bool LoadVkLibraryAndGetProcAddrFuncs(PFN_vkGetInstanceProcAddr* instProc,
PFN_vkGetDeviceProcAddr* devProc) {
#ifdef SK_MOLTENVK
// MoltenVK is a statically linked framework, so there is no Vulkan library to load.
*instProc = &vkGetInstanceProcAddr;
*devProc = &vkGetDeviceProcAddr;
return true;
#else
static void* vkLib = nullptr;
static PFN_vkGetInstanceProcAddr localInstProc = nullptr;
static PFN_vkGetDeviceProcAddr localDevProc = nullptr;
if (!vkLib) {
#if defined _WIN32
vkLib = DynamicLoadLibrary("vulkan-1.dll");
#else
vkLib = DynamicLoadLibrary("libvulkan.so");
#endif
if (!vkLib) {
return false;
}
localInstProc = (PFN_vkGetInstanceProcAddr) GetProcedureAddress(vkLib,
"vkGetInstanceProcAddr");
localDevProc = (PFN_vkGetDeviceProcAddr) GetProcedureAddress(vkLib,
"vkGetDeviceProcAddr");
}
if (!localInstProc || !localDevProc) {
return false;
}
*instProc = localInstProc;
*devProc = localDevProc;
return true;
#endif
}
static GrGLFuncPtr angle_get_gl_proc(void* ctx, const char name[]) {
const Libs* libs = reinterpret_cast<const Libs*>(ctx);
GrGLFuncPtr proc = (GrGLFuncPtr) GetProcedureAddress(libs->fGLLib, name);
if (proc) {
return proc;
}
proc = (GrGLFuncPtr) GetProcedureAddress(libs->fEGLLib, name);
if (proc) {
return proc;
}
return eglGetProcAddress(name);
}
CPlugin::~CPlugin()
{
if(m_pLibrary)
{
OnPluginUnload_t pfn = (OnPluginUnload_t) GetProcedureAddress("OnPluginUnload");
if(pfn)
pfn();
#ifdef WIN32
FreeLibrary((HMODULE)m_pLibrary);
#else
dlclose(m_pLibrary);
#endif
m_pLibrary = NULL;
}
}
static void load_command_buffer_functions() {
if (!gLibrary) {
#if defined _WIN32
gLibrary = DynamicLoadLibrary("command_buffer_gles2.dll");
#elif defined SK_BUILD_FOR_MAC
gLibrary = DynamicLoadLibrary("libcommand_buffer_gles2.dylib");
#else
gLibrary = DynamicLoadLibrary("libcommand_buffer_gles2.so");
#endif // defined _WIN32
if (gLibrary) {
gfGetDisplay = (GetDisplayProc)GetProcedureAddress(gLibrary, "eglGetDisplay");
gfInitialize = (InitializeProc)GetProcedureAddress(gLibrary, "eglInitialize");
gfTerminate = (TerminateProc)GetProcedureAddress(gLibrary, "eglTerminate");
gfChooseConfig = (ChooseConfigProc)GetProcedureAddress(gLibrary, "eglChooseConfig");
gfGetConfigAttrib = (GetConfigAttrib)GetProcedureAddress(gLibrary, "eglGetConfigAttrib");
gfCreateWindowSurface = (CreateWindowSurfaceProc)GetProcedureAddress(gLibrary, "eglCreateWindowSurface");
gfCreatePbufferSurface = (CreatePbufferSurfaceProc)GetProcedureAddress(gLibrary, "eglCreatePbufferSurface");
gfDestroySurface = (DestroySurfaceProc)GetProcedureAddress(gLibrary, "eglDestroySurface");
gfCreateContext = (CreateContextProc)GetProcedureAddress(gLibrary, "eglCreateContext");
gfDestroyContext = (DestroyContextProc)GetProcedureAddress(gLibrary, "eglDestroyContext");
gfMakeCurrent = (MakeCurrentProc)GetProcedureAddress(gLibrary, "eglMakeCurrent");
gfSwapBuffers = (SwapBuffersProc)GetProcedureAddress(gLibrary, "eglSwapBuffers");
gfGetProcAddress = (GetProcAddressProc)GetProcedureAddress(gLibrary, "eglGetProcAddress");
gfFunctionsLoadedSuccessfully = gfGetDisplay && gfInitialize && gfTerminate &&
gfChooseConfig && gfCreateWindowSurface &&
gfCreatePbufferSurface && gfDestroySurface &&
gfCreateContext && gfDestroyContext && gfMakeCurrent &&
gfSwapBuffers && gfGetProcAddress;
}
}
}
int main(int argc, char *argv[])
{
#if 1
HANDLE hProcess;
DWORD procAddr, procAddr2;
DWORD procId;
if (argc < 2) {
printf("Current process\n");
procId = (DWORD) GetCurrentProcessId();
} else {
printf("Process: %s\n", argv[1]);
procId = atoi(argv[1]);
}
hProcess = OpenProcess(
PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,
FALSE,
procId);
if (hProcess == NULL)
return 1;
DWORD pKernel32 = GetRemoteModule(hProcess, "kernel32.dll");
DWORD pNtdll = GetRemoteModule(hProcess, "ntdll.dll");
if ((!pKernel32)||(!pNtdll))
return 1;
procAddr = GetProcedureAddress(hProcess, pKernel32, "KERNEL32.dll", LOAD_LIBRARY_NAME);
procAddr2 = GetProcedureAddress(hProcess, pNtdll, "ntdll.dll", "RtlGetLastWin32Error");
printf("LoadLibraryA:\t0x%08x\nRtlGetLastWin32Error:\t0x%08x\n", procAddr, procAddr2);
if ((procAddr == 0)||(procAddr2 == 0)) {
return 1;
}
printf("Trying to inject...\n");
// HMODULE hModule = LoadLibraryW(L"kernel32.dll");
#endif
#define THREAD_ALLOC_SIZE 4096
LPVOID pRemote = VirtualAllocEx(
hProcess,
NULL,
THREAD_ALLOC_SIZE,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE
);
if (pRemote == NULL) {
printf("Failed to allocate memory in remote process: %x\n", GetLastError());
goto exit;
}
char libName[] = "c:\\111\\dll.dll";
printf("lib_name:\t%d\nop_call_2:\t%d\nop_ret:\t%d\n", FIELD_OFFSET(SHELL_CODE,lib_name),
FIELD_OFFSET(SHELL_CODE,op_call_2),
FIELD_OFFSET(SHELL_CODE,op_ret));
/*
// Copy string to remote process address space
if (!WriteProcessMemory(hProcess, (LPVOID) ((DWORD) pRemote + 13), (PVOID) libName, sizeof(libName), NULL)) {
printf("Failed to write in remote process libName: %x\n", GetLastError());
goto exit;
}
DWORD tmp = (DWORD) pRemote + 18;
DWORD call_addr = procAddr - (DWORD) pRemote - 11;
printf("Call Addr: 0x%08x\n", call_addr);
DWORD call_addr2 = procAddr2 - (DWORD) pRemote - 16;
printf("Call Addr: 0x%08x\n", call_addr);
//pRemote+6 : call call_addr
// dest_addr = pRemote + 11 + call_addr = procAddr;
char code[] = {
0xcc, // int3
0x68, tmp & 0xff, tmp >> 8 & 0xff, tmp >> 16 & 0xff, tmp >> 24 & 0xff , // push
0xe8, call_addr & 0xff, call_addr >> 8 & 0xff, call_addr >> 16 & 0xff, call_addr >> 24 & 0xff , // call
0xe8, call_addr2 & 0xff, call_addr2 >> 8 & 0xff, call_addr2 >> 16 & 0xff, call_addr2 >> 24 & 0xff ,
0xcc,
0xc2, 0x04, // ret
};
*/
char code[256];
InitShellCode((PSHELL_CODE)code, (DWORD) pRemote, procAddr, procAddr2, libName);
__debugbreak();
LoadLibraryA(libName);
// Write inject code
if (!WriteProcessMemory(hProcess, pRemote, code, sizeof(code), NULL)) {
printf("Failed to write in remote process code: %x\n", GetLastError());
goto exit;
}
HANDLE hThread = CreateRemoteThread(
hProcess,
NULL,
0,
(LPTHREAD_START_ROUTINE) pRemote,
NULL,
0,
NULL
);
if(hThread == NULL) {
printf("Failed to CreateRemoteThread: %x\n", GetLastError());
return 1;
}
WaitForSingleObject(hThread, INFINITE);
exit:
printf("Freeing resources...\n");
if (pRemote)
VirtualFreeEx(hProcess, pRemote, 0, MEM_RELEASE);
if (hThread)
CloseHandle(hThread);
if (hProcess)
CloseHandle(hProcess);
getch();
return 0;
}
