WinDurango-project/WinDurango
1
0
Fork 0
mirror of https://github.com/WinDurango-project/WinDurango.git synced 2025-02-22 03:30:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Match Original KernalX

Browse Source
This commit is contained in:
Serenity 2024-09-21 04:19:20 -04:00
parent 09a5b1c992
commit 4b53f3a76b
11 changed files with 541 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
dlls/kernelx/XPEB.h Normal file
View File

@ -0,0 +1,240 @@
#pragma once
#include <WTypesbase.h>
#include <winternl.h>
// XPEB.h
#ifndef XPEB_H
#define XPEB_H
#define NtCurrentPeb() (reinterpret_cast<struct _XPEB*>(__readgsqword(0x60)))
#define RtlAcquireSRWLockExclusive AcquireSRWLockExclusive
#define RtlReleaseSRWLockExclusive ReleaseSRWLockExclusive
#define _DWORD DWORD
#define SECURITY_KERNEL
typedef PSRWLOCK _QWORD;
struct _XPEB {
// Offsets: 0x0000 - 0x0007
BYTE InheritedAddressSpace;
BYTE ReadImageFileExecOptions;
BYTE BeingDebugged;
BYTE Reserved1[1]; // Padding
// Offsets: 0x0008 - 0x000F
PVOID Mutant; // Offset for Mutant
// Offsets: 0x0010 - 0x0017
PVOID ImageBaseAddress; // Offset for ImageBaseAddress
// Offsets: 0x0018 - 0x001F
PVOID Ldr; // Offset for Ldr
// Offsets: 0x0020 - 0x0027
PVOID ProcessParameters; // Offset for ProcessParameters
// Offsets: 0x0028 - 0x002F
PVOID SubSystemData; // Offset for SubSystemData
// Offsets: 0x0030 - 0x0037
PVOID ProcessHeap; // Offset for ProcessHeap
// Offsets: 0x0038 - 0x003F
PVOID FastPebLock; // Offset for FastPebLock
// Offsets: 0x0040 - 0x0047
PVOID AltThunkSListPtr; // Offset for AltThunkSListPtr
// Offsets: 0x0048 - 0x004F
PVOID IFEOKey; // Offset for IFEOKey
// Offsets: 0x0050 - 0x0057
BYTE Reserved2[4]; // Padding
// Offsets: 0x0058 - 0x005F
BYTE Reserved3[8]; // Padding
// Offsets: 0x0060 - 0x0063
ULONG SystemReserved;
// Offsets: 0x0064 - 0x0067
ULONG SpareUlong;
// Offsets: 0x0068 - 0x006F
PVOID FreeList; // Offset for FreeList
// Offsets: 0x0070 - 0x0073
ULONG TlsExpansionCounter;
// Offsets: 0x0074 - 0x0077
BYTE Reserved4[4]; // Padding
// Offsets: 0x0078 - 0x007F
PVOID TlsBitmap; // Offset for TlsBitmap
// Offsets: 0x0080 - 0x0087
ULONG TlsBitmapBits[2]; // Array of 2 ULONGs
// Offsets: 0x0088 - 0x008F
PVOID ReadOnlySharedMemoryBase; // Offset for ReadOnlySharedMemoryBase
// Offsets: 0x0090 - 0x0097
PVOID HotpatchInformation; // Offset for HotpatchInformation
// Offsets: 0x0098 - 0x009F
PVOID ReadOnlyStaticServerData; // Offset for ReadOnlyStaticServerData
// Offsets: 0x00A0 - 0x00A7
PVOID AnsiCodePageData; // Offset for AnsiCodePageData
// Offsets: 0x00A8 - 0x00AF
PVOID OemCodePageData; // Offset for OemCodePageData
// Offsets: 0x00B0 - 0x00B7
PVOID UnicodeCaseTableData; // Offset for UnicodeCaseTableData
// Offsets: 0x00B8 - 0x00BB
ULONG NumberOfProcessors;
// Offsets: 0x00BC - 0x00BF
ULONG NtGlobalFlag;
// Offsets: 0x00C0 - 0x00C7
LARGE_INTEGER CriticalSectionTimeout;
// Offsets: 0x00C8 - 0x00CF
SIZE_T HeapSegmentReserve;
// Offsets: 0x00D0 - 0x00D7
SIZE_T HeapSegmentCommit;
// Offsets: 0x00D8 - 0x00DF
SIZE_T HeapDeCommitTotalFreeThreshold;
// Offsets: 0x00E0 - 0x00E7
SIZE_T HeapDeCommitFreeBlockThreshold;
// Offsets: 0x00E8 - 0x00EB
ULONG NumberOfHeaps;
// Offsets: 0x00EC - 0x00EF
ULONG MaximumNumberOfHeaps;
// Offsets: 0x00F0 - 0x00F7
PVOID ProcessHeaps; // Offset for ProcessHeaps
// Offsets: 0x00F8 - 0x00FF
PVOID GdiSharedHandleTable; // Offset for GdiSharedHandleTable
// Offsets: 0x0100 - 0x0107
PVOID ProcessStarterHelper; // Offset for ProcessStarterHelper
// Offsets: 0x0108 - 0x010B
ULONG GdiDCAttributeList;
// Offsets: 0x010C - 0x010F
BYTE Reserved5[4]; // Padding
// Offsets: 0x0110 - 0x0117
PVOID LoaderLock; // Offset for LoaderLock
// Offsets: 0x0118 - 0x011B
ULONG OSMajorVersion;
// Offsets: 0x011C - 0x011F
ULONG OSMinorVersion;
// Offsets: 0x0120 - 0x0121
USHORT OSBuildNumber;
// Offsets: 0x0122 - 0x0123
USHORT OSCSDVersion;
// Offsets: 0x0124 - 0x0127
ULONG OSPlatformId;
// Offsets: 0x0128 - 0x012B
ULONG ImageSubsystem;
// Offsets: 0x012C - 0x012F
ULONG ImageSubsystemMajorVersion;
// Offsets: 0x0130 - 0x0133
ULONG ImageSubsystemMinorVersion;
// Offsets: 0x0134 - 0x0137
BYTE Reserved6[4]; // Padding
// Offsets: 0x0138 - 0x013F
SIZE_T ImageProcessAffinityMask;
// Offsets: 0x0140 - 0x022F
ULONG GdiHandleBuffer[60];
// Offsets: 0x0230 - 0x0237
PVOID PostProcessInitRoutine; // Offset for PostProcessInitRoutine
// Offsets: 0x0238 - 0x023F
PVOID TlsExpansionBitmap; // Offset for TlsExpansionBitmap
// Offsets: 0x0240 - 0x02BF
ULONG TlsExpansionBitmapBits[32]; // Array of 32 ULONGs
// Offsets: 0x02C0 - 0x02C3
ULONG SessionId;
// Offsets: 0x02C4 - 0x02C7
BYTE Reserved7[4]; // Padding
// Offsets: 0x02C8 - 0x02CF
ULARGE_INTEGER AppCompatFlags;
// Offsets: 0x02D0 - 0x02D7
ULARGE_INTEGER AppCompatFlagsUser;
// Offsets: 0x02D8 - 0x02DF
PVOID pShimData; // Offset for pShimData
// Offsets: 0x02E0 - 0x02E7
PVOID AppCompatInfo; // Offset for AppCompatInfo
// Offsets: 0x02E8 - 0x02F7
UNICODE_STRING CSDVersion;
// Offsets: 0x02F8 - 0x02FF
PVOID ActivationContextData; // Offset for ActivationContextData
// Offsets: 0x0300 - 0x0307
PVOID ProcessAssemblyStorageMap; // Offset for ProcessAssemblyStorageMap
// Offsets: 0x0308 - 0x030F
PVOID SystemDefaultActivationContextData; // Offset for SystemDefaultActivationContextData
// Offsets: 0x0310 - 0x0317
PVOID SystemAssemblyStorageMap; // Offset for SystemAssemblyStorageMap
// Offsets: 0x0318 - 0x031F
SIZE_T MinimumStackCommit;
// Offsets: 0x0320 - 0x0327
PVOID FlsCallback; // Offset for FlsCallback
// Offsets: 0x0328 - 0x0337
LIST_ENTRY FlsListHead;
// Offsets: 0x0338 - 0x033F
PVOID FlsBitmap; // Offset for FlsBitmap
// Offsets: 0x0340 - 0x034F
ULONG FlsBitmapBits[4]; // Array of 4 ULONGs
// Offsets: 0x0350 - 0x0353
ULONG FlsHighIndex;
// Offsets: 0x0354 - 0x0357
BYTE Reserved8[4]; // Padding
// Offsets: 0x0358 - 0x035F
PVOID WerRegistrationData; // Offset for WerRegistrationData
// Offsets: 0x0360 - 0x0367
PVOID WerShipAssertPtr; // Offset for WerShipAssertPtr
};
#endif

76
dlls/kernelx/dllmain.cpp
View File

@ -1,16 +1,21 @@
// ReSharper disable CppInconsistentNaming
// ReSharper disable CppParameterMayBeConst
// ReSharper disable CppClangTidyClangDiagnosticMicrosoftCast
// ReSharper disable CppClangTidyClangDiagnosticUndefinedReinterpretCast
// ReSharper disable CppClangTidyClangDiagnosticShadow
// ReSharper disable CppClangTidyClangDiagnosticCastFunctionTypeStrict
//// ReSharper disable CppInconsistentNaming
//// ReSharper disable CppParameterMayBeConst
//// ReSharper disable CppClangTidyClangDiagnosticMicrosoftCast
//// ReSharper disable CppClangTidyClangDiagnosticUndefinedReinterpretCast
//// ReSharper disable CppClangTidyClangDiagnosticShadow
//// ReSharper disable CppClangTidyClangDiagnosticCastFunctionTypeStrict
#include "pch.h"
#include "kernelx.h"
#include "XPEB.h"
//
using namespace Microsoft::WRL;
typedef HRESULT(*DllGetActivationFactoryFunc) (HSTRING, IActivationFactory**);
DllGetActivationFactoryFunc pDllGetActivationFactory = nullptr;
HMODULE hModule;
SYSTEM_BASIC_INFORMATION systemBasicInfo;
HRESULT(WINAPI* TrueRoGetActivationFactory)(HSTRING classId, REFIID iid, void** factory) = RoGetActivationFactory;
@ -19,7 +24,7 @@ HRESULT WINAPI RoGetActivationFactory_Hook(HSTRING classId, REFIID iid, void** f
{
auto hr = TrueRoGetActivationFactory(classId, iid, factory);
const std::wstring message = std::wstring(L"classId: ") +
const std::wstring message = std::wstring(L"classId: ") +
WindowsGetStringRawBuffer(classId, nullptr);
if (FAILED(hr))
@ -50,25 +55,52 @@ HRESULT WINAPI RoGetActivationFactory_Hook(HSTRING classId, REFIID iid, void** f
return hr;
}
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID reserved)
{
if (DetourIsHelperProcess()) return TRUE;
if (dwReason == DLL_PROCESS_ATTACH)
LPTOP_LEVEL_EXCEPTION_FILTER RtlSetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
{
return SetUnhandledExceptionFilter(lpTopLevelExceptionFilter);
}
/// 100% the same as the original code besides the added detour code - VodkaDoc
BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
{
BOOL isinit;
ANSI_STRING DestinationString;
if (fdwReason == DLL_PROCESS_ATTACH)
{
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&reinterpret_cast<PVOID&>(TrueRoGetActivationFactory), RoGetActivationFactory_Hook);
DetourTransactionCommit();
}
else if (dwReason == DLL_PROCESS_DETACH)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&reinterpret_cast<PVOID&>(TrueRoGetActivationFactory), RoGetActivationFactory_Hook);
DetourTransactionCommit();
}
return TRUE;
}
if (NtQuerySystemInformation(SystemBasicInformation, &systemBasicInfo, 0x40u, 0i64) >= 0)
{
_XPEB* peb = (_XPEB*)NtCurrentPeb(); // Cast NtCurrentPeb to your custom _XPEB structure
RTL_USER_PROCESS_PARAMETERS* processParams = (RTL_USER_PROCESS_PARAMETERS*)peb->ProcessParameters; // Cast ProcessParameters
if (RtlUnicodeStringToAnsiString(&DestinationString, &processParams->CommandLine, 1u) < 0)
{
DestinationString.Length = 0i64;
DestinationString.Buffer = 0i64;
}
RtlSetUnhandledExceptionFilter(UnhandledExceptionFilter);
}
else
{
isinit = false;
}
hModule = hinstDLL;
//ConfigureLocaleSettings(); //Incomplete
}
else
{
isinit = true;
if (!fdwReason == DLL_PROCESS_DETACH)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&reinterpret_cast<PVOID&>(TrueRoGetActivationFactory), RoGetActivationFactory_Hook);
DetourTransactionCommit();
//CleanupResources(hinstDLL, fdwReason, lpReserved); Incomplete
}
}
return isinit;
}

316
dlls/kernelx/kernelx.cpp
View File

@ -4,10 +4,14 @@
// ReSharper disable CppClangTidyHicppMultiwayPathsCovered
// ReSharper disable CppClangTidyClangDiagnosticInconsistentDllimport
#include "pch.h"
#include <winternl.h>
#include "XPEB.h"
NtAllocateVirtualMemory_t NtAllocateVirtualMemory;
NtFreeVirtualMemory_t NtFreeVirtualMemory;
#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
//Ignoring this as for now (just hope it's not being used and it's not useful.)
__int64 NlsUpdateLocale_X() {
return 0();
@ -342,20 +346,18 @@ PVOID XMemAlloc_X(uint64_t size, uint64_t flags) {
// TODO
// absolutely temporary implementation I just want to make it work
// sub_18001BCA0
char* qword_18002B880;
char* qword_18002B890;
PVOID globalDataBlock;
PVOID localeDataHeap;
HANDLE qword_18002B820;
HANDLE qword_18002B830;
HANDLE qword_18002B818;
HANDLE qword_18002B850;
HANDLE qword_18002B858;
HANDLE qword_18002B888;
PVOID baseBufferMemory;
HANDLE P;
char* dword_18002B84C;
//sub_18001BB8C
int dword_18002BF68;
int sub_18001D528()
{
@ -369,187 +371,235 @@ INT16 sub_18001D768()
return 0;
}
int sub_18001D96C(int v2, unsigned short* codePageData, unsigned int p, bool t, long l)
int sub_18001D96C(int v2, PVOID codePageData, unsigned int p, bool t, long l)
{
//TODO
return 0;
}
__int64 sub_18001BB8C()
{
// I know it should look better if it was initalized at dllmain.cpp but then I can't fix some idiotic errors
HMODULE ntdll = LoadLibraryA("ntdll.dll");
if (ntdll) {
NtAllocateVirtualMemory =
(NtAllocateVirtualMemory_t)GetProcAddress(ntdll, "NtAllocateVirtualMemory");
NtFreeVirtualMemory =
(NtFreeVirtualMemory_t)GetProcAddress(ntdll, "NtFreeVirtualMemory");
//HMODULE ntdll = LoadLibraryA("ntdll.dll");
//if (ntdll) {
// NtAllocateVirtualMemory =
// (NtAllocateVirtualMemory_t)GetProcAddress(ntdll, "NtAllocateVirtualMemory");
// NtFreeVirtualMemory =
// (NtFreeVirtualMemory_t)GetProcAddress(ntdll, "NtFreeVirtualMemory");
FreeLibrary(ntdll);
}
/*unsigned int v0; // ebx
unsigned __int16* AnsiCodePageData; // rdx
int v2; // ecx
PVOID v3; // rbx
HMODULE v4; // rcx
// FreeLibrary(ntdll);
//}
v0 = 0;
if (!dword_18002B84C)
BOOL isLocaleConfigInitialized;
__int64 AllocateLocaleHeapMemory()
{
//memset(&globalDataBlock, 0, 0xD8ui64);
//baseBufferMemory = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, 8u, 0x400ui64);
//if (!baseBufferMemory)
// return 14i64;
//localeDataHeap = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, 8u, 0x400ui64);
//if (!localeDataHeap)
//{
// if (baseBufferMemory)
// RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, baseBufferMemory);
// return 14i64;
//}
return 0i64;
}
int dword_18002BF68;
_QWORD unk_18002B838;
__int64 qword_18002B828;
__int64 qword_18002B980;
__int64 qword_18002B990;
__int16 word_18002BF64;
HANDLE Event;
__int64 __fastcall sub_18001EB38(unsigned int a1, __int64 a2 = 0)
{
return 0;
}
__int64 __fastcall MapLocaleFileAndInitializeData(unsigned int* a1 = 0)
{
return 0;
}
__int64 ConfigureLocaleSettings()
{
unsigned int localeHeapMemory; // LocaleHeapMemory -> localeHeapMemory
PVOID ansiCodePageData; // AnsiCodePageData -> ansiCodePageData
int ansiCodePage; // v2 -> ansiCodePage
PVOID localeDataPointer; // v3 -> localeDataPointer
HMODULE libraryHandle; // v4 -> libraryHandle
localeHeapMemory = 0;
// Check if locale configuration is already initialized
if (!isLocaleConfigInitialized)
{
// Try to allocate memory for locale data
localeHeapMemory = AllocateLocaleHeapMemory();
v0 = sub_18001D528();
if (!v0)
if (!localeHeapMemory)
{
v0 = sub_18001D768();
if (!v0)
// If allocation fails, attempt to map the locale file and initialize data
localeHeapMemory = ((__int64 (*)(void))MapLocaleFileAndInitializeData)();
if (!localeHeapMemory)
{
// not sure
AnsiCodePageData = (unsigned __int16*)NtCurrentTeb()->ProcessEnvironmentBlock->ProcessParameters;
v2 = AnsiCodePageData[1];
dword_18002BF68 = v2;
v0 = sub_18001D96C(v2, AnsiCodePageData, (unsigned int)&P, 0, 0LL);
if (!v0)
// Retrieve AnsiCodePage data from PEB
ansiCodePageData = NtCurrentPeb()->AnsiCodePageData;
ansiCodePage = *((unsigned __int16*)ansiCodePageData + 1);
// Store AnsiCodePage value in a global variable
dword_18002BF68 = ansiCodePage;
// Call a subroutine with various locale parameters
localeHeapMemory = sub_18001D96C(ansiCodePage,
(PVOID)(DWORD)ansiCodePageData,
(unsigned int)&P, 0, 0i64);
// If no memory is allocated, set up synchronization and locale data
if (!localeHeapMemory)
{
RtlAcquireSRWLockExclusive(&unk_18002B838);
qword_18002B828 = sub_18001EB38(127LL);
// Acquire exclusive lock for synchronization
RtlAcquireSRWLockExclusive((PSRWLOCK)&unk_18002B838);
// Attempt to initialize locale data
qword_18002B828 = sub_18001EB38(127i64);
if (qword_18002B828)
{
RtlReleaseSRWLockExclusive(&unk_18002B838);
qword_18002B990 = 0LL;
qword_18002B980 = 0LL;
// Release lock after initialization
RtlReleaseSRWLockExclusive((PSRWLOCK)&unk_18002B838);
qword_18002B990 = 0i64;
qword_18002B980 = 0i64;
word_18002BF64 = 1;
Event = 0LL;
dword_18002B84C = 1;
Event = 0i64;
isLocaleConfigInitialized = 1;
}
else
{
RtlReleaseSRWLockExclusive(&unk_18002B838);
v3 = P;
v4 = (HMODULE) * ((_QWORD*)P + 8);
if (v4)
FreeLibrary(v4);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, v3);
P = 0LL;
// Release lock if initialization fails
RtlReleaseSRWLockExclusive((PSRWLOCK)&unk_18002B838);
// Cleanup in case of failure
localeDataPointer = P;
libraryHandle = (HMODULE) * ((_QWORD*)P + 8);
// Free the loaded library if it exists
if (libraryHandle)
FreeLibrary(libraryHandle);
// Free heap memory allocated for locale data
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, localeDataPointer);
P = 0i64;
// Return error code 87 (ERROR_INVALID_PARAMETER)
return 87;
}
}
}
}
}
return v0;*/
return 0;
return localeHeapMemory;
}
// absolutely temporary implementation I just want to make it work
// decompilation from ghidra (it looks horrible lol)
NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)
NTSTATUS CleanupResources(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)
{
char* v0; // rax
__int64 v1; // rdi
__int64 v2; // rsi
char* v3; // rbx
HMODULE v4; // rcx
char* v5; // rbp
char* v6; // rax
__int64 v7; // rdi
__int64 v8; // rsi
char* v9; // r8
char* v10; // rbx
PVOID v11; // rbx
HMODULE v12; // rcx
NTSTATUS result; // al
v0 = (char*)qword_18002B880;
if (qword_18002B880)
char* resourceArray1 = (char*)globalDataBlock;
if (resourceArray1)
{
v1 = 0LL;
v2 = 197LL;
do
for (int i = 0; i < 197; ++i)
{
v3 = *(char**)&v0[v1];
if (v3)
char* currentResource = *(char**)&resourceArray1[i * 8];
while (currentResource)
{
do
{
v4 = (HMODULE)v3[8];
v5 = (char*)v3[9];
if (v4)
FreeLibrary(v4);
HeapFree(GetProcessHeap(), 0, v3);
v3 = v5;
} while (v5);
v0 = (char*)qword_18002B880;
HMODULE moduleHandle = (HMODULE)currentResource[8];
char* nextResource = (char*)currentResource[9];
if (moduleHandle)
FreeLibrary(moduleHandle);
HeapFree(GetProcessHeap(), 0, currentResource);
currentResource = nextResource;
}
v1 += 8LL;
--v2;
} while (v2);
if (v0)
HeapFree(GetProcessHeap(), 0, qword_18002B880);
qword_18002B880 = 0LL;
}
v6 = (char*)qword_18002B890;
v7 = 0LL;
v8 = 128LL;
do
{
v9 = *(char**)&v6[v7];
if (v9)
{
do
{
v10 = (char*)v9[10];
HeapFree(GetProcessHeap(), 0, v9);
v9 = v10;
} while (v10);
v6 = (char*)qword_18002B890;
}
v7 += 8LL;
--v8;
} while (v8);
if (v6)
HeapFree(GetProcessHeap(), 0, qword_18002B890);
qword_18002B890 = 0LL;
if (qword_18002B888)
HeapFree(GetProcessHeap(), 0, qword_18002B888);
// P ?!?
v11 = P;
qword_18002B888 = 0LL;
v12 = (HMODULE) * ((char*)P + 8);
if (v12)
FreeLibrary(v12);
result = HeapFree(GetProcessHeap(), 0, v11);
P = 0LL;
if (GetModuleHandle)
{
result = NtClose(GetModuleHandle);
HeapFree(GetProcessHeap(), 0, globalDataBlock);
globalDataBlock = 0LL;
}
char* resourceArray2 = (char*)localeDataHeap;
if (resourceArray2)
{
for (int i = 0; i < 128; ++i)
{
char* currentResource = *(char**)&resourceArray2[i * 8];
while (currentResource)
{
char* nextResource = (char*)currentResource[10];
HeapFree(GetProcessHeap(), 0, currentResource);
currentResource = nextResource;
}
}
HeapFree(GetProcessHeap(), 0, localeDataHeap);
localeDataHeap = 0LL;
}
if (baseBufferMemory)
{
HeapFree(GetProcessHeap(), 0, baseBufferMemory);
baseBufferMemory = 0LL;
}
// Handle cleanup of 'P'
PVOID pResource = P;
if (pResource)
{
HMODULE moduleHandle = (HMODULE)((char*)P + 8);
if (moduleHandle)
FreeLibrary(moduleHandle);
HeapFree(GetProcessHeap(), 0, pResource);
P = 0LL;
}
// Close any open module handles
if (GetModuleHandle)
NtClose(GetModuleHandle);
if (qword_18002B820)
{
result = NtClose(qword_18002B820);
NtClose(qword_18002B820);
qword_18002B820 = 0LL;
}
if (qword_18002B830)
{
result = NtClose(qword_18002B830);
NtClose(qword_18002B830);
qword_18002B830 = 0LL;
}
if (qword_18002B818)
{
result = NtClose(qword_18002B818);
NtClose(qword_18002B818);
qword_18002B818 = 0LL;
}
if (qword_18002B850)
{
result = NtClose(qword_18002B850);
NtClose(qword_18002B850);
qword_18002B850 = 0LL;
}
if (qword_18002B858)
{
result = NtClose(qword_18002B858);
NtClose(qword_18002B858);
qword_18002B858 = 0LL;
}
dword_18002B84C = 0;
return result;
}
return STATUS_SUCCESS;
}

4
dlls/kernelx/kernelx.h
View File

@ -18,6 +18,6 @@ typedef NTSTATUS(NTAPI* NtFreeVirtualMemory_t)(
// Deleted that extern "C" stuff as I don't think it's needed, if it's needed someone added it pls
__int64 sub_18001BB8C();
__int64 ConfigureLocaleSettings();
NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved);
NTSTATUS CleanupResources(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved);

1
dlls/kernelx/kernelx.vcxproj
View File

@ -95,6 +95,7 @@
<ClInclude Include="framework.h" />
<ClInclude Include="kernelx.h" />
<ClInclude Include="pch.h" />
<ClInclude Include="XPEB.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp" />

24
dlls/kernelx/kernelx.vcxproj.filters Normal file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="kernelx.cpp" />
<ClCompile Include="pch.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h" />
<ClInclude Include="kernelx.h" />
<ClInclude Include="pch.h" />
<ClInclude Include="XPEB.h">
<Filter>Headers</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<None Include="Exports.def" />
</ItemGroup>
<ItemGroup>
<Filter Include="Headers">
<UniqueIdentifier>{1fd01865-5063-43f8-8e37-2d5b0dd81b88}</UniqueIdentifier>
</Filter>
</ItemGroup>
</Project>

46
dlls/mfplat/dllmain.cpp
View File

@ -1,19 +1,47 @@
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include <windows.h>
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
HMODULE hMfplat = NULL;
// Define your missing functions
__int64 __fastcall MFCreateDxvaSampleRendererX_X(__int64 a, __int64 b, __int64 c)
{
return 0; // Placeholder functionality
}
__int64 MFResetDXGIDeviceManagerX_X()
{
return 0; // Placeholder functionality
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
// Load mfplat.dll when the DLL is attached to a process
hMfplat = LoadLibrary(L"mfplat.dll");
if (hMfplat == NULL)
{
// Handle the error, e.g., logging or failing gracefully
return FALSE; // Fail the DLL load if mfplat.dll is not loaded
}
break;
case DLL_PROCESS_DETACH:
// Free mfplat.dll when the DLL is detached from the process
if (hMfplat != NULL)
{
FreeLibrary(hMfplat);
hMfplat = NULL;
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
// Do nothing for thread-specific cases
break;
}
return TRUE;
return TRUE; // Continue loading the DLL
}

30
dlls/mfplat/mfplat.cpp
View File

@ -1,30 +0,0 @@
// mfplat.cpp : Defines the exported functions for the DLL.
//
#include "pch.h"
#include "framework.h"
#include "mfplat.h"
__int64 __fastcall MFCreateDxvaSampleRendererX_X(__int64 a, __int64 b, __int64 c)
{
return 0;
}
__int64 MFResetDXGIDeviceManagerX_X() { return 0; }
HRESULT MFCreateDXGIDeviceManager_X(UINT* resetToken, /*IMFDXGIDeviceManager*/PVOID64 ppDeviceManager)
{
return 0;
}
HRESULT MFCreateAttributes_X(/*IMFAttributes*/PVOID64** ppMFAttributes, UINT32 cInitialSize)
{
return 0;
}
HRESULT MFCreateMediaType_X(/*IMFMediaType*/PVOID64** ppMFType)
{
return 0;
}
HRESULT MFStartup_X(ULONG Version, DWORD dwFlags)
{
return 0;
}

8
dlls/mfplat/mfplat.h
View File

@ -1,8 +0,0 @@
#define H_API extern "C" __declspec( dllexport )
H_API HRESULT(__stdcall* MFCreateDXGIDeviceManager)(UINT* resetToken, /*IMFDXGIDeviceManager*/PVOID64 ppDeviceManager);
H_API __int64(__fastcall* MFCreateDxvaSampleRendererX)(__int64 a, __int64 b, __int64 c);
H_API __int64 (*MFResetDXGIDeviceManagerX)();
H_API HRESULT(__stdcall* MFCreateAttributes)(/*IMFAttributes*/PVOID64** ppMFAttributes, UINT32 cInitialSize);
H_API HRESULT(__stdcall* MFCreateMediaType)(/*IMFMediaType*/PVOID64** ppMFType);
H_API HRESULT(__stdcall* MFStartup)(ULONG Version, DWORD dwFlags);

2
dlls/mfplat/mfplat.vcxproj
View File

@ -90,12 +90,10 @@
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h" />
<ClInclude Include="mfplat.h" />
<ClInclude Include="pch.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp" />
<ClCompile Include="mfplat.cpp" />
<ClCompile Include="pch.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>

2
dlls/mfplat/mfplat.vcxproj.filters
View File

@ -3,10 +3,8 @@
<ItemGroup>
<ClInclude Include="pch.h" />
<ClInclude Include="framework.h" />
<ClInclude Include="mfplat.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="mfplat.cpp" />
<ClCompile Include="pch.cpp" />
<ClCompile Include="dllmain.cpp" />
</ItemGroup>