void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo) { std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n" << "IIIII jjj tt dd !!! \n" " III nn nnn eee cccc tt eee dd !!! \n" " III nnn nn jjj ee e cc tttt ee e dddddd !!! \n" " III nn nn jjj eeeee cc tt eeeee dd dd \n" "IIIII nn nn jjj eeeee ccccc tttt eeeee dddddd !!! \n" " jjjj \n\n"; std::cout << "NativeInjectionEntryPoint: Injected by process Id: " << inRemoteInfo->HostPID << "\n"; std::cout << "NativeInjectionEntryPoint: Passed in data size: " << inRemoteInfo->UserDataSize << "\n"; if (inRemoteInfo->UserDataSize == sizeof(DWORD)) { gFreqOffset = *reinterpret_cast<DWORD *>(inRemoteInfo->UserData); std::cout << "NativeInjectionEntryPoint: Adjusting Beep frequency by: " << gFreqOffset << "\n"; } // Perform hooking HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook std::cout << "\n"; std::cout << "NativeInjectionEntryPoint: Win32 Beep found at address: " << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n"; // Install the hook NTSTATUS result = LhInstallHook( GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"), myBeepHook, NULL, &hHook); if (FAILED(result)) { std::wstring s(RtlGetLastErrorString()); std::wcout << "NativeInjectionEntryPoint: Failed to install hook: " << s << "\n"; } else { std::cout << "NativeInjectionEntryPoint: Hook 'myBeepHook installed successfully.\n"; } // If the threadId in the ACL is set to 0, // then internally EasyHook uses GetCurrentThreadId() ULONG ACLEntries[1] = { 0 }; // Disable the hook for the provided threadIds, enable for all others LhSetExclusiveACL(ACLEntries, 1, &hHook); return; }
extern "C" __declspec(dllexport) void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO*) { try { TRACED_HOOK_HANDLE globalallochook(new HOOK_TRACE_INFO()); LhInstallHook(GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlAllocateHeap"), MyRtlAllocateHeap, NULL, globalallochook); ULONG ulTidList[1] = {}; LhSetExclusiveACL(ulTidList, 0, globalallochook); g_vApiHookHandles.push_back(globalallochook); // Wakeup the suspended process... RhWakeUpProcess(); } catch (...) { ::OutputDebugStringW(L"Faultron: NativeInjectionEntryPoint() exception."); RemoveAllApiHooks(); } }
bool gdimm_hook::install_hook(HMODULE h_lib, LPCSTR proc_name, void *hook_proc) { NTSTATUS eh_ret; const FARPROC proc_addr = GetProcAddress(h_lib, proc_name); assert(proc_addr != NULL); TRACED_HOOK_HANDLE h_hook = new HOOK_TRACE_INFO(); eh_ret = LhInstallHook(proc_addr, hook_proc, NULL, h_hook); assert(eh_ret == 0); ULONG thread_id_list = 0; eh_ret = LhSetExclusiveACL(&thread_id_list, 0, h_hook); assert(eh_ret == 0); _hooks.push_back(h_hook); return true; }
BOOL CInjection::HookApi(void) { if( !MethodDesc::IsInitialized() ) { s_nStatus = Status_Error_MethodDescInitializationFailed; return FALSE; } if( !LoadedMethodDescIterator::IsInitialized() ) { s_nStatus = Status_Error_LoadedMethodDescIteratorInitializationFailed; return FALSE; } PFN_compileMethod pfnCompileMethod = &CInjection::compileMethod; LPVOID * pAddr = (LPVOID*)&pfnCompileMethod; NTSTATUS ntStatus = LhInstallHook( (PVOID&)ICorJitCompiler::s_pfnComplieMethod , *pAddr , NULL , &s_hHookCompileMethod ); if( ntStatus != STATUS_SUCCESS ) { s_nStatus = Status_Error_HookCompileMethodFailed; return FALSE; } ULONG ulThreadID = GetCurrentProcessId(); LhSetExclusiveACL( &ulThreadID, 1, &s_hHookCompileMethod); s_nStatus = Status_Ready; return TRUE; }