2023-06-05 21:23:08 +00:00
|
|
|
BITS 64
|
|
|
|
|
|
|
|
|
|
main: ; Replacement entry point
|
2023-06-26 09:18:25 +00:00
|
|
|
push rsi
|
|
|
|
|
push rdi
|
|
|
|
|
sub rsp, 8h
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
call GetKernel32ModuleHandle
|
2023-06-26 09:18:25 +00:00
|
|
|
mov rsi, rax ; kernel32.dll
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
|
mov rcx, rax
|
|
|
|
|
call GetAddressOf_GetProcAddress
|
2023-06-26 09:18:25 +00:00
|
|
|
mov rdi, rax ; *GetProcAddress
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
|
|
2023-06-26 09:18:25 +00:00
|
|
|
mov rcx, rsi ; kernel32.dll
|
2023-06-05 21:23:08 +00:00
|
|
|
lea rdx, [rel s_LoadLibraryA]
|
2023-06-26 09:18:25 +00:00
|
|
|
mov rax, rdi ; *GetProcAddress
|
2023-06-05 21:23:08 +00:00
|
|
|
call rax ; rax = *LoadLibraryA
|
|
|
|
|
|
|
|
|
|
lea rcx, [rel dllPath]
|
|
|
|
|
call rax ; LoadLibraryA(dllPath)
|
|
|
|
|
|
|
|
|
|
|
2023-06-26 09:18:25 +00:00
|
|
|
add rsp, 8h
|
|
|
|
|
pop rdi
|
|
|
|
|
pop rsi
|
2023-06-05 21:23:08 +00:00
|
|
|
ret
|
|
|
|
|
|
|
|
|
|
|
2023-06-25 09:32:19 +00:00
|
|
|
%include "gpa.asm"
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
; Strings
|
|
|
|
|
s_LoadLibraryA: db "LoadLibraryA", 0
|
|
|
|
|
|
|
|
|
|
dllPath:
|
|
|
|
|
; This will be filled out by the injector
|
|
|
|
|
; Path to the dll to inject into the launcher
|
