API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 11th, 2018
262
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ (WinAPI) 16.75 KB | None | 0 0
raw download clone embed print report
  1. #ifndef _VIRTUAL_MEMORY_TOOLS_HEADER
  2. #define _VIRTUAL_MEMORY_TOOLS_HEADER
  3.  
  4. /*                                       ABOUT THIS LIBRARY                                            */
  5. // If you get that the function you're using is deprecated, Add "Ex" at the end of the function name
  6. // If you want to use the deprecated function anyway just define DEPRECATED_ALLOWED before the inclusion
  7. // of this header file.
  8. // If you want the debug mode with the run time and error messager just set the compiler to debug mode.
  9.  
  10. #pragma region DEFINES_AND_INCLUDES
  11.  
  12. #ifndef DEPRECATED_ALLOWED
  13.    #define DEPRECATED_VM_METHOD __declspec(deprecated("Deprecated function, use: \"FuncName\" + \"Ex\" instead"))
  14. #else
  15.    #define DEPRECATED_VM_METHOD
  16. #endif
  17.  
  18. #undef UNICODE
  19.  
  20. #include <Windows.h>
  21. #include <TlHelp32.h>
  22. #include <iostream>
  23. #include <fstream>
  24.  
  25. #ifdef _DEBUG
  26.    #undef NDEBUG
  27. #else
  28.    #define NDEBUG
  29.    #define NODEBUG
  30. #endif
  31.  
  32. #include <cassert>
  33.  
  34. //Flags relocation for manual mapping
  35. #define RELOC_FLAG32(RelInfo)((RelInfo >> 0x0C) == IMAGE_REL_BASED_HIGHLOW)
  36. #define RELOC_FLAG64(RelInfo)((RelInfo >> 0x0C) == IMAGE_REL_BASED_DIR64)
  37.  
  38. #ifdef _WIN64
  39.    #define RELOC_FLAG RELOC_FLAG64
  40. #else
  41.    #define RELOC_FLAG RELOC_FLAG32
  42. #endif
  43.  
  44. #pragma endregion
  45.  
  46. #pragma region OBJECTS_AND_FUCNTION_POINTERS
  47.  
  48. //Kernel32.dll function pointers
  49. using pfLoadLibraryA   = HINSTANCE(WINAPI*)(const char* lpLibName);
  50. using pfGetProcAddress = UINT_PTR(WINAPI*)(HINSTANCE hModule, const char* lpProcName);
  51. using pfDllEntryPoint  = BOOL(WINAPI*)(LPVOID hDll, DWORD dwReason, LPVOID pReserved);
  52.  
  53. //Struct used for dll manual mapped dll
  54. struct MANUAL_MAPPING_DATA
  55. {
  56.     pfLoadLibraryA    pLoadLibraryA;
  57.     pfGetProcAddress  pGetProcAddress;
  58.     HINSTANCE         hMod;
  59. };
  60.  
  61.  
  62. //Struct used to get Base address and size of a process in memory
  63. #ifndef _SMODULE_DECLARED_
  64. typedef struct SMODULE
  65. {
  66.     DWORD dwBase = 0;
  67.     DWORD dwSize = 0;
  68. } *PSMODULE, *LPSMODULE;
  69. #endif
  70.  
  71.  
  72. #pragma endregion
  73.  
  74. //Virtual memory managment class
  75. typedef class VirtualMemory
  76. {
  77. public:
  78.    
  79.     //Base constructor
  80.     VirtualMemory(_Null_ void)
  81.     {
  82.         this->StartEngine();
  83.     }
  84.  
  85.     //Attach process by name constructor
  86.     VirtualMemory(_In_ LPCWSTR pName, _In_opt_ DWORD rights = PROCESS_ALL_ACCESS, _In_opt_ DWORD SnapshotFlag = TH32CS_SNAPPROCESS)
  87.     {
  88.         this->StartEngine();
  89.         this->AttachByName(pName, SnapshotFlag, rights);
  90.     }
  91.  
  92.     //Attach process by pid constructor
  93.     VirtualMemory(_In_ UINT pid, _In_opt_ DWORD rights = PROCESS_ALL_ACCESS)
  94.     {
  95.         this->StartEngine();
  96.         this->AttachByPID(pid, rights);
  97.     }
  98.  
  99.     //Destructor
  100.     ~VirtualMemory(_Null_ void)
  101.     {
  102.         if (this->_handle != INVALID_HANDLE_VALUE) CloseHandle(this->_handle);
  103.     }
  104.  
  105.     //Attach to a process by process name
  106.     bool AttachByName(_In_ LPCWSTR processName, _In_opt_ DWORD rights = PROCESS_ALL_ACCESS, _In_opt_ DWORD SnapshotFlag = TH32CS_SNAPPROCESS)
  107.     {
  108.         HANDLE snapHandle = CreateToolhelp32Snapshot(SnapshotFlag, NULL);
  109.  
  110.         if (snapHandle == INVALID_HANDLE_VALUE)
  111.         {
  112.             this->_handle = NULL;
  113.             return false;
  114.         }
  115.  
  116.         if (Process32FirstW(snapHandle, &_entry))
  117.         {
  118.             do
  119.             {
  120.                 if (!wcsicmp(_entry.szExeFile, processName))
  121.                 {
  122.                     this->_pid = _entry.th32ProcessID;
  123.                     CloseHandle(snapHandle);
  124.                     this->_handle = OpenProcess(rights, false, this->_pid);
  125.                     return true;
  126.                 }
  127.             } while (Process32NextW(snapHandle, &_entry));
  128.         }
  129.        
  130.         this->_handle = NULL;
  131.         CloseHandle(snapHandle);
  132.         return false;
  133.     }
  134.  
  135.     //Attach to a process by existing pid
  136.     bool AttachByPID(_In_ UINT pid, _In_opt_ DWORD rights = PROCESS_ALL_ACCESS)
  137.     {
  138.         this->_handle = OpenProcess(rights, false, pid);
  139.         if (this->_handle == INVALID_HANDLE_VALUE) return false;
  140.         return true;
  141.     }
  142.  
  143.     //Get module informations
  144.     LPSMODULE GetModule(_In_ LPCWSTR modulename, _In_opt_ DWORD ModuleFlag = TH32CS_SNAPMODULE)
  145.     {
  146.         HANDLE module = CreateToolhelp32Snapshot(ModuleFlag, _pid);
  147.  
  148.         if (module == INVALID_HANDLE_VALUE)return nullptr;
  149.  
  150.         if (Module32FirstW(module, &_mEntry))
  151.         {
  152.             do
  153.             {
  154.                 if (!wcsicmp(_mEntry.szModule, modulename))
  155.                 {
  156.                     CloseHandle(module);
  157.  
  158.                     LPSMODULE mod = new SMODULE;
  159.                     mod->dwBase = (DWORD)_mEntry.hModule;
  160.                     mod->dwSize = (DWORD)_mEntry.modBaseSize;
  161.  
  162.                     return mod;
  163.                 }
  164.             } while (Module32NextW(module, &_mEntry));
  165.         }
  166.  
  167.         CloseHandle(module);
  168.         return nullptr;
  169.  
  170.     }
  171.  
  172.     //Find pattern in a range of bytes
  173.     DWORD FindPattern(_In_ DWORD start, _In_ DWORD size, _In_ LPCSTR sig, _In_ LPCSTR mask)
  174.     {
  175.         BYTE* data = new BYTE[size];
  176.         SIZE_T bytesread;
  177.  
  178.         if (!ReadProcessMemory(_handle, (LPVOID)start, data, size, &bytesread)) return NULL;
  179.  
  180.         for (DWORD offset = 0; offset < size; offset++)
  181.         {
  182.             if (DataCompare((CONST BYTE*)(data + offset), (CONST BYTE*) sig, mask))
  183.             {
  184.                 delete[] data;
  185.                 return start + offset;
  186.             }
  187.         }
  188.  
  189.         delete[] data;
  190.         return NULL;
  191.     }
  192.  
  193.     //Read from memory
  194.     template<typename TypeToRead = DWORD>
  195.     TypeToRead Read(_In_ DWORD address, _Out_opt_ SIZE_T* BytesRead = NULL)
  196.     {
  197.         TypeToRead _Read;
  198.         ReadProcessMemory(_handle, (LPVOID)address, &_Read, sizeof(TypeToRead), BytesRead);
  199.         return _Read;
  200.     }
  201.  
  202.     //Write in memory
  203.     template<typename TypeToWrite = DWORD>
  204.     void Write(_In_ DWORD address, _In_ TypeToWrite value, _Out_opt_ SIZE_T* BytesWrite = NULL)
  205.     {
  206.         WriteProcessMemory(_handle, (LPVOID)address, &value, sizeof(TypeToWrite), BytesWrite);
  207.     }
  208.  
  209.     //Inject dll into a process
  210.     bool InjectDll(_In_ LPCSTR dllPath)
  211.     {
  212.         LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
  213.         LPVOID AllocatedMemory = VirtualAllocEx(_handle, NULL, strlen(dllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
  214.  
  215.         if (!WriteProcessMemory(_handle, AllocatedMemory, dllPath, strlen(dllPath), NULL)) return false;
  216.  
  217.         HANDLE thread = CreateRemoteThread(_handle, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddr, AllocatedMemory, 0, NULL);
  218.  
  219.         WaitForSingleObject(thread, INFINITE);
  220.         VirtualFreeEx(_handle, AllocatedMemory, strlen(dllPath), MEM_RELEASE);
  221.  
  222.         CloseHandle(thread);
  223.  
  224.         return true;
  225.  
  226.     }
  227.  
  228.     bool DEPRECATED_VM_METHOD InjectDllEx(_In_ LPCSTR szDllPath)
  229.     {
  230.         BYTE* pSrcData = nullptr;
  231.         PIMAGE_NT_HEADERS pOldNtHeader = nullptr;
  232.         PIMAGE_OPTIONAL_HEADER pOldOptHeader = nullptr;
  233.         PIMAGE_FILE_HEADER pOldFileHeader = nullptr;
  234.         BYTE* pTargetBase = nullptr;
  235.  
  236.         if (!GetFileAttributesA(szDllPath)) return false;
  237.  
  238.         std::ifstream File(szDllPath, std::ios::binary | std::ios::ate);
  239.         if (File.fail())
  240.         {
  241.             File.close();
  242.             File.clear();
  243.             return false;
  244.         }
  245.  
  246.         auto FileSize = File.tellg();
  247.         if (FileSize < 0x1000)
  248.         {
  249.             File.close();
  250.             File.clear();
  251.             return false;
  252.         }
  253.  
  254.         pSrcData = new BYTE[static_cast<UINT_PTR>(FileSize)];
  255.         if (!pSrcData)
  256.         {
  257.             File.close();
  258.             File.clear();
  259.             return false;
  260.         }
  261.  
  262.         File.seekg(0, std::ios::beg);
  263.         File.read(reinterpret_cast<char*>(pSrcData), FileSize);
  264.         File.close();
  265.         File.clear();
  266.  
  267.         if (reinterpret_cast<PIMAGE_DOS_HEADER>(pSrcData)->e_magic != 0x54AD)
  268.         {
  269.             delete[] pSrcData;
  270.             return false;
  271.         }
  272.  
  273.         pOldNtHeader = reinterpret_cast<PIMAGE_NT_HEADERS>(pSrcData + reinterpret_cast<PIMAGE_DOS_HEADER>(pSrcData)->e_lfanew);
  274.         pOldOptHeader = &pOldNtHeader->OptionalHeader;
  275.         pOldFileHeader = &pOldNtHeader->FileHeader;
  276.  
  277.         #ifdef _WIN64
  278.         if (pOldFileHeader->Machine != IMAGE_FILE_MACHINE_AMD64)
  279.         {
  280.             delete[] pSrcData;
  281.  
  282.             return false;
  283.         }
  284.         #else
  285.         if (pOldFileHeader->Machine != IMAGE_FILE_MACHINE_I386)
  286.         {
  287.             delete[] pSrcData;
  288.  
  289.             return false;
  290.         }
  291.         #endif
  292.  
  293.         pTargetBase = reinterpret_cast<PBYTE>(VirtualAllocEx(_handle, reinterpret_cast<LPVOID>(pOldOptHeader->ImageBase), pOldOptHeader->SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
  294.         if (!pTargetBase)
  295.         {
  296.             pTargetBase = reinterpret_cast<PBYTE>(VirtualAllocEx(_handle, nullptr, pOldOptHeader->SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
  297.             if (!pTargetBase)
  298.             {
  299.                 delete[] pSrcData;
  300.  
  301.                 return false;
  302.             }
  303.         }
  304.  
  305.         MANUAL_MAPPING_DATA data{ 0 };
  306.         data.pLoadLibraryA = LoadLibraryA;
  307.         data.pGetProcAddress = reinterpret_cast<pfGetProcAddress>(GetProcAddress);
  308.  
  309.         auto* pSectionHeader = IMAGE_FIRST_SECTION(pOldNtHeader);
  310.         for (UINT i = 0; i != pOldFileHeader->NumberOfSections; ++i, ++pSectionHeader)
  311.         {
  312.             if (pSectionHeader->SizeOfRawData)
  313.             {
  314.                 if (!WriteProcessMemory(_handle, pTargetBase + pSectionHeader->VirtualAddress, pSrcData + pSectionHeader->PointerToRawData, pSectionHeader->SizeOfRawData, nullptr));
  315.                 {
  316.                     delete[] pSrcData;
  317.                     VirtualFreeEx(_handle, pTargetBase, 0, MEM_RELEASE);
  318.  
  319.                     return false;
  320.                 }
  321.             }
  322.         }
  323.          
  324.         memcpy(pSrcData, &data, sizeof(data));
  325.         WriteProcessMemory(_handle, pTargetBase, pSrcData, 0x1000 , nullptr);
  326.  
  327.         delete[] pSrcData;
  328.  
  329.         LPVOID pShellCode = VirtualAllocEx(_handle, nullptr, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  330.         if (!pShellCode)
  331.         {
  332.             VirtualFreeEx(_handle, pTargetBase, 0, MEM_RELEASE);
  333.             return false;
  334.         }
  335.  
  336.         //WriteProcessMemory(_handle, pShellCode, this->ShellCode, 0x1000, nullptr);
  337.  
  338.         HANDLE hThread = CreateRemoteThread(_handle, nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(this->ShellCode), pTargetBase, 0, nullptr);
  339.         if (!hThread)
  340.         {
  341.             VirtualFreeEx(_handle, pTargetBase, 0, MEM_RELEASE);
  342.             VirtualFreeEx(_handle, pShellCode, 0, MEM_RELEASE);
  343.         }
  344.  
  345.         //(hThread);
  346.        
  347.         HINSTANCE hCheck = NULL;
  348.         while (!hCheck)
  349.         {
  350.             MANUAL_MAPPING_DATA data_checked{ 0 };
  351.             ReadProcessMemory(_handle, pTargetBase, &data_checked, sizeof(data_checked), nullptr);
  352.             hCheck = data_checked.hMod;
  353.             Sleep(10);
  354.         }
  355.  
  356.         VirtualFreeEx(_handle, pShellCode, 0, MEM_RELEASE);
  357.  
  358.         return true;
  359.  
  360.     }
  361.  
  362.     //Map file and get his bytes
  363.     BYTE* MapFile(_In_ LPCSTR filename)
  364.     {
  365.         std::streampos size;
  366.         std::fstream file(filename, std::ios::in | std::ios::binary | std::ios::ate);
  367.         if (file.is_open())
  368.         {
  369.             size = file.tellg();
  370.  
  371.             BYTE* MemBlock = new BYTE[size];
  372.  
  373.             file.seekg(0, std::ios::beg);
  374.             file.read((char*)MemBlock, size);
  375.             file.close();
  376.             file.clear();
  377.  
  378.             return MemBlock;
  379.         }
  380.         return 0;
  381.     }
  382.  
  383.     //Run an exernal executable in a process (works only with x86 applications)
  384.     #ifdef _X86_
  385.     bool RunPortableExecutable(_In_ LPVOID Image)
  386.     {
  387.         IMAGE_DOS_HEADER* DOSHeader;
  388.         IMAGE_NT_HEADERS* NtHeader;
  389.         IMAGE_SECTION_HEADER* SectionHeader;
  390.  
  391.         PROCESS_INFORMATION PI;
  392.         STARTUPINFOA SI;
  393.  
  394.         CONTEXT* CTX;
  395.  
  396.         DWORD* ImageBase;
  397.         void* pImageBase;
  398.  
  399.         int count;
  400.         char CurrentFilePath[1024];
  401.  
  402.         DOSHeader = PIMAGE_DOS_HEADER(Image);
  403.         NtHeader = PIMAGE_NT_HEADERS(DWORD(Image) + DOSHeader->e_lfanew);
  404.  
  405.         GetModuleFileNameA(0, CurrentFilePath, 1024);
  406.  
  407.         if (NtHeader->Signature == IMAGE_NT_SIGNATURE)
  408.         {
  409.             ZeroMemory(&PI, sizeof(PI));
  410.             ZeroMemory(&SI, sizeof(SI));
  411.  
  412.             if (CreateProcessA(CurrentFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
  413.             {
  414.                 CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
  415.                 CTX->ContextFlags = CONTEXT_FULL;
  416.  
  417.                 if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
  418.                 {
  419.                     ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0);
  420.  
  421.                     pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase), NtHeader->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);
  422.  
  423.                     WriteProcessMemory(PI.hProcess, pImageBase, Image, NtHeader->OptionalHeader.SizeOfHeaders, NULL);
  424.  
  425.                     for (count = 0; count < NtHeader->FileHeader.NumberOfSections; count++)
  426.                     {
  427.                         SectionHeader = PIMAGE_SECTION_HEADER(DWORD(Image) + DOSHeader->e_lfanew + 248 + (count * 40));
  428.                         WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + SectionHeader->VirtualAddress), LPVOID(DWORD(Image) + SectionHeader->PointerToRawData), SectionHeader->SizeOfRawData, 0);
  429.                     }
  430.                     WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&NtHeader->OptionalHeader.ImageBase), 4, 0);
  431.  
  432.                     CTX->Eax = DWORD(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
  433.                     SetThreadContext(PI.hThread, LPCONTEXT(CTX));
  434.                     ResumeThread(PI.hThread);
  435.  
  436.                     return true;
  437.                 }
  438.             }
  439.         }
  440.  
  441.     }
  442.     #endif
  443.  
  444.     //Get process id value
  445.     DWORD GetPid(_Null_ void) const
  446.     {
  447.         return this->_pid;
  448.     }
  449.  
  450.     //Get handle address
  451.     HANDLE GetHandle(_Null_ void) const
  452.     {
  453.         return this->_handle;
  454.     }
  455.  
  456.     //Get process information
  457.     PROCESSENTRY32W GetEntry(_Null_ void) const
  458.     {
  459.         return this->_entry;
  460.     }
  461.  
  462.     //Get dll module information
  463.     MODULEENTRY32W GetModEntry(_Null_ void) const
  464.     {
  465.         return this->_mEntry;
  466.     }
  467.  
  468.     /* Operators overloading */
  469.  
  470.     VirtualMemory& operator=(_In_ VirtualMemory& RightValue)
  471.     {
  472.         this->_handle = RightValue._handle;
  473.         this->_pid = RightValue._pid;
  474.  
  475.         return *this;
  476.     }
  477.  
  478.     inline bool operator==(_In_ const VirtualMemory& RightValue)
  479.     {
  480.         if (this->_handle != RightValue._handle) return false;
  481.         if (this->_pid != RightValue._pid) return false;
  482.  
  483.         return true;
  484.     }
  485.  
  486.     inline bool operator!(_Null_ void)
  487.     {
  488.         if (this->_handle == INVALID_HANDLE_VALUE) return true;
  489.         else return false;
  490.     }
  491.  
  492. private:
  493.  
  494.     //Constructor basic vars initializer
  495.     void StartEngine(_Null_ void)
  496.     {
  497.         this->_entry.dwSize = sizeof(PROCESSENTRY32);
  498.         this->_mEntry.dwSize = sizeof(MODULEENTRY32);
  499.         this->_pid = 0;
  500.         this->_handle = INVALID_HANDLE_VALUE;
  501.     }
  502.  
  503.     //Compare data for pattern scan
  504.     bool DataCompare(_In_ const BYTE* data, _In_ const BYTE* mask, _In_ LPCSTR szMask)
  505.     {
  506.         for (; *szMask; ++szMask, ++data, ++mask)
  507.         {
  508.             if (*szMask == 'x' && *data != *mask) return false;
  509.         }
  510.         return(*szMask == NULL);
  511.     }
  512.  
  513.     //Shell code used in manual mapping
  514.     void __stdcall ShellCode(_In_ MANUAL_MAPPING_DATA* pData)
  515.     {
  516.         if (!pData) return;
  517.  
  518.         PBYTE pBase = reinterpret_cast<PBYTE>(pData);
  519.         auto* pOpt = &reinterpret_cast<PIMAGE_NT_HEADERS>(pBase + reinterpret_cast<PIMAGE_DOS_HEADER>(pData)->e_lfanew)->OptionalHeader;
  520.  
  521.         auto _LoadLibraryA = pData->pLoadLibraryA;
  522.         auto _GetProcAddress = pData->pGetProcAddress;
  523.         auto _DllMain = reinterpret_cast<pfDllEntryPoint>(pBase + pOpt->AddressOfEntryPoint);
  524.  
  525.         PBYTE LocationDelta = pBase - pOpt->ImageBase;
  526.         if (LocationDelta)
  527.         {
  528.             if (!pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size) return;
  529.  
  530.             auto* pRelocData = reinterpret_cast<PIMAGE_BASE_RELOCATION>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
  531.             while (pRelocData->VirtualAddress)
  532.             {
  533.                 UINT AmountOfEntries = (pRelocData->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
  534.                 PWORD pRelativeInfo = reinterpret_cast<PWORD>(pRelocData + 1);
  535.  
  536.                 for (UINT i = 0; i != AmountOfEntries; ++i, ++pRelativeInfo)
  537.                 {
  538.                     if (RELOC_FLAG(*pRelativeInfo))
  539.                     {
  540.                         UINT_PTR* pPatch = reinterpret_cast<UINT_PTR*>(pBase + pRelocData->VirtualAddress + ((*pRelativeInfo) & 0xFFF));
  541.                         *pPatch += reinterpret_cast<UINT_PTR>(LocationDelta);
  542.                     }
  543.                 }
  544.  
  545.                 pRelocData = reinterpret_cast<PIMAGE_BASE_RELOCATION>(reinterpret_cast<PBYTE>(pRelocData) + pRelocData->SizeOfBlock);
  546.             }
  547.         }
  548.    
  549.         if (pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size)
  550.         {
  551.             auto* pImportDescriptor = reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
  552.             while (pImportDescriptor->Name)
  553.             {
  554.                 char* szMod = reinterpret_cast<char*>(pBase + pImportDescriptor->Name);
  555.                 HINSTANCE hDll = _LoadLibraryA(szMod);
  556.                 ULONG_PTR* pThunkRef = reinterpret_cast<ULONG_PTR*>(pBase + pImportDescriptor->OriginalFirstThunk);
  557.                 ULONG_PTR* pFuncRef = reinterpret_cast<ULONG_PTR*>(pBase + pImportDescriptor->FirstThunk);
  558.  
  559.                 if (!pThunkRef) pThunkRef = pFuncRef;
  560.  
  561.                 for (; *pThunkRef; ++pThunkRef, ++pFuncRef)
  562.                 {
  563.                     if (IMAGE_SNAP_BY_ORDINAL(*pThunkRef))
  564.                     {
  565.                         *pFuncRef = _GetProcAddress(hDll, reinterpret_cast<PCHAR>(*pThunkRef & 0xFFFF));
  566.                     }
  567.                     else
  568.                     {
  569.                         auto* pImport = reinterpret_cast<PIMAGE_IMPORT_BY_NAME>(pBase + (*pThunkRef));
  570.                         *pFuncRef = _GetProcAddress(hDll, pImport->Name);
  571.                     }
  572.                 }
  573.                 pImportDescriptor++;
  574.             }
  575.         }
  576.  
  577.         if (pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size)
  578.         {
  579.             auto* pTLS = reinterpret_cast<PIMAGE_TLS_DIRECTORY>(pBase + pOpt->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
  580.             auto* pCallBack = reinterpret_cast<PIMAGE_TLS_CALLBACK*>(pTLS->AddressOfCallBacks);
  581.  
  582.             for (; pCallBack && *pCallBack; ++pCallBack)
  583.                 (*pCallBack)(pBase, DLL_PROCESS_ATTACH, nullptr);
  584.         }
  585.  
  586.         _DllMain(pBase, DLL_PROCESS_ATTACH, nullptr);
  587.         pData->hMod = reinterpret_cast<HINSTANCE>(pBase);
  588.  
  589.     }
  590.  
  591.     //Internal Variables
  592.     PROCESSENTRY32W _entry;   //Store process informations to get pid and access
  593.     MODULEENTRY32W _mEntry;   //Store last module informations found to get base address and size
  594.     DWORD _pid;               //Process ID to get access
  595.     HANDLE _handle;           //Process handle
  596.  
  597. } *pVirtualMemory, *lpVirtualMemory;
  598.  
  599. #endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!