Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Latest commit

 

History

History
History
73 lines (61 loc) · 1.95 KB
/

LoadDllMemoryApi.cpp

File metadata and controls

73 lines (61 loc) · 1.95 KB
Copy raw file
Download raw file
Open symbols panel
Edit and raw actions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#include "stdafx.h"
#include <cstdlib>
HMEMORYMODULE WINAPI LoadLibraryMemoryExW(
_In_ PVOID BufferAddress,
_In_ size_t Reserved,
_In_opt_ LPCWSTR DllBaseName,
_In_opt_ LPCWSTR DllFullName,
_In_ DWORD Flags) {
HMEMORYMODULE hMemoryModule = nullptr;
NTSTATUS status = LdrLoadDllMemoryExW(&hMemoryModule, nullptr, Flags, BufferAddress, Reserved, DllBaseName, DllFullName);
if (!NT_SUCCESS(status) || status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH) {
SetLastError(RtlNtStatusToDosError(status));
}
return hMemoryModule;
}
HMEMORYMODULE WINAPI LoadLibraryMemoryExA(
_In_ PVOID BufferAddress,
_In_ size_t Reserved,
_In_opt_ LPCSTR DllBaseName,
_In_opt_ LPCSTR DllFullName,
_In_ DWORD Flags) {
LPWSTR _DllName = nullptr, _DllFullName = nullptr;
size_t size;
HMEMORYMODULE result = nullptr;
HANDLE heap = NtCurrentPeb()->ProcessHeap;
do {
if (DllBaseName) {
size = strlen(DllBaseName) + 1;
_DllName = (LPWSTR)RtlAllocateHeap(heap, 0, sizeof(WCHAR) * size);
if (!_DllName) {
RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES);
break;
}
mbstowcs_s(nullptr, _DllName, size, DllBaseName, size);
}
if (DllFullName) {
size = strlen(DllFullName) + 1;
_DllFullName = (LPWSTR)RtlAllocateHeap(heap, 0, sizeof(WCHAR) * size);
if (!_DllFullName) {
RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES);
break;
}
mbstowcs_s(nullptr, _DllFullName, size, DllFullName, size);
}
result = LoadLibraryMemoryExW(BufferAddress, 0, _DllName, _DllFullName, Flags);
} while (false);
RtlFreeHeap(heap, 0, _DllName);
RtlFreeHeap(heap, 0, _DllFullName);
return result;
}
HMEMORYMODULE WINAPI LoadLibraryMemory(_In_ PVOID BufferAddress) {
return LoadLibraryMemoryExW(BufferAddress, 0, nullptr, nullptr, 0);
}
BOOL WINAPI FreeLibraryMemory(_In_ HMEMORYMODULE hMemoryModule) {
NTSTATUS status = LdrUnloadDllMemory(hMemoryModule);
if (!NT_SUCCESS(status)) {
SetLastError(RtlNtStatusToDosError(status));
return FALSE;
}
return TRUE;
}
Morty Proxy This is a proxified and sanitized view of the page, visit original site.