Skip to content

Commit da1ce7e

Browse files
ELF-NigelELF-Nigel
committed
Expand prologue and region checks
1 parent e5e9dd7 commit da1ce7e

1 file changed

Lines changed: 31 additions & 3 deletions

File tree

auth.cpp

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,10 @@ std::atomic<bool> prologues_ready{ false };
112112
std::array<uint8_t, 16> pro_req{};
113113
std::array<uint8_t, 16> pro_verify{};
114114
std::array<uint8_t, 16> pro_checkinit{};
115+
std::array<uint8_t, 16> pro_error{};
116+
std::array<uint8_t, 16> pro_integrity{};
117+
std::array<uint8_t, 16> pro_watchdog{};
118+
std::array<uint8_t, 16> pro_section{};
115119

116120
void KeyAuth::api::init()
117121
{
@@ -2006,9 +2010,17 @@ void snapshot_prologues()
20062010
const auto req_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&KeyAuth::api::req));
20072011
const auto verify_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&VerifyPayload));
20082012
const auto check_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&checkInit));
2013+
const auto error_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&error));
2014+
const auto integ_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&integrity_check));
2015+
const auto watch_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&integrity_watchdog));
2016+
const auto section_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&check_section_integrity));
20092017
std::memcpy(pro_req.data(), req_ptr, pro_req.size());
20102018
std::memcpy(pro_verify.data(), verify_ptr, pro_verify.size());
20112019
std::memcpy(pro_checkinit.data(), check_ptr, pro_checkinit.size());
2020+
std::memcpy(pro_error.data(), error_ptr, pro_error.size());
2021+
std::memcpy(pro_integrity.data(), integ_ptr, pro_integrity.size());
2022+
std::memcpy(pro_watchdog.data(), watch_ptr, pro_watchdog.size());
2023+
std::memcpy(pro_section.data(), section_ptr, pro_section.size());
20122024
prologues_ready.store(true);
20132025
}
20142026

@@ -2019,9 +2031,17 @@ bool prologues_ok()
20192031
const auto req_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&KeyAuth::api::req));
20202032
const auto verify_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&VerifyPayload));
20212033
const auto check_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&checkInit));
2034+
const auto error_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&error));
2035+
const auto integ_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&integrity_check));
2036+
const auto watch_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&integrity_watchdog));
2037+
const auto section_ptr = reinterpret_cast<const uint8_t*>(reinterpret_cast<uintptr_t>(&check_section_integrity));
20222038
return std::memcmp(pro_req.data(), req_ptr, pro_req.size()) == 0 &&
20232039
std::memcmp(pro_verify.data(), verify_ptr, pro_verify.size()) == 0 &&
2024-
std::memcmp(pro_checkinit.data(), check_ptr, pro_checkinit.size()) == 0;
2040+
std::memcmp(pro_checkinit.data(), check_ptr, pro_checkinit.size()) == 0 &&
2041+
std::memcmp(pro_error.data(), error_ptr, pro_error.size()) == 0 &&
2042+
std::memcmp(pro_integrity.data(), integ_ptr, pro_integrity.size()) == 0 &&
2043+
std::memcmp(pro_watchdog.data(), watch_ptr, pro_watchdog.size()) == 0 &&
2044+
std::memcmp(pro_section.data(), section_ptr, pro_section.size()) == 0;
20252045
}
20262046

20272047
bool func_region_ok(const void* addr)
@@ -2434,7 +2454,11 @@ void checkInit() {
24342454
}
24352455
if (!func_region_ok(reinterpret_cast<const void*>(&KeyAuth::api::req)) ||
24362456
!func_region_ok(reinterpret_cast<const void*>(&VerifyPayload)) ||
2437-
!func_region_ok(reinterpret_cast<const void*>(&checkInit))) {
2457+
!func_region_ok(reinterpret_cast<const void*>(&checkInit)) ||
2458+
!func_region_ok(reinterpret_cast<const void*>(&error)) ||
2459+
!func_region_ok(reinterpret_cast<const void*>(&integrity_check)) ||
2460+
!func_region_ok(reinterpret_cast<const void*>(&integrity_watchdog)) ||
2461+
!func_region_ok(reinterpret_cast<const void*>(&check_section_integrity))) {
24382462
error(XorStr("function region check failed, possible hook detected."));
24392463
}
24402464
integrity_check();
@@ -2474,7 +2498,11 @@ void integrity_watchdog() {
24742498
}
24752499
if (!func_region_ok(reinterpret_cast<const void*>(&KeyAuth::api::req)) ||
24762500
!func_region_ok(reinterpret_cast<const void*>(&VerifyPayload)) ||
2477-
!func_region_ok(reinterpret_cast<const void*>(&checkInit))) {
2501+
!func_region_ok(reinterpret_cast<const void*>(&checkInit)) ||
2502+
!func_region_ok(reinterpret_cast<const void*>(&error)) ||
2503+
!func_region_ok(reinterpret_cast<const void*>(&integrity_check)) ||
2504+
!func_region_ok(reinterpret_cast<const void*>(&integrity_watchdog)) ||
2505+
!func_region_ok(reinterpret_cast<const void*>(&check_section_integrity))) {
24782506
error(XorStr("function region check failed, possible hook detected."));
24792507
}
24802508
if (check_section_integrity(XorStr(".text").c_str(), false)) {

0 commit comments

Comments
 (0)