This commit is contained in:
DavidXanatos 2023-05-29 12:58:12 +02:00
parent ed66695ff3
commit 0293522888
3 changed files with 41 additions and 10 deletions

View File

@ -17,6 +17,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed A game can't be launched properly from "Run from Start Menu" [#2969](https://github.com/sandboxie-plus/Sandboxie/issues/2969)
- fixed drag and drop issue with Microsoft Excel data grid [9455e96](https://github.com/sandboxie-plus/Sandboxie/commit/9455e96a699cbc665f791e191f2a13bb40783ab0)
- additional feedback for other drag and drop scenarios can be provided in [#856](https://github.com/sandboxie-plus/Sandboxie/issues/856)
- fixed Regression: DLL loading problem (Entry Point Not Found) [#2980](https://github.com/sandboxie-plus/Sandboxie/issues/2980)

View File

@ -44,8 +44,8 @@
#define LDR_INJECT_SETTING_NAME L"InjectDll64"
#define LDR_HOST_INJECT_SETTING_NAME L"HostInjectDll64"
//#define LDR_INJECT_NUM_SAVE_BYTES 12
#define LDR_INJECT_NUM_SAVE_BYTES 19
#define LDR_INJECT_NUM_SAVE_BYTES 12
//#define LDR_INJECT_NUM_SAVE_BYTES 19
#else ! _WIN64
@ -772,13 +772,21 @@ _FX void Ldr_Inject_Init(BOOLEAN bHostInject)
entrypoint[1] = 0xB8;
*(ULONG_PTR *)(entrypoint + 2) = (ULONG_PTR)Ldr_Inject_Entry64;
entrypoint[10] = 0x48; // lea rcx, [rip - 0x11]
entrypoint[11] = 0x8d;
entrypoint[12] = 0x0d;
*(ULONG*)(entrypoint + 13) = -0x11;
// entrypoint[10] = 0xFF; // call rax
// entrypoint[11] = 0xD0;
entrypoint[17] = 0xFF; // jmp rax
entrypoint[18] = 0xE0;
// using 19 bytes breaks Antidote11
//entrypoint[10] = 0x48; // lea rcx, [rip - 0x11]
//entrypoint[11] = 0x8d;
//entrypoint[12] = 0x0d;
//*(ULONG*)(entrypoint + 13) = -0x11;
//
//entrypoint[17] = 0xFF; // jmp rax
//entrypoint[18] = 0xE0;
entrypoint[10] = 0xFF; // jmp rax
entrypoint[11] = 0xE0;
#else ! _WIN64
@ -797,6 +805,7 @@ _FX void Ldr_Inject_Init(BOOLEAN bHostInject)
//---------------------------------------------------------------------------
//_FX void Ldr_Inject_Entry(ULONG_PTR *pRetAddr)
_FX void* Ldr_Inject_Entry(ULONG_PTR *pPtr)
{
UCHAR *entrypoint;
@ -806,9 +815,18 @@ _FX void* Ldr_Inject_Entry(ULONG_PTR *pPtr)
// restore correct code sequence at the entrypoint
//
#ifdef _WIN64
//#ifdef _M_ARM64
// entrypoint = ((UCHAR *)*pRetAddr) - (LDR_INJECT_NUM_SAVE_BYTES - sizeof(ULONG_PTR)); // after blr comes the 64bit address
//#else
// entrypoint = ((UCHAR *)*pRetAddr) - LDR_INJECT_NUM_SAVE_BYTES;
//#endif
// *pRetAddr = (ULONG_PTR)entrypoint;
#ifdef _M_ARM64
entrypoint = (UCHAR*)pPtr;
#else
#elif _WIN64
// entrypoint = (UCHAR*)pPtr;
entrypoint = (UCHAR*)g_entrypoint;
#else // x86
entrypoint = ((UCHAR *)*pPtr) - LDR_INJECT_NUM_SAVE_BYTES;
*pPtr = (ULONG_PTR)entrypoint;
#endif

View File

@ -139,6 +139,16 @@ EXTERN Ldr_Inject_Entry : PROC
Ldr_Inject_Entry64 PROC
; ;
; ; Normally we would start with sub rsp,8+(4*8) but in this case
; ; we know the caller has not aligned the stack correctly
; ;
;
; sub rsp,8+8+(4*8)
; lea rcx,[rsp+8+8+(4*8)] ; setup pRetAddr parameter
; call Ldr_Inject_Entry
; add rsp,8+8+(4*8)
sub rsp,8+(4*8)
call Ldr_Inject_Entry
mov rdx, rax
@ -157,6 +167,8 @@ Ldr_Inject_Entry64 PROC
cld
rep stosq
; ret
jmp rdx
Ldr_Inject_Entry64 ENDP