Last active
August 16, 2023 12:26
-
-
Save m417z/8450d0ac93dc813d4d6e51074ae5743d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ==WindhawkMod== | |
// @id -windhawk-load-symbols-self-fix | |
// @name Windhawk load symbols self fix | |
// @description Fix Windhawk symbol loading for 32-bit apps | |
// @version 0.1 | |
// @author m417z | |
// @include * | |
// @architecture x86 | |
// ==/WindhawkMod== | |
// ==WindhawkModReadme== | |
/* | |
# Windhawk load symbols self fix | |
A temporary fix until a new version is released. The name starts with a dash to | |
make the mod loaded first. | |
*/ | |
// ==/WindhawkModReadme== | |
bool fix() { | |
WCHAR path[MAX_PATH]; | |
GetModuleFileName(GetModuleHandle(L"windhawk.dll"), path, ARRAYSIZE(path)); | |
wcscpy(path + wcslen(path) - (sizeof("windhawk.dll") - 1), | |
L"symsrv_windhawk.dll"); | |
HMODULE symsrvModule = LoadLibrary(path); | |
if (!symsrvModule) { | |
return false; | |
} | |
size_t rva = 0x150E9; | |
BYTE* address = (BYTE*)symsrvModule + rva; | |
BYTE original[] = {0x85, 0xC0, 0x0F, 0x95, 0xC0, 0x5E, 0x5D, 0xC2}; | |
if (memcmp(address, original, sizeof(original)) != 0) { | |
return false; | |
} | |
// 83C4 14 | add esp,14 | |
// 5E | pop esi | |
// 5D | pop ebp | |
// C2 0800 | ret 8 | |
BYTE patch[] = {0x83, 0xC4, 0x14, 0x5E, 0x5D, 0xC2, 0x08, 0x00}; | |
DWORD dwOldProtect; | |
VirtualProtect(address, sizeof(patch), PAGE_EXECUTE_READWRITE, | |
&dwOldProtect); | |
memcpy(address, patch, sizeof(patch)); | |
VirtualProtect(address, sizeof(patch), dwOldProtect, &dwOldProtect); | |
return true; | |
} | |
BOOL Wh_ModInit() { | |
Wh_Log(L"Init " WH_MOD_ID L" version " WH_MOD_VERSION); | |
fix(); | |
return TRUE; | |
} | |
void Wh_ModUninit() { | |
Wh_Log(L"Uninit"); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment