Skip to content

Commit 63f4684

Browse files
BroihonBroihon
committed
bug fixes, additional checks
1 parent 8d2d0b7 commit 63f4684

File tree

3 files changed

+22
-15
lines changed

3 files changed

+22
-15
lines changed

GH Injector Library/Manual Mapping.cpp

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
222222
IMAGE_OPTIONAL_HEADER * pOptionalHeader = nullptr;
223223
IMAGE_FILE_HEADER * pFileHeader = nullptr;
224224

225-
MANUAL_MAPPING_FUNCTION_TABLE * f = &pData->f;
225+
auto * f = &pData->f;
226226
f->pLdrpHeap = *f->LdrpHeap;
227227

228228
if (!f->pLdrpHeap)
@@ -399,7 +399,9 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
399399

400400
if (LocationDelta)
401401
{
402-
if (!pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)
402+
auto * pRelocDir = ReCa<IMAGE_DATA_DIRECTORY*>(&pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]);
403+
404+
if (!pRelocDir->Size)
403405
{
404406
ImgSize = 0;
405407
f->NtFreeVirtualMemory(hProc, ReCa<void**>(&pBase), &ImgSize, MEM_RELEASE);
@@ -408,7 +410,7 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
408410
return INJ_MM_ERR_IMAGE_CANT_BE_RELOCATED;
409411
}
410412

411-
IMAGE_BASE_RELOCATION * pRelocData = ReCa<IMAGE_BASE_RELOCATION*>(pBase + pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
413+
auto * pRelocData = ReCa<IMAGE_BASE_RELOCATION*>(pBase + pRelocDir->VirtualAddress);
412414

413415
while (pRelocData->VirtualAddress)
414416
{
@@ -424,7 +426,12 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
424426
}
425427
}
426428

427-
pRelocData = ReCa<IMAGE_BASE_RELOCATION*>(ReCa<BYTE*>(pRelocData) + pRelocData->SizeOfBlock);
429+
pRelocData = ReCa<IMAGE_BASE_RELOCATION*>(ReCa<BYTE*>(pRelocData) + pRelocData->SizeOfBlock);
430+
431+
if (pRelocData >= reinterpret_cast<IMAGE_BASE_RELOCATION*>(pBase + pRelocDir->VirtualAddress + pRelocDir->Size))
432+
{
433+
break;
434+
}
428435
}
429436

430437
pOptionalHeader->ImageBase += ReCa<ULONG_PTR>(LocationDelta);
@@ -592,10 +599,10 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
592599
break;
593600
}
594601

595-
LDRP_UNICODE_STRING_BUNDLE * pModPathW = NewObject<LDRP_UNICODE_STRING_BUNDLE>(f, 1);
602+
auto * pModPathW = NewObject<LDRP_UNICODE_STRING_BUNDLE>(f, 1);
596603

597604
pModPathW->String.MaxLength = sizeof(pModPathW->StaticBuffer);
598-
pModPathW->String.szBuffer = pModPathW->StaticBuffer;
605+
pModPathW->String.szBuffer = pModPathW->StaticBuffer;
599606

600607
ntRet = f->LdrpPreprocessDllName(&ModNameW, pModPathW, nullptr, &flags);
601608

@@ -641,8 +648,8 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
641648
*pModule = hDll;
642649
}
643650

644-
IMAGE_THUNK_DATA * pIAT = ReCa<IMAGE_THUNK_DATA*>(pBase + pDelayImportDescr->ImportAddressTableRVA);
645-
IMAGE_THUNK_DATA * pNameTable = ReCa<IMAGE_THUNK_DATA*>(pBase + pDelayImportDescr->ImportNameTableRVA);
651+
IMAGE_THUNK_DATA * pIAT = ReCa<IMAGE_THUNK_DATA*>(pBase + pDelayImportDescr->ImportAddressTableRVA);
652+
IMAGE_THUNK_DATA * pNameTable = ReCa<IMAGE_THUNK_DATA*>(pBase + pDelayImportDescr->ImportNameTableRVA);
646653

647654
for (; pIAT->u1.Function; ++pIAT, ++pNameTable)
648655
{
@@ -806,7 +813,7 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
806813
Callback(pBase, DLL_PROCESS_ATTACH, nullptr);
807814
}
808815
}
809-
816+
810817
if (Flags & INJ_MM_RUN_DLL_MAIN && pOptionalHeader->AddressOfEntryPoint)
811818
{
812819
f_DLL_ENTRY_POINT DllMain = ReCa<f_DLL_ENTRY_POINT>(pBase + pOptionalHeader->AddressOfEntryPoint);
@@ -858,7 +865,7 @@ DWORD ManualMapping_Shell(MANUAL_MAPPING_DATA * pData)
858865
}
859866

860867
Size = pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].Size;
861-
if (Size)
868+
if (Size && !(Flags & INJ_MM_RESOLVE_DELAY_IMPORTS))
862869
{
863870
auto * pDelayImportDescr = ReCa<IMAGE_DELAYLOAD_DESCRIPTOR*>(pBase + pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].VirtualAddress);
864871

GH Injector Library/Symbol Parser.cpp

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,6 @@ DWORD SYMBOL_PARSER::Initialize(const std::string szModulePath, const std::strin
164164
IMAGE_OPTIONAL_HEADER64 * pOpt64 = nullptr;
165165
IMAGE_OPTIONAL_HEADER32 * pOpt32 = nullptr;
166166

167-
168167
bool x86 = false;
169168

170169
if (pFile->Machine == IMAGE_FILE_MACHINE_AMD64)

GH Injector Library/Tools.cpp

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,14 @@ DWORD ValidateFile(const wchar_t * szFile, DWORD desired_machine)
3232
auto * pDos = ReCa<IMAGE_DOS_HEADER*>(headers);
3333
auto * pNT = ReCa<IMAGE_NT_HEADERS*>(headers + pDos->e_lfanew); //no need for correct nt headers type
3434

35-
WORD magic = pDos->e_magic;
36-
DWORD signature = pNT->Signature;
37-
WORD machine = pNT->FileHeader.Machine;
35+
WORD magic = pDos->e_magic;
36+
DWORD signature = pNT->Signature;
37+
WORD machine = pNT->FileHeader.Machine;
38+
WORD character = pNT->FileHeader.Characteristics;
3839

3940
delete[] headers;
4041

41-
if (magic != IMAGE_DOS_SIGNATURE || signature != IMAGE_NT_SIGNATURE || machine != desired_machine) //"MZ" & "PE"
42+
if (magic != IMAGE_DOS_SIGNATURE || signature != IMAGE_NT_SIGNATURE || machine != desired_machine || !(character & IMAGE_FILE_DLL)) //"MZ" & "PE"
4243
{
4344
return FILE_ERR_INVALID_FILE;
4445
}

0 commit comments

Comments
 (0)