extern "C" __declspec(dllexport) void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO*)
{
try {
TRACED_HOOK_HANDLE globalallochook(new HOOK_TRACE_INFO());
LhInstallHook(GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlAllocateHeap"), MyRtlAllocateHeap, NULL, globalallochook);
ULONG ulTidList[1] = {};
LhSetExclusiveACL(ulTidList, 0, globalallochook);
g_vApiHookHandles.push_back(globalallochook);
// Wakeup the suspended process...
RhWakeUpProcess();
} catch (...) {
::OutputDebugStringW(L"Faultron: NativeInjectionEntryPoint() exception.");
RemoveAllApiHooks();
}
}
// exported function for EasyHook remote hooking
EXTERN_C __declspec(dllexport) void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* remote_info)
{
// the process is created suspended, wake it up
RhWakeUpProcess();
}
