Beispiel #1
0
BOOL ProcessAttach(HMODULE hDll)
{
    s_bLog = FALSE;
    s_nTlsIndent = TlsAlloc();
    s_nTlsThread = TlsAlloc();
    ThreadAttach(hDll);

    WCHAR wzExeName[MAX_PATH];

    s_hInst = hDll;
    Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYSIZE(s_wzDllPath));
    Real_GetModuleFileNameW(NULL, wzExeName, ARRAYSIZE(wzExeName));
    sprintf_s(s_szDllPath, ARRAYSIZE(s_szDllPath), "%ls", s_wzDllPath);

    SyelogOpen("trcapi" DETOURS_STRINGIFY(DETOURS_BITS), SYELOG_FACILITY_APPLICATION);
    ProcessEnumerate();

    LONG error = AttachDetours();
    if (error != NO_ERROR) {
        Syelog(SYELOG_SEVERITY_FATAL, "### Error attaching detours: %d\n", error);
    }

    s_bLog = TRUE;
    return TRUE;
}
Beispiel #2
0
int main(int argc, char **argv) 
{ 
    SyelogOpen("sltest", SYELOG_FACILITY_APPLICATION);
    Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World!");
    SyelogClose();
    
    return 0; 
} 
Beispiel #3
0
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    (void)hinst;
    (void)reserved;

    if (dwReason == DLL_PROCESS_ATTACH) {
#if defined(USE_SYELOG)
		// open log
		SyelogOpen("clcoffee", SYELOG_FACILITY_APPLICATION);
#endif

		// get xorvalue && filename
		const char* xorvalueStr = getenv("CLCOFFEE_VALUE");
		const char* fileStr = getenv("CLCOFFEE_FILE");

		if (xorvalueStr && fileStr) {
			XORVALUE = hex2dec(xorvalueStr[0])*16 + hex2dec(xorvalueStr[1]);
			SOURCEFILE = cstr2wstr(fileStr);
		}

#if defined(USE_SYELOG)
		// open log
		Syelog(SYELOG_SEVERITY_INFORMATION, "XORVALUE: 0x%X, SOURCEFILE: %ls\n", XORVALUE, SOURCEFILE);
#endif

		// detour it
		Mhook_SetHook((PVOID*)&Real_CreateFileW, Mine_CreateFileW);
		Mhook_SetHook((PVOID*)&Real_ReadFile, Mine_ReadFile);
		Mhook_SetHook((PVOID*)&Real_CloseHandle, Mine_CloseHandle);

#if defined(USE_SYELOG)
		if (error == NO_ERROR) {
			Syelog(SYELOG_SEVERITY_INFORMATION, "Detoured ok: %d\n", error);
		} else {
			Syelog(SYELOG_SEVERITY_INFORMATION, "Error detouring: %d\n", error);
        }
#endif
    }
    else if (dwReason == DLL_PROCESS_DETACH) {
		Mhook_Unhook((PVOID*)&Real_CreateFileW);
		Mhook_Unhook((PVOID*)&Real_ReadFile);
		Mhook_Unhook((PVOID*)&Real_CloseHandle);

		free(SOURCEFILE);
		SOURCEFILE = 0;

#if defined(USE_SYELOG)
		Syelog(SYELOG_SEVERITY_INFORMATION, "Removed detour: %d\n", error);

		SyelogClose(FALSE);
#endif
    }
    return TRUE;
}
Beispiel #4
0
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    LONG error;
    (void)hinst;
    (void)reserved;

    if (DetourIsHelperProcess()) {
        return TRUE;
    }

    if (dwReason == DLL_PROCESS_ATTACH) {
		// open log
		SyelogOpen("readcl", SYELOG_FACILITY_APPLICATION);

		TouchHelloCpp("d:\\Hello.cpp");

		// detour it
        DetourRestoreAfterWith();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
		DetourAttach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW);
		DetourAttach(&(PVOID&)Real_ReadFile, Mine_ReadFile);
		DetourAttach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle);
        error = DetourTransactionCommit();

		if (error == NO_ERROR) {
			Syelog(SYELOG_SEVERITY_INFORMATION, "Detoured ok: %d\n", error);
		} else {
			Syelog(SYELOG_SEVERITY_INFORMATION, "Error detouring: %d\n", error);
        }
    }
    else if (dwReason == DLL_PROCESS_DETACH) {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
		DetourDetach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW);
		DetourDetach(&(PVOID&)Real_ReadFile, Mine_ReadFile);
		DetourDetach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle);
        error = DetourTransactionCommit();

		Syelog(SYELOG_SEVERITY_INFORMATION, "Removed detour: %d\n", error);

		SyelogClose(FALSE);
    }
    return TRUE;
}
Beispiel #5
0
BOOL ProcessAttach(HMODULE hDll)
{
	s_bLog = FALSE;
	s_nTlsIndent = TlsAlloc();
	s_nTlsThread = TlsAlloc();
	ThreadAttach(hDll);
	
	WCHAR wzExeName[MAX_PATH];

    s_hInst = hDll;
	Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYOF(s_wzDllPath));
	Real_GetModuleFileNameW(NULL, wzExeName, ARRAYOF(wzExeName));

    SyelogOpen("traceapi", SYELOG_FACILITY_APPLICATION);
	ProcessEnumerate();
    
	TrampolineWith();

	s_bLog = TRUE;
	return TRUE;
}
int main(int argc, char **argv)
{
    BOOL fNeedHelp = FALSE;
    BOOL fRequestExitOnClose = FALSE;

    int arg = 1;
    for (; arg < argc && (argv[arg][0] == '-' || argv[arg][0] == '/'); arg++) {
        CHAR *argn = argv[arg] + 1;
        CHAR *argp = argn;
        while (*argp && *argp != ':') {
            argp++;
        }
        if (*argp == ':') {
            *argp++ = '\0';
        }

        switch (argn[0]) {

          case 'x':                                 // Request exit on close.
          case 'X':
            fRequestExitOnClose = TRUE;
            break;

          case '?':                                 // Help.
            fNeedHelp = TRUE;
            break;

          default:
            fNeedHelp = TRUE;
            printf("SLTEST: Bad argument: %s:%s\n", argn, argp);
            break;
        }
    }

    if (fNeedHelp) {
        printf("Usage:\n"
               "    sltest.exe [options] message\n"
               "Options:\n"
               "    /x         Ask syelogd.exe to terminate when this connect closes.\n"
               "    /?         Display this help message.\n"
               "\n");
        exit(1);
    }

    SyelogOpen("sltest", SYELOG_FACILITY_APPLICATION);
    if (arg >= argc) {
        Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [1 of 4]");
        Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [2 of 4]");
        Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [3 of 4]");
        Syelog(SYELOG_SEVERITY_INFORMATION, "Hello World! [4 of 4]");
    }
    else {
        CHAR Buffer[1024] = "";

        for (; arg < argc; arg++) {
            StringCchCatA(Buffer, ARRAYSIZE(Buffer), argv[arg]);
            if (arg + 1 < argc) {
                StringCchCatA(Buffer, ARRAYSIZE(Buffer), " ");
            }
        }
        Syelog(SYELOG_SEVERITY_INFORMATION, Buffer);
    }

    SyelogClose(fRequestExitOnClose);

    return 0;
}