infosecn1nja
/
C3
mirror of https://github.com/infosecn1nja/C3.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Exclude RtlPcToFileHeader hook from x86 builds 

Exception info on x86 is absolute rather than relative (as x64) so
exception creation doesn't require this call.

Additionally Win8.1 SDK doesn't export `RtlPcToFileHeader` in
kernel32.lib for static linking, which causes linking to fail
dependabot/npm_and_yarn/Src/WebController/UI/websocket-extensions-0.1.4
Grzegorz Rychlik 2020-01-28 10:50:25 +01:00
parent f0e7ece23d
commit ba5617a5e1
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Src/CebuLoader/LoadPe.cpp
View File

@ -28,7 +28,8 @@ namespace MWR::Loader
DWORD m_SizeOfTheDll;
} moduleData;
PVOID RtlPcToFileHeaderHook(PVOID pc, PVOID* baseOfImage)
#if defined _M_AMD64
void* RtlPcToFileHeaderHook(PVOID pc, PVOID* baseOfImage)
{
if (pc > (void*)moduleData.m_DllBaseAddress and pc < (void*)(moduleData.m_DllBaseAddress + moduleData.m_SizeOfTheDll))
{
@ -40,11 +41,14 @@ namespace MWR::Loader
return RtlPcToFileHeader(pc, baseOfImage);
}
}
#endif
void* GetHookAddress(const char* dllName, const char* funcName)
{
#if defined _M_AMD64
if (_stricmp(dllName,"kernel32.dll") == 0 && strcmp(funcName, "RtlPcToFileHeader") == 0)
return (void*)RtlPcToFileHeaderHook;
#endif
return nullptr;
}