BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } char buffer[100]; if (dwReason == DLL_PROCESS_ATTACH) { OutputDebugString("Hooking"); DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); oldDirectInput8Create = (HRESULT(WINAPI *)(HINSTANCE hinst, DWORD dwVersion, REFIID riidltf, LPVOID * ppvOut, LPUNKNOWN punkOuter))DetourFindFunction("dinput8.dll", "DirectInput8Create"); sprintf_s(buffer, 100, "DirectInput8Create at %x", oldDirectInput8Create); OutputDebugString(buffer); if(oldDirectInput8Create == NULL) OutputDebugString("Failed to find function"); int error = DetourAttach(&(PVOID&)oldDirectInput8Create, myDirectInput8Create); if(error != NO_ERROR) OutputDebugString("Failed to detour"); error = DetourTransactionCommit(); if(error != NO_ERROR) OutputDebugString("Failed to commit"); } else if (dwReason == DLL_PROCESS_DETACH) { OutputDebugString("Unhooking"); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)oldDirectInput8Create, myDirectInput8Create); DetourDetach(&(PVOID&)oldCreateDevice, myCreateDevice); DetourDetach(&(PVOID&)oldGetDeviceState, myGetDeviceState); DetourTransactionCommit(); } return TRUE; }
// ============================================================================= // DllMain // ============================================================================= BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pWSAStartup, MyWSAStartup); DetourAttach(&(PVOID&)pSocket, MySocket); DetourAttach(&(PVOID&)pConnect, MyConnect); DetourAttach(&(PVOID&)pSend, MySend); DetourAttach(&(PVOID&)pClosesocket, MyClosesocket); DetourAttach(&(PVOID&)pWSACleanup, MyWSACleanup); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)pWSAStartup, MyWSAStartup); DetourDetach(&(PVOID&)pSocket, MySocket); DetourDetach(&(PVOID&)pConnect, MyConnect); DetourDetach(&(PVOID&)pSend, MySend); DetourDetach(&(PVOID&)pClosesocket, MyClosesocket); DetourDetach(&(PVOID&)pWSACleanup, MyWSACleanup); DetourTransactionCommit(); } return TRUE; }
BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved) { (void)hModule; (void)lpReserved; BOOL ret; if (DetourIsHelperProcess()) { return TRUE; } switch (dwReason) { case DLL_PROCESS_ATTACH: DetourRestoreAfterWith(); OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_PROCESS_ATTACH\n"); return ProcessAttach(hModule); case DLL_PROCESS_DETACH: ret = ProcessDetach(hModule); OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_PROCESS_DETACH\n"); return ret; case DLL_THREAD_ATTACH: OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_THREAD_ATTACH\n"); return ThreadAttach(hModule); case DLL_THREAD_DETACH: OutputDebugString("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" " DllMain DLL_THREAD_DETACH\n"); return ThreadDetach(hModule); } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Starting.\n"); Verify("SleepEx", (PVOID)SleepEx); printf("\n"); fflush(stdout); // NB: DllMain can't call LoadLibrary, so we hook the app entry point. TrueEntryPoint = (int (WINAPI *)(VOID))DetourGetEntryPoint(NULL); RawEntryPoint = TrueEntryPoint; Verify("EntryPoint", RawEntryPoint); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); error = DetourTransactionCommit(); Verify("EntryPoint after attach", RawEntryPoint); Verify("EntryPoint trampoline", TrueEntryPoint); if (error == NO_ERROR) { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Detoured EntryPoint().\n"); } else { printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Error detouring EntryPoint(): %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); if (TrueSleepEx != NULL) { DetourDetach(&(PVOID&)TrueSleepEx, (PVOID)TimedSleepEx); } DetourDetach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); error = DetourTransactionCommit(); printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Removed Sleep() detours (%d), slept %d ticks.\n", error, dwSlept); fflush(stdout); } return TRUE; }
// DllMain function attaches and detaches the TimedSleep detour to the // Sleep target function. The Sleep target function is referred to // through the TrueSleep target pointer. // BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (DetourIsHelperProcess()) { return TRUE; } /* hFile = CreateFile(logFile, // name of the write GENERIC_WRITE, // open for writing FILE_SHARE_WRITE, // share for writing NULL, // default security OPEN_ALWAYS, // open file only FILE_ATTRIBUTE_NORMAL, // normal file NULL); // no attr. template //_tprintf(TEXT("Start of log file @ %s.\n"), logFile); */ if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleep, TimedSleep); ATTACH(GetProcAddress); ATTACH(LoadLibraryA); ATTACH(LoadLibraryExA); ATTACH(LoadLibraryExW); ATTACH(LoadLibraryW); ATTACH(VirtualAlloc); ATTACH(VirtualAllocEx); ATTACH(VirtualProtect); ATTACH(VirtualProtectEx); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleep, TimedSleep); DETACH(GetProcAddress); DETACH(LoadLibraryA); DETACH(LoadLibraryExA); DETACH(LoadLibraryExW); DETACH(LoadLibraryW); DETACH(VirtualAlloc); DETACH(VirtualAllocEx); DETACH(VirtualProtect); DETACH(VirtualProtectEx); DetourTransactionCommit(); //CloseHandle(hFile); } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { DetourRestoreAfterWith(); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Starting.\n"); PVOID pbExeEntry = DetourGetEntryPoint(NULL); PVOID pbDllEntry = DetourGetEntryPoint(hinst); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " ExeEntry=%p, DllEntry=%p\n", pbExeEntry, pbDllEntry); Verify("SleepEx", (PVOID)SleepEx); printf("\n"); fflush(stdout); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); error = DetourTransactionCommit(); if (error == NO_ERROR) { printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Detoured SleepEx() @ %p.\n", TrueSleepEx); } else { printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Error detouring SleepEx(): %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleepEx, TimedSleepEx); error = DetourTransactionCommit(); printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " " Removed SleepEx() detour (%d), slept %d ticks.\n", error, dwSlept); fflush(stdout); } return TRUE; }
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (DetourIsHelperProcess()) { return TRUE; } if (dwReason == DLL_PROCESS_ATTACH) { // open log SyelogOpen("readcl", SYELOG_FACILITY_APPLICATION); TouchHelloCpp("d:\\Hello.cpp"); // detour it DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW); DetourAttach(&(PVOID&)Real_ReadFile, Mine_ReadFile); DetourAttach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle); error = DetourTransactionCommit(); if (error == NO_ERROR) { Syelog(SYELOG_SEVERITY_INFORMATION, "Detoured ok: %d\n", error); } else { Syelog(SYELOG_SEVERITY_INFORMATION, "Error detouring: %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)Real_CreateFileW, Mine_CreateFileW); DetourDetach(&(PVOID&)Real_ReadFile, Mine_ReadFile); DetourDetach(&(PVOID&)Real_CloseHandle, Mine_CloseHandle); error = DetourTransactionCommit(); Syelog(SYELOG_SEVERITY_INFORMATION, "Removed detour: %d\n", error); SyelogClose(FALSE); } return TRUE; }