diff options
author | Cube <alessandro.devito91@gmail.com> | 2021-01-06 22:35:55 +0300 |
---|---|---|
committer | Cube <alessandro.devito91@gmail.com> | 2021-01-06 22:35:55 +0300 |
commit | 95c74311f24ef0c524a78f679dd895d4ce7b662b (patch) | |
tree | d7a67b5f9148ad5c1819129fd8f0317fc496ea24 | |
parent | 4da63119a52a6d8ed7c48f40cbc8389faf382ef5 (diff) |
Fixed LdrLoadDll and added LdrUnloadDll. Improved LdrGetProcedureAddress.
-rw-r--r-- | peloader/winapi/Internal.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/peloader/winapi/Internal.c b/peloader/winapi/Internal.c index 92f446c..3fde525 100644 --- a/peloader/winapi/Internal.c +++ b/peloader/winapi/Internal.c @@ -50,10 +50,10 @@ ULONG WINAPI EtwEventWrite(HANDLE RegHAndle, PVOID EventDescriptor, ULONG UserDa return 0; } -static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile, - ULONG Flags, - PUNICODE_STRING ModuleFilename, - PHANDLE ModuleHandle) +static NTSTATUS WINAPI LdrLoadDll(PWCHAR PathToFile, + ULONG Flags, + PUNICODE_STRING ModuleFilename, + PHANDLE ModuleHandle) { char *PathToFileA = CreateAnsiFromWide(PathToFile); @@ -61,10 +61,16 @@ static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile, free(PathToFileA); - return (HANDLE) 'LOAD'; + return 0; +} + +static NTSTATUS WINAPI LdrUnloadDll(HANDLE ModuleHandle) { + DebugLog("%p", ModuleHandle); + + return 0; } -NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, +static NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, PANSI_STRING Name, WORD Ordinal, PVOID *Address) @@ -74,6 +80,17 @@ NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, // Recognizable value to crash on. *Address = (PVOID) 'LDRZ'; + // Search if the requested function has been already exported. + + ENTRY e = { Name->buf, NULL }, *ep; + hsearch_r(e, FIND, &ep, &crtexports); + + // If found, store the pointer and return. + if (ep != NULL) { + *Address = ep->data; + return 0; + } + if (strcmp(Name->buf, "EtwEventRegister") == 0) { *Address = EtwRegister; } @@ -91,4 +108,5 @@ DECLARE_CRT_EXPORT("RtlAcquirePebLock", RtlAcquirePebLock); DECLARE_CRT_EXPORT("RtlReleasePebLock", RtlReleasePebLock); DECLARE_CRT_EXPORT("LdrGetDllHandle", LdrGetDllHandle); DECLARE_CRT_EXPORT("LdrLoadDll", LdrLoadDll); +DECLARE_CRT_EXPORT("LdrUnloadDll", LdrUnloadDll); DECLARE_CRT_EXPORT("LdrGetProcedureAddress", LdrGetProcedureAddress); |