From ef748981289c50b42da49d6870769e7705c2de3c Mon Sep 17 00:00:00 2001
From: AleBlbl <alell8632@gmail.com>
Date: Thu, 5 Sep 2024 02:34:56 +0200
Subject: [PATCH] Added export functions to fix etwplus.dll entrypoint errors

---
 dlls/kernelx/Exports.def |  7 ++++++-
 dlls/kernelx/dllmain.cpp |  2 +-
 dlls/kernelx/kernelx.cpp | 19 +++++++++++++++++--
 dlls/kernelx/kernelx.h   | 10 ++++++++--
 4 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/dlls/kernelx/Exports.def b/dlls/kernelx/Exports.def
index 15e0ada..7b4e093 100644
--- a/dlls/kernelx/Exports.def
+++ b/dlls/kernelx/Exports.def
@@ -12,8 +12,10 @@ EXPORTS
 	DecodePointer			= NTDLL.RtlDecodePointer		@72
 	DeleteCriticalSection	= NTDLL.RtlDeleteCriticalSection@74
 	DeleteFileW				= DeleteFileW_X					@77
+	DisableThreadLibraryCalls = DisableThreadLibraryCalls_X	@81
 	EventRegister			= NTDLL.EtwEventRegister		@95
 	EventUnregister			= NTDLL.EtwEventUnregister		@97
+	EventWrite				= NTDLL.EtwEventWrite			@98
 	EnterCriticalSection	= EnterCriticalSection_X		@87
 	ExitProcess				= ExitProcess_X					@102
 	FileTimeToSystemTime	= FileTimeToSystemTime_X		@107
@@ -40,17 +42,20 @@ EXPORTS
 	GetTickCount			= GetTickCount_X				@231
 	GetUserDefaultLocaleName = GetUserDefaultLocaleName_X	@242
 	GetUserGeoID			= GetUserGeoID_X				@243
+	HeapAlloc				= NTDLL.RtlAllocateHeap			@252
+	HeapFree				= HeapFree_X					@256
 	InitializeConditionVariable	= NTDLL.RtlInitializeConditionVariable @269
 	InitializeCriticalSection = NTDLL.RtlInitializeCriticalSection	@271
 	InitializeCriticalSectionAndSpinCount = InitializeCriticalSectionAndSpinCount_X @272
 	InitializeCriticalSectionEx = InitializeCriticalSectionEx_X @273
 	InitializeSListHead		= NTDLL.RtlInitializeSListHead	@275
-	InitializeSRWLock		= NTDLL.InitializeSRWLock				@276
+	InitializeSRWLock		= NTDLL.RtlInitializeSRWLock				@276
 	IsDebuggerPresent		= IsDebuggerPresent_X			@283
 	IsProcessorFeaturePresent = IsProcessorFeaturePresent_X @284
 	LeaveCriticalSection	= NTDLL.RtlLeaveCriticalSection @293
 	MultiByteToWideChar		= MultiByteToWideChar_X			@313
 	OutputDebugStringW		= OutputDebugStringW_X			@328
+	PeekNamedPipe			= PeekNamedPipe_X				@330
 	QueryPerformanceCounter	= QueryPerformanceCounter_X		@333
 	QueryPerformanceFrequency = QueryPerformanceFrequency_X	@334
 	RaiseException			= RaiseException_X				@339
diff --git a/dlls/kernelx/dllmain.cpp b/dlls/kernelx/dllmain.cpp
index 0e4c7e2..f77a702 100644
--- a/dlls/kernelx/dllmain.cpp
+++ b/dlls/kernelx/dllmain.cpp
@@ -31,7 +31,7 @@ BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved
                 DestinationString->Buffer = 0LL;
             }
             //Probably have to change this to SetUnhandledExceptionFilter
-            RtlSetUnhandledExceptionFilter(UnhandledExceptionFilter);
+            SetUnhandledExceptionFilter(UnhandledExceptionFilter);
         }
         else
         {
diff --git a/dlls/kernelx/kernelx.cpp b/dlls/kernelx/kernelx.cpp
index 8a0b391..1cbdc67 100644
--- a/dlls/kernelx/kernelx.cpp
+++ b/dlls/kernelx/kernelx.cpp
@@ -375,6 +375,21 @@ int GetUserDefaultLocaleName_X(LPWSTR lpLocaleName, int cchLocaleName)
     return GetUserDefaultLocaleName(lpLocaleName, cchLocaleName);
 }
 
+BOOL PeekNamedPipe_X(HANDLE hNamedPipe, LPVOID lpBuffer, DWORD nBufferSize, LPDWORD lpBytesRead, LPDWORD lpTotalBytesAvail, LPDWORD lpBytesLeftThisMessage)
+{
+    return PeekNamedPipe(hNamedPipe, lpBuffer, nBufferSize, lpBytesRead, lpTotalBytesAvail, lpBytesLeftThisMessage);
+}
+
+BOOL DisableThreadLibraryCalls_X(HMODULE hLibModule)
+{
+    return DisableThreadLibraryCalls(hLibModule);
+}
+
+BOOL HeapFree_X(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
+{
+    return HeapFree(hHeap, dwFlags, lpMem);
+}
+
 void GetSystemTime_X(LPSYSTEMTIME lpSystemTime)
 {
     GetSystemTime(lpSystemTime);
@@ -407,11 +422,11 @@ __int64 GetConsoleType_X()
 
 
 // !!!!!
-// Should be in ntdll.dll reimplementation, right now i'm just testing things with DLLMain entryPoint
+/*/ Should be in ntdll.dll reimplementation, right now i'm just testing things with DLLMain entryPoint
 PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter)
 {
 	return EncodePointer(ExceptionFilter);
-}
+}*/
 
 
 
diff --git a/dlls/kernelx/kernelx.h b/dlls/kernelx/kernelx.h
index 0a6f24e..d4115e9 100644
--- a/dlls/kernelx/kernelx.h
+++ b/dlls/kernelx/kernelx.h
@@ -146,6 +146,12 @@ extern "C" BOOL CreateDirectoryW_X(LPCWSTR lpPathName, LPSECURITY_ATTRIBUTES lpS
 
 extern "C" BOOL CloseHandle_X(HANDLE hObject);
 
+extern "C" BOOL DisableThreadLibraryCalls_X(HMODULE hLibModule);
+
+extern "C" BOOL HeapFree_X(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem);
+
+extern "C" BOOL PeekNamedPipe_X(HANDLE hNamedPipe, LPVOID lpBuffer, DWORD nBufferSize, LPDWORD lpBytesRead, LPDWORD lpTotalBytesAvail, LPDWORD lpBytesLeftThisMessage);
+
 extern "C" __int64 GetConsoleType_X();
 
 
@@ -153,8 +159,8 @@ extern "C" __int64 GetConsoleType_X();
 // EXE EXPORTS END
 
 
-PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter);
+//PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter);
 
+//DLLMain entrypoint matching test
 __int64 sub_18001BB8C();
-
 NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved);
\ No newline at end of file