Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MinGW & CLang compilers support for exception_parser.cpp #62

Merged
merged 8 commits into from
Dec 4, 2024
Merged

MinGW & CLang compilers support for exception_parser.cpp #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1466071
Added CMakeSettings.json files from Visual Studio to .gitignore
Nov 30, 2024
6918a8e
Changed the method of setting exceptions to manually adding a new ent…
Nov 30, 2024
10ad75c
Space fix
Nov 30, 2024
80a1015
CLang & MinGW support in exception_parser
Dec 4, 2024
cbdec23
Sync with master
Dec 4, 2024
489ae34
MinGW & CLang support in exception_parser
Dec 4, 2024
b1fd0c0
Space fixes
Dec 4, 2024
3e4d7aa
Space fix
Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions libpeconv/include/peconv/util.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,25 @@
#include "file_util.h"
#include "resource_util.h"

#ifdef _MSC_VER
#define PECONV_FORCEINLINE __forceinline
#define PECONV_TRY_EXCEPT_BLOCK_START __try {
#define PECONV_TRY_EXCEPT_BLOCK_END __except (EXCEPTION_EXECUTE_HANDLER) {
#else
#define PECONV_FORCEINLINE __attribute__((always_inline)) inline
#define PECONV_TRY_EXCEPT_BLOCK_START try {
#define PECONV_TRY_EXCEPT_BLOCK_END catch (...) {
#endif


namespace peconv {
/**
Checks if the given buffer is fully filled with the specified character.
\param cave_ptr : pointer to the buffer to be checked
\param cave_size : size of the buffer to be checked
\param padding_char : the required character
*/
bool is_padding(const BYTE *cave_ptr, size_t cave_size, const BYTE padding_char);
bool is_padding(const BYTE* cave_ptr, size_t cave_size, const BYTE padding_char);

/**
Wrapper for GetProcessId - for a backward compatibility with old versions of Windows
Expand All @@ -37,5 +48,4 @@ namespace peconv {
\param areaSize : The size of the memory block, in bytes. If this parameter is zero, the return value is true (bad pointer).
*/
bool is_bad_read_ptr(LPCVOID areaStart, SIZE_T areaSize);
};

};
35 changes: 23 additions & 12 deletions libpeconv/src/exceptions_parser.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
#include "peconv/exceptions_parser.h"

#include "peconv/pe_hdrs_helper.h"
#include "peconv/util.h"
#include "ntddk.h"

#ifdef _DEBUG
#include <iostream>
#endif

#ifndef min
#define min(a,b) (((a) < (b)) ? (a) : (b))
#endif

namespace details {
#define RTL_VERIFY_FLAGS_MAJOR_VERSION 0
#define RTL_VERIFY_FLAGS_MINOR_VERSION 1
Expand Down Expand Up @@ -157,7 +162,7 @@ namespace details {
_In_ ULONG BuildNumber
) {
NtVersion version{};
RtlSecureZeroMemory(&version, sizeof NtVersion);
RtlSecureZeroMemory(&version, sizeof(NtVersion));
RtlCurrentVersion(&version);
if (version.MajorVersion == MajorVersion) {
if (version.MinorVersion == MinorVersion) return version.BuildNumber >= BuildNumber;
Expand All @@ -173,7 +178,7 @@ namespace details {
_In_ BYTE Flags
) {
NtVersion version{};
RtlSecureZeroMemory(&version, sizeof NtVersion);
RtlSecureZeroMemory(&version, sizeof(NtVersion));
RtlCurrentVersion(&version);
if (version.MajorVersion == MajorVersion &&
((Flags & RTL_VERIFY_FLAGS_MINOR_VERSION) ? version.MinorVersion == MinorVersion : true) &&
Expand Down Expand Up @@ -211,7 +216,7 @@ namespace details {
}
#endif

static __forceinline bool IsModuleUnloaded(PLDR_DATA_TABLE_ENTRY entry) {
static PECONV_FORCEINLINE bool IsModuleUnloaded(PLDR_DATA_TABLE_ENTRY entry) {
if (RtlIsWindowsVersionOrGreater(6, 2, 0)) { // Windows 8+
return PLDR_DATA_TABLE_ENTRY_WIN8(entry)->DdagNode->State == LdrModulesUnloaded;
}
Expand All @@ -227,11 +232,17 @@ namespace details {

NTSTATUS status = STATUS_SUCCESS;

#ifdef _MSC_VER
#define RtlFindMemoryBlockFromModuleSection__leave __leave
#else
#define RtlFindMemoryBlockFromModuleSection__leave return status
#endif

#ifdef _DEBUG
std::cout << "Searching in section " << SectionName << " in module " << ModuleHandle << std::endl;
#endif

__try {
PECONV_TRY_EXCEPT_BLOCK_START

//
// checks if no search pattern and length are provided
Expand All @@ -241,7 +252,7 @@ namespace details {
SearchContext->Result = nullptr;
SearchContext->MemoryBlockSize = 0;
status = STATUS_INVALID_PARAMETER;
__leave;
RtlFindMemoryBlockFromModuleSection__leave;
}

if (SearchContext->Result) {
Expand Down Expand Up @@ -273,12 +284,12 @@ namespace details {
SearchContext->Result = nullptr;
SearchContext->MemoryBlockSize = 0;
status = STATUS_NOT_FOUND;
__leave;
RtlFindMemoryBlockFromModuleSection__leave;
}
}
else {
status = STATUS_INVALID_PARAMETER_1;
__leave;
RtlFindMemoryBlockFromModuleSection__leave;
}
}

Expand All @@ -289,7 +300,7 @@ namespace details {
LPBYTE end = SearchContext->Result + SearchContext->MemoryBlockSize - SearchContext->PatternSize;
while (SearchContext->Result <= end) {
if (RtlCompareMemory(SearchContext->SearchPattern, SearchContext->Result, SearchContext->PatternSize) == SearchContext->PatternSize) {
__leave;
RtlFindMemoryBlockFromModuleSection__leave;
}

++SearchContext->Result;
Expand All @@ -304,7 +315,7 @@ namespace details {
SearchContext->MemoryBlockSize = 0;
status = STATUS_NOT_FOUND;
}
__except (EXCEPTION_EXECUTE_HANDLER) {
PECONV_TRY_EXCEPT_BLOCK_END
status = GetExceptionCode();
}

Expand Down Expand Up @@ -356,7 +367,7 @@ namespace details {
SEARCH_CONTEXT SearchContext{};
SearchContext.SearchPattern = reinterpret_cast<LPBYTE>(&entry);
SearchContext.PatternSize = sizeof(entry);
RtlSecureZeroMemory(&entry, sizeof entry);
RtlSecureZeroMemory(&entry, sizeof(entry));

// Windows 8
if (RtlVerifyVersion(6, 2, 0, RTL_VERIFY_FLAGS_MAJOR_VERSION | RTL_VERIFY_FLAGS_MINOR_VERSION)) {
Expand Down Expand Up @@ -421,7 +432,7 @@ namespace details {
auto NtdllHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>(RtlImageNtHeader(hNtdll));
PIMAGE_NT_HEADERS ModuleHeaders = nullptr;
_RTL_INVERTED_FUNCTION_TABLE_ENTRY_WIN7_32 entry{};
RtlSecureZeroMemory(&entry, sizeof entry);
RtlSecureZeroMemory(&entry, sizeof(entry));
LPCSTR lpSectionName = ".data";
SEARCH_CONTEXT SearchContext{
};
Expand Down Expand Up @@ -611,4 +622,4 @@ bool peconv::setup_exceptions(IN BYTE* modulePtr, IN size_t moduleSize)
moduleSize = img_size;
}
return NT_SUCCESS(details::RtlInsertInvertedFunctionTable(modulePtr, moduleSize));
}
}
Loading