diff --git a/src/dbg/debugger.cpp b/src/dbg/debugger.cpp index 41bf2d72..5704936f 100644 --- a/src/dbg/debugger.cpp +++ b/src/dbg/debugger.cpp @@ -36,6 +36,7 @@ #include "exprfunc.h" #include "debugger_cookie.h" #include "debugger_tracing.h" +#include "handles.h" // Debugging variables static PROCESS_INFORMATION g_pi = {0, 0, 0, 0}; @@ -2953,6 +2954,19 @@ void dbgsetforeground() void dbgcreatedebugthread(INIT_STRUCT* init) { + if(settingboolget("Misc", "CheckForAntiCheatDrivers")) + { + auto loadedDrivers = LoadedAntiCheatDrivers(); + if(!loadedDrivers.empty()) + { + auto translatedFormat = GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Drivers known to interfere with x64dbg's operation have been detected.\n\nList of drivers:\n%s\n\nDo you want to continue debugging?")); + auto message = StringUtils::sprintf(translatedFormat, loadedDrivers.c_str()); + auto continueDebugging = GuiScriptMsgyn(message.c_str()); + if(!continueDebugging) + return; + } + } + auto event = init->event = CreateEventW(nullptr, false, false, nullptr); hDebugLoopThread = CreateThread(nullptr, 0, [](LPVOID lpParameter) -> DWORD { diff --git a/src/dbg/handles.cpp b/src/dbg/handles.cpp index 6c4cbb02..3dfac669 100644 --- a/src/dbg/handles.cpp +++ b/src/dbg/handles.cpp @@ -5,21 +5,6 @@ #include "debugger.h" #include "thread.h" -typedef NTSTATUS(NTAPI* ZWQUERYSYSTEMINFORMATION)( - IN LONG SystemInformationClass, - OUT PVOID SystemInformation, - IN ULONG SystemInformationLength, - OUT PULONG ReturnLength OPTIONAL -); - -typedef NTSTATUS(NTAPI* ZWQUERYOBJECT)( - IN HANDLE Handle OPTIONAL, - IN LONG ObjectInformationClass, - OUT PVOID ObjectInformation OPTIONAL, - IN ULONG ObjectInformationLength, - OUT PULONG ReturnLength OPTIONAL -); - // Enumerate all handles in the debuggee bool HandlesEnum(std::vector & handles) { @@ -361,4 +346,42 @@ bool HandlesEnumHeaps(std::vector & heapList) return true; */ return false; +} + +String LoadedAntiCheatDrivers() +{ + Memory HandleInformation(0x1000, __FUNCTION__); + NTSTATUS ErrorCode = ERROR_SUCCESS; + for(;;) + { + ErrorCode = NtQuerySystemInformation(SystemModuleInformation, HandleInformation(), ULONG(HandleInformation.size()), nullptr); + if(ErrorCode != STATUS_INFO_LENGTH_MISMATCH) + break; + HandleInformation.realloc(HandleInformation.size() * 2, __FUNCTION__); + } + if(ErrorCode != STATUS_SUCCESS) + return {}; + const char* AntiCheatDrivers[] = + { + "EasyAntiCheat.sys", + "EasyAntiCheat_EOS.sys", + }; + std::unordered_set DriverSet; + for(auto & Driver : AntiCheatDrivers) + DriverSet.insert(StringUtils::ToLower(Driver)); + String Result; + auto Modules = HandleInformation(); + for(ULONG i = 0; i < Modules->NumberOfModules; i++) + { + const auto & Module = Modules->Modules[i]; + String DriverName = (char*)Module.FullPathName + Module.OffsetToFileName; + dputs_untranslated(DriverName.c_str()); + if(DriverSet.count(StringUtils::ToLower(DriverName))) + { + if(!Result.empty()) + Result += '\n'; + Result += DriverName; + } + } + return Result; } \ No newline at end of file diff --git a/src/dbg/handles.h b/src/dbg/handles.h index 721ee92c..c6f68f99 100644 --- a/src/dbg/handles.h +++ b/src/dbg/handles.h @@ -1,5 +1,4 @@ -#ifndef HANDLES_H -#define HANDLES_H +#pragma once #include "_global.h" #include "_dbgfunctions.h" @@ -8,5 +7,4 @@ bool HandlesEnum(std::vector & handlesList); bool HandlesGetName(HANDLE remoteHandle, String & name, String & typeName); bool HandlesEnumWindows(std::vector & windowsList); bool HandlesEnumHeaps(std::vector & heapList); - -#endif //HANDLES_H \ No newline at end of file +String LoadedAntiCheatDrivers(); diff --git a/src/gui/Src/Utils/Configuration.cpp b/src/gui/Src/Utils/Configuration.cpp index e353fd1b..9405dc0d 100644 --- a/src/gui/Src/Utils/Configuration.cpp +++ b/src/gui/Src/Utils/Configuration.cpp @@ -275,6 +275,7 @@ Configuration::Configuration() : QObject(), noMoreMsgbox(false) QMap miscBool; miscBool.insert("TransparentExceptionStepping", true); + miscBool.insert("CheckForAntiCheatDrivers", true); defaultBools.insert("Misc", miscBool); QMap guiBool;