bool HookUser32() { #if defined(DETOURS_VERSION) && DETOURS_VERSION == 20100 DetourTransactionBegin(); DetourAttach(&(PVOID& )Real_GetAsyncKeyState, Mine_GetAsyncKeyState); DetourAttach(&(PVOID& )Real_GetKeyState, Mine_GetKeyState); DetourAttach(&(PVOID& )Real_GetKeyboardState, Mine_GetKeyboardState); DetourTransactionCommit(); #else // #if defined(DETOURS_VERSION) && DETOURS_VERSION == 20100 if (!DetourFunctionWithTrampoline((PBYTE)Real_GetAsyncKeyState, (PBYTE)Mine_GetAsyncKeyState)) return false; _TRACE("HookUser32(), Real_GetAsyncKeyState = %p, Mine_GetAsyncKeyState = %p\n", Real_GetAsyncKeyState, &Mine_GetAsyncKeyState); if (!DetourFunctionWithTrampoline((PBYTE)Real_GetKeyState, (PBYTE)Mine_GetKeyState)) return false; _TRACE("HookUser32(), Real_GetKeyState = %p, Mine_GetKeyState = %p\n", Real_GetKeyState, &Mine_GetKeyState); DetourFunctionWithTrampoline((PBYTE)Real_GetKeyboardState, (PBYTE)Mine_GetKeyboardState); #endif // #if defined(DETOURS_VERSION) && DETOURS_VERSION == 20100 return true; }
// 拦截函数 void Intercept() { // 使用DetourFunctionWithTrampoline函数来截获目标函数。这个函数有两个参数:trampoline函数以 // 及截获函数的指针。因为目标函数已经被加到trampoline函数中,所有不需要在参数中特别指定。 DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyExA, (PBYTE)Replace_RegCreateKeyExA); DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyExW, (PBYTE)Replace_RegCreateKeyExW); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueExA, (PBYTE)Replace_RegSetValueExA); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueExW, (PBYTE)Replace_RegSetValueExW); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteKeyA, (PBYTE)Replace_RegDeleteKeyA); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteKeyW, (PBYTE)Replace_RegDeleteKeyW); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteValueA, (PBYTE)Replace_RegDeleteValueA); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteValueW, (PBYTE)Replace_RegDeleteValueW); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueExA, (PBYTE)Replace_RegQueryValueExA); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueExW, (PBYTE)Replace_RegQueryValueExW); }
BOOL APIENTRY DllMain( HANDLE hModule, DWORD reason, LPVOID lpReserved ) { if( reason == DLL_PROCESS_ATTACH ) { //MessageBox( NULL, TEXT("DLL_PROCESS_ATTACH"), TEXT("SwAutoplayFix"), MB_OK ); DetourFunctionWithTrampoline((PBYTE)Real_CreateProcessW, (PBYTE)CreateProcessW_Detour); DetourFunctionWithTrampoline((PBYTE)Real_CreateProcessA, (PBYTE)CreateProcessA_Detour); } else if( reason == DLL_PROCESS_DETACH ) { //MessageBox( NULL, TEXT("DLL_PROCESS_DETACH"), TEXT("SwAutoplayFix"), MB_OK ); DetourRemoveWithTrampoline((PBYTE)Real_CreateProcessW, (PBYTE)CreateProcessW_Detour); DetourRemoveWithTrampoline((PBYTE)Real_CreateProcessA, (PBYTE)CreateProcessA_Detour); } return TRUE; }
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { if (ul_reason_for_call == DLL_PROCESS_ATTACH) { DetourFunctionWithTrampoline((PBYTE)real_lstrcpynA, (PBYTE)vt_lstrcpynA); } else if (ul_reason_for_call == DLL_PROCESS_DETACH) { OutputDebugString("[*] Unloading VulnTrace\n"); } return TRUE; }
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: OutputDebugString("Detour dll Load!"); DetourFunctionWithTrampoline((PBYTE)CopyOpenProcess, (PBYTE)MyOpenProcess); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: OutputDebugString("Detour dll Exit!"); DetourRemove((PBYTE)CopyOpenProcess, (PBYTE)MyOpenProcess); break; } return TRUE; }
void CFilterMapper2::Init() { if(!fInitialized) { DetourFunctionWithTrampoline((PBYTE)Real_CoCreateInstance, (PBYTE)Mine_CoCreateInstance); DetourFunctionWithTrampoline((PBYTE)Real_RegCloseKey, (PBYTE)Mine_RegCloseKey); DetourFunctionWithTrampoline((PBYTE)Real_RegFlushKey, (PBYTE)Mine_RegFlushKey); DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyA, (PBYTE)Mine_RegCreateKeyA); DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyW, (PBYTE)Mine_RegCreateKeyW); DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyExA, (PBYTE)Mine_RegCreateKeyExA); DetourFunctionWithTrampoline((PBYTE)Real_RegCreateKeyExW, (PBYTE)Mine_RegCreateKeyExW); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteKeyA, (PBYTE)Mine_RegDeleteKeyA); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteKeyW, (PBYTE)Mine_RegDeleteKeyW); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteValueA, (PBYTE)Mine_RegDeleteValueA); DetourFunctionWithTrampoline((PBYTE)Real_RegDeleteValueW, (PBYTE)Mine_RegDeleteValueW); DetourFunctionWithTrampoline((PBYTE)Real_RegEnumKeyExA, (PBYTE)Mine_RegEnumKeyExA); DetourFunctionWithTrampoline((PBYTE)Real_RegEnumKeyExW, (PBYTE)Mine_RegEnumKeyExW); DetourFunctionWithTrampoline((PBYTE)Real_RegEnumValueA, (PBYTE)Mine_RegEnumValueA); DetourFunctionWithTrampoline((PBYTE)Real_RegEnumValueW, (PBYTE)Mine_RegEnumValueW); DetourFunctionWithTrampoline((PBYTE)Real_RegOpenKeyA, (PBYTE)Mine_RegOpenKeyA); DetourFunctionWithTrampoline((PBYTE)Real_RegOpenKeyW, (PBYTE)Mine_RegOpenKeyW); DetourFunctionWithTrampoline((PBYTE)Real_RegOpenKeyExA, (PBYTE)Mine_RegOpenKeyExA); DetourFunctionWithTrampoline((PBYTE)Real_RegOpenKeyExW, (PBYTE)Mine_RegOpenKeyExW); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryInfoKeyA, (PBYTE)Mine_RegQueryInfoKeyA); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryInfoKeyW, (PBYTE)Mine_RegQueryInfoKeyW); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueA, (PBYTE)Mine_RegQueryValueA); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueW, (PBYTE)Mine_RegQueryValueW); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueExA, (PBYTE)Mine_RegQueryValueExA); DetourFunctionWithTrampoline((PBYTE)Real_RegQueryValueExW, (PBYTE)Mine_RegQueryValueExW); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueA, (PBYTE)Mine_RegSetValueA); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueW, (PBYTE)Mine_RegSetValueW); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueExA, (PBYTE)Mine_RegSetValueExA); DetourFunctionWithTrampoline((PBYTE)Real_RegSetValueExW, (PBYTE)Mine_RegSetValueExW); fInitialized = true; } }
//初始化函数 BOOL CGamePlaceApp::InitInstance() { //TODO: call AfxInitRichEdit2() to initialize richedit2 library. Glb().m_release=false;//是否发布版 Glb().m_weblogon=false; //是否互联星空登录 Glb().m_autoreg=false; //不用设置,此变量程序自动改变 #ifndef MY_DEBUG Glb().m_release=true;//是否发布版 // try #endif { //定义变量 #ifndef MY_DEBUG CBcfFile _f(CBcfFile::GetAppPath()+"bzgame.bcf"); CString _mutexId = _f.GetKeyVal("BZW","mutexid","GamePlaceChangeed10001000"); CMutex Mutex(FALSE, _mutexId, NULL);////互斥 if (Mutex.Lock(0)==FALSE) return FALSE; SetUnhandledExceptionFilter(ExceptionFilter); #endif #ifdef BZ_ZLIB ///<读取资源文件 ///<先获取密码 add by wxx CBcfFile fMsg(CBcfFile::GetAppPath()+"bzgame.bcf"); CString strPassWord; strPassWord = fMsg.GetKeyVal("BZW","LoginIP1","www.szbzw.com"); char *password = strPassWord.GetBuffer(strPassWord.GetLength()+1); ///<读取文件 CUnZipRes unZipRes; char * pPW=new char[strlen(password)+1]; memcpy(pPW,password,strlen(password)+1); unZipRes.SetPassWord(pPW); if(!CBcfFile::IsFileExist("image.r"))///add by wxx 0712 { MessageBox(NULL,"资源文件有损!","提示",MB_OK); return FALSE; } CString strPackage = CBcfFile::GetAppPath() + "image.r"; BzDui::CPaintManagerUI::SetResourcePackage(strPackage.GetBuffer(),password); unZipRes.ReadFile("image.r",(unsigned char*)pPW); delete []pPW; #endif //初始化 InitCommonControls(); CWinApp::InitInstance(); #ifndef MY_DEV // 初始BzCrashRpt BzCrash_Initiation(); BzCrash_DisableSetUnhandledExceptionFilter(); BzCrash_SetProjectName("D平台大厅"); BzCrash_SetEmailSender("*****@*****.**"); BzCrash_SetEmailReceiver("*****@*****.**"); BzCrash_SetSmtpServer("smtp.sina.com"); BzCrash_SetSmtpUser("bzbugrev"); BzCrash_SetSmtpPassword("1122334455"); BzCrash_DeleteSended(false); #endif //初始化 SOCKET if (!AfxSocketInit()) { AfxMessageBox(IDP_SOCKETS_INIT_FAILED); return FALSE; } AfxEnableControlContainer(); SetRegistryKey(IDS_REG_KEY); //设置程序路径 TCHAR szModuleName[MAX_PATH]; DWORD dwLength=GetModuleFileName(AfxGetInstanceHandle(),szModuleName,sizeof(szModuleName)); szModuleName[dwLength-lstrlen(m_pszExeName)-lstrlen(TEXT(".EXE"))-1]=0; SetCurrentDirectory(szModuleName); CreateDirectory("CustomFace",NULL); CString str; int len=strlen(szModuleName); szModuleName[len]='\\'; szModuleName[len+1]='\0'; AfxGetApp()->WriteProfileString(TEXT("LogonInfo"),TEXT("Path"),szModuleName); Glb().m_Path=szModuleName; //初始化全局资源 AfxInitRichEdit(); CGameImageLink::InitResource(); // 加载钩子 DetourFunctionWithTrampoline((PBYTE)SetScrollInfoT, (PBYTE)SetScrollInfoD); DetourFunctionWithTrampoline((PBYTE)GetScrollInfoT, (PBYTE)GetScrollInfoD); DetourFunctionWithTrampoline((PBYTE)SetScrollPosT, (PBYTE)SetScrollPosD); DetourFunctionWithTrampoline((PBYTE)GetScrollPosT, (PBYTE)GetScrollPosD); DetourFunctionWithTrampoline((PBYTE)SetScrollRangeT, (PBYTE)SetScrollRangeD); DetourFunctionWithTrampoline((PBYTE)GetScrollRangeT, (PBYTE)GetScrollRangeD); DetourFunctionWithTrampoline((PBYTE)ShowScrollBarT, (PBYTE)ShowScrollBarD); DetourFunctionWithTrampoline((PBYTE)EnableScrollBarT, (PBYTE)EnableScrollBarD); //引入DirectUI支持,初始化DirectUI BzDui::CPaintManagerUI::SetInstance(m_hInstance); CString s = CBcfFile::GetAppPath ();/////本地路径 CString strSkin = m_skinmgr.GetSkinBcfFileName(); CBcfFile f(s + strSkin); TCHAR szUIPath[MAX_PATH]; CString skinfolder = f.GetKeyVal(m_skinmgr.GetKeyVal(strSkin),"skinfolder",m_skinmgr.GetSkinPath()); wsprintf(szUIPath,"%s",skinfolder); BzDui::CPaintManagerUI::SetResourcePath(szUIPath); //建立对话框 CGamePlaceDlg dlg; m_pMainWnd=&dlg; //BZUIInitial(); dlg.DoModal(); /////////////////////////////////////////////////////////// ///Kylin 20090107 添加最近游戏列表 //CString s=CBcfFile::GetAppPath (false);/////本地路径 //CBcfFile f( s + "bzgame.bcf"); //CString temp=""; //try //{ // for(int i=0;i<Glb().m_baFavorSave.GetCount();i++) // { // temp.Format("%s%i;",temp,Glb().m_baFavorSave[i]); // } // f.SetKeyValString(Glb().m_key,"Favor",temp); //} //catch (...) //{ // return FALSE; //} /////////////////////////////////////////////////////////// //BZUIShutDown(); } #ifndef MY_DEBUG //catch (...) //{ // //重新启动游戏 // STARTUPINFO StartInfo; // PROCESS_INFORMATION Info; // ::memset(&Info,0,sizeof(Info)); // ::memset(&StartInfo,0,sizeof(StartInfo)); // StartInfo.cb=sizeof(StartInfo); // StartInfo.wShowWindow=SW_SHOWMAXIMIZED; // CreateProcess(NULL,TEXT("BZW.exe"),NULL,NULL,TRUE,CREATE_DEFAULT_ERROR_MODE,NULL,NULL,&StartInfo,&Info); //} #endif return FALSE; }
BOOL CMusicApp::InitInstance() { // InitCommonControlsEx() is required on Windows XP if an application // manifest specifies use of ComCtl32.dll version 6 or later to enable // visual styles. Otherwise, any window creation will fail. INITCOMMONCONTROLSEX InitCtrls; InitCtrls.dwSize = sizeof(InitCtrls); // Set this to include all the common control classes you want to use // in your application. InitCtrls.dwICC = ICC_WIN95_CLASSES; InitCommonControlsEx(&InitCtrls); CWinApp::InitInstance(); AfxEnableControlContainer(); // Create the shell manager, in case the dialog contains // any shell tree view or shell list view controls. CShellManager *pShellManager = new CShellManager; // Standard initialization // If you are not using these features and wish to reduce the size // of your final executable, you should remove from the following // the specific initialization routines you do not need // Change the registry key under which our settings are stored // TODO: You should modify this string to be something appropriate // such as the name of your company or organization SetRegistryKey(_T("Local AppWizard-Generated Applications")); GdiplusStartupInput input; //不能放在下面 GdiplusStartup(&m_GdiplusToken, &input, NULL); DetourFunctionWithTrampoline((PBYTE)SetScrollInfoT, (PBYTE)SetScrollInfoD); DetourFunctionWithTrampoline((PBYTE)GetScrollInfoT, (PBYTE)GetScrollInfoD); DetourFunctionWithTrampoline((PBYTE)SetScrollPosT, (PBYTE)SetScrollPosD); DetourFunctionWithTrampoline((PBYTE)GetScrollPosT, (PBYTE)GetScrollPosD); DetourFunctionWithTrampoline((PBYTE)SetScrollRangeT, (PBYTE)SetScrollRangeD); DetourFunctionWithTrampoline((PBYTE)GetScrollRangeT, (PBYTE)GetScrollRangeD); DetourFunctionWithTrampoline((PBYTE)ShowScrollBarT, (PBYTE)ShowScrollBarD); DetourFunctionWithTrampoline((PBYTE)EnableScrollBarT, (PBYTE)EnableScrollBarD); CMusicDlg dlg; m_pMainWnd = &dlg; INT_PTR nResponse = dlg.DoModal(); if (nResponse == IDOK) { // TODO: Place code here to handle when the dialog is // dismissed with OK } else if (nResponse == IDCANCEL) { // TODO: Place code here to handle when the dialog is // dismissed with Cancel } // Delete the shell manager created above. if (pShellManager != NULL) { delete pShellManager; } // Since the dialog has been closed, return FALSE so that we exit the // application, rather than start the application's message pump. return FALSE; }
/*----------------------------------------------------------------------------- mvee_refresh_hook_lists -----------------------------------------------------------------------------*/ void mvee_refresh_hook_lists() { // printf("refresh hook lists begin\n"); mvee_check_init(); // mvee_is_interposer_region(1); int pending_hooks = 0; pthread_mutex_lock(&hook_mutex); hook_info* prev = pending_list; hook_info* next_info; for (hook_info* info = pending_list->next_hook_info; info; info = next_info) { next_info = info->next_hook_info; pending_hooks++; // check if the target library has been loaded yet... no_recurse = 1; void* lib_handle = !strcmp(info->target_library, "*") ? RTLD_NEXT : dlopen(info->target_library, RTLD_NOLOAD); no_recurse = 0; if (lib_handle) { // printf("LAZY HOOKER: found lib: %s\n", info->target_library); // find the symbol void* sym = dlsym(lib_handle, info->target_func); if (!sym && info->use_debug_syms && info->target_library[0] != '*') syscall(MVEE_RESOLVE_SYMBOL, info->target_func, info->target_library, &sym); if (sym) { int success; if (info->use_trampoline) success = (DetourFunctionWithTrampoline(sym, info->hook_func, info->trampoline_func) == 0); else success = (DetourFunction(sym, info->hook_func) == 0); if (success) { info->hook_installed = 1; pending_hooks--; // printf("LAZY HOOKER: successfully hooked symbol: %s in lib: %s (handle: 0x%08x)\n", // info->target_func, info->target_library, lib_handle); // move to installed list if (info->hook_once) { prev->next_hook_info = info->next_hook_info; info->next_hook_info = installed_list->next_hook_info; installed_list->next_hook_info = info; } } else { printf("LAZY HOOKER: failed to patch func: %s\n", info->target_func); prev = info; } if (info->callback_func) info->callback_func(info->target_func, sym); continue; } } prev = info; } pthread_mutex_unlock(&hook_mutex); // mvee_is_interposer_region(0); // printf("refresh hook lists end\n"); }