diff --git a/CHANGELOG.md b/CHANGELOG.md index f733d938..3ce0c854 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - fixed A game can't be launched properly from "Run from Start Menu" [#2969](https://github.com/sandboxie-plus/Sandboxie/issues/2969) - fixed drag and drop issue with Microsoft Excel data grid [9455e96](https://github.com/sandboxie-plus/Sandboxie/commit/9455e96a699cbc665f791e191f2a13bb40783ab0) - additional feedback for other drag and drop scenarios can be provided in [#856](https://github.com/sandboxie-plus/Sandboxie/issues/856) +- fixed Regression: DLL loading problem (Entry Point Not Found) [#2980](https://github.com/sandboxie-plus/Sandboxie/issues/2980) diff --git a/Sandboxie/core/dll/ldr_init.c b/Sandboxie/core/dll/ldr_init.c index 64252b41..292a49c9 100644 --- a/Sandboxie/core/dll/ldr_init.c +++ b/Sandboxie/core/dll/ldr_init.c @@ -44,8 +44,8 @@ #define LDR_INJECT_SETTING_NAME L"InjectDll64" #define LDR_HOST_INJECT_SETTING_NAME L"HostInjectDll64" -//#define LDR_INJECT_NUM_SAVE_BYTES 12 -#define LDR_INJECT_NUM_SAVE_BYTES 19 +#define LDR_INJECT_NUM_SAVE_BYTES 12 +//#define LDR_INJECT_NUM_SAVE_BYTES 19 #else ! _WIN64 @@ -772,13 +772,21 @@ _FX void Ldr_Inject_Init(BOOLEAN bHostInject) entrypoint[1] = 0xB8; *(ULONG_PTR *)(entrypoint + 2) = (ULONG_PTR)Ldr_Inject_Entry64; - entrypoint[10] = 0x48; // lea rcx, [rip - 0x11] - entrypoint[11] = 0x8d; - entrypoint[12] = 0x0d; - *(ULONG*)(entrypoint + 13) = -0x11; +// entrypoint[10] = 0xFF; // call rax +// entrypoint[11] = 0xD0; - entrypoint[17] = 0xFF; // jmp rax - entrypoint[18] = 0xE0; + // using 19 bytes breaks Antidote11 + + //entrypoint[10] = 0x48; // lea rcx, [rip - 0x11] + //entrypoint[11] = 0x8d; + //entrypoint[12] = 0x0d; + //*(ULONG*)(entrypoint + 13) = -0x11; + // + //entrypoint[17] = 0xFF; // jmp rax + //entrypoint[18] = 0xE0; + + entrypoint[10] = 0xFF; // jmp rax + entrypoint[11] = 0xE0; #else ! _WIN64 @@ -797,6 +805,7 @@ _FX void Ldr_Inject_Init(BOOLEAN bHostInject) //--------------------------------------------------------------------------- +//_FX void Ldr_Inject_Entry(ULONG_PTR *pRetAddr) _FX void* Ldr_Inject_Entry(ULONG_PTR *pPtr) { UCHAR *entrypoint; @@ -806,9 +815,18 @@ _FX void* Ldr_Inject_Entry(ULONG_PTR *pPtr) // restore correct code sequence at the entrypoint // -#ifdef _WIN64 +//#ifdef _M_ARM64 +// entrypoint = ((UCHAR *)*pRetAddr) - (LDR_INJECT_NUM_SAVE_BYTES - sizeof(ULONG_PTR)); // after blr comes the 64bit address +//#else +// entrypoint = ((UCHAR *)*pRetAddr) - LDR_INJECT_NUM_SAVE_BYTES; +//#endif +// *pRetAddr = (ULONG_PTR)entrypoint; +#ifdef _M_ARM64 entrypoint = (UCHAR*)pPtr; -#else +#elif _WIN64 + // entrypoint = (UCHAR*)pPtr; + entrypoint = (UCHAR*)g_entrypoint; +#else // x86 entrypoint = ((UCHAR *)*pPtr) - LDR_INJECT_NUM_SAVE_BYTES; *pPtr = (ULONG_PTR)entrypoint; #endif diff --git a/Sandboxie/core/dll/util_64.asm b/Sandboxie/core/dll/util_64.asm index ac85143f..ca8127e2 100644 --- a/Sandboxie/core/dll/util_64.asm +++ b/Sandboxie/core/dll/util_64.asm @@ -139,6 +139,16 @@ EXTERN Ldr_Inject_Entry : PROC Ldr_Inject_Entry64 PROC +; ; +; ; Normally we would start with sub rsp,8+(4*8) but in this case +; ; we know the caller has not aligned the stack correctly +; ; +; +; sub rsp,8+8+(4*8) +; lea rcx,[rsp+8+8+(4*8)] ; setup pRetAddr parameter +; call Ldr_Inject_Entry +; add rsp,8+8+(4*8) + sub rsp,8+(4*8) call Ldr_Inject_Entry mov rdx, rax @@ -157,6 +167,8 @@ Ldr_Inject_Entry64 PROC cld rep stosq +; ret + jmp rdx Ldr_Inject_Entry64 ENDP