int operate_on_backtrace(ULONG_PTR retaddr, ULONG_PTR sp, int(*func)(ULONG_PTR)) { int ret; PVOID backtrace[HOOK_BACKTRACE_DEPTH]; lasterror_t lasterror; WORD frames; WORD i; get_lasterrors(&lasterror); hook_disable(); frames = our_stackwalk(retaddr, sp, backtrace, HOOK_BACKTRACE_DEPTH); for (i = 0; i < frames; i++) { if (!addr_in_our_dll_range((ULONG_PTR)backtrace[i])) break; } if (((PUCHAR)backtrace[i])[0] == 0xeb && ((PUCHAR)backtrace[i])[1] == 0x08) i++; for (; i < frames; i++) { ret = func((ULONG_PTR)backtrace[i]); if (ret) goto out; } out: hook_enable(); set_lasterrors(&lasterror); return ret; }
void set_hooks() { // the hooks contain executable code as well, so they have to be RWX DWORD old_protect; VirtualProtect(g_hooks, sizeof(g_hooks), PAGE_EXECUTE_READWRITE, &old_protect); hook_disable(); // now, hook each api :) for (int i = 0; i < ARRAYSIZE(g_hooks); i++) { if(g_hooks[i].allow_hook_recursion != FALSE) { hook_api(&g_hooks[i], HOOKTYPE); } else { hook_api(&g_hooks[i], HOOKTYPE); } } hook_enable(); }