From 7e648fb29e5af27415ab40ea32e69d2fd0547677 Mon Sep 17 00:00:00 2001 From: Matthijs Lavrijsen Date: Mon, 23 Aug 2021 15:27:50 +0200 Subject: [PATCH] Update default Themida settings profile Support for the latest Themida is incomplete, see #127 --- ConfigCollection/scylla_hide.ini | 6 +++--- HookLibrary/HookHelper.cpp | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ConfigCollection/scylla_hide.ini b/ConfigCollection/scylla_hide.ini index 2e623178..e3286efa 100644 --- a/ConfigCollection/scylla_hide.ini +++ b/ConfigCollection/scylla_hide.ini @@ -112,9 +112,9 @@ GetSystemTimeHook=0 GetTickCount64Hook=0 GetTickCountHook=0 KiUserExceptionDispatcherHook=0 -NtCloseHook=0 +NtCloseHook=1 NtContinueHook=0 -NtCreateThreadExHook=0 +NtCreateThreadExHook=1 NtGetContextThreadHook=0 NtQueryInformationProcessHook=1 NtQueryObjectHook=0 @@ -123,7 +123,7 @@ NtQuerySystemInformationHook=1 NtQuerySystemTimeHook=0 NtSetContextThreadHook=0 NtSetDebugFilterStateHook=0 -NtSetInformationThreadHook=0 +NtSetInformationThreadHook=1 NtSetInformationProcessHook=0 NtUserBlockInputHook=0 NtUserBuildHwndListHook=1 diff --git a/HookLibrary/HookHelper.cpp b/HookLibrary/HookHelper.cpp index 309971d2..74cb5d18 100644 --- a/HookLibrary/HookHelper.cpp +++ b/HookLibrary/HookHelper.cpp @@ -246,7 +246,7 @@ bool IsWow64Process(HANDLE ProcessHandle) const NTSTATUS Status = NtQueryInformationProcess(ProcessHandle, ProcessWow64Information, &WoW64Peb, - sizeof(WoW64Peb), + sizeof(PPEB), nullptr); return NT_SUCCESS(Status) && WoW64Peb != nullptr; @@ -276,7 +276,7 @@ InstallInstrumentationCallbackHook( } // WOW64: set the callback pointer in the version field - InstrumentationCallbackInfo.Version = (ULONG)(ULONG_PTR)Callback; + InstrumentationCallbackInfo.Version = (ULONG_PTR)Callback; #endif InstrumentationCallbackInfo.Reserved = 0; InstrumentationCallbackInfo.Callback = Callback;