feat: blacklist invalid address library bins

shad0wshayd3 · shad0wshayd3 · commit 5e7f778c5938 · 2025-11-20T21:24:05.000-07:00
diff --git a/include/REL/IDDB.h b/include/REL/IDDB.h
@@ -48,6 +48,7 @@ namespace REL
 		void load_v2(STREAM& a_stream);
 		void load_v5(STREAM& a_stream);
 		void unpack_file(STREAM& a_stream, const HEADER_V2& a_header);
+		void validate_file();
 
 	protected:
 		friend class Offset2ID;
diff --git a/include/REX/REX.h b/include/REX/REX.h
@@ -5,6 +5,7 @@
 #include "REX/REX/CONVERT.h"
 #include "REX/REX/Enum.h"
 #include "REX/REX/EnumSet.h"
+#include "REX/REX/HASH.h"
 #include "REX/REX/INI.h"
 #include "REX/REX/JSON.h"
 #include "REX/REX/LOG.h"
diff --git a/include/REX/REX/HASH.h b/include/REX/REX/HASH.h
@@ -0,0 +1,49 @@
+#pragma once
+
+#include "REX/BASE.h"
+#include "REX/REX/ScopeExit.h"
+#include "REX/W32/BCRYPT.h"
+
+namespace REX
+{
+	inline std::optional<std::string> SHA512(std::span<const std::byte> a_data)
+	{
+		REX::W32::BCRYPT_ALG_HANDLE algorithm;
+		if (!REX::W32::NT_SUCCESS(REX::W32::BCryptOpenAlgorithmProvider(&algorithm, REX::W32::BCRYPT_SHA512_ALGORITHM)))
+			return std::nullopt;
+
+		const TScopeExit cleanup_algo([&]() {
+			[[maybe_unused]] const auto success = REX::W32::NT_SUCCESS(REX::W32::BCryptCloseAlgorithmProvider(algorithm));
+			assert(success);
+		});
+
+		REX::W32::BCRYPT_HASH_HANDLE hash;
+		if (!REX::W32::NT_SUCCESS(REX::W32::BCryptCreateHash(algorithm, &hash)))
+			return std::nullopt;
+
+		const TScopeExit cleanup_hash([&]() {
+			[[maybe_unused]] const auto success = REX::W32::NT_SUCCESS(REX::W32::BCryptDestroyHash(hash));
+			assert(success);
+		});
+
+		if (!REX::W32::NT_SUCCESS(REX::W32::BCryptHashData(hash, reinterpret_cast<std::uint8_t*>(const_cast<std::byte*>(a_data.data())), static_cast<std::uint32_t>(a_data.size()))))
+			return std::nullopt;
+
+		std::uint32_t length{ 0 };
+		std::uint32_t output{ 0 };
+		if (!REX::W32::NT_SUCCESS(REX::W32::BCryptGetProperty(hash, REX::W32::BCRYPT_HASH_LENGTH, reinterpret_cast<std::uint8_t*>(&length), sizeof(length), &output)))
+			return std::nullopt;
+
+		std::vector<std::uint8_t> buffer(static_cast<std::size_t>(length));
+		if (!REX::W32::NT_SUCCESS(REX::W32::BCryptFinishHash(hash, buffer.data(), static_cast<std::uint32_t>(buffer.size()))))
+			return std::nullopt;
+
+		std::string result;
+		result.reserve(buffer.size() * 2);
+		for (const auto byte : buffer) {
+			result += std::format("{:02X}", byte);
+		}
+
+		return { std::move(result) };
+	}
+}
diff --git a/include/REX/REX/MemoryMap.h b/include/REX/REX/MemoryMap.h
@@ -39,6 +39,11 @@ namespace REX
 			return static_cast<std::byte*>(m_mapView);
 		}
 
+		std::size_t size() const noexcept
+		{
+			return m_size;
+		}
+
 		bool is_open() const
 		{
 			return m_mapView;
diff --git a/src/REL/IDDB.cpp b/src/REL/IDDB.cpp
@@ -2,6 +2,7 @@
 #include "REL/Module.h"
 #include "REL/Version.h"
 
+#include "REX/REX/HASH.h"
 #include "REX/REX/LOG.h"
 #include "REX/W32/KERNEL32.h"
 
@@ -196,6 +197,8 @@ namespace REL
 		if (!m_mmap.create(false, m_path, mapName))
 			REX::FAIL(L"Failed to create Address Library MemoryMap!\nError: {}\nPath: {}", REX::W32::GetLastError(), m_path.wstring());
 
+		validate_file();
+
 		m_v0 = {
 			reinterpret_cast<MAPPING*>(m_mmap.data() + sizeof(std::uint64_t)),
 			*reinterpret_cast<std::uint64_t*>(m_mmap.data())
@@ -221,6 +224,8 @@ namespace REL
 			if (!m_mmap.create(true, mapName, byteSize))
 				REX::FAIL("Failed to create Address Library MemoryMap!\nError: {}", REX::W32::GetLastError());
 
+			validate_file();
+
 			m_v0 = { reinterpret_cast<MAPPING*>(m_mmap.data()), header.address_count() };
 
 			if (m_mmap.is_owner()) {
@@ -255,6 +260,8 @@ namespace REL
 			if (!m_mmap.create(false, m_path, mapName))
 				REX::FAIL(L"Failed to create Address Library MemoryMap!\nError: {}\nPath: {}", REX::W32::GetLastError(), m_path.wstring());
 
+			validate_file();
+
 			m_v5 = { reinterpret_cast<std::uint32_t*>(m_mmap.data() + sizeof(HEADER_V5)), header.offset_count() };
 
 		} catch (const std::system_error&) {
@@ -345,6 +352,33 @@ namespace REL
 		}
 	}
 
+	void IDDB::validate_file()
+	{
+		// clang-format off
+		std::unordered_map<IDDB::Loader, std::vector<std::pair<REL::Version, std::string_view>>> g_blacklistMap{
+			{ IDDB::Loader::SKSE, {} },
+			{ IDDB::Loader::F4SE, { 
+				{ REL::Version{ 1, 10, 980 }, "2AD60B95388F1B6E77A6F86F17BEB51D043CF95A341E91ECB2E911A393E45FE8156D585D2562F7B14434483D6E6652E2373B91589013507CABAE596C26A343F1"sv },
+				{ REL::Version{ 1, 11, 159 }, "686D40387F638ED75AD43BB76CA14170576F1A30E91144F280987D13A3012B1CA6A4E04E6BE7A5B99E46C50332C49BE40C3D9448038E17D3D31C40E72A90AE26"sv }
+			} },
+			{ IDDB::Loader::SFSE, {} },
+			{ IDDB::Loader::OBSE, {} },
+		};
+		// clang-format on
+
+		const auto mod = Module::GetSingleton();
+		const auto version = mod->version();
+		for (auto& check : g_blacklistMap[m_loader]) {
+			if (version == check.first) {
+				auto sha = REX::SHA512({ m_mmap.data(), m_mmap.size() });
+				if (!sha)
+					REX::FAIL("Failed to hash Address Library file!\nPath: {}", m_path.string());
+				if (*sha == check.second)
+					REX::FAIL("Invalid Address Library loaded!\n\nRedownload Address Library for your game version.\nGame Version: {}", version.string());
+			}
+		}
+	}
+
 	std::uint64_t IDDB::offset(std::uint64_t a_id) const
 	{
 		const auto mod = Module::GetSingleton();

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,11 @@ namespace REX`
`39`	`39`	`return static_cast<std::byte*>(m_mapView);`
`40`	`40`	`}`
`41`	`41`
	`42`	`+ std::size_t size() const noexcept`
	`43`	`+ {`
	`44`	`+ return m_size;`
	`45`	`+ }`
	`46`	`+`
`42`	`47`	`bool is_open() const`
`43`	`48`	`{`
`44`	`49`	`return m_mapView;`