diff options
-rw-r--r-- | peloader/winapi/Internal.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/peloader/winapi/Internal.c b/peloader/winapi/Internal.c index 92f446c..3fde525 100644 --- a/peloader/winapi/Internal.c +++ b/peloader/winapi/Internal.c @@ -50,10 +50,10 @@ ULONG WINAPI EtwEventWrite(HANDLE RegHAndle, PVOID EventDescriptor, ULONG UserDa return 0; } -static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile, - ULONG Flags, - PUNICODE_STRING ModuleFilename, - PHANDLE ModuleHandle) +static NTSTATUS WINAPI LdrLoadDll(PWCHAR PathToFile, + ULONG Flags, + PUNICODE_STRING ModuleFilename, + PHANDLE ModuleHandle) { char *PathToFileA = CreateAnsiFromWide(PathToFile); @@ -61,10 +61,16 @@ static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile, free(PathToFileA); - return (HANDLE) 'LOAD'; + return 0; +} + +static NTSTATUS WINAPI LdrUnloadDll(HANDLE ModuleHandle) { + DebugLog("%p", ModuleHandle); + + return 0; } -NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, +static NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, PANSI_STRING Name, WORD Ordinal, PVOID *Address) @@ -74,6 +80,17 @@ NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module, // Recognizable value to crash on. *Address = (PVOID) 'LDRZ'; + // Search if the requested function has been already exported. + + ENTRY e = { Name->buf, NULL }, *ep; + hsearch_r(e, FIND, &ep, &crtexports); + + // If found, store the pointer and return. + if (ep != NULL) { + *Address = ep->data; + return 0; + } + if (strcmp(Name->buf, "EtwEventRegister") == 0) { *Address = EtwRegister; } @@ -91,4 +108,5 @@ DECLARE_CRT_EXPORT("RtlAcquirePebLock", RtlAcquirePebLock); DECLARE_CRT_EXPORT("RtlReleasePebLock", RtlReleasePebLock); DECLARE_CRT_EXPORT("LdrGetDllHandle", LdrGetDllHandle); DECLARE_CRT_EXPORT("LdrLoadDll", LdrLoadDll); +DECLARE_CRT_EXPORT("LdrUnloadDll", LdrUnloadDll); DECLARE_CRT_EXPORT("LdrGetProcedureAddress", LdrGetProcedureAddress); |