From b33b197e65103cd0a31be4f6e10839a25b3620e6 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Tue, 24 Sep 2019 08:35:18 +0200 Subject: support additional DLL search directories for LoadLibrary through user_data --- MemDriverLib/PatternScanner.cpp | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) (limited to 'MemDriverLib') diff --git a/MemDriverLib/PatternScanner.cpp b/MemDriverLib/PatternScanner.cpp index 0bfc7e5..e9514f6 100644 --- a/MemDriverLib/PatternScanner.cpp +++ b/MemDriverLib/PatternScanner.cpp @@ -24,14 +24,34 @@ bool map_file_loadlib(MODULE_DATA& module, PVOID * const buffer, { HMODULE hMod; struct loadlib_user_data * const user_data = (struct loadlib_user_data * const) user_ptr; + std::vector dir_cookies; if (user_data) { - for (auto& searchDir : user_data->additionalDllSearchDirectories) { - AddDllDirectory(std::wstring(searchDir.begin(), searchDir.end()).c_str()); + if (user_data->additionalDllSearchDirectories.size() == 1) { + SetDllDirectoryA(user_data->additionalDllSearchDirectories[0].c_str()); + } + else { + for (auto& searchDir : user_data->additionalDllSearchDirectories) { + dir_cookies.push_back(AddDllDirectory(std::wstring(searchDir.begin(), + searchDir.end()).c_str())); + } + if (!SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_USER_DIRS)) { + return false; + } } } hMod = LoadLibraryA(module.FullDllPath); + + if (user_data) { + if (dir_cookies.size() > 1) { + SetDllDirectoryA(""); + } else + for (auto& searchDir : dir_cookies) { + RemoveDllDirectory(searchDir); + } + } + if (!hMod) { *buffer = NULL; *size = 0; @@ -148,7 +168,7 @@ bool PatternScanner::Scan(MODULE_DATA& module, const char * const pattern) if (nBytes >= ntHeader->OptionalHeader.SizeOfImage) break; - + std::cout << "Sec: " << secHeader->Name << std::endl; virtualSize = secHeader->VirtualAddress; secHeader++; -- cgit v1.2.3