-
Notifications
You must be signed in to change notification settings - Fork 10
/
dll_main.cpp
98 lines (71 loc) · 1.45 KB
/
dll_main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#include "includes.hpp"
DLLEXPORT int WINAPI Start(INJECTION_DATA* data)
{
bool fail_flag = false;
wchar_t* windows_dir = nullptr;
std::wstring ntdll_path;
SymbolLoader loader;
g_h_current_module = data->start_args.hinstance;
if (!GetOwnModuleFullPathW(g_path_to_this_module))
{
ERRLOG("Cannot get own module full path");
fail_flag = true;
goto FINISH;
}
if (_wdupenv_s(&windows_dir, nullptr, L"WINDIR") || !windows_dir)
{
if (windows_dir)
{
free(windows_dir);
}
fail_flag = true;
goto FINISH;
}
ntdll_path = windows_dir;
ntdll_path += L"\\System32\\ntdll.dll";
free(windows_dir);
if (!loader.Initialize(ntdll_path.c_str(), g_path_to_this_module.parent_path().c_str(), false, SL_DEFAULT_TIMEOUT))
{
ERRLOG("Cannot initialize ntdll.pdb file");
fail_flag = true;
goto FINISH;
}
if (!ResolveImports(&loader))
{
ERRLOG("Cannot resolve imports");
fail_flag = true;
goto FINISH;
}
if (!Inject(data))
{
ERRLOG("Inject error");
fail_flag = true;
goto FINISH;
}
FINISH:
g_executing_finished = true;
if (fail_flag)
{
LOG("Executing finished with failure!");
return 0;
}
LOG("Executing finished successfully!");
return 1;
}
BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, LPVOID reserved)
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
default:
return FALSE;
}
return TRUE;
}