admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed issue that caused assembly execution to fail when used more than once in a session.

Browse Source
This commit is contained in:
Jakob Friedl
2025-09-13 14:14:21 +02:00
parent 94f2f8121c
commit b7b9114258
3 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/agent/core/hwbp.nim
View File

@@ -1,4 +1,5 @@
import winim/lean
import ../../common/utils
# From: https://github.com/m4ul3r/malware/blob/main/nim/hardware_breakpoints/hardwarebreakpoints.nim
@@ -32,7 +33,7 @@ proc setHardwareBreakpoint*(pAddress: PVOID, fnHookFunc: PVOID, drx: DRX): bool
threadCtx.ContextFlags = CONTEXT_DEBUG_REGISTERS
if GetThreadContext(cast[HANDLE](-2), threadCtx.addr) == 0:
echo "[!] GetThreadContext Failed: ", GetLastError()
echo protect("[!] GetThreadContext Failed: "), GetLastError()
return false
case drx:
@@ -58,7 +59,7 @@ proc setHardwareBreakpoint*(pAddress: PVOID, fnHookFunc: PVOID, drx: DRX): bool
threadCtx.Dr7 = setDr7Bits(threadCtx.Dr7, (cast[int](drx) * 2), 1, 1)
if SetThreadContext(cast[HANDLE](-2), threadCtx.addr) == 0:
echo "[!] SetThreadContext Failed", GetLastError()
echo protect("[!] SetThreadContext Failed: "), GetLastError()
return false
return true
@@ -68,7 +69,7 @@ proc removeHardwareBreakpoint*(drx: DRX): bool =
threadCtx.ContextFlags = CONTEXT_DEBUG_REGISTERS
if GetThreadContext(cast[HANDLE](-2), threadCtx.addr) == 0:
echo "[!] GetThreadContext Failed: ", GetLastError()
echo protect("[!] GetThreadContext Failed: "), GetLastError()
return false
# Remove the address of the hooked function from the thread context
@@ -86,7 +87,7 @@ proc removeHardwareBreakpoint*(drx: DRX): bool =
threadCtx.Dr7 = setDr7Bits(threadCtx.Dr7, (cast[int](drx) * 2), 1, 0)
if SetThreadContext(cast[HANDLE](-2), threadCtx.addr) == 0:
echo "[!] SetThreadContext Failed", GetLastError()
echo protect("[!] SetThreadContext Failed"), GetLastError()
return false
return true
@@ -195,7 +196,7 @@ proc initializeHardwareBPVariables*(): bool =
# Add 'VectorHandler' as the VEH
g_VectorHandler = AddVectoredExceptionHandler(1, cast[PVECTORED_EXCEPTION_HANDLER](vectorHandler))
if cast[int](g_VectorHandler) == 0:
echo "[!] AddVectoredExceptionHandler Failed"
echo protect("[!] AddVectoredExceptionHandler Failed")
return false
if (cast[int](g_VectorHandler) and cast[int](g_CriticalSection.DebugInfo)) != 0: