hasherezade
commented
3 years ago I will check it, but can you please clean it up to keep the convention used in the project? I mean to keep the curly brackets as they were + use spaces instead of tabs.
Closed Ou7law007 closed 3 years ago
hasherezade
commented
3 years ago I will check it, but can you please clean it up to keep the convention used in the project? I mean to keep the curly brackets as they were + use spaces instead of tabs.
hasherezade
commented
3 years ago I checked it and it works fine, so as soon as you make those small adjustments, I will merge it. Thanks!
hasherezade
commented
3 years ago I processed this fragment a bit, to make it more readable:
//
// Check if UNICODE_STRING
//
typedef struct _T_UNICODE_STRING {
uint16_t Length;
uint16_t MaximumLength;
wchar_t* Buffer;
} T_UNICODE_STRING;
T_UNICODE_STRING unicodeS = *(T_UNICODE_STRING*)arg1;
if (PIN_CheckReadAccess(unicodeS.Buffer))
{
size_t len = util::getAsciiLen((char*)unicodeS.Buffer, kMaxStr);
if (len == 1)
{ // Must be wide string
size_t wLen = util::getAsciiLenW(unicodeS.Buffer, kMaxStr);
if (wLen >= len)
{
if ((unicodeS.Length / sizeof(wchar_t)) == wLen && unicodeS.MaximumLength >= unicodeS.Length) // An extra check, just to make sure
{
ss << " -> ";
ss << "U\"" << unicodeS.Buffer << "\""; // Just made the U up to denote a UNICODE_STRING
return ss.str();
}
}
}
}According to my tests it should work the same, but please check just to be extra sure.
This should work for UNICODE_STRING arguments.
It works for me on both x86 and x64.
I only added lines from 353 to 386, but Visual Studio adapted my "curly braces on new line" setting and modified all of them accordingly.