-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Utility: Add is_executable utility to replace IsBadCodePtr
- Loading branch information
Showing
4 changed files
with
56 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
#include <Windows.h> | ||
|
||
#include <safetyhook/utility.hpp> | ||
|
||
namespace safetyhook { | ||
bool is_page_executable(uint8_t* address) { | ||
MEMORY_BASIC_INFORMATION mbi; | ||
|
||
if (VirtualQuery(address, &mbi, sizeof(mbi)) == 0) { | ||
return false; | ||
} | ||
|
||
const auto executable_protect = PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY; | ||
|
||
return (mbi.Protect & executable_protect) != 0; | ||
} | ||
|
||
bool is_executable(uint8_t* address) { | ||
LPVOID image_base_ptr; | ||
|
||
if (RtlPcToFileHeader(address, &image_base_ptr) == nullptr) { | ||
return is_page_executable(address); | ||
} | ||
|
||
// Just check if the section is executable. | ||
const auto image_base = reinterpret_cast<uint8_t*>(image_base_ptr); | ||
const auto* dos_hdr = reinterpret_cast<const IMAGE_DOS_HEADER*>(image_base); | ||
|
||
if (dos_hdr->e_magic != IMAGE_DOS_SIGNATURE) { | ||
return is_page_executable(address); | ||
} | ||
|
||
const auto* nt_hdr = reinterpret_cast<const IMAGE_NT_HEADERS*>(image_base + dos_hdr->e_lfanew); | ||
|
||
if (nt_hdr->Signature != IMAGE_NT_SIGNATURE) { | ||
return is_page_executable(address); | ||
} | ||
|
||
const auto* section_hdr = IMAGE_FIRST_SECTION(nt_hdr); | ||
|
||
for (auto i = 0; i < nt_hdr->FileHeader.NumberOfSections; ++i) { | ||
const auto* section = §ion_hdr[i]; | ||
|
||
if (address >= image_base + section->VirtualAddress && | ||
address < image_base + section->VirtualAddress + section->Misc.VirtualSize) { | ||
return (section->Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0; | ||
} | ||
} | ||
|
||
return is_page_executable(address); | ||
} | ||
} // namespace safetyhook |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters