Add files via upload

Souhardya · Dec 30, 2021 · 389bbb1 · 389bbb1
1 parent a747c36
commit 389bbb1
Show file tree

Hide file tree

Showing 86 changed files with 7,629 additions and 0 deletions.
diff --git a/HookPorts/Dispatch_NTDLL.cpp b/HookPorts/Dispatch_NTDLL.cpp
diff --git a/HookPorts/Dispatch_NTDLL.h b/HookPorts/Dispatch_NTDLL.h
@@ -0,0 +1,3 @@
+#pragma once
+
+int Dispatch_NTDLL_Start(void);
diff --git a/HookPorts/Dispatch_NTDLL_LdrLoadDll.cpp b/HookPorts/Dispatch_NTDLL_LdrLoadDll.cpp
@@ -0,0 +1,75 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_NTDLL_LdrLoadDll.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+
+
+
+//
+//Global
+//
+__pfnLdrLoadDll pfnLdrLoadDll = NULL;
+
+
+
+//
+//Dispatch_NTDLL_LdrLoadDll Functions
+//
+NTSTATUS
+NTAPI
+OnLdrLoadDll(
+  IN PWCHAR               PathToFile OPTIONAL,
+  IN ULONG                Flags OPTIONAL,
+  IN PUNICODE_STRING      ModuleFileName,
+  OUT PHANDLE             ModuleHandle )
+{
+	NTSTATUS nRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		nRet = pfnLdrLoadDll(
+			PathToFile,
+			Flags,
+			ModuleFileName,
+			ModuleHandle
+			);
+	}
+
+	nRet = pfnLdrLoadDll(
+		PathToFile,
+		Flags,
+		ModuleFileName,
+		ModuleHandle
+		);
+
+//	__try
+//	{
+//#ifdef Dbg
+//		WCHAR szDebugString[512] = {0};
+//		wsprintf(
+//			szDebugString,
+//			L"PathToFile=[%s]\r\nBuffer of ModuleFileName=[%s]",
+//			PathToFile,
+//			ModuleFileName->Buffer);
+//		DebugLog(DbgInfo,szDebugString);
+//#endif
+//
+//#ifdef Dbg
+//		DebugLog(DbgInfo,L"Called");
+//#endif
+//	}
+//	__except(EXCEPTION_EXECUTE_HANDLER)
+//	{
+//	}
+
+	return nRet;
+}
diff --git a/HookPorts/Dispatch_NTDLL_LdrLoadDll.h b/HookPorts/Dispatch_NTDLL_LdrLoadDll.h
@@ -0,0 +1,18 @@
+#pragma once
+
+typedef NTSTATUS (NTAPI * __pfnLdrLoadDll)
+(
+	IN PWCHAR               PathToFile OPTIONAL,
+	IN ULONG                Flags OPTIONAL,
+	IN PUNICODE_STRING      ModuleFileName,
+	OUT PHANDLE             ModuleHandle );
+
+extern __pfnLdrLoadDll pfnLdrLoadDll;
+
+NTSTATUS
+NTAPI
+OnLdrLoadDll(
+	IN PWCHAR               PathToFile OPTIONAL,
+	IN ULONG                Flags OPTIONAL,
+	IN PUNICODE_STRING      ModuleFileName,
+	OUT PHANDLE             ModuleHandle );
diff --git a/HookPorts/Dispatch_NTDLL_LdrUnloadDll.cpp b/HookPorts/Dispatch_NTDLL_LdrUnloadDll.cpp
@@ -0,0 +1,52 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_NTDLL_LdrUnloadDll.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+
+
+
+//
+//Global
+//
+__pfnLdrUnloadDll pfnLdrUnloadDll = NULL;
+
+
+
+//
+//Dispatch_NTDLL_LdrUnloadDll Functions
+//
+NTSTATUS
+NTAPI
+OnLdrUnloadDll(
+	IN HANDLE               ModuleHandle )
+{
+	NTSTATUS nRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		nRet = pfnLdrUnloadDll(
+			ModuleHandle
+			);
+
+		return nRet;
+	}
+
+	nRet = pfnLdrUnloadDll(
+		ModuleHandle
+		);
+
+//#ifdef Dbg
+//	DebugLog(DbgInfo,L"Called");
+//#endif
+
+	return nRet;
+}
diff --git a/HookPorts/Dispatch_NTDLL_LdrUnloadDll.h b/HookPorts/Dispatch_NTDLL_LdrUnloadDll.h
@@ -0,0 +1,11 @@
+#pragma once
+
+typedef NTSTATUS (NTAPI * __pfnLdrUnloadDll)
+(  IN HANDLE               ModuleHandle );
+
+extern __pfnLdrUnloadDll pfnLdrUnloadDll;
+
+NTSTATUS
+NTAPI
+OnLdrUnloadDll(
+	IN HANDLE               ModuleHandle );