Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minor refactor for mingw, data type tweaks, and warning removal. #5

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Minor refactor for mingw, data type tweaks, and warning removal. #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9e375b4
Added stddef.h include for mingw.
SolomonSklash Jun 18, 2021
5c187b7
Added a new header for the _DARKMODULE struct, and added some functio…
SolomonSklash Jun 18, 2021
79656b8
Changed ANSI string to Unicode string.
SolomonSklash Jun 18, 2021
b89eb12
Initialize integer values with integers to remove warnings.
SolomonSklash Jun 18, 2021
879fad7
Initialize integer values with integers to remove warnings.
SolomonSklash Jun 18, 2021
16f1af9
Revert previous commit.
SolomonSklash Jun 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 27 additions & 10 deletions DarkLoadLibrary/include/darkloadlibrary.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,43 @@
#pragma once
#include <stdio.h>
#include <windows.h>
#include "darkmodule.h"
#include "pebutils.h"
#include "ldrutils.h"

#define LOAD_LOCAL_FILE 0x00000001
#define LOAD_REMOTE_FILE 0x00000002
#define LOAD_MEMORY 0x00000003
#define NO_LINK 0x00000004

#pragma once
typedef struct _DARKMODULE {
BOOL bSuccess;
LPWSTR ErrorMsg;
PBYTE pbDllData;
DWORD dwDllDataLen;
LPWSTR LocalDLLName;
PWCHAR CrackedDLLName;
ULONG_PTR ModuleBase;
} DARKMODULE, *PDARKMODULE;
// typedef struct _DARKMODULE {
// BOOL bSuccess;
// LPWSTR ErrorMsg;
// PBYTE pbDllData;
// DWORD dwDllDataLen;
// LPWSTR LocalDLLName;
// PWCHAR CrackedDLLName;
// ULONG_PTR ModuleBase;
// } DARKMODULE, *PDARKMODULE;

DARKMODULE DarkLoadLibrary(
DWORD dwFlags,
LPCWSTR lpwBuffer,
LPVOID lpFileBuffer,
DWORD dwLen,
LPCWSTR lpwName
);

BOOL ParseFileName(
PDARKMODULE pdModule,
LPWSTR lpwFileName
);

BOOL ReadFileToBuffer(
PDARKMODULE pdModule
);

BOOL ConcealLibrary(
PDARKMODULE pdModule,
BOOL bConceal
);
12 changes: 12 additions & 0 deletions DarkLoadLibrary/include/darkmodule.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#pragma once
#include <windows.h>

typedef struct _DARKMODULE {
BOOL bSuccess;
LPWSTR ErrorMsg;
PBYTE pbDllData;
DWORD dwDllDataLen;
LPWSTR LocalDLLName;
PWCHAR CrackedDLLName;
ULONG_PTR ModuleBase;
} DARKMODULE, *PDARKMODULE;
8 changes: 5 additions & 3 deletions DarkLoadLibrary/include/ldrutils.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#pragma once
#include <windows.h>

#include "pebutils.h"
#include "darkloadlibrary.h"
#include "darkmodule.h"

#define RVA(type, base_addr, rva) (type)((ULONG_PTR) base_addr + rva)

Expand All @@ -14,4 +14,6 @@ typedef BOOL(WINAPI * DLLMAIN)(HINSTANCE, DWORD, LPVOID);
typedef NTSTATUS(WINAPI *LDRGETPROCADDRESS)(HMODULE, PANSI_STRING, WORD, PVOID*);

BOOL IsValidPE(PBYTE pbData);
BOOL MapSections(PDARKMODULE pdModule);
BOOL MapSections(PDARKMODULE pdModule);
BOOL ResolveImports(PDARKMODULE pdModule);
BOOL BeginExecution(PDARKMODULE pdModule);
37 changes: 35 additions & 2 deletions DarkLoadLibrary/include/pebutils.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#pragma once
#include <windows.h>

#include <stddef.h>
#include "pebstructs.h"
#include "darkmodule.h"
#include "darkloadlibrary.h"

#ifdef _WIN32
Expand All @@ -25,4 +27,35 @@
#define LDR_HASH_TABLE_ENTRIES 32

HMODULE IsModulePresent(LPCWSTR lpwName);
BOOL LinkModuleToPEB(PDARKMODULE pdModule);
BOOL LinkModuleToPEB(PDARKMODULE pdModule);
ULONG LdrHashEntry(UNICODE_STRING UniName, BOOL XorHash);
PLDR_DATA_TABLE_ENTRY2 FindLdrTableEntry(
PCWSTR BaseName
);
PRTL_RB_TREE FindModuleBaseAddressIndex();
BOOL AddBaseAddressEntry(
PLDR_DATA_TABLE_ENTRY2 pLdrEntry,
PVOID lpBaseAddr
);
PLIST_ENTRY FindHashTable();
VOID InsertTailList(
PLIST_ENTRY ListHead,
PLIST_ENTRY Entry
);
BOOL AddHashTableEntry(
PLDR_DATA_TABLE_ENTRY2 pLdrEntry
);

NTSTATUS RtlHashUnicodeString(
PCUNICODE_STRING String,
BOOLEAN CaseInSensitive,
ULONG HashAlgorithm,
PULONG HashValue
);

void RtlRbInsertNodeEx(
RTL_RB_TREE *Tree,
RTL_BALANCED_NODE *Parent,
BOOLEAN Right,
RTL_BALANCED_NODE *Node
);
4 changes: 2 additions & 2 deletions DarkLoadLibrary/src/darkloadlibrary.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,12 @@ BOOL ParseFileName(
return FALSE;
}

PCHAR lpCpy = wcscpy(
PWCHAR lpCpy = wcscpy(
pdModule->CrackedDLLName,
lpwFilename
);

PCHAR lpCat = wcscat(
PWCHAR lpCat = wcscat(
pdModule->CrackedDLLName,
lpwExt
);
Expand Down