From 75e662978d159bcc451db91aa0a61ea047060f35 Mon Sep 17 00:00:00 2001 From: pancelor Date: Mon, 2 Sep 2019 14:48:21 -0600 Subject: [PATCH 1/4] respond to Dbghelp.SymGetTypeFromName correctly --- nl_luainit.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nl_luainit.lua b/nl_luainit.lua index a327bd7..e3624c8 100644 --- a/nl_luainit.lua +++ b/nl_luainit.lua @@ -402,7 +402,8 @@ local function nl_symbol(name) local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 - local ok = Dbghelp.SymFromName(NLAPI.nl_hProcess, name, si) + local code = Dbghelp.SymFromName(NLAPI.nl_hProcess, name, si) + local ok = (code == 1) if ok then return si[0] end end @@ -410,7 +411,8 @@ local function nl_type(name) local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 - local ok = Dbghelp.SymGetTypeFromName(NLAPI.nl_hProcess, NLAPI.nl_BaseOfDll, name, si) + local code = Dbghelp.SymGetTypeFromName(NLAPI.nl_hProcess, NLAPI.nl_BaseOfDll, name, si) + local ok = (code == 1) if ok then return si[0] end end From 98dde81ec3f84356c8671c67a66214bac9635dcf Mon Sep 17 00:00:00 2001 From: pancelor Date: Mon, 2 Sep 2019 15:09:38 -0600 Subject: [PATCH 2/4] confirmed error is 126 --- nl_luainit.lua | 17 +++++++++++------ nl_payload.c | 7 +++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/nl_luainit.lua b/nl_luainit.lua index e3624c8..cc09293 100644 --- a/nl_luainit.lua +++ b/nl_luainit.lua @@ -57,6 +57,7 @@ ffi.cdef[[ DWORD64 nl_BaseOfDll; LONG nl_attach(PVOID *ppPointer, PVOID pDetour); LONG nl_detach(PVOID *ppPointer, PVOID pDetour); + DWORD tempGetLastError(); typedef void CxxClass; ]] @@ -402,18 +403,22 @@ local function nl_symbol(name) local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 - local code = Dbghelp.SymFromName(NLAPI.nl_hProcess, name, si) - local ok = (code == 1) - if ok then return si[0] end + print("----debug----") + print("error code: "..tostring(NLAPI.tempGetLastError())) + local ret = Dbghelp.SymFromName(NLAPI.nl_hProcess, name, si) + if ret == 1 then return si[0] end + local code = NLAPI.tempGetLastError() + print("----debug----") + print("error code: "..tostring(code)) + print("----debug----") end local function nl_type(name) local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 - local code = Dbghelp.SymGetTypeFromName(NLAPI.nl_hProcess, NLAPI.nl_BaseOfDll, name, si) - local ok = (code == 1) - if ok then return si[0] end + local ret = Dbghelp.SymGetTypeFromName(NLAPI.nl_hProcess, NLAPI.nl_BaseOfDll, name, si) + if ret == 1 then return si[0] end end -- Get the value of a symbol. diff --git a/nl_payload.c b/nl_payload.c index d569182..607ebcb 100644 --- a/nl_payload.c +++ b/nl_payload.c @@ -47,6 +47,13 @@ __declspec(dllexport) LONG nl_detach(PVOID *ppPointer, PVOID pDetour) return ret; } +// idk how to thread this through to Lua; this is probably not the best +// way but it works +__declspec(dllexport) DWORD tempGetLastError() +{ + return GetLastError(); +} + static BOOL nlP_filexists(LPCTSTR szPath) { DWORD dwAttrib = GetFileAttributes(szPath); From a183135283fb7402690473b3233ce2996e368d17 Mon Sep 17 00:00:00 2001 From: pancelor Date: Mon, 2 Sep 2019 15:31:49 -0600 Subject: [PATCH 3/4] WIP got some basic error printing --- nl_luainit.lua | 2 ++ nl_payload.c | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/nl_luainit.lua b/nl_luainit.lua index cc09293..ddfe9f5 100644 --- a/nl_luainit.lua +++ b/nl_luainit.lua @@ -58,6 +58,7 @@ ffi.cdef[[ LONG nl_attach(PVOID *ppPointer, PVOID pDetour); LONG nl_detach(PVOID *ppPointer, PVOID pDetour); DWORD tempGetLastError(); + DWORD tempPrintLastError(); typedef void CxxClass; ]] @@ -410,6 +411,7 @@ local function nl_symbol(name) local code = NLAPI.tempGetLastError() print("----debug----") print("error code: "..tostring(code)) + NLAPI.tempPrintLastError() print("----debug----") end diff --git a/nl_payload.c b/nl_payload.c index 607ebcb..e7e56ac 100644 --- a/nl_payload.c +++ b/nl_payload.c @@ -53,6 +53,29 @@ __declspec(dllexport) DWORD tempGetLastError() { return GetLastError(); } +__declspec(dllexport) DWORD tempPrintLastError() +{ + // adapted from https://docs.microsoft.com/en-us/windows/win32/debug/retrieving-the-last-error-code + + LPVOID lpMsgBuf; + DWORD dw = GetLastError(); + + FormatMessage( + FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, + dw, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR) &lpMsgBuf, + 0, NULL ); + + printf("last error was: %d (%s)", dw, lpMsgBuf); + + LocalFree(lpMsgBuf); + + return 0; // returning b/c declaring the function as VOID instead of DWORD caused mysterious issues +} static BOOL nlP_filexists(LPCTSTR szPath) { From d994e81c41aed2fb408a1c0953b7ca95ab0e1273 Mon Sep 17 00:00:00 2001 From: pancelor Date: Mon, 2 Sep 2019 15:50:26 -0600 Subject: [PATCH 4/4] minor cleanup --- nl_luainit.lua | 10 +++------- nl_payload.c | 10 +++------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/nl_luainit.lua b/nl_luainit.lua index ddfe9f5..8ed7a80 100644 --- a/nl_luainit.lua +++ b/nl_luainit.lua @@ -57,7 +57,6 @@ ffi.cdef[[ DWORD64 nl_BaseOfDll; LONG nl_attach(PVOID *ppPointer, PVOID pDetour); LONG nl_detach(PVOID *ppPointer, PVOID pDetour); - DWORD tempGetLastError(); DWORD tempPrintLastError(); typedef void CxxClass; ]] @@ -401,26 +400,23 @@ end -- Find a symbol index. local function nl_symbol(name) + print("calling nl_symbol(\""..name.."\")") local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 - print("----debug----") - print("error code: "..tostring(NLAPI.tempGetLastError())) local ret = Dbghelp.SymFromName(NLAPI.nl_hProcess, name, si) if ret == 1 then return si[0] end - local code = NLAPI.tempGetLastError() - print("----debug----") - print("error code: "..tostring(code)) NLAPI.tempPrintLastError() - print("----debug----") end local function nl_type(name) + print("calling nl_type(\""..name.."\")") local si = new("SYMBOL_INFO[1]") si[0].SizeOfStruct = sizeof("SYMBOL_INFO") si[0].MaxNameLen = 0 local ret = Dbghelp.SymGetTypeFromName(NLAPI.nl_hProcess, NLAPI.nl_BaseOfDll, name, si) if ret == 1 then return si[0] end + NLAPI.tempPrintLastError() end -- Get the value of a symbol. diff --git a/nl_payload.c b/nl_payload.c index e7e56ac..b041b4f 100644 --- a/nl_payload.c +++ b/nl_payload.c @@ -49,28 +49,24 @@ __declspec(dllexport) LONG nl_detach(PVOID *ppPointer, PVOID pDetour) // idk how to thread this through to Lua; this is probably not the best // way but it works -__declspec(dllexport) DWORD tempGetLastError() -{ - return GetLastError(); -} __declspec(dllexport) DWORD tempPrintLastError() { // adapted from https://docs.microsoft.com/en-us/windows/win32/debug/retrieving-the-last-error-code LPVOID lpMsgBuf; - DWORD dw = GetLastError(); + DWORD code = GetLastError(); FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, - dw, + code, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL ); - printf("last error was: %d (%s)", dw, lpMsgBuf); + printf("Error %d: %s", code, (char *)lpMsgBuf); LocalFree(lpMsgBuf);