void Main_DoInit() { // unprotect our entire PE image HMODULE hModule; if (SUCCEEDED(GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)Main_DoInit, &hModule))) { Main_UnprotectModule(hModule); } InitBridge(); // return to the original EP memcpy(originalEP, &originalCode, sizeof(originalCode)); __asm jmp originalEP }
void Main_DoInit() { // unprotect our entire PE image HMODULE hModule; if (SUCCEEDED(GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)Main_DoInit, &hModule))) { Main_UnprotectModule(hModule); } if (GetProcAddress(GetModuleHandle("kernel32.dll"), "InitializeSRWLock")) { LoadLibrary("gdimm_32.dll"); } Sys_Init(); // return to the original EP memcpy(originalEP, &originalCode, sizeof(originalCode)); __asm jmp originalEP }
void Main_SetSafeInit() { // find the entry point for the executable process, set page access, and replace the EP HMODULE hModule = GetModuleHandle(NULL); // passing NULL should be safe even with the loader lock being held (according to ReactOS ldr.c) if (hModule) { PIMAGE_DOS_HEADER header = (PIMAGE_DOS_HEADER)hModule; PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD)hModule + header->e_lfanew); Main_UnprotectModule(hModule); // back up original code PBYTE ep = (PBYTE)((DWORD)hModule + ntHeader->OptionalHeader.AddressOfEntryPoint); memcpy(originalCode, ep, sizeof(originalCode)); // patch to call our EP int newEP = (int)Main_DoInit - ((int)ep + 5); ep[0] = 0xE9; // for some reason this doesn't work properly when run under the debugger memcpy(&ep[1], &newEP, 4); originalEP = ep; } }