diff --git a/DarkLoadLibrary/include/darkloadlibrary.h b/DarkLoadLibrary/include/darkloadlibrary.h index f0806a7..3ad9925 100644 --- a/DarkLoadLibrary/include/darkloadlibrary.h +++ b/DarkLoadLibrary/include/darkloadlibrary.h @@ -1,21 +1,24 @@ +#pragma once #include #include +#include "darkmodule.h" +#include "pebutils.h" +#include "ldrutils.h" #define LOAD_LOCAL_FILE 0x00000001 #define LOAD_REMOTE_FILE 0x00000002 #define LOAD_MEMORY 0x00000003 #define NO_LINK 0x00000004 -#pragma once -typedef struct _DARKMODULE { - BOOL bSuccess; - LPWSTR ErrorMsg; - PBYTE pbDllData; - DWORD dwDllDataLen; - LPWSTR LocalDLLName; - PWCHAR CrackedDLLName; - ULONG_PTR ModuleBase; -} DARKMODULE, *PDARKMODULE; +// typedef struct _DARKMODULE { +// BOOL bSuccess; +// LPWSTR ErrorMsg; +// PBYTE pbDllData; +// DWORD dwDllDataLen; +// LPWSTR LocalDLLName; +// PWCHAR CrackedDLLName; +// ULONG_PTR ModuleBase; +// } DARKMODULE, *PDARKMODULE; DARKMODULE DarkLoadLibrary( DWORD dwFlags, @@ -23,4 +26,18 @@ DARKMODULE DarkLoadLibrary( LPVOID lpFileBuffer, DWORD dwLen, LPCWSTR lpwName +); + +BOOL ParseFileName( + PDARKMODULE pdModule, + LPWSTR lpwFileName +); + +BOOL ReadFileToBuffer( + PDARKMODULE pdModule +); + +BOOL ConcealLibrary( + PDARKMODULE pdModule, + BOOL bConceal ); \ No newline at end of file diff --git a/DarkLoadLibrary/include/darkmodule.h b/DarkLoadLibrary/include/darkmodule.h new file mode 100644 index 0000000..2c8982e --- /dev/null +++ b/DarkLoadLibrary/include/darkmodule.h @@ -0,0 +1,12 @@ +#pragma once +#include + +typedef struct _DARKMODULE { + BOOL bSuccess; + LPWSTR ErrorMsg; + PBYTE pbDllData; + DWORD dwDllDataLen; + LPWSTR LocalDLLName; + PWCHAR CrackedDLLName; + ULONG_PTR ModuleBase; +} DARKMODULE, *PDARKMODULE; diff --git a/DarkLoadLibrary/include/ldrutils.h b/DarkLoadLibrary/include/ldrutils.h index d909a63..fa29894 100644 --- a/DarkLoadLibrary/include/ldrutils.h +++ b/DarkLoadLibrary/include/ldrutils.h @@ -1,7 +1,7 @@ +#pragma once #include - #include "pebutils.h" -#include "darkloadlibrary.h" +#include "darkmodule.h" #define RVA(type, base_addr, rva) (type)((ULONG_PTR) base_addr + rva) @@ -14,4 +14,6 @@ typedef BOOL(WINAPI * DLLMAIN)(HINSTANCE, DWORD, LPVOID); typedef NTSTATUS(WINAPI *LDRGETPROCADDRESS)(HMODULE, PANSI_STRING, WORD, PVOID*); BOOL IsValidPE(PBYTE pbData); -BOOL MapSections(PDARKMODULE pdModule); \ No newline at end of file +BOOL MapSections(PDARKMODULE pdModule); +BOOL ResolveImports(PDARKMODULE pdModule); +BOOL BeginExecution(PDARKMODULE pdModule); \ No newline at end of file diff --git a/DarkLoadLibrary/include/pebutils.h b/DarkLoadLibrary/include/pebutils.h index f6ad4d6..706eb68 100644 --- a/DarkLoadLibrary/include/pebutils.h +++ b/DarkLoadLibrary/include/pebutils.h @@ -1,6 +1,8 @@ +#pragma once #include - +#include #include "pebstructs.h" +#include "darkmodule.h" #include "darkloadlibrary.h" #ifdef _WIN32 @@ -25,4 +27,35 @@ #define LDR_HASH_TABLE_ENTRIES 32 HMODULE IsModulePresent(LPCWSTR lpwName); -BOOL LinkModuleToPEB(PDARKMODULE pdModule); \ No newline at end of file +BOOL LinkModuleToPEB(PDARKMODULE pdModule); +ULONG LdrHashEntry(UNICODE_STRING UniName, BOOL XorHash); +PLDR_DATA_TABLE_ENTRY2 FindLdrTableEntry( + PCWSTR BaseName +); +PRTL_RB_TREE FindModuleBaseAddressIndex(); +BOOL AddBaseAddressEntry( + PLDR_DATA_TABLE_ENTRY2 pLdrEntry, + PVOID lpBaseAddr +); +PLIST_ENTRY FindHashTable(); +VOID InsertTailList( + PLIST_ENTRY ListHead, + PLIST_ENTRY Entry +); +BOOL AddHashTableEntry( + PLDR_DATA_TABLE_ENTRY2 pLdrEntry +); + +NTSTATUS RtlHashUnicodeString( + PCUNICODE_STRING String, + BOOLEAN CaseInSensitive, + ULONG HashAlgorithm, + PULONG HashValue +); + +void RtlRbInsertNodeEx( + RTL_RB_TREE *Tree, + RTL_BALANCED_NODE *Parent, + BOOLEAN Right, + RTL_BALANCED_NODE *Node +); diff --git a/DarkLoadLibrary/src/darkloadlibrary.c b/DarkLoadLibrary/src/darkloadlibrary.c index c650bb3..4b7ae52 100644 --- a/DarkLoadLibrary/src/darkloadlibrary.c +++ b/DarkLoadLibrary/src/darkloadlibrary.c @@ -58,12 +58,12 @@ BOOL ParseFileName( return FALSE; } - PCHAR lpCpy = wcscpy( + PWCHAR lpCpy = wcscpy( pdModule->CrackedDLLName, lpwFilename ); - PCHAR lpCat = wcscat( + PWCHAR lpCat = wcscat( pdModule->CrackedDLLName, lpwExt );