// step 3: finally load the to-be-injected dll
p1 := buf.pOldApi;
c1 := 5;
if npvm(dword(-1), p1, c1, PAGE_EXECUTE_READWRITE, c2) = 0 then begin
buf.pOldApi^ := buf.oldApi;
c1 := 5;
npvm(dword(-1), p1, c1, c2, c2);
end else begin
// For some reason we can't uninstall our patch correctly.
// As a workaround we modify our callback to execute our copy of the original API code.
p1 := buf;
c1 := 32;
if npvm(dword(-1), p1, c1, PAGE_EXECUTE_READWRITE, c2) = 0 then begin
TPAInt64(buf)[3] := buf.oldCode[3];
TPAInt64(buf)[2] := buf.oldCode[2];
TPAInt64(buf)[1] := buf.oldCode[1];
TPAInt64(buf)[0] := buf.oldCode[0];
c1 := 32;
npvm(dword(-1), p1, c1, c2, c2);
end;
end;
// step 3: finally load the to-be-injected dll
p1 := buf.pOldApi;
c1 := 5;
if npvm(dword(-1), p1, c1, PAGE_EXECUTE_READWRITE, c2) = 0 then begin <<<<<<-------- fails STATUS_DYNAMIC_CODE_BLOCKED
buf.pOldApi^ := buf.oldApi;
c1 := 5;
npvm(dword(-1), p1, c1, c2, c2);
end else begin
// For some reason we can't uninstall our patch correctly.
// As a workaround we modify our callback to execute our copy of the original API code.
p1 := buf;
c1 := 32;
if npvm(dword(-1), p1, c1, PAGE_EXECUTE_READWRITE, c2) = 0 then begin <<<<<<-------- fails STATUS_DYNAMIC_CODE_BLOCKED
TPAInt64(buf)[3] := buf.oldCode[3];
TPAInt64(buf)[2] := buf.oldCode[2];
TPAInt64(buf)[1] := buf.oldCode[1];
TPAInt64(buf)[0] := buf.oldCode[0];
c1 := 32;
npvm(dword(-1), p1, c1, c2, c2);
end;
<<<<<<-------- no ELSE here, nttestalert is still hooked
end;
if npvm(dword(-1), p1, c1, PAGE_EXECUTE_READWRITE, c2)
Users browsing this forum: No registered users and 5 guests