From b16d1f9f3f8d4d8eea1101c6cd6b028277241e6b Mon Sep 17 00:00:00 2001 From: Peace-Maker Date: Wed, 18 Apr 2018 00:57:58 +0200 Subject: [PATCH] Fix crash when accessing invalid argument index Just return null if a user tries to access an invalid argument that wasn't defined when detouring the function. --- DynamicHooks/conventions/x86MsCdecl.cpp | 3 +++ DynamicHooks/conventions/x86MsStdcall.cpp | 3 +++ DynamicHooks/conventions/x86MsThiscall.cpp | 12 +++++++++--- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/DynamicHooks/conventions/x86MsCdecl.cpp b/DynamicHooks/conventions/x86MsCdecl.cpp index bf8c834..85ff3e4 100644 --- a/DynamicHooks/conventions/x86MsCdecl.cpp +++ b/DynamicHooks/conventions/x86MsCdecl.cpp @@ -129,6 +129,9 @@ int x86MsCdecl::GetArgRegisterSize() void* x86MsCdecl::GetArgumentPtr(int iIndex, CRegisters* pRegisters) { + if (iIndex < 0 || iIndex >= m_vecArgTypes.length()) + return NULL; + // Check if this argument was passed in a register. if (m_vecArgTypes[iIndex].custom_register != None) { diff --git a/DynamicHooks/conventions/x86MsStdcall.cpp b/DynamicHooks/conventions/x86MsStdcall.cpp index d0d9777..827db59 100644 --- a/DynamicHooks/conventions/x86MsStdcall.cpp +++ b/DynamicHooks/conventions/x86MsStdcall.cpp @@ -137,6 +137,9 @@ int x86MsStdcall::GetArgRegisterSize() void* x86MsStdcall::GetArgumentPtr(int iIndex, CRegisters* pRegisters) { + if (iIndex < 0 || iIndex >= m_vecArgTypes.length()) + return NULL; + // Check if this argument was passed in a register. if (m_vecArgTypes[iIndex].custom_register != None) { diff --git a/DynamicHooks/conventions/x86MsThiscall.cpp b/DynamicHooks/conventions/x86MsThiscall.cpp index 275715a..8bce46f 100644 --- a/DynamicHooks/conventions/x86MsThiscall.cpp +++ b/DynamicHooks/conventions/x86MsThiscall.cpp @@ -150,11 +150,17 @@ void* x86MsThiscall::GetArgumentPtr(int iIndex, CRegisters* pRegisters) // TODO: Allow custom this register. return pRegisters->m_ecx->m_pAddress; } + + // The this pointer isn't explicitly defined as an argument. + iIndex--; + + if (iIndex < 0 || iIndex >= m_vecArgTypes.length()) + return NULL; // Check if this argument was passed in a register. - if (m_vecArgTypes[iIndex-1].custom_register != None) + if (m_vecArgTypes[iIndex].custom_register != None) { - CRegister *pRegister = pRegisters->GetRegister(m_vecArgTypes[iIndex-1].custom_register); + CRegister *pRegister = pRegisters->GetRegister(m_vecArgTypes[iIndex].custom_register); if (!pRegister) return NULL; @@ -162,7 +168,7 @@ void* x86MsThiscall::GetArgumentPtr(int iIndex, CRegisters* pRegisters) } int iOffset = 4; - for(int i=0; i < iIndex-1; i++) + for(int i=0; i < iIndex; i++) { if (m_vecArgTypes[i].custom_register == None) iOffset += m_vecArgTypes[i].size;