static FARPROC WINAPI OnGetProcAddress(HMODULE hModule, LPCSTR lpProcName) { ORIGINAL(GetProcAddress); FARPROC lpfn = NULL; if (((DWORD_PTR)lpProcName) <= 0xFFFF) { TODO("!!! Обрабатывать и ORDINAL values !!!"); } else { for (int i = 0; Hooks[i].Name; i++) { // The spelling and case of a function name pointed to by lpProcName must be identical // to that in the EXPORTS statement of the source DLL's module-definition (.Def) file if (Hooks[i].hDll == hModule && strcmp(Hooks[i].Name, lpProcName) == 0) { lpfn = (FARPROC)Hooks[i].NewAddress; break; } } } if (!lpfn) lpfn = F(GetProcAddress)(hModule, lpProcName); return lpfn; }
// This routine ensures that when a function is called by name, // the retrieved pointer is replaced with the new function pointer. FARPROC WINAPI HookGetProcAddress(HMODULE module, LPCSTR funcname) { FARPROC addr = ORIGINAL(GetProcAddress)(module, funcname); for (int i = 0; i < nhooks; i++) { if (addr == hooktable[i].oldfunc) { return (FARPROC) hooktable[i].newfunc; } } return addr; }
HMODULE WINAPI OnLoadLibraryExW(const wchar_t* lpFileName, HANDLE hFile, DWORD dwFlags) { //typedef HMODULE(WINAPI* OnLoadLibraryExW_t)(const wchar_t* lpFileName, HANDLE hFile, DWORD dwFlags); ORIGINAL(LoadLibraryExW); return OnLoadLibraryExWWork((FARPROC)F(LoadLibraryExW), ph, bMainThread, lpFileName, hFile, dwFlags); }
HMODULE WINAPI OnLoadLibraryW(const wchar_t* lpFileName) { //typedef HMODULE(WINAPI* OnLoadLibraryW_t)(const wchar_t* lpFileName); ORIGINAL(LoadLibraryW); return OnLoadLibraryWWork((FARPROC)F(LoadLibraryW), ph, bMainThread, lpFileName); }
HMODULE WINAPI OnLoadLibraryA(const char* lpFileName) { //typedef HMODULE(WINAPI* OnLoadLibraryA_t)(const char* lpFileName); ORIGINAL(LoadLibraryA); return OnLoadLibraryAWork((FARPROC)F(LoadLibraryA), ph, bMainThread, lpFileName); }
HMODULE WINAPI HookLoadLibraryExA(LPCSTR filename, HANDLE handle, DWORD flags) { bool newload = (GetModuleHandleA(filename) == NULL); HMODULE result = ORIGINAL(LoadLibraryExA)(filename, handle, flags); if (newload && result) HookAllLoadedModules(); return result; }
#define _GNU_SOURCE #include <chronometer.h> #include <override.h> #include <pthread.h> #include <stdio.h> static __thread unsigned long mutex_lock_lastcall; OVERRIDE(int, pthread_mutex_lock, (mutex), (pthread_mutex_t *mutex)) { unsigned long start, end; int ret; start = rdtsc(); ret = ORIGINAL(pthread_mutex_lock)(mutex); end = rdtsc(); __thread_local_statistics->pthread_mutex_count++; __thread_local_statistics->pthread_mutex_intime += end - start; __thread_local_statistics->pthread_mutex_outtime += (!!mutex_lock_lastcall) * (start - mutex_lock_lastcall); mutex_lock_lastcall = end; return ret; }
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "hook.h" #include "io.h" #include "report.h" #include <string.h> #include <ctype.h> extern uintptr_t find_original( const char *name ); DEFINEHOOK( size_t, strlen, (const char *str) ) { size_t ret = ORIGINAL( strlen, str ); int i = 0, counter = 1; for (; i < (int)ret; i++) { if ( !isalnum(str[i]) ) { counter = 0; break; } } if (ret == 64 && counter) { report_add( "strlen", "s.i", "str", str, ret ); } return ret; }