mirror/WinDurango
1
0
Fork 0
mirror of https://github.com/WinDurango/WinDurango.git synced 2026-01-28 06:08:45 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7 from AleBello7276/main

Browse Source 
Attempt at matching DLLMain entrypoint, a bit of refactor, and Exports.def now works!
This commit is contained in:
Dexrn ZacAttack
2024-09-04 05:01:53 -07:00
committed by GitHub
parent ba270bd136 ac55de1903
commit 8d4ce3bd1a
8 changed files with 325 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
dlls/kernelx/dllmain.cpp
View File

@@ -4,50 +4,49 @@
// ReSharper disable CppClangTidyHicppMultiwayPathsCovered
// ReSharper disable CppClangTidyClangDiagnosticInconsistentDllimport
#include "pch.h"
#include "framework.h"
#include "kernelx.h"
ANSI_STRING* DestinationString;
SYSTEM_BASIC_INFORMATION* System_Info;
HINSTANCE hModule;
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)
{
BOOL v4;
switch (forwardReason)
{
case DLL_PROCESS_ATTACH:
if (NtQuerySystemInformation(SystemBasicInformation, &System_Info, 0x40u, 0LL) >= 0)
{
v4 = true;
if (RtlUnicodeStringToAnsiString(DestinationString OUT, &NtCurrentTeb()->ProcessEnvironmentBlock->ProcessParameters->CommandLine, true) < 0)
{
DestinationString->Length = 0LL;
DestinationString->Buffer = 0LL;
}
RtlSetUnhandledExceptionFilter(UnhandledExceptionFilter);
}
else
{
v4 = 0;
}
hModule = hInstance;
sub_18001BB8C();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
v4 = 1;
sub_18001BCA0(hInstance, forwardReason, lpvReserved);
break;
}
return TRUE;
}
void AcquireSRWLockExclusive_X(PSRWLOCK SRWLock)
{
AcquireSRWLockExclusive(SRWLock);
}
void AcquireSRWLockShared_X(PSRWLOCK SRWLock)
{
AcquireSRWLockShared(SRWLock);
}
void EnterCriticalSection_X(LPCRITICAL_SECTION lpCriticalSection)
{
EnterCriticalSection(lpCriticalSection);
}
HANDLE GetProcessHeap_X()
{
return GetProcessHeap();
}
// TODO: Need to figure out this function.
PVOID XMemAllocDefault_X(ULONG_PTR a1, UINT64 a2)
{
return nullptr;
}
PVOID XMemAlloc_X(SIZE_T dwSize, ULONGLONG dwAttributes)
{
return XMemAllocDefault_X(dwSize, dwAttributes);
}

1
dlls/kernelx/framework.h
View File

@@ -3,3 +3,4 @@
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
// Windows Header Files
#include <windows.h>
#include <winternl.h>

259
dlls/kernelx/kernelx.cpp Normal file
View File

@@ -0,0 +1,259 @@
// ReSharper disable CppInconsistentNaming
// ReSharper disable CppParameterMayBeConst
// ReSharper disable CppDefaultCaseNotHandledInSwitchStatement
// ReSharper disable CppClangTidyHicppMultiwayPathsCovered
// ReSharper disable CppClangTidyClangDiagnosticInconsistentDllimport
#include "pch.h"
#include "framework.h"
#include "kernelx.h"
void AcquireSRWLockExclusive_X(PSRWLOCK SRWLock)
{
AcquireSRWLockExclusive(SRWLock);
}
void AcquireSRWLockShared_X(PSRWLOCK SRWLock)
{
AcquireSRWLockShared(SRWLock);
}
void EnterCriticalSection_X(LPCRITICAL_SECTION lpCriticalSection)
{
EnterCriticalSection(lpCriticalSection);
}
HANDLE GetProcessHeap_X()
{
return GetProcessHeap();
}
// TODO: Need to figure out this function.
PVOID XMemAllocDefault_X(ULONG_PTR a1, UINT64 a2)
{
return nullptr;
}
PVOID XMemAlloc_X(SIZE_T dwSize, ULONGLONG dwAttributes)
{
return XMemAllocDefault_X(dwSize, dwAttributes);
}
// !!!!!
// Should be in ntdll.dll reimplementation, right now i'm just testing things with DLLMain entryPoint
PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter)
{
return EncodePointer(ExceptionFilter);
}
// TODO
// absolutely temporary implementation I just want to make it work
// sub_18001BCA0
char* qword_18002B880;
char* qword_18002B890;
HANDLE qword_18002B820;
HANDLE qword_18002B830;
HANDLE qword_18002B818;
HANDLE qword_18002B850;
HANDLE qword_18002B858;
HANDLE qword_18002B888;
HANDLE P;
char* dword_18002B84C;
//sub_18001BB8C
int dword_18002BF68;
int sub_18001D528()
{
//TODO
}
INT16 sub_18001D768()
{
//TODO
}
int sub_18001D96C(int v2, unsigned short* codePageData, unsigned int p, bool t,long l)
{
//TODO
}
__int64 sub_18001BB8C()
{
/*unsigned int v0; // ebx
unsigned __int16* AnsiCodePageData; // rdx
int v2; // ecx
PVOID v3; // rbx
HMODULE v4; // rcx
v0 = 0;
if (!dword_18002B84C)
{
v0 = sub_18001D528();
if (!v0)
{
v0 = sub_18001D768();
if (!v0)
{
// not sure
AnsiCodePageData = (unsigned __int16*)NtCurrentTeb()->ProcessEnvironmentBlock->ProcessParameters;
v2 = AnsiCodePageData[1];
dword_18002BF68 = v2;
v0 = sub_18001D96C(v2, AnsiCodePageData, (unsigned int)&P, 0, 0LL);
if (!v0)
{
RtlAcquireSRWLockExclusive(&unk_18002B838);
qword_18002B828 = sub_18001EB38(127LL);
if (qword_18002B828)
{
RtlReleaseSRWLockExclusive(&unk_18002B838);
qword_18002B990 = 0LL;
qword_18002B980 = 0LL;
word_18002BF64 = 1;
Event = 0LL;
dword_18002B84C = 1;
}
else
{
RtlReleaseSRWLockExclusive(&unk_18002B838);
v3 = P;
v4 = (HMODULE) * ((_QWORD*)P + 8);
if (v4)
FreeLibrary(v4);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, v3);
P = 0LL;
return 87;
}
}
}
}
}
return v0;*/
return 0;
}
// absolutely temporary implementation I just want to make it work
// decompilation from ghidra (it looks horrible lol)
NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)
{
char* v0; // rax
__int64 v1; // rdi
__int64 v2; // rsi
char* v3; // rbx
HMODULE v4; // rcx
char* v5; // rbp
char* v6; // rax
__int64 v7; // rdi
__int64 v8; // rsi
char* v9; // r8
char* v10; // rbx
PVOID v11; // rbx
HMODULE v12; // rcx
NTSTATUS result; // al
v0 = (char*)qword_18002B880;
if (qword_18002B880)
{
v1 = 0LL;
v2 = 197LL;
do
{
v3 = *(char**)&v0[v1];
if (v3)
{
do
{
v4 = (HMODULE)v3[8];
v5 = (char*)v3[9];
if (v4)
FreeLibrary(v4);
HeapFree(GetProcessHeap(), 0, v3);
v3 = v5;
} while (v5);
v0 = (char*)qword_18002B880;
}
v1 += 8LL;
--v2;
} while (v2);
if (v0)
HeapFree(GetProcessHeap(), 0, qword_18002B880);
qword_18002B880 = 0LL;
}
v6 = (char*)qword_18002B890;
v7 = 0LL;
v8 = 128LL;
do
{
v9 = *(char**)&v6[v7];
if (v9)
{
do
{
v10 = (char*)v9[10];
HeapFree(GetProcessHeap(), 0, v9);
v9 = v10;
} while (v10);
v6 = (char*)qword_18002B890;
}
v7 += 8LL;
--v8;
} while (v8);
if (v6)
HeapFree(GetProcessHeap(), 0, qword_18002B890);
qword_18002B890 = 0LL;
if (qword_18002B888)
HeapFree(GetProcessHeap(), 0, qword_18002B888);
// P ?!?
v11 = P;
qword_18002B888 = 0LL;
v12 = (HMODULE) * ((char*)P + 8);
if (v12)
FreeLibrary(v12);
result = HeapFree(GetProcessHeap(), 0, v11);
P = 0LL;
if (GetModuleHandle)
{
result = NtClose(GetModuleHandle);
}
if (qword_18002B820)
{
result = NtClose(qword_18002B820);
qword_18002B820 = 0LL;
}
if (qword_18002B830)
{
result = NtClose(qword_18002B830);
qword_18002B830 = 0LL;
}
if (qword_18002B818)
{
result = NtClose(qword_18002B818);
qword_18002B818 = 0LL;
}
if (qword_18002B850)
{
result = NtClose(qword_18002B850);
qword_18002B850 = 0LL;
}
if (qword_18002B858)
{
result = NtClose(qword_18002B858);
qword_18002B858 = 0LL;
}
dword_18002B84C = 0;
return result;
}

26
dlls/kernelx/kernelx.h Normal file
View File

@@ -0,0 +1,26 @@
#pragma once
#include "framework.h"
// EXE EXPORTS
extern "C" void AcquireSRWLockExclusive_X(PSRWLOCK SRWLock);
extern "C" void AcquireSRWLockShared_X(PSRWLOCK SRWLock);
extern "C" void EnterCriticalSection_X(LPCRITICAL_SECTION lpCriticalSection);
extern "C" HANDLE GetProcessHeap_X();
// TODO: Need to figure out this function.
extern "C" PVOID XMemAllocDefault_X(ULONG_PTR a1, UINT64 a2);
extern "C" PVOID XMemAlloc_X(SIZE_T dwSize, ULONGLONG dwAttributes);
// EXE EXPORTS END
PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter);
__int64 sub_18001BB8C();
NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved);

11
dlls/kernelx/kernelx.vcxproj
View File

@@ -83,6 +83,7 @@
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
<ModuleDefinitionFile>Exports.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -102,6 +103,7 @@
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
<ModuleDefinitionFile>Exports.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -117,6 +119,7 @@
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
<ModuleDefinitionFile>Exports.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -136,14 +139,18 @@
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
<AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>Exports.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="framework.h" />
<ClInclude Include="kernelx.h" />
<ClInclude Include="pch.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="kernelx.cpp" />
<ClCompile Include="pch.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
@@ -152,10 +159,10 @@
</ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="Exports.def" />
<Text Include="Exports.txt" />
</ItemGroup>
<ItemGroup>
<Text Include="Exports.txt" />
<None Include="Exports.def" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">

66
dlls/ntdll/dllmain.cpp
View File

@@ -1,66 +0,0 @@
// ReSharper disable CppInconsistentNaming
// ReSharper disable CppParameterMayBeConst
// ReSharper disable CppDefaultCaseNotHandledInSwitchStatement
// ReSharper disable CppClangTidyHicppMultiwayPathsCovered
// ReSharper disable CppClangTidyClangDiagnosticInconsistentDllimport
#include "pch.h"
#include "framework.h"
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)
{
switch (forwardReason)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
// TODO: I'm not sure what the return type or parameters are for this function.
/*
__int64 __fastcall TpSetPoolAffinityMask(__int64 a1, __int64 a2)
{
__int64 result; // rax
__int64 v5; // rax
_BYTE v6[16]; // [rsp+30h] [rbp-38h] BYREF
__int64 v7; // [rsp+40h] [rbp-28h]
if ( !a2 )
return 3221225485LL;
result = ZwQueryInformationProcess(-1LL, 0LL, v6, 48LL, 0LL);
if ( (int)result >= 0 )
{
if ( (a2 & v7) != a2 )
return 3221225485LL;
if ( a1 )
{
_InterlockedExchange64((volatile __int64 *)(a1 + 456), a2);
}
else
{
RtlAcquireSRWLockExclusive(&unk_18009DB38);
qword_18009DB28 = a2;
RtlReleaseSRWLockExclusive(&unk_18009DB38);
v5 = sub_18005E18C();
if ( v5 )
{
TpSetPoolAffinityMask(v5, a2);
sub_18005E0E8(&qword_18009DB30, &unk_18009DB38);
}
}
return 0LL;
}
return result;
}
*/
void TpSetPoolAffinityMask_X()
{
// TODO: This needs an implementation.
}

1
dlls/ntdll/ntdll.vcxproj
View File

@@ -22,7 +22,6 @@
<Text Include="Exports.txt" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="pch.cpp" />
</ItemGroup>
<ItemGroup>

1
dlls/ntdll/ntdll.vcxproj.filters
View File

@@ -4,7 +4,6 @@
<Text Include="Exports.txt" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="pch.cpp" />
</ItemGroup>
<ItemGroup>