FARPROC WINAPI CApiHookMgr::MyGetProcAddress(HMODULE hmod, PCSTR pszProcName) { // It is possible that multiple threads will call hooked GetProcAddress() // API, therefore we should make it thread safe because it accesses sm_pHookedFunctions // shared container. CLockMgr<CCSWrapper> lockMgr(sm_CritSec, TRUE); // // Get the original address of the function // FARPROC pfn = GetProcAddressWindows(hmod, pszProcName); // // Attempt to locate if the function has been hijacked // CHookedFunction* pFuncHook = sm_pHookedFunctions->GetHookedFunction( hmod, pszProcName ); if (NULL != pFuncHook) // // The address to return matches an address we want to hook // Return the hook function address instead // pfn = pFuncHook->Get_pfnHook(); return pfn; }
void WINAPI CApiHookMgr::HackModuleOnLoad(HMODULE hmod, DWORD dwFlags) { // // If a new module is loaded, just hook it // if ((hmod != NULL) && ((dwFlags & LOAD_LIBRARY_AS_DATAFILE) == 0)) { CLockMgr<CCSWrapper> lockMgr(sm_CritSec, TRUE); CHookedFunction* pHook; CHookedFunctions::const_iterator itr; for (itr = sm_pHookedFunctions->begin(); itr != sm_pHookedFunctions->end(); ++itr) { pHook = itr->second; pHook->ReplaceInOneModule( pHook->Get_CalleeModName(), pHook->Get_pfnOrig(), pHook->Get_pfnHook(), hmod ); } // for } // if }
BOOL CApiHookMgr::HookImport( PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnHook ) { CLockMgr<CCSWrapper> lockMgr(sm_CritSec, TRUE); BOOL bResult = FALSE; PROC pfnOrig = NULL; try { if (!sm_pHookedFunctions->GetHookedFunction( pszCalleeModName, pszFuncName )) { pfnOrig = GetProcAddressWindows( ::GetModuleHandleA(pszCalleeModName), pszFuncName ); // // It's possible that the requested module is not loaded yet // so lets try to load it. // if (NULL == pfnOrig) { HMODULE hmod = ::LoadLibraryA(pszCalleeModName); if (NULL != hmod) pfnOrig = GetProcAddressWindows( ::GetModuleHandleA(pszCalleeModName), pszFuncName ); } // if if (NULL != pfnOrig) bResult = AddHook( pszCalleeModName, pszFuncName, pfnOrig, pfnHook ); } // if } catch(...) { } // try..catch return bResult; }
BOOL CApiHookMgr::UnHookImport( PCSTR pszCalleeModName, PCSTR pszFuncName ) { CLockMgr<CCSWrapper> lockMgr(sm_CritSec, TRUE); BOOL bResult = TRUE; try { bResult = RemoveHook(pszCalleeModName, pszFuncName); } catch (...) { } return bResult; }
// // Setup the attribute // void CCustomThread::SetIsActive(BOOL bValue) { CLockMgr<CCSWrapper> lockMgr(m_CritSec, TRUE); m_bThreadActive = bValue; }
// // Indicates whether the driver has been activated // BOOL CCustomThread::GetIsActive() { CLockMgr<CCSWrapper> lockMgr(m_CritSec, TRUE); return m_bThreadActive; }