Merge branch 'master' of github.com:thevurv/Autorun-ng

Author: vurvdev

packages/autorun-scan/Cargo.toml

@@ -7,3 +7,10 @@ description.workspace = true
 
 [dependencies]
 autorun-log = { path = "../autorun-log" }
+
+[target.'cfg(windows)'.dependencies]
+windows = { version = "0.62.2", features = [
+    "Win32_Foundation",
+    "Win32_System_Diagnostics_ToolHelp",
+    "Win32_System_Threading"
+] }

packages/autorun-scan/src/lib.rs

@@ -19,3 +19,19 @@ macro_rules! sig {
         Some($val as u8)
     };
 }
+
+// Ghidra-style byte strings (e.g. "48 8B ?? ?? ?? 89")
+pub fn sig_byte_string(s: &str) -> &[Option<u8>] {
+	let bytes: Vec<Option<u8>> = s
+		.split_whitespace()
+		.map(|b| {
+			if b == "??" || b == "?" {
+				None
+			} else {
+				Some(u8::from_str_radix(b, 16).expect("Invalid byte in signature"))
+			}
+		})
+		.collect();
+
+	Box::leak(bytes.into_boxed_slice())
+}

packages/autorun-scan/src/raw/linux.rs

@@ -16,7 +16,7 @@ fn parse_perms(perms: &str) -> Permissions {
 	}
 }
 
-pub fn scan(signature: &[Option<u8>]) -> Result<Option<usize>, std::io::Error> {
+pub fn scan(signature: &[Option<u8>], target_module: Option<&str>) -> Result<Option<usize>, std::io::Error> {
 	let maps = std::fs::read_to_string("/proc/self/maps")?;
 	let mut mem = std::fs::File::open("/proc/self/mem")?;
 
@@ -35,7 +35,15 @@ pub fn scan(signature: &[Option<u8>]) -> Result<Option<usize>, std::io::Error> {
 		let _offset = entries[2];
 		let _dev = entries[3];
 		let _inode = entries[4];
-		let _path = entries.get(5); // Optional
+		let path = entries.get(5); // Optional
+
+		if let Some(target_module) = target_module {
+			let module_path = path.unwrap_or(&"");
+			let module_name = module_path.rsplit('/').next().unwrap_or("");
+			if module_name != target_module {
+				continue;
+			}
+		}
 
 		if !perms.read || !perms.exec {
 			continue;

packages/autorun-scan/src/raw/windows.rs

@@ -1,3 +1,87 @@
-pub fn scan(signature: &[Option<u8>]) -> Result<Option<usize>, std::io::Error> {
-	todo!("Unimplemented on windows");
+pub struct Module {
+	pub base_address: usize,
+	pub size: usize,
+	pub name: String,
+}
+
+fn get_module_list() -> Result<Vec<Module>, std::io::Error> {
+	use windows::Win32::Foundation::HANDLE;
+	use windows::Win32::System::Diagnostics::ToolHelp::{
+		CreateToolhelp32Snapshot, MODULEENTRY32, Module32First, Module32Next, TH32CS_SNAPMODULE, TH32CS_SNAPMODULE32,
+	};
+
+	let snapshot: HANDLE = unsafe { CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, 0).unwrap() };
+	if snapshot.is_invalid() {
+		Err(std::io::Error::last_os_error())
+	} else {
+		let mut modules = Vec::new();
+		let mut module_entry = MODULEENTRY32 {
+			dwSize: std::mem::size_of::<MODULEENTRY32>() as u32,
+			..Default::default()
+		};
+
+		let mut success = unsafe { Module32First(snapshot, &mut module_entry).is_ok() };
+		while success {
+			let name = String::from_utf8(
+				module_entry
+					.szModule
+					.iter()
+					.take_while(|&&c| c != 0)
+					.map(|&c| c as u8)
+					.collect(),
+			)
+			.unwrap_or_default();
+
+			modules.push(Module {
+				base_address: module_entry.modBaseAddr as usize,
+				size: module_entry.modBaseSize as usize,
+				name,
+			});
+
+			success = unsafe { Module32Next(snapshot, &mut module_entry).is_ok() };
+		}
+
+		Ok(modules)
+	}
+}
+
+fn find_signature(haystack: &[u8], needle: &[Option<u8>]) -> Option<usize> {
+	if needle.is_empty() {
+		return Some(0);
+	}
+
+	for i in 0..=(haystack.len() - needle.len()) {
+		let mut found = true;
+		for (j, &byte_opt) in needle.iter().enumerate() {
+			if let Some(byte) = byte_opt {
+				if haystack[i + j] != byte {
+					found = false;
+					break;
+				}
+			}
+		}
+		if found {
+			return Some(i);
+		}
+	}
+
+	None
+}
+
+pub fn scan(signature: &[Option<u8>], target_module: Option<&str>) -> Result<Option<usize>, std::io::Error> {
+	let modules = get_module_list()?;
+	for module in modules {
+		// If no target module specified, scan all modules
+		let target_module = target_module.unwrap_or(&module.name);
+		if module.name.eq_ignore_ascii_case(target_module) {
+			unsafe {
+				let module_bytes = std::slice::from_raw_parts(module.base_address as *const u8, module.size);
+				if let Some(offset) = find_signature(module_bytes, signature) {
+					return Ok(Some(module.base_address + offset));
+				}
+			}
+		}
+	}
+
+	Ok(None)
 }

services/autorun-lib/src/hooks/the_fn.rs

@@ -18,9 +18,12 @@ pub fn init() -> anyhow::Result<()> {
 	// 	0x48, 0x8b, 0x05, ?, ?, ?, ?, 0x55, 0x48, 0x89, 0xe5, 0x5d, 0x48, 0x8b, 0x00
 	// ])?;
 	// Alternative scan for different signature
-	let scan_result = autorun_scan::scan(autorun_scan::sig![
-		0x55, 0x48, 0x89, 0xe5, 0x41, 0x55, 0x41, 0x54, 0x49, 0x89, 0xfc, 0x53, 0x48, 0x83, 0xec, ?, 0x48, 0x8b, 0x77, ?
-	])?;
+	let scan_result = autorun_scan::scan(
+		autorun_scan::sig![
+			0x55, 0x48, 0x89, 0xe5, 0x41, 0x55, 0x41, 0x54, 0x49, 0x89, 0xfc, 0x53, 0x48, 0x83, 0xec, ?, 0x48, 0x8b, 0x77, ?
+		],
+		None,
+	)?;
 	if let Some(addr) = scan_result {
 		let fn_start_addr = addr;
 		// let fn_start_addr = addr - 33;