wow64pp's Introduction

wow64pp

An easy to use header only heavens gate implementation based on wow64ext X64Call however not using inline assembly allowing it to work on other compilers like MinGW.

Quick reference

Wow64pp only exposes 3 functions 2 of which have exception based and error_code based counterparts.

#include "wow64pp.hpp"
// ...

// equivalent of GetModuleHandle
auto x64_ntdll_handle = wow64pp::module_handle("ntdll.dll"); 
// or wow64pp::module_handle("ntdll.dll", error_code);

// equivalent of GetProcAddress
auto x64_NtQueryVirtualMemory = wow64pp::import(x64_ntdll_handle, "NtQueryVirtualMemory"); 
// or wow64pp::import(x64_ntdll_handle, "NtQueryVirtualMemory", error_code);

// after getting the function address you can call it using wow64pp::call_function by passing its address
// as the first argument, with the function arguments following.
winapi::MEMORY_BASIC_INFORMATION64 memory_info;
std::uint64_t result_len;
auto ec = wow64pp::call_function(x64_NtQueryVirtualMemory, process_handle, address
				, 0, &memory_info, sizeof(memory_info), &result_len);

wow64pp's People

Contributors

Stargazers

Watchers

wow64pp's Issues

Memory leak on call_function

Hello, I found a memory leak on this line, whenever call_function is called it's allocate a new page, is missing an if or make the call after the declaration of the variable allocated_shellcode.

Fix:

static void* allocated_shellcode = nullptr;

if ( !allocated_shellcode )
{
    // MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE
    allocated_shellcode =
        VirtualAlloc(nullptr, sizeof( shellcode ), 0x00001000 | 0x00002000, 0x40);

    if ( !allocated_shellcode )
        detail::throw_last_error( 
        "VirtualAlloc failed to allocate memory for call_function shellcode" );
}

Alternative fix:

static void* allocated_shellcode = VirtualAlloc(nullptr, sizeof(shellcode), 0x00001000 | 0x00002000, 0x40);

Included in new project, redefinition errors.

Hey,
After including in new project, I get "GetModuleHandleA" redefinition errors.
Error codes C2371,C2733.
I solved it somehow in my other project but can't remember how.
Any ideas?

Some problems with dlls other than ntdll.dll

Hey,
Could you provide some info about hooking dlls other than ntdll.dll?
I used this lib in my other project(compiled in VS19), but now doing:
auto x64_ntdll_handle = wow64pp::module_handle("Kernel32.dll");
Return error that the library could not be loaded.
Any idea why?

Recommend Projects

justasmasiulis / wow64pp Goto Github PK

wow64pp's Introduction

wow64pp

Quick reference

wow64pp's People

Contributors

Stargazers

Watchers

Forkers

wow64pp's Issues

Memory leak on call_function

Included in new project, redefinition errors.

Some problems with dlls other than ntdll.dll

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent