void AddLoaderEntry(Core hProc, string imageName, ulong moduleHandle)
{
log.Log(LogType.Normal, $"Linking {imageName}({moduleHandle.ToString("x2")}) to module list");
var imagePath = Exts.FindDll(imageName) ?? imageName;
var listBase = hProc.GetLoaderData().InLoadOrderModuleList;
var lastEntry = hProc.Read <WinAPI._LDR_DATA_TABLE_ENTRY>((IntPtr)listBase.Blink);
var allocatedDllPath = (ulong)hProc.AllocateAndWriteBytes(Encoding.Unicode.GetBytes(imagePath));
// CRAFT CUSTOM LOADER ENTRY
var fileName = Path.GetFileName(imagePath);
WinAPI._LDR_DATA_TABLE_ENTRY myEntry = new WinAPI._LDR_DATA_TABLE_ENTRY()
{
InLoadOrderLinks = new WinAPI._LIST_ENTRY()
{
Flink = lastEntry.InLoadOrderLinks.Flink,
Blink = listBase.Flink
},
InMemoryOrderLinks = lastEntry.InMemoryOrderLinks,
InInitializationOrderLinks = lastEntry.InInitializationOrderLinks,
DllBase = moduleHandle,
EntryPoint = 0,
SizeOfImage = (ulong)MappedRawImages[imageName].Length,
FullDllName = new WinAPI.UNICODE_STRING(imagePath)
{
Buffer = allocatedDllPath
},
BaseDllName = new WinAPI.UNICODE_STRING(fileName)
{
Buffer = allocatedDllPath + (ulong)imagePath.IndexOf(fileName) * 2 /*WIDE CHAR*/
},
Flags = lastEntry.Flags,
LoadCount = lastEntry.LoadCount,
TlsIndex = lastEntry.TlsIndex,
Reserved4 = lastEntry.Reserved4,
CheckSum = lastEntry.CheckSum,
TimeDateStamp = lastEntry.TimeDateStamp,
EntryPointActivationContext = lastEntry.EntryPointActivationContext,
PatchInformation = lastEntry.PatchInformation,
ForwarderLinks = lastEntry.ForwarderLinks,
ServiceTagLinks = lastEntry.ServiceTagLinks,
StaticLinks = lastEntry.StaticLinks,
};
// ALLOCATE AND WRITE OUR MODULE ENTRY
var newEntryPointer = hProc.AllocateAndWriteBytes(Exts.GetBytes(myEntry));
// SET LAST LINK IN InLoadOrderLinks CHAIN TO POINT TO OUR ENTRY
lastEntry.InLoadOrderLinks.Flink = (ulong)newEntryPointer;
hProc.Write(lastEntry, (IntPtr)listBase.Blink);
}
