LdrpPreprocessDllName all Win pattern

1. std::wstring ApplyFileNameRedirection_W7_W8(const std::wstring& dllName)
2. {
3.     static NTSTATUS(NTAPI* LdrpApplyFileNameRedirection)(DWORD Flags, UNICODE_STRING* FileName, UNICODE_STRING* DefaultExtension, UNICODE_STRING* NewFilename, UNICODE_STRING*, UNICODE_STRING**, BYTE*) = nullptr;
4.  
5.     if (!LdrpApplyFileNameRedirection)
6.     {
7.         uintptr_t result = FindPattern(GetModuleHandleW(L"ntdll.dll"), "\x4C\x8D\x05\x00\x00\x00\x00\x00\x00\x00\x33\xC9\xE8\x00\x00\x00\x00\x8B\xD8", "xxx???????xxx????xx");
8.  
9.         if (result)
10.         {
11.             int32_t offset = *reinterpret_cast<int32_t*>(result + 0xD);
12.  
13.             LdrpApplyFileNameRedirection = (decltype(LdrpApplyFileNameRedirection))(result + offset + 0x11);
14.         }
15.     }
16.  
17.     if (LdrpApplyFileNameRedirection)
18.     {
19.         UNICODE_STRING FileName;
20.         RtlInitUnicodeString(&FileName, dllName.c_str());
21.  
22.         UNICODE_STRING DefaultExtension;
23.         RtlInitUnicodeString(&DefaultExtension, L".DLL");
24.  
25.         UNICODE_STRING NewFilename;
26.         WCHAR NewFilenameBuffer[256] = {};
27.         NewFilename.Length = 0;
28.         NewFilename.MaximumLength = sizeof(NewFilenameBuffer);
29.         NewFilename.Buffer = NewFilenameBuffer;
30.  
31.         BYTE unknown;
32.         NTSTATUS result = LdrpApplyFileNameRedirection(NULL, &FileName, &DefaultExtension, &NewFilename, nullptr, nullptr, &unknown);
33.  
34.         if (result == STATUS_SUCCESS)
35.         {
36.             return NewFilenameBuffer;
37.         }
38.     }
39.  
40.     return dllName;
41. }
42.  
43. std::wstring ApplyFileNameRedirection_W10(const std::wstring& dllName)
44. {
45.     static NTSTATUS(NTAPI* LdrpPreprocessDllName)(UNICODE_STRING* FileName, UNICODE_STRING* NewFilename, DWORD, DWORD*) = nullptr;
46.  
47.     if (!LdrpPreprocessDllName)
48.     {
49.         uintptr_t result = FindPattern(GetModuleHandleW(L"ntdll.dll"), "\xE8\x00\x00\x00\x00\x89\x44\x24\x40\x85\xC0\x78\x37", "x????xxxxxxxx");
50.  
51.         if (result)
52.         {
53.             int32_t offset = *reinterpret_cast<int32_t*>(result + 0x1);
54.  
55.             LdrpPreprocessDllName = (decltype(LdrpPreprocessDllName))(result + offset + 0x5);
56.         }
57.     }
58.  
59.     if (LdrpPreprocessDllName)
60.     {
61.         UNICODE_STRING FileName;
62.         RtlInitUnicodeString(&FileName, dllName.c_str());
63.  
64.         UNICODE_STRING NewFilename;
65.         WCHAR NewFilenameBuffer[256] = {};
66.         NewFilename.Length = 0;
67.         NewFilename.MaximumLength = sizeof(NewFilenameBuffer);
68.         NewFilename.Buffer = NewFilenameBuffer;
69.  
70.         DWORD unknown = 0;
71.         NTSTATUS result = LdrpPreprocessDllName(&FileName, &NewFilename, 0, &unknown);
72.  
73.         if (result == STATUS_SUCCESS)
74.         {
75.             return NewFilenameBuffer;
76.         }
77.     }
78.  
79.     return dllName;
80. }
81.  
82. std::wstring ApplyFileNameRedirection(const std::wstring& dllName)
83. {
84.     if (IsWindows10())
85.     {
86.         return ApplyFileNameRedirection_W10(dllName);
87.     }
88.     else
89.     {
90.         return ApplyFileNameRedirection_W7_W8(dllName);
91.     }
92. }