Skip to content

Commit acc342b

Browse files
BroihonBroihon
committed
Updated GUI to V4.7
1 parent 86c9afe commit acc342b

39 files changed

+2268
-1349
lines changed

GH Injector Library/Download Manager.cpp

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,6 @@
44

55
DownloadManager::DownloadManager(bool ForceRedownload)
66
{
7-
m_hInterruptEvent = nullptr;
8-
m_fProgress = 0.0f;
9-
m_fOldProgress = 0.0f;
107
m_bForceRedownload = ForceRedownload;
118
}
129

@@ -133,9 +130,9 @@ HRESULT __stdcall DownloadManager::OnProgress(ULONG ulProgress, ULONG ulProgress
133130
{
134131
m_fProgress = (float)ulProgress / ulProgressMax;
135132

136-
if (m_fProgress - m_fOldProgress >= 0.1f)
133+
if (m_fProgress - m_fOldProgress >= 0.095f)
137134
{
138-
LOG(2, "DownloadManager: %2.0f%%\n", 100.0 * m_fProgress);
135+
LOG(2, "DownloadManager: %2.0f%%\n", (float)100.0f * m_fProgress);
139136
m_fOldProgress = m_fProgress;
140137
}
141138
}

GH Injector Library/Download Manager.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,10 @@
88

99
class DownloadManager : public IBindStatusCallback
1010
{
11-
HANDLE m_hInterruptEvent;
12-
float m_fProgress;
13-
float m_fOldProgress;
14-
bool m_bForceRedownload;
11+
HANDLE m_hInterruptEvent = nullptr;
12+
float m_fProgress = 0.0f;
13+
float m_fOldProgress = 0.0f;
14+
bool m_bForceRedownload = false;
1515

1616
public:
1717

GH Injector Library/Error.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
//Injection errors:
1717
#define INJ_ERR_SUCCESS 0x00000000
1818
#define INJ_ERR_ADVANCED_NOT_DEFINED 0x00000000
19+
#define INJ_ERR_SHELLCODE_DUMPED 0x80000000
1920

2021
//Source : advanced error type : error description
2122

@@ -89,6 +90,7 @@
8990
#define INJ_ERR_INVALID_SYMBOL_INDEX 0x00000044 //internal error : - : an invalid index was passed to the symbol loader
9091
#define INJ_ERR_INTERRUPT 0x00000045 //internal error : - : the injection was interrupted because the interrupt event was set
9192
#define INJ_ERR_SYMBOL_PARSE_FAIL 0x00000046 //SYMBOL_PARSER::Initialize : symbol error : initialization failed (symbol error 0x40000001 - ...)
93+
#define INJ_ERR_SM86_EXE_MISSING 0x00000047 //internal errro : - : "GH Injector SM - x86.exe" is missing, this file is required for import resolving
9294

9395
///////////////////
9496
///ManualMap

GH Injector Library/GH Injector Library.aps

0 Bytes
Binary file not shown.

GH Injector Library/GH Injector Library.rc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,8 @@ END
5151
//
5252

5353
VS_VERSION_INFO VERSIONINFO
54-
FILEVERSION 4,6,0,0
55-
PRODUCTVERSION 4,6,0,0
54+
FILEVERSION 4,7,0,0
55+
PRODUCTVERSION 4,7,0,0
5656
FILEFLAGSMASK 0x3fL
5757
#ifdef _DEBUG
5858
FILEFLAGS 0x1L
@@ -69,10 +69,10 @@ BEGIN
6969
BEGIN
7070
VALUE "CompanyName", "Guided Hacking"
7171
VALUE "FileDescription", "Injection library of the GH Injector"
72-
VALUE "FileVersion", "4.6.0.0"
72+
VALUE "FileVersion", "4.7.0.0"
7373
VALUE "LegalCopyright", "Broihon (C) 1987 - 2035"
7474
VALUE "ProductName", "GH Injection Library"
75-
VALUE "ProductVersion", "4.6.0.0"
75+
VALUE "ProductVersion", "4.7.0.0"
7676
END
7777
END
7878
BLOCK "VarFileInfo"

GH Injector Library/GH Injector Library.vcxproj

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
<VCProjectVersion>15.0</VCProjectVersion>
2323
<ProjectGuid>{AC732425-E265-40FF-842F-C59CECE9A96C}</ProjectGuid>
2424
<RootNamespace>GHInjectorLibrary</RootNamespace>
25-
<WindowsTargetPlatformVersion>10.0.20348.0</WindowsTargetPlatformVersion>
25+
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
2626
</PropertyGroup>
2727
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
2828
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -99,15 +99,14 @@
9999
<ConformanceMode>true</ConformanceMode>
100100
<PrecompiledHeader>Use</PrecompiledHeader>
101101
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
102-
<TreatWarningAsError>true</TreatWarningAsError>
102+
<TreatWarningAsError>false</TreatWarningAsError>
103103
<LanguageStandard>stdcpp20</LanguageStandard>
104104
<BufferSecurityCheck>false</BufferSecurityCheck>
105105
<ControlFlowGuard>false</ControlFlowGuard>
106106
</ClCompile>
107107
<Link>
108108
<GenerateDebugInformation>DebugFull</GenerateDebugInformation>
109109
<SubSystem>Windows</SubSystem>
110-
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
111110
</Link>
112111
</ItemDefinitionGroup>
113112
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -116,19 +115,16 @@
116115
<ConformanceMode>true</ConformanceMode>
117116
<PrecompiledHeader>Use</PrecompiledHeader>
118117
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
119-
<TreatWarningAsError>true</TreatWarningAsError>
118+
<TreatWarningAsError>false</TreatWarningAsError>
120119
<LanguageStandard>stdcpp20</LanguageStandard>
121120
<BufferSecurityCheck>false</BufferSecurityCheck>
122121
<ControlFlowGuard>false</ControlFlowGuard>
123122
<SupportJustMyCode>true</SupportJustMyCode>
124-
<Optimization>Disabled</Optimization>
125123
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
126-
<WholeProgramOptimization>false</WholeProgramOptimization>
127124
</ClCompile>
128125
<Link>
129126
<GenerateDebugInformation>DebugFull</GenerateDebugInformation>
130127
<SubSystem>Windows</SubSystem>
131-
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
132128
</Link>
133129
</ItemDefinitionGroup>
134130
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -147,7 +143,6 @@
147143
<Link>
148144
<GenerateDebugInformation>false</GenerateDebugInformation>
149145
<SubSystem>Windows</SubSystem>
150-
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
151146
</Link>
152147
</ItemDefinitionGroup>
153148
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -166,7 +161,6 @@
166161
<Link>
167162
<GenerateDebugInformation>false</GenerateDebugInformation>
168163
<SubSystem>Windows</SubSystem>
169-
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
170164
</Link>
171165
</ItemDefinitionGroup>
172166
<ItemGroup>
@@ -178,6 +172,7 @@
178172
<ClInclude Include="Import Handler.h" />
179173
<ClInclude Include="Injection Internal.h" />
180174
<ClInclude Include="Injection.h" />
175+
<ClInclude Include="Manual Mapping Internal.h" />
181176
<ClInclude Include="Manual Mapping.h" />
182177
<ClInclude Include="NT Defs.h" />
183178
<ClInclude Include="NT Funcs.h" />

GH Injector Library/GH Injector Library.vcxproj.filters

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,9 @@
114114
<ClInclude Include="Symbol Loader.h">
115115
<Filter>Headerdateien</Filter>
116116
</ClInclude>
117+
<ClInclude Include="Manual Mapping Internal.h">
118+
<Filter>Headerdateien\Injection Methods</Filter>
119+
</ClInclude>
117120
</ItemGroup>
118121
<ItemGroup>
119122
<ClCompile Include="Handle Hijacking.cpp">

GH Injector Library/Import Handler WOW64.cpp

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,15 @@ DWORD ResolveImports_WOW64(ERROR_DATA & error_data)
9696
StringCbCopyW(RootPath, sizeof(RootPath), g_RootPathW.c_str());
9797
StringCbCatW(RootPath, sizeof(RootPath), SM_EXE_FILENAME86);
9898

99+
if (!FileExists(RootPath))
100+
{
101+
INIT_ERROR_DATA(error_data, INJ_ERR_ADVANCED_NOT_DEFINED);
102+
103+
printf("GH Injector SM - x86.exe is missing\n");
104+
105+
return INJ_ERR_SM86_EXE_MISSING;
106+
}
107+
99108
wchar_t cmdLine[MAX_PATH]{ 0 };
100109
StringCbCatW(cmdLine, sizeof(cmdLine), L"\"" SM_EXE_FILENAME86 "\" " ID_WOW64 " ");
101110
StringCbCatW(cmdLine, sizeof(cmdLine), hEventStart_string);
@@ -267,8 +276,11 @@ DWORD ResolveImports_WOW64(ERROR_DATA & error_data)
267276
if (LoadSymbolWOW64(S_FUNC(RtlZeroMemory))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
268277
if (LoadSymbolWOW64(S_FUNC(RtlAllocateHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
269278
if (LoadSymbolWOW64(S_FUNC(RtlFreeHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
270-
279+
271280
if (LoadSymbolWOW64(S_FUNC(RtlAnsiStringToUnicodeString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
281+
if (LoadSymbolWOW64(S_FUNC(RtlUnicodeStringToAnsiString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
282+
if (LoadSymbolWOW64(S_FUNC(RtlCompareUnicodeString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
283+
if (LoadSymbolWOW64(S_FUNC(RtlCompareString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
272284

273285
if (LoadSymbolWOW64(S_FUNC(NtOpenFile))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
274286
if (LoadSymbolWOW64(S_FUNC(NtReadFile))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
@@ -296,10 +308,18 @@ DWORD ResolveImports_WOW64(ERROR_DATA & error_data)
296308
if (LoadSymbolWOW64(S_FUNC(NtDelayExecution))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
297309

298310
if (LoadSymbolWOW64(S_FUNC(LdrpHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
299-
if (LoadSymbolWOW64(S_FUNC(LdrpInvertedFunctionTable))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
300311
if (LoadSymbolWOW64(S_FUNC(LdrpVectorHandlerList))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
301312
if (LoadSymbolWOW64(S_FUNC(LdrpTlsList))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
302313

314+
if (IsWin10OrGreater() && (GetOSBuildVersion() >= g_Win10_22H2 && GetOSBuildVersion() < g_Win11_21H2 || GetOSBuildVersion() >= g_Win11_22H2))
315+
{
316+
if (LoadSymbolWOW64(LdrpInvertedFunctionTable_WOW64, "LdrpInvertedFunctionTables")) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
317+
}
318+
else
319+
{
320+
if (LoadSymbolWOW64(S_FUNC(LdrpInvertedFunctionTable))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
321+
}
322+
303323
if (GetOSVersion() == g_Win7)
304324
{
305325
if (LoadSymbolWOW64(S_FUNC(LdrpDefaultPath))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
@@ -308,6 +328,8 @@ DWORD ResolveImports_WOW64(ERROR_DATA & error_data)
308328

309329
if (IsWin8OrGreater())
310330
{
331+
if (LoadSymbolWOW64(S_FUNC(LdrGetDllPath))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
332+
311333
if (LoadSymbolWOW64(S_FUNC(RtlRbRemoveNode))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
312334
if (LoadSymbolWOW64(S_FUNC(LdrpModuleBaseAddressIndex))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
313335
if (LoadSymbolWOW64(S_FUNC(LdrpMappingInfoIndex))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;

GH Injector Library/Import Handler.cpp

Lines changed: 35 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,26 @@ DWORD ResolveImports(ERROR_DATA & error_data)
147147
return INJ_ERR_KERNEL32_MISSING;
148148
}
149149

150+
WIN32_FUNC_INIT(LoadLibraryA, hK32);
151+
WIN32_FUNC_INIT(LoadLibraryW, hK32);
152+
WIN32_FUNC_INIT(LoadLibraryExA, hK32);
150153
WIN32_FUNC_INIT(LoadLibraryExW, hK32);
154+
155+
WIN32_FUNC_INIT(GetModuleHandleA, hK32);
156+
WIN32_FUNC_INIT(GetModuleHandleW, hK32);
157+
WIN32_FUNC_INIT(GetModuleHandleExA, hK32);
158+
WIN32_FUNC_INIT(GetModuleHandleExW, hK32);
159+
160+
WIN32_FUNC_INIT(GetModuleFileNameA, hK32);
161+
WIN32_FUNC_INIT(GetModuleFileNameW, hK32);
162+
163+
WIN32_FUNC_INIT(GetProcAddress, hK32);
164+
165+
WIN32_FUNC_INIT(DisableThreadLibraryCalls, hK32);
166+
WIN32_FUNC_INIT(FreeLibrary, hK32);
167+
WIN32_FUNC_INIT(FreeLibraryAndExitThread, hK32);
168+
WIN32_FUNC_INIT(ExitThread, hK32);
169+
151170
WIN32_FUNC_INIT(GetLastError, hK32);
152171

153172
if (!NATIVE::pLoadLibraryExW || !NATIVE::pGetLastError)
@@ -210,8 +229,11 @@ DWORD ResolveImports(ERROR_DATA & error_data)
210229
if (LoadSymbolNative(S_FUNC(RtlAllocateHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
211230
if (LoadSymbolNative(S_FUNC(RtlFreeHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
212231

213-
if (LoadSymbolNative(S_FUNC(RtlAnsiStringToUnicodeString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
214-
232+
if (LoadSymbolNative(S_FUNC(RtlAnsiStringToUnicodeString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
233+
if (LoadSymbolNative(S_FUNC(RtlUnicodeStringToAnsiString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
234+
if (LoadSymbolNative(S_FUNC(RtlCompareUnicodeString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
235+
if (LoadSymbolNative(S_FUNC(RtlCompareString))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
236+
215237
if (LoadSymbolNative(S_FUNC(NtOpenFile))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
216238
if (LoadSymbolNative(S_FUNC(NtReadFile))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
217239
if (LoadSymbolNative(S_FUNC(NtSetInformationFile))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
@@ -241,9 +263,17 @@ DWORD ResolveImports(ERROR_DATA & error_data)
241263
if (LoadSymbolNative(S_FUNC(NtDelayExecution))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
242264

243265
if (LoadSymbolNative(S_FUNC(LdrpHeap))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
244-
if (LoadSymbolNative(S_FUNC(LdrpInvertedFunctionTable))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
245266
if (LoadSymbolNative(S_FUNC(LdrpVectorHandlerList))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
246267
if (LoadSymbolNative(S_FUNC(LdrpTlsList))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
268+
269+
if (IsWin10OrGreater() && (GetOSBuildVersion() >= g_Win10_22H2 && GetOSBuildVersion() < g_Win11_21H2 || GetOSBuildVersion() >= g_Win11_22H2))
270+
{
271+
if (LoadSymbolNative(LdrpInvertedFunctionTable, "LdrpInvertedFunctionTables")) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
272+
}
273+
else
274+
{
275+
if (LoadSymbolNative(S_FUNC(LdrpInvertedFunctionTable))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
276+
}
247277

248278
if (GetOSVersion() == g_Win7)
249279
{
@@ -253,6 +283,8 @@ DWORD ResolveImports(ERROR_DATA & error_data)
253283

254284
if (IsWin8OrGreater())
255285
{
286+
if (LoadSymbolNative(S_FUNC(LdrGetDllPath))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
287+
256288
if (LoadSymbolNative(S_FUNC(RtlRbRemoveNode))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
257289
if (LoadSymbolNative(S_FUNC(LdrpModuleBaseAddressIndex))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;
258290
if (LoadSymbolNative(S_FUNC(LdrpMappingInfoIndex))) return INJ_ERR_GET_SYMBOL_ADDRESS_FAILED;

GH Injector Library/Import Handler.h

Lines changed: 34 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
#include "NT Funcs.h"
44
#include "Symbol Parser.h"
5+
#include "Tools.h"
56

67
inline HANDLE g_hRunningEvent = nullptr;
78
inline HANDLE g_hInterruptEvent = nullptr;
@@ -22,17 +23,17 @@ inline std::shared_future<DWORD> import_handler_wow64_ret;
2223
#define NT_FUNC_LOCAL(func) f_##func func
2324
#define NT_FUNC_CONSTRUCTOR_INIT(func) this->func = NATIVE::func
2425

25-
#define WIN32_FUNC(func) inline decltype(func)* p##func = nullptr
26-
#define WIN32_FUNC_LOCAL(func) decltype(func)* p##func
27-
#define WIN32_FUNC_INIT(func, lib) NATIVE::p##func = ReCa<decltype(func)*>(GetProcAddress(lib, #func));
26+
#define WIN32_FUNC(func) inline decltype(func) * p##func = nullptr
27+
#define WIN32_FUNC_LOCAL(func) decltype(func) * p##func
28+
#define WIN32_FUNC_INIT(func, lib) NATIVE::p##func = ReCa<decltype(func) *>(GetProcAddress(lib, #func));
2829
#define WIN32_FUNC_CONSTRUCTOR_INIT(func) this->p##func = NATIVE::p##func
2930

3031
#define K32_FUNC(func) inline f_##func func = nullptr
3132
#define K32_FUNC_LOCAL(func) f_##func func
3233
#define K32_FUNC_CONSTRUCTOR_INIT(func) this->func = NATIVE::func
3334

3435
#define WOW64_FUNCTION_POINTER(func) inline DWORD func##_WOW64 = 0
35-
#define WOW64_FUNCTION_POINTER_LOCAL(func) DWORD func
36+
#define WOW64_FUNCTION_POINTER_LOCAL(func) DWORD func = 0
3637
#define WOW64_FUNC_CONSTRUCTOR_INIT(func) this->func = WOW64::func##_WOW64
3738

3839
#define IDX_NTDLL 0
@@ -74,7 +75,9 @@ inline DWORD g_OSBuildNumber = 0;
7475
#define g_Win10_20H2 19042
7576
#define g_Win10_21H1 19043
7677
#define g_Win10_21H2 19044
78+
#define g_Win10_22H2 19045
7779
#define g_Win11_21H2 22000
80+
#define g_Win11_22H2 22621
7881

7982
bool IsWin7OrGreater();
8083
bool IsWin8OrGreater();
@@ -113,7 +116,26 @@ DWORD GetOSBuildVersion();
113116

114117
namespace NATIVE
115118
{
119+
WIN32_FUNC(LoadLibraryA);
120+
WIN32_FUNC(LoadLibraryW);
121+
WIN32_FUNC(LoadLibraryExA);
116122
WIN32_FUNC(LoadLibraryExW);
123+
124+
WIN32_FUNC(GetModuleHandleA);
125+
WIN32_FUNC(GetModuleHandleW);
126+
WIN32_FUNC(GetModuleHandleExA);
127+
WIN32_FUNC(GetModuleHandleExW);
128+
129+
WIN32_FUNC(GetModuleFileNameA);
130+
WIN32_FUNC(GetModuleFileNameW);
131+
132+
WIN32_FUNC(GetProcAddress);
133+
134+
WIN32_FUNC(DisableThreadLibraryCalls);
135+
WIN32_FUNC(FreeLibrary);
136+
WIN32_FUNC(FreeLibraryAndExitThread);
137+
WIN32_FUNC(ExitThread);
138+
117139
WIN32_FUNC(GetLastError);
118140

119141
NT_FUNC(LdrLoadDll);
@@ -132,6 +154,7 @@ namespace NATIVE
132154
NT_FUNC(NtQuerySystemInformation);
133155
NT_FUNC(NtQueryInformationThread);
134156

157+
NT_FUNC(LdrGetDllPath);
135158
NT_FUNC(LdrpPreprocessDllName);
136159
NT_FUNC(RtlInsertInvertedFunctionTable);
137160
NT_FUNC(LdrpHandleTlsData);
@@ -145,6 +168,9 @@ namespace NATIVE
145168
NT_FUNC(RtlFreeHeap);
146169

147170
NT_FUNC(RtlAnsiStringToUnicodeString);
171+
NT_FUNC(RtlUnicodeStringToAnsiString);
172+
NT_FUNC(RtlCompareUnicodeString);
173+
NT_FUNC(RtlCompareString);
148174

149175
NT_FUNC(RtlRbInsertNodeEx);
150176
NT_FUNC(RtlRbRemoveNode);
@@ -222,6 +248,7 @@ namespace WOW64
222248
WOW64_FUNCTION_POINTER(NtQuerySystemInformation);
223249
WOW64_FUNCTION_POINTER(NtQueryInformationThread);
224250

251+
WOW64_FUNCTION_POINTER(LdrGetDllPath);
225252
WOW64_FUNCTION_POINTER(LdrpPreprocessDllName);
226253
WOW64_FUNCTION_POINTER(RtlInsertInvertedFunctionTable);
227254
WOW64_FUNCTION_POINTER(LdrpHandleTlsData);
@@ -235,6 +262,9 @@ namespace WOW64
235262
WOW64_FUNCTION_POINTER(RtlFreeHeap);
236263

237264
WOW64_FUNCTION_POINTER(RtlAnsiStringToUnicodeString);
265+
WOW64_FUNCTION_POINTER(RtlUnicodeStringToAnsiString);
266+
WOW64_FUNCTION_POINTER(RtlCompareUnicodeString);
267+
WOW64_FUNCTION_POINTER(RtlCompareString);
238268

239269
WOW64_FUNCTION_POINTER(RtlRbRemoveNode);
240270

0 commit comments

Comments
 (0)