BOOL ProcessAttach(HMODULE hDll) { s_bLog = FALSE; s_nTlsIndent = TlsAlloc(); s_nTlsThread = TlsAlloc(); ThreadAttach(hDll); WCHAR wzExeName[MAX_PATH]; s_hInst = hDll; Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYSIZE(s_wzDllPath)); Real_GetModuleFileNameW(NULL, wzExeName, ARRAYSIZE(wzExeName)); sprintf_s(s_szDllPath, ARRAYSIZE(s_szDllPath), "%ls", s_wzDllPath); SyelogOpen("trcapi" DETOURS_STRINGIFY(DETOURS_BITS), SYELOG_FACILITY_APPLICATION); ProcessEnumerate(); LONG error = AttachDetours(); if (error != NO_ERROR) { Syelog(SYELOG_SEVERITY_FATAL, "### Error attaching detours: %d\n", error); } s_bLog = TRUE; return TRUE; }
int main(int argc, char **argv) { SyelogOpen("sltest", SYELOG_FACILITY_APPLICATION); Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World!"); SyelogClose(); return 0; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { (void)hinst; (void)reserved; if (dwReason == DLL_PROCESS_ATTACH) { #if defined(USE_SYELOG) // open log SyelogOpen("clcoffee", SYELOG_FACILITY_APPLICATION); #endif // get xorvalue && filename const char* xorvalueStr = getenv("CLCOFFEE_VALUE"); const char* fileStr = getenv("CLCOFFEE_FILE"); if (xorvalueStr && fileStr) { XORVALUE = hex2dec(xorvalueStr[0])*16 + hex2dec(xorvalueStr[1]); SOURCEFILE = cstr2wstr(fileStr); } #if defined(USE_SYELOG) // open log Syelog(SYELOG_SEVERITY_INFORMATION, "XORVALUE: 0x%X, SOURCEFILE: %ls\n", XORVALUE, SOURCEFILE); #endif // detour it Mhook_SetHook((PVOID*)&Real_CreateFileW, Mine_CreateFileW); Mhook_SetHook((PVOID*)&Real_ReadFile, Mine_ReadFile); Mhook_SetHook((PVOID*)&Real_CloseHandle, Mine_CloseHandle); #if defined(USE_SYELOG) if (error == NO_ERROR) { Syelog(SYELOG_SEVERITY_INFORMATION, "Detoured ok: %d\n", error); } else { Syelog(SYELOG_SEVERITY_INFORMATION, "Error detouring: %d\n", error); } #endif } else if (dwReason == DLL_PROCESS_DETACH) { Mhook_Unhook((PVOID*)&Real_CreateFileW); Mhook_Unhook((PVOID*)&Real_ReadFile); Mhook_Unhook((PVOID*)&Real_CloseHandle); free(SOURCEFILE); SOURCEFILE = 0; #if defined(USE_SYELOG) Syelog(SYELOG_SEVERITY_INFORMATION, "Removed detour: %d\n", error); SyelogClose(FALSE); #endif } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { // open log SyelogOpen("readcl", SYELOG_FACILITY_APPLICATION); TouchHelloCpp("d:\\Hello.cpp"); // detour it DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW); DetourAttach(&(PVOID&)Real_ReadFile, Mine_ReadFile); DetourAttach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle); error = DetourTransactionCommit(); if (error == NO_ERROR) { Syelog(SYELOG_SEVERITY_INFORMATION, "Detoured ok: %d\n", error); } else { Syelog(SYELOG_SEVERITY_INFORMATION, "Error detouring: %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW); DetourDetach(&(PVOID&)Real_ReadFile, Mine_ReadFile); DetourDetach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle); error = DetourTransactionCommit(); Syelog(SYELOG_SEVERITY_INFORMATION, "Removed detour: %d\n", error); SyelogClose(FALSE); } return TRUE; }
BOOL ProcessAttach(HMODULE hDll) { s_bLog = FALSE; s_nTlsIndent = TlsAlloc(); s_nTlsThread = TlsAlloc(); ThreadAttach(hDll); WCHAR wzExeName[MAX_PATH]; s_hInst = hDll; Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYOF(s_wzDllPath)); Real_GetModuleFileNameW(NULL, wzExeName, ARRAYOF(wzExeName)); SyelogOpen("traceapi", SYELOG_FACILITY_APPLICATION); ProcessEnumerate(); TrampolineWith(); s_bLog = TRUE; return TRUE; }
int main(int argc, char **argv) { BOOL fNeedHelp = FALSE; BOOL fRequestExitOnClose = FALSE; int arg = 1; for (; arg < argc && (argv[arg][0] == '-' || argv[arg][0] == '/'); arg++) { CHAR *argn = argv[arg] + 1; CHAR *argp = argn; while (*argp && *argp != ':') { argp++; } if (*argp == ':') { *argp++ = '\0'; } switch (argn[0]) { case 'x': // Request exit on close. case 'X': fRequestExitOnClose = TRUE; break; case '?': // Help. fNeedHelp = TRUE; break; default: fNeedHelp = TRUE; printf("SLTEST: Bad argument: %s:%s\n", argn, argp); break; } } if (fNeedHelp) { printf("Usage:\n" " sltest.exe [options] message\n" "Options:\n" " /x Ask syelogd.exe to terminate when this connect closes.\n" " /? Display this help message.\n" "\n"); exit(1); } SyelogOpen("sltest", SYELOG_FACILITY_APPLICATION); if (arg >= argc) { Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [1 of 4]"); Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [2 of 4]"); Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [3 of 4]"); Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [4 of 4]"); } else { CHAR Buffer[1024] = ""; for (; arg < argc; arg++) { StringCchCatA(Buffer, ARRAYSIZE(Buffer), argv[arg]); if (arg + 1 < argc) { StringCchCatA(Buffer, ARRAYSIZE(Buffer), " "); } } Syelog(SYELOG_SEVERITY_INFORMATION, Buffer); } SyelogClose(fRequestExitOnClose); return 0; }