Add function hook callback frame

0xflux · Jan 16, 2025 · 6d6533f · 6d6533f
1 parent eff3a64
commit 6d6533f
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/injected_dll/src/lib.rs b/injected_dll/src/lib.rs
@@ -1,4 +1,6 @@
-use windows::{Win32::UI::WindowsAndMessaging::{MessageBoxA, MB_OK}, Win32::System::SystemServices::*,};
+use std::{arch::asm, ffi::c_void};
+
+use windows::Win32::{Foundation::HANDLE, System::SystemServices::*, UI::WindowsAndMessaging::{MessageBoxA, MB_OK}};
 use windows::core::s;
 
 #[unsafe(no_mangle)]
@@ -16,4 +18,20 @@ fn attach() {
     unsafe {
         MessageBoxA(None, s!("Hello from Rust DLL"), s!("Hello from Rust DLL"), MB_OK);
     }
+}
+
+
+/// Injected DLL routine for examining the arguments passed to ZwOpenProcess and NtOpenProcess from 
+/// any process this DLL is injected into.
+#[unsafe(no_mangle)]
+unsafe extern "system" fn open_process(
+    process_handle: HANDLE,
+    desired_access: u32,
+    // We do not care for now about the OA
+    _: *mut c_void,
+    // We do not  care for now about the client id
+    _: *mut c_void,
+) {
+    // start off by causing a break in the injected process indicating we successfully called our function!
+    unsafe {asm!("int3")};
 }