void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n" <<
"IIIII jjj tt dd !!! \n"
" III nn nnn eee cccc tt eee dd !!! \n"
" III nnn nn jjj ee e cc tttt ee e dddddd !!! \n"
" III nn nn jjj eeeee cc tt eeeee dd dd \n"
"IIIII nn nn jjj eeeee ccccc tttt eeeee dddddd !!! \n"
" jjjj \n\n";
std::cout << "NativeInjectionEntryPoint: Injected by process Id: " << inRemoteInfo->HostPID << "\n";
std::cout << "NativeInjectionEntryPoint: Passed in data size: " << inRemoteInfo->UserDataSize << "\n";
if (inRemoteInfo->UserDataSize == sizeof(DWORD))
{
gFreqOffset = *reinterpret_cast<DWORD *>(inRemoteInfo->UserData);
std::cout << "NativeInjectionEntryPoint: Adjusting Beep frequency by: " << gFreqOffset << "\n";
}
// Perform hooking
HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook
std::cout << "\n";
std::cout << "NativeInjectionEntryPoint: Win32 Beep found at address: " << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n";
// Install the hook
NTSTATUS result = LhInstallHook(
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"),
myBeepHook,
NULL,
&hHook);
if (FAILED(result))
{
std::wstring s(RtlGetLastErrorString());
std::wcout << "NativeInjectionEntryPoint: Failed to install hook: " << s << "\n";
}
else
{
std::cout << "NativeInjectionEntryPoint: Hook 'myBeepHook installed successfully.\n";
}
// If the threadId in the ACL is set to 0,
// then internally EasyHook uses GetCurrentThreadId()
ULONG ACLEntries[1] = { 0 };
// Disable the hook for the provided threadIds, enable for all others
LhSetExclusiveACL(ACLEntries, 1, &hHook);
return;
}
extern "C" __declspec(dllexport) void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO*)
{
try {
TRACED_HOOK_HANDLE globalallochook(new HOOK_TRACE_INFO());
LhInstallHook(GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlAllocateHeap"), MyRtlAllocateHeap, NULL, globalallochook);
ULONG ulTidList[1] = {};
LhSetExclusiveACL(ulTidList, 0, globalallochook);
g_vApiHookHandles.push_back(globalallochook);
// Wakeup the suspended process...
RhWakeUpProcess();
} catch (...) {
::OutputDebugStringW(L"Faultron: NativeInjectionEntryPoint() exception.");
RemoveAllApiHooks();
}
}
bool gdimm_hook::install_hook(HMODULE h_lib, LPCSTR proc_name, void *hook_proc)
{
NTSTATUS eh_ret;
const FARPROC proc_addr = GetProcAddress(h_lib, proc_name);
assert(proc_addr != NULL);
TRACED_HOOK_HANDLE h_hook = new HOOK_TRACE_INFO();
eh_ret = LhInstallHook(proc_addr, hook_proc, NULL, h_hook);
assert(eh_ret == 0);
ULONG thread_id_list = 0;
eh_ret = LhSetExclusiveACL(&thread_id_list, 0, h_hook);
assert(eh_ret == 0);
_hooks.push_back(h_hook);
return true;
}
BOOL CInjection::HookApi(void)
{
if( !MethodDesc::IsInitialized() )
{
s_nStatus = Status_Error_MethodDescInitializationFailed;
return FALSE;
}
if( !LoadedMethodDescIterator::IsInitialized() )
{
s_nStatus = Status_Error_LoadedMethodDescIteratorInitializationFailed;
return FALSE;
}
PFN_compileMethod pfnCompileMethod = &CInjection::compileMethod;
LPVOID * pAddr = (LPVOID*)&pfnCompileMethod;
NTSTATUS ntStatus = LhInstallHook( (PVOID&)ICorJitCompiler::s_pfnComplieMethod
, *pAddr
, NULL
, &s_hHookCompileMethod
);
if( ntStatus != STATUS_SUCCESS )
{
s_nStatus = Status_Error_HookCompileMethodFailed;
return FALSE;
}
ULONG ulThreadID = GetCurrentProcessId();
LhSetExclusiveACL( &ulThreadID, 1, &s_hHookCompileMethod);
s_nStatus = Status_Ready;
return TRUE;
}
