// ----------------------------------------------------------------------------
// hook a window
// ----------------------------------------------------------------------------
bool CSkin::Hook(CWnd *pWnd)
{
// unsubclass any other window
if (Hooked()) UnHook();
// this will be our new subclassed window
m_hWnd = (HWND)*pWnd;
// --------------------------------------------------
// change window style (get rid of the caption bar)
// --------------------------------------------------
LONG_PTR dwStyle = GetWindowLongPtr(m_hWnd, GWL_STYLE);
m_dOldStyle = dwStyle;
dwStyle &= ~(WS_CAPTION|WS_SIZEBOX);
SetWindowLongPtr(m_hWnd, GWL_STYLE, dwStyle);
RECT r;
pWnd->GetWindowRect(&r);
m_oldRect = r;
pWnd->MoveWindow(r.left,
r.top,
m_iWidth,
m_iHeight,
FALSE);
pWnd->SetMenu(NULL);
if(m_rgnSkin != NULL)
// set the skin region to the window
pWnd->SetWindowRgn(m_rgnSkin, true);
// subclass the window procedure
m_OldWndProc = (WNDPROC)SetWindowLongPtr( m_hWnd, GWLP_WNDPROC, (LONG_PTR)SkinWndProc );
// store a pointer to our class instance inside the window procedure.
if (!SetProp(m_hWnd, "skin", (void*)this))
{
// if we fail to do so, we just can't activate the skin.
UnHook();
return false;
}
// update flag
m_bHooked = ( m_OldWndProc ? true : false );
for(int i = 0; i < m_nButtons; i++) {
RECT r;
m_buttons[i].GetRect(r);
m_buttons[i].CreateButton("", WS_VISIBLE, r, pWnd, 0);
}
// force window repainting
RedrawWindow(NULL,NULL,NULL,RDW_INVALIDATE|RDW_ERASE|RDW_ALLCHILDREN);
// successful return if we're hooked.
return m_bHooked;
}
/// main entry point
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){
switch ( ul_reason_for_call ){
case DLL_PROCESS_ATTACH: {
Splash Splash(NULL);
if (Splash.Show(NULL, 300) == TRUE) {
Sleep(1000);
}
if (Hook(hModule) != 1) {
MessageBox( 0, L"Failed to initialize Insanity successfully.\n\nPlease restart the Patcher and try again.\nIf this happen more than once, please inform the Admins.\nThank you.", L"Insanity - Client Protection", MB_OK | MB_ICONHAND );
exit(1);
return FALSE;
}
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
UnHook();
break;
}
log(L"DllMain: returning true!\n");
return TRUE;
}
InlineSingleHook::~InlineSingleHook ()
{
// if (Inline_5Bytes!=m_NewBytes_Pbyte)
// {//外部的buffer不用管
//
// }
if (NULL!=m_OrgBytes_Pbyte)
{
UnHook ( );
delete []m_OrgBytes_Pbyte;
m_OrgBytes_Pbyte= NULL;
}
if (NULL!=m_HookRouter_Pproc)
{
PInlineX86StackBuffer X86StackBufferAry= *((PInlineX86StackBuffer *)&m_HookRouter_Pproc[X86INLINEROUTERSTACKBUFFEROFF]);
while (NULL!=X86StackBufferAry)
{
PInlineX86StackBuffer temp_Ix86Stackbuf= X86StackBufferAry->next;
delete [] X86StackBufferAry;
X86StackBufferAry= temp_Ix86Stackbuf;
}
delete [] m_HookRouter_Pproc;
m_HookRouter_Pproc= NULL;
}
if (NULL!=m_RedirectOrgOpcodes_Pbyte)
{
delete [] m_RedirectOrgOpcodes_Pbyte;
m_RedirectOrgOpcodes_Pbyte= NULL;
}
}
int CHookKBApp::ExitInstance()
{
// TODO: Add your specialized code here and/or call the base class
UnHook(); //п╤ть╪Эел╧Ёвс
return CWinApp::ExitInstance();
}
void SSDTHookUnload(IN PDRIVER_OBJECT DriverObject)
{
if (is_hook)
{
UnHook();
}
UNICODE_STRING Win32Device;
RtlInitUnicodeString(&Win32Device,L"\\DosDevices\\SSDTHook0");
IoDeleteSymbolicLink(&Win32Device);
IoDeleteDevice(DriverObject->DeviceObject);
}
SingleHook::~SingleHook ()
{
if (NULL!=m_OrgBytes_Pbyte)
{
UnHook ( );
delete []m_OrgBytes_Pbyte;
m_OrgBytes_Pbyte= NULL;
}
if (NULL!=mallocedBuf)
{
delete [] mallocedBuf;
mallocedBuf= NULL;
}
}
NTSTATUS SSDTHookDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
ULONG info;
//得到当前栈指针
KdPrint(("get commond form application"));
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
ULONG mf=stack->MajorFunction;//区分IRP
if (mf == IRP_MJ_DEVICE_CONTROL)
{
//得到输入缓冲区大小
ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
//得到输出缓冲区大小
ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL码
ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
switch (code)
{
case hook_code:
{
//获取缓冲区数据 a,b
int * InputBuffer = (int*)Irp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,InputBuffer
mov ebx,[eax]
mov thePid,ebx
}
KdPrint(("设定被保护进程 MyPID=%d \n",(int)thePid));
int* OutputBuffer = (int*)Irp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,1
mov ebx,OutputBuffer
mov [ebx],eax //
}
info = 4;
Hook();
}
break;
case unhook_code:
{
UnHook();
}
break;
}
}
// Unload例程 卸载钩子
VOID Unload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint(("Unload ssdt driver.\n"));
UnHook((ULONG)ZwSetInformationFile);
UnHook((ULONG)ZwOpenProcess);
UnHook((ULONG)ZwTerminateProcess);
UnHook((ULONG)ZwCreateFile);
UnHook((ULONG)ZwQuerySystemInformation);
UnHook((ULONG)ZwCreateKey);
}
// ----------------------------------------------------------------------------
// destroy skin resources and free allocated resources
// ----------------------------------------------------------------------------
void CSkin::Destroy()
{
if (m_buttons) {
delete[] m_buttons;
m_buttons = NULL;
}
// unhook the window
UnHook();
// free bitmaps and device context
if (m_dcSkin) { SelectObject(m_dcSkin, m_hOldBmp); DeleteDC(m_dcSkin); m_dcSkin = NULL; }
if (m_hBmp) { DeleteObject(m_hBmp); m_hBmp = NULL; }
// free skin region
if (m_rgnSkin) { DeleteObject(m_rgnSkin); m_rgnSkin = NULL; }
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hInstance = hModule;
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
UnHook();
break;
}
return TRUE;
}
ModifyHook::~ModifyHook ()
{
if ( NULL!=m_OrgBytes_Pbyte)
{
UnHook ( );
delete []m_OrgBytes_Pbyte;
m_OrgBytes_Pbyte= NULL;
}
if (NULL!=m_RedirectOrgOpcodes_Pbyte)
{
delete [] m_RedirectOrgOpcodes_Pbyte;
}
if (NULL!=mallocedBuf)
{
delete [] mallocedBuf;
mallocedBuf= NULL;
}
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) {
switch ( ul_reason_for_call ) {
case DLL_PROCESS_ATTACH:
log( "Shaiya Hook started.." );
Hook();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
log( "Shaiya Hook finished.." );
UnHook();
break;
}
return TRUE;
}
VOID DDK_Unload (IN PDRIVER_OBJECT pDriverObject)
{
PDEVICE_OBJECT pDev;//用来取得要删除设备对象
UNICODE_STRING symLinkName; //
UnHook();
if (ishook)
{//unhook
__asm //去掉页面保护
{
cli
mov eax,cr0
and eax,not 10000h //and eax,0FFFEFFFFh
mov cr0,eax
}
pcur->E9= oldCode.E9;//1字节
pcur->JMPADDR= oldCode.JMPADDR;//4字节
__asm //恢复页保护
{
mov eax,cr0
or eax,10000h //or eax,not 0FFFEFFFFh
mov cr0,eax
sti
}
} //end unhook
pDev=pDriverObject->DeviceObject;
IoDeleteDevice(pDev); //删除设备
//取符号链接名字
RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");
//删除符号链接
IoDeleteSymbolicLink(&symLinkName);
KdPrint(("驱动成功被卸载...OK-----------")); //sprintf,printf
//取得要删除设备对象
//删掉所有设备
DbgPrint("卸载成功");
}
NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp )
{ //
ULONG info;
int *pi=(int*)ExAllocatePool(PagedPool,sizeof(int));
//得到当前栈指针
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
ULONG mf=stack->MajorFunction;//区分IRP
switch (mf)
{
case IRP_MJ_DEVICE_CONTROL:
{ KdPrint(("Enter myDriver_DeviceIOControl\n"));
NTSTATUS status = STATUS_SUCCESS;
//得到输入缓冲区大小
ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
//得到输出缓冲区大小
ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL码
ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
switch (code)
{
case add_code:
{
int a,b;
KdPrint(("add_code 1111111111111111111\n"));
//缓冲区方式IOCTL
//获取缓冲区数据 a,b
int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,InputBuffer
mov ebx,[eax]
mov a,ebx
mov ebx,[eax+4]
mov b,ebx
}
KdPrint(("a=%d,b=%d \n", a,b));
a=a+b;
//C、驱动层返回数据至用户层
//操作输出缓冲区
int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,a
mov ebx,OutputBuffer
mov [ebx],eax //bufferet=a+b
}
KdPrint(("a+b=%d \n",a));
//设置实际操作输出缓冲区长度
info = 4;
break;
}
case hook_code:
{ //从buffer获取MyPid
//获取缓冲区数据 a,b
int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,InputBuffer
mov ebx,[eax]
mov MyPID,ebx
}
int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,1
mov ebx,OutputBuffer
mov [ebx],eax //
}
info = 4;
Hook();
break;
}
case unhook_code:
{ UnHook();
break;
}
case sub_code:
{
break;
}
}//end code switch
break;
}
case IRP_MJ_CREATE:
{
break;
}
case IRP_MJ_CLOSE:
{
break;
}
case IRP_MJ_READ:
{
break;
}
}
//对相应的IPR进行处理
pIrp->IoStatus.Information=info;//设置操作的字节数为0,这里无实际意义
pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功
IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP
KdPrint(("离开派遣函数\n"));//调试信息
return STATUS_SUCCESS; //返回成功
}
CILHook::~CILHook()
{
// 取消HOOK
UnHook();
}
static void Deinitialize( GarrysMod::Lua::ILuaBase *LUA )
{
UnHook( AddOrUpdateFile_original );
}
IATHook::~IATHook()
{
UnHook();
}
CILHook::~CILHook()
{
UnHook();
}
VOID UnSysenterHook()
{
UnHook((PUCHAR)"\x2B\xE1\xC1\xE9\x02\x8B\xFC", 7, (PVOID)(ulHookSysenter-5));
}
