static BOOL hookFunction(HMODULE hModule, const char *szModule, const char *pszDllName, const char *pszFunctionName, LPVOID lpNewAddress) { PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor = getImportDescriptor(hModule, szModule, pszDllName); if (pImportDescriptor == NULL) { return FALSE; } LPVOID* lpOldFunctionAddress = getOldFunctionAddress(hModule, pImportDescriptor, pszFunctionName); if (lpOldFunctionAddress == NULL) { return FALSE; } if (*lpOldFunctionAddress == lpNewAddress) { return TRUE; } if (VERBOSITY >= 3) { debugPrintf(" hooking %s->%s!%s\n", szModule, pszDllName, pszFunctionName); } return replaceAddress(lpOldFunctionAddress, lpNewAddress); }
static BOOL patchFunction(HMODULE hModule, const char *szModule, const char *pszDllName, T pImportDescriptor, const char *pszFunctionName, LPVOID lpNewAddress) { LPVOID* lpOldFunctionAddress = getOldFunctionAddress(hModule, pImportDescriptor, pszFunctionName); if (lpOldFunctionAddress == NULL) { return FALSE; } if (*lpOldFunctionAddress == lpNewAddress) { return TRUE; } DWORD Offset = (DWORD)(UINT_PTR)lpOldFunctionAddress - (UINT_PTR)hModule; if (VERBOSITY > 0) { debugPrintf("inject: patching %s!0x%lx -> %s!%s\n", szModule, Offset, pszDllName, pszFunctionName); } BOOL bRet; bRet = replaceAddress(lpOldFunctionAddress, lpNewAddress); if (!bRet) { debugPrintf("inject: failed to patch %s!0x%lx -> %s!%s\n", szModule, Offset, pszDllName, pszFunctionName); } return bRet; }
// See // http://www.microsoft.com/msj/1298/hood/hood1298.aspx // http://msdn.microsoft.com/en-us/library/16b2dyk5.aspx static LPVOID * getOldFunctionAddress(HMODULE hModule, PImgDelayDescr pDelayDescriptor, const char* pszFunctionName) { assert(pDelayDescriptor->rvaDLLName != 0); return getOldFunctionAddress(hModule, getDescriptorName(hModule, pDelayDescriptor), pDelayDescriptor->rvaINT, pDelayDescriptor->rvaIAT, pszFunctionName); }
static LPVOID * getOldFunctionAddress(HMODULE hModule, PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor, const char* pszFunctionName) { assert(pImportDescriptor->TimeDateStamp != 0 || pImportDescriptor->Name != 0); return getOldFunctionAddress(hModule, getDescriptorName(hModule, pImportDescriptor), pImportDescriptor->OriginalFirstThunk, pImportDescriptor->FirstThunk, pszFunctionName); }