search

TheCruZ / Simple-Manual-Map-Injector

Simple C++ DLL Manual Map Injector For x86 and x64
MIT License
366 stars 77 forks source link

Replacement of GetProcAddress. #13

Closed nefarearworm closed 10 months ago

nefarearworm commented 10 months ago

Hi, man! I kindly ask you to help me figure out how to pass my own (custom) GetProcAdress function in MANUAL_MAPPING_DATA structure. Is it possible?

I will be very grateful! Ty!

Here is code of it:

FARPROC __stdcall InternalGetProcAddressP(HMODULE ModuleHandle, LPCSTR ProcessName) 
{
    PIMAGE_DOS_HEADER ImageDosHeader = (PIMAGE_DOS_HEADER)ModuleHandle;
    PIMAGE_NT_HEADERS ImageNtHeader = (PIMAGE_NT_HEADERS)((BYTE*)ModuleHandle + ImageDosHeader->e_lfanew);
    PIMAGE_EXPORT_DIRECTORY ImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY) ((BYTE*)ModuleHandle + ImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);

    DWORD* AddressOfFunctions = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfFunctions);
    WORD* AddressOfNameOrdinals = (WORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNameOrdinals);
    DWORD* AddressOfNames = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNames);

    for (DWORD i = 0; i < ImageExportDirectory->NumberOfNames; ++i) {
        if (strcmp(ProcessName, (const char*)ModuleHandle + AddressOfNames[i]) == 0) {
            return (FARPROC)((BYTE*)ModuleHandle + AddressOfFunctions[AddressOfNameOrdinals[i]]);
        }
    }

    return NULL;
}
TheCruZ commented 10 months ago

Ofcourse you can like is done here: https://github.com/TheCruZ/Simple-Manual-Map-Injector/blob/ae4bf482920e8f26ff6fdc99544b27c20b9c5312/Manual%20Map%20Injector/injector.cpp#L242

NOTE: functions like strcmp need to be removed/replaced by your own custom loop or more mapped functions!

you can add any function without optimization to prevent the code get splitted and then:

1.- Allocate memory on target process https://github.com/TheCruZ/Simple-Manual-Map-Injector/blob/ae4bf482920e8f26ff6fdc99544b27c20b9c5312/Manual%20Map%20Injector/injector.cpp#L94 2.- Copy the function to the target process https://github.com/TheCruZ/Simple-Manual-Map-Injector/blob/ae4bf482920e8f26ff6fdc99544b27c20b9c5312/Manual%20Map%20Injector/injector.cpp#L102 3.- Replace GetProcAddress param with the ptr of the allocation https://github.com/TheCruZ/Simple-Manual-Map-Injector/blob/ae4bf482920e8f26ff6fdc99544b27c20b9c5312/Manual%20Map%20Injector/injector.cpp#L48 4.- Delete the code after successful injection https://github.com/TheCruZ/Simple-Manual-Map-Injector/blob/ae4bf482920e8f26ff6fdc99544b27c20b9c5312/Manual%20Map%20Injector/injector.cpp#L221

nefarearworm commented 10 months ago

thank you, you helped me a lot!