Changeset 4645


Ignore:
Timestamp:
Sep 18, 2010 1:09:03 AM (4 years ago)
Author:
sam
Message:

Add a few comments in the code for new Win32 strategies.

Location:
zzuf/trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/src/libzzuf/sys.c

    r4253 r4645  
    104104                continue;
    105105
     106            /* FIXME: The StarCraft 2 hack uses two methods for function
     107             * diversion. See HookSsdt() and HookHotPatch(). */
    106108            VirtualProtect(func, sizeof(func), PAGE_EXECUTE_READWRITE, &dummy);
    107109            WriteProcessMemory(GetCurrentProcess(), func, &new,
  • zzuf/trunk/src/myfork.c

    r4393 r4645  
    386386
    387387    /* Backup the old entry point code */
    388     ReadProcessMemory(process, epaddr, code + loaderlen,
    389                       jumperlen, &tmp);
     388    ReadProcessMemory(process, epaddr, code + loaderlen, jumperlen, &tmp);
    390389    if(tmp != jumperlen)
    391390        return -1;
     391
     392    /* XXX: at this point, the StarCraft 2 hack replaces the entry point
     393     * contents with a jump to self, then waits until the program counter
     394     * actually reaches the entry point. Not sure whether it is needed. */
    392395
    393396    /* FIXME: the GetProcAddress calls assume the library was loaded at
    394397     * the same address in the child process. This is wrong since Vista
    395      * and its address space randomisation. */
     398     * and its address space randomisation. The StarCraft 2 hack remotely
     399     * parses the target process's module list in order to find the
     400     * kernel32.dll address. Have a look at _RemoteGetProcAddress(). */
    396401    kernel32 = LoadLibrary("kernel32.dll");
    397402    if(!kernel32)
Note: See TracChangeset for help on using the changeset viewer.