Merge pull request #1 from nta/pr/safeinit-dllmain
[OpenParrot/dllmain] remove memory protection from SafeInit DllMain mode
This commit is contained in:
commit
122cbeb6af
@ -11,17 +11,6 @@ static void RunMain();
|
|||||||
static BYTE originalCode[20];
|
static BYTE originalCode[20];
|
||||||
extern "C" PBYTE originalEP = 0;
|
extern "C" PBYTE originalEP = 0;
|
||||||
|
|
||||||
void Main_UnprotectModule(HMODULE hModule)
|
|
||||||
{
|
|
||||||
PIMAGE_DOS_HEADER header = (PIMAGE_DOS_HEADER)hModule;
|
|
||||||
PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)hModule + header->e_lfanew);
|
|
||||||
|
|
||||||
// unprotect the entire PE image
|
|
||||||
SIZE_T size = ntHeader->OptionalHeader.SizeOfImage;
|
|
||||||
DWORD oldProtect;
|
|
||||||
VirtualProtect((LPVOID)hModule, size, PAGE_EXECUTE_READWRITE, &oldProtect);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef _M_AMD64
|
#ifdef _M_AMD64
|
||||||
extern "C" void Main_DoResume();
|
extern "C" void Main_DoResume();
|
||||||
#endif
|
#endif
|
||||||
@ -30,8 +19,13 @@ static void Main_DoInit()
|
|||||||
{
|
{
|
||||||
RunMain();
|
RunMain();
|
||||||
|
|
||||||
|
DWORD oldProtect;
|
||||||
|
VirtualProtect(originalEP, 20, PAGE_EXECUTE_READWRITE, &oldProtect);
|
||||||
|
|
||||||
memcpy(originalEP, &originalCode, sizeof(originalCode));
|
memcpy(originalEP, &originalCode, sizeof(originalCode));
|
||||||
|
|
||||||
|
VirtualProtect(originalEP, 20, oldProtect, &oldProtect);
|
||||||
|
|
||||||
#if _M_IX86
|
#if _M_IX86
|
||||||
__asm jmp originalEP
|
__asm jmp originalEP
|
||||||
#elif defined(_M_AMD64)
|
#elif defined(_M_AMD64)
|
||||||
@ -49,12 +43,13 @@ static void Main_SetSafeInit()
|
|||||||
PIMAGE_DOS_HEADER header = (PIMAGE_DOS_HEADER)hModule;
|
PIMAGE_DOS_HEADER header = (PIMAGE_DOS_HEADER)hModule;
|
||||||
PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)hModule + header->e_lfanew);
|
PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)hModule + header->e_lfanew);
|
||||||
|
|
||||||
Main_UnprotectModule(hModule);
|
|
||||||
|
|
||||||
// back up original code
|
// back up original code
|
||||||
PBYTE ep = (PBYTE)((DWORD_PTR)hModule + ntHeader->OptionalHeader.AddressOfEntryPoint);
|
PBYTE ep = (PBYTE)((DWORD_PTR)hModule + ntHeader->OptionalHeader.AddressOfEntryPoint);
|
||||||
memcpy(originalCode, ep, sizeof(originalCode));
|
memcpy(originalCode, ep, sizeof(originalCode));
|
||||||
|
|
||||||
|
DWORD oldProtect;
|
||||||
|
VirtualProtect(ep, 20, PAGE_EXECUTE_READWRITE, &oldProtect);
|
||||||
|
|
||||||
#ifdef _M_IX86
|
#ifdef _M_IX86
|
||||||
// patch to call our EP
|
// patch to call our EP
|
||||||
int newEP = (int)Main_DoInit - ((int)ep + 5);
|
int newEP = (int)Main_DoInit - ((int)ep + 5);
|
||||||
@ -68,6 +63,8 @@ static void Main_SetSafeInit()
|
|||||||
ep[11] = 0xE0;
|
ep[11] = 0xE0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
VirtualProtect(ep, 20, oldProtect, &oldProtect);
|
||||||
|
|
||||||
originalEP = ep;
|
originalEP = ep;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user