top | item 46170935

(no title)

HHad3 | 2 months ago

Is this LLM slop? One cannot truncate RSA signatures and still check them. The sample hook code is nonsense, it lacks an address to hook (and would break Enigma‘s self-checks). The sentence structure and all lower-case looks like a bad prompt attempt to hide LLM usage.

discuss

hebelehubele|2 months ago

Agreed. I don't know anything about DLL hooks, but code looks like nonsense to me. It's trying to hook into a null pointer.

  #include <windows.h>
  #include <detours.h>
  
  static int (WINAPI *Real_EP_RegCheckKey)(LPCSTR, LPCSTR) = NULL;
  
  int WINAPI Hooked_EP_RegCheckKey(LPCSTR name, LPCSTR key) {
      return 1;
  }
  
  BOOL APIENTRY DllMain(HMODULE hModule, DWORD reason, LPVOID lpReserved) {
      if (reason == DLL_PROCESS_ATTACH) {
          Sleep(2000);
          DetourTransactionBegin();
          DetourUpdateThread(GetCurrentThread());
          DetourAttach(&(PVOID&)Real_EP_RegCheckKey, Hooked_EP_RegCheckKey);
          DetourTransactionCommit();
      }
      return TRUE;
  }