bb107 / memorymodulepp Goto Github PK

View Code? Open in Web Editor NEW

327.0 13.0 95.0 928 KB

MemoryModule which compatible with Win32 API and support exception handling

License: MIT License

C++ 68.43% C 31.57%

memorymodule exception-handling

memorymodulepp's People

Stargazers

Watchers

Forkers

fengjixuchui qazwar 5l1v3r1 isa10years wbaby fiappy hadesangel dbsod layerfsd sjhgithub bb33bb showmethemoney2022 k3v1n1990s songbei6 hymeca cloutain csky6688 yyq453 q251995379 yangatc wghub zhangshuangjun ibinary6 secmlberry iamkin honshow fantasyboy crackercat fysu fadinglr veryblack xengpro playday3008 khchen gavz msf-ntdll log4she11 devbabygo gindeles beyondcy hotkeyit fcccode paud icyfox168168 httese jackwolail yax571 nicelnicel zrzppp 593749519 idigger xtayaitak standardgalactic jorthmb deeplon luciouskami wdnmd-rushb vn-os asdlei99 classic130 longf2011 helloloey baby-233 sulijiang icls1337 yeah9782 mrzaxaryan goldimpact showgirl008 a1ex0n tsinworks webstorage119 orwhite-y mrale98 iulove wam1314lml peerlesszhu 01hub pusheip woer1234 laster-dev realmadaha xmduke massayu diktamen window1979 afengsoft anizuchen iamasbcx liadkeller peter-zheng-sp win-polyfill 365drm ggpabuk

memorymodulepp's Issues

问问咋编译的

你添加的 comment 命令
#ifdef _WIN64 #pragma comment(linker,"/export:LdrUnloadDllMemoryAndExitThread") #pragma comment(linker,"/export:FreeLibraryMemoryAndExitThread=LdrUnloadDllMemoryAndExitThread") #else #pragma comment(linker,"/export:LdrUnloadDllMemoryAndExitThread=_NtUnloadDllMemoryAndExitThread@8") #pragma comment(linker,"/export:FreeLibraryMemoryAndExitThread=_NtUnloadDllMemoryAndExitThread@8") #endif
编译的时候老这里报错

这句static PVOID _LdrpReleaseTlsEntry_ = (PVOID)~0，我不太懂什么意思

你好我使用的是在MmpTls之前的版本。也就是这个版本：ae8b8368d0e5a5ccd44508472b87164089c18087

程序在执行RtlFindLdrpReleaseTlsEntry在这里直接返回了STATUS_NOT_SUPPORTED，连下面的特征码都没有搜索。

请问一下这个有什么办法可以解决吗，谢谢。

无论加载任何dll，一旦执行这个VirtualAccessCheck就会报错 STATUS_ACCESS_VIOLATION，注释掉之后工作正常

无论我加载任何dll，一旦执行这个VirtualAccessCheck就会报错 STATUS_ACCESS_VIOLATION

于是我尝试注释掉，无论如何返回True

这样做了之后一切工作正常

我不太清楚这个问题发生的原因希望能修复吧

被加载 dll 报错：系统找不到指定的文件

问题复现如下：

从 http://jacquelin.potier.free.fr/HeliumHexEditor 下载64位版，解压将其中的 HexControl64.dll 改为 HexControl64_orig.dll.

然后编译自己的 HexControl64.dll从内存加载HexControl64_orig.dll，主要程序如下：

#include <windows.h>

#define RETTYPE __int64
#define CREATEHEXCONTROLOBJECT "CreateHexControlObject"
#define DESTROYHEXCONTROLOBJECT "DestroyHexControlObject"

typedef RETTYPE (*CreateHexControlObject_t)();
typedef RETTYPE (*DestroyHexControlObject_t)();

CreateHexControlObject_t OrigCreateHexControlObject = NULL;
DestroyHexControlObject_t OrigDestroyHexControlObject = NULL;

void LoadOrigDll()
{
  size_t DllSize;
  PVOID lpDll = ReadDllFile("HexControl64_orig.dll", &DllSize);
  do {
     CHAR currPath[MAX_PATH+1];
     GetCurrentDirectory(MAX_PATH, currPath);
     HMODULE m = LoadLibraryMemoryExA(lpDll, 0, NULL, currPath, 0);
     OrigCreateHexControlObject = (CreateHexControlObject_t)GetProcAddress(m, CREATEHEXCONTROLOBJECT);
     OrigDestroyHexControlObject = (DestroyHexControlObject_t)GetProcAddress(m, DESTROYHEXCONTROLOBJECT);
  } while (0);
}

extern "C" __declspec(dllexport) RETTYPE CreateHexControlObject()
{
	RETTYPE r = 0;
	if (OrigCreateHexControlObject == NULL) {
		LoadOrigDll();
	}
	if (OrigCreateHexControlObject)
		r = OrigCreateHexControlObject();
	return r;
}

extern "C" __declspec(dllexport) RETTYPE DestroyHexControlObject()
{
	RETTYPE r = 0;
	if (OrigDestroyHexControlObject == NULL) {
		LoadOrigDll();
	}
	if (OrigDestroyHexControlObject)
		r = OrigDestroyHexControlObject();
	return r;
}

BOOL WINAPI DllMain(
    HINSTANCE hinstDLL,
    DWORD fdwReason,
    LPVOID lpReserved )
{
    switch( fdwReason ) 
    { 
        case DLL_PROCESS_ATTACH:
            break;
        case DLL_THREAD_ATTACH:
            break;
        case DLL_THREAD_DETACH:
            break;
        case DLL_PROCESS_DETACH:
            break;
    }
    return TRUE;
}

运行程序 HeliumHexEditor64.exe 后HexControl64_orig.dll加载成功，但弹窗报错，关闭报错窗口可继续使用。

使用 MemoryModule 或 RDI 方法加载不会报错，但程序不稳定，启动10次会出现几次crash。

麻烦帮忙看看是哪里的问题造成的。

另外：LoadLibraryMemoryExA 的参数 Flag 没有传递给 LoadLibraryMemoryExW

Cannot load user32.dll

Hi, I've successfully loaded ntdll.dll, kernel32.dll, advapi32.dll. However I've failed to load both user32.dll and ole32.dll (all x64).
I'd like to ask whether or not is known limitation.

My environment:
Windows x64 19042

Crash!!!

test.exe a normal exe with not use mmpp
i comment this line:// const NTSTATUS Initializer = Initialize();
a.dll build with mmpp static libirary,export loaddll func
void loaddll()
{
Initialize();
mmload("b.dll");
}

b.dll is a normal dll

test.exe
void main()
{
hmodule hmod=loadlibrary(a.dll)
call hmod.loaddll();
call freelibrary(hmod);
//now everything is ok!

while(true)
{
sleep(1000);
}
}

a few moment ,the test.exe will crash!!!

两层内存加载情况下，Win7程序不能运行（MemoryModule -> MemoryModulePP binary -> APP binary）

两层内存加载情况下，Win7下多线程程序不能运行，创建线程就会崩溃，单线程程序正常；多线程程序在Win10下正常

加载顺序：MemoryModule(https://github.com/fancycode/MemoryModule) -> MemoryModulePP binary -> APP binary

跟踪代码发现MmpTLS.cpp->MmpUserThreadStart中的auto size = CONTAINING_RECORED(record->TlspLdrBlock, TLS_VERCTOR, ModuleTlsData)->Length;获取到的size不正常，值为大数，但Win10中其是正常的

MemoryModulePP的API使用的LoadLibraryMemory

同时我注释掉了以下代码，以下代码会直接崩溃
auto tls = CONTAINING_RECORD(NtCurrentTeb()->ThreadLocalStoragePointer, TLS_VECTOR, TLS_VECTOR::ModuleTlsData);
if (tls && tls->Length > MMP_START_TLS_INDEX) {
RtlRaiseStatus(STATUS_NOT_SUPPORTED);
return FALSE;
}

一些崩溃

首先在mmpTlsFiber中出现了崩溃

在注释掉mmpTlsFiber初始化代码 MmpTlsFiberInitialize();和MmpQueuePostponedTls(record); 代码后多次尝试后出现了崩溃

我再想办法弄个测试dll出来。。。。

作者厉害！原版的加载我的dll有问题，用你这个成功了，不过运行一段时间后断言失败

if (MmpGlobalDataPtr->MmpTls->MmpTlsList.Flink != &MmpGlobalDataPtr->MmpTls->MmpTlsList) { assert(NtCurrentTeb()->ThreadLocalStoragePointer == nullptr); }

file: MmpTls , line:378

不知道啥原因

不能识别通过loadlibrary加载的dll，存在重复加载

现象描述：
我先用loadlibrary加载一个dll，然后再用LdrLoadDllMemoryExW加载同样的dll，LdrLoadDllMemoryExW没有办法识别已经加载过的loadlibrary，无法对dll引用进行自增，而是重复执行dll加载代码。

无法识别的代码段：
函数位置LdrLoadDllMemoryExW->MapMemoryModuleHandle
具体代码：pModule->Signature != MEMORY_MODULE_SIGNATURE和pModule->codeBase != (LPBYTE)hModule都为true，导致返回结果为nullptr

在32位下，使用项目自带测试程序不成功

OS：Win11 22H2 64为
编译环境：VS2022

编译32位时报错，报错函数_RtlCompareMemory(Utils.cpp)

请问是什么原因呀？

导入表是否可以采用内存加载

发现导入表的dll同样是采用LoadLibrary加载的，是否可以指定部分依赖的dll也采用内存加载？

在调用枚举摄像头设备的dll时出现奇怪的崩溃

崩溃堆栈如下，看着像是延迟加载dll导致的。

刚开机得时候没有问题，过一段时间后只要调用就崩溃。

奇怪得是把枚举摄像头得代码单独拎出来测试又没有问题。在把MmpGlobalDataPtr改成(PMMP_GLOBAL_DATA)RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, 0x2000);的方式后会较高概率出现崩溃。
出现崩溃时会发现有两次dll_thread_attach如下
DLL_PROCESS_ATTACH
DLL_THREAD_ATTACH
DLL_THREAD_ATTACH
001
crash
正常情况是
DLL_PROCESS_ATTACH
DLL_THREAD_ATTACH
001
002
....
DLL_THREAD_ATTACH
DLL_THREAD_DETACH
DLL_PROCESS_DETACH

采用系统LoadLibrary或通过特征码获取LdrpHandleTlsData得方式都没有问题。
枚举摄像头的代码如下

#include <atlbase.h>
#include <dshow.h>
#pragma comment(lib, "strmiids.lib")

#define SAFE_RELEASECOM( x )
if ( NULL != (x) )
{
(x)->Release();
(x) = NULL;
}
BOOL RunThread()
{
ICreateDevEnum* pCreateDevEnum = nullptr;
ICaptureGraphBuilder2* pBuilder = nullptr;
IBaseFilter* pVCap = nullptr;
IAMStreamConfig* pVSC = nullptr;
if (CoInitialize(nullptr) != S_OK)
{
return FALSE;
}
HRESULT hr = CoCreateInstance((REFCLSID)CLSID_CaptureGraphBuilder2,
nullptr, CLSCTX_INPROC, (REFIID)IID_ICaptureGraphBuilder2,
reinterpret_cast<void**>(&pBuilder));
hr = CoCreateInstance(CLSID_SystemDeviceEnum, nullptr, CLSCTX_INPROC_SERVER, IID_ICreateDevEnum, reinterpret_cast<void**>(&pCreateDevEnum));
if (hr != NOERROR)
{
return FALSE;
}
IEnumMoniker* pEm = nullptr;
hr = pCreateDevEnum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &pEm, 0);
if (hr != NOERROR)
{
return FALSE;
}
pEm->Reset();
ULONG cFetched = 0;

IMoniker* pMoniker = nullptr;
int index = -1;
while (hr = pEm->Next(1, &pMoniker, &cFetched), hr == S_OK)
{
    index++;
    IPropertyBag* pBag;
    hr = pMoniker->BindToStorage(nullptr, nullptr, IID_IPropertyBag, reinterpret_cast<void**>(&pBag));
    if (hr != S_OK)
    {
        continue;
    }
    VARIANT var;
    VariantInit(&var);
    var.vt = VT_BSTR;
    hr = pBag->Read(L"FriendlyName", &var, nullptr);
    if (hr == NOERROR)
    {
	VariantClear(&var);
    }
    SAFE_RELEASECOM(pBag);
    printf("001\n");
    hr = pMoniker->BindToObject(nullptr, nullptr, IID_IBaseFilter, reinterpret_cast<void**>(&pVCap));
    if (hr != S_OK)
    {
        continue;
    }
    printf("002\n");
    hr = pBuilder->FindInterface(&PIN_CATEGORY_CAPTURE, &MEDIATYPE_Video,
        pVCap, IID_IAMStreamConfig, reinterpret_cast<void**>(&pVSC));
    if (hr != S_OK)
    {
        hr = pBuilder->FindInterface(&PIN_CATEGORY_PREVIEW, &MEDIATYPE_Video,
            pVCap, IID_IAMStreamConfig, reinterpret_cast<void**>(&pVSC));
    }
    if (hr != S_OK)
    {
        continue;
    }
    printf("003\n");
    int iCount = 0, iSize = 0;
    hr = pVSC->GetNumberOfCapabilities(&iCount, &iSize);
    if (hr == S_OK && iSize == sizeof(VIDEO_STREAM_CONFIG_CAPS))
    {
        for (int iFormat = 0; iFormat < iCount; iFormat++)
        {
            VIDEO_STREAM_CONFIG_CAPS scc;
            AM_MEDIA_TYPE* pmtConfig = nullptr;
            hr = pVSC->GetStreamCaps(iFormat, &pmtConfig, reinterpret_cast<BYTE*>(&scc));
            if (hr != S_OK)
            {
                continue;
            }
            if (HEADER(pmtConfig->pbFormat)->biWidth != 0 && HEADER(pmtConfig->pbFormat)->biHeight != 0)
            {
                printf("OK\n");
            }
        }
    }
}
return TRUE;

}

extern "C" __declspec(dllexport)
BOOL test2()
{
std::thread* pThread = new std::thread(RunThread);
pThread->join();
delete pThread;
return FALSE;
}

Crash Crash Crash Crash Crash Crash

Service process crash with system permissions.
X86 process running on win11 [10.0.22621.2361]
100% probability of crashing during startup

RtlInitUnicodeString(&us, buffer);
InitializeObjectAttributes(&oa, &us, 0, nullptr, nullptr);

li.QuadPart = 0x1000;
ServiceMessageBox("MmpAllocateGlobalData", "MmpAllocateGlobalData   2222222222222222222", MB_ICONERROR, TRUE);
status = NtCreateSection(         //fail
	&hSection,
	SECTION_ALL_ACCESS,
	&oa,
	&li,
	PAGE_READWRITE,
	SEC_COMMIT,
	nullptr
);

Causing the following code to crash.....

// Allocate memory for image headers
if (MmpGlobalDataPtr== 0)  //null   pointer
	ServiceMessageBox("MemoryLoadLibrary", "MemoryLoadLibrary   fffffffffffffffffffffffffffff MmpGlobalDataPtr == 0)", MB_ICONERROR, TRUE);


size_t alignedHeadersSize = (DWORD)AlignValueUp(old_header->OptionalHeader.SizeOfHeaders + sizeof(MEMORYMODULE), MmpGlobalDataPtr->SystemInfo.dwPageSize);          //Crash
if (alignedHeadersSize == 0)

程序静态链接该库后，程序内的LoadLibraryW调用会引发崩溃

Win11 32位程序下：

静态链接MemoryModulePP
启动程序
程序中调用 LoadLibraryExW 加载 dll （CoreFoundation.dll）
程序崩溃

注释掉 const NTSTATUS Initializer = Initialize(); 后能正常调用Win32的LoadLibrary

Go编译的DLL无法加载

Go编译出来的DLL无法使用MemoryModulePP加载，如果我使用LoadLibrary()是可以正常加载DLL的。
在使用MemoryModulePP加载DLL的时候，始终无法通过校验和验证，最终加载失败。

我做了简单的尝试，直接在此处跳过了校验和验证，是可以使用MemoryModulePP加载DLL的并调用函数。
是否可以考虑增加跳过校验和验证的选项。

附加文件：
godll.zip

加载_运行_释放_再加载_再运行，有很大几率报错：帧不在模块中

代码结构如下：
while(true)
{
...
LdrLoadDllMemoryExW(...);
func = (FUNCW)GetProcAddress(...);
func();
LdrUnloadDllMemory(...);
}
调试跟踪，首次运行均正常，循环后再次运行func()有很大几率报错“帧不在模块中”，但有较低几率执行正常

链接器选项 /DYNAMICBASE:NO 引发的崩溃

如果内存加载使用了链接器选项 /DYNAMICBASE:NO 编译后的DLL,会引发崩溃，可以在示例a.dll上复现。
经过调查后是以下原因导致的：
如果此行条件未成立。base变量此时依旧为nullptr，status变量为 STATUS_SUCCESS，条件不足以返回，后续代码对base 变量操作时引发崩溃。

根据我了解到的信息，屏蔽此行条件判断，直接分配，DLL是可以正常加载的。

Win7 SP1 64 位下处理C++ 异常会导致奔溃

void Test()
{
MessageBox(NULL, TEXT("memory module load successfuly."), TEXT("info"), MB_ICONINFORMATION);

PCHAR	p = NULL;
__try{
	*p = '0';
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
	MessageBox(NULL, TEXT("exception 1"), TEXT("info"), MB_ICONINFORMATION);
}

}
这个Test()异常能正常处理

void Test2()
{
std::string str("foo");
try {
str.at(10); // access element, may throw std::out_of_range
}
catch (const std::out_of_range& e) {
// what() is inherited from std::exception and contains an explanatory message
MessageBox(NULL, TEXT("exception 2"), TEXT("info"), MB_ICONINFORMATION);
}
}
Win7 SP1 64 位下内存加载64位DLL 处理C++ 异常Test2()会导致奔溃跟踪是在 RtlpWaitOnCriticalSection 这个函数

TargetDll_x64.zip

好像不能加载user32.dll

如题，加载user32.dll DLL_PROCESS_ATTACH失败，能找到函数，但会报访问无效地址的错误

想用之前没有MmpTls的版本来加载版本号为21H1的win10

最新的版本依赖很多HOOK来达到处理tls相关函数的效果。
我使用HOOK会有问题，想用之前没有MmpTls的版本来在win10 21H1平台下的dll。

是不是我只需要补充LdrpHandleTlsData的特征码就能达到我想要的效果了。谢谢。

帧不在模块中

C++11 thread_local

Hi,
I integrated this great library into our application and we got an error when this application creates a C++11 thread.
The callstack starts from last line of MmpUserThreadStart() and ends a thread_local variable reference. The variable is a simple pointer to a structure what is newed before the first usage of the pointer. The program did not use the MMPP api at this early stage just want to create some background threads. Without linking MMPP, no issue w the thread creation.
Does the lib MMPP support C++11 thread_local?

关于从内存加载 sciter.dll 的问题

问一下，https://github.com/c-smile/sciter-js-sdk 项目的 sciter.dll 能否从内存中加载？
我试了一下，加载后运行失败了。

主要把sciter-x-api.h中的以下部分代码改成从内存加载

`#elif defined(WINDOWS)

inline ISciterAPI* _SAPI( ISciterAPI* ext ) {
   static ISciterAPI* _api = NULL;
   if( ext ) _api = ext;
   if( !_api )
   {
      HMODULE hm = LoadLibrary( TEXT("sciter.dll") );
      if(hm) {
        SciterAPI_ptr sciterAPI = (SciterAPI_ptr) GetProcAddress(hm, "SciterAPI");
        if( sciterAPI ) {
          _api = sciterAPI();
          //#if defined(__cplusplus) && !defined(PLAIN_API_ONLY)
          //              tiscript::ni( _api->TIScriptAPI() );
          //#endif
        } else {
          FreeLibrary(hm);
        }

      }
   }
   assert(_api);
   if( !_api ) {
     //::MessageBox(NULL, TEXT("Sciter engine not found, quiting"),TEXT("Error"),MB_OK);
     exit(-1);
   }
   return _api;
}

#elif defined(OSX)
`

加载最新版sciter.dll崩溃STATUS_ACCESS_VIOLATION错

最新版 sciter.dll(v5.0.3.13) 用 mmpp 加载崩溃 STATUS_ACCESS_VIOLATION 错，v5.0.3.13版之前的均可正常加载。

不知这一版开始有了什么变化。

dll下载连接 https://gitlab.com/sciter-engine/sciter-js-sdk/-/blob/main/bin/windows/x32/sciter.dll?ref_type=heads

用最新提交的 mmpp 加载也不行。
__LdrLoadDllMemoryExW 崩溃 STATUS_ACCESS_VIOLATION

int main() {
    size_t len = 0;
    PVOID buffer = ReadDllFile2("MemoryModule.dll", &len);
    printf("1: %p, %u\n", buffer, len);
    HMODULE hm = (HMODULE)LoadLibraryWithReflectiveLoader( buffer, len );
    printf("2: hm: %p\n", hm);

    //MmpGlobalDataPtr = *(PMMP_GLOBAL_DATA*)GetProcAddress(hm, "MmpGlobalDataPtr");
    //printf("3: %p\n", MmpGlobalDataPtr);
    __LdrLoadDllMemoryExW = (LdrLoadDllMemoryExW_t)GetProcAddress(hm, "LdrLoadDllMemoryExW");
    __LdrUnloadDllMemory = (LdrUnloadDllMemory_t)GetProcAddress(hm, "LdrUnloadDllMemory");
    printf("4: %p, %p\n", __LdrLoadDllMemoryExW, __LdrUnloadDllMemory);

    VirtualFree(buffer, len, MEM_RELEASE);
    buffer = ReadDllFile2("sciter50313.dll", &len);
    printf("5: %p, %u\n", buffer, len);

    HMODULE hm1 = NULL;
    NTSTATUS res = __LdrLoadDllMemoryExW(&hm1, NULL, LOAD_FLAGS_NOT_FAIL_IF_HANDLE_TLS, buffer, 0, NULL, NULL);

    printf("6: res: %x, hm1: %p\n", res, hm1);
    
    //DisplayStatus();

    return 0;
}

上面 ReadDllFile2 中内存是用 VirtualAlloc(0, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE) 分配的。

错误日志

故障存储段 2115915853192506159，类型 1
事件名称: APPCRASH
响应: 不可用
Cab ID: 0

问题签名:
P1: loader_mmpp_from_mem.exe
P2: 0.0.0.0
P3: 00000000
P4: 3752B4E99BA4A6F1.DLL
P5: 0.0.0.0
P6: 66843965
P7: c0000005
P8: 000059e4
P9: 
P10:

上面测试程序可以正常加载 5.0.3.13版之前的 sciter.dll

麻烦大侠看看能否解决一下，多谢了。

一些错误

Utils 的RtlFindMemoryBlockFromModuleSection函数--SearchContext->RemainingLength;这个代码应该放到if外边否则第二次查找的时候就可能内存越界崩溃了。LdrHashEntry计算函数和RtlFindLdrTableEntryByBaseName查找函数的计算方式是个经验值在一些系统是不适用的

Loading a protected DLL

I'm testing loading a dll proteted with Themida using your MemoryModule project.
I protected the a.dll that comes with the project, when i try to load it the code fail at this line: status = STATUS_NO_MEMORY;

		//
		// Allocate and copy sections
		//
		PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(new_header);
		for (DWORD i = 0; i < new_header->FileHeader.NumberOfSections; ++i, ++section) {

			DWORD size = AlignValueUp(
				section->Misc.VirtualSize,
				new_header->OptionalHeader.SectionAlignment
			);
			if (size < section->SizeOfRawData) {
				status = STATUS_INVALID_IMAGE_FORMAT;
				break;
			}

			LPVOID dest = VirtualAlloc(
				(LPSTR)new_header->OptionalHeader.ImageBase + section->VirtualAddress,
				size,
				MEM_COMMIT,
				PAGE_READWRITE
			);
			if (!dest) {
				status = STATUS_NO_MEMORY;  // <---- failed here
				break;
			}

			if (section->SizeOfRawData) {
				RtlCopyMemory(
					dest,
					LPBYTE(data) + section->PointerToRawData,
					section->SizeOfRawData
				);
			}

		}

It does fail in the latest section, could you please, help debug this?

SetUnhandledExceptionFilter异常未处理

被调用的程序如果使用了SetUnhandledExceptionFilter来处理异常。用MemoryModulePP来加载后，相应的回调是无法触发的。

是否可以添加反初始化

目前mmptls的实现默认会初始化并hook
如果是dll的话需要在卸载的时候unload所有dll并且清理掉hook
如果可以自己主动调用初始化和反初始化就好了

when dll memory loadlibrary dll will be crash!

1.the test.exe memload a.dll
2.a.dll compile with memorymodulepp.lib
3.in a.dll dllmain DLL_PROCESS_ATTACH memload b.dll

if use test.exe memlod b.dll it's ok!
but use test.exe memload a.dll,in a.dll memload b.dll will crash in test.exe call a.dllmain

I comment //static const BOOL MmpStaticInitializer = MmpInitialize();
then call MmpInitialize before LdrLoadDllMemoryExW
the a.dll load successful, but a.dll call MmpInitialize crash
auto tls = CONTAINING_RECORD(NtCurrentTeb()->ThreadLocalStoragePointer, TLS_VECTOR, TLS_VECTOR::ModuleTlsData);
if (tls && tls->Length > MMP_START_TLS_INDEX) {
RtlRaiseStatus(STATUS_NOT_SUPPORTED);-->crash here
return FALSE;
}

[Feature Request] DLL releases?

Currently, I see that MemoryModulePP has no releases.
Also, it is only built as a static library (.lib).

There are use cases where a .dll of MemoryModulePP might be preferred, such as bootstrapping MemoryModulePP from a less powerful .dll loader.

32位模式内存加载CoreFoundation失败

崩溃位置

加载CoreFoundation

项目链接

https://github.com/Tsinworks/MemoryModulePP/tree/ic

测试数据 https://github.com/Tsinworks/MemoryModulePP/tree/ic/test/data

Feature : .Net CLR Inititlaiztion

This library is the best pe loader I've found thanks for your contribution, I was just thinking it would be great if you add .net support, I have not so much information but I know before loading .net dlls with export clr.dll gets initialized, It should be possible to add it to the MMPP, It will be great if you can implement it.

Thanks

帧不在模块中

一个用ue打包成的c++ dll(a.dll) 直接加载在执行到LdrpCallInitializers时会报”帧不在模块中“。经测试不是tls处理的问题----注释掉处理tls的代码采用直接获取LdrpHandleTlsData指针调用报同样错误。
另一个问题如下
a.dll是依赖b.dll的（b.dll是可以内存加载成功）
首先修改MemoryModoule文件240行 VirtualAlloc(LPVOID(old_header->OptionalHeader.ImageBase),......)修改为 VirtualAlloc(NULL,......)
内存加载b.dll
内存加载a.dll 在进行到MemoryResolveImportTable函数的时候GetProcAddress获取b.dll的函数有很高概率返回空错误码126

Crash after working some time.

Hi, thank you for your great job.
I compile MemoryModulePP to MemoryModulePP.dll
I have host.exe that is dynamically linked with MemoryModulePP.dll
Host.exe loads plugin.dll from byte[] using MemoryModulePP
App crash with Fail Fast exception after working for some time.

可以用来注入其他进程吗

想问下，如何使用这个来实现注入dll到指定进程

TLS in libraries loaded with LoadLibrary is broken when using MemoryModulePP

The following modification of the test program crashes for me in Thread() when accessing x

#include "../MemoryModule/stdafx.h"
#include <cstdio>

int main() {
    typedef int(WINAPI* func)();

    auto native = LoadLibraryW(L"a.dll");
    func f = (func)GetProcAddress(native, "thread");
    printf("thread result %d\n", f());

    return 0;
}

This is run against an unchanged "a.dll" built as part of the project.