diff --git a/InjectorCLI/RemoteHook.cpp b/InjectorCLI/RemoteHook.cpp index 33820802..1627a965 100644 --- a/InjectorCLI/RemoteHook.cpp +++ b/InjectorCLI/RemoteHook.cpp @@ -375,7 +375,7 @@ void * DetourCreateRemoteWow64(void * hProcess, bool createTramp) if (KiFastSystemCallWow64Address == 0) { - ULONG64 Wow64cpu = (ULONG64)scl::Wow64GetModuleHandle64(L"wow64cpu.dll"); + ULONG64 Wow64cpu = (ULONG64)scl::Wow64GetModuleHandle64(hProcess, L"wow64cpu.dll"); if (Wow64cpu == 0 || Wow64cpu > (ULONG32)Wow64cpu) // wow64cpu.dll should always be below 4GB { MessageBoxA(nullptr, "Failed to obtain address of wow64cpu.dll!", "ScyllaHide", MB_ICONERROR); diff --git a/Scylla/Peb.cpp b/Scylla/Peb.cpp index 10358c89..f61789cd 100644 --- a/Scylla/Peb.cpp +++ b/Scylla/Peb.cpp @@ -85,14 +85,14 @@ bool scl::Wow64SetPeb64(HANDLE hProcess, const PEB64 *pPeb64) return false; } -PVOID64 scl::Wow64GetModuleHandle64(const wchar_t* moduleName) +PVOID64 scl::Wow64GetModuleHandle64(HANDLE hProcess, const wchar_t* moduleName) { - const auto Peb64 = Wow64GetPeb64(NtCurrentProcess); + const auto Peb64 = Wow64GetPeb64(hProcess); if (Peb64 == nullptr) return nullptr; PEB_LDR_DATA64 LdrData64; - if (!Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Peb64->Ldr, &LdrData64, sizeof(LdrData64), nullptr)) + if (!Wow64ReadProcessMemory64(hProcess, (PVOID64)Peb64->Ldr, &LdrData64, sizeof(LdrData64), nullptr)) return nullptr; PVOID64 DllBase = nullptr; @@ -102,12 +102,12 @@ PVOID64 scl::Wow64GetModuleHandle64(const wchar_t* moduleName) do { - if (!Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Head.InLoadOrderLinks.Flink, &Head, sizeof(Head), nullptr)) + if (!Wow64ReadProcessMemory64(hProcess, (PVOID64)Head.InLoadOrderLinks.Flink, &Head, sizeof(Head), nullptr)) break; wchar_t* BaseDllName = (wchar_t*)RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, Head.BaseDllName.MaximumLength); if (BaseDllName == nullptr || - !Wow64ReadProcessMemory64(NtCurrentProcess, (PVOID64)Head.BaseDllName.Buffer, BaseDllName, Head.BaseDllName.MaximumLength, nullptr)) + !Wow64ReadProcessMemory64(hProcess, (PVOID64)Head.BaseDllName.Buffer, BaseDllName, Head.BaseDllName.MaximumLength, nullptr)) break; if (_wcsicmp(moduleName, BaseDllName) == 0) diff --git a/Scylla/Peb.h b/Scylla/Peb.h index 34c77572..cf4ce6a7 100644 --- a/Scylla/Peb.h +++ b/Scylla/Peb.h @@ -205,7 +205,7 @@ namespace scl { bool SetPeb(HANDLE hProcess, const PEB *pPeb); bool Wow64SetPeb64(HANDLE hProcess, const PEB64 *pPeb64); - PVOID64 Wow64GetModuleHandle64(const wchar_t* moduleName); + PVOID64 Wow64GetModuleHandle64(HANDLE hProcess, const wchar_t* moduleName); DWORD GetHeapFlagsOffset(bool x64); DWORD GetHeapForceFlagsOffset(bool x64);