-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add mod fixing wow64 FS redirection in PPEE (#332)
- Loading branch information
1 parent
dcffa1c
commit 94f657f
Showing
1 changed file
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
// ==WindhawkMod== | ||
// @id lm-ppee-wow64 | ||
// @name Fix PPEE Wow64 filesystem redirection | ||
// @description Disables Wow64 filesystem redirection when loading a file in PPEE | ||
// @version 1.0 | ||
// @author Mark Jansen | ||
// @github https://github.com/learn-more | ||
// @twitter https://twitter.com/learn_more | ||
// @include ppee.exe | ||
// ==/WindhawkMod== | ||
|
||
// ==WindhawkModReadme== | ||
/* | ||
# Fix Wow64 filesystem redirection for PPEE | ||
When loading a file from `C:\Windows\System32`, PPEE would automatically be redirected to `C:\Windows\SysWOW64`. | ||
This mod disables that redirection, so that the correct file is loaded. | ||
## Before: | ||
![before](https://i.imgur.com/pJx8oPy.png) | ||
## After: | ||
![after](https://i.imgur.com/DBmkYJe.png) | ||
*/ | ||
// ==/WindhawkModReadme== | ||
|
||
template<typename ProtoType> | ||
BOOL Wh_SetFunctionHookT(ProtoType targetFunction, ProtoType hookFunction, ProtoType* originalFunction) | ||
{ | ||
return Wh_SetFunctionHook((void*)targetFunction, (void*)hookFunction, (void**)originalFunction); | ||
} | ||
|
||
static PBYTE g_PPEE_Address; | ||
|
||
using CreateFileW_t = decltype(&CreateFileW); | ||
CreateFileW_t CreateFileW_Original; | ||
HANDLE __stdcall CreateFileW_Hook(LPCWSTR lpFileName, | ||
DWORD dwDesiredAccess, | ||
DWORD dwShareMode, | ||
LPSECURITY_ATTRIBUTES lpSecurityAttributes, | ||
DWORD dwCreationDisposition, | ||
DWORD dwFlagsAndAttributes, | ||
HANDLE hTemplateFile) { | ||
Wh_Log(L"%s", lpFileName); | ||
|
||
PVOID Cookie = NULL; | ||
BOOL fRestore = Wow64DisableWow64FsRedirection(&Cookie); | ||
|
||
HANDLE hFile = CreateFileW_Original(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); | ||
|
||
if (fRestore) | ||
Wow64RevertWow64FsRedirection(Cookie); | ||
|
||
return hFile; | ||
} | ||
|
||
BOOL Wh_ModInit() | ||
{ | ||
Wh_Log(L"Init " WH_MOD_ID L" version " WH_MOD_VERSION); | ||
g_PPEE_Address = (PBYTE)GetModuleHandleW(NULL); | ||
Wh_SetFunctionHookT(CreateFileW, CreateFileW_Hook, &CreateFileW_Original); | ||
return TRUE; | ||
} |