fixed an issue where Import Tables are not correctly separated; up-ve…

…r SDKs

**only use calls to the original function AFTER fixing the stack (due to original call)
known issue: delayed import DLLs will lead to invalid image (at LdrLoadDll)
known issue: pack-ed DLLs are not supported

PEDetour/PE.cpp

@@ -440,7 +440,7 @@ bool PE::addImport(std::string dll, std::string functionName)
 
 		pDesc++;
 	}
-	
+
 	pDesc++;	// terminating null desc
 
 	void* pEntryData = (void*)pILT;	// hint name table with dll name entries
@@ -480,7 +480,8 @@ bool PE::addImport(std::string dll, std::string functionName)
 
 			j++;
 		}
-
+		*(uintptr_t*)(pEntryData) = 0;
+		advanceVoidPtr(pEntryData, sizeof(uintptr_t));
 		pDesc++;
 	}
 
@@ -497,6 +498,8 @@ bool PE::addImport(std::string dll, std::string functionName)
 			advanceVoidPtr(pEntryData, sizeof(uintptr_t));
 			j++;
 		}
+		*(uintptr_t*)(pEntryData) = 0;
+		advanceVoidPtr(pEntryData, sizeof(uintptr_t));
 		//for (int k = 0; k < 15; k++)
 		//{
 		//	*(uintptr_t*)(pEntryData) = *(ppThunk + j);

PEDetour/PEDetour.cpp

@@ -118,7 +118,6 @@ int main(int argc, char* argv[])
 		{
 			for (int i = 5; i < argc; i++)
 				vAddImports.push_back(argv[i]);
-
 		}
 	}
 
@@ -129,7 +128,7 @@ int main(int argc, char* argv[])
 	functionName = "?fnTestDLL@@YAHXZ";
 
 #ifndef _M_X64
-	injectionfname = "inject.asm";
+	injectionfname = "inject.x86.asm";
 #else
 	injectionfname = "inject.x86_64.asm";
 #endif

PEDetour/PEDetour.vcxproj

@@ -22,7 +22,7 @@
     <ProjectGuid>{529CCBA5-A031-4197-AE84-A95F585B5304}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>PEDetour</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0.14393.0</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">

PEDetour/capstone-win32/CREDITS.TXT

@@ -57,3 +57,10 @@ Christophe Avoinne (Hlide): Improve memory management for better performance.
 Michael Cohen & Nguyen Tan Cong: Python module installer.
 Adel Gadllah, Francisco Alonso & Stefan Cornelius: RPM package.
 Felix Gröbert (Google): fuzz testing harness.
+Xipiter LLC: Capstone logo redesigned.
+Satoshi Tanda: Support Windows kernel driver.
+Tang Yuhang: cstool.
+Andrew Dutcher: better Python setup.
+Ruben Boonen: PowerShell binding.
+David Zimmer: VB6 binding.
+Philippe Antoine: Integration with oss-fuzz and various fixes.

PEDetour/capstone-win32/ChangeLog

@@ -1,5 +1,187 @@
 This file details the changelog of Capstone.
 
+---------------------------------
+Version 3.0.5: July 18th, 2018
+
+
+[ Core ]
+
+- Fix the include path for Android builds when building cstool.
+- Add posibility to disable universal build for Mac OS.
+- cstool: Separate instruction bytes by spaces.
+- Fix code path of pkg-config in Cmake.
+- Update XCode project for XCode 9.1.
+- Add Cortex-M support to cstool.
+- Cmake forces to be build using MT with MSVC.
+- Better support for Mac OS kernel.
+
+
+[ X86 ]
+
+- Fix some issues in handling EVEX & VEX3 instructions.
+- Fix immediate operand for AND instruction in ATT mode.
+- Fix ATT syntax when imm operand is 0.
+- Better handle XACQUIRE/XRELEASE.
+- Fix imm operand of RETF.
+
+
+[ ARM ]
+
+- Fix an integer overlow bug.
+
+
+[ ARM64 ]
+
+- Bug fix for incorrect operand type in certain load/store instructions.
+
+
+[ Mips ]
+
+- Mode CS_MODE_MIPS32R6 automatically sets CS_MODE_32
+
+
+[ PPC ]
+
+- Fix endian check.
+
+
+[ Sparc ]
+
+- Fix an integer overlow bug.
+
+
+[ SystemZ ]
+
+- Fix an integer overlow bug.
+
+
+[ Python binding ]
+
+- Raise error on accessing irrelevant data fields if skipdata & detail modes are enable.
+
+
+---------------------------------
+Version 3.0.5-rc3: July 31st, 2017
+
+
+[ Core ]
+
+- Fix compilation for MacOS kernel extension
+- cstool to support armbe and arm64be modes
+- Add nmake.bat for Windows build
+- Fix an integer overflow for Windows kernel driver
+- Support to embedded Capstone into MacOS kernel
+- cstool: fix mips64 mode
+- Fix a compiling error in MS Visual Studio 2015
+- Install pkgconfig file with CMake build
+- Fix SOVERSION property of CMake build
+- Properly handle switching to Endian mode at run-time for Arm, Arm64, Mips & Sparc
+- Fix MingW build
+- Better handle CMake installation for Linux 64bit
+
+
+[ X86 ]
+
+- Support BND prefix of Intel MPX extension
+- Correct operand size for CALL/JMP in 64bit mode with prefix 0x66
+- LOCK NOP is a valid instruction
+- Fix ATT syntax for instruction with zero offset segment register
+- LES/LDS are invalid in 64bit mode
+- Fix number of operands for some MOV instructions
+
+
+[ ARM ]
+
+- Fix POP reg to update SP register
+- Update flags for UADD8 instruction
+
+
+[ ARM64 ]
+
+- Better performance with new lookup table
+- Handle system registers added in ARMv8.1/2
+
+
+[ Java binding ]
+
+- Better handle input with invalid code
+
+
+[ Visual Basic binding ]
+
+- New binding
+
+---------------------------------
+Version 3.0.5-rc2: March 2nd, 2017
+
+
+[ Core ]
+
+- Fix build for Visual Studio 2012
+- Fix X86_REL_ADDR macro
+- Add CS_VERSION_MAJOR, CS_VERSION_MINOR, CS_VERSION_EXTRA
+- Better support for embedding Capstone into Windows kernel drivers
+- Support to embedded Capstone into MacOS kernel
+- Support MacOS 10.11 and up
+- Better support for Cygwin
+- Support build packages for FreeBSD & DragonflyBSD
+- Add a command-line tool "cstool"
+- Properly handle switching to Endian mode at run-time for Arm, Arm64, Mips & Sparc
+
+
+[ X86 ]
+
+- Some random 16-bit code can be handled wrongly.
+- Remove abundant operand type X86_OP_FP
+- Fix instructions MOVQ, LOOP, LOOPE, LOOPNE, CALL/JMP rel16, REPNE LODSD, MOV *AX, MOFFS, FAR JMP/CALL
+- Add X86_REG_EFLAGS for STC and STD
+- Fix instruction attributes for SYSEXIT, MOVW, ROL, LGS, SLDT
+- Rename registers ST0-ST7 to be consistent with asm output
+
+
+[ ARM ]
+
+- Properly handle IT instruction
+- Fix LDRSB
+- Fix writeback for LDR
+- Fix Thumb BigEndian setup
+
+
+[ ARM64 ]
+
+- Fix arith extender
+- Fix writeback for LDR
+- Rename enum arm64_mrs_reg to arm64_sysreg
+
+
+[ PowerPC ]
+
+- Print 0 offset for memory operand
+
+
+[ Sparc ]
+
+- Fix POPC instruction
+
+
+[ Python binding ]
+
+- Better PyPy support
+- Add __version__
+- Better support for Python 3
+- Fix CS_SKIPDATA_CALLBACK prototype
+- Cast skipdata function inside binding to simplify the API
+
+
+[ Java binding ]
+
+- Better handle input with invalid code
+
+
+[ PowerShell ]
+
+- New binding
+
 ---------------------------------
 Version 3.0.4: July 15th, 2015
 

PEDetour/capstone-win32/README

@@ -14,9 +14,10 @@ Capstone offers some unparalleled features:
 - Provide semantics of the disassembled instruction, such as list of implicit
   registers read & written.
 
-- Implemented in pure C language, with lightweight wrappers for C++, C#, Go,
-  Java, Lua, NodeJS, Ocaml, Python, Ruby, Rust & Vala ready (available in
-  main code, or provided externally by the community).
+- Implemented in pure C language, with lightweight bindings for Visual Basic, PHP,
+  PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml,
+  Lua, Rust, Delphi, Free Pascal & Vala ready either in main code, or provided
+  externally by the community).
 
 - Native support for all popular platforms: Windows, Mac OSX, iOS, Android,
   Linux, *BSD, Solaris, etc.
@@ -45,7 +46,7 @@ See docs/README for how to customize & program your own tools with Capstone.
 
 [Hack]
 
-See HACK.TXT file for the structuture of the source code.
+See HACK.TXT file for the structure of the source code.
 
 
 [License]

PEDetour/capstone-win32/include/arm.h

@@ -8,7 +8,10 @@
 extern "C" {
 #endif
 
+#if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 #include <stdint.h>
+#endif
+
 #include "platform.h"
 
 #ifdef _MSC_VER
@@ -129,7 +132,7 @@ typedef enum arm_op_type {
 	ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers)
 	ARM_OP_PIMM, // P-Immediate (coprocessor registers)
 	ARM_OP_SETEND,	// operand for SETEND instruction
-	ARM_OP_SYSREG,	// MSR/MSR special register operand
+	ARM_OP_SYSREG,	// MSR/MRS special register operand
 } arm_op_type;
 
 //> Operand type for SETEND instruction

PEDetour/capstone-win32/include/arm64.h

@@ -8,7 +8,10 @@
 extern "C" {
 #endif
 
+#if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 #include <stdint.h>
+#endif
+
 #include "platform.h"
 
 #ifdef _MSC_VER
@@ -62,7 +65,7 @@ typedef enum arm64_cc {
 } arm64_cc;
 
 //> System registers
-typedef enum arm64_mrs_reg {
+typedef enum arm64_sysreg {
 	//> System registers for MRS
 	ARM64_SYSREG_INVALID           = 0,
 	ARM64_SYSREG_MDCCSR_EL0        = 0x9808, // 10  011  0000  0001  000
@@ -656,8 +659,8 @@ typedef enum arm64_reg {
 
 	//> alias registers
 
-	ARM64_REG_IP1 = ARM64_REG_X16,
-	ARM64_REG_IP0 = ARM64_REG_X17,
+	ARM64_REG_IP0 = ARM64_REG_X16,
+	ARM64_REG_IP1 = ARM64_REG_X17,
 	ARM64_REG_FP = ARM64_REG_X29,
 	ARM64_REG_LR = ARM64_REG_X30,
 } arm64_reg;