ditch non-windows dll proxying and split the code

Signed-off-by: Dimitris Zervas <dzervas@dzervas.gr>
2024-04-14 00:57:58 +03:00
parent 7c8105fc47
commit a5a0153d31
6 changed files with 62 additions and 113 deletions
--- a/src/loader_windows.rs
+++ b/src/loader_windows.rs
@ -0,0 +1,27 @@
+use std::ffi::c_void;
+use winapi::um::winnt::DLL_PROCESS_ATTACH;
+use winapi::um::libloaderapi::LoadLibraryA;
+
+// For some reason ctor doesn't work on Windows - it hangs the process
+// during DeviceManager::obtain. DllMain works fine though.
+// Would be nice to have a single entry point for all platforms.
+#[no_mangle]
+#[allow(non_snake_case, unused_variables)]
+pub extern "system" fn DllMain(dll_module: *mut c_void, call_reason: u32, _: *mut ()) -> bool {
+	match call_reason {
+		DLL_PROCESS_ATTACH => {
+			println!("[+] frida-deepfreeze-rs DLL injected");
+
+			if let Some(lib_name) = option_env!("LIB_NAME") {
+				unsafe { LoadLibraryA(lib_name.as_ptr() as *const i8); }
+				println!("[+] Original DLL {} loaded", lib_name);
+			}
+
+			attach_self();
+		}
+		// Maybe we should detach? Is it useful?
+		_ => ()
+	}
+
+	true
+}