-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathdllmain.cpp
More file actions
108 lines (91 loc) · 3.66 KB
/
dllmain.cpp
File metadata and controls
108 lines (91 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#include <cassert>
#include <cstdint>
#include <string>
#include <vector>
#include <windows.h>
#include "detours.h"
static uintptr_t InitializeGeneralAllocator_disk_address = 0x01390ca0;
static uintptr_t InitializeGeneralAllocator_address = 0x0138e640;
static uintptr_t DisposeGeneralAllocator_disk_address = 0x013cc060;
static uintptr_t DisposeGeneralAllocator_address = 0x013c9950;
#define GetFunctionPtr(name, is_disk) reinterpret_cast<decltype(name##_real)>((uintptr_t)GetModuleHandleA(nullptr) + (is_disk ? name##_disk_address : name##_address) - 0x400000)
static bool is_disk_spore = false;
static std::vector<std::wstring> dlls;
static std::vector<HMODULE> dll_handles;
static void (__stdcall* InitializeGeneralAllocator_real)() = nullptr;
static void __stdcall InitializeGeneralAllocator_detoured()
{
InitializeGeneralAllocator_real();
for (const auto& dll : dlls)
{
dll_handles.push_back(LoadLibraryW(dll.c_str()));
}
dlls.clear();
}
static void (__stdcall* DisposeGeneralAllocator_real)() = nullptr;
static void __stdcall DisposeGeneralAllocator_detoured()
{
for (size_t i = dll_handles.size(); i > 0; --i)
{
FreeLibrary(dll_handles[i - 1]);
}
dll_handles.clear();
DisposeGeneralAllocator_real();
}
static void (WINAPI* GetStartupInfoA_real)(LPSTARTUPINFOA) = GetStartupInfoA;
static void GetStartupInfoA_detoured(LPSTARTUPINFOA lpStartupInfo)
{
static bool injected = false;
if (!injected)
{
injected = true;
InitializeGeneralAllocator_real = GetFunctionPtr(InitializeGeneralAllocator, is_disk_spore);
DisposeGeneralAllocator_real = GetFunctionPtr(DisposeGeneralAllocator, is_disk_spore);
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)InitializeGeneralAllocator_real, (PVOID)InitializeGeneralAllocator_detoured);
DetourAttach(&(PVOID&)DisposeGeneralAllocator_real, (PVOID)DisposeGeneralAllocator_detoured);
DetourTransactionCommit();
}
return GetStartupInfoA_real(lpStartupInfo);
}
void APIENTRY SetInjectionData(const uint8_t* data)
{
#pragma comment(linker, "/EXPORT:" __FUNCTION__"=" __FUNCDNAME__)
int data_offset = 0;
is_disk_spore = data[data_offset++] == 1;
uint32_t num_dlls = *reinterpret_cast<const uint32_t*>(data + data_offset);
data_offset += sizeof(num_dlls);
for (uint32_t i = 0; i < num_dlls; ++i)
{
uint32_t num_str_bytes = *reinterpret_cast<const uint32_t*>(data + data_offset);
data_offset += sizeof(num_str_bytes);
const auto str_ptr = reinterpret_cast<const wchar_t*>(data + data_offset);
data_offset += static_cast<int>(num_str_bytes * sizeof(wchar_t));
dlls.emplace_back(str_ptr, num_str_bytes);
}
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (DetourIsHelperProcess())
{
return TRUE;
}
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourAttach(&(PVOID&)GetStartupInfoA_real, (PVOID)GetStartupInfoA_detoured);
DetourTransactionCommit();
}
else if (ul_reason_for_call == DLL_PROCESS_DETACH)
{
DetourTransactionBegin();
DetourDetach(&(PVOID&)GetStartupInfoA_real, (PVOID)GetStartupInfoA_detoured);
if (InitializeGeneralAllocator_real) DetourDetach(&(PVOID&)InitializeGeneralAllocator_real, (PVOID)InitializeGeneralAllocator_detoured);
if (DisposeGeneralAllocator_real) DetourDetach(&(PVOID&)DisposeGeneralAllocator_real, (PVOID)DisposeGeneralAllocator_detoured);
DetourTransactionCommit();
}
return TRUE;
}