void ServerDriver::Cleanup() {
LOG(TRACE) << "CServerDriver::Cleanup()";
_driverContextHooks.reset();
MH_Uninitialize();
shmCommunicator.shutdown();
VR_CLEANUP_SERVER_DRIVER_CONTEXT();
}
BOOL Uninitialize()
{
if (MH_Uninitialize() != MH_OK)
return FALSE;
return TRUE;
}
BOOL APIENTRY DllMain(HINSTANCE instDLL, DWORD reason, LPVOID /* reserved */)
{
// called when the DLL is being loaded into the
// virtual address space of the current process (where to be injected)
if (reason == DLL_PROCESS_ATTACH)
{
instanceDLL = instDLL;
// disables thread notifications (DLL_THREAD_ATTACH, DLL_THREAD_DETACH)
DisableThreadLibraryCalls(instDLL);
MH_Initialize();
// creates a thread to execute within the
// virtual address space of the calling process (WoW)
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MainThreadControl, NULL, 0, NULL);
}
// the DLL is being unloaded
else if (reason == DLL_PROCESS_DETACH)
{
// close the dump file
if (fileDump)
fclose(fileDump);
MH_Uninitialize();
}
return TRUE;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
#if defined(_WIN64)
const char* pBitDepth = "64";
#else
const char* pBitDepth = "32";
#endif
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ReviveModule = (HMODULE)hModule;
swprintf(ovrModuleName, MAX_PATH, L"LibOVRRT%hs_%d.dll", pBitDepth, OVR_MAJOR_VERSION);
MH_Initialize();
MH_CreateHook(LoadLibraryW, HookLoadLibrary, (PVOID*)&TrueLoadLibrary);
MH_CreateHook(OpenEventW, HookOpenEvent, (PVOID*)&TrueOpenEvent);
MH_CreateHook(GetProcAddress, HookGetProcAddress, (PVOID*)&TrueGetProcAddress);
MH_EnableHook(LoadLibraryW);
MH_EnableHook(OpenEventW);
break;
case DLL_PROCESS_DETACH:
MH_RemoveHook(LoadLibraryW);
MH_RemoveHook(OpenEventW);
MH_RemoveHook(GetProcAddress);
MH_Uninitialize();
break;
default:
break;
}
return TRUE;
}
void ipython_embed_term()
{
MH_DisableHook(MH_ALL_HOOKS);
MH_Uninitialize();
Py_XDECREF(kernel_do_one_iteration);
Py_XDECREF(commandline_args);
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
{
MH_Initialize();
if (GetModuleHandle("dinput8.dll") == NULL)
LoadLibrary("dinput8.dll");
MH_CreateHook(GetProcAddress(GetModuleHandle("dinput8.dll"), "DirectInput8Create"), &DirectInput8Create_Hook, reinterpret_cast<void**>(&DirectInput8Create_fn));
MH_EnableHook(MH_ALL_HOOKS);
}
break;
case DLL_PROCESS_DETACH:
ExitInstance();
MH_Uninitialize();
break;
}
return TRUE;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
#if defined(_WIN64)
const char* pBitDepth = "64";
#else
const char* pBitDepth = "32";
#endif
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
GetModuleFileName((HMODULE)hModule, revModuleName, MAX_PATH);
swprintf(ovrModuleName, MAX_PATH, L"LibOVRRT%hs_%d.dll", pBitDepth, OVR_MAJOR_VERSION);
MH_Initialize();
MH_CreateHook(LoadLibraryW, HookLoadLibrary, (PVOID*)&TrueLoadLibrary);
MH_CreateHook(OpenEventW, HookOpenEvent, (PVOID*)&TrueOpenEvent);
MH_CreateHookApi(L"dxgi.dll", "CreateDXGIFactory", HookDXGIFactory, (PVOID*)&DXGIFactory);
MH_EnableHook(MH_ALL_HOOKS);
break;
case DLL_PROCESS_DETACH:
MH_Uninitialize();
break;
default:
break;
}
return TRUE;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
#if defined(_WIN64)
const char* pBitDepth = "64";
#else
const char* pBitDepth = "32";
#endif
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ReviveModule = (HMODULE)hModule;
swprintf(ovrModuleName, MAX_PATH, L"LibOVRRT%hs_%d.dll", pBitDepth, OVR_MAJOR_VERSION);
swprintf(revModuleName, MAX_PATH, L"LibRevive%hs_%d.dll", pBitDepth, OVR_MAJOR_VERSION);
swprintf(ovrPlatformName, MAX_PATH, L"LibOVRPlatform%hs_%d", pBitDepth, OVR_MAJOR_VERSION);
TrueIsError = (_IsError)DetourIATptr("ovr_Message_IsError", ovr_Message_IsError, GetModuleHandle(NULL));
DetourIATptr("ovr_IsEntitled", ovr_IsEntitled, GetModuleHandle(NULL));
MH_Initialize();
MH_CreateHook(LoadLibraryW, HookLoadLibrary, (PVOID*)&TrueLoadLibrary);
MH_CreateHook(OpenEventW, HookOpenEvent, (PVOID*)&TrueOpenEvent);
MH_EnableHook(LoadLibraryW);
MH_EnableHook(OpenEventW);
break;
case DLL_PROCESS_DETACH:
MH_RemoveHook(LoadLibraryW);
MH_RemoveHook(OpenEventW);
MH_Uninitialize();
break;
default:
break;
}
return TRUE;
}
void EjectDLL()
{
PresentHook->UnHook();
MH_DisableHook(&SetCursorPos);
MH_Uninitialize();
Sleep(2000);
TerminateThread(InitThread, 0);
FreeConsole();
FreeLibraryAndExitThread(DllInst, 0);
}
//-------------------------------------------------------------------------------------------------
extern "C" BOOL WINAPI DllEntryPoint(HINSTANCE hInstDll, DWORD fdwReason, LPVOID)
{
if (fdwReason == DLL_PROCESS_ATTACH)
{
DWORD dwTemp = GetModuleFileNameW(nullptr, g_wBuf, MAX_PATH+1);
if (dwTemp >= 6 && dwTemp < MAX_PATH)
{
wchar_t *pDelim = g_wBuf+dwTemp;
do
{
if (*--pDelim == L'\\')
break;
} while (pDelim > g_wBuf);
if (pDelim >= g_wBuf+4 && pDelim <= g_wBuf+MAX_PATH-g_dwPathMargin)
{
#ifdef _WIN64
if (MH_Initialize() == MH_OK &&
FCreateHook(RegCreateKeyExW, RegCreateKeyExWStub) &&
MH_EnableHook(reinterpret_cast<LPVOID>(RegCreateKeyExW)) == MH_OK &&
DisableThreadLibraryCalls(hInstDll))
{
*pDelim = L'\0';
return TRUE;
}
#else
constexpr const DWORD dwPatchSize = 1+sizeof(size_t);
BYTE *const pAddress = reinterpret_cast<BYTE*>(RegCreateKeyExW);
DWORD dwOldProtect;
if (VirtualProtect(pAddress, dwPatchSize, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
const size_t szOffset = reinterpret_cast<size_t>(RegCreateKeyExWStub) - (reinterpret_cast<size_t>(pAddress) + dwPatchSize);
const BYTE *const pByte = static_cast<const BYTE*>(static_cast<const void*>(&szOffset));
pAddress[0] = 0xE9; //jump near
pAddress[1] = pByte[0];
pAddress[2] = pByte[1];
pAddress[3] = pByte[2];
pAddress[4] = pByte[3];
if (VirtualProtect(pAddress, dwPatchSize, dwOldProtect, &dwTemp) && DisableThreadLibraryCalls(hInstDll))
{
*pDelim = L'\0';
return TRUE;
}
}
#endif
}
}
}
#ifdef _WIN64
else if (fdwReason == DLL_PROCESS_DETACH)
MH_Uninitialize();
#endif
return FALSE;
}
void AtlDepHook::Uninstall(void)
{
for(int i = 0; i < s_FunctionsCount; ++i)
{
FunctionInfo& info = s_Functions[i];
if (*info.ppOriginalFunction != NULL)
{
MH_DisableHook(info.pTargetFunction);
}
}
MH_Uninitialize();
}
DllImpl::~DllImpl() {
auto status = MH_Uninitialize();
if (status != MH_OK) {
logger->error("Unable to shutdown MinHook: {}", MH_StatusToString(status));
}
if (mDllHandle) {
if (!FreeLibrary(mDllHandle)) {
logger->error("Unable to free the temple.dll library handle: {}",
GetLastWin32Error());
}
}
}
void InputHook::Shutdown()
{
m_devices.clear();
if (MH_Uninitialize() == MH_OK)
{
m_hookmask = 0;
if (m_timeout_thread)
CloseHandle(m_timeout_thread);
PrintLog("InputHook shutdown");
}
}
int main()
{
// Initialize MinHook.
if (MH_Initialize() != MH_OK)
{
return 1;
}
// Create a hook for MessageBoxW, in disabled state.
if (MH_CreateHook(&MessageBoxW, &DetourMessageBoxW, reinterpret_cast<void**>(&fpMessageBoxW)) != MH_OK)
{
return 1;
}
// Enable the hook for MessageBoxW.
if (MH_EnableHook(&MessageBoxW) != MH_OK)
{
return 1;
}
// Expected to tell "Hooked!".
MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);
// Disable the hook for MessageBoxW.
if (MH_DisableHook(&MessageBoxW) != MH_OK)
{
return 1;
}
// Expected to tell "Not hooked...".
MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);
// Uninitialize MinHook.
if (MH_Uninitialize() != MH_OK)
{
return 1;
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if (initialized) {
break;
}
initialized = true;
//MessageBoxW(NULL, L"Hooking", L"DPIMangler", MB_OK);
// Initialize MinHook.
if (MH_Initialize() != MH_OK)
{
MessageBoxW(NULL, L"Initialization error", L"DPIMangler", MB_OK);
return 1;
}
// Create a hook for the DPI awareness functions, in disabled state.
if (MH_CreateHook(&SetProcessDPIAware, &NukeSetProcessDPIAware,
reinterpret_cast<void**>(&fpSetProcessDPIAware)) != MH_OK ||
MH_CreateHook(&SetProcessDpiAwareness, &NukeSetProcessDpiAwareness,
reinterpret_cast<void**>(&fpSetProcessDpiAwareness)) != MH_OK)
{
MessageBoxW(NULL, L"Error creating hook", L"DPIMangler", MB_OK);
return 1;
}
// Enable the hook for the DPI awareness functions.
if (MH_EnableHook(&SetProcessDPIAware) != MH_OK ||
MH_EnableHook(&SetProcessDpiAwareness) != MH_OK)
{
MessageBoxW(NULL, L"Error enabling hook", L"DPIMangler", MB_OK);
return 1;
}
//MessageBoxW(NULL, L"Hooked...", L"DPIManger", MB_OK);
break;
case DLL_PROCESS_DETACH:
// Disable the hook for the DPI awareness functions.
if (MH_DisableHook(&SetProcessDPIAware) != MH_OK ||
MH_DisableHook(&SetProcessDpiAwareness) != MH_OK)
{
MessageBoxW(NULL, L"Error disabling hook", L"DPIMangler", MB_OK);
return 1;
}
// Uninitialize MinHook.
if (MH_Uninitialize() != MH_OK)
{
MessageBoxW(NULL, L"Error uninitializing minhook", L"DPIMangler", MB_OK);
return 1;
}
break;
}
return TRUE;
}
void Memory::CleanUp()
{
MH_Uninitialize();
}
void Revert()
{
MH_DisableHook((void*)funcToHookOn);
MH_Uninitialize();
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"TT.MalHide", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"MalHide";
info->Author = L"TETYYS";
info->Description = L"Changes window properties to prevent malware killing ProcessHacker, however you will not able to see user running PH.";
info->HasOptions = FALSE;
info->Url = L"http://wj32.org/processhacker/forums/viewtopic.php?f=18&t=1301&p=5731";
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
RANGE range;
RangesSize = 27;
Ranges = malloc(sizeof(RANGE) * RangesSize);
Ranges[0] = (RANGE) { .From = 0x0021, .To = 0x007E };
Ranges[1] = (RANGE) { .From = 0x00A1, .To = 0x024F };
Ranges[2] = (RANGE) { .From = 0x1F00, .To = 0x2049 };
Ranges[3] = (RANGE) { .From = 0x2070, .To = 0x2094 };
Ranges[4] = (RANGE) { .From = 0x20A0, .To = 0x20B5 };
Ranges[5] = (RANGE) { .From = 0x20B8, .To = 0x20B9 };
Ranges[6] = (RANGE) { .From = 0x20D0, .To = 0x20E1 };
Ranges[7] = (RANGE) { .From = 0x2100, .To = 0x2138 };
Ranges[8] = (RANGE) { .From = 0x214D, .To = 0x214E };
Ranges[9] = (RANGE) { .From = 0x2153, .To = 0x2182 };
Ranges[10] = (RANGE) { .From = 0x2184, .To = 0x2184 };
Ranges[11] = (RANGE) { .From = 0x2190, .To = 0x21EA };
Ranges[12] = (RANGE) { .From = 0x2200, .To = 0x22F1 };
Ranges[14] = (RANGE) { .From = 0x23BE, .To = 0x23CC };
Ranges[15] = (RANGE) { .From = 0x23CE, .To = 0x23CE };
Ranges[16] = (RANGE) { .From = 0x23DA, .To = 0x23DB };
Ranges[18] = (RANGE) { .From = 0x2460, .To = 0x24FE };
Ranges[19] = (RANGE) { .From = 0x2500, .To = 0x2595 };
Ranges[20] = (RANGE) { .From = 0x25A0, .To = 0x25EF };
Ranges[22] = (RANGE) { .From = 0x3000, .To = 0x303F };
Ranges[23] = (RANGE) { .From = 0xFE30, .To = 0xFE4F };
Ranges[24] = (RANGE) { .From = 0xFE50, .To = 0xFE6B };
Ranges[25] = (RANGE) { .From = 0xFF01, .To = 0xFF65 };
Ranges[26] = (RANGE) { .From = 0xFFE0, .To = 0xFFEE };
srand((UINT)time(NULL));
ClassName = RandomString();
if (MH_Initialize() != MH_OK)
return 1;
if (MH_CreateHook(&CreateWindowExW, &H_CreateWindowExW, (LPVOID*)(&O_CreateWindow)) != MH_OK || MH_EnableHook(&CreateWindowExW) != MH_OK)
return 1;
if (MH_CreateHook(&RegisterClassExW, &H_RegisterClassExW, (LPVOID*)(&O_RegisterClass)) != MH_OK || MH_EnableHook(&RegisterClassExW) != MH_OK)
return 1;
if (MH_CreateHook(&FindWindowExW, &H_FindWindowExW, (LPVOID*)(&O_FindWindow)) != MH_OK || MH_EnableHook(&FindWindowExW) != MH_OK)
return 1;
}
break;
}
return TRUE;
}
VOID NTAPI UnloadCallback(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
MH_Uninitialize();
}
HWND WINAPI H_FindWindowExW(
_In_opt_ HWND hWndParent,
_In_opt_ HWND hWndChildAfter,
_In_opt_ LPCWSTR lpszClass,
_In_opt_ LPCWSTR lpszWindow
)
{
if (lpszClass && wcscmp(lpszClass, ORIGINAL_CLASS_NAME) == 0) {
lpszClass = ClassName;
MH_DisableHook(&FindWindowExW);
}
return O_FindWindow(hWndParent, hWndChildAfter, lpszClass, lpszWindow);
}
ATOM
WINAPI
H_RegisterClassExW(
_In_ /* CONST */ WNDCLASSEXW *lpwcx
)
{
if (wcscmp(lpwcx->lpszClassName, ORIGINAL_CLASS_NAME) == 0) {
lpwcx->lpszClassName = ClassName;
MH_DisableHook(&RegisterClassExW);
}
return O_RegisterClass(lpwcx);
}
HWND WINAPI H_CreateWindowExW(
_In_ DWORD dwExStyle,
_In_opt_ LPCTSTR lpClassName,
_In_opt_ LPCTSTR lpWindowName,
_In_ DWORD dwStyle,
_In_ int x,
_In_ int y,
_In_ int nWidth,
_In_ int nHeight,
_In_opt_ HWND hWndParent,
_In_opt_ HMENU hMenu,
_In_opt_ HINSTANCE hInstance,
_In_opt_ LPVOID lpParam
)
{
BOOL found = FALSE;
if (wcscmp(lpClassName, ORIGINAL_CLASS_NAME) == 0) {
found = TRUE;
lpClassName = ClassName;
lpWindowName = RandomString();
}
HWND ret = O_CreateWindow(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
if (found) {
MainWindowHandle = ret;
MH_DisableHook(&CreateWindowExW);
}
return ret;
}
WCHAR* RandomString() {
ULONG range = rand() % RangesSize;
ULONG len;
do {
len = rand() % 100;
} while (len == 0);
WCHAR* ustr = calloc(sizeof(WCHAR), len + 1);
for (ULONG i = 0; i < len; i++) {
ustr[i] = (rand() % (Ranges[range].To - Ranges[range].From + 1)) + Ranges[range].From;
range = rand() % RangesSize;
}
ustr[len] = L'\0';
return ustr;
}
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID)
{
g_hDllHandle = hInstance;
DisableThreadLibraryCalls(static_cast<HMODULE>(hInstance));
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
{
logging::add_common_attributes();
logging::add_file_log
(
keywords::file_name = "Indicium-Supra.log",
keywords::auto_flush = true,
keywords::format = (
expr::stream
<< expr::format_date_time<boost::posix_time::ptime>("TimeStamp", "%d.%m.%Y - %H:%M:%S")
<< ": [" << logging::trivial::severity
<< "] " << expr::smessage
)
);
logging::core::get()->set_filter
(
logging::trivial::severity >= logging::trivial::info
);
BOOST_LOG_TRIVIAL(info) << "Library loaded, attempting to launch main thread";
auto hMain = CreateThread(nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(initGame), nullptr, 0, nullptr);
if (hMain == nullptr)
{
BOOST_LOG_TRIVIAL(error) << "Couldn't create main thread, library unusable";
return FALSE;
}
BOOST_LOG_TRIVIAL(info) << "Main thread created successfully";
return TRUE;
}
case DLL_PROCESS_DETACH:
{
BOOST_LOG_TRIVIAL(info) << "Shutting down hooks...";
if (MH_DisableHook(MH_ALL_HOOKS) != MH_OK)
{
BOOST_LOG_TRIVIAL(error) << "Couldn't disable hooks, host process might crash";
}
else
{
BOOST_LOG_TRIVIAL(info) << "Hooks disabled";
}
if (MH_Uninitialize() != MH_OK)
{
BOOST_LOG_TRIVIAL(error) << "Couldn't shut down hook engine, host process might crash";
}
else
{
BOOST_LOG_TRIVIAL(info) << "Hook engine disabled";
}
}
break;
};
return TRUE;
}
