Singularity-Viewer/SingularityViewer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Probably antivirus-friendlier SLPlugin

Browse Source 
To detour SetUnhandledExceptionFilter to a dummy function, don't use WriteProcessMemory which
is usually used for inter-process writes and debugging. Instead, use more common technique
based on VirtualProtect.
This commit is contained in:
Siana Gearz
2012-04-21 13:15:03 +02:00
parent 5ce00cecef
commit 817085c172
2 changed files with 8 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
indra/llplugin/slplugin/slplugin.cpp
View File

@@ -124,9 +124,14 @@ BOOL PreventSetUnhandledExceptionFilter()
newJump[ 0 ] = 0xE9; // JMP absolute
memcpy( &newJump[ 1 ], &dwRelativeAddr, sizeof( pNewFunc ) );
SIZE_T bytesWritten;
BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten );
return bRet;
//SIZE_T bytesWritten;
//BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten );
DWORD oldProtect;
BOOL bRet = VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, PAGE_READWRITE, &oldProtect);
if (!bRet) return FALSE;
memcpy(pOrgEntry, newJump, sizeof(pNewFunc) + 1);
VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, oldProtect, &oldProtect);
return TRUE;
#else
return FALSE;
#endif

28
indra/newview/llwindebug.cpp
View File

@@ -690,31 +690,6 @@ LPTOP_LEVEL_EXCEPTION_FILTER WINAPI MyDummySetUnhandledExceptionFilter(
return gFilterFunc;
}
BOOL PreventSetUnhandledExceptionFilter()
{
HMODULE hKernel32 = LoadLibrary(_T("kernel32.dll"));
if (hKernel32 == NULL)
return FALSE;
void *pOrgEntry = GetProcAddress(hKernel32, "SetUnhandledExceptionFilter");
if(pOrgEntry == NULL)
return FALSE;
unsigned char newJump[ 100 ];
DWORD dwOrgEntryAddr = (DWORD)pOrgEntry;
dwOrgEntryAddr += 5; // add 5 for 5 op-codes for jmp far
void *pNewFunc = &MyDummySetUnhandledExceptionFilter;
DWORD dwNewEntryAddr = (DWORD) pNewFunc;
DWORD dwRelativeAddr = dwNewEntryAddr - dwOrgEntryAddr;
newJump[ 0 ] = 0xE9; // JMP absolute
memcpy(&newJump[ 1 ], &dwRelativeAddr, sizeof(pNewFunc));
SIZE_T bytesWritten;
BOOL bRet = WriteProcessMemory(GetCurrentProcess(),
pOrgEntry, newJump, sizeof(pNewFunc) + 1, &bytesWritten);
return bRet;
}
// static
void LLWinDebug::initExceptionHandler(LPTOP_LEVEL_EXCEPTION_FILTER filter_func)
{
@@ -765,9 +740,6 @@ void LLWinDebug::initExceptionHandler(LPTOP_LEVEL_EXCEPTION_FILTER filter_func)
LPTOP_LEVEL_EXCEPTION_FILTER prev_filter;
prev_filter = SetUnhandledExceptionFilter(filter_func);
// *REMOVE:Mani
//PreventSetUnhandledExceptionFilter();
if(prev_filter != gFilterFunc)
{
LL_WARNS("AppInit")