Test MMPP multiple initialization

Author: bb107

MemoryModule/Initialize.cpp

@@ -12,7 +12,7 @@ PMMP_GLOBAL_DATA MmpGlobalDataPtr;
 BOOLEAN MmpBuildSectionName(_Out_ PUNICODE_STRING SectionName) {
 	WCHAR buffer[128];
 
-	wsprintfW(buffer, L"\\Sessions\\%d\\BaseNamedObjects\\MMPP%d", NtCurrentPeb()->SessionId, (unsigned int)NtCurrentProcessId());
+	swprintf(buffer, L"\\Sessions\\%d\\BaseNamedObjects\\MMPP*%08X", NtCurrentPeb()->SessionId, (unsigned int)NtCurrentProcessId());
 	return RtlCreateUnicodeString(SectionName, buffer);
 }
 

a/a.vcxproj

@@ -172,6 +172,7 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="load.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h" />
@@ -183,6 +184,11 @@
     <None Include="binary1.bin" />
     <None Include="m.def" />
   </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\MemoryModule\MemoryModule.vcxproj">
+      <Project>{5b1f46db-036e-4a50-af5f-f5d6584d42c6}</Project>
+    </ProjectReference>
+  </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>

a/a.vcxproj.filters

@@ -18,6 +18,9 @@
     <ClCompile Include="dllmain.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="load.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h">

a/load.cpp

@@ -0,0 +1,50 @@
+#include "../MemoryModule/stdafx.h"
+#include <cstdio>
+
+static PVOID ReadDllFile(LPCSTR FileName) {
+    LPVOID buffer;
+    size_t size;
+    FILE* f = fopen(FileName, "rb");
+    if (!f)return 0;
+    _fseeki64(f, 0, SEEK_END);
+    if (!(size = _ftelli64(f))) {
+        fclose(f);
+        return 0;
+    }
+    _fseeki64(f, 0, SEEK_SET);
+    fread(buffer = new char[size], 1, size, f);
+    fclose(f);
+    return buffer;
+}
+
+int __stdcall test_user32() {
+    HMODULE hModule;
+    NTSTATUS status;
+    PVOID buffer = ReadDllFile("C:\\Windows\\System32\\user32.dll");
+    if (!buffer) return 0;
+
+    hModule = GetModuleHandleA("user32.dll");
+    if (hModule)return 0;
+
+    status = LdrLoadDllMemoryExW(
+        &hModule,                               // ModuleHandle
+        nullptr,                                // LdrEntry
+        0,                                      // Flags
+        buffer,                                 // Buffer
+        0,                                      // Reserved
+        L"user32.dll",                          // DllBaseName
+        L"C:\\Windows\\System32\\user32.dll"    // DllFullName
+    );
+    if (NT_SUCCESS(status) && status != STATUS_IMAGE_MACHINE_TYPE_MISMATCH) {
+
+        auto _MessageBoxW = (decltype(&MessageBoxW))GetProcAddress(hModule, "MessageBoxW");
+        _MessageBoxW(nullptr, L"Hello, from memory user32!", L"Caption", MB_OK);
+
+        //
+        // After calling MessageBox, we can't free it.
+        // 
+        //LdrUnloadDllMemory(hModule);
+    }
+
+    return 0;
+}

a/m.def

@@ -4,3 +4,4 @@ test = __test__
 thread
 Socket = ws2_32.WSASocketW
 VerifyTruse = wintrust.WinVerifyTrust
+test_user32

test/test.cpp

@@ -18,110 +18,26 @@ static PVOID ReadDllFile(LPCSTR FileName) {
     return buffer;
 }
 
-int test_a_dll() {
-    LPVOID buffer = ReadDllFile("a.dll");
-
-    HMEMORYMODULE m1 = nullptr, m2 = m1;
-    HMODULE hModule = nullptr;
-    FARPROC pfn = nullptr;
-    DWORD MemoryModuleFeatures = 0;
-
-    typedef int(*_exception)(int code);
-    _exception exception = nullptr;
-    HRSRC hRsrc;
-    DWORD SizeofRes;
-    HGLOBAL gRes;
-    char str[10];
-
-    LdrQuerySystemMemoryModuleFeatures(&MemoryModuleFeatures);
-    if (MemoryModuleFeatures != MEMORY_FEATURE_ALL) {
-        printf("not support all features on this version of windows.\n");
-    }
-
-    if (!NT_SUCCESS(LdrLoadDllMemoryExW(&m1, nullptr, 0, buffer, 0, L"kernel64", nullptr))) goto end;
-    LoadLibraryW(L"wininet.dll");
-    if (!NT_SUCCESS(LdrLoadDllMemoryExW(&m2, nullptr, 0, buffer, 0, L"kernel128", nullptr))) goto end;
-
-    //forward export
-    hModule = (HMODULE)m1;
-    pfn = (decltype(pfn))(GetProcAddress(hModule, "Socket")); //ws2_32.WSASocketW
-    pfn = (decltype(pfn))(GetProcAddress(hModule, "VerifyTruse")); //wintrust.WinVerifyTrust
-    hModule = (HMODULE)m2;
-    pfn = (decltype(pfn))(GetProcAddress(hModule, "Socket"));
-    pfn = (decltype(pfn))(GetProcAddress(hModule, "VerifyTruse"));
-
-    //exception
-    hModule = (HMODULE)m1;
-    exception = (_exception)GetProcAddress(hModule, "exception");
-    if (exception) {
-        for (int i = 0; i < 5; ++i)exception(i);
-    }
-
-    //tls
-    pfn = GetProcAddress(hModule, "thread");
-    if (pfn && pfn()) {
-        printf("thread test failed.\n");
-    }
-
-    //resource
-    if (!LoadStringA(hModule, 101, str, 10)) {
-        printf("load string failed.\n");
-    }
-    else {
-        printf("%s\n", str);
-    }
-    if (!(hRsrc = FindResourceA(hModule, MAKEINTRESOURCEA(102), "BINARY"))) {
-        printf("find binary resource failed.\n");
-    }
-    else {
-        if ((SizeofRes = SizeofResource(hModule, hRsrc)) != 0x10) {
-            printf("invalid res size.\n");
-        }
-        else {
-            if (!(gRes = LoadResource(hModule, hRsrc))) {
-                printf("load res failed.\n");
-            }
-            else {
-                if (!LockResource(gRes))printf("lock res failed.\n");
-                else {
-                    printf("resource test success.\n");
-                }
-            }
-        }
-    }
-
-end:
-    delete[]buffer;
-    if (m1)LdrUnloadDllMemory(m1);
-    FreeLibrary(LoadLibraryW(L"wininet.dll"));
-    FreeLibrary(GetModuleHandleW(L"wininet.dll"));
-    if (m2)LdrUnloadDllMemory(m2);
-
-    return 0;
-}
-
-int test_user32() {
+int test() {
     HMODULE hModule;
     NTSTATUS status;
-    PVOID buffer = ReadDllFile("C:\\Windows\\System32\\user32.dll");
+    PVOID buffer = ReadDllFile("a.dll");
     if (!buffer) return 0;
 
-    hModule = GetModuleHandleA("user32.dll");
-    if (hModule)return 0;
-
     status = LdrLoadDllMemoryExW(
         &hModule,                               // ModuleHandle
         nullptr,                                // LdrEntry
         0,                                      // Flags
         buffer,                                 // Buffer
         0,                                      // Reserved
-        L"user32.dll",                          // DllBaseName
-        L"C:\\Windows\\System32\\user32.dll"    // DllFullName
+        L"a.dll",                               // DllBaseName
+        L"C:\\Windows\\System32\\a.dll"         // DllFullName
     );
     if (NT_SUCCESS(status) && status != STATUS_IMAGE_MACHINE_TYPE_MISMATCH) {
 
-        auto _MessageBoxW = (decltype(&MessageBoxW))GetProcAddress(hModule, "MessageBoxW");
-        _MessageBoxW(nullptr, L"Hello, from memory user32!", L"Caption", MB_OK);
+        typedef int(__stdcall* func)();
+        func test_user32 = (func)GetProcAddress(hModule, "test_user32");
+        test_user32();
 
         //
         // After calling MessageBox, we can't free it.
@@ -133,6 +49,6 @@ int test_user32() {
 }
 
 int main() {
-    test_a_dll();
+    test();
     return 0;
 }