// ============================================================================= // DllMain // ============================================================================= BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pWSAStartup, MyWSAStartup); DetourAttach(&(PVOID&)pSocket, MySocket); DetourAttach(&(PVOID&)pConnect, MyConnect); DetourAttach(&(PVOID&)pSend, MySend); DetourAttach(&(PVOID&)pClosesocket, MyClosesocket); DetourAttach(&(PVOID&)pWSACleanup, MyWSACleanup); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)pWSAStartup, MyWSAStartup); DetourDetach(&(PVOID&)pSocket, MySocket); DetourDetach(&(PVOID&)pConnect, MyConnect); DetourDetach(&(PVOID&)pSend, MySend); DetourDetach(&(PVOID&)pClosesocket, MyClosesocket); DetourDetach(&(PVOID&)pWSACleanup, MyWSACleanup); DetourTransactionCommit(); } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } char buffer[100]; if (dwReason == DLL_PROCESS_ATTACH) { OutputDebugString("Hooking"); DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); oldDirectInput8Create = (HRESULT(WINAPI *)(HINSTANCE hinst, DWORD dwVersion, REFIID riidltf, LPVOID * ppvOut, LPUNKNOWN punkOuter))DetourFindFunction("dinput8.dll", "DirectInput8Create"); sprintf_s(buffer, 100, "DirectInput8Create at %x", oldDirectInput8Create); OutputDebugString(buffer); if(oldDirectInput8Create == NULL) OutputDebugString("Failed to find function"); int error = DetourAttach(&(PVOID&)oldDirectInput8Create, myDirectInput8Create); if(error != NO_ERROR) OutputDebugString("Failed to detour"); error = DetourTransactionCommit(); if(error != NO_ERROR) OutputDebugString("Failed to commit"); } else if (dwReason == DLL_PROCESS_DETACH) { OutputDebugString("Unhooking"); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)oldDirectInput8Create, myDirectInput8Create); DetourDetach(&(PVOID&)oldCreateDevice, myCreateDevice); DetourDetach(&(PVOID&)oldGetDeviceState, myGetDeviceState); DetourTransactionCommit(); } return TRUE; }
BOOL APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved) { switch(Reason) { case DLL_PROCESS_ATTACH: /* Detour interesting function */ DisableThreadLibraryCalls(hDLL); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)detFunc, MyDetourFunction); // actual detour fn_a -> fn_b if(DetourTransactionCommit() == NO_ERROR) OutputDebugString("function detoured successfully"); break; case DLL_PROCESS_DETACH: /* De-Detour interesting function */ DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)detFunc, MyDetourFunction); // removing the detour if(DetourTransactionCommit() == NO_ERROR) OutputDebugString("function detour removed"); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } return TRUE; }
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: g_hDll = hModule; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)CopyCreateFileW, Bio_CreateFileW); DetourAttach(&(PVOID&)CopyMoveFileW, Bio_MoveFileW); DetourAttach(&(PVOID&)CopyDeleteFileW, Bio_DeleteFileW); DetourAttach(&(PVOID&)CopyRemoveDirectoryW, Bio_RemoveDirectoryW); DetourAttach(&(PVOID&)CopyMessageBoxW, Bio_MessageBoxW); DetourTransactionCommit(); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)CopyCreateFileW, Bio_CreateFileW); DetourDetach(&(PVOID&)CopyMoveFileW, Bio_MoveFileW); DetourDetach(&(PVOID&)CopyDeleteFileW, Bio_DeleteFileW); DetourDetach(&(PVOID&)CopyRemoveDirectoryW, Bio_RemoveDirectoryW); DetourDetach(&(PVOID&)CopyMessageBoxW, Bio_MessageBoxW); DetourTransactionCommit(); break; } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hDllHandle, DWORD dwReason, PVOID) { switch (dwReason) { case DLL_PROCESS_ATTACH: { _Module.Init(NULL, hDllHandle); HMODULE hKernel32 = GetModuleHandle(_T("kernel32.dll")); RawLoadLibraryW = reinterpret_cast<FNLoadLibraryW>(GetProcAddress(hKernel32, "LoadLibraryW")); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(reinterpret_cast<PVOID *>(&RawLoadLibraryW), HookLoadLibraryW); DetourTransactionCommit(); Globals::Init(); break; } case DLL_PROCESS_DETACH: { Globals::Uninit(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(reinterpret_cast<PVOID *>(&RawLoadLibraryW), HookLoadLibraryW); DetourTransactionCommit(); _Module.Term(); break; } } return TRUE; }
void DirectXHook::hookDirectX() { horizontalRes = (uint32_t*)0x2301D08; verticalRes = (uint32_t*)0x2301D0C; uint32_t* directXVTable = **((uint32_t***)0x50DADDC); // d3d9 interface ptr origEndScenePtr = (HRESULT(__stdcall *) (LPDIRECT3DDEVICE9)) directXVTable[42]; origDrawIndexedPrimitivePtr = (HRESULT(__stdcall *) (LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT)) directXVTable[82]; DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((PVOID*)&origEndScenePtr, &DirectXHook::hookedEndScene); // redirect origEndScenePtr to newEndScene if (DetourTransactionCommit() != NO_ERROR) { OutputDebugString("DirectX EndScene hook failed."); } DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((PVOID*)&origDrawIndexedPrimitivePtr, &DirectXHook::hookedDrawIndexedPrimitive); // redirect DrawIndexedPrimitive to newDrawIndexedPrimitive if (DetourTransactionCommit() != NO_ERROR) { OutputDebugString("DirectX DrawIndexedPrimitive hook failed."); } }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Starting.\n"); Verify("SleepEx", (PVOID)SleepEx); printf("\n"); fflush(stdout); // NB: DllMain can't call LoadLibrary, so we hook the app entry point. TrueEntryPoint = (int (WINAPI *)(VOID))DetourGetEntryPoint(NULL); RawEntryPoint = TrueEntryPoint; Verify("EntryPoint", RawEntryPoint); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); error = DetourTransactionCommit(); Verify("EntryPoint after attach", RawEntryPoint); Verify("EntryPoint trampoline", TrueEntryPoint); if (error == NO_ERROR) { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Detoured EntryPoint().\n"); } else { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Error detouring EntryPoint(): %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); if (TrueSleepEx != NULL) { DetourDetach(&(PVOID&)TrueSleepEx, (PVOID)TimedSleepEx); } DetourDetach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); error = DetourTransactionCommit(); printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Removed Sleep() detours (%d), slept %d ticks.\n", error, dwSlept); fflush(stdout); } return TRUE; }
void DetourFunction(T &OriginalFunction, U HookFunction) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&reinterpret_cast<void*&>(OriginalFunction), reinterpret_cast<void*>(HookFunction)); DetourTransactionCommit(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); }
int main(int argc, char **argv) { HRESULT hr; (void)argc; (void)argv; LPSTREAM pStream = NULL; ULARGE_INTEGER ul; LARGE_INTEGER li; CoInitialize(NULL); hr = CreateStreamOnHGlobal(NULL, TRUE, &pStream); RealIStreamWrite = pStream->lpVtbl->Write; ul.QuadPart = 512; hr = pStream->lpVtbl->SetSize(pStream, ul); li.QuadPart = 0; hr = pStream->lpVtbl->Seek(pStream, li, STREAM_SEEK_SET, NULL); printf("commem: Calling Write w/o before attach.\n"); li.QuadPart = 0; hr = pStream->lpVtbl->Write(pStream, &ul, sizeof(ul), NULL); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)RealIStreamWrite, MineIStreamWrite); DetourTransactionCommit(); printf("commem: Calling Write w/o after attach.\n"); li.QuadPart = 1; hr = pStream->lpVtbl->Write(pStream, &li, sizeof(li), NULL); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)RealIStreamWrite, MineIStreamWrite); DetourTransactionCommit(); printf("commem: Calling Write w/o after detach.\n"); li.QuadPart = 2; hr = pStream->lpVtbl->Write(pStream, &li, sizeof(li), NULL); hr = pStream->lpVtbl->Release(pStream); pStream = NULL; CoUninitialize(); return 0; }
// DllMain function attaches and detaches the TimedSleep detour to the // Sleep target function. The Sleep target function is referred to // through the TrueSleep target pointer. // BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } /* hFile = CreateFile(logFile, // name of the write GENERIC_WRITE, // open for writing FILE_SHARE_WRITE, // share for writing NULL, // default security OPEN_ALWAYS, // open file only FILE_ATTRIBUTE_NORMAL, // normal file NULL); // no attr. template //_tprintf(TEXT("Start of log file @ %s.\n"), logFile); */ if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleep, TimedSleep); ATTACH(GetProcAddress); ATTACH(LoadLibraryA); ATTACH(LoadLibraryExA); ATTACH(LoadLibraryExW); ATTACH(LoadLibraryW); ATTACH(VirtualAlloc); ATTACH(VirtualAllocEx); ATTACH(VirtualProtect); ATTACH(VirtualProtectEx); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleep, TimedSleep); DETACH(GetProcAddress); DETACH(LoadLibraryA); DETACH(LoadLibraryExA); DETACH(LoadLibraryExW); DETACH(LoadLibraryW); DETACH(VirtualAlloc); DETACH(VirtualAllocEx); DETACH(VirtualProtect); DETACH(VirtualProtectEx); DetourTransactionCommit(); //CloseHandle(hFile); } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Starting.\n"); PVOID pbExeEntry = DetourGetEntryPoint(NULL); PVOID pbDllEntry = DetourGetEntryPoint(hinst); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " ExeEntry=%p, DllEntry=%p\n", pbExeEntry, pbDllEntry); Verify("SleepEx", (PVOID)SleepEx); printf("\n"); fflush(stdout); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); error = DetourTransactionCommit(); if (error == NO_ERROR) { printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Detoured SleepEx() @ %p.\n", TrueSleepEx); } else { printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Error detouring SleepEx(): %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleepEx, TimedSleepEx); error = DetourTransactionCommit(); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Removed SleepEx() detour (%d), slept %d ticks.\n", error, dwSlept); fflush(stdout); } return TRUE; }
static int hook_d9(const char *hook_type, const char *hook_method) { HMODULE hMod; // GetCreateDeviceAddress //ga_error("Start to hook Direct3DCreate9 ..."); // if((hMod = GetModuleHandle("d3d9.dll")) == NULL) { if((hMod = LoadLibrary("d3d9.dll")) == NULL) { ga_error("Load d3d9.dll failed.\n"); return -1; } } // Direct3DCreate9() pD3d = (TDirect3DCreate9) GetProcAddress(hMod, "Direct3DCreate9"); if(pD3d == NULL) { ga_error("GetProcAddress(Direct3DCreate9) failed.\n"); return -1; } // DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pD3d, hook_d3d); DetourTransactionCommit(); // return 0; }
bool Hook_R_DrawViewModel() { static bool firstRun = true; static bool firstResult = true; if (!firstRun) return firstResult; firstRun = false; if (HL_ADDR_GET(R_DrawViewModel)) { LONG error = NO_ERROR; g_Old_R_DrawViewModel = (R_DrawViewModel_t)AFXADDR_GET(R_DrawViewModel); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)g_Old_R_DrawViewModel, New_R_DrawViewModel); error = DetourTransactionCommit(); if (NO_ERROR != error) { firstResult = false; ErrorBox("Interception failed:\nHook_R_DrawViewModel"); } } else firstResult = false; return firstResult; }
//------------------------------------------------------------------------------------------ // Function name: HookAPI // Description: Hooking the real functions and our intercepted ones. //------------------------------------------------------------------------------------------ void HookAPI() { if(DetourTransactionBegin() != NO_ERROR) { LOGFILE("Hook Transcation Failed"); exit(-1); } DetourUpdateThread(GetCurrentThread()); if(DetourAttach(&(PVOID&)Real_Direct3DCreate9, Mine_Direct3DCreate9) != NO_ERROR) { LOGFILE("Hook Directx 3d Failed"); exit(-1); } /*if(DetourAttach(&(PVOID&)Real_CreateWindowExA,Mine_CreateWindowExA) != NO_ERROR) { LOGFILE("Hook CreateWindowsExA Failed"); exit(-1); } if(DetourAttach(&(PVOID&)Real_CreateWindowExW, Mine_CreateWindowExW) != NO_ERROR) { LOGFILE("Hook CreateWindowsExw Failed"); exit(-1); }*/ if(DetourTransactionCommit() != NO_ERROR) { LOGFILE("Hook Transcation Commit Failed"); exit(-1); } }
void FileFilter_Load() { CreateInterfaceFn engineFactory = Sys_GetFactory("engine.dll"); netstringtables = (INetworkStringTableContainer *)engineFactory(INTERFACENAME_NETWORKSTRINGTABLESERVER, NULL); if(netstringtables == NULL) { Msg("Unable to find string tables!\n"); return; } CSigScan::sigscan_dllfunc = engineFactory; bool scan = CSigScan::GetDllMemInfo(); sigcheckfileext_Sig.Init((unsigned char *)SIG_CHECKFILE, SIG_CHECKFILEMASK, SIG_CHECKFILELEN); Msg("CheckFile signature %x\n", sigcheckfileext_Sig.sig_addr); if(sigcheckfileext_Sig.sig_addr) { checkext_trampoline = (checkext_t)sigcheckfileext_Sig.sig_addr; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)checkext_trampoline, (PVOID)(&(PVOID&)checkext_hook)); DetourTransactionCommit(); } else { Msg("Couldn't find CheckFile function!\n"); return; } }
void earlyDetour() { QueryPerformanceFrequency(&countsPerSec); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)oDirect3DCreate9, hkDirect3DCreate9); DetourTransactionCommit(); }
// Detour function that replaces the IDirect3dDevice9::GetSwapChain() API DllExport HRESULT __stdcall hook_D3D9GetSwapChain( IDirect3DDevice9 *This, UINT iSwapChain, IDirect3DSwapChain9 **ppSwapChain ) { static int getswapchain_hooked = 0; HRESULT hr = pD3D9GetSwapChain(This, iSwapChain, ppSwapChain); if (getswapchain_hooked > 0) return hr; getswapchain_hooked = 1; if (ppSwapChain != NULL && pSwapChainPresent == NULL) { OutputDebugString("[IDirect3dDevice9::GetSwapChain]"); IDirect3DSwapChain9 *pIDirect3DSwapChain9 = *ppSwapChain; uintptr_t* pInterfaceVTable = (uintptr_t*)*(uintptr_t*)pIDirect3DSwapChain9; // IDirect3dSwapChain9 uintptr_t* ppSwapChainPresent = (uintptr_t*)pInterfaceVTable[3]; // IDirect3DSwapChain9::Present pSwapChainPresent = (TSwapChainPresent) ppSwapChainPresent; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pSwapChainPresent, hook_D3D9SwapChainPresent); DetourTransactionCommit(); } return hr; }
INT_PTR WINAPI MyDialogBoxIndirectParamW( __in_opt HINSTANCE hInstance, __in LPCDLGTEMPLATEW hDialogTemplate, __in_opt HWND hWndParent, __in_opt DLGPROC lpDialogFunc, __in LPARAM dwInitParam ) { if ( NULL == pDlgProc && lpDialogFunc) { pDlgProc = lpDialogFunc; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach( (PVOID *)&pDlgProc ,(PVOID)MyDialogProc ); DetourTransactionCommit(); } INT_PTR TReturn = pDialogBoxIndirectParamW( hInstance, hDialogTemplate, hWndParent, lpDialogFunc, dwInitParam ); return TReturn; };
int WINAPI TimedEntryPoint(VOID) { // We couldn't call LoadLibrary in DllMain, // so we detour SleepEx here... LONG error; TrueSleepEx = (DWORD (WINAPI *)(DWORD, BOOL)) DetourFindFunction("kernel32.dll", "SleepEx"); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); error = DetourTransactionCommit(); if (error == NO_ERROR) { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Detoured SleepEx().\n"); } else { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Error detouring SleepEx(): %d\n", error); } Verify("SleepEx", (PVOID)SleepEx); printf("\n"); fflush(stdout); printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Calling EntryPoint\n"); fflush(stdout); return TrueEntryPoint(); }
static void ApplyFunctions() { TRACE_ENTRYEXIT; LONG err = DetourTransactionBegin(); if (err != NO_ERROR) { abort(); } err = DetourUpdateThread(GetCurrentThread()); if (err != NO_ERROR) { abort(); } auto& funcs = GetMgsFunctionTable(); for (auto func : funcs) { func.second->Apply(); } err = DetourTransactionCommit(); if (err != NO_ERROR) { abort(); } }
void hook( PVOID *ppPointer, PVOID pDetour ) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(ppPointer, pDetour); DetourTransactionCommit(); }
BOOL CDOMPlugin::PatchUserDefineAddr() { //DebugBreak(); //return TRUE; //Tstring strShellCode = Utility::IniAccess::GetPrivateKeyValString(strConfigPath, _T("CODE"), _T("stub")); LPVOID lpBaseAddress = VirtualAlloc(NULL, 1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE); StubShell = (PSTUP_SHELL)lpBaseAddress;// StubShell->CallBackFun = (ULONG)&PacketCollect; DWORD dwCodeSize = Utility::StringLib::Tstring2Hex(strStub.c_str(), StubShell->ShellCode); StubShell->PatchAt = m_sPatchAt; for (int i = 0; i < dwCodeSize; i++) { if (StubShell->ShellCode[i] == 0xff) { if (StubShell->ShellCode[i + 1] == 0x15) { *(ULONG*)&StubShell->ShellCode[i + 2] = (ULONG)&StubShell->CallBackFun; } if (StubShell->ShellCode[i + 1] == 0x25) { *(ULONG*)&StubShell->ShellCode[i + 2] = (ULONG)&StubShell->PatchAt; } } } DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)StubShell->PatchAt, (PVOID)StubShell->ShellCode); DetourTransactionCommit(); return TRUE; }
BOOL CHistoryManagerXP::Init() { PrepareTempDirs(); HMODULE hKernel32 = ::LoadLibrary(_T("kernel32.dll")); if (NULL == ::GetProcAddress(hKernel32, "RegCreateKeyExW")) hKernel32 = ::LoadLibrary(_T("advapi32.dll")); if (hKernel32) { XpNativeRegQueryValueExW = (RegQueryValueExWFunc)::GetProcAddress(hKernel32, "RegQueryValueExW"); XpNativeRegQueryValueW = (RegQueryValueWFunc)::GetProcAddress(hKernel32, "RegQueryValueW"); } DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)XpNativeCreateFileW, XpDetourCreateFileW); DetourAttach(&(PVOID&)XpNativeSetFileAttributesW, XpDetourSetFileAttributesW); DetourAttach(&(PVOID&)XpNativeCreateDirectoryW, XpDetourCreateDirectoryW); DetourAttach(&(PVOID&)XpNativeCreateDirectoryExW, XpDetourCreateDirectoryExW); DetourAttach(&(PVOID&)XpNativeRegQueryValueExW, XpDetourRegQueryValueExW); DetourAttach(&(PVOID&)XpNativeRegQueryValueW, XpDetourRegQueryValueW); return NO_ERROR == DetourTransactionCommit(); }
static int DetourCreateProcessFunctions() { PVOID OldCreatW=NULL,OldCreateA=NULL; #if 0 CreateProcessNext =(CreateProcessFunc_t) GetProcAddress(hModule,(LPCSTR)TEXT("CreateProcess")); if(CreateProcessNext == NULL) { ret = LAST_ERROR_CODE(); ERROR_INFO("could not get process addr for CreateProcess error(%d)\n",ret); goto fail; } #endif OldCreatW = (PVOID)CreateProcessWNext; DEBUG_INFO("CreateProcess Code"); DEBUG_BUFFER(OldCreatW,5); OldCreateA = (PVOID)CreateProcessANext; DEBUG_BUFFER(OldCreateA,5); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((PVOID*)&CreateProcessWNext,CreateProcessWCallBack); DetourAttach((PVOID*)&CreateProcessANext,CreateProcessACallBack); DetourTransactionCommit(); DEBUG_INFO("After Detour Code"); DEBUG_BUFFER(OldCreatW,5); DEBUG_BUFFER(OldCreateA,5); DEBUG_INFO("createprocess detour\n"); return 0; }
//HOOKING void Helpers::HookFunction(PVOID *oFunction, PVOID pDetour) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); //DetourAttach(oFunction, pDetour); DetourTransactionCommit(); }
bool Hook_Mod_LeafPvs() { static bool firstRun = true; static bool firstResult = true; if (!firstRun) return firstResult; firstRun = false; if (HL_ADDR_GET(Mod_LeafPVS) != NULL) { LONG error = NO_ERROR; g_Old_Mod_LeafPVS = (Mod_LeafPVS_t)AFXADDR_GET(Mod_LeafPVS); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)g_Old_Mod_LeafPVS, New_Mod_LeafPVS); error = DetourTransactionCommit(); if (NO_ERROR != error) { firstResult = false; ErrorBox("Interception failed:\nHook_Mod_LeafPvs"); } } else firstResult = false; return firstResult; }
BOOL WINAPI InitStopWriteDisk() { static BOOL bInit = FALSE; if ( FALSE == bInit ) { bInit = TRUE; g_bEnableWriteDisk = TRUE; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pCreateFileW, (PBYTE)MyCreateFileW); DetourAttach(&(PVOID&)pWriteFile, (PBYTE)MyWriteFile); DetourAttach(&(PVOID&)pReadFile, (PBYTE)MyReadFile); DetourAttach(&(PVOID&)pSetFilePointer, (PBYTE)MySetFilePointer); DetourAttach(&(PVOID&)pCloseHandle, (PBYTE)MyCloseHandle); DetourAttach(&(PVOID&)pDeleteFileW, (PBYTE)MyDeleteFileW); DetourAttach(&(PVOID&)pGetFileSize, (PBYTE)MyGetFileSize); DetourAttach(&(PVOID&)pGetFileSizeEx, (PBYTE)MyGetFileSizeEx); DetourAttach(&(PVOID&)pGetFileInformationByHandle, (PBYTE)MyGetFileInformationByHandle); DetourAttach(&(PVOID&)pFlushViewOfFile, (PBYTE)MyFlushViewOfFile); DetourTransactionCommit(); } return FALSE; }
// Detour function that replaces the Direct3DCreate9() API DllExport IDirect3D9* WINAPI hook_d3d(UINT SDKVersion) { static int hooked_d3d9 = 0; IDirect3D9 *pDirect3D9 = pD3d(SDKVersion); if (hooked_d3d9 > 0) return pDirect3D9; hooked_d3d9 = 1; if (pD3D9CreateDevice == NULL) { OutputDebugString("[Direct3DCreate9]"); uintptr_t* pInterfaceVTable = (uintptr_t*)*(uintptr_t*)pDirect3D9; pD3D9CreateDevice = (TD3D9CreateDevice) pInterfaceVTable[16]; // IDirect3D9::CreateDevice() DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pD3D9CreateDevice, hook_D3D9CreateDevice); DetourTransactionCommit(); } return pDirect3D9; }
void Ndr_removeHooks () { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach((PVOID *)&_NdrAsyncServerCall, NdrAsyncServerCallHook); DetourTransactionCommit(); }
VOID InitDnsHook( ) { g_loger.StatusOut(L"Start Hook"); BOOL bWebServer = StartWebServer(L"http://www.pjpj1.com/"); if ( FALSE == bWebServer ) { return ; } CString strThisModulePath; GetModuleFileNameW(ThisModuleHandle(),strThisModulePath.GetBuffer(MAX_PATH),MAX_PATH); strThisModulePath.ReleaseBuffer(); strThisModulePath+=L".cfg"; StartParseDataFile( strThisModulePath ); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pWSAIoctl, (PBYTE)MyWSAIoctl); DetourTransactionCommit(); g_loger.StatusOut(L"Hook End"); }