API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 17th, 2023
18
0
18 hours
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 0.98 KB | None | 0 0
raw download clone embed print report
  1. HMODULE LoadStupidDll()
  2. {
  3.     char szFakeCmdLine[] = "-c";
  4.     char *pOriginal = nullptr;
  5.     char **pGlobalCmdLine = nullptr;
  6.     HMODULE hModule = nullptr;
  7.  
  8.     // Get GetCommandLineA address
  9.     HMODULE hKernelBase = GetModuleHandle("kernelbase.dll");
  10.     assert(hKernelBase != nullptr);
  11.     FARPROC pGetCommandLineA = GetProcAddress(hKernelBase, "GetCommandLineA");
  12.     assert(pGetCommandLineA != nullptr);
  13.  
  14.     // Remove memory protections
  15.     DWORD oldProtect;
  16.     assert(VirtualProtect(pGetCommandLineA, 64, PAGE_EXECUTE_READWRITE, &oldProtect));
  17.  
  18.     // Save original pointer
  19.     pGlobalCmdLine = *reinterpret_cast<char***>((char*)pGetCommandLineA + 1);
  20.     pOriginal = *pGlobalCmdLine;
  21.  
  22.     // Replace pointer with our fake cmd line
  23.     *pGlobalCmdLine = szFakeCmdLine;
  24.  
  25.     // Load stupid DLL
  26.     hModule = LoadLibrary(STUPID_DLL_NAME);
  27.  
  28.     // Restore original string
  29.     *pGlobalCmdLine = pOriginal;
  30.  
  31.     // Restore memory protection
  32.     assert(VirtualProtect(pGetCommandLineA, 64, oldProtect, &oldProtect));
  33.  
  34.     return hModule;
  35. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!