Replaced dummy variable references with NULL in inject.c
Apparently the crashes were an artifact of a different thing, and don't actually happen under normal conditions
This commit is contained in:
parent
6b5e303df6
commit
f8c4c5ad82
@ -21,15 +21,12 @@ static inline void write_protected_process_memory(HANDLE process, void *address,
|
||||
DWORD oldProtect;
|
||||
VirtualProtectEx(process, address, size, PAGE_EXECUTE_READWRITE, &oldProtect);
|
||||
|
||||
size_t bytesWritten;
|
||||
WriteProcessMemory(process, address, buf, size, &bytesWritten);
|
||||
WriteProcessMemory(process, address, buf, size, NULL);
|
||||
|
||||
VirtualProtectEx(process, address, size, oldProtect, &oldProtect);
|
||||
}
|
||||
|
||||
void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar_t *dllPath) {
|
||||
size_t _; // Contrary to the docs, {Write,Read}ProcessMemory likes to crash if the last arg is NULL
|
||||
|
||||
// Find the EXE header in the process
|
||||
char exeHeader[1024];
|
||||
IMAGE_DOS_HEADER *dosHeader = NULL;
|
||||
@ -38,7 +35,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
|
||||
MEMORY_BASIC_INFORMATION memoryInfo;
|
||||
char *currentAddress = 0x0;
|
||||
while (VirtualQueryEx(process, currentAddress, &memoryInfo, sizeof(memoryInfo))) {
|
||||
ReadProcessMemory(process, currentAddress, exeHeader, sizeof(exeHeader), &_);
|
||||
ReadProcessMemory(process, currentAddress, exeHeader, sizeof(exeHeader), NULL);
|
||||
|
||||
dosHeader = (IMAGE_DOS_HEADER*)exeHeader;
|
||||
|
||||
@ -84,8 +81,8 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
|
||||
char *remoteAlloc = VirtualAllocEx(process, NULL, allocSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||
|
||||
// Write the assembly payload and dll path
|
||||
WriteProcessMemory(process, remoteAlloc, payload, payloadSize, &_);
|
||||
WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathSize, &_);
|
||||
WriteProcessMemory(process, remoteAlloc, payload, payloadSize, NULL);
|
||||
WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathSize, NULL);
|
||||
|
||||
|
||||
// Modify the executable to run the assembly payload
|
||||
@ -97,7 +94,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
|
||||
|
||||
// Save the original entry point address and bytes
|
||||
rd.entryPointAddress = entryPoint;
|
||||
ReadProcessMemory(process, rd.entryPointAddress, rd.entryPointData, sizeof(rd.entryPointData), &_);
|
||||
ReadProcessMemory(process, rd.entryPointAddress, rd.entryPointData, sizeof(rd.entryPointData), NULL);
|
||||
|
||||
// Replace the entry point with a jump to the assembly payload
|
||||
write_protected_process_memory(process, entryPoint, JUMP_INST, sizeof(JUMP_INST));
|
||||
@ -110,7 +107,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
|
||||
|
||||
// Save the original descriptor address and bytes
|
||||
rd.importDescriptorAddress = importDescriptors;
|
||||
ReadProcessMemory(process, rd.importDescriptorAddress, &rd.importDescriptorData, sizeof(rd.importDescriptorData), &_);
|
||||
ReadProcessMemory(process, rd.importDescriptorAddress, &rd.importDescriptorData, sizeof(rd.importDescriptorData), NULL);
|
||||
|
||||
// Overwrite with zeroes
|
||||
IMAGE_IMPORT_DESCRIPTOR firstDescriptor;
|
||||
@ -122,12 +119,12 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
|
||||
|
||||
// Save the original value
|
||||
rd.sizeFieldAddress = ddAddr;
|
||||
ReadProcessMemory(process, rd.sizeFieldAddress, &rd.sizeFieldData, sizeof(rd.sizeFieldData), &_);
|
||||
ReadProcessMemory(process, rd.sizeFieldAddress, &rd.sizeFieldData, sizeof(rd.sizeFieldData), NULL);
|
||||
|
||||
// Set to 0
|
||||
DWORD newSize = 0;
|
||||
write_protected_process_memory(process, ddAddr, &newSize, sizeof(newSize));
|
||||
|
||||
// Write recovery data to the allocation
|
||||
WriteProcessMemory(process, remoteAlloc + payloadSize + dllPathSize, &rd, sizeof(rd), &_);
|
||||
WriteProcessMemory(process, remoteAlloc + payloadSize + dllPathSize, &rd, sizeof(rd), NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user