Open LYingSiMon opened 1 year ago
Unfortunately I had to comment out ErasemodulenFromPeb(),Now I can only use the following code to make up for it
NTSTATUS NTAPI LdrGetDllHandleProxy(
IN PWORD pwPath OPTIONAL,
IN PVOID Unused OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE pHModule)
{
NTSTATUS Status = STATUS_SUCCESS;
WCHAR Name[MAX_PATH] = { 0 };
if (ModuleFileName && ModuleFileName->Buffer)
{
wcsncpy_s(
Name,
MAX_PATH - 1,
ModuleFileName->Buffer,
ModuleFileName->Length / sizeof(WCHAR));
if (_wcsicmp(Name, L"sbiedll.dll") == 0 || _wcsicmp(Name, L"sbiehide.dll") == 0)
{
return STATUS_UNSUCCESSFUL;
}
}
Status = LdrGetDllHandleSaved(pwPath, Unused, ModuleFileName, pHModule);
return Status;
}
NTSTATUS NTAPI LdrLoadDllProxy(
IN PWCHAR PathToFile OPTIONAL,
IN ULONG* Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle)
{
NTSTATUS Status = STATUS_SUCCESS;
WCHAR Name[MAX_PATH] = { 0 };
if (ModuleFileName && ModuleFileName->Buffer)
{
wcsncpy_s(
Name,
MAX_PATH - 1,
ModuleFileName->Buffer,
ModuleFileName->Length / sizeof(WCHAR));
if (_wcsicmp(Name, L"sbiedll.dll") == 0 || _wcsicmp(Name, L"sbiehide.dll") == 0)
{
return STATUS_UNSUCCESSFUL;
}
}
Status = LdrLoadDllSaved(PathToFile, Flags, ModuleFileName, ModuleHandle);
return Status;
}
It will be fixed after the dev branch development is complete.
Problem occurred while trying to hide sbiedll.dll in EraseModuleNameFromPeb (sbiehide.dll works properly)
As you can see, the application screen turns white. My guess is that the program's Driect X is faulty, but there is no proof 😶