I was trying to write a Windows Phone 8 app using undocumented API. @imbushuo told me that there was an example on xda-developer using complete Windows API on a store app, and it works great.
And then I found a better implementation from this post in Chinese (The approach is actually mentioned in a comment of the post in xda-developer). Though it’s missing some part.
Here is the core code of the implementation mentioned above:
#include "pch.h"
typedef struct _CLIENT_ID {
PVOID UniqueProcess;
PVOID UniqueThread;
} CLIENT_ID;
typedef struct _MODULE_LIST_ENTRY {
struct _MODULE_LIST_ENTRY* Flink;
struct _MODULE_LIST_ENTRY* Blink;
DWORD* baseAddress;
} MODULE_LIST_ENTRY;
typedef struct _PEB_LDR_DATA {
// BYTE fill[0x1c]; x86
ULONG Length;
BOOLEAN Initialized;
PVOID SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
MODULE_LIST_ENTRY* initModuleList;
} PEB_LDR_DATA;
typedef struct _PEB {
// BYTE fill[0x0c]; x86
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[1];
PVOID Reserved3[2];
PEB_LDR_DATA* ldr;
} PEB;
typedef struct _TEB {
//BYTE fill[0x30]; x86
NT_TIB nt_tib;
PVOID EnvironmentPointer;
CLIENT_ID id;
PVOID ActiveRpcHandle;
PVOID ThreadLocalStoragePointer;
PEB* currentPEB;
} TEB;
typedef HMODULE(*LoadLibraryEx)(
LPCTSTR lpLibFileName,
HANDLE hFile,
DWORD dwFlags
);
int __cdecl main(::Platform::Array<::Platform::String^>^ args) {
TEB* teb = NtCurrentTeb();
HMODULE kernel = (HMODULE) teb->currentPEB->ldr->initModuleList->Flink->baseAddress;
LoadLibraryEx LoadLibraryExW = (LoadLibraryEx) GetProcAddress(kernel, "LoadLibraryExW");
// do your jobs...
}