Singularity-Viewer/SingularityViewer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Probably antivirus-friendlier SLPlugin

Browse Source 
To detour SetUnhandledExceptionFilter to a dummy function, don't use WriteProcessMemory which
is usually used for inter-process writes and debugging. Instead, use more common technique
based on VirtualProtect.
This commit is contained in:
Siana Gearz
2012-04-21 13:15:03 +02:00
parent 5ce00cecef
commit 817085c172
2 changed files with 8 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
indra/llplugin/slplugin/slplugin.cpp
View File

@@ -124,9 +124,14 @@ BOOL PreventSetUnhandledExceptionFilter()
newJump[ 0 ] = 0xE9; // JMP absolute
memcpy( &newJump[ 1 ], &dwRelativeAddr, sizeof( pNewFunc ) );
SIZE_T bytesWritten;
BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten );
return bRet;
//SIZE_T bytesWritten;
//BOOL bRet = WriteProcessMemory( GetCurrentProcess(), pOrgEntry, newJump, sizeof( pNewFunc ) + 1, &bytesWritten );
DWORD oldProtect;
BOOL bRet = VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, PAGE_READWRITE, &oldProtect);
if (!bRet) return FALSE;
memcpy(pOrgEntry, newJump, sizeof(pNewFunc) + 1);
VirtualProtect(pOrgEntry, sizeof(pNewFunc) + 1, oldProtect, &oldProtect);
return TRUE;
#else
return FALSE;
#endif