Malware detection fixes 3 (#166)

Removed duplicated log traces code. Fixed need for extra checks when calling FuncScriptDeleteDelegate. Restored proper file time stamp generation. Removed use of GetLocalTime. Removed hot reloading in CModuleSystem. Switched to simdjson library for loading opcodes database. Removed opcode database loading thread. Compiler settings updated. Output signing disabled.
cleolibrary · Jul 28, 2024 · 5e81b14 · 5e81b14
1 parent ea1f7ba
commit 5e81b14
Show file tree

Hide file tree

Showing 18 changed files with 174,071 additions and 1,109 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -31,15 +31,15 @@ jobs:
           set PLUGIN_SDK_DIR=%GITHUB_WORKSPACE%\third-party\plugin-sdk
           msbuild -m CLEO5.sln /property:Configuration=Release /property:Platform=GTASA
 
-      - name: Core - Sign
-        uses: x87/code-sign-action@develop
-        with:
-          certificate: '${{ secrets.DIG_KEY_CERT }}'
-          password: '${{ secrets.DIG_KEY_PWD }}'
-          certificatename: 'Seemann'
-          description: 'CLEO 5'
-          timestampUrl: 'http://timestamp.digicert.com'
-          filename: './.output/Release/cleo.asi'
+#      - name: Core - Sign
+#        uses: x87/code-sign-action@develop
+#        with:
+#          certificate: '${{ secrets.DIG_KEY_CERT }}'
+#          password: '${{ secrets.DIG_KEY_PWD }}'
+#          certificatename: 'Seemann'
+#          description: 'CLEO 5'
+#          timestampUrl: 'http://timestamp.digicert.com'
+#          filename: './.output/Release/cleo.asi'
 
       - name: Core - VirusTotal Scan
         uses: crazy-max/ghaction-virustotal@v4
@@ -53,15 +53,15 @@ jobs:
           set PLUGIN_SDK_DIR=%GITHUB_WORKSPACE%\third-party\plugin-sdk
           msbuild -m cleo_plugins/CLEO_Plugins.sln /property:Configuration=Release /property:Platform=x86
 
-      - name: Plugins - Sign
-        uses: x87/code-sign-action@develop
-        with:
-          certificate: '${{ secrets.DIG_KEY_CERT }}'
-          password: '${{ secrets.DIG_KEY_PWD }}'
-          certificatename: 'Seemann'
-          description: 'CLEO 5 Plugin'
-          timestampUrl: 'http://timestamp.digicert.com'
-          folder: './cleo_plugins/.output'
+#      - name: Plugins - Sign
+#        uses: x87/code-sign-action@develop
+#        with:
+#          certificate: '${{ secrets.DIG_KEY_CERT }}'
+#          password: '${{ secrets.DIG_KEY_PWD }}'
+#          certificatename: 'Seemann'
+#          description: 'CLEO 5 Plugin'
+#          timestampUrl: 'http://timestamp.digicert.com'
+#          folder: './cleo_plugins/.output'
 
       - name: Plugins - VirusTotal Scan
         uses: crazy-max/ghaction-virustotal@v4

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -27,15 +27,15 @@ jobs:
           set PLUGIN_SDK_DIR=%GITHUB_WORKSPACE%\third-party\plugin-sdk
           msbuild -m CLEO5.sln /property:Configuration=Release /property:Platform=GTASA
 
-      - name: Core - Sign
-        uses: x87/code-sign-action@develop
-        with:
-          certificate: '${{ secrets.DIG_KEY_CERT }}'
-          password: '${{ secrets.DIG_KEY_PWD }}'
-          certificatename: 'Seemann'
-          description: 'CLEO 5'
-          timestampUrl: 'http://timestamp.digicert.com'
-          filename: './.output/Release/cleo.asi'
+#      - name: Core - Sign
+#        uses: x87/code-sign-action@develop
+#        with:
+#          certificate: '${{ secrets.DIG_KEY_CERT }}'
+#          password: '${{ secrets.DIG_KEY_PWD }}'
+#          certificatename: 'Seemann'
+#          description: 'CLEO 5'
+#          timestampUrl: 'http://timestamp.digicert.com'
+#          filename: './.output/Release/cleo.asi'
 
       - name: Core - VirusTotal Scan
         uses: crazy-max/ghaction-virustotal@v4
@@ -49,15 +49,15 @@ jobs:
           set PLUGIN_SDK_DIR=%GITHUB_WORKSPACE%\third-party\plugin-sdk
           msbuild -m cleo_plugins/CLEO_Plugins.sln /property:Configuration=Release /property:Platform=x86
 
-      - name: Plugins - Sign
-        uses: x87/code-sign-action@develop
-        with:
-          certificate: '${{ secrets.DIG_KEY_CERT }}'
-          password: '${{ secrets.DIG_KEY_PWD }}'
-          certificatename: 'Seemann'
-          description: 'CLEO 5 Plugin'
-          timestampUrl: 'http://timestamp.digicert.com'
-          folder: './cleo_plugins/.output'
+#      - name: Plugins - Sign
+#        uses: x87/code-sign-action@develop
+#        with:
+#          certificate: '${{ secrets.DIG_KEY_CERT }}'
+#          password: '${{ secrets.DIG_KEY_PWD }}'
+#          certificatename: 'Seemann'
+#          description: 'CLEO 5 Plugin'
+#          timestampUrl: 'http://timestamp.digicert.com'
+#          folder: './cleo_plugins/.output'
 
       - name: Plugins - VirusTotal Scan
         uses: crazy-max/ghaction-virustotal@v4

diff --git a/CLEO5.vcxproj b/CLEO5.vcxproj
@@ -72,6 +72,10 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">NotUsing</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">NotUsing</PrecompiledHeader>
     </ClCompile>
+    <ClCompile Include="third-party\simdjson\simdjson.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">NotUsing</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">NotUsing</PrecompiledHeader>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="cleo_sdk\CLEO.h" />
@@ -94,6 +98,7 @@
     <ClInclude Include="source\ScmFunction.h" />
     <ClInclude Include="source\Singleton.h" />
     <ClInclude Include="source\stdafx.h" />
+    <ClInclude Include="third-party\simdjson\simdjson.h" />
   </ItemGroup>
   <ItemGroup>
     <None Include="source\cleo.def" />
@@ -114,14 +119,14 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
     <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
     <PlatformToolset>v143</PlatformToolset>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -139,14 +144,16 @@
     <IntDir>$(SolutionDir).output\.obj\$(Configuration)\</IntDir>
     <TargetName>CLEO</TargetName>
     <TargetExt>.asi</TargetExt>
-    <IncludePath>$(PLUGIN_SDK_DIR)\shared\;$(PLUGIN_SDK_DIR)\shared\game\;$(SolutionDir)third-party\SimpleJSON;$(IncludePath)</IncludePath>
+    <IncludePath>$(PLUGIN_SDK_DIR)\shared\;$(PLUGIN_SDK_DIR)\shared\game\;$(SolutionDir)third-party\simdjson;$(IncludePath)</IncludePath>
+    <GenerateManifest>false</GenerateManifest>
+    <EmbedManifest>false</EmbedManifest>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir).output\$(Configuration)\</OutDir>
     <IntDir>$(SolutionDir).output\.obj\$(Configuration)\</IntDir>
     <TargetName>CLEO</TargetName>
     <TargetExt>.asi</TargetExt>
-    <IncludePath>$(PLUGIN_SDK_DIR)\shared\;$(PLUGIN_SDK_DIR)\shared\game\;$(SolutionDir)third-party\SimpleJSON;$(IncludePath)</IncludePath>
+    <IncludePath>$(PLUGIN_SDK_DIR)\shared\;$(PLUGIN_SDK_DIR)\shared\game\;$(SolutionDir)third-party\simdjson;$(IncludePath)</IncludePath>
   </PropertyGroup>
   <PropertyGroup>
     <LocalDebuggerCommand>$(GTA_SA_DIR)\gta_sa.exe</LocalDebuggerCommand>
@@ -168,6 +175,10 @@
       <PrecompiledHeader>Create</PrecompiledHeader>
       <LanguageStandard>stdcpp17</LanguageStandard>
       <DebugInformationFormat>None</DebugInformationFormat>
+      <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+      <CreateHotpatchableImage>false</CreateHotpatchableImage>
+      <GuardEHContMetadata>false</GuardEHContMetadata>
+      <RuntimeTypeInfo>false</RuntimeTypeInfo>
     </ClCompile>
     <Link>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
@@ -178,7 +189,8 @@
       <SubSystem>Windows</SubSystem>
       <ModuleDefinitionFile>$(SolutionDir)source\cleo.def</ModuleDefinitionFile>
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
-      <AdditionalOptions>/Brepro %(AdditionalOptions)</AdditionalOptions>
+      <EnableUAC>false</EnableUAC>
+      <AssemblyDebug>false</AssemblyDebug>
     </Link>
     <PostBuildEvent>
       <Command>xcopy /Y "$(OutDir)$(TargetName).lib" "$(SolutionDir)cleo_sdk\" 

diff --git a/CLEO5.vcxproj.filters b/CLEO5.vcxproj.filters
@@ -7,9 +7,6 @@
     <Filter Include="cleo_sdk">
       <UniqueIdentifier>{d188d452-fbc6-48b5-bd49-d4036c989109}</UniqueIdentifier>
     </Filter>
-    <Filter Include="plugin_sdk">
-      <UniqueIdentifier>{5cead5cc-9a75-4d2e-99b5-ebbc8f9d6d86}</UniqueIdentifier>
-    </Filter>
     <Filter Include="source\utils">
       <UniqueIdentifier>{3104a2cb-d9c5-4eb5-9910-cf77d903db30}</UniqueIdentifier>
     </Filter>
@@ -22,6 +19,15 @@
     <Filter Include="source\extensions">
       <UniqueIdentifier>{9c8be703-c930-47b1-b0cb-7c4b80922a48}</UniqueIdentifier>
     </Filter>
+    <Filter Include="third_party">
+      <UniqueIdentifier>{d2916069-8bff-46e6-9a07-6b845c4361dd}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="third_party\simdjson">
+      <UniqueIdentifier>{2fba67c2-5ab9-4f75-82ed-e1024b272094}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="third_party\plugin_sdk">
+      <UniqueIdentifier>{5cead5cc-9a75-4d2e-99b5-ebbc8f9d6d86}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="source\dllmain.cpp">
@@ -31,31 +37,31 @@
       <Filter>source</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CGame.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\DynAddress.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\GameVersion.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\Patch.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\PluginBase.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\game\CRGBA.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFont.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\RenderWare.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="source\crc32.cpp">
       <Filter>source\utils</Filter>
@@ -94,22 +100,25 @@
       <Filter>source\extensions</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CPools.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="source\OpcodeInfoDatabase.cpp">
       <Filter>source\utils</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CTheScripts.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="source\CPluginSystem.cpp">
       <Filter>source\extensions</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CModelInfo.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
     </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CCheat.cpp">
-      <Filter>plugin_sdk</Filter>
+      <Filter>third_party\plugin_sdk</Filter>
+    </ClCompile>
+    <ClCompile Include="third-party\simdjson\simdjson.cpp">
+      <Filter>third_party\simdjson</Filter>
     </ClCompile>
   </ItemGroup>
   <ItemGroup>
@@ -173,6 +182,9 @@
     <ClInclude Include="source\OpcodeInfoDatabase.h">
       <Filter>source\utils</Filter>
     </ClInclude>
+    <ClInclude Include="third-party\simdjson\simdjson.h">
+      <Filter>third_party\simdjson</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include="source\cleo.def">

diff --git a/source/CCustomOpcodeSystem.cpp b/source/CCustomOpcodeSystem.cpp
@@ -6,7 +6,6 @@
 #include "CCheat.h"
 #include "CModelInfo.h"
 
-#include <tlhelp32.h>
 #include <sstream>
 #include <forward_list>
 #include <set>
@@ -70,30 +69,8 @@ namespace CLEO
 		template<class FuncScriptDeleteDelegateT> void operator+=(FuncScriptDeleteDelegateT mFunc) { funcs.push_back(mFunc); }
 		template<class FuncScriptDeleteDelegateT> void operator-=(FuncScriptDeleteDelegateT mFunc) { funcs.erase(std::remove(funcs.begin(), funcs.end(), mFunc), funcs.end()); }
 		void operator()(CRunningScript *script)
-		{ 
-			for (auto& f : funcs)
-			{
-				// check if function pointer lays within any of currently loaded modules (.asi or .cleo plugins)
-				void* ptr = f;
-				MODULEENTRY32 module;
-				module.dwSize = sizeof(MODULEENTRY32);
-				HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
-				Module32First(snapshot, &module);
-				if (snapshot != INVALID_HANDLE_VALUE)
-				{
-					size_t count = 0;
-					do
-					{
-						if(ptr >= module.modBaseAddr && ptr <= (module.modBaseAddr + module.modBaseSize))
-						{
-							f(script);
-							break;
-						}
-					} while (Module32Next(snapshot, &module));
-					CloseHandle(snapshot);
-				}
-			}
-
+		{
+			for (auto& f : funcs) f(script);
 		}
 	};
 	ScriptDeleteDelegate scriptDeleteDelegate;
@@ -749,7 +726,6 @@ namespace CLEO
 
 		// handle program flow
 		scmFunc->Return(cs); // jump back to cleo_call, right after last input param. Return slot var args starts here
-		if (scmFunc->moduleExportRef != nullptr) GetInstance().ModuleSystem.ReleaseModuleRef((char*)scmFunc->moduleExportRef); // exiting export - release module
 		delete scmFunc;
 
 		if (returnArgs)
@@ -1021,7 +997,6 @@ namespace CLEO
 				SHOW_ERROR("Not found module '%s' export '%s', requested by opcode [0AB1] in script %s", modulePath.c_str(), moduleTxt.c_str(), ((CCustomScript*)thread)->GetInfoStr().c_str());
 				return thread->Suspend();
 			}
-			scmFunc->moduleExportRef = scriptRef.base; // to be released on return
 
 			reinterpret_cast<CCustomScript*>(thread)->SetScriptFileDir(FS::path(modulePath).parent_path().string().c_str());
 			reinterpret_cast<CCustomScript*>(thread)->SetScriptFileName(FS::path(modulePath).filename().string().c_str());