-
Notifications
You must be signed in to change notification settings - Fork 0
/
hooks.cpp
32 lines (25 loc) · 995 Bytes
/
hooks.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#include "hooks.h"
#include <Windows.h>
#include <Shlwapi.h>
#include <string>
extern fpLoadLibraryExW origFunc;
HMODULE WINAPI hooked_LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
{
// Store original LoadLibrary return value
HMODULE retval = origFunc(lpLibFileName, hFile, dwFlags);
// If the library doesn't have this exported, don't bother dumping
// NOTE: Could also check the DOS stub for the "VLV" characters, todo?
if (!GetProcAddress(retval, "_runfunc@20"))
{
return retval;
}
wchar_t filename[MAX_PATH] = { 0 }; // Empty string buffer
wcscpy_s(filename, lpLibFileName); // Copy full path to buffer (hopefully it's not bigger than MAX_PATH!)
PathStripPath(filename); // Strip the path, just leave the filename
// Crafting the new path
std::wstring newpath = L"C:\\DumpoMode\\"; // Hard-coded path right now
newpath.append(filename);
// Copy the file to the new location
CopyFile(lpLibFileName, newpath.c_str(), FALSE);
return retval;
}