void EV_cbVirtualProtect()
{
unsigned int sec_addr=0;
unsigned int sec_size=0;
unsigned int esp_addr=0;
BYTE* sec_data=0;
esp_addr=(long)GetContextData(UE_ESP);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)((esp_addr)+4), &sec_addr, 4, 0);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)((esp_addr)+8), &sec_size, 4, 0);
BYTE* header_code=(BYTE*)malloc2(0x1000);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (void*)(sec_addr-0x1000), header_code, 0x1000, 0);
if(*(unsigned short*)header_code != 0x5A4D) //not a PE file
{
free2(header_code);
return;
}
free2(header_code);
DeleteAPIBreakPoint((char*)"kernel32.dll", (char*)"VirtualProtect", UE_APISTART);
sec_data=(BYTE*)malloc2(sec_size);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)sec_addr, sec_data, sec_size, 0);
unsigned int SetEnvA=0,SetEnvW=0;
SetEnvW=EV_FindSetEnvPattern(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
{
SetEnvW=EV_FindSetEnvPatternOld(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
{
SetEnvW=EV_FindSetEnvPatternOldOld(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
EV_FatalError("Could not locate the SetEnvW function, please contact Mr. eXoDia...");
}
}
//SetHardwareBreakPoint(SetEnvW, UE_DR1, UE_HARDWARE_EXECUTE, UE_HARDWARE_SIZE_1, (void*)EV_cbSetEnvW);
SetBPX(SetEnvW, UE_BREAKPOINT, (void*)EV_cbSetEnvW);
SetEnvA=EV_FindSetEnvPattern(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
{
SetEnvA=EV_FindSetEnvPatternOld(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
{
SetEnvA=EV_FindSetEnvPatternOldOld(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
EV_FatalError("Could not locate the SetEnvA function, please contact Mr. eXoDia...");
}
}
//SetHardwareBreakPoint(SetEnvA, UE_DR0, UE_HARDWARE_EXECUTE, UE_HARDWARE_SIZE_1, (void*)EV_cbSetEnvA);
SetBPX(SetEnvW, UE_BREAKPOINT, (void*)EV_cbSetEnvA);
}
void EV_cbVirtualProtect()
{
DeleteAPIBreakPoint((char*)"kernel32.dll", (char*)"VirtualProtect", UE_APISTART);
unsigned int sec_addr=0;
unsigned int sec_size=0;
unsigned int esp_addr=0;
BYTE* sec_data=0;
esp_addr=(long)GetContextData(UE_ESP);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)((esp_addr)+4), &sec_addr, 4, 0);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)((esp_addr)+8), &sec_size, 4, 0);
sec_data=(BYTE*)malloc2(sec_size);
ReadProcessMemory(EV_fdProcessInfo->hProcess, (const void*)sec_addr, sec_data, sec_size, 0);
unsigned int SetEnvA=0,SetEnvW=0;
SetEnvW=EV_FindSetEnvPattern(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
{
SetEnvW=EV_FindSetEnvPatternOld(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
{
SetEnvW=EV_FindSetEnvPatternOldOld(sec_data, sec_size, false)+sec_addr;
if(!(SetEnvW-sec_addr))
EV_FatalError("Could not locate the SetEnvW function, please contact Mr. eXoDia...");
}
}
SetHardwareBreakPoint(SetEnvW, UE_DR1, UE_HARDWARE_EXECUTE, UE_HARDWARE_SIZE_1, (void*)EV_cbSetEnvW);
SetEnvA=EV_FindSetEnvPattern(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
{
SetEnvA=EV_FindSetEnvPatternOld(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
{
SetEnvA=EV_FindSetEnvPatternOldOld(sec_data, sec_size, true)+sec_addr;
if(!(SetEnvA-sec_addr))
EV_FatalError("Could not locate the SetEnvA function, please contact Mr. eXoDia...");
}
}
SetHardwareBreakPoint(SetEnvA, UE_DR0, UE_HARDWARE_EXECUTE, UE_HARDWARE_SIZE_1, (void*)EV_cbSetEnvA);
}