Keep loaddll running after the DLL is loaded

See x64dbg#3294
qq3337 · Jan 6, 2024 · 399b19f · 399b19f
1 parent 9c07d82
commit 399b19f
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 13 deletions.
diff --git a/src/loaddll/loaddll.cpp b/src/loaddll/loaddll.cpp
@@ -1,12 +1,32 @@
-#include <windows.h>
+#include <Windows.h>
 
-wchar_t szLibraryPath[512];
+#include <stdio.h>
 
-int main()
+static wchar_t szLibraryPath[512];
+
+extern "C"
+NTSTATUS
+NTAPI
+RtlGetLastNtStatus(
+    VOID
+);
+
+#ifdef _WIN64
+#pragma comment(lib, "..\\dbg\\ntdll\\ntdll_x64.lib")
+#else
+#pragma comment(lib, "..\\dbg\\ntdll\\ntdll_x86.lib")
+#endif // _WIN64
+
+int WinMain(
+    HINSTANCE hInstance,
+    HINSTANCE hPrevInstance,
+    LPSTR     lpCmdLine,
+    int       nShowCmd
+)
 {
-    wchar_t szName[256];
-    wsprintfW(szName, L"Local\\szLibraryName%X", (unsigned int)GetCurrentProcessId());
-    HANDLE hMapFile = OpenFileMappingW(FILE_MAP_READ, false, szName);
+    wchar_t szTemp[256];
+    swprintf_s(szTemp, L"Local\\szLibraryName%X", (unsigned int)GetCurrentProcessId());
+    HANDLE hMapFile = OpenFileMappingW(FILE_MAP_READ, false, szTemp);
     if(hMapFile)
     {
         const wchar_t* szLibraryPathMapping = (const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath));
@@ -17,7 +37,25 @@ int main()
         }
         CloseHandle(hMapFile);
     }
-    if(szLibraryPath[0])
-        return (LoadLibraryW(szLibraryPath) != NULL);
-    return 0;
+
+    if(szLibraryPath[0] == L'\0')
+    {
+        // NOTE: No MessageBoxW here on purpose (enables DLL sideloading)
+        return RtlGetLastNtStatus();
+    }
+
+    HINSTANCE hDll = LoadLibraryW(szLibraryPath);
+    if(hDll == nullptr)
+    {
+        auto lastStatus = RtlGetLastNtStatus();
+        swprintf_s(szTemp, L"Failed to load DLL", GetLastError());
+        MessageBoxW(0, szLibraryPath, szTemp, MB_ICONERROR | MB_SYSTEMMODAL);
+        return lastStatus;
+    }
+    else
+    {
+        swprintf_s(szTemp, L"DLL loaded: 0x%p", hDll);
+        MessageBoxW(0, szLibraryPath, szTemp, MB_ICONINFORMATION | MB_SYSTEMMODAL);
+        return EXIT_SUCCESS;
+    }
 }
diff --git a/src/loaddll/loaddll.vcxproj b/src/loaddll/loaddll.vcxproj
@@ -94,12 +94,13 @@
     <Link>
       <TargetMachine>MachineX86</TargetMachine>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
+      <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalManifestDependencies>
       </AdditionalManifestDependencies>
       <LargeAddressAware>true</LargeAddressAware>
+      <DelayLoadDLLs>user32.dll</DelayLoadDLLs>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
@@ -112,11 +113,12 @@
     <Link>
       <TargetMachine>MachineX86</TargetMachine>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
+      <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalManifestDependencies>
       </AdditionalManifestDependencies>
+      <DelayLoadDLLs>user32.dll</DelayLoadDLLs>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -128,11 +130,12 @@
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
+      <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalManifestDependencies>
       </AdditionalManifestDependencies>
+      <DelayLoadDLLs>user32.dll</DelayLoadDLLs>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -144,11 +147,12 @@
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
+      <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalManifestDependencies>
       </AdditionalManifestDependencies>
+      <DelayLoadDLLs>user32.dll</DelayLoadDLLs>
     </Link>
   </ItemDefinitionGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />