Revert "addressed DarthTon#341: HandleGuard refactoring"

This reverts commit 13f9261.

Author: DarthTon

src/BlackBone/DriverControl/DriverControl.cpp

@@ -793,20 +793,23 @@ NTSTATUS DriverControl::UnloadDriver( const std::wstring& svcName )
 /// <returns>Status code</returns>
 LSTATUS DriverControl::PrepareDriverRegEntry( const std::wstring& svcName, const std::wstring& path )
 {
-    RegHandle key1, key2;
+    HKEY key1, key2;
     DWORD dwType = 1;
     LSTATUS status = 0;
     WCHAR wszLocalPath[MAX_PATH] = { 0 };
 
-    swprintf_s( wszLocalPath, std::size( wszLocalPath ), L"\\??\\%s", path.c_str() );
+    swprintf_s( wszLocalPath, ARRAYSIZE( wszLocalPath ), L"\\??\\%s", path.c_str() );
 
     status = RegOpenKeyW( HKEY_LOCAL_MACHINE, L"system\\CurrentControlSet\\Services", &key1 );
     if (status)
         return status;
 
     status = RegCreateKeyW( key1, svcName.c_str(), &key2 );
     if (status)
+    {
+        RegCloseKey( key1 );
         return status;
+    }
 
     status = RegSetValueExW(
         key2, L"ImagePath", 0, REG_SZ, 
@@ -815,9 +818,24 @@ LSTATUS DriverControl::PrepareDriverRegEntry( const std::wstring& svcName, const
         );
 
     if (status)
+    {
+        RegCloseKey( key2 );
+        RegCloseKey( key1 );
         return status;
+    }
 
-    return RegSetValueExW( key2, L"Type", 0, REG_DWORD, reinterpret_cast<const BYTE*>(&dwType), sizeof( dwType ) );
+    status = RegSetValueExW( key2, L"Type", 0, REG_DWORD, reinterpret_cast<const BYTE*>(&dwType), sizeof( dwType ) );
+    if (status)
+    {
+        RegCloseKey( key2 );
+        RegCloseKey( key1 );
+        return status;
+    }
+
+    RegCloseKey( key2 );
+    RegCloseKey( key1 );
+
+    return status;
 }
 
 

src/BlackBone/DriverControl/DriverControl.h

@@ -312,7 +312,7 @@ class DriverControl
     /// <returns>Status code</returns>
     LSTATUS PrepareDriverRegEntry( const std::wstring& svcName, const std::wstring& path );
 private:
-    Handle _hDriver;
+    FileHandle _hDriver;
     NTSTATUS _loadStatus = STATUS_NOT_FOUND;
 };
 

src/BlackBone/Include/HandleGuard.h

@@ -7,7 +7,7 @@ namespace blackbone
 /// <summary>
 /// Strong exception guarantee
 /// </summary>
-template<typename handle_t, auto close_fn>
+template<typename handle_t, auto close_fn, handle_t zero_handle>
 class HandleGuard
 {
 public:
@@ -24,7 +24,7 @@ class HandleGuard
 
     ~HandleGuard()
     {
-        if (valid())
+        if (_handle != zero_handle)
             close_fn( _handle );
     }
 
@@ -53,7 +53,7 @@ class HandleGuard
         if (handle == _handle)
             return;
 
-        if (valid())
+        if (_handle != zero_handle)
             close_fn( _handle );
 
         _handle = handle;
@@ -66,24 +66,25 @@ class HandleGuard
         return tmp;
     }
 
-    handle_t get() const noexcept { return _handle; }
-    bool valid() const noexcept { return reinterpret_cast<intptr_t>(_handle) > reinterpret_cast<intptr_t>(zero_handle); }
+    inline handle_t get() const noexcept { return _handle; }
 
-    operator handle_t() const noexcept { return _handle; }
-    explicit operator bool() const noexcept { return valid(); }
+    inline operator handle_t() const noexcept { return _handle; }
+    inline explicit operator bool() const noexcept { return _handle != zero_handle; }
 
-    handle_t* operator &() noexcept { return &_handle; }
+    inline handle_t* operator &() noexcept { return &_handle; }
 
-    bool operator ==( const HandleGuard& rhs ) const noexcept { return _handle == rhs._handle; }
-    bool operator <( const HandleGuard& rhs ) const noexcept { return _handle < rhs._handle; }
+    inline bool operator ==( const HandleGuard& rhs ) const noexcept { return _handle == rhs._handle; }
+    inline bool operator <( const HandleGuard& rhs ) const noexcept { return _handle < rhs._handle; }
 
 private:
-    static constexpr handle_t zero_handle = handle_t( 0 );
     handle_t _handle;
 };
 
-using Handle        = HandleGuard<HANDLE, &CloseHandle>;
-using ACtxHandle    = HandleGuard<HANDLE, &ReleaseActCtx>;
-using RegHandle     = HandleGuard<HKEY,   &RegCloseKey>;
+using Handle        = HandleGuard<HANDLE, &CloseHandle, nullptr>;
+using FileHandle    = HandleGuard<HANDLE, &CloseHandle, INVALID_HANDLE_VALUE>;
+using ACtxHandle    = HandleGuard<HANDLE, &ReleaseActCtx, INVALID_HANDLE_VALUE>;
+using FileMapHandle = HandleGuard<void*,  &UnmapViewOfFile, nullptr>;
+using SnapHandle    = FileHandle;
+using RegHandle     = HandleGuard<HKEY,   &RegCloseKey, nullptr>;
 
 }

src/BlackBone/Misc/NameResolve.cpp

@@ -167,7 +167,7 @@ NTSTATUS NameResolve::ResolvePath(
     // Perform search accordingly to Windows Image loader search order 
     // 1. KnownDlls
     //
-    RegHandle hKey;
+    HKEY hKey = NULL;
     LRESULT res = 0;
     res = RegOpenKeyW( HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\KnownDLLs", &hKey );
 
@@ -197,10 +197,14 @@ NTSTATUS NameResolve::ResolvePath(
                 if (res == ERROR_SUCCESS)
                 {
                     path = std::wstring( sys_path ) + L"\\" + value_data;
+
+                    RegCloseKey( hKey );
                     return STATUS_SUCCESS;
                 }
             }
         }
+
+        RegCloseKey( hKey );
     }
 
 
@@ -355,7 +359,7 @@ NTSTATUS NameResolve::ProbeSxSRedirect( std::wstring& path, Process& proc, HANDL
 /// <returns>Process executable directory</returns>
 std::wstring NameResolve::GetProcessDirectory( DWORD pid )
 {
-    Handle snapshot;
+    SnapHandle snapshot;
     MODULEENTRY32W mod = { sizeof(MODULEENTRY32W), 0 };
     std::wstring path = L"";
 

src/BlackBone/PE/PEImage.cpp

@@ -497,7 +497,7 @@ NTSTATUS PEImage::PrepareACTX( const wchar_t* filepath /*= nullptr*/ )
         if (GetTempFileNameW( tempDir, L"ImageManifest", 0, tempPath ) == 0)
             return STATUS_SXS_CANT_GEN_ACTCTX;
 
-        auto hTmpFile = Handle( CreateFileW( tempPath, FILE_GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, 0, NULL ) );
+        auto hTmpFile = FileHandle( CreateFileW( tempPath, FILE_GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, 0, NULL ) );
         if (hTmpFile != INVALID_HANDLE_VALUE)
         {
             DWORD bytes = 0;
@@ -521,7 +521,8 @@ NTSTATUS PEImage::PrepareACTX( const wchar_t* filepath /*= nullptr*/ )
 
     // Create ACTX
     _hctx = CreateActCtxW( &act );
-    if (_hctx)
+
+    if (_hctx != INVALID_HANDLE_VALUE)
         return STATUS_SUCCESS;
 
     // Return success if current process is protected

src/BlackBone/PE/PEImage.h

@@ -310,7 +310,7 @@ class PEImage
     void* GetManifest( uint32_t& size, int32_t& manifestID );
 
 private:
-    Handle      _hFile;                         // Target file HANDLE
+    FileHandle  _hFile;                         // Target file HANDLE
     Handle      _hMapping;                      // Memory mapping object
     void*       _pFileBase = nullptr;           // Mapping base
     bool        _isPlainData = false;           // File mapped as plain data file
@@ -324,7 +324,7 @@ class PEImage
     uint32_t    _imgSize = 0;                   // Image size
     uint32_t    _epRVA = 0;                     // Entry point RVA
     uint32_t    _hdrSize = 0;                   // Size of headers
-    ACtxHandle  _hctx;                          // Activation context
+    ACtxHandle   _hctx;                          // Activation context
     int32_t     _manifestIdx = 0;               // Manifest resource ID
     uint32_t    _subsystem = 0;                 // Image subsystem
     int32_t     _ILFlagOffset = 0;              // Offset of pure IL flag

src/BlackBone/Process/Process.cpp

@@ -323,7 +323,7 @@ call_result_t<std::vector<HandleInfo>> Process::EnumHandles()
 std::vector<DWORD> Process::EnumByName( const std::wstring& name )
 {
     std::vector<DWORD> found;
-    auto hProcSnap = Handle( CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) );
+    auto hProcSnap = SnapHandle( CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) );
     if (!hProcSnap)
         return found;
 

src/BlackBone/Process/Threads/Threads.cpp

@@ -53,7 +53,7 @@ call_result_t<ThreadPtr> ProcessThreads::CreateNew( ptr_t threadProc, ptr_t arg,
 std::vector<ThreadPtr> ProcessThreads::getAll() const
 {
     std::vector<ThreadPtr> result;
-    auto hThreadSnapshot = Handle( CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ) );
+    auto hThreadSnapshot = SnapHandle( CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 ) );
     if (!hThreadSnapshot)
         return result;
 

src/BlackBone/Syscalls/Syscall.h

@@ -6,7 +6,9 @@
 
 extern "C" void* syscall_stub();
 
-namespace blackbone::syscall
+namespace blackbone
+{
+namespace syscall
 {
     template<typename T>
     using to_int64 = std::conditional_t<sizeof( T ) < sizeof( int64_t ), int64_t, T>;
@@ -66,3 +68,4 @@ namespace blackbone::syscall
 
 #pragma warning(pop)
 }
+}

src/BlackBoneTest/TestAsmJit.cpp

@@ -78,7 +78,7 @@ namespace Testing
             AssertEx::IsTrue( b );
 
             // Check locally
-            auto hFile = Handle( CreateFileW( filePath, GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, FILE_DELETE_ON_CLOSE, nullptr ) );
+            FileHandle hFile = FileHandle( CreateFileW( filePath, GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, FILE_DELETE_ON_CLOSE, nullptr ) );
             AssertEx::IsTrue( hFile );
 
             uint8_t readBuf[sizeof( writeBuf )] = { };

src/BlackBoneTest/TestManualMap.cpp

@@ -131,7 +131,7 @@ namespace Testing
 
         std::pair<std::unique_ptr<uint8_t[]>, uint32_t> GetFileData( const std::wstring& path )
         {
-            auto hFile = Handle( CreateFileW( path.c_str(), FILE_GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, 0, nullptr ) );
+            auto hFile = FileHandle( CreateFileW( path.c_str(), FILE_GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, 0, nullptr ) );
             if (hFile)
             {
                 uint32_t size = GetFileSize( hFile, nullptr );

src/BlackBoneTest/TestRemoteCall.cpp

@@ -195,7 +195,7 @@ namespace Testing
             AssertEx::AreEqual( static_cast<DWORD>(sizeof( writeBuf )), bytes );
 
             // Check locally
-            auto hFile = Handle( CreateFileW( filePath, GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, FILE_DELETE_ON_CLOSE, nullptr ) );
+            FileHandle hFile = FileHandle( CreateFileW( filePath, GENERIC_READ, 0x7, nullptr, OPEN_EXISTING, FILE_DELETE_ON_CLOSE, nullptr ) );
             AssertEx::IsTrue( hFile );
 
             uint8_t readBuf[sizeof( writeBuf )] = { };

src/Samples/Main.cpp

@@ -11,6 +11,16 @@ void MapCmdFromMem();
 
 int main( int /*argc*/, char* /*argv[]*/ )
 {
+    Process pc;
+    pc.Attach( GetCurrentProcess() );
+
+    bool prot = pc.core().isProtected();
+
+    Driver().EnsureLoaded();
+    Driver().ProtectProcess( GetCurrentProcessId(), PolicyOpt::Policy_Enable );
+
+    bool prot2 = pc.core().isProtected();
+
     // List all process PIDs matching name
     auto pids = Process::EnumByName( L"explorer.exe" );
 
@@ -44,7 +54,7 @@ int main( int /*argc*/, char* /*argv[]*/ )
     }
 
     // Start new suspended process and attach immediately
-    Process notepad;
+    Process notepad; 
     notepad.CreateAndAttach( L"C:\\windows\\system32\\notepad.exe", true );
     {
         // do stuff...
@@ -93,7 +103,7 @@ int main( int /*argc*/, char* /*argv[]*/ )
         memory.Read( mainMod->baseAddress, sizeof( dosHeader ), &dosHeader );
 
         // Method 3
-        auto [status, dosHeader2] = memory.Read<IMAGE_DOS_HEADER>( mainMod->baseAddress );
+        auto[status, dosHeader2] = memory.Read<IMAGE_DOS_HEADER>( mainMod->baseAddress );
 
         // Change memory protection
         if (NT_SUCCESS( memory.Protect( mainMod->baseAddress, sizeof( dosHeader ), PAGE_READWRITE ) ))
@@ -110,7 +120,7 @@ int main( int /*argc*/, char* /*argv[]*/ )
         }
 
         // Allocate memory
-        if (auto [status2, block] = memory.Allocate( 0x1000, PAGE_EXECUTE_READWRITE ); NT_SUCCESS( status2 ))
+        if (auto[status2, block] = memory.Allocate( 0x1000, PAGE_EXECUTE_READWRITE ); NT_SUCCESS( status2 ))
         {
             // Write into memory block
             block->Write( 0x10, 12.0 );
@@ -164,7 +174,7 @@ int main( int /*argc*/, char* /*argv[]*/ )
     {
         auto& remote = notepad.remote();
         remote.CreateRPCEnvironment( Worker_None, true );
-
+        
         auto GetModuleHandleWPtr = notepad.modules().GetExport( L"kernel32.dll", "GetModuleHandleW" );
         if (GetModuleHandleWPtr)
         {
@@ -256,7 +266,7 @@ int main( int /*argc*/, char* /*argv[]*/ )
             GetCurrentProcess(),
             GetModuleHandle( nullptr ),
             buf,
-            sizeof( buf ),
+            sizeof(buf),
             &bytes
         );