Skip to content
/ EpHook Public

Using the characteristics of static DLL loading to modify the EntryPoint and change function arguments.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Charles4852/EpHook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
EpHook
EpHook
 
 
StaticDll
StaticDll
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
EpHook.sln
EpHook.sln
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

DLL Entry Point Modification via lpReserved in DllMain

In static DLL loading, the lpReserved argument of DllMain is of type PCONTEXT.
This PCONTEXT contains context data used by ntdll!RtlUserThreadStart
to start execution at the program's EntryPoint.

Since the argument of RtlUserThreadStart is RCX = exe.entrypoint,
modifying lpReserved->Rcx or lpReserved->Rip allows changing the EntryPoint.

About

Using the characteristics of static DLL loading to modify the EntryPoint and change function arguments.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages