55#include " windows.h"
66#include " winternl.h"
77#include < filesystem>
8+ #include < print>
89#include < string>
910
1011namespace blook {
@@ -23,7 +24,7 @@ void *misc::get_current_module() {
2324 return (void *)hModule;
2425}
2526
26- void misc::install_optimize_dll_hijacking (void *orig_module) {
27+ void misc::install_optimize_dll_hijacking (void *orig_module, std::function< bool (std::string)> filter ) {
2728 PBYTE pImageBase = (PBYTE)get_current_module ();
2829 PIMAGE_DOS_HEADER pimDH = (PIMAGE_DOS_HEADER)pImageBase;
2930 if (pimDH->e_magic == IMAGE_DOS_SIGNATURE) {
@@ -39,10 +40,15 @@ void misc::install_optimize_dll_hijacking(void *orig_module) {
3940
4041 auto module = (HINSTANCE)orig_module;
4142 for (size_t i = 0 ; i < pimExD->NumberOfNames ; ++i) {
43+ auto name = (char *)(pImageBase + pName[i]);
44+ if (!filter (name)) {
45+ continue ;
46+ }
47+
4248 void *orig =
43- (void *)GetProcAddress (module , ( char *)(pImageBase + pName[i]) );
49+ (void *)GetProcAddress (module , name );
4450 void *fake = (void *)GetProcAddress ((HMODULE)pImageBase,
45- ( char *)(pImageBase + pName[i]) );
51+ name );
4652 if (orig) {
4753 if (fake == orig) {
4854 throw std::runtime_error (
@@ -56,11 +62,11 @@ void misc::install_optimize_dll_hijacking(void *orig_module) {
5662 a.mov (zasm::x86::r10, zasm::Imm ((size_t )orig));
5763 a.jmp (zasm::x86::r10);
5864#else
59- a.push (zasm::Imm ((size_t )orig));
60- a.ret ();
65+ a.jmp (zasm::Imm ((size_t )orig));
6166#endif
6267 })
6368 .patch ();
69+ VirtualProtect (fake, 16 , PAGE_EXECUTE_READ, nullptr );
6470 }
6571 }
6672 }
0 commit comments