From 94621db2e08c7cf0e071f4cfd2f84d28b2286577 Mon Sep 17 00:00:00 2001 From: Kaldaien Date: Mon, 13 Jun 2016 13:40:40 -0400 Subject: [PATCH] Crash handler integrated into SpecialK --- UnX/UnX.vcxproj | 4 +- UnX/compatibility.cpp | 300 +----------------------------------------- UnX/dllmain.cpp | 2 +- UnX/parameter.cpp | 2 +- 4 files changed, 6 insertions(+), 302 deletions(-) diff --git a/UnX/UnX.vcxproj b/UnX/UnX.vcxproj index 302b57d..ccc02e8 100644 --- a/UnX/UnX.vcxproj +++ b/UnX/UnX.vcxproj @@ -133,6 +133,7 @@ true false ProgramDatabase + false Windows @@ -147,7 +148,8 @@ true true true - true + false + false diff --git a/UnX/compatibility.cpp b/UnX/compatibility.cpp index 11947ba..4c91033 100644 --- a/UnX/compatibility.cpp +++ b/UnX/compatibility.cpp @@ -25,11 +25,6 @@ #include "hook.h" #include "log.h" -#define _NO_CVCONST_H -#include - -#pragma comment( lib, "dbghelp.lib" ) - typedef HMODULE (WINAPI *LoadLibraryA_pfn)(LPCSTR lpFileName); typedef HMODULE (WINAPI *LoadLibraryW_pfn)(LPCWSTR lpFileName); @@ -190,302 +185,9 @@ LoadLibraryExW_Detour ( return hMod; } -#include "window.h" - -LONG -WINAPI -UNX_TopLevelExceptionFilter ( _In_ struct _EXCEPTION_POINTERS *ExceptionInfo ) -{ - static bool last_chance = false; - - static CONTEXT last_ctx = { 0 }; - static EXCEPTION_RECORD last_exc = { 0 }; - - if (last_chance) - return 0; - - // On second chance it's pretty clear that no exception handler exists, - // terminate the software. - if (! memcmp (&last_ctx, ExceptionInfo->ContextRecord, sizeof CONTEXT)) { - if (! memcmp (&last_exc, ExceptionInfo->ExceptionRecord, sizeof EXCEPTION_RECORD)) { - extern HMODULE hDLLMod; - extern HMODULE hInjectorDLL; - extern BOOL APIENTRY DllMain (HMODULE hModule, - DWORD ul_reason_for_call, - LPVOID /* lpReserved */); - - last_chance = true; - - // Shutdown the module gracefully - DllMain (hDLLMod, DLL_PROCESS_DETACH, nullptr); - - // Shutdown Special K - FreeLibrary (hInjectorDLL); FreeLibrary (hInjectorDLL); FreeLibrary (hInjectorDLL); - - // Then the app - SendMessage (unx::window.hwnd, WM_QUIT, 0, 0); - } - } - - last_ctx = *ExceptionInfo->ContextRecord; - last_exc = *ExceptionInfo->ExceptionRecord; - - std::wstring desc; - - switch (ExceptionInfo->ExceptionRecord->ExceptionCode) - { - case EXCEPTION_ACCESS_VIOLATION: - desc = L"\t<< EXCEPTION_ACCESS_VIOLATION >>"; - //L"The thread tried to read from or write to a virtual address " - //L"for which it does not have the appropriate access."; - break; - - case EXCEPTION_ARRAY_BOUNDS_EXCEEDED: - desc = L"\t<< EXCEPTION_ARRAY_BOUNDS_EXCEEDED >>"; - //L"The thread tried to access an array element that is out of " - //L"bounds and the underlying hardware supports bounds checking."; - break; - - case EXCEPTION_BREAKPOINT: - desc = L"\t<< EXCEPTION_BREAKPOINT >>"; - //L"A breakpoint was encountered."; - break; - - case EXCEPTION_DATATYPE_MISALIGNMENT: - desc = L"\t<< EXCEPTION_DATATYPE_MISALIGNMENT >>"; - //L"The thread tried to read or write data that is misaligned on " - //L"hardware that does not provide alignment."; - break; - - case EXCEPTION_FLT_DENORMAL_OPERAND: - desc = L"\t<< EXCEPTION_FLT_DENORMAL_OPERAND >>"; - //L"One of the operands in a floating-point operation is denormal."; - break; - - case EXCEPTION_FLT_DIVIDE_BY_ZERO: - desc = L"\t<< EXCEPTION_FLT_DIVIDE_BY_ZERO >>"; - //L"The thread tried to divide a floating-point value by a " - //L"floating-point divisor of zero."; - break; - - case EXCEPTION_FLT_INEXACT_RESULT: - desc = L"\t<< EXCEPTION_FLT_INEXACT_RESULT >>"; - //L"The result of a floating-point operation cannot be represented " - //L"exactly as a decimal fraction."; - break; - - case EXCEPTION_FLT_INVALID_OPERATION: - desc = L"\t<< EXCEPTION_FLT_INVALID_OPERATION >>"; - break; - - case EXCEPTION_FLT_OVERFLOW: - desc = L"\t<< EXCEPTION_FLT_OVERFLOW >>"; - //L"The exponent of a floating-point operation is greater than the " - //L"magnitude allowed by the corresponding type."; - break; - - case EXCEPTION_FLT_STACK_CHECK: - desc = L"\t<< EXCEPTION_FLT_STACK_CHECK >>"; - //L"The stack overflowed or underflowed as the result of a " - //L"floating-point operation."; - break; - - case EXCEPTION_FLT_UNDERFLOW: - desc = L"\t<< EXCEPTION_FLT_UNDERFLOW >>"; - //L"The exponent of a floating-point operation is less than the " - //L"magnitude allowed by the corresponding type."; - break; - - case EXCEPTION_ILLEGAL_INSTRUCTION: - desc = L"\t<< EXCEPTION_ILLEGAL_INSTRUCTION >>"; - //L"The thread tried to execute an invalid instruction."; - break; - - case EXCEPTION_IN_PAGE_ERROR: - desc = L"\t<< EXCEPTION_IN_PAGE_ERROR >>"; - //L"The thread tried to access a page that was not present, " - //L"and the system was unable to load the page."; - break; - - case EXCEPTION_INT_DIVIDE_BY_ZERO: - desc = L"\t<< EXCEPTION_INT_DIVIDE_BY_ZERO >>"; - //L"The thread tried to divide an integer value by an integer " - //L"divisor of zero."; - break; - - case EXCEPTION_INT_OVERFLOW: - desc = L"\t<< EXCEPTION_INT_OVERFLOW >>"; - //L"The result of an integer operation caused a carry out of the " - //L"most significant bit of the result."; - break; - - case EXCEPTION_INVALID_DISPOSITION: - desc = L"\t<< EXCEPTION_INVALID_DISPOSITION >>"; - //L"An exception handler returned an invalid disposition to the " - //L"exception dispatcher."; - break; - - case EXCEPTION_NONCONTINUABLE_EXCEPTION: - desc = L"\t<< EXCEPTION_NONCONTINUABLE_EXCEPTION >>"; - //L"The thread tried to continue execution after a noncontinuable " - //L"exception occurred."; - break; - - case EXCEPTION_PRIV_INSTRUCTION: - desc = L"\t<< EXCEPTION_PRIV_INSTRUCTION >>"; - //L"The thread tried to execute an instruction whose operation is " - //L"not allowed in the current machine mode."; - break; - - case EXCEPTION_SINGLE_STEP: - desc = L"\t<< EXCEPTION_SINGLE_STEP >>"; - //L"A trace trap or other single-instruction mechanism signaled " - //L"that one instruction has been executed."; - break; - - case EXCEPTION_STACK_OVERFLOW: - desc = L"\t<< EXCEPTION_STACK_OVERFLOW >>"; - //L"The thread used up its stack."; - break; - } - - HMODULE hModSource; - char szModName [MAX_PATH] = { '\0' }; - DWORD64 eip = ExceptionInfo->ContextRecord->Eip; - HANDLE hProc = GetCurrentProcess (); - - if (GetModuleHandleEx ( GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, - (LPCWSTR)eip, - &hModSource )) { - GetModuleFileNameA (hModSource, szModName, MAX_PATH); - } - - DWORD BaseAddr = - SymGetModuleBase ( hProc, eip ); - - char* szDupName = strdup (szModName); - char* pszShortName = szDupName + lstrlenA (szDupName); - - while ( pszShortName > szDupName && - *(pszShortName - 1) != '\\') - --pszShortName; - - dll_log.Log (L"-----------------------------------------------------------"); - dll_log.Log (L"[! Except !] %s", desc.c_str ()); - dll_log.Log (L"-----------------------------------------------------------"); - dll_log.Log (L"[ FaultMod ] # File.....: '%hs'", szModName); - dll_log.Log (L"[ FaultMod ] * EIP Addr.: %hs+%ph", pszShortName, eip-BaseAddr); - - dll_log.Log ( L"[StackFrame] <-> Eip=%08xh, Esp=%08xh, Ebp=%08xh", - eip, - ExceptionInfo->ContextRecord->Esp, - ExceptionInfo->ContextRecord->Ebp ); - dll_log.Log ( L"[StackFrame] >-< Esi=%08xh, Edi=%08xh", - ExceptionInfo->ContextRecord->Esi, - ExceptionInfo->ContextRecord->Edi ); - - dll_log.Log ( L"[ GP Reg ] eax: 0x%08x", - ExceptionInfo->ContextRecord->Eax ); - dll_log.Log ( L"[ GP Reg ] ebx: 0x%08x", - ExceptionInfo->ContextRecord->Ebx ); - dll_log.Log ( L"[ GP Reg ] ecx: 0x%08x", - ExceptionInfo->ContextRecord->Ecx ); - dll_log.Log ( L"[ GP Reg ] edx: 0x%08x", - ExceptionInfo->ContextRecord->Edx ); - dll_log.Log ( L"[ GP Flags ] EFlags: 0x%08x", - ExceptionInfo->ContextRecord->EFlags ); - - SymLoadModule ( hProc, - nullptr, - szModName, - nullptr, - BaseAddr, - 0 ); - - SYMBOL_INFO_PACKAGE sip; - sip.si.SizeOfStruct = sizeof SYMBOL_INFO; - sip.si.MaxNameLen = sizeof sip.name; - - DWORD64 Displacement = 0; - - if ( SymFromAddr ( hProc, - eip, - &Displacement, - &sip.si ) ) { - dll_log.Log ( - L"-----------------------------------------------------------"); - - IMAGEHLP_LINE64 ihl64; - ihl64.SizeOfStruct = sizeof IMAGEHLP_LINE64; - - DWORD Disp; - BOOL bFileAndLine = - SymGetLineFromAddr64 ( hProc, eip, &Disp, &ihl64 ); - - if (bFileAndLine) { - dll_log.Log ( L"[-(Source)-] [!] %hs <%hs:%lu>", - sip.si.Name, - ihl64.FileName, - ihl64.LineNumber ); - } else { - dll_log.Log ( L"[--(Name)--] [!] %hs", - sip.si.Name ); - } - } - dll_log.Log (L"-----------------------------------------------------------"); - - SymUnloadModule (GetCurrentProcess (), BaseAddr); - - free (szDupName); - - if (ExceptionInfo->ExceptionRecord->ExceptionFlags != EXCEPTION_NONCONTINUABLE) - return EXCEPTION_CONTINUE_EXECUTION; - else { - return UnhandledExceptionFilter (ExceptionInfo); - } -} - -extern LONG WINAPI -UNX_TopLevelExceptionFilter ( _In_ struct _EXCEPTION_POINTERS *ExceptionInfo ); - - -typedef LPTOP_LEVEL_EXCEPTION_FILTER (WINAPI *SetUnhandledExceptionFilter_pfn)( - _In_opt_ LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter -); -SetUnhandledExceptionFilter_pfn SetUnhandledExceptionFilter_Original = nullptr; - - -LPTOP_LEVEL_EXCEPTION_FILTER -WINAPI -SetUnhandledExceptionFilter_Detour ( - _In_opt_ LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter -) -{ - //if (lpTopLevelExceptionFilter != 0) - //return SetUnhandledExceptionFilter_Original (UNX_TopLevelExceptionFilter); - - return SetUnhandledExceptionFilter_Original (lpTopLevelExceptionFilter); -} - - - void UNX_InitCompatBlacklist (void) -{ - SymInitialize ( - GetCurrentProcess (), - NULL, - TRUE ); - - SymRefreshModuleList (GetCurrentProcess ()); - - SetErrorMode (SEM_NOGPFAULTERRORBOX | SEM_FAILCRITICALERRORS); - SetUnhandledExceptionFilter (UNX_TopLevelExceptionFilter); - - UNX_CreateDLLHook ( L"kernel32.dll", "SetUnhandledExceptionFilter", - SetUnhandledExceptionFilter_Detour, - (LPVOID *)&SetUnhandledExceptionFilter_Original ); - +{ UNX_CreateDLLHook ( L"kernel32.dll", "LoadLibraryA", LoadLibraryA_Detour, (LPVOID*)&LoadLibraryA_Original ); diff --git a/UnX/dllmain.cpp b/UnX/dllmain.cpp index 0191cd6..602963d 100644 --- a/UnX/dllmain.cpp +++ b/UnX/dllmain.cpp @@ -138,7 +138,7 @@ DllMain (HMODULE hModule, UNX_VER_STR.c_str () ); dll_log.LogEx ( true, L"End unx.dll\n" ); dll_log.LogEx ( false, L"--------------- [Untitled X] " - L"---------------\n" ); + L"---------------" ); dll_log.close (); } break; diff --git a/UnX/parameter.cpp b/UnX/parameter.cpp index 9e40fe7..5981d43 100644 --- a/UnX/parameter.cpp +++ b/UnX/parameter.cpp @@ -105,7 +105,7 @@ unx::ParameterInt64::set_value (int64_t val) void unx::ParameterInt64::set_value_str (std::wstring str) { - value = _wtol (str.c_str ()); + value = _wtoll (str.c_str ()); }