summaryrefslogtreecommitdiffhomepage
path: root/src/fakeiat.h
diff options
context:
space:
mode:
authorMichael Smith <mikesmiffy128@gmail.com>2024-02-26 18:54:16 +0000
committerMichael Smith <mikesmiffy128@gmail.com>2024-02-26 18:54:16 +0000
commitefd2491a3d19160d9cae2a094e7baa9f2d958196 (patch)
tree1cbcae136679bc1411c3758c1252ffdc67d7d12b /src/fakeiat.h
Implement initial versionv1.0
Diffstat (limited to 'src/fakeiat.h')
-rw-r--r--src/fakeiat.h45
1 files changed, 45 insertions, 0 deletions
diff --git a/src/fakeiat.h b/src/fakeiat.h
new file mode 100644
index 0000000..3e51381
--- /dev/null
+++ b/src/fakeiat.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2024 Michael Smith <mikesmiffy128@gmail.com>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef INC_FAKEIAT_H
+#define INC_FAKEIAT_H
+
+struct _SYSTEM_INFO;
+
+typedef int (*__stdcall _iat_FlushInstructionCache_func)(void *, const void *,
+ unsigned long);
+typedef void (*__stdcall _iat_GetSystemInfo_func)(struct _SYSTEM_INFO *);
+typedef int (*__stdcall _iat_VirtualProtect_func)(void *, unsigned long,
+ unsigned long, unsigned long *);
+
+// Because this is one EXE (not a DLL), injecting it with LoadLibrary doesn't
+// fill out the IAT properly, causing crashes when API functions are used. We
+// _could_ just manually populate/fix up the IAT, but that's kind of a pain in
+// the arse. Instead, we use this poor-man's IAT to pass down literally three
+// functions that are used inside of the child process' address space.
+extern struct _fakeiat {
+ _iat_FlushInstructionCache_func FlushInstructionCache;
+ _iat_GetSystemInfo_func GetSystemInfo;
+ _iat_VirtualProtect_func VirtualProtect;
+} IAT;
+
+#ifdef FAKEIAT_DEFINES
+#define FlushInstructionCache (IAT.FlushInstructionCache)
+#define GetSystemInfo (IAT.GetSystemInfo)
+#define VirtualProtect (IAT.VirtualProtect)
+#endif
+
+#endif