From dd5c06def6cc296858acb0506f72401ea8ed8ae3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20R=C3=B8nne=20Petersen?= Date: Wed, 6 Jul 2022 06:58:46 +0200 Subject: [PATCH] Switch ruptura_main from stdcall to cdecl. We don't use CreateRemoteThread to invoke it directly, so using cdecl simplifies finding the symbol for 32-bit (no stdcall name mangling). Part of #5. --- src/injection/AssemblyInjector.cs | 1 + src/module/main.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/injection/AssemblyInjector.cs b/src/injection/AssemblyInjector.cs index edf5085..33de053 100644 --- a/src/injection/AssemblyInjector.cs +++ b/src/injection/AssemblyInjector.cs @@ -254,6 +254,7 @@ async Task InjectModuleAsync(string modulePath, nuint parameterArea, MemoryMappe asm.push(__dword_ptr[esp + 4]); asm.call(eax); + asm.add(esp, 4); asm.jmp(done); asm.Label(ref failure); diff --git a/src/module/main.h b/src/module/main.h index ea13311..e428d7b 100644 --- a/src/module/main.h +++ b/src/module/main.h @@ -11,4 +11,4 @@ typedef struct uint32_t main_thread_id; } ruptura_parameters; -__declspec(dllexport) uint32_t __stdcall ruptura_main(ruptura_parameters *nonnull parameters); +__declspec(dllexport) uint32_t ruptura_main(ruptura_parameters *nonnull parameters);