Skip to content

Commit

Permalink
Add correct missing file
Browse files Browse the repository at this point in the history
  • Loading branch information
jheysel-r7 committed Aug 29, 2024
1 parent e40f6cb commit b322343
Showing 1 changed file with 45 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -1,8 +1,48 @@
#ifndef _METERPRETER_SOURCE_REFLECTIVE_FREE_AND_EXIT_THREAD_H
#define _METERPRETER_SOURCE_REFLECTIVE_FREE_AND_EXIT_THREAD_H
#include "ReflectiveFreeAndExitThread.h"

#include <windows.h>
typedef NTSTATUS
(*NtQueueApcThread)(
HANDLE ThreadHandle,
PVOID ApcRoutine,
ULONG_PTR SystemArgument1,
ULONG_PTR SystemArgument2,
ULONG_PTR SystemArgument3
);

VOID ReflectiveFreeAndExitThread(HINSTANCE hAppInstance, DWORD dwExitCode);
VOID ReflectiveFreeAndExitThread(HINSTANCE hAppInstance, DWORD dwExitCode) {
NtQueueApcThread pNtQueueApcThread = (NtQueueApcThread)GetProcAddress(GetModuleHandle(TEXT("ntdll")), "NtQueueApcThread");
HANDLE hThread = NULL;
HANDLE hThisThread = NULL;

#endif
do {
if (!pNtQueueApcThread)
break;

// create a suspended thread that will just exit once the APCs have executed
hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ExitThread, 0, CREATE_SUSPENDED, NULL);
if (!hThread)
break;

// open a real handle to this thread to pass in the APC so it operates on this thread and not itself
hThisThread = OpenThread(THREAD_QUERY_INFORMATION | SYNCHRONIZE, FALSE, GetCurrentThreadId());
if (!hThisThread)
break;

// tell that thread to wait on this thread, ensures VirtualFree isn't called until this thread has exited
pNtQueueApcThread(hThread, WaitForSingleObjectEx, (ULONG_PTR)hThisThread, INFINITE, FALSE);

// then close the handle so it's not leaked
QueueUserAPC((PAPCFUNC)CloseHandle, hThread, (ULONG_PTR)hThisThread);

// then free the memory
pNtQueueApcThread(hThread, VirtualFree, (ULONG_PTR)hAppInstance, 0, MEM_RELEASE);

ResumeThread(hThread);
} while (FALSE);

if (hThread)
CloseHandle(hThread);

ExitThread(dwExitCode);
return;
}

0 comments on commit b322343

Please sign in to comment.