Changeset 4645
- Timestamp:
- Sep 18, 2010, 1:09:03 AM (12 years ago)
- Location:
- zzuf/trunk/src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/src/libzzuf/sys.c
r4253 r4645 104 104 continue; 105 105 106 /* FIXME: The StarCraft 2 hack uses two methods for function 107 * diversion. See HookSsdt() and HookHotPatch(). */ 106 108 VirtualProtect(func, sizeof(func), PAGE_EXECUTE_READWRITE, &dummy); 107 109 WriteProcessMemory(GetCurrentProcess(), func, &new, -
zzuf/trunk/src/myfork.c
r4393 r4645 386 386 387 387 /* Backup the old entry point code */ 388 ReadProcessMemory(process, epaddr, code + loaderlen, 389 jumperlen, &tmp); 388 ReadProcessMemory(process, epaddr, code + loaderlen, jumperlen, &tmp); 390 389 if(tmp != jumperlen) 391 390 return -1; 391 392 /* XXX: at this point, the StarCraft 2 hack replaces the entry point 393 * contents with a jump to self, then waits until the program counter 394 * actually reaches the entry point. Not sure whether it is needed. */ 392 395 393 396 /* FIXME: the GetProcAddress calls assume the library was loaded at 394 397 * the same address in the child process. This is wrong since Vista 395 * and its address space randomisation. */ 398 * and its address space randomisation. The StarCraft 2 hack remotely 399 * parses the target process's module list in order to find the 400 * kernel32.dll address. Have a look at _RemoteGetProcAddress(). */ 396 401 kernel32 = LoadLibrary("kernel32.dll"); 397 402 if(!kernel32)
Note: See TracChangeset
for help on using the changeset viewer.