Wow64GetModuleHandle64: use a real process handle

(mostly) fixes #105
x64dbg · May 29, 2020 · 2ce3ace · 2ce3ace
1 parent 59309a2
commit 2ce3ace
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/InjectorCLI/RemoteHook.cpp b/InjectorCLI/RemoteHook.cpp
@@ -375,7 +375,7 @@ void * DetourCreateRemoteWow64(void * hProcess, bool createTramp)
 
         if (KiFastSystemCallWow64Address == 0)
         {
-            ULONG64 Wow64cpu = (ULONG64)scl::Wow64GetModuleHandle64(L"wow64cpu.dll");
+            ULONG64 Wow64cpu = (ULONG64)scl::Wow64GetModuleHandle64(hProcess, L"wow64cpu.dll");
             if (Wow64cpu == 0 || Wow64cpu > (ULONG32)Wow64cpu) // wow64cpu.dll should always be below 4GB
             {
                 MessageBoxA(nullptr, "Failed to obtain address of wow64cpu.dll!", "ScyllaHide", MB_ICONERROR);

diff --git a/Scylla/Peb.cpp b/Scylla/Peb.cpp
@@ -85,14 +85,14 @@ bool scl::Wow64SetPeb64(HANDLE hProcess, const PEB64 *pPeb64)
     return false;
 }
 
-PVOID64 scl::Wow64GetModuleHandle64(const wchar_t* moduleName)
+PVOID64 scl::Wow64GetModuleHandle64(HANDLE hProcess, const wchar_t* moduleName)
 {
-    const auto Peb64 = Wow64GetPeb64(NtCurrentProcess);
+    const auto Peb64 = Wow64GetPeb64(hProcess);
     if (Peb64 == nullptr)
         return nullptr;
 
     PEB_LDR_DATA64 LdrData64;
-    if (!Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Peb64->Ldr, &LdrData64, sizeof(LdrData64), nullptr))
+    if (!Wow64ReadProcessMemory64(hProcess, (PVOID64)Peb64->Ldr, &LdrData64, sizeof(LdrData64), nullptr))
         return nullptr;
 
     PVOID64 DllBase = nullptr;
@@ -102,12 +102,12 @@ PVOID64 scl::Wow64GetModuleHandle64(const wchar_t* moduleName)
 
     do
     {
-        if (!Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Head.InLoadOrderLinks.Flink, &Head, sizeof(Head), nullptr))
+        if (!Wow64ReadProcessMemory64(hProcess, (PVOID64)Head.InLoadOrderLinks.Flink, &Head, sizeof(Head), nullptr))
             break;
 
         wchar_t* BaseDllName = (wchar_t*)RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, Head.BaseDllName.MaximumLength);
         if (BaseDllName == nullptr ||
-            !Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Head.BaseDllName.Buffer, BaseDllName, Head.BaseDllName.MaximumLength, nullptr))
+            !Wow64ReadProcessMemory64(hProcess, (PVOID64)Head.BaseDllName.Buffer, BaseDllName, Head.BaseDllName.MaximumLength, nullptr))
             break;
 
         if (_wcsicmp(moduleName, BaseDllName) == 0)

diff --git a/Scylla/Peb.h b/Scylla/Peb.h
@@ -205,7 +205,7 @@ namespace scl {
     bool SetPeb(HANDLE hProcess, const PEB *pPeb);
     bool Wow64SetPeb64(HANDLE hProcess, const PEB64 *pPeb64);
 
-    PVOID64 Wow64GetModuleHandle64(const wchar_t* moduleName);
+    PVOID64 Wow64GetModuleHandle64(HANDLE hProcess, const wchar_t* moduleName);
 
     DWORD GetHeapFlagsOffset(bool x64);
     DWORD GetHeapForceFlagsOffset(bool x64);