introduced configurable retaddr check

spender-sandbox · Jan 14, 2013 · 4264155 · 4264155
1 parent 56acbe5
commit 4264155
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 0 deletions.
diff --git a/config.c b/config.c
@@ -59,6 +59,9 @@ void read_config()
                 else if(!strcmp(key, "first-process")) {
                     g_config.first_process = value[0] == '1';
                 }
+                else if(!strcmp(key, "retaddr-check")) {
+                    g_config.retaddr_check = value[0] == '1';
+                }
             }
         }
         fclose(fp);

diff --git a/config.h b/config.h
@@ -28,6 +28,9 @@ struct {
 
     // is this the first process or not?
     int first_process;
+
+    // do we want to enable the retaddr check?
+    int retaddr_check;
 } g_config;
 
 void read_config();
diff --git a/cuckoomon.c b/cuckoomon.c
@@ -386,6 +386,11 @@ BOOL APIENTRY DllMain(HANDLE hModule, DWORD dwReason, LPVOID lpReserved)
         // initialize the Sleep() skipping stuff
         init_sleep_skip(g_config.first_process);
 
+        // disable the retaddr check if the user wants so
+        if(g_config.retaddr_check == 0) {
+            hook_disable_retaddr_check();
+        }
+
         // initialize all hooks
         set_hooks();
 

diff --git a/hooking.c b/hooking.c
@@ -54,6 +54,9 @@ typedef struct _hook_info_t {
 
 static void ensure_valid_hook_info();
 
+// by default we enable the retaddr check
+static int g_enable_retaddr_check = 1;
+
 // length disassembler engine
 int lde(void *addr)
 {
@@ -82,6 +85,12 @@ static inline void __writefsdword(unsigned int index, unsigned int value)
 
 static int is_valid_backtrace(unsigned int ebp)
 {
+    // only perform this function when the retaddr-check is enabled, otherwise
+    // return true in all cases
+    if(g_enable_retaddr_check == 0) {
+        return 1;
+    }
+
     // http://en.wikipedia.org/wiki/Win32_Thread_Information_Block
     unsigned int top = __readfsdword(0x04);
     unsigned int bottom = __readfsdword(0x08);
@@ -780,3 +789,8 @@ void hook_set_last_error(unsigned int errcode)
     ensure_valid_hook_info();
     hook_info()->last_error = errcode;
 }
+
+void hook_disable_retaddr_check()
+{
+    g_enable_retaddr_check = 0;
+}
diff --git a/hooking.h b/hooking.h
@@ -56,6 +56,8 @@ int hook_is_inside();
 unsigned int hook_get_last_error();
 void hook_set_last_error(unsigned int errcode);
 
+void hook_disable_retaddr_check();
+
 #define HOOK_BACKTRACE_DEPTH 20
 
 #define HOOK_ENABLE_FPU 0