From 50fabf4ff2127f2d85fdcef74faacc9dd1d0a0eb Mon Sep 17 00:00:00 2001
From: Kevin Trocolli <pitok236@gmail.com>
Date: Tue, 18 Jun 2024 00:28:24 -0400
Subject: [PATCH] improved memory management in es3sec

---
 platform/es3sec.c | 79 +++++++++++++++++++++++++++--------------------
 1 file changed, 46 insertions(+), 33 deletions(-)

diff --git a/platform/es3sec.c b/platform/es3sec.c
index ff49d7a..447bdfb 100644
--- a/platform/es3sec.c
+++ b/platform/es3sec.c
@@ -16,16 +16,11 @@
 
 static const wchar_t DEVNAME_HUB[] = L"$hub";
 static const wchar_t DEVNAME_HUB_[] = L"\\\\.\\$hub";
-static const wchar_t DEVNAME_DONGLE[] = L"$dongle";
 static const wchar_t HUB_HCD_DRIVER_KEY[] = L"{36fc9e60-c465-11cf-8056-444553540000}\\0001";
 // This is what a real dongle is set to
 static const wchar_t HUB_NODE_CONNECTION_DRIVER_KEY[] = L"{c8b76578-d062-4834-0001-f8b6f2162a22}\\0003";
-static const wchar_t root_hub_name[] = L"Fake Root Hub";
 static const wchar_t FILLER_LANGIDS[] = L"\uffff\uffff";
 static const DEVINST HUB_DEVINST = 573;
-static const DEVINST DONGLE_DEVINST = 5730;
-static struct es3sec_config config;
-static HANDLE dongle_fd;
 static HANDLE hub_fd;
 static IID hubs_iid;
 static DEVINST root_dev_inst;
@@ -33,6 +28,7 @@ static USHORT dongle_vid;
 static USHORT dongle_pid;
 static wchar_t dongle_mftr[MAX_PATH];
 static wchar_t dongle_product[MAX_PATH];
+static wchar_t dongle_serial[13];
 
 static HRESULT es3sec_handle_hub_irp(struct irp *irp);
 static HRESULT es3sec_handle_hub_open(struct irp *irp);
@@ -98,7 +94,6 @@ HRESULT es3sec_hook_init(
     IIDFromString(L"{3ABF6F2D-71C4-462a-8A92-1E6861E6AF27}", &hubs_iid);
     setupapi_add_phantom_dev(&hubs_iid, DEVNAME_HUB);
 
-    hr = iohook_open_nul_fd(&dongle_fd);
     hr = iohook_open_nul_fd(&hub_fd);
 
     if (FAILED(hr)) {
@@ -119,15 +114,15 @@ HRESULT es3sec_hook_init(
     dongle_vid = vid;
     dongle_pid = pid;
     wcscpy_s(dongle_mftr, _countof(dongle_mftr), manufacturer);
-    wcscpy_s(dongle_product, _countof(dongle_product), product); // Invalid param?
-    memcpy(&config, cfg, sizeof(*cfg));
+    wcscpy_s(dongle_product, _countof(dongle_product), product);
+    wcscpy_s(dongle_serial, _countof(dongle_serial), cfg->serial);
 
     dprintf("ES3 Dongle: init\tVID: %04X | PID: %04X | Manufacturer: %ls | Product: %ls | S/N: %ls\n", 
         vid, 
         pid, 
         dongle_mftr, 
         dongle_product, 
-        config.serial);
+        dongle_serial);
 
     return S_OK;
 }
@@ -156,7 +151,7 @@ static HRESULT es3sec_handle_hub_irp(struct irp *irp)
 static HRESULT es3sec_handle_hub_open(struct irp *irp)
 {
     if (!wstr_ieq(irp->open_filename, DEVNAME_HUB) && !wstr_ieq(irp->open_filename, DEVNAME_HUB_))
-    {
+    { // That second condition has to be there, or we won't detect the game trying to open the hub a second time
         return iohook_invoke_next(irp);
     }
 
@@ -239,6 +234,8 @@ static HRESULT es3sec_hub_handle_driverkey(struct irp *irp)
         dprintf("ES3 Dongle: es3sec_hub_handle_driverkey iobuf_write failed! %lx\n", hr);
     }
 
+    free(usb_hcd_driver_key_name);
+
     return hr;
 }
 
@@ -278,24 +275,28 @@ static HRESULT es3sec_hub_handle_roothub(struct irp *irp)
     hr = iobuf_write(&irp->read, rhub, sizeof(USB_ROOT_HUB_NAME) + size_of_hub_name);
 
     if (FAILED(hr)) {
-        dprintf("ES3 Dongle: iobuf_write failed! %lx\n", hr);
+        dprintf("ES3 Dongle: es3sec_hub_handle_roothub iobuf_write failed! %lx\n", hr);
     }
 
+    free(rhub);
+
     return hr;
 }
 
 static HRESULT es3sec_hub_handle_nodeinfo(struct irp *irp)
 {
-    USB_NODE_INFORMATION node_info;
-    node_info.NodeType = UsbHub;
-    node_info.u.HubInformation.HubDescriptor.bNumberOfPorts = 1;
-    HRESULT hr = iobuf_write(&irp->read, &node_info, sizeof(node_info));
+    PUSB_NODE_INFORMATION node_info = (PUSB_NODE_INFORMATION)malloc(sizeof(USB_NODE_INFORMATION));
+    node_info->NodeType = UsbHub;
+    node_info->u.HubInformation.HubDescriptor.bNumberOfPorts = 1;
+    HRESULT hr = iobuf_write(&irp->read, node_info, sizeof(*node_info));
 
     if (FAILED(hr))
     {
         dprintf("ES3 Dongle: es3sec_hub_handle_nodeinfo iobuf_write failed! 0x%lX\n", hr);
     }
 
+    free(node_info);
+
     return hr;
 }
 
@@ -327,6 +328,8 @@ static HRESULT es3sec_hub_connection_info_ex(struct irp *irp)
         dprintf("ES3 Dongle: es3sec_hub_connection_info_ex Failed to write IRP %lx\n", hr);
     }
 
+    free(conn_info);
+
     return hr;
 }
 
@@ -357,12 +360,6 @@ static HRESULT es3sec_hub_descriptor_from_node(struct irp *irp)
             dprintf("ES3 Dongle: es3sec_hub_descriptor_from_node Unknown request type %x\n", req_type);
             return HRESULT_FROM_WIN32(ERROR_INVALID_FUNCTION);
     }
-    hr = iobuf_write(&irp->read, req, irp->read.nbytes);
-
-    if (FAILED(hr)) {
-        dprintf("ES3 Dongle: es3sec_hub_descriptor_from_node Failed to write IRP %lx\n", hr);
-    }
-    return hr;
 }
 
 static HRESULT es3sec_hub_get_config_descriptor(struct irp *irp, PUSB_DESCRIPTOR_REQUEST req, UCHAR dataRequested)
@@ -372,28 +369,31 @@ static HRESULT es3sec_hub_get_config_descriptor(struct irp *irp, PUSB_DESCRIPTOR
     PUSB_CONFIGURATION_DESCRIPTOR config = (PUSB_CONFIGURATION_DESCRIPTOR)malloc(sizeof(USB_CONFIGURATION_DESCRIPTOR));
     config->bLength = sizeof(*config);
     config->bDescriptorType = USB_CONFIGURATION_DESCRIPTOR_TYPE;
-    config->wTotalLength = sizeof(*req);
+    config->wTotalLength = sizeof(*config);
 
     int cpy = memcpy_s(req->Data, 9, config, sizeof(*config));
     if (cpy) {
         dprintf("ES3 Dongle: es3sec_hub_get_config_descriptor memcpy_s failed %d\n", cpy);
     }
-    return iobuf_write(&irp->read, req, irp->read.nbytes);
+
+    HRESULT hr = iobuf_write(&irp->read, req, sizeof(*req) + sizeof(*config));
+
+    free(config);
+    free(req);
+    
+    return hr;
 }
 
 static HRESULT es3sec_hub_get_string_descriptor(struct irp *irp, PUSB_DESCRIPTOR_REQUEST req, UCHAR dataRequested)
 {
     PUSB_STRING_DESCRIPTOR str_desc;
     int additional_length = sizeof(FILLER_LANGIDS);
-    str_desc = (PUSB_STRING_DESCRIPTOR)malloc(sizeof(USB_STRING_DESCRIPTOR) + additional_length);
-    str_desc->bDescriptorType = USB_STRING_DESCRIPTOR_TYPE;
-    wcscpy_s(str_desc->bString, _countof(FILLER_LANGIDS), FILLER_LANGIDS);
 
     switch (dataRequested) {
         case DONGLE_STR_IDX_MANUFACTURER:
             dprintf("ES3 Dongle: Get Hub String Descriptor For Dongle Manufacturer\n");
             additional_length = sizeof(dongle_mftr);
-            str_desc = (PUSB_STRING_DESCRIPTOR)realloc(str_desc, sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+            str_desc = (PUSB_STRING_DESCRIPTOR)malloc(sizeof(USB_STRING_DESCRIPTOR) + additional_length);
             str_desc->bDescriptorType = USB_STRING_DESCRIPTOR_TYPE;
             wcscpy_s(str_desc->bString, _countof(dongle_mftr), dongle_mftr);
             break;
@@ -401,7 +401,7 @@ static HRESULT es3sec_hub_get_string_descriptor(struct irp *irp, PUSB_DESCRIPTOR
         case DONGLE_STR_IDX_PRODUCT:
             dprintf("ES3 Dongle: Get Hub String Descriptor For Dongle Product Name\n");
             additional_length = sizeof(dongle_product);
-            str_desc = (PUSB_STRING_DESCRIPTOR)realloc(str_desc, sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+            str_desc = (PUSB_STRING_DESCRIPTOR)malloc(sizeof(USB_STRING_DESCRIPTOR) + additional_length);
             str_desc->bDescriptorType = USB_STRING_DESCRIPTOR_TYPE;
             wcscpy_s(str_desc->bString, _countof(dongle_product), dongle_product);
             break;
@@ -409,10 +409,15 @@ static HRESULT es3sec_hub_get_string_descriptor(struct irp *irp, PUSB_DESCRIPTOR
         case DONGLE_STR_IDX_SERIAL_NUMBER:
             dprintf("ES3 Dongle: Get Hub String Descriptor For Dongle Serial Number\n");
             additional_length = sizeof(L"000000000000");
-            str_desc = (PUSB_STRING_DESCRIPTOR)realloc(str_desc, sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+            str_desc = (PUSB_STRING_DESCRIPTOR)malloc(sizeof(USB_STRING_DESCRIPTOR) + additional_length);
             str_desc->bDescriptorType = USB_STRING_DESCRIPTOR_TYPE;
-            wcscpy_s(str_desc->bString, _countof(config.serial), config.serial);
+            wcscpy_s(str_desc->bString, _countof(dongle_serial), dongle_serial);
             break;
+        
+        default:
+            str_desc = (PUSB_STRING_DESCRIPTOR)malloc(sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+            str_desc->bDescriptorType = USB_STRING_DESCRIPTOR_TYPE;
+            wcscpy_s(str_desc->bString, _countof(FILLER_LANGIDS), FILLER_LANGIDS);
     }
     
     str_desc->bLength = sizeof(USB_STRING_DESCRIPTOR) + additional_length;
@@ -422,7 +427,13 @@ static HRESULT es3sec_hub_get_string_descriptor(struct irp *irp, PUSB_DESCRIPTOR
     if (cpy) {
         dprintf("ES3 Dongle: es3sec_hub_get_config_descriptor memcpy_s failed %d\n", cpy);
     }
-    return iobuf_write(&irp->read, resp, sizeof(USB_DESCRIPTOR_REQUEST) + sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+    HRESULT hr = iobuf_write(&irp->read, resp, sizeof(USB_DESCRIPTOR_REQUEST) + sizeof(USB_STRING_DESCRIPTOR) + additional_length);
+    
+    free(str_desc);
+    free(resp);
+    free(req);
+
+    return hr;
 }
 
 static HRESULT es3sec_hub_connection_driver_key_name(struct irp *irp)
@@ -440,7 +451,7 @@ static HRESULT es3sec_hub_connection_driver_key_name(struct irp *irp)
 
         if (FAILED(hr))
         {
-            dprintf("ES3 Dongle: iobuf_write failed! %lx\n", hr);
+            dprintf("ES3 Dongle: es3sec_hub_connection_driver_key_name iobuf_write failed! %lx\n", hr);
         }
 
         return hr;
@@ -467,9 +478,11 @@ static HRESULT es3sec_hub_connection_driver_key_name(struct irp *irp)
 
     if (FAILED(hr))
     {
-        dprintf("ES3 Dongle: iobuf_write failed! %lx\n", hr);
+        dprintf("ES3 Dongle: es3sec_hub_connection_driver_key_name iobuf_write failed! %lx\n", hr);
     }
 
+    free(usb_node_conn_driver_key_name);
+
     return hr;
 }