Пример #1
0
static void UninstallIATHook()
{
	LOGGING_DEBUG(lg) << "IAT hook cleanup started.";
	pgWeIatHooker.release();
	LOGGING_TRACE(lg) << "WE IAT hook cleaned.";
	pgStormIatHooker.release();
	LOGGING_TRACE(lg) << "Storm.dll IAT hook cleaned.";
	LOGGING_DEBUG(lg) << "IAT hook cleanup completed.";
}
Пример #2
0
/*
 * Broadcast Logging service ready indication to any Logging application
 * Each netlink message will have a message of type tAniMsgHdr inside.
 */
void wlan_logging_srv_nl_ready_indication(void)
{
	struct sk_buff *skb = NULL;
	struct nlmsghdr *nlh;
	tAniNlHdr *wnl = NULL;
	int payload_len;
	int    err;
	static int rate_limit;

	payload_len = sizeof(tAniHdr) + sizeof(wlan_logging_ready) +
		sizeof(wnl->radio);
	skb = dev_alloc_skb(NLMSG_SPACE(payload_len));
	if (NULL == skb) {
		if (!rate_limit) {
			LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
					"NLINK: skb alloc fail %s", __func__);
		}
		rate_limit = 1;
		return;
	}
	rate_limit = 0;

	nlh = nlmsg_put(skb, 0, 0, ANI_NL_MSG_LOG, payload_len,
			NLM_F_REQUEST);
	if (NULL == nlh) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"%s: nlmsg_put() failed for msg size[%d]",
				__func__, payload_len);
		kfree_skb(skb);
		return;
	}

	wnl = (tAniNlHdr *) nlh;
	wnl->radio = 0;
	wnl->wmsg.type = ANI_NL_MSG_READY_IND_TYPE;
	wnl->wmsg.length = sizeof(wlan_logging_ready);
	memcpy((char*)&wnl->wmsg + sizeof(tAniHdr),
			wlan_logging_ready,
			sizeof(wlan_logging_ready));

	/* sender is in group 1<<0 */
	NETLINK_CB(skb).dst_group = WLAN_NLINK_MCAST_GRP_ID;

	/*multicast the message to all listening processes*/
	err = nl_srv_bcast(skb);
	if (err) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_INFO_LOW,
			"NLINK: Ready Indication Send Fail %s, err %d",
			__func__, err);
	}
	return;
}
Пример #3
0
static void InitInlineHook()
{
	LOGGING_DEBUG(lg) << "Start installing inline hooks.";

	pgTrueWeGetSystemParameter = (uintptr_t)0x004D1DB0;
	LOGGING_TRACE(lg) << base::format("Found WeGetSystemParameter at 0x%08X.", pgTrueWeGetSystemParameter);
	INSTALL_INLINE_HOOK(WeGetSystemParameter);

	pgTrueWeVerifyMapCellsLimit =  (uintptr_t)0x004E1EF0;
	LOGGING_TRACE(lg) << base::format("Found WeVerifyMapCellsLimit at 0x%08X.", pgTrueWeVerifyMapCellsLimit);
	uint32_t callOffset = *(uint32_t*)(pgTrueWeVerifyMapCellsLimit + 6);
	pgMapCellsGetUnknownGlobalFlag = pgTrueWeVerifyMapCellsLimit + callOffset + 10;
	LOGGING_TRACE(lg) << base::format("Found GetUnkownFlag at 0x%08X.", pgMapCellsGetUnknownGlobalFlag);
	pgWeVerifyMapCellsLimitPatcher.reset(new CMemoryPatch((void*)(pgTrueWeVerifyMapCellsLimit + 3), "\x90\x90", 2));
	pgWeVerifyMapCellsLimitPatcher->patch();
	INSTALL_INLINE_HOOK(WeVerifyMapCellsLimit);

	pgTrueWeTriggerNameCheck = (uintptr_t)0x005A4B40;
	LOGGING_TRACE(lg) << base::format("Found WeTriggerNameCheck at 0x%08X.", pgTrueWeTriggerNameCheck);
	INSTALL_INLINE_HOOK(WeTriggerNameCheck)

	pgTrueWeTriggerNameInputCharCheck = (uintptr_t)0x0042E390;
	LOGGING_TRACE(lg) << base::format("Found WeTriggerNameInputCharCheck at 0x%08X.", pgTrueWeTriggerNameInputCharCheck);
	pgWeTriggerNameInputCharCheckPatcher.reset(new CMemoryPatch(
		(void*)(pgTrueWeTriggerNameInputCharCheck + 3),
		"\x90\x90", 2)
	);
	pgWeTriggerNameInputCharCheckPatcher->patch();
	INSTALL_INLINE_HOOK(WeTriggerNameInputCharCheck);

	pgTrueWeSetWindowCaption = (uintptr_t)0x00433A00;
	LOGGING_TRACE(lg) << base::format("Found WeSetWindowCaption at 0x%08X.", pgTrueWeSetWindowCaption);
	INSTALL_INLINE_HOOK(WeSetWindowCaption);

	pgTrueWeSetMenuItem = (uintptr_t)0x0042AA10;
	LOGGING_TRACE(lg) << base::format("Found WeSetMenuItem at 0x%08X.", pgTrueWeSetMenuItem);
	INSTALL_INLINE_HOOK(WeSetMenuItem);

	pgTrueWeStringCompare = (uintptr_t)0x004D2D90;
	LOGGING_TRACE(lg) << base::format("Found WeStringCompare at 0x%08X.", pgTrueWeStringCompare);
	INSTALL_INLINE_HOOK(WeStringCompare);

	pgTrueWeTriggerEditorEditboxCopy = (uintptr_t)0x0071FE90;
	LOGGING_TRACE(lg) << base::format("Found TriggerEditorEditboxCopy at 0x%08X.", pgTrueWeTriggerEditorEditboxCopy);
	INSTALL_INLINE_HOOK(WeTriggerEditorEditboxCopy);

	pgTrueWeUtf8ToAnsi = (uintptr_t)0x00429CD0;
	LOGGING_TRACE(lg) << base::format("Found WeUtf8ToAnsi at 0x%08X.", pgTrueWeUtf8ToAnsi);
	INSTALL_INLINE_HOOK(WeUtf8ToAnsi);

	LOGGING_DEBUG(lg) << "Installing inline hooks complete.";
}
Пример #4
0
/* Utility function to send a netlink message to an application
 * in user space
 */
static int wlan_send_sock_msg_to_app(tAniHdr *wmsg, int radio,
				int src_mod, int pid)
{
	int err = -1;
	int payload_len;
	int tot_msg_len;
	tAniNlHdr *wnl = NULL;
	struct sk_buff *skb;
	struct nlmsghdr *nlh;
	int wmsg_length = wmsg->length;
	static int nlmsg_seq;

	if (radio < 0 || radio > ANI_MAX_RADIOS) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"%s: invalid radio id [%d]",
				__func__, radio);
		return -EINVAL;
	}

	payload_len = wmsg_length + sizeof(wnl->radio);
	tot_msg_len = NLMSG_SPACE(payload_len);
	skb = dev_alloc_skb(tot_msg_len);
	if (skb == NULL) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"%s: dev_alloc_skb() failed for msg size[%d]",
				__func__, tot_msg_len);
		return -ENOMEM;
	}
	nlh = nlmsg_put(skb, pid, nlmsg_seq++, src_mod, payload_len,
		NLM_F_REQUEST);
	if (NULL == nlh) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"%s: nlmsg_put() failed for msg size[%d]",
				__func__, tot_msg_len);
		kfree_skb(skb);
		return -ENOMEM;
	}

	wnl = (tAniNlHdr *) nlh;
	wnl->radio = radio;
	memcpy(&wnl->wmsg, wmsg, wmsg_length);
	err = nl_srv_ucast(skb, pid, MSG_DONTWAIT);
	if (err) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_INFO,
				"%s: Failed sending Msg Type [0x%X] to pid[%d]\n",
				__func__, wmsg->type, pid);
	}

	return err;
}
Пример #5
0
/*
 * Process all the Netlink messages from Logger Socket app in user space
 */
static int wlan_logging_proc_sock_rx_msg(struct sk_buff *skb)
{
	tAniNlHdr *wnl;
	int radio;
	int type;
	int ret;

	wnl = (tAniNlHdr *) skb->data;
	radio = wnl->radio;
	type = wnl->nlh.nlmsg_type;

	if (radio < 0 || radio > ANI_MAX_RADIOS) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"%s: invalid radio id [%d]\n",
				__func__, radio);
		return -EINVAL;
	}

	if (gapp_pid != INVALID_PID) {
		if (wnl->nlh.nlmsg_pid > gapp_pid) {
			gapp_pid = wnl->nlh.nlmsg_pid;
		}

		spin_lock_bh(&gwlan_logging.spin_lock);
		if (gwlan_logging.pcur_node->filled_length) {
			wlan_queue_logmsg_for_app();
		}
		spin_unlock_bh(&gwlan_logging.spin_lock);
		gwlan_logging.wakeEvent = TRUE;
		wake_up_interruptible(&gwlan_logging.wait_queue);
	} else {
		/* This is to set the default levels (WLAN logging
		 * default values not the VOS trace default) when
		 * logger app is registered for the first time.
		 */
		gapp_pid = wnl->nlh.nlmsg_pid;
		set_default_logtoapp_log_level();
	}

	ret = wlan_send_sock_msg_to_app(&wnl->wmsg, 0,
			ANI_NL_MSG_LOG, wnl->nlh.nlmsg_pid);
	if (ret < 0) {
		LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
				"wlan_send_sock_msg_to_app: failed");
	}

	return ret;
}
Пример #6
0
	HANDLE WINAPI DetourWeCreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
	{
		std::string fileName(lpFileName);
		std::string_view fileExt(fileName.data() + fileName.size() - 4, 4);
		if (std::string_view(fileName.data() + fileName.size() - 14, 14) == "war3mapMap.blp")
		{
			if (dwCreationDisposition == OPEN_EXISTING)
			{
				LOGGING_TRACE(lg) << "WE is about to compile maps.";
				gIsInCompileProcess = true;
			}
			else
			{
				gIsInCompileProcess = false;
			}
		}
		else if (gIsInCompileProcess && (fileExt == ".w3x" || fileExt == ".w3m"))
		{
			try {
				fs::path p(fileName);
				//p = p.parent_path().remove_filename() / p.filename();

				event_array[EVENT_SAVE_MAP]([&](lua_State* L, int idx){
					lua_pushstring(L, "map_path");
					lua_pushwstring(L, p.wstring());
					lua_settable(L, idx);
				});
			}
			catch (...) {				
			}
		}

		return base::std_call<HANDLE>(pgTrueCreateFileA, lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
	}
Пример #7
0
void NativeInit()
{
	CPEMemoryFileInfo pm;
	CPEMemoryFileInfo::TSectionInfoResult result = pm.querySection(".text");
	uintptr_t pWeTextSectionBase = result->get<0>();
	uint32_t weTextSectionLength = result->get<1>();

	LOGGING_DEBUG(lg) << "WE native function initialization begins.";

	fpgWeTemplateStringTranslate = MemoryPatternSearch((void *)pWeTextSectionBase, weTextSectionLength, &gWeTemplateStringTranslatePattern[0], sizeof(gWeTemplateStringTranslatePattern));
	LOGGING_TRACE(lg) << base::format("Found WeTranlateTemplateString at 0x%08X.", fpgWeTemplateStringTranslate);

	fpgWeMessageShow = MemoryPatternSearch((void *)pWeTextSectionBase, weTextSectionLength, &gWeMessageShowPattern[0], sizeof(gWeMessageShowPattern));
	LOGGING_TRACE(lg) << base::format("Found WeMessageShow at 0x%08X.", fpgWeMessageShow);

	LOGGING_DEBUG(lg) << "WE native function initialization finished.";
}
Пример #8
0
	void LuaRegisterEvent(lua_State *pState, EVENT_ID evenetid, bool ignore_error, luabind::object const& func)
	{
		LOGGING_TRACE(lg) << "RegisterEvent id: " << evenetid << " ignore: " << (ignore_error ? "true" : "false");

		if (evenetid >= 0 && evenetid < EVENT_MAXIMUM)
		{
			event_array[evenetid].connect       (std::bind(LuaOnSignal, pState, std::placeholders::_1, ignore_error, func));
		}
	}
Пример #9
0
/**
 * send_flush_completion_to_user() - Indicate flush completion to the user
 *
 * This function is used to send the flush completion message to user space
 *
 * Return: None
 */
void send_flush_completion_to_user(void)
{
	uint32_t is_fatal, indicator, reason_code;

	vos_get_log_completion(&is_fatal, &indicator, &reason_code);

	/* Error on purpose, so that it will get logged in the kmsg */
	LOGGING_TRACE(VOS_TRACE_LEVEL_ERROR,
			"%s: Sending flush done to userspace", __func__);

	wlan_report_log_completion(is_fatal, indicator, reason_code);
}
Пример #10
0
static bool InstallPatch(const char* name, uintptr_t address, uint8_t *patch, uint32_t patchLength)
{
	bool ok = MemoryPatchAndVerify((void*)address, patch, patchLength);
	if (ok)
	{
		LOGGING_TRACE(lg) << base::format("Patch %s in 0x%08X success.", name, address);
	}
	else
	{
		LOGGING_ERROR(lg) << base::format("Patch %s in 0x%08X failed.", name, address);
	}
	return ok;
}
Пример #11
0
static void InitPatches()
{
	LOGGING_DEBUG(lg) << "Patches initialization started.";


	// Syntax check patch
	LOGGING_TRACE(lg) << "Installing syntax check patch";
	INSTALL_PATCH(syntaxCheck);

	// Auto disable trigger patch
	LOGGING_TRACE(lg) << "Installing auto disable patch";
	INSTALL_PATCH(autoDisable);

	// Enable trigger check patch
	LOGGING_TRACE(lg) << "Installing enable trigger check patch";
	INSTALL_PATCH(enableTriggerCheck1);
	INSTALL_PATCH(enableTriggerCheck2);

	LOGGING_TRACE(lg) << "Installing doodad limit patch";
	INSTALL_PATCH(doodadLimit);

	LOGGING_TRACE(lg) << "Installing unit/item limit patch";
	INSTALL_PATCH(unitItemLimit);

	LOGGING_TRACE(lg) << "Installing editor multi-instance patch";
	INSTALL_PATCH(editorInstanceCheck);

	LOGGING_TRACE(lg) << "Installing attack table patch";

	base::win::pe_reader module(GetModuleHandleW(NULL));
#define WE_ADDRESS(ADDR) ((uintptr_t)(ADDR) - 0x00400000 + (uintptr_t)module.module())
	enum ATTACK_TABLE
	{
		WESTRING_UE_ATTACKTYPE_SPELLS = 0,
		WESTRING_UE_ATTACKTYPE_NORMAL,
		WESTRING_UE_ATTACKTYPE_PIERCE,
		WESTRING_UE_ATTACKTYPE_SIEGE,
		WESTRING_UE_ATTACKTYPE_MAGIC,
		WESTRING_UE_ATTACKTYPE_CHAOS,
		WESTRING_UE_ATTACKTYPE_HERO,
	};
	uintptr_t attack_table_string[] = {
		WE_ADDRESS(0x007DF394),
		WE_ADDRESS(0x007DF374),
		WE_ADDRESS(0x007DF354),
		WE_ADDRESS(0x007DF334),
		WE_ADDRESS(0x007DF314),
		WE_ADDRESS(0x007DF2F4),
		WE_ADDRESS(0x007DF2D8),
	};

	uintptr_t ptr = WE_ADDRESS(0x00784488);
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_NORMAL]); ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_PIERCE]); ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_SIEGE]);  ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_MAGIC]);  ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_CHAOS]);  ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_SPELLS]); ptr += 4;
	base::hook::replace_pointer(ptr, attack_table_string[WESTRING_UE_ATTACKTYPE_HERO]);   ptr += 4;

#undef WE_ADDRESS

	LOGGING_DEBUG(lg) << "Patches initialization completed.";
}
Пример #12
0
	BOOL WINAPI DetourWeCreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
	{
		std::cmatch matcher;
		if (lpCommandLine && std::regex_match(lpCommandLine, matcher, gRegexCommandLine))
		{
			fs::path currentWarcraftMap = base::path::get(base::path::DIR_EXE).remove_filename() / matcher.str(1);
			LOGGING_TRACE(lg) << "Executing map " << currentWarcraftMap.wstring();

			if (gIsInCompileProcess)
			{
				LOGGING_TRACE(lg) << "Need to compile...";

				int results = event_array[EVENT_SAVE_MAP]([&](lua_State* L, int idx){
					lua_pushstring(L, "map_path");
					lua_pushwstring(L, currentWarcraftMap.wstring());
					lua_settable(L, idx);
				});

				gIsInCompileProcess = false;
				if (results < 0)
				{
					LOGGING_TRACE(lg) << "Save failed. Abort testing.";
					memset(lpProcessInformation, 0, sizeof(PROCESS_INFORMATION));
					return FALSE;
				}
			}
			else
			{
				LOGGING_TRACE(lg) << "No need to compile.";
			}

			int results = event_array[EVENT_TEST_MAP]([&](lua_State* L, int idx){
				lua_pushstring(L, "map_path");
				lua_pushwstring(L, currentWarcraftMap.wstring());
				lua_settable(L, idx);

				if (lpApplicationName) {
					lua_pushstring(L, "application_name");
					lua_pushastring(L, lpApplicationName);
					lua_settable(L, idx);
				}

				if (lpCommandLine) {
					lua_pushstring(L, "command_line");
					lua_pushastring(L, lpCommandLine);
					lua_settable(L, idx);
				}
			});
			return results >= 0;
		}
		else
		{
			// Retain original
			return base::std_call<BOOL>(pgTrueCreateProcessA,
				lpApplicationName,
				lpCommandLine,
				lpProcessAttributes,
				lpThreadAttributes,
				bInheritHandles,
				dwCreationFlags,
				lpEnvironment,
				lpCurrentDirectory,
				lpStartupInfo,
				lpProcessInformation
				);
		}
	}