static HMODULE WINAPI MyLoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags) { HMODULE hModule = LoadLibraryExW(lpLibFileName, hFile, adjustFlags(dwFlags)); if (VERBOSITY >= 2) { debugPrintf("inject: intercepting %s(L\"%S\", 0x%p, 0x%lx) = 0x%p\n", __FUNCTION__ + 2, lpLibFileName, hFile, dwFlags, hModule); } // Hook all new modules (and not just this one, to pick up any dependencies) patchAllModules(); return hModule; }
static HMODULE WINAPI MyLoadLibraryW(LPCWSTR lpLibFileName) { HMODULE hModule = LoadLibraryW(lpLibFileName); DWORD dwLastError = GetLastError(); if (VERBOSITY >= 2) { debugPrintf("inject: intercepting %s(L\"%S\") = 0x%p\n", __FUNCTION__ + 2, lpLibFileName, hModule); } // Hook all new modules (and not just this one, to pick up any dependencies) patchAllModules(ACTION_HOOK); SetLastError(dwLastError); return hModule; }
static HMODULE WINAPI MyLoadLibraryA(LPCSTR lpLibFileName) { HMODULE hModule = LoadLibraryA(lpLibFileName); DWORD dwLastError = GetLastError(); if (VERBOSITY >= 2) { debugPrintf("inject: intercepting %s(\"%s\") = 0x%p\n", __FUNCTION__ + 2, lpLibFileName, hModule); } if (VERBOSITY > 0) { const char *szBaseName = getBaseName(lpLibFileName); if (isMatchModuleName(szBaseName)) { if (VERBOSITY < 2) { debugPrintf("inject: intercepting %s(\"%s\")\n", __FUNCTION__, lpLibFileName); } #ifdef __GNUC__ void *caller = __builtin_return_address (0); HMODULE hModule = 0; BOOL bRet = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCTSTR)caller, &hModule); assert(bRet); char szCaller[MAX_PATH]; DWORD dwRet = GetModuleFileNameA(hModule, szCaller, sizeof szCaller); assert(dwRet); debugPrintf("inject: called from %s\n", szCaller); #endif } } // Hook all new modules (and not just this one, to pick up any dependencies) patchAllModules(ACTION_HOOK); SetLastError(dwLastError); return hModule; }
EXTERN_C BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { const char *szNewDllName = NULL; const char *szNewDllBaseName; switch (fdwReason) { case DLL_PROCESS_ATTACH: g_hThisModule = hinstDLL; /* * Calling LoadLibrary inside DllMain is strongly discouraged. But it * works quite well, provided that the loaded DLL does not require or do * anything special in its DllMain, which seems to be the general case. * * See also: * - http://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain * - http://msdn.microsoft.com/en-us/library/ms682583 */ if (!USE_SHARED_MEM) { szNewDllName = getenv("INJECT_DLL"); if (!szNewDllName) { debugPrintf("inject: warning: INJECT_DLL not set\n"); return FALSE; } } else { SharedMem *pSharedMem = OpenSharedMemory(NULL); if (!pSharedMem) { debugPrintf("inject: error: failed to open shared memory\n"); return FALSE; } VERBOSITY = pSharedMem->cVerbosity; static char szSharedMemCopy[MAX_PATH]; strncpy(szSharedMemCopy, pSharedMem->szDllName, _countof(szSharedMemCopy) - 1); szSharedMemCopy[_countof(szSharedMemCopy) - 1] = '\0'; szNewDllName = szSharedMemCopy; } if (VERBOSITY > 0) { debugPrintf("inject: DLL_PROCESS_ATTACH\n"); } if (VERBOSITY > 0) { char szProcess[MAX_PATH]; GetModuleFileNameA(NULL, szProcess, sizeof szProcess); debugPrintf("inject: attached to process %s\n", szProcess); } if (VERBOSITY > 0) { debugPrintf("inject: loading %s\n", szNewDllName); } g_hHookModule = LoadLibraryA(szNewDllName); if (!g_hHookModule) { debugPrintf("inject: warning: failed to load %s\n", szNewDllName); return FALSE; } // Ensure we use kernel32.dll's CreateProcessAsUserW, and not advapi32.dll's. { HMODULE hKernel32 = GetModuleHandleA("kernel32.dll"); assert(hKernel32); pfnCreateProcessAsUserW = (PFNCREATEPROCESSASUSERW)GetProcAddress(hKernel32, "CreateProcessAsUserW"); assert(pfnCreateProcessAsUserW); } /* * Hook kernel32.dll functions, and its respective Windows API Set. * * http://msdn.microsoft.com/en-us/library/dn505783.aspx (Windows 8.1) * http://msdn.microsoft.com/en-us/library/hh802935.aspx (Windows 8) */ registerLibraryLoaderHooks("kernel32.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-1.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-2-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-1.dll"); registerProcessThreadsHooks("kernel32.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-0.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-1.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-2.dll"); szNewDllBaseName = getBaseName(szNewDllName); if (stricmp(szNewDllBaseName, "dxgitrace.dll") == 0) { registerModuleHooks("dxgi.dll", g_hHookModule); registerModuleHooks("d3d10.dll", g_hHookModule); registerModuleHooks("d3d10_1.dll", g_hHookModule); registerModuleHooks("d3d11.dll", g_hHookModule); registerModuleHooks("d3d9.dll", g_hHookModule); // for D3DPERF_* } else if (stricmp(szNewDllBaseName, "d3d9.dll") == 0) { registerModuleHooks("d3d9.dll", g_hHookModule); registerModuleHooks("dxva2.dll", g_hHookModule); } else if (stricmp(szNewDllBaseName, "d2d1trace.dll") == 0) { registerModuleHooks("d2d1.dll", g_hHookModule); registerModuleHooks("dwrite.dll", g_hHookModule); } else { registerModuleHooks(szNewDllBaseName, g_hHookModule); } dumpRegisteredHooks(); patchAllModules(ACTION_HOOK); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: if (VERBOSITY > 0) { debugPrintf("inject: DLL_PROCESS_DETACH\n"); } assert(!lpvReserved); patchAllModules(ACTION_UNHOOK); if (g_hHookModule) { FreeLibrary(g_hHookModule); } break; } return TRUE; }
EXTERN_C BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved) { const char *szNewDllName = NULL; const char *szNewDllBaseName; switch (fdwReason) { case DLL_PROCESS_ATTACH: if (VERBOSITY > 0) { debugPrintf("inject: DLL_PROCESS_ATTACH\n"); } g_hThisModule = hinstDLL; if (VERBOSITY > 0) { char szProcess[MAX_PATH]; GetModuleFileNameA(NULL, szProcess, sizeof szProcess); debugPrintf("inject: attached to process %s\n", szProcess); } /* * Calling LoadLibrary inside DllMain is strongly discouraged. But it * works quite well, provided that the loaded DLL does not require or do * anything special in its DllMain, which seems to be the general case. * * See also: * - http://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain * - http://msdn.microsoft.com/en-us/library/ms682583 */ if (!USE_SHARED_MEM) { szNewDllName = getenv("INJECT_DLL"); if (!szNewDllName) { debugPrintf("inject: warning: INJECT_DLL not set\n"); return FALSE; } } else { static char szSharedMemCopy[MAX_PATH]; GetSharedMem(szSharedMemCopy, sizeof szSharedMemCopy); szNewDllName = szSharedMemCopy; } if (VERBOSITY > 0) { debugPrintf("inject: loading %s\n", szNewDllName); } g_hHookModule = LoadLibraryA(szNewDllName); if (!g_hHookModule) { debugPrintf("inject: warning: failed to load %s\n", szNewDllName); return FALSE; } /* * Hook kernel32.dll functions, and its respective Windows API Set. * * http://msdn.microsoft.com/en-us/library/dn505783.aspx (Windows 8.1) * http://msdn.microsoft.com/en-us/library/hh802935.aspx (Windows 8) */ registerLibraryLoaderHooks("kernel32.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-1-1.dll"); registerLibraryLoaderHooks("api-ms-win-core-libraryloader-l1-2-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-0.dll"); registerLibraryLoaderHooks("api-ms-win-core-kernel32-legacy-l1-1-1.dll"); registerProcessThreadsHooks("kernel32.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-0.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-1.dll"); registerProcessThreadsHooks("api-ms-win-core-processthreads-l1-1-2.dll"); szNewDllBaseName = getBaseName(szNewDllName); if (stricmp(szNewDllBaseName, "dxgitrace.dll") == 0) { registerModuleHooks("dxgi.dll", g_hHookModule); registerModuleHooks("d3d10.dll", g_hHookModule); registerModuleHooks("d3d10_1.dll", g_hHookModule); registerModuleHooks("d3d11.dll", g_hHookModule); registerModuleHooks("d3d9.dll", g_hHookModule); // for D3DPERF_* } else if (stricmp(szNewDllBaseName, "d2d1trace.dll") == 0) { registerModuleHooks("d2d1.dll", g_hHookModule); registerModuleHooks("dwrite.dll", g_hHookModule); } else { registerModuleHooks(szNewDllBaseName, g_hHookModule); } dumpRegisteredHooks(); patchAllModules(); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: if (VERBOSITY > 0) { debugPrintf("inject: DLL_PROCESS_DETACH\n"); } break; } return TRUE; }