Skip to content
Permalink
Browse files

Overlay: Resolve undefined behavior

* Now that we no longer do anything when unloading the overlay DLL,
remove the injection of FreeLibrary. This also drops some undefined
behavior.
** If we inject into rendering (D3Dxx.cpp) we hold a self-reference to
prevent to ever be unloaded. For this case, there is no issue as the
hooks will always exist.
** In case of no rendering-injection, our module can actually be
unloaded. In that case, MyFreeLibrary would call the original function
which in turn would lead to a call to DllMain with DLL_PROCESS_DETACH,
at which point we restore the hooks to their original equivalents in
dllmainProcDetach.
However, afterwards, execution returns to our MyFreeLibrary function,
whichs code is no longer the code we began executing.
** This also leads to the question whether the non-trampoline hooking
ever worked/even works. We restore, call the original (which is already
code that no longer exists) and then inject again.
  • Loading branch information...
Kissaki committed May 16, 2015
1 parent e5ddf55 commit da004cf82f983d1f8259217dd6bb13125c9bd8a7
Showing with 0 additions and 18 deletions.
  1. +0 −18 overlay/lib.cpp
@@ -45,7 +45,6 @@ static BOOL bBlackListed = FALSE;

static HardHook hhLoad;
static HardHook hhLoadW;
static HardHook hhFree;

static SharedData *sd = NULL;

@@ -385,20 +384,6 @@ static HMODULE WINAPI MyLoadLibraryW(const wchar_t *lpFileName) {
return h;
}

typedef BOOL(__stdcall *FreeLibraryType)(HMODULE hModule);
static BOOL WINAPI MyFreeLibrary(HMODULE hModule) {
ods("Lib: MyFreeLibrary %p", hModule);

//TODO: Move logic to HardHook.
// Call base without active hook in case of no trampoline.
FreeLibraryType oFreeLibrary = (FreeLibraryType) hhFree.call;
hhFree.restore();
BOOL r = oFreeLibrary(hModule);
hhFree.inject();

return r;
}

static LRESULT CALLBACK CallWndProc(int nCode, WPARAM wParam, LPARAM lParam) {
return CallNextHookEx(hhookWnd, nCode, wParam, lParam);
}
@@ -547,7 +532,6 @@ static void dllmainProcAttach(char *procname) {
// Hook our own LoadLibrary functions so we notice when a new library (like the d3d ones) is loaded.
hhLoad.setup(reinterpret_cast<voidFunc>(LoadLibraryA), reinterpret_cast<voidFunc>(MyLoadLibrary));
hhLoadW.setup(reinterpret_cast<voidFunc>(LoadLibraryW), reinterpret_cast<voidFunc>(MyLoadLibraryW));
hhFree.setup(reinterpret_cast<voidFunc>(FreeLibrary), reinterpret_cast<voidFunc>(MyFreeLibrary));

checkHooks(true);
ods("Lib: Injected into %s", procname);
@@ -744,8 +728,6 @@ static void dllmainProcDetach() {
hhLoad.reset();
hhLoadW.restore(true);
hhLoadW.reset();
hhFree.restore(true);
hhFree.reset();

if (sd)
UnmapViewOfFile(sd);

0 comments on commit da004cf

Please sign in to comment.
You can’t perform that action at this time.