Changeset 4645


Ignore:
Timestamp:
Sep 18, 2010 1:09:03 AM (4 years ago)
Author:
sam
Message:

Add a few comments in the code for new Win32 strategies.

Location:
zzuf/trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/src/libzzuf/sys.c

    r4253 r4645  
    104104                continue; 
    105105 
     106            /* FIXME: The StarCraft 2 hack uses two methods for function 
     107             * diversion. See HookSsdt() and HookHotPatch(). */ 
    106108            VirtualProtect(func, sizeof(func), PAGE_EXECUTE_READWRITE, &dummy); 
    107109            WriteProcessMemory(GetCurrentProcess(), func, &new, 
  • zzuf/trunk/src/myfork.c

    r4393 r4645  
    386386 
    387387    /* Backup the old entry point code */ 
    388     ReadProcessMemory(process, epaddr, code + loaderlen, 
    389                       jumperlen, &tmp); 
     388    ReadProcessMemory(process, epaddr, code + loaderlen, jumperlen, &tmp); 
    390389    if(tmp != jumperlen) 
    391390        return -1; 
     391 
     392    /* XXX: at this point, the StarCraft 2 hack replaces the entry point 
     393     * contents with a jump to self, then waits until the program counter 
     394     * actually reaches the entry point. Not sure whether it is needed. */ 
    392395 
    393396    /* FIXME: the GetProcAddress calls assume the library was loaded at 
    394397     * the same address in the child process. This is wrong since Vista 
    395      * and its address space randomisation. */ 
     398     * and its address space randomisation. The StarCraft 2 hack remotely 
     399     * parses the target process's module list in order to find the 
     400     * kernel32.dll address. Have a look at _RemoteGetProcAddress(). */ 
    396401    kernel32 = LoadLibrary("kernel32.dll"); 
    397402    if(!kernel32) 
Note: See TracChangeset for help on using the changeset viewer.