BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved) { (void)hModule; (void)lpReserved; BOOL ret; if (DetourIsHelperProcess()) { return TRUE; } switch (dwReason) { case DLL_PROCESS_ATTACH: DetourRestoreAfterWith(); OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_PROCESS_ATTACH\n"); return ProcessAttach(hModule); case DLL_PROCESS_DETACH: ret = ProcessDetach(hModule); OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_PROCESS_DETACH\n"); return ret; case DLL_THREAD_ATTACH: OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_THREAD_ATTACH\n"); return ThreadAttach(hModule); case DLL_THREAD_DETACH: OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_THREAD_DETACH\n"); return ThreadDetach(hModule); } return TRUE; }
BOOL ProcessAttach(HMODULE hDll) { s_bLog = FALSE; s_nTlsIndent = TlsAlloc(); s_nTlsThread = TlsAlloc(); ThreadAttach(hDll); WCHAR wzExeName[MAX_PATH]; s_hInst = hDll; Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYSIZE(s_wzDllPath)); Real_GetModuleFileNameW(NULL, wzExeName, ARRAYSIZE(wzExeName)); sprintf_s(s_szDllPath, ARRAYSIZE(s_szDllPath), "%ls", s_wzDllPath); SyelogOpen("trcapi" DETOURS_STRINGIFY(DETOURS_BITS), SYELOG_FACILITY_APPLICATION); ProcessEnumerate(); LONG error = AttachDetours(); if (error != NO_ERROR) { Syelog(SYELOG_SEVERITY_FATAL, "### Error attaching detours: %d\n", error); } s_bLog = TRUE; return TRUE; }
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { /* char Path[255]; GetModuleFileName(NULL, Path, 255); char *ptr = strrchr(Path, '\\'); CString FileName = ptr + 1; FileName.MakeLower(); if (FileName == "ida.exe") { HMODULE hHandle = GetModuleHandle("ida.wll"); if (hHandle == NULL) return TRUE; // FreeLibraryAndExitThread((HINSTANCE)hModule, 1); } */ switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls((HINSTANCE)hModule); #ifdef _DEBUG OutputDebugString(""[+][IMATINIB] DLL_PROCESS_ATTACH\n"); #endif fflush(stdout); Sleep(50); Sleep(50); DetourRestoreAfterWith(); ProcessAttach((HINSTANCE)hModule); break; case DLL_PROCESS_DETACH: #ifdef _DEBUG OutputDebugString(""[+][IMATINIB] DLL_PROCESS_DETACH\n"); #endif ProcessDetach((HINSTANCE)hModule); break; case DLL_THREAD_ATTACH: #ifdef _DEBUG OutputDebugString(""[+][IMATINIB] DLL_THREAD_ATTACH\n"); #endif ThreadAttach((HINSTANCE)hModule); break; case DLL_THREAD_DETACH: #ifdef _DEBUG OutputDebugString(""[+][IMATINIB] DLL_THREAD_DETACH\n"); #endif ThreadDetach((HINSTANCE)hModule); break; } return TRUE; }
BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved) { switch (dwReason) { case DLL_PROCESS_ATTACH: return ProcessAttach(hModule); case DLL_PROCESS_DETACH: return ProcessDetach(hModule); case DLL_THREAD_ATTACH: return ThreadAttach(hModule); case DLL_THREAD_DETACH: return ThreadDetach(hModule); } return TRUE; }
BOOL APIENTRY DllMain(HANDLE hModule, DWORD dwReason, LPVOID lpReserved) { gModule = hModule; if (DLL_PROCESS_ATTACH == dwReason) return ProcessAttach(); if (DLL_PROCESS_DETACH == dwReason) return ProcessDetach(); if (DLL_THREAD_ATTACH == dwReason) return ThreadAttach(); if (DLL_THREAD_DETACH == dwReason) return ThreadDetach(); return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch(fdwReason) { case DLL_PROCESS_ATTACH: return ProcessAttach(hinstDLL, fdwReason, lpvReserved); case DLL_PROCESS_DETACH: return ProcessDetach(hinstDLL, fdwReason, lpvReserved); case DLL_THREAD_ATTACH: return ThreadAttach(hinstDLL, fdwReason, lpvReserved); case DLL_THREAD_DETACH: return ThreadDetach(hinstDLL, fdwReason, lpvReserved); } return true; }
BOOL ProcessAttach(HMODULE hDll) { s_bLog = FALSE; s_nTlsIndent = TlsAlloc(); s_nTlsThread = TlsAlloc(); ThreadAttach(hDll); WCHAR wzExeName[MAX_PATH]; s_hInst = hDll; Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYOF(s_wzDllPath)); Real_GetModuleFileNameW(NULL, wzExeName, ARRAYOF(wzExeName)); SyelogOpen("traceapi", SYELOG_FACILITY_APPLICATION); ProcessEnumerate(); TrampolineWith(); s_bLog = TRUE; return TRUE; }