[BUGFIX] Fixed ANTIDEBUG=2 not working for 32-bit applications. Fixed backward compat with older Pin versions (use INS_OperandWidth instead of INS_OperandSize)

hasherezade · hasherezade · commit 3352201d6034 · 2023-08-26T13:43:17.000-07:00
diff --git a/AntiDebug.cpp b/AntiDebug.cpp
@@ -151,15 +151,14 @@ VOID AntiDbg::WatchMemoryAccess(ADDRINT addr, UINT32 size, const ADDRINT insAddr
 /* ==================================================================== */
 
 std::map<ADDRINT, size_t> cmpOccurrences;
-VOID AntiDbg::WatchCompareSoftBrk(ADDRINT Address, ADDRINT immVal)
+VOID AntiDbg::WatchCompareSoftBrk(ADDRINT Address, UINT64 immVal)
 {
     PinLocker locker;
     const WatchedType wType = isWatchedAddress(Address);
     if (wType == WatchedType::NOT_WATCHED) return;
 
     bool isSet = false;
     const size_t kMinOccur = 3;
-
     const UINT8 val = immVal & 0xFF;
     if (val == 0xCC) {
         cmpOccurrences[Address]++;
diff --git a/AntiDebug.h b/AntiDebug.h
@@ -8,7 +8,7 @@
 namespace AntiDbg {
 	VOID WatchMemoryAccess(ADDRINT addr, UINT32 size, const ADDRINT insAddr);
 	VOID WatchThreadStart(THREADID threadid, CONTEXT* ctxt, INT32 flags, VOID* v);
-	VOID WatchCompareSoftBrk(ADDRINT Address, ADDRINT immVal);
+	VOID WatchCompareSoftBrk(ADDRINT Address, UINT64 immVal);
 	VOID MonitorAntiDbgFunctions(IMG Image);
 	VOID FlagsCheck(const CONTEXT* ctxt, THREADID tid);
 	VOID FlagsCheck_after(const CONTEXT* ctxt, THREADID tid, ADDRINT eip);
diff --git a/TinyTracer.cpp b/TinyTracer.cpp
@@ -23,7 +23,7 @@
 #include "PinLocker.h"
 
 #define TOOL_NAME "TinyTracer"
-#define VERSION "2.7"
+#define VERSION "2.7.1"
 
 #include "Util.h"
 #include "Settings.h"
@@ -810,14 +810,14 @@ VOID InstrumentInstruction(INS ins, VOID *v)
             if (INS_Opcode(ins) == XED_ICLASS_CMP 
                 && INS_OperandCount(ins) >= (opIdx + 1) 
                 && INS_OperandIsImmediate(ins, opIdx)
-                && INS_OperandSize(ins, opIdx) == sizeof(UINT8))
+                && INS_OperandWidth(ins, opIdx) == (sizeof(UINT8)*8))
             {
+                UINT64 imm = INS_OperandImmediate(ins, opIdx);
                 INS_InsertCall(
                     ins,
                     IPOINT_BEFORE, (AFUNPTR)AntiDbg::WatchCompareSoftBrk,
-                    IARG_FAST_ANALYSIS_CALL,
                     IARG_INST_PTR,
-                    IARG_ADDRINT, INS_OperandImmediate(ins, opIdx),
+                    IARG_UINT64, imm,
                     IARG_END);
             }
         }
