inject: Use GetProcAddress for CreateProcessAsUserW.

To ensure we use kernel32.dll, instead of advapi32.dll. As depending on advapi32.dll greatly increase our chances we get detached earlier.
author: Jose Fonseca <jfonseca@vmware.com> 2015-07-15 16:12:09 +0100
committer: Jose Fonseca <jfonseca@vmware.com> 2015-07-15 16:17:10 +0100
commit: 7d810e5c522d146a3ee6d13b9422110119a3689f (patch)
tree: 8acdc08562101987f87b40faef1ee82e4769b734 /inject
parent: adf4f979d0c0da219186413caf7a7f440ab55a6d (diff)
1 files changed, 26 insertions, 11 deletions
diff --git a/inject/injectee.cpp b/inject/injectee.cpp
index 620da112..bba2b353 100644
--- a/inject/injectee.cpp
+++ b/inject/injectee.cpp
@@ -209,6 +209,13 @@ MyCreateProcessW(LPCWSTR lpApplicationName,
     return bRet;
 }
 
+typedef BOOL
+(WINAPI *PFNCREATEPROCESSASUSERW) (HANDLE, LPCWSTR, LPWSTR,
+        LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID,
+        LPCWSTR, LPSTARTUPINFOW, LPPROCESS_INFORMATION);
+
+static PFNCREATEPROCESSASUSERW pfnCreateProcessAsUserW;
+
 static BOOL WINAPI
 MyCreateProcessAsUserW(HANDLE hToken,
                        LPCWSTR lpApplicationName,
@@ -230,17 +237,17 @@ MyCreateProcessAsUserW(HANDLE hToken,
     }
 
     BOOL bRet;
-    bRet = CreateProcessAsUserW(hToken,
-                               lpApplicationName,
-                               lpCommandLine,
-                               lpProcessAttributes,
-                               lpThreadAttributes,
-                               bInheritHandles,
-                               dwCreationFlags,
-                               lpEnvironment,
-                               lpCurrentDirectory,
-                               lpStartupInfo,
-                               lpProcessInformation);
+    bRet = pfnCreateProcessAsUserW(hToken,
+                                   lpApplicationName,
+                                   lpCommandLine,
+                                   lpProcessAttributes,
+                                   lpThreadAttributes,
+                                   bInheritHandles,
+                                   dwCreationFlags,
+                                   lpEnvironment,
+                                   lpCurrentDirectory,
+                                   lpStartupInfo,
+                                   lpProcessInformation);
 
     MyCreateProcessCommon(bRet, dwCreationFlags, lpProcessInformation);
 
@@ -1038,6 +1045,14 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
             return FALSE;
         }
 
+        // Ensure we use kernel32.dll's CreateProcessAsUserW, and not advapi32.dll's.
+        {
+            HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
+            assert(hKernel32);
+            pfnCreateProcessAsUserW = (PFNCREATEPROCESSASUSERW)GetProcAddress(hKernel32, "CreateProcessAsUserW");
+            assert(pfnCreateProcessAsUserW);
+        }
+
         /*
          * Hook kernel32.dll functions, and its respective Windows API Set.
          *
author	Jose Fonseca <jfonseca@vmware.com>	2015-07-15 16:12:09 +0100
committer	Jose Fonseca <jfonseca@vmware.com>	2015-07-15 16:17:10 +0100
commit	7d810e5c522d146a3ee6d13b9422110119a3689f (patch)
tree	8acdc08562101987f87b40faef1ee82e4769b734 /inject
parent	adf4f979d0c0da219186413caf7a7f440ab55a6d (diff)