|
|
|
@ -141,7 +141,7 @@ bool ProcessManager::findProcessess()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// FIXME: this fails when the wine process isn't started from the 'current working directory'. strip path data from cmdline
|
|
|
|
// FIXME: this fails when the wine process isn't started from the 'current working directory'. strip path data from cmdline
|
|
|
|
// DF in wine?
|
|
|
|
// is this windows version of Df running in wine?
|
|
|
|
if(strstr(target_name, "wine-preloader")!= NULL)
|
|
|
|
if(strstr(target_name, "wine-preloader")!= NULL)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// get working directory
|
|
|
|
// get working directory
|
|
|
|
@ -232,30 +232,42 @@ bool ProcessManager::findProcessess()
|
|
|
|
for ( int i = 0; i < numProccesses; i++ )
|
|
|
|
for ( int i = 0; i < numProccesses; i++ )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
found = false;
|
|
|
|
found = false;
|
|
|
|
|
|
|
|
|
|
|
|
// open process
|
|
|
|
// open process
|
|
|
|
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcArray[i] );
|
|
|
|
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcArray[i] );
|
|
|
|
if (NULL == hProcess)
|
|
|
|
if (NULL == hProcess)
|
|
|
|
continue;
|
|
|
|
continue;
|
|
|
|
// we've got some process, look at its first module
|
|
|
|
|
|
|
|
if(EnumProcessModules(hProcess, &hmod, 1 * sizeof(HMODULE), &junk))
|
|
|
|
// try getting the first module of the process
|
|
|
|
|
|
|
|
if(EnumProcessModules(hProcess, &hmod, 1 * sizeof(HMODULE), &junk) == 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// TODO: check module filename to verify that it's DF!
|
|
|
|
CloseHandle(hProcess);
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// got base ;)
|
|
|
|
// got base ;)
|
|
|
|
uint32_t base = (uint32_t)hmod;
|
|
|
|
uint32_t base = (uint32_t)hmod;
|
|
|
|
|
|
|
|
|
|
|
|
// read from this process
|
|
|
|
// read from this process
|
|
|
|
g_ProcessHandle = hProcess;
|
|
|
|
g_ProcessHandle = hProcess;
|
|
|
|
uint32_t pe_offset = MreadDWord(base+0x3C);
|
|
|
|
uint32_t pe_offset = MreadDWord(base+0x3C);
|
|
|
|
Mread(base + pe_offset , sizeof(pe_header), (uint8_t *)&pe_header);
|
|
|
|
Mread(base + pe_offset , sizeof(pe_header), (uint8_t *)&pe_header);
|
|
|
|
Mread(base + pe_offset+ sizeof(pe_header), sizeof(sections) , (uint8_t *)§ions );
|
|
|
|
Mread(base + pe_offset+ sizeof(pe_header), sizeof(sections) , (uint8_t *)§ions );
|
|
|
|
|
|
|
|
|
|
|
|
// see if there's a version entry that matches this process
|
|
|
|
// see if there's a version entry that matches this process
|
|
|
|
vector<memory_info>::iterator it;
|
|
|
|
vector<memory_info>::iterator it;
|
|
|
|
for ( it=meminfo.begin() ; it < meminfo.end(); it++ )
|
|
|
|
for ( it=meminfo.begin() ; it < meminfo.end(); it++ )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// filter by OS
|
|
|
|
// filter by OS
|
|
|
|
if(memory_info::OS_WINDOWS == (*it).getOS())
|
|
|
|
if(memory_info::OS_WINDOWS != (*it).getOS())
|
|
|
|
{
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// filter by timestamp
|
|
|
|
uint32_t pe_timestamp = (*it).getHexValue("pe_timestamp");
|
|
|
|
uint32_t pe_timestamp = (*it).getHexValue("pe_timestamp");
|
|
|
|
if (pe_timestamp == pe_header.FileHeader.TimeDateStamp)
|
|
|
|
if (pe_timestamp != pe_header.FileHeader.TimeDateStamp)
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// all went well
|
|
|
|
{
|
|
|
|
{
|
|
|
|
printf("Match found! Using version %s.\n", (*it).getVersion().c_str());
|
|
|
|
printf("Match found! Using version %s.\n", (*it).getVersion().c_str());
|
|
|
|
// give the process a data model and memory layout fixed for the base of first module
|
|
|
|
// give the process a data model and memory layout fixed for the base of first module
|
|
|
|
@ -270,14 +282,12 @@ bool ProcessManager::findProcessess()
|
|
|
|
break; // break the iterator loop
|
|
|
|
break; // break the iterator loop
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// close handle of processes that aren't DF
|
|
|
|
// close handle of processes that aren't DF
|
|
|
|
if(!found)
|
|
|
|
if(!found)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
CloseHandle(hProcess);
|
|
|
|
CloseHandle(hProcess);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(processes.size())
|
|
|
|
if(processes.size())
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
@ -289,32 +299,39 @@ void ProcessManager::ParseVTable(TiXmlElement* vtable, memory_info& mem)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
TiXmlElement* pClassEntry;
|
|
|
|
TiXmlElement* pClassEntry;
|
|
|
|
TiXmlElement* pClassSubEntry;
|
|
|
|
TiXmlElement* pClassSubEntry;
|
|
|
|
|
|
|
|
// check for rebase, do rebase if check positive
|
|
|
|
const char * rebase = vtable->Attribute("rebase");
|
|
|
|
const char * rebase = vtable->Attribute("rebase");
|
|
|
|
if(rebase)
|
|
|
|
if(rebase)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
int32_t rebase_offset = strtol(rebase, NULL, 16);
|
|
|
|
int32_t rebase_offset = strtol(rebase, NULL, 16);
|
|
|
|
mem.RebaseVTable(rebase_offset);
|
|
|
|
mem.RebaseVTable(rebase_offset);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// parse vtable entries
|
|
|
|
pClassEntry = vtable->FirstChildElement();
|
|
|
|
pClassEntry = vtable->FirstChildElement();
|
|
|
|
for(;pClassEntry;pClassEntry=pClassEntry->NextSiblingElement())
|
|
|
|
for(;pClassEntry;pClassEntry=pClassEntry->NextSiblingElement())
|
|
|
|
{
|
|
|
|
{
|
|
|
|
string type = pClassEntry->Value();
|
|
|
|
string type = pClassEntry->Value();
|
|
|
|
const char *cstr_name = pClassEntry->Attribute("name");
|
|
|
|
const char *cstr_name = pClassEntry->Attribute("name");
|
|
|
|
const char *cstr_vtable = pClassEntry->Attribute("vtable");
|
|
|
|
const char *cstr_vtable = pClassEntry->Attribute("vtable");
|
|
|
|
|
|
|
|
// it's a simple class
|
|
|
|
if(type== "class")
|
|
|
|
if(type== "class")
|
|
|
|
{
|
|
|
|
{
|
|
|
|
mem.setClass(cstr_name, cstr_vtable);
|
|
|
|
mem.setClass(cstr_name, cstr_vtable);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// it's a multi-type class
|
|
|
|
else if (type == "multiclass")
|
|
|
|
else if (type == "multiclass")
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
// get offset of the type variable
|
|
|
|
const char *cstr_typeoffset = pClassEntry->Attribute("typeoffset");
|
|
|
|
const char *cstr_typeoffset = pClassEntry->Attribute("typeoffset");
|
|
|
|
int mclass = mem.setMultiClass(cstr_name, cstr_vtable, cstr_typeoffset);
|
|
|
|
int mclass = mem.setMultiClass(cstr_name, cstr_vtable, cstr_typeoffset);
|
|
|
|
|
|
|
|
// parse class sub-entries
|
|
|
|
pClassSubEntry = pClassEntry->FirstChildElement();
|
|
|
|
pClassSubEntry = pClassEntry->FirstChildElement();
|
|
|
|
for(;pClassSubEntry;pClassSubEntry=pClassSubEntry->NextSiblingElement())
|
|
|
|
for(;pClassSubEntry;pClassSubEntry=pClassSubEntry->NextSiblingElement())
|
|
|
|
{
|
|
|
|
{
|
|
|
|
type = pClassSubEntry->Value();
|
|
|
|
type = pClassSubEntry->Value();
|
|
|
|
if(type== "class")
|
|
|
|
if(type== "class")
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
// type is a value loaded from type offset
|
|
|
|
cstr_name = pClassSubEntry->Attribute("name");
|
|
|
|
cstr_name = pClassSubEntry->Attribute("name");
|
|
|
|
const char *cstr_value = pClassSubEntry->Attribute("type");
|
|
|
|
const char *cstr_value = pClassSubEntry->Attribute("type");
|
|
|
|
mem.setMultiClassChild(mclass,cstr_name,cstr_value);
|
|
|
|
mem.setMultiClassChild(mclass,cstr_name,cstr_value);
|
|
|
|
@ -338,6 +355,7 @@ void ProcessManager::ParseEntry (TiXmlElement* entry, memory_info& mem, map <str
|
|
|
|
string base = cstr_base;
|
|
|
|
string base = cstr_base;
|
|
|
|
ParseEntry(knownEntries[base], mem, knownEntries);
|
|
|
|
ParseEntry(knownEntries[base], mem, knownEntries);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// mandatory attributes missing?
|
|
|
|
// mandatory attributes missing?
|
|
|
|
if(!(cstr_version && cstr_os))
|
|
|
|
if(!(cstr_version && cstr_os))
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@ -374,6 +392,7 @@ void ProcessManager::ParseEntry (TiXmlElement* entry, memory_info& mem, map <str
|
|
|
|
cerr << "unknown operating system " << os << endl;
|
|
|
|
cerr << "unknown operating system " << os << endl;
|
|
|
|
return;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// process additional entries
|
|
|
|
// process additional entries
|
|
|
|
//cout << "Entry " << cstr_version << " " << cstr_os << endl;
|
|
|
|
//cout << "Entry " << cstr_version << " " << cstr_os << endl;
|
|
|
|
pMemEntry = entry->FirstChildElement()->ToElement();
|
|
|
|
pMemEntry = entry->FirstChildElement()->ToElement();
|
|
|
|
|
Petr Mrázek