From 8357dfcf4b5b0671f22081b246bb0f78c868ed83 Mon Sep 17 00:00:00 2001
From: Cube <alessandro.devito91@gmail.com>
Date: Sat, 2 Jan 2021 09:02:50 -0500
Subject: Added new API ntdll.LdrLoadDll

---
 peloader/winapi/Internal.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/peloader/winapi/Internal.c b/peloader/winapi/Internal.c
index d4de69f..ca2624c 100644
--- a/peloader/winapi/Internal.c
+++ b/peloader/winapi/Internal.c
@@ -48,6 +48,22 @@ ULONG WINAPI EtwEventWrite(HANDLE RegHAndle, PVOID EventDescriptor, ULONG UserDa
     return 0;
 }
 
+static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile,
+                                ULONG Flags,
+                                PUNICODE_STRING ModuleFilename,
+                                PHANDLE ModuleHandle)
+{
+    char *PathToFileA = CreateAnsiFromWide(PathToFile);
+    char *ModuleFilenameA = CreateAnsiFromWide(ModuleFilename);
+
+    DebugLog("%p [%s], %p [%s], %p, %#x", PathToFile, PathToFileA, ModuleFilename, ModuleFilenameA, ModuleHandle, Flags);
+
+    free(PathToFileA);
+    free(ModuleFilenameA);
+
+    return (HANDLE) 'LOAD';
+}
+
 NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module,
                                        PANSI_STRING Name,
                                        WORD Ordinal,
@@ -74,4 +90,5 @@ NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE Module,
 DECLARE_CRT_EXPORT("RtlAcquirePebLock", RtlAcquirePebLock);
 DECLARE_CRT_EXPORT("RtlReleasePebLock", RtlReleasePebLock);
 DECLARE_CRT_EXPORT("LdrGetDllHandle", LdrGetDllHandle);
+DECLARE_CRT_EXPORT("LdrLoadDll", LdrLoadDll);
 DECLARE_CRT_EXPORT("LdrGetProcedureAddress", LdrGetProcedureAddress);
-- 
cgit v1.2.3


From 2a6e10f99fae0d5ec8cc2907a2da40f53ff94898 Mon Sep 17 00:00:00 2001
From: Cube <alessandro.devito91@gmail.com>
Date: Sun, 3 Jan 2021 07:24:40 -0500
Subject: Removed Wide to Ansi conversion for ModuleFilename unicode string

---
 peloader/winapi/Internal.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/peloader/winapi/Internal.c b/peloader/winapi/Internal.c
index ca2624c..c0d806b 100644
--- a/peloader/winapi/Internal.c
+++ b/peloader/winapi/Internal.c
@@ -54,12 +54,10 @@ static HANDLE WINAPI LdrLoadDll(PWCHAR PathToFile,
                                 PHANDLE ModuleHandle)
 {
     char *PathToFileA = CreateAnsiFromWide(PathToFile);
-    char *ModuleFilenameA = CreateAnsiFromWide(ModuleFilename);
 
-    DebugLog("%p [%s], %p [%s], %p, %#x", PathToFile, PathToFileA, ModuleFilename, ModuleFilenameA, ModuleHandle, Flags);
+    DebugLog("%p [%s], %p, %p, %#x", PathToFile, PathToFileA, ModuleFilename, ModuleHandle, Flags);
 
     free(PathToFileA);
-    free(ModuleFilenameA);
 
     return (HANDLE) 'LOAD';
 }
-- 
cgit v1.2.3