Making some things more annoying to notice.

src/win32/VBA.cpp

@@ -492,21 +492,28 @@ static unsigned char getname_encoded[] = { 0xc8, 0x33, 0x3f, 0xdc, 0xdd, 0x21, 0
 static unsigned char exit_encoded[] = { 0xca, 0xd2, 0xd5, 0xd9, 0x29, 0x27, 0x26, 0xdb, 0x20, 0x2d, 0x20, 0x00 };
 
 static lpExitProcess protectHelp[2] = { (lpExitProcess)srandWrap, (lpExitProcess)0 };
+
+typedef HMODULE (WINAPI* lpLoadLibrary)(LPCTSTR);
+typedef FARPROC (WINAPI* lpGetProcAddress)(HMODULE, LPCSTR);
+
+SET_FN_PTR(LoadLibrary, 0x01301100);
+SET_FN_PTR(GetProcAddress, 0x01301100);
+
 int VBA::doProtection()
 {
   char szEXEFileName[260];
   *szEXEFileName = 0;
 
-  HMODULE hM_kernel32 = LoadLibrary(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded)));
+  HMODULE hM_kernel32 = ((lpLoadLibrary)GET_FN_PTR(LoadLibrary))(unprotect_buffer(kernel_encoded, sizeof(kernel_encoded)));
   if (hM_kernel32)
   {
-    pGetModuleFileNameA = (lpGetModuleFileNameA)GetProcAddress(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded)));
+    pGetModuleFileNameA = (lpGetModuleFileNameA)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(getname_encoded, sizeof(getname_encoded)));
     if (pGetModuleFileNameA)
     {
       pGetModuleFileNameA(GetModuleHandle(0), szEXEFileName, sizeof(szEXEFileName));
     }
 
-    pExitProcess = (lpExitProcess)GetProcAddress(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded)));
+    pExitProcess = (lpExitProcess)((lpGetProcAddress)GET_FN_PTR(GetProcAddress))(hM_kernel32, unprotect_buffer(exit_encoded, sizeof(exit_encoded)));
     protectHelp[1] = pExitProcess;
 
     return(ExecutableValid(szEXEFileName));

src/win32/protect.c

@@ -31,6 +31,14 @@ int ExecutableValid(const char *executable_filename)
 
 #else
 
+SET_FN_PTR(fopen, 0x01301100);
+SET_FN_PTR(fread, 0x01301100);
+SET_FN_PTR(malloc, 0x01301100);
+
+typedef FILE * (*p_fopen)(const char *path, const char *mode);
+typedef size_t (*p_fread)(void *ptr, size_t size, size_t nmemb, FILE *stream);
+typedef void * (*p_malloc)(size_t size);
+
 static uint8_t *memmem(const uint8_t *haystack, size_t haystacklen, const uint8_t *needle, size_t needlelen)
 {
   if (needlelen)
@@ -82,7 +90,7 @@ int ExecutableValid(const char *executable_filename)
   FILE *fp;
   int retval = 1;  //Invalid
 
-  if ((fp = fopen(executable_filename, "rb")))
+  if ((fp = ((p_fopen)GET_FN_PTR(fopen))(executable_filename, "rb")))
   {
     size_t file_size;
     uint8_t *buffer;
@@ -90,12 +98,12 @@ int ExecutableValid(const char *executable_filename)
     fseek(fp, 0, SEEK_END);
     file_size = ftell(fp);
 
-    if ((buffer = malloc(file_size))) //Mallocing the whole file? Oh Noes!
+    if ((buffer = ((p_malloc)GET_FN_PTR(malloc))(file_size))) //Mallocing the whole file? Oh Noes!
     {
       const uint8_t *p;
 
       rewind(fp);
-      fread(buffer, 1, file_size, fp);
+      ((p_fread)GET_FN_PTR(fread))(buffer, 1, file_size, fp);
 
       if ((p  = memmem(buffer, file_size, (const uint8_t *)data, sizeof(data))))
       {

src/win32/protect.h

@@ -10,6 +10,16 @@ extern "C" {
 int ExecutableValid(const char *executable_filename);
 char *unprotect_buffer(unsigned char *buffer, size_t buffer_len);
 
+#define SET_FN_PTR(func, num)                  \
+        static inline void *get_##func(void) { \
+          int  i, j = num / 4;                 \
+          long ptr = (long)func + num;         \
+          for (i = 0;  i < 2;  i++) ptr -= j;  \
+          return (void *)(ptr - (j * 2));      \
+        }
+
+#define GET_FN_PTR(func) get_##func()
+
 #if defined(__cplusplus)
 }
 #endif