diff --git a/project/windll_winhook/Makefile b/project/windll_winhook/Makefile index 86130b7..45a2963 100644 --- a/project/windll_winhook/Makefile +++ b/project/windll_winhook/Makefile @@ -1,5 +1,5 @@ # build example -# make libwinhook helloexe hellodll libwinhook_test CC=i686-w64-mingw32-gcc BUILD_TYPE=32d +# make libwinhook helloexe hellodll libwinhook_test CC=i686-w64-mingw32-gcc BUILD_TYPE=32d # make libwinhook helloexe hellodll libwinhook_test CC=x86_64-w64-mingw32-gcc BUILD_TYPE=64d # wine build/libwinhook_test32d.exe && wine build/libwinhook_test64d.exe diff --git a/project/windll_winhook/src/libwinhook_test.c b/project/windll_winhook/src/libwinhook_test.c index f690d48..ae6ce64 100644 --- a/project/windll_winhook/src/libwinhook_test.c +++ b/project/windll_winhook/src/libwinhook_test.c @@ -141,5 +141,6 @@ int main(int argc, char *argv[]) test_searchpattern2(); test_startexeinject(); test_windyn(); + printf("%s finish!\n", argv[0]); return 0; } \ No newline at end of file diff --git a/project/windll_winpe/Makefile b/project/windll_winpe/Makefile index d2e1bad..d04e6a8 100644 --- a/project/windll_winpe/Makefile +++ b/project/windll_winpe/Makefile @@ -1,5 +1,5 @@ # build example -# make libwinpe libwinpe_test CC=i686-w64-mingw32-gcc BUILD_TYPE=32d +# make libwinpe libwinpe_test CC=i686-w64-mingw32-gcc BUILD_TYPE=32d # make libwinpe libwinpe_test CC=x86_64-w64-mingw32-gcc BUILD_TYPE=64d # wine build/libwinpe_test32d.exe && wine build/libwinpe_test64d.exe diff --git a/project/windll_winpe/src/libwinpe_test.c b/project/windll_winpe/src/libwinpe_test.c index 4f6cd3f..80ea286 100644 --- a/project/windll_winpe/src/libwinpe_test.c +++ b/project/windll_winpe/src/libwinpe_test.c @@ -13,6 +13,22 @@ void test_findkernel32() printf("[test_findkernel32] kernel32=%p\n", kerenl32); } +void test_findloadlibrarya() +{ + void *func = (void*)LoadLibraryA; + void *func2 = winpe_findloadlibrarya(); + assert(func==func2); + printf("[test_findloadlibrarya] LoadLibraryA=%p\n", func2); +} + +void test_findgetprocaddress() +{ + void *func = (void*)GetProcAddress; + void *func2 = winpe_findgetprocaddress(); + assert(func==func2); + printf("[test_findgetprocaddress] GetProcAddress=%p\n", func2); +} + void test_findmodulea(const char *modname) { void* hmod = (void*)GetModuleHandleA(modname); @@ -26,7 +42,7 @@ void test_memforwardexp(HMODULE hmod, const char *funcname) size_t expva = (size_t)GetProcAddress(hmod, funcname); size_t exprva = (size_t)winpe_memfindexp(hmod, funcname) - (size_t)hmod; void *func = winpe_memforwardexp(hmod, exprva, - LoadLibraryA, (PFN_GetProcAddress)winpe_memfindexp); + LoadLibraryA, (PFN_GetProcAddress)winpe_memfindexp); void *func2 = winpe_memGetProcAddress(hmod, funcname); assert(exprva!=0 && (size_t)func==expva && func!=NULL && func2==func); printf("[test_memforwardexp] hmod=%p funcname=%s func=%p\n", hmod, funcname, func2); @@ -43,11 +59,14 @@ void test_memGetProcAddress(HMODULE hmod, const char *funcname) int main(int argc, char *argv[]) { test_findkernel32(); + test_findloadlibrarya(); + test_findgetprocaddress(); test_findmodulea("kernel32.dll"); HMODULE hkernel32 = LoadLibraryA("kernel32.dll"); test_memforwardexp(hkernel32, "LoadLibraryA"); test_memforwardexp(hkernel32, "InitializeSListHead"); test_memforwardexp(hkernel32, "GetSystemTimeAsFileTime"); test_memGetProcAddress(hkernel32, "GetProcessMitigationPolicy"); + printf("%s finish!\n", argv[0]); return 0; } \ No newline at end of file diff --git a/src/windyn.h b/src/windyn.h index a9d09d8..d000a4f 100644 --- a/src/windyn.h +++ b/src/windyn.h @@ -331,18 +331,21 @@ typedef NTSTATUS (NTAPI * PFN_NtQueryInformationProcess)( {\ PPEB peb = NULL;\ char name_kernel32[] = { 'k', 'e', 'r', 'n', 'e', 'l', '3', '2', '.', 'd', 'l', 'l', '\0' }; \ + name_kernel32[0] = 'k'; \ WINDYN_FINDMODULE(peb, name_kernel32, kernel32);\ } #define WINDYN_FINDLOADLIBRARYA(kernel32, pfnLoadLibraryA)\ {\ char name_LoadLibraryA[] = { 'L', 'o', 'a', 'd', 'L', 'i', 'b', 'r', 'a', 'r', 'y', 'A', '\0' };\ + name_LoadLibraryA[0] = 'L'; \ WINDYN_FINDEXP((void*)kernel32, name_LoadLibraryA, pfnLoadLibraryA);\ }\ #define WINDYN_FINDGETPROCADDRESS(kernel32, pfnGetProcAddress)\ {\ char name_GetProcAddress[] = { 'G', 'e', 't', 'P', 'r', 'o', 'c', 'A', 'd', 'd', 'r', 'e', 's', 's', '\0' }; \ + name_GetProcAddress[0] = 'G'; \ WINDYN_FINDEXP((void*)kernel32, name_GetProcAddress, pfnGetProcAddress);\ } @@ -625,6 +628,7 @@ LPVOID WINAPI windyn_VirtualAllocEx( PFN_GetProcAddress pfnGetProcAddress = NULL; WINDYN_FINDGETPROCADDRESS(kernel32, pfnGetProcAddress); char name_VirtualAllocEx[] = { 'V', 'i', 'r', 't', 'u', 'a', 'l', 'A', 'l', 'l', 'o', 'c', 'E', 'x', '\0'}; + name_VirtualAllocEx[0] = 'V'; PFN_VirtualAllocEx pfnVirtualAllocEx = (PFN_VirtualAllocEx)pfnGetProcAddress(kernel32, name_VirtualAllocEx); return pfnVirtualAllocEx(hProcess, lpAddress, dwSize, flAllocationType, flProtect); } diff --git a/src/winpe.h b/src/winpe.h index dda12a4..bddeeba 100644 --- a/src/winpe.h +++ b/src/winpe.h @@ -492,6 +492,7 @@ void* STDCALL winpe_memLoadLibraryEx(void *mempe, size_t imagebase, DWORD flag, char name_VirtualQuery[] = {'V', 'i', 'r', 't', 'u', 'a', 'l', 'Q', 'u', 'e', 'r', 'y', '\0'}; char name_VirtualAlloc[] = {'V', 'i', 'r', 't', 'u', 'a', 'l', 'A', 'l', 'l', 'o', 'c', '\0'}; char name_VirtualProtect[] = {'V', 'i', 'r', 't', 'u', 'a', 'l', 'P', 'r', 'o', 't', 'e', 'c', 't', '\0'}; + name_kernel32[0] = 'k'; name_VirtualQuery[0]='V'; name_VirtualAlloc[0]='V'; name_VirtualProtect[0]='V'; HMODULE hmod_kernel32 = pfnLoadLibraryA(name_kernel32); PFN_VirtualQuery pfnVirtualQuery = (PFN_VirtualQuery)pfnGetProcAddress(hmod_kernel32, name_VirtualQuery); PFN_VirtualAlloc pfnVirtualAlloc = (PFN_VirtualAlloc)pfnGetProcAddress(hmod_kernel32, name_VirtualAlloc); @@ -556,6 +557,7 @@ BOOL STDCALL winpe_memFreeLibraryEx(void *mempe, { char name_kernel32[] = {'k', 'e', 'r', 'n', 'e', 'l', '3', '2', '\0'}; char name_VirtualFree[] = {'V', 'i', 'r', 't', 'u', 'a', 'l', 'F', 'r', 'e', 'e', '\0'}; + name_kernel32[0] = 'k'; name_VirtualFree[0] = 'V'; HMODULE hmod_kernel32 = pfnLoadLibraryA(name_kernel32); PFN_VirtualFree pfnVirtualFree = (PFN_VirtualFree)pfnGetProcAddress(hmod_kernel32, name_VirtualFree); PFN_DllMain pfnDllMain = (PFN_DllMain)((uint8_t*)mempe + winpe_oepval(mempe, 0)); @@ -582,6 +584,7 @@ void* winpe_findkernel32() #ifdef WINPE_NOASM char name_kernel32[] = { 'k', 'e', 'r', 'n', 'e', 'l', '3', '2', '.', 'd', 'l', 'l' , '\0' }; + name_kernel32[0] = 'k'; kerenl32 = winpe_findmodulea(name_kernel32); #else #if defined(__GNUC__) @@ -703,6 +706,7 @@ PROC winpe_findloadlibrarya() // return (PROC)LoadLibraryA; HMODULE hmod_kernel32 = (HMODULE)winpe_findkernel32(); char name_LoadLibraryA[] = {'L', 'o', 'a', 'd', 'L', 'i', 'b', 'r', 'a', 'r', 'y', 'A', '\0'}; + name_LoadLibraryA[0] = 'L'; // suppose exp no forward, to avoid recursive return (PROC)winpe_memfindexp((void*)hmod_kernel32, name_LoadLibraryA); } @@ -712,6 +716,7 @@ PROC winpe_findgetprocaddress() // return (PROC)GetProcAddress; HMODULE hmod_kernel32 = (HMODULE)winpe_findkernel32(); char name_GetProcAddress[] = {'G', 'e', 't', 'P', 'r', 'o', 'c', 'A', 'd', 'd', 'r', 'e', 's', 's', '\0'}; + name_GetProcAddress[0] = 'G'; return (PROC)winpe_memfindexp(hmod_kernel32, name_GetProcAddress); }