EXTERN_C BOOL WINAPI
DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
const char *szNewDllName = NULL;
const char *szNewDllBaseName;
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
g_hThisModule = hinstDLL;
/*
* Calling LoadLibrary inside DllMain is strongly discouraged. But it
* works quite well, provided that the loaded DLL does not require or do
* anything special in its DllMain, which seems to be the general case.
*
* See also:
* - http://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain
* - http://msdn.microsoft.com/en-us/library/ms682583
*/
if (!USE_SHARED_MEM) {
szNewDllName = getenv("INJECT_DLL");
if (!szNewDllName) {
debugPrintf("inject: warning: INJECT_DLL not set\n");
return FALSE;
}
} else {
SharedMem *pSharedMem = OpenSharedMemory(NULL);
if (!pSharedMem) {
debugPrintf("inject: error: failed to open shared memory\n");
return FALSE;
}
VERBOSITY = pSharedMem->cVerbosity;
static char szSharedMemCopy[MAX_PATH];
strncpy(szSharedMemCopy, pSharedMem->szDllName, _countof(szSharedMemCopy) - 1);
szSharedMemCopy[_countof(szSharedMemCopy) - 1] = '\0';
szNewDllName = szSharedMemCopy;
}
if (VERBOSITY > 0) {
debugPrintf("inject: DLL_PROCESS_ATTACH\n");
}
if (VERBOSITY > 0) {
char szProcess[MAX_PATH];
GetModuleFileNameA(NULL, szProcess, sizeof szProcess);
debugPrintf("inject: attached to process %s\n", szProcess);
}
if (VERBOSITY > 0) {
debugPrintf("inject: loading %s\n", szNewDllName);
}
g_hHookModule = LoadLibraryA(szNewDllName);
if (!g_hHookModule) {
debugPrintf("inject: warning: failed to load %s\n", szNewDllName);
return FALSE;
}
// Ensure we use kernel32.dll's CreateProcessAsUserW, and not advapi32.dll's.
{
HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
assert(hKernel32);
pfnCreateProcessAsUserW = (PFNCREATEPROCESSASUSERW)GetProcAddress(hKernel32, "CreateProcessAsUserW");
assert(pfnCreateProcessAsUserW);
}
/*
* Hook kernel32.dll functions, and its respective Windows API Set.
*
* http://msdn.microsoft.com/en-us/library/dn505783.aspx (Windows 8.1)
* http://msdn.microsoft.com/en-us/library/hh802935.aspx (Windows 8)
*/
registerLibraryLoaderHooks("kernel32.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-1.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-2-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-1.dll");
registerProcessThreadsHooks("kernel32.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-0.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-1.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-2.dll");
szNewDllBaseName = getBaseName(szNewDllName);
if (stricmp(szNewDllBaseName, "dxgitrace.dll") == 0) {
registerModuleHooks("dxgi.dll", g_hHookModule);
registerModuleHooks("d3d10.dll", g_hHookModule);
registerModuleHooks("d3d10_1.dll", g_hHookModule);
registerModuleHooks("d3d11.dll", g_hHookModule);
registerModuleHooks("d3d9.dll", g_hHookModule); // for D3DPERF_*
} else if (stricmp(szNewDllBaseName, "d3d9.dll") == 0) {
registerModuleHooks("d3d9.dll", g_hHookModule);
registerModuleHooks("dxva2.dll", g_hHookModule);
} else if (stricmp(szNewDllBaseName, "d2d1trace.dll") == 0) {
registerModuleHooks("d2d1.dll", g_hHookModule);
registerModuleHooks("dwrite.dll", g_hHookModule);
} else {
registerModuleHooks(szNewDllBaseName, g_hHookModule);
}
dumpRegisteredHooks();
patchAllModules(ACTION_HOOK);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
if (VERBOSITY > 0) {
debugPrintf("inject: DLL_PROCESS_DETACH\n");
}
assert(!lpvReserved);
patchAllModules(ACTION_UNHOOK);
if (g_hHookModule) {
FreeLibrary(g_hHookModule);
}
break;
}
return TRUE;
}
EXTERN_C BOOL WINAPI
DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
{
const char *szNewDllName = NULL;
const char *szNewDllBaseName;
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
if (VERBOSITY > 0) {
debugPrintf("inject: DLL_PROCESS_ATTACH\n");
}
g_hThisModule = hinstDLL;
if (VERBOSITY > 0) {
char szProcess[MAX_PATH];
GetModuleFileNameA(NULL, szProcess, sizeof szProcess);
debugPrintf("inject: attached to process %s\n", szProcess);
}
/*
* Calling LoadLibrary inside DllMain is strongly discouraged. But it
* works quite well, provided that the loaded DLL does not require or do
* anything special in its DllMain, which seems to be the general case.
*
* See also:
* - http://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain
* - http://msdn.microsoft.com/en-us/library/ms682583
*/
if (!USE_SHARED_MEM) {
szNewDllName = getenv("INJECT_DLL");
if (!szNewDllName) {
debugPrintf("inject: warning: INJECT_DLL not set\n");
return FALSE;
}
} else {
static char szSharedMemCopy[MAX_PATH];
GetSharedMem(szSharedMemCopy, sizeof szSharedMemCopy);
szNewDllName = szSharedMemCopy;
}
if (VERBOSITY > 0) {
debugPrintf("inject: loading %s\n", szNewDllName);
}
g_hHookModule = LoadLibraryA(szNewDllName);
if (!g_hHookModule) {
debugPrintf("inject: warning: failed to load %s\n", szNewDllName);
return FALSE;
}
/*
* Hook kernel32.dll functions, and its respective Windows API Set.
*
* http://msdn.microsoft.com/en-us/library/dn505783.aspx (Windows 8.1)
* http://msdn.microsoft.com/en-us/library/hh802935.aspx (Windows 8)
*/
registerLibraryLoaderHooks("kernel32.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-1.dll");
registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-2-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-0.dll");
registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-1.dll");
registerProcessThreadsHooks("kernel32.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-0.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-1.dll");
registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-2.dll");
szNewDllBaseName = getBaseName(szNewDllName);
if (stricmp(szNewDllBaseName, "dxgitrace.dll") == 0) {
registerModuleHooks("dxgi.dll", g_hHookModule);
registerModuleHooks("d3d10.dll", g_hHookModule);
registerModuleHooks("d3d10_1.dll", g_hHookModule);
registerModuleHooks("d3d11.dll", g_hHookModule);
registerModuleHooks("d3d9.dll", g_hHookModule); // for D3DPERF_*
} else if (stricmp(szNewDllBaseName, "d2d1trace.dll") == 0) {
registerModuleHooks("d2d1.dll", g_hHookModule);
registerModuleHooks("dwrite.dll", g_hHookModule);
} else {
registerModuleHooks(szNewDllBaseName, g_hHookModule);
}
dumpRegisteredHooks();
patchAllModules();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
if (VERBOSITY > 0) {
debugPrintf("inject: DLL_PROCESS_DETACH\n");
}
break;
}
return TRUE;
}
