From efd2491a3d19160d9cae2a094e7baa9f2d958196 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Mon, 26 Feb 2024 18:54:16 +0000 Subject: Implement initial version --- src/fakeiat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 src/fakeiat.h (limited to 'src/fakeiat.h') diff --git a/src/fakeiat.h b/src/fakeiat.h new file mode 100644 index 0000000..3e51381 --- /dev/null +++ b/src/fakeiat.h @@ -0,0 +1,45 @@ +/* + * Copyright © 2024 Michael Smith + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef INC_FAKEIAT_H +#define INC_FAKEIAT_H + +struct _SYSTEM_INFO; + +typedef int (*__stdcall _iat_FlushInstructionCache_func)(void *, const void *, + unsigned long); +typedef void (*__stdcall _iat_GetSystemInfo_func)(struct _SYSTEM_INFO *); +typedef int (*__stdcall _iat_VirtualProtect_func)(void *, unsigned long, + unsigned long, unsigned long *); + +// Because this is one EXE (not a DLL), injecting it with LoadLibrary doesn't +// fill out the IAT properly, causing crashes when API functions are used. We +// _could_ just manually populate/fix up the IAT, but that's kind of a pain in +// the arse. Instead, we use this poor-man's IAT to pass down literally three +// functions that are used inside of the child process' address space. +extern struct _fakeiat { + _iat_FlushInstructionCache_func FlushInstructionCache; + _iat_GetSystemInfo_func GetSystemInfo; + _iat_VirtualProtect_func VirtualProtect; +} IAT; + +#ifdef FAKEIAT_DEFINES +#define FlushInstructionCache (IAT.FlushInstructionCache) +#define GetSystemInfo (IAT.GetSystemInfo) +#define VirtualProtect (IAT.VirtualProtect) +#endif + +#endif -- cgit v1.2.3