From 93b583ebc2a6d7005bdb2f9aff5f3762ee02f121 Mon Sep 17 00:00:00 2001
From: Emmanuel AYME <eayme44@gmail.com>
Date: Wed, 20 Aug 2025 10:58:43 +0200
Subject: [PATCH] Added VEH debegguer, functions comments and renamed functions

---
 Memory/Memory.cpp | 83 ++++++++++++++++++++++++++++++++++++++++++++---
 Memory/Memory.hpp | 46 ++++++++++++++++++++++----
 2 files changed, 118 insertions(+), 11 deletions(-)

diff --git a/Memory/Memory.cpp b/Memory/Memory.cpp
index 215062f..ed92598 100644
--- a/Memory/Memory.cpp
+++ b/Memory/Memory.cpp
@@ -7,6 +7,7 @@
 #include <spdlog/spdlog.h>
 #include <spdlog/sinks/basic_file_sink.h>
 #include <iomanip>
+#include <tlhelp32.h>
 
 static std::shared_ptr<spdlog::logger> _log;
 std::unordered_map<void*, Memory::PatchInfo> Memory::patches;
@@ -32,7 +33,6 @@ void Memory::PatchBytes(void* address, const char* bytes, size_t len)
     VirtualProtect(address, len, oldProtect, &oldProtect);
 }
 
-//void Memory::RestoreBytes(uintptr_t address)
 void Memory::RestoreBytes(void *address)
 {
     auto it = patches.find(address);
@@ -50,7 +50,7 @@ void Memory::RestoreBytes(void *address)
     }
 }
 
-bool Memory::wait_for_module(const std::string& module_name, int timeoutMs = 15000, int intervalMs = 500)
+bool Memory::WaitForModule(const std::string& module_name, int timeoutMs = 15000, int intervalMs = 500)
 {
     const HANDLE hProc = GetCurrentProcess();
 
@@ -81,21 +81,21 @@ bool Memory::wait_for_module(const std::string& module_name, int timeoutMs = 150
     return false;
 }
 
-std::string Memory::byteToHexEscaped(const BYTE byte) {
+std::string Memory::ByteToHexEscaped(const BYTE byte) {
     std::ostringstream oss;
     oss << "\\x" << std::uppercase << std::hex << std::setw(2)
         << std::setfill('0') << static_cast<int>(byte);
     return oss.str();
 }
 
-uint8_t* Memory::aob_scan(
+uint8_t* Memory::AOBScan(
     const std::string& module_name,
     const std::string& signature,
     DWORD protect_flags = PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_READWRITE | PAGE_EXECUTE_WRITECOPY,
     std::shared_ptr<spdlog::logger> log) {
 
     _log = log;
-    if (!wait_for_module(module_name))
+    if (!WaitForModule(module_name))
     {
         if (log) log->warn("Skipping AOB scan because module '{}' is unavailable.", module_name);
         return nullptr;
@@ -181,3 +181,76 @@ uint8_t* Memory::aob_scan(
     if (log) log->warn("Module '{}' unexpectedly disappeared during scan.", module_name);
     return nullptr;
 }
+
+PVOID Memory::SetupOrClearHardwareBreakPointForAllThreads(uintptr_t targetAddress, PVOID vehHandle, bool enable, PVECTORED_EXCEPTION_HANDLER pVEH, int hwIndex)
+{
+    DWORD pid = GetCurrentProcessId();
+    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
+    if (snapshot == INVALID_HANDLE_VALUE) return nullptr;
+
+    THREADENTRY32 te;
+    te.dwSize = sizeof(te);
+
+    // Add VectoredExceptionHandler
+    if (enable && !vehHandle && pVEH)
+    {
+        vehHandle = AddVectoredExceptionHandler(1, pVEH);
+    }
+
+    if (Thread32First(snapshot, &te))
+    {
+        do
+        {
+            if (te.th32OwnerProcessID != pid) continue;
+
+            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, te.th32ThreadID);
+            if (!hThread) continue;
+
+            CONTEXT ctx = {};
+            ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
+
+            if (GetThreadContext(hThread, &ctx))
+            {
+                if (enable)
+                {
+                    switch (hwIndex) {
+                    case 0: ctx.Dr0 = targetAddress; break; // Set Hardware breakpoint #1
+                    case 1: ctx.Dr1 = targetAddress; break; // Set Hardware breakpoint #2
+                    case 2: ctx.Dr2 = targetAddress; break; // Set Hardware breakpoint #3
+                    case 3: ctx.Dr3 = targetAddress; break; // Set Hardware breakpoint #4
+                    default: break;
+                    }
+                    ctx.Dr7 |= (1ULL << (hwIndex * 2)); // activate hardware breakpoint
+                }
+                else
+                {
+                    switch (hwIndex) {
+                    case 0: ctx.Dr0 = 0; break; // Unset Hardware breakpoint #1
+                    case 1: ctx.Dr1 = 0; break; // Unset Hardware breakpoint #2
+                    case 2: ctx.Dr2 = 0; break; // Unset Hardware breakpoint #3
+                    case 3: ctx.Dr3 = 0; break; // Unset Hardware breakpoint #4
+                    default: break;
+                    }
+                    ctx.Dr7 &= ~(1ULL << (hwIndex * 2)); // deactivate hardware breakpoint
+                }
+
+                SetThreadContext(hThread, &ctx);
+            }
+
+            CloseHandle(hThread);
+
+        } while (Thread32Next(snapshot, &te));
+    }
+
+    CloseHandle(snapshot);
+
+    // Remove VectoredExceptionHandler
+    if (!enable && vehHandle)
+    {
+        RemoveVectoredExceptionHandler(vehHandle);
+        vehHandle = nullptr;
+    }
+
+    return vehHandle;
+}
+
diff --git a/Memory/Memory.hpp b/Memory/Memory.hpp
index 475d642..73c16ff 100644
--- a/Memory/Memory.hpp
+++ b/Memory/Memory.hpp
@@ -13,14 +13,48 @@ Memory::WriteInstructions(allocMemory, INSTRUCTIONS, sizeof INSTRUCTIONS, ADDRES
 class Memory
 {
     public:
-        static void PatchBytes(void* address, const char* bytes, size_t len);
-		//static void RestoreBytes(uintptr_t address);
+		/**
+		 * Patch x bytes in memory.
+		 *
+		 * @param address : The address to patch.
+		 * @param bytes : The bytes to patch
+		 * @param len : The number of bytes to be patched
+		 */
+		static void PatchBytes(void* address, const char* bytes, size_t len);
+
+		/**
+		 * Restore x bytes in memory.
+		 *
+		 * @param address : The address to patch.
+		 */
 		static void RestoreBytes(void* address);
-		// AOB scan dans le module spécifié (par nom), avec filtrage sur protections (ex: PAGE_EXECUTE_READ) et offset optionnel
-        static uint8_t* aob_scan(const std::string& module_name, const std::string& signature, DWORD protect_flags, std::shared_ptr<spdlog::logger> log = nullptr);
-        static bool wait_for_module(const std::string& module_name, int timeoutMs, int intervalMs);
-		static std::string byteToHexEscaped(const BYTE byte);
+
+		/**
+		 * Achieve an AOB scan in memory.
+		 *
+		 * @param module_name : The executable to scan.
+		 * @param signature : The signature to search for (eg : 7F ?? F3 0F ?? ?? ?? F2)
+		 * @param protect_flags : Page protection (PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_READWRITE | PAGE_EXECUTE_WRITECOPY)
+		 * @param log : If any log is to be used
+		 * @return uint_8* : Pointer to address where AOB is found.
+		 */
+        static uint8_t* AOBScan(const std::string& module_name, const std::string& signature, DWORD protect_flags, std::shared_ptr<spdlog::logger> log = nullptr);
+
+		static std::string ByteToHexEscaped(const BYTE byte);
+
+		/**
+		 * Set or clear VEH hardware breakpoint.
+		 *
+		 * @param targetAddress : The memory target to set a VEH breakpoint.
+		 * @param vehHandle : The VEH handle (nullptr when to set breakpoint or a handle when to unset
+		 * @param enable : Set or unset the VEH debugger
+		 * @param pVEH : The function where to detour (set to nullptr to unset)
+		 * @param hwIndex : The hawdware breakpoint to set (0 - 4)
+		 * @return hwIndex : The VEH breakpoint handle
+		 */
+		static PVOID SetupOrClearHardwareBreakPointForAllThreads(uintptr_t targetAddress, PVOID vehHandle, bool enable, PVECTORED_EXCEPTION_HANDLER pVEH = nullptr, int hwIndex = 0);
 	private:
+		static bool WaitForModule(const std::string& module_name, int timeoutMs, int intervalMs);
 		struct PatchInfo {
 			void* address;
 			std::vector<BYTE> originalBytes;