search

stevemk14ebr / BF4-AtomBot

Latest version of my personal BF4 Hack
GNU General Public License v2.0
41 stars 21 forks source link

Bugs in PLH::IATHook::FindIATFunc #2

Open ddbb2017 opened 6 years ago

ddbb2017 commented 6 years ago

I came across your PLH::IATHook::FindIATFunc() and noticed that it had several bugs. Here's the correction:

bool FindIATFunc(char* ModuleName, char* FuncName, PIMAGE_THUNK_DATA* pFuncThunkOut)
{
    HINSTANCE hInst = GetModuleHandle(NULL);
    ULONG Sz;
    PIMAGE_IMPORT_DESCRIPTOR pImports = (PIMAGE_IMPORT_DESCRIPTOR)
        ImageDirectoryEntryToDataEx(hInst, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Sz, nullptr);

    for (int i = 0; pImports[i].Characteristics != 0; i++)
    {
        char* strModuleName = (char*)ResolveRVA(hInst, pImports[i].Name);
        if (_stricmp(ModuleName, strModuleName) != 0)
            continue;

        PIMAGE_THUNK_DATA pOriginalThunk = (PIMAGE_THUNK_DATA)
            ResolveRVA(hInst, pImports[i].OriginalFirstThunk);
        PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)
            ResolveRVA(hInst, pImports[i].FirstThunk);
        for (; pOriginalThunk->u1.Function != NULL; pOriginalThunk++, pThunk++)
        {
            if (pOriginalThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
                continue;

            PIMAGE_IMPORT_BY_NAME pImport = (PIMAGE_IMPORT_BY_NAME)
                ResolveRVA(hInst, pOriginalThunk->u1.AddressOfData);

            if (_stricmp(FuncName, pImport->Name) != 0)
                continue;

            *pFuncThunkOut = pThunk;
            return true;
        }
    }

    return false;
}
stevemk14ebr commented 6 years ago

Thank you for looking into this and finding this bug! However it was already reported to me and was fixed a little while ago in the PolyHook main repository: https://github.com/stevemk14ebr/PolyHook/blob/master/PolyHook/PolyHook.hpp#L1429

This repository contains and old version of PolyHook. I really do appreciate you looking at this though!