HOOKDEF(NTSTATUS, WINAPI, NtDelayExecution,
__in BOOLEAN Alertable,
__in PLARGE_INTEGER DelayInterval
) {
NTSTATUS ret = 0;
// do we want to skip this sleep?
if(sleep_skip_active != 0) {
FILETIME ft; LARGE_INTEGER li;
GetSystemTimeAsFileTime(&ft);
li.HighPart = ft.dwHighDateTime;
li.LowPart = ft.dwLowDateTime;
// check if we're still within the hardcoded limit
if(li.QuadPart < time_start.QuadPart + MAX_SLEEP_SKIP_DIFF * 10000) {
time_skipped.QuadPart += -DelayInterval->QuadPart;
// notify how much we've skipped
unsigned long milli = -DelayInterval->QuadPart / 10000;
LOQ("ls", "Milliseconds", milli, "Status", "Skipped");
return ret;
}
else {
sleep_skip_active = 0;
}
}
unsigned long milli = -DelayInterval->QuadPart / 10000;
LOQ2("l", "Milliseconds", milli);
return Old_NtDelayExecution(Alertable, DelayInterval);
}
HOOKDEF(int, WSAAPI, bind,
__in SOCKET s,
__in const struct sockaddr *name,
__in int namelen
) {
int ret = Old_bind(s, name, namelen);
if(ret == 0) {
LOQ("psl", "socket", s,
"ip", inet_ntoa(((struct sockaddr_in *) name)->sin_addr),
"port", htons(((struct sockaddr_in *) name)->sin_port));
}
else {
LOQ2("p", "socket", s);
}
return ret;
}
HOOKDEF(HWND, WINAPI, FindWindowExW,
__in_opt HWND hwndParent,
__in_opt HWND hwndChildAfter,
__in_opt LPWSTR lpszClass,
__in_opt LPWSTR lpszWindow
) {
HWND ret = Old_FindWindowExW(hwndParent, hwndChildAfter, lpszClass,
lpszWindow);
// lpszClass can be one of the predefined window controls.. which lay in
// the 0..ffff range
if(((DWORD_PTR) lpszClass & 0xffff) == (DWORD_PTR) lpszClass) {
LOQ("lu", "ClassName", lpszClass, "WindowName", lpszWindow);
}
else {
LOQ2("uu", "ClassName", lpszClass, "WindowName", lpszWindow);
}
return ret;
}
