7cc5c4f330d47060/geode
1
0
Fork 0
mirror of https://github.com/geode-sdk/geode.git synced 2024-11-14 19:15:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix addresser following through thunk

Browse source
This commit is contained in:
altalk23 2024-09-16 09:54:38 +03:00
parent d82a3443c7
commit ad26357e73
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
loader/src/utils/addresser.cpp
View file

@ -83,6 +83,8 @@ FARPROC WINAPI delayLoadHook(unsigned dliNotify, PDelayLoadInfo pdli) {
}
extern "C" const PfnDliHook __pfnDliFailureHook2 = delayLoadHook;
PVOID GeodeFunctionTableAccess64(HANDLE hProcess, DWORD64 AddrBase);
#endif
intptr_t Addresser::followThunkFunction(intptr_t address) {
@ -146,7 +148,12 @@ intptr_t Addresser::followThunkFunction(intptr_t address) {
if (address && checkByteSequence(address, {0xFF, 0x25})) {
const auto offset = *reinterpret_cast<int32_t*>(address + 2);
// rip is at address + 6 (size of the instruction)
address = *reinterpret_cast<uintptr_t*>(address + 6 + offset);
auto checkAddress = *reinterpret_cast<uintptr_t*>(address + 6 + offset);
// only follow the thunk if it's not a hook handler
if (GeodeFunctionTableAccess64(GetCurrentProcess(), reinterpret_cast<DWORD64>(checkAddress)) == nullptr) {
address = checkAddress;
}
}
// if it starts with lea eax,..., it's a delay loaded func