guidedhacking
diff --git a/‎GH Injector Library/Error.h‎
Lines changed: 1 addition & 0 deletions b/‎GH Injector Library/Error.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎GH Injector Library/FakeVEH WOW64.cpp‎
Lines changed: 103 additions & 116 deletions b/‎GH Injector Library/FakeVEH WOW64.cpp‎
Lines changed: 103 additions & 116 deletions
diff --git a/‎GH Injector Library/FakeVEH.cpp‎
Lines changed: 208 additions & 176 deletions b/‎GH Injector Library/FakeVEH.cpp‎
Lines changed: 208 additions & 176 deletions
diff --git a/‎GH Injector Library/GH Injector Library.aps‎
556 Bytes b/‎GH Injector Library/GH Injector Library.aps‎
556 Bytes
diff --git a/‎GH Injector Library/GH Injector Library.rc‎
Lines changed: 4 additions & 4 deletions b/‎GH Injector Library/GH Injector Library.rc‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎GH Injector Library/GH Injector Library.vcxproj‎
Lines changed: 1 addition & 1 deletion b/‎GH Injector Library/GH Injector Library.vcxproj‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎GH Injector Library/Injection Generic.cpp‎
Lines changed: 6 additions & 4 deletions b/‎GH Injector Library/Injection Generic.cpp‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎GH Injector Library/Manual Mapping.cpp‎
Lines changed: 30 additions & 8 deletions b/‎GH Injector Library/Manual Mapping.cpp‎
Lines changed: 30 additions & 8 deletions
diff --git a/‎GH Injector Library/NT Defs.h‎
Lines changed: 1 addition & 0 deletions b/‎GH Injector Library/NT Defs.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎GH Injector Library/NT Funcs.h‎
Lines changed: 6 additions & 6 deletions b/‎GH Injector Library/NT Funcs.h‎
Lines changed: 6 additions & 6 deletions
@@ -148,6 +148,7 @@
 #define SR_NTCTE_ERR_SHELLCODE_SETUP_FAIL	0x1010000B	//shellcode					: - 					: argument passed to the shellcode is 0
 #define SR_NTCTE_ERR_RPM_FAIL				0x1010000C	//ReadProcessMemory			: win32 error			: reading the results of the shellcode failed
 #define SR_NTCTE_ERR_CANT_FIND_THREAD		0x1010000D	//internal error			: -						: ProcessInfo class failed to resolve information about the new thread
+#define SR_NTCTE_ERR_NTQIT_FAIL				0x1010000E	//NtQueryInformationThread	: NTSTATUS				: failed to get THREAD_BASIC_INFORMATION
 
 
 ///////////////
 
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,5,0,0
- PRODUCTVERSION 4,5,0,0
+ FILEVERSION 4,6,0,0
+ PRODUCTVERSION 4,6,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,10 +69,10 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Guided Hacking"
             VALUE "FileDescription", "Injection library of the GH Injector"
-            VALUE "FileVersion", "4.5.0.0"
+            VALUE "FileVersion", "4.6.0.0"
             VALUE "LegalCopyright", "Broihon (C) 1987 - 2035"
             VALUE "ProductName", "GH Injection Library"
-            VALUE "ProductVersion", "4.5.0.0"
+            VALUE "ProductVersion", "4.6.0.0"
         END
     END
     BLOCK "VarFileInfo"
 
@@ -22,7 +22,7 @@
     <VCProjectVersion>15.0</VCProjectVersion>
     <ProjectGuid>{AC732425-E265-40FF-842F-C59CECE9A96C}</ProjectGuid>
     <RootNamespace>GHInjectorLibrary</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.20348.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 
@@ -331,20 +331,22 @@ DWORD __declspec(code_seg(".inj_sec$1")) __stdcall InjectionShell(INJECTION_DATA
 				return INJ_ERR_LDRP_PREPROCESS_FAILED;
 			}
 
-			ULONG_PTR unknown = 0;
+			NTSTATUS nt_out = 0;
 
 			if (pData->OSBuildNumber >= g_Win11_21H2) //Win11 prototype has an additional argument
 			{
 				auto _LdrpLoadDllInternal = ReCa<f_LdrpLoadDllInternal_WIN11>(f->LdrpLoadDllInternal);
-				pData->LastError = _LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &unknown, 0);
+				_LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &nt_out, 0);
 			}
 			else
 			{
-				pData->LastError = f->LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &unknown);
+				f->LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &nt_out);
 			}
 
-			if (NT_FAIL(pData->LastError))
+			if (NT_FAIL(nt_out))
 			{
+				pData->LastError = (DWORD)nt_out;
+
 				return INJ_ERR_LDRPLDLLINTERNAL_FAILED;
 			}
 		}
 
@@ -447,7 +447,7 @@ __forceinline NTSTATUS LoadModule(MANUAL_MAPPING_DATA * pData, MANUAL_MAPPING_FU
 			DeleteObject(f, pModPathW);
 			DeleteObject(f, ModNameW->szBuffer);
 			DeleteObject(f, ModNameW);
-
+			
 			return ntRet;
 		}
 
@@ -470,16 +470,14 @@ __forceinline NTSTATUS LoadModule(MANUAL_MAPPING_DATA * pData, MANUAL_MAPPING_FU
 			ctx->OriginalFullDllName = ModNameW->szBuffer;
 		}
 
-		ULONG_PTR unknown3 = 0;
-
 		if (pData->OSBuildNumber >= g_Win11_21H2)
 		{
 			auto _LdrpLoadDllInternal = ReCa<f_LdrpLoadDllInternal_WIN11>(f->LdrpLoadDllInternal);
-			ntRet = _LdrpLoadDllInternal(&pModPathW->String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &unknown3, 0);
+			_LdrpLoadDllInternal(&pModPathW->String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &ntRet, 0);
 		}
 		else
 		{
-			ntRet = f->LdrpLoadDllInternal(&pModPathW->String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &unknown3);
+			f->LdrpLoadDllInternal(&pModPathW->String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &ntRet);
 		}
 
 		DeleteObject(f, ctx);
@@ -817,6 +815,7 @@ DWORD __declspec(code_seg(".mmap_sec$1")) __stdcall ManualMapping_Shell(MANUAL_M
 			veh_shell_data->ImgBase		= ReCa<ULONG_PTR>(pBase);
 			veh_shell_data->ImgSize		= pOptionalHeader->SizeOfImage;
 			veh_shell_data->OSVersion	= pData->OSVersion;
+
 			veh_shell_data->_LdrpInvertedFunctionTable	= f->LdrpInvertedFunctionTable;
 			veh_shell_data->_LdrProtectMrdata			= f->LdrProtectMrdata;
 
@@ -945,6 +944,18 @@ DWORD __declspec(code_seg(".mmap_sec$1")) __stdcall ManualMapping_Shell(MANUAL_M
 
 			if (NT_FAIL(ntRet))
 			{
+				if (ntRet == STATUS_APISET_NOT_HOSTED)
+				{
+					++pImportDescr;
+
+					if (pImportDescr >= ReCa<IMAGE_IMPORT_DESCRIPTOR *>(pBase + pImportDir->VirtualAddress + pImportDir->Size))
+					{
+						break;
+					}
+
+					continue;
+				}
+
 				//unable to load required library
 				ErrorBreak = true;
 				break;
@@ -1046,12 +1057,23 @@ DWORD __declspec(code_seg(".mmap_sec$1")) __stdcall ManualMapping_Shell(MANUAL_M
 		while (pDelayImportDescr && pDelayImportDescr->DllNameRVA)
 		{
 			char * szMod = ReCa<char *>(pBase + pDelayImportDescr->DllNameRVA);
-			
 			HINSTANCE hDll = NULL;
 			ntRet = LoadModule(pData, f, szMod, &hDll, &delay_imports);
 
 			if (NT_FAIL(ntRet))
 			{
+				if (ntRet == STATUS_APISET_NOT_HOSTED)
+				{
+					++pDelayImportDescr;
+
+					if (pDelayImportDescr >= ReCa<IMAGE_DELAYLOAD_DESCRIPTOR *>(pBase + pDelayImportDir->VirtualAddress + pDelayImportDir->Size))
+					{
+						break;
+					}
+
+					continue;
+				}
+
 				ErrorBreak = true;
 				break;
 			}
@@ -1217,9 +1239,9 @@ DWORD __declspec(code_seg(".mmap_sec$1")) __stdcall ManualMapping_Shell(MANUAL_M
 		bool partial = true;
 
 #ifdef _WIN64
-		if (veh_shell_fixed)
+		if (veh_shell_fixed) //really needed for x64?
 		{
-			//register VEH shell to fill handler list
+			//register VEH shell to fill SEH handler list
 			pData->hVEH = f->RtlAddVectoredExceptionHandler(0, ReCa<PVECTORED_EXCEPTION_HANDLER>(pVEHShell));
 		}
 #endif
 
@@ -30,6 +30,7 @@
 #define STATUS_UNSUCCESSFUL			0xC0000001
 #define STATUS_NOT_IMPLEMENTED		0xC0000002
 #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
+#define STATUS_APISET_NOT_HOSTED	0xC0000481
 
 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
 
 
@@ -160,7 +160,7 @@ using f_LdrpLoadDll = NTSTATUS (__fastcall *)
 	LDR_DATA_TABLE_ENTRY		**	ldr_out
 );
 
-using f_LdrpLoadDllInternal = NTSTATUS (__fastcall *)
+using f_LdrpLoadDllInternal = VOID (__fastcall *)
 (
 	UNICODE_STRING				*	dll_path, 
 	LDRP_PATH_SEARCH_CONTEXT	*	search_path,
@@ -169,10 +169,10 @@ using f_LdrpLoadDllInternal = NTSTATUS (__fastcall *)
 	LDR_DATA_TABLE_ENTRY_WIN10	*	Unknown1,	//set to nullptr
 	LDR_DATA_TABLE_ENTRY_WIN10	*	Unknown2,	//set to nullptr
 	LDR_DATA_TABLE_ENTRY_WIN10	**	ldr_out,
-	ULONG_PTR					*	Unknown3	//set to pointer to nullptr
+	NTSTATUS					*	ntRet
 );
 
-using f_LdrpLoadDllInternal_WIN11 = NTSTATUS (__fastcall *)
+using f_LdrpLoadDllInternal_WIN11 = VOID (__fastcall *)
 (
 	UNICODE_STRING				*	dll_path, 
 	LDRP_PATH_SEARCH_CONTEXT	*	search_path,
@@ -181,7 +181,7 @@ using f_LdrpLoadDllInternal_WIN11 = NTSTATUS (__fastcall *)
 	LDR_DATA_TABLE_ENTRY_WIN11	*	Unknown1,	//set to nullptr
 	LDR_DATA_TABLE_ENTRY_WIN11	*	Unknown2,	//set to nullptr
 	LDR_DATA_TABLE_ENTRY_WIN11	**	ldr_out,
-	ULONG_PTR					*	Unknown3,	//set to pointer to nullptr
+	NTSTATUS					*	ntRet,
 	ULONG							Unknown4	//set to 0
 );
 
@@ -476,9 +476,9 @@ using f_LdrpTlsList					= LIST_ENTRY *;
 using f_RtlpUnhandledExceptionFilter	= ULONG_PTR *; //encrypted with RtlEncodePointer, points to kernel32.UnhandledExceptionFilter
 
 //kernel32.dll:
-using f_UnhandledExceptionFilter		= ULONG_PTR *; //PTOP_LEVEL_EXCEPTION_FILTER 
+using f_UnhandledExceptionFilter		= ULONG_PTR *; //PTOP_LEVEL_EXCEPTION_FILTER
 using f_SingleHandler					= ULONG_PTR *; //encrypted with RtlEncodePointer, points to kernel32.DefaultHandler
-using f_DefaultHandler					= ULONG_PTR *; //PTOP_LEVEL_EXCEPTION_FILTER 
+using f_DefaultHandler					= ULONG_PTR *; //PTOP_LEVEL_EXCEPTION_FILTER
 
 #pragma endregion
Original file line number	Diff line number	Diff line change
`@@ -331,20 +331,22 @@ DWORD __declspec(code_seg(".inj_sec$1")) __stdcall InjectionShell(INJECTION_DATA`
`331`	`331`	`return INJ_ERR_LDRP_PREPROCESS_FAILED;`
`332`	`332`	`}`
`333`	`333`
`334`		`- ULONG_PTR unknown = 0;`
	`334`	`+ NTSTATUS nt_out = 0;`
`335`	`335`
`336`	`336`	`if (pData->OSBuildNumber >= g_Win11_21H2) //Win11 prototype has an additional argument`
`337`	`337`	`{`
`338`	`338`	`auto _LdrpLoadDllInternal = ReCa<f_LdrpLoadDllInternal_WIN11>(f->LdrpLoadDllInternal);`
`339`		`- pData->LastError = _LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &unknown, 0);`
	`339`	`+ _LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN11 **>(&entry_out), &nt_out, 0);`
`340`	`340`	`}`
`341`	`341`	`else`
`342`	`342`	`{`
`343`		`- pData->LastError = f->LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &unknown);`
	`343`	`+ f->LdrpLoadDllInternal(&pData->ModuleFileNameBundle.String, ctx, ctx_flags, 4, nullptr, nullptr, ReCa<LDR_DATA_TABLE_ENTRY_WIN10 **>(&entry_out), &nt_out);`
`344`	`344`	`}`
`345`	`345`
`346`		`- if (NT_FAIL(pData->LastError))`
	`346`	`+ if (NT_FAIL(nt_out))`
`347`	`347`	`{`
	`348`	`+ pData->LastError = (DWORD)nt_out;`
	`349`	`+`
`348`	`350`	`return INJ_ERR_LDRPLDLLINTERNAL_FAILED;`
`349`	`351`	`}`
`350`	`352`	`}`