DD2: Fix Resource::add_ref()

praydog · Jun 30, 2024 · f4b3400 · f4b3400
1 parent e792022
commit f4b3400
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/shared/sdk/RETypes.cpp b/shared/sdk/RETypes.cpp
@@ -85,7 +85,7 @@ RETypes::RETypes() {
             try {
                 TypeList* potential_types = (TypeList*)*disp;
 
-                if (potential_types->data == nullptr) {
+                if (potential_types->data == nullptr || IsBadReadPtr(potential_types->data, sizeof(uintptr_t))) {
                     return utility::ExhaustionResult::CONTINUE;
                 }
 
@@ -102,7 +102,7 @@ RETypes::RETypes() {
 
                     if (t->name != nullptr && (std::string_view{t->name} == "via.clr.ManagedObject" || std::string_view{t->name} == "via.Object")) {
                         m_raw_types = potential_types;
-                        spdlog::info("Found TypeList: {:x}", (uintptr_t)m_raw_types);
+                        spdlog::info("Found TypeList: {:x} at ref {:x}", (uintptr_t)m_raw_types, ctx.addr);
                         break;
                     }
                 } catch(...) {

diff --git a/shared/sdk/ResourceManager.cpp b/shared/sdk/ResourceManager.cpp
@@ -19,6 +19,17 @@ decltype(Resource::s_release_fn) Resource::s_release_fn = nullptr;
 void Resource::add_ref() {
     ResourceManager::update_pointers();
 
+    // Hmm...
+    if (s_add_ref_fn == nullptr) {
+        if (s_refcount_offset.has_value()) {
+            _InterlockedIncrement((volatile LONG*)((uintptr_t)this + *s_refcount_offset));
+        } else {
+            _InterlockedIncrement((volatile LONG*)((uintptr_t)this + 0x28));
+        }
+
+        return;
+    }
+
     s_add_ref_fn(this);
 }
 
@@ -244,5 +255,18 @@ void Resource::update_pointers() {
 
     auto first_call = locate_add_ref_or_release(ResourceManager::s_create_resource_reference + CALL_INSN_SIZE); // first pass finds add_ref or release
     locate_add_ref_or_release(*first_call + CALL_INSN_SIZE); // second pass finds add_ref or release
+
+    if (s_add_ref_fn == nullptr) {
+        const auto first_lock_inc = utility::find_pattern_in_path((uint8_t*)(ResourceManager::s_create_resource_reference + CALL_INSN_SIZE), 15, false, "F0 FF");
+
+        if (first_lock_inc.has_value()) {
+            const auto& ix = first_lock_inc->instrux;
+
+            if (ix.HasLock && ix.Instruction == ND_INS_INC && ix.Operands[0].Type == ND_OP_MEM && ix.Operands[0].Info.Memory.HasBase && ix.Operands[0].Info.Memory.HasDisp) {
+                s_refcount_offset = ix.Operands[0].Info.Memory.Disp;
+                spdlog::info("[Resource::update_pointers] Found refcount offset at {:x}", *s_refcount_offset);
+            }
+        }
+    }
 }
 }
diff --git a/shared/sdk/ResourceManager.hpp b/shared/sdk/ResourceManager.hpp
@@ -6,6 +6,8 @@ class Resource;
 #pragma once
 
 #include <string_view>
+#include <optional>
+
 #include "ManagedObject.hpp"
 #include "intrusive_ptr.hpp"
 
@@ -24,6 +26,7 @@ class Resource {
     static void update_pointers();
     static void (*s_add_ref_fn)(Resource*);
     static void (*s_release_fn)(Resource*);
+    static inline std::optional<size_t> s_refcount_offset{};
 };
 
 class ResourceManager {