From 817085c172653e705320f128faa6db88eeaebc3d Mon Sep 17 00:00:00 2001 From: Siana Gearz Date: Sat, 21 Apr 2012 13:15:03 +0200 Subject: [PATCH] Probably antivirus-friendlier SLPlugin To detour SetUnhandledExceptionFilter to a dummy function, don't use WriteProcessMemory which is usually used for inter-process writes and debugging. Instead, use more common technique based on VirtualProtect. --- indra/llplugin/slplugin/slplugin.cpp | 11 ++++++++--- indra/newview/llwindebug.cpp | 28 ---------------------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/indra/llplugin/slplugin/slplugin.cpp b/indra/llplugin/slplugin/slplugin.cpp index 90ca3fea7..04662cf24 100644 --- a/indra/llplugin/slplugin/slplugin.cpp +++ b/indra/llplugin/slplugin/slplugin.cpp @@ -124,9 +124,14 @@ BOOL PreventSetUnhandledExceptionFilter() newJump[ 0 ] = 0xE9; // JMP absolute memcpy( &newJump[ 1 ], &dwRelativeAddr, sizeof( pNewFunc ) ); - SIZE_T bytesWritten; - BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten ); - return bRet; + //SIZE_T bytesWritten; + //BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten ); + DWORD oldProtect; + BOOL bRet = VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, PAGE_READWRITE, &oldProtect); + if (!bRet) return FALSE; + memcpy(pOrgEntry, newJump, sizeof(pNewFunc) + 1); + VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, oldProtect, &oldProtect); + return TRUE; #else return FALSE; #endif diff --git a/indra/newview/llwindebug.cpp b/indra/newview/llwindebug.cpp index 5c7ee642d..9b6ae853f 100644 --- a/indra/newview/llwindebug.cpp +++ b/indra/newview/llwindebug.cpp @@ -690,31 +690,6 @@ LPTOP_LEVEL_EXCEPTION_FILTER WINAPI MyDummySetUnhandledExceptionFilter( return gFilterFunc; } -BOOL PreventSetUnhandledExceptionFilter() -{ - HMODULE hKernel32 = LoadLibrary(_T("kernel32.dll")); - if (hKernel32 == NULL) - return FALSE; - - void *pOrgEntry = GetProcAddress(hKernel32, "SetUnhandledExceptionFilter"); - if(pOrgEntry == NULL) - return FALSE; - - unsigned char newJump[ 100 ]; - DWORD dwOrgEntryAddr = (DWORD)pOrgEntry; - dwOrgEntryAddr += 5; // add 5 for 5 op-codes for jmp far - void *pNewFunc = &MyDummySetUnhandledExceptionFilter; - DWORD dwNewEntryAddr = (DWORD) pNewFunc; - DWORD dwRelativeAddr = dwNewEntryAddr - dwOrgEntryAddr; - - newJump[ 0 ] = 0xE9; // JMP absolute - memcpy(&newJump[ 1 ], &dwRelativeAddr, sizeof(pNewFunc)); - SIZE_T bytesWritten; - BOOL bRet = WriteProcessMemory(GetCurrentProcess(), - pOrgEntry, newJump, sizeof(pNewFunc) + 1, &bytesWritten); - return bRet; -} - // static void LLWinDebug::initExceptionHandler(LPTOP_LEVEL_EXCEPTION_FILTER filter_func) { @@ -765,9 +740,6 @@ void LLWinDebug::initExceptionHandler(LPTOP_LEVEL_EXCEPTION_FILTER filter_func) LPTOP_LEVEL_EXCEPTION_FILTER prev_filter; prev_filter = SetUnhandledExceptionFilter(filter_func); - // *REMOVE:Mani - //PreventSetUnhandledExceptionFilter(); - if(prev_filter != gFilterFunc) { LL_WARNS("AppInit")