[Main] Optimize entrypoint

This commit is contained in:
momo5502 2017-05-30 23:34:52 +02:00
parent eb71cf0ae8
commit 86491a7372

View File

@ -2,8 +2,6 @@
namespace Main namespace Main
{ {
Utils::Hook EntryPointHook;
void SetEnvironment() void SetEnvironment()
{ {
wchar_t exeName[512]; wchar_t exeName[512];
@ -17,8 +15,6 @@ namespace Main
void Initialize() void Initialize()
{ {
Main::EntryPointHook.uninstall();
Main::SetEnvironment(); Main::SetEnvironment();
Utils::Cryptography::Initialize(); Utils::Cryptography::Initialize();
Components::Loader::Initialize(); Components::Loader::Initialize();
@ -44,6 +40,20 @@ namespace Main
Utils::Cache::Uninitialize(); Utils::Cache::Uninitialize();
google::protobuf::ShutdownProtobufLibrary(); google::protobuf::ShutdownProtobufLibrary();
} }
__declspec(naked) void EntryPoint()
{
__asm
{
pushad
call Main::Initialize
popad
push 6BAC14h // Continue init routine
push 6CA062h // ___security_init_cookie
retn
}
}
} }
BOOL APIENTRY DllMain(HMODULE /*hModule*/, DWORD ul_reason_for_call, LPVOID /*lpReserved*/) BOOL APIENTRY DllMain(HMODULE /*hModule*/, DWORD ul_reason_for_call, LPVOID /*lpReserved*/)
@ -73,21 +83,8 @@ BOOL APIENTRY DllMain(HMODULE /*hModule*/, DWORD ul_reason_for_call, LPVOID /*l
//VirtualProtect(module, 0x6C73000, PAGE_EXECUTE_READWRITE, &oldProtect); // Unprotect the entire process //VirtualProtect(module, 0x6C73000, PAGE_EXECUTE_READWRITE, &oldProtect); // Unprotect the entire process
VirtualProtect(module + 0x1000, 0x2D6000, PAGE_EXECUTE_READ, &oldProtect); // Protect the .text segment VirtualProtect(module + 0x1000, 0x2D6000, PAGE_EXECUTE_READ, &oldProtect); // Protect the .text segment
Main::EntryPointHook.initialize(0x6BAC0F, [] () // Install entry point hook
{ Utils::Hook(0x6BAC0F, Main::EntryPoint, HOOK_JUMP).install()->quick();
__asm
{
pushad
// This has to be called, otherwise the hook is not uninstalled and we're looping into infinity
call Main::Initialize
popad
push 6BAC0Fh
retn
}
})->install();
} }
else if (ul_reason_for_call == DLL_PROCESS_DETACH) else if (ul_reason_for_call == DLL_PROCESS_DETACH)
{ {