuf;
|
|
|
|
|
2009-11-24 14:19:57 +01:00
|
|
|
# if SH_SYS == SH_SYS_LINUX
|
2008-11-14 11:04:02 +01:00
|
|
|
static void BadReadHandler(int sig)
|
|
|
|
{
|
|
|
|
if (g_BadReadCalled)
|
|
|
|
longjmp(g_BadReadJmpBuf, 1);
|
|
|
|
}
|
2009-11-24 14:19:57 +01:00
|
|
|
# elif SH_SYS == SH_SYS_APPLE
|
|
|
|
static void BadReadHandler(int signal, siginfo_t* my_siginfo, void* my_context)
|
|
|
|
{
|
|
|
|
if (g_BadReadCalled)
|
|
|
|
longjmp(g_BadReadJmpBuf, 1);
|
|
|
|
}
|
|
|
|
# endif
|
2008-11-14 11:04:02 +01:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Checks whether the specified memory region is (still) accessible
|
|
|
|
*
|
|
|
|
* @param addr The lower boundary
|
|
|
|
* @param len Length of the region to be checked
|
|
|
|
*/
|
|
|
|
namespace
|
|
|
|
{
|
2018-07-31 22:17:48 +02:00
|
|
|
static inline bool ModuleInMemory(char *addr, size_t len)
|
2008-11-14 11:04:02 +01:00
|
|
|
{
|
2009-11-24 14:19:57 +01:00
|
|
|
#if SH_SYS == SH_SYS_LINUX
|
2008-11-14 11:04:02 +01:00
|
|
|
// On linux, first check /proc/self/maps
|
|
|
|
long lower = reinterpret_cast<long>(addr);
|
|
|
|
long upper = lower + len;
|
|
|
|
|
|
|
|
FILE *pF = fopen("/proc/self/maps", "r");
|
|
|
|
if (pF)
|
|
|
|
{
|
|
|
|
// Linux /proc/self/maps -> parse
|
|
|
|
// Format:
|
|
|
|
// lower upper prot stuff path
|
|
|
|
// 08048000-0804c000 r-xp 00000000 03:03 1010107 /bin/cat
|
|
|
|
long rlower, rupper;
|
|
|
|
while (fscanf(pF, "%lx-%lx", &rlower, &rupper) != EOF)
|
|
|
|
{
|
|
|
|
// Check whether we're IN THERE!
|
|
|
|
if (lower >= rlower && upper <= rupper)
|
|
|
|
{
|
|
|
|
fclose(pF);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
// Read to end of line
|
|
|
|
int c;
|
|
|
|
while ((c = fgetc(pF)) != '\n')
|
|
|
|
{
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fclose(pF);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
pF = fopen("/proc/curproc/map", "r");
|
|
|
|
if (pF)
|
|
|
|
{
|
|
|
|
// FreeBSD /proc/curproc/map -> parse
|
|
|
|
// 0x804800 0x805500 13 15 0xc6e18960 r-x 21 0x0 COW NC vnode
|
|
|
|
long rlower, rupper;
|
|
|
|
while (fscanf(pF, "0x%lx 0x%lx", &rlower, &rupper) != EOF)
|
|
|
|
{
|
|
|
|
// Check whether we're IN THERE!
|
|
|
|
if (lower >= rlower && upper <= rupper)
|
|
|
|
{
|
|
|
|
fclose(pF);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
// Read to end of line
|
|
|
|
int c;
|
|
|
|
while ((c = fgetc(pF)) != '\n')
|
|
|
|
{
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (c == EOF)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
fclose(pF);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Both of the above failed, try to actually read and trap sigsegv (implemented by Damaged Soul)
|
|
|
|
void(*prevHandler)(int sig);
|
|
|
|
g_BadReadCalled = true;
|
|
|
|
|
|
|
|
if (setjmp(g_BadReadJmpBuf))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
prevHandler = signal(SIGSEGV, BadReadHandler);
|
|
|
|
|
2018-07-31 22:17:48 +02:00
|
|
|
volatile const char *p = reinterpret_cast<const char*>(addr);
|
2018-08-01 06:14:08 +02:00
|
|
|
char dummy;
|
|
|
|
|
2018-07-31 22:17:48 +02:00
|
|
|
for (size_t i = 0; i < len; i++)
|
2018-08-01 06:14:08 +02:00
|
|
|
dummy = p[i];
|
|
|
|
(void)dummy; // silence unused var, we must read from p
|
2018-07-31 22:17:48 +02:00
|
|
|
|
2008-11-14 11:04:02 +01:00
|
|
|
g_BadReadCalled = false;
|
|
|
|
|
|
|
|
signal(SIGSEGV, prevHandler);
|
|
|
|
|
|
|
|
return false;
|
2009-11-24 14:19:57 +01:00
|
|
|
#elif SH_SYS == SH_SYS_APPLE
|
2017-12-20 08:11:57 +01:00
|
|
|
struct sigaction sa, osa, osa2;
|
2009-11-24 14:19:57 +01:00
|
|
|
sa.sa_sigaction = BadReadHandler;
|
|
|
|
sa.sa_flags = SA_SIGINFO | SA_RESTART;
|
|
|
|
|
|
|
|
g_BadReadCalled = true;
|
|
|
|
|
|
|
|
if (setjmp(g_BadReadJmpBuf))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (sigaction(SIGBUS, &sa, &osa) == -1)
|
|
|
|
return false;
|
2017-12-20 08:11:57 +01:00
|
|
|
if (sigaction(SIGSEGV, &sa, &osa2) == -1)
|
|
|
|
return false;
|
2009-11-24 14:19:57 +01:00
|
|
|
|
|
|
|
volatile const char *p = reinterpret_cast<const char *>(addr);
|
2018-08-01 06:14:08 +02:00
|
|
|
char dummy;
|
|
|
|
|
2009-11-24 14:19:57 +01:00
|
|
|
for (size_t i = 0; i < len; i++)
|
2018-08-01 06:14:08 +02:00
|
|
|
dummy = p[i];
|
|
|
|
(void)dummy; // silence unused var, we must read from p
|
2009-11-24 14:19:57 +01:00
|
|
|
|
|
|
|
g_BadReadCalled = false;
|
|
|
|
|
|
|
|
sigaction(SIGBUS, &osa, NULL);
|
2017-12-20 08:11:57 +01:00
|
|
|
sigaction(SIGSEGV, &osa2, NULL);
|
2009-11-24 14:19:57 +01:00
|
|
|
|
|
|
|
return true;
|
|
|
|
#elif SH_XP == SH_XP_WINAPI
|
2008-11-14 11:04:02 +01:00
|
|
|
// On Win32, simply use IsBadReadPtr
|
|
|
|
return !IsBadReadPtr(addr, len);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|