From c2c9faf38ebf7c1794d74067e0049c24e85b1676 Mon Sep 17 00:00:00 2001 From: mpamxl Date: Wed, 18 Oct 2023 16:10:35 +0800 Subject: [PATCH] Fix 108+ Crashes Code reference: https://forum.ru-board.com/topic.cgi?forum=5&topic=51073&start=620&limit=1&m=1#1 --- src/green.h | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/green.h b/src/green.h index b3d68a9..d2c507e 100644 --- a/src/green.h +++ b/src/green.h @@ -143,6 +143,36 @@ NET_API_STATUS WINAPI MyNetUserGetInfo( return ret; } +#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON (0x00000001ui64 << 44) + +typedef BOOL(WINAPI *pUpdateProcThreadAttribute)( + LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, + DWORD dwFlags, + DWORD_PTR Attribute, + PVOID lpValue, + SIZE_T cbSize, + PVOID lpPreviousValue, + PSIZE_T lpReturnSize); + +pUpdateProcThreadAttribute RawUpdateProcThreadAttribute = nullptr; + +BOOL WINAPI MyUpdateProcThreadAttribute( + __inout LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, + __in DWORD dwFlags, + __in DWORD_PTR Attribute, + __in_bcount_opt(cbSize) PVOID lpValue, + __in SIZE_T cbSize, + __out_bcount_opt(cbSize) PVOID lpPreviousValue, + __in_opt PSIZE_T lpReturnSize) +{ + if (Attribute == PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY && cbSize >= sizeof(DWORD64)) + { + PDWORD64 policy_value_1 = &((PDWORD64)lpValue)[0]; + *policy_value_1 &= ~PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON; + } + return RawUpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute, lpValue, cbSize, lpPreviousValue, lpReturnSize); +} + void MakeGreen() { HMODULE kernel32 = LoadLibraryW(L"kernel32.dll"); @@ -247,4 +277,16 @@ void MakeGreen() DebugLog(L"MH_CreateHook NetUserGetInfo failed:%d", status); } } + + LPVOID ppUpdateProcThreadAttribute = nullptr; + MH_STATUS status = MH_CreateHookApiEx(L"kernel32", "UpdateProcThreadAttribute", + &MyUpdateProcThreadAttribute, (LPVOID *)&RawUpdateProcThreadAttribute, &ppUpdateProcThreadAttribute); + if (status == MH_OK) + { + MH_EnableHook(ppUpdateProcThreadAttribute); + } + else + { + DebugLog(L"MH_CreateHookApiEx UpdateProcThreadAttribute failed: %d", status); + } }