├── .gitignore ├── hookgen ├── .gitignore ├── make.bat ├── wt_profileapi ├── wt_stdlib ├── wt_stdio ├── wt_debugapi ├── wt_heapapi ├── compile.bat ├── wt_fileapi ├── wt_memoryapi ├── wt_syncapi ├── wt_processthreadsapi ├── type_hash.c ├── wt_winuser ├── hashes.h └── type_hashes.h ├── dll ├── inc │ ├── win32 │ │ ├── wt_profileapi.h │ │ ├── wt_debugapi.h │ │ ├── wt_heapapi.h │ │ ├── wt_fileapi.h │ │ ├── wt_memoryapi.h │ │ ├── wt_syncapi.h │ │ ├── wt_processthreadsapi.h │ │ └── wt_winuser.h │ ├── crt │ │ ├── wt_stdlib.h │ │ └── wt_stdio.h │ ├── common.h │ ├── func_records.h │ ├── dllmain.h │ └── func_hashes.h ├── win32 │ ├── wt_profileapi.c │ ├── wt_debugapi.c │ ├── wt_heapapi.c │ ├── wt_fileapi.c │ ├── wt_memoryapi.c │ ├── wt_processthreadsapi.c │ ├── wt_syncapi.c │ └── wt_winuser.c ├── crt │ ├── wt_stdlib.c │ └── wt_stdio.c ├── common.c ├── dllmain.c └── patch_function.c ├── runtests.bat ├── tests ├── test_stdlib.c ├── test_stdio.c ├── test_heapapi.c ├── test_fileapi.c ├── test_memoryapi.c ├── test_winuser.c └── test_threads.c ├── .github └── workflows │ └── build.yml ├── LICENSE ├── make.bat ├── Makefile ├── supported_functions.md ├── README.md └── core └── main.c /.gitignore: -------------------------------------------------------------------------------- 1 | .svn/ 2 | -------------------------------------------------------------------------------- /hookgen/.gitignore: -------------------------------------------------------------------------------- 1 | *.exe 2 | *.pdb 3 | *.ilk 4 | *.obj 5 | -------------------------------------------------------------------------------- /hookgen/make.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | cl /nologo /W4 type_hash.c 4 | type_hash.exe 5 | cl /W4 /Zi /nologo /Fe"hookgen" main.c user32.lib kernel32.lib 6 | -------------------------------------------------------------------------------- /hookgen/wt_profileapi: -------------------------------------------------------------------------------- 1 | BOOL QueryPerformanceCounter(PLARGE_INTEGER lpPerformanceCount); 2 | BOOL QueryPerformanceFrequency(PLARGE_INTEGER lpFrequency); 3 | -------------------------------------------------------------------------------- /hookgen/wt_stdlib: -------------------------------------------------------------------------------- 1 | double atof(LPCSTR str); 2 | int atoi(LPCSTR str); 3 | long atol(LPCSTR str); 4 | LPVOID malloc(size_t size); 5 | LPVOID calloc(size_t nitems, size_t size); 6 | LPVOID realloc(LPVOID ptr, size_t size); 7 | void free(LPVOID memblock); 8 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_profileapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_PROFILEAPI_H 2 | #define WT_PROFILEAPI_H 3 | 4 | #include "common.h" 5 | 6 | BOOL WtQueryPerformanceCounter(PLARGE_INTEGER lpPerformanceCount); 7 | BOOL WtQueryPerformanceFrequency(PLARGE_INTEGER lpFrequency); 8 | 9 | #endif // WT_PROFILEAPI_H 10 | -------------------------------------------------------------------------------- /runtests.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | pushd build 4 | wintrace.exe /c /t /p tests\test_heapapi.exe 5 | wintrace.exe /c /t /p tests\test_fileapi.exe 6 | wintrace.exe /c /t /p tests\test_winuser.exe 7 | wintrace.exe /c /t /p tests\test_memoryapi.exe 8 | wintrace.exe /c /t /p tests\test_stdio.exe 9 | wintrace.exe /c /t /p tests\test_stdlib.exe 10 | popd 11 | -------------------------------------------------------------------------------- /dll/inc/crt/wt_stdlib.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_STDLIB_H 2 | #define WT_STDLIB_H 3 | 4 | #include "common.h" 5 | 6 | double wt_atof(LPCSTR str); 7 | int wt_atoi(LPCSTR str); 8 | long wt_atol(LPCSTR str); 9 | LPVOID wt_malloc(size_t size); 10 | LPVOID wt_calloc(size_t nitems, size_t size); 11 | LPVOID wt_realloc(LPVOID ptr, size_t size); 12 | void wt_free(LPVOID memblock); 13 | 14 | #endif // WT_STDLIB_H 15 | -------------------------------------------------------------------------------- /hookgen/wt_stdio: -------------------------------------------------------------------------------- 1 | LPFILE fopen(LPCSTR filename, LPCSTR mode); 2 | LPFILE _wfopen(LPCWSTR filename, LPCWSTR mode); 3 | int fclose(LPFILE stream); 4 | int feof(LPFILE stream); 5 | int ferror(LPFILE stream); 6 | int fflush(LPFILE stream); 7 | size_t fread(LPVOID ptr, size_t size, size_t nmemb, LPFILE stream); 8 | size_t fwrite(LPVOID ptr, size_t size, size_t nmemb, LPFILE stream); 9 | int fseek(LPFILE stream, long offset, int whence); 10 | long ftell(LPFILE stream); 11 | -------------------------------------------------------------------------------- /hookgen/wt_debugapi: -------------------------------------------------------------------------------- 1 | BOOL CheckRemoteDebuggerPresent(HANDLE hProcess, PBOOL pbDebuggerPresent); 2 | BOOL ContinueDebugEvent(DWORD dwProcessId, DWORD dwThreadId, DWORD dwContinueStatus); 3 | BOOL DebugActiveProcess(DWORD dwProcessId); 4 | BOOL DebugActiveProcessStop(DWORD dwProcessId); 5 | void DebugBreak(); 6 | BOOL IsDebuggerPresent(); 7 | void OutputDebugStringA(LPCSTR lpOutputString); 8 | void OutputDebugStringW(LPCWSTR lpOutputString); 9 | BOOL WaitForDebugEvent(LPDEBUG_EVENT lpDebugEvent, DWORD dwMilliseconds); 10 | -------------------------------------------------------------------------------- /tests/test_stdlib.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int 5 | main(void) 6 | { 7 | int *Ptr; 8 | double d; 9 | int i; 10 | long l; 11 | 12 | printf("\n|------------TEST: %s------------|\n", __FILE__); 13 | 14 | Ptr = (int *)malloc(20); 15 | Ptr = (int *)calloc(20, 4); 16 | Ptr = (int *)realloc(Ptr, 100); 17 | 18 | d = atof("100.23422"); 19 | i = atoi("-12400"); 20 | l = atol("20"); 21 | 22 | free(Ptr); 23 | 24 | printf("|-----------------------------|\n\n"); 25 | 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Build 2 | 3 | on: 4 | push: 5 | branches: [ "main", "master" ] 6 | pull_request: 7 | branches: [ "main", "master" ] 8 | 9 | jobs: 10 | build: 11 | runs-on: windows-latest 12 | defaults: 13 | run: 14 | shell: msys2 {0} 15 | steps: 16 | - uses: actions/checkout@v4 17 | 18 | - uses: msys2/setup-msys2@v2 19 | with: 20 | msystem: UCRT64 21 | update: true 22 | install: make 23 | pacboy: cc:p 24 | 25 | - name: Build 26 | run: make 27 | -------------------------------------------------------------------------------- /dll/inc/crt/wt_stdio.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_STDIO_H 2 | #define WT_STDIO_H 3 | 4 | #include "common.h" 5 | 6 | LPFILE wt_fopen(LPCSTR filename, LPCSTR mode); 7 | LPFILE wt__wfopen(LPCWSTR filename, LPCWSTR mode); 8 | int wt_fclose(LPFILE stream); 9 | int wt_feof(LPFILE stream); 10 | int wt_ferror(LPFILE stream); 11 | int wt_fflush(LPFILE stream); 12 | size_t wt_fread(LPVOID ptr, size_t size, size_t nmemb, LPFILE stream); 13 | size_t wt_fwrite(LPVOID ptr, size_t size, size_t nmemb, LPFILE stream); 14 | int wt_fseek(LPFILE stream, long offset, int whence); 15 | long wt_ftell(LPFILE stream); 16 | 17 | #endif // WT_STDIO_H 18 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_debugapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_DEBUGAPI_H 2 | #define WT_DEBUGAPI_H 3 | 4 | #include "common.h" 5 | 6 | BOOL WtCheckRemoteDebuggerPresent(HANDLE hProcess, PBOOL pbDebuggerPresent); 7 | BOOL WtContinueDebugEvent(DWORD dwProcessId, DWORD dwThreadId, DWORD dwContinueStatus); 8 | BOOL WtDebugActiveProcess(DWORD dwProcessId); 9 | BOOL WtDebugActiveProcessStop(DWORD dwProcessId); 10 | void WtDebugBreak(); 11 | BOOL WtIsDebuggerPresent(); 12 | void WtOutputDebugStringA(LPCSTR lpOutputString); 13 | void WtOutputDebugStringW(LPCWSTR lpOutputString); 14 | BOOL WtWaitForDebugEvent(LPDEBUG_EVENT lpDebugEvent, DWORD dwMilliseconds); 15 | 16 | #endif // WT_DEBUGAPI_H 17 | -------------------------------------------------------------------------------- /tests/test_stdio.c: -------------------------------------------------------------------------------- 1 | #define _CRT_SECURE_NO_WARNINGS 2 | #include 3 | #include 4 | #include 5 | 6 | int 7 | main(void) 8 | { 9 | FILE *File; 10 | char *String = "Hello there..."; 11 | char Buffer[200]; 12 | int FileSize; 13 | 14 | printf("\n|------------TEST: %s------------|\n", __FILE__); 15 | 16 | File = fopen("test_stdio.txt", "w+"); 17 | 18 | fwrite(String, strlen(String), 1, File); 19 | 20 | fseek(File, 0, SEEK_END); 21 | FileSize = ftell(File); 22 | fseek(File, 0, SEEK_SET); 23 | 24 | fread(Buffer, 200, 1, File); 25 | 26 | fclose(File); 27 | 28 | printf("|-----------------------------|\n\n"); 29 | 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /tests/test_heapapi.c: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | #include 3 | #include 4 | 5 | int 6 | main(void) 7 | { 8 | HANDLE Heap; 9 | INT *Arr1; 10 | INT *Arr2; 11 | INT I; 12 | 13 | 14 | printf("\n|------------TEST: %s------------|\n", __FILE__); 15 | Heap = GetProcessHeap(); 16 | Arr1 = (INT *)HeapAlloc(Heap, 0, 10 * sizeof(INT)); 17 | for (I = 0; I < 10; I++) 18 | Arr1[I] = I; 19 | HeapCompact(Heap, 0); 20 | 21 | Heap = HeapCreate(0, 4096, 4096); 22 | Arr2 = (INT *)HeapAlloc(Heap, 0, 10 * sizeof(INT)); 23 | for (I = 0; I < 10; I++) 24 | Arr2[I] = 5; 25 | HeapCompact(Heap, 0); 26 | HeapReAlloc(Heap, 0, Arr2, 20 * sizeof(INT)); 27 | HeapSize(Heap, 0, Arr2); 28 | 29 | HeapFree(GetProcessHeap(), 0, Arr1); 30 | HeapFree(Heap, 0, Arr2); 31 | HeapDestroy(Heap); 32 | printf("|-----------------------------|\n\n"); 33 | 34 | return 0; 35 | } 36 | 37 | -------------------------------------------------------------------------------- /hookgen/wt_heapapi: -------------------------------------------------------------------------------- 1 | HANDLE GetProcessHeap(); 2 | DWORD GetProcessHeaps(DWORD NumberOfHeaps, PHANDLE ProcessHeaps); 3 | LPVOID HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 4 | SIZE_T HeapCompact(HANDLE hHeap, DWORD dwFlags); 5 | HANDLE HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize); 6 | BOOL HeapDestroy(HANDLE hHeap); 7 | BOOL HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem); 8 | BOOL HeapLock(HANDLE hHeap); 9 | BOOL HeapQueryInformation(HANDLE HeapHandle, HEAP_INFORMATION_CLASS HeapInformationClass, PVOID HeapInformation, SIZE_T HeapInformationLength, PSIZE_T ReturnLength); 10 | LPVOID HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes); 11 | BOOL HeapSetInformation(HANDLE HeapHandle, HEAP_INFORMATION_CLASS HeapInformationClass, PVOID HeapInformation, SIZE_T HeapInformationLength); 12 | SIZE_T HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem); 13 | BOOL HeapUnlock(HANDLE hHeap); 14 | BOOL HeapValidate(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem); 15 | BOOL HeapWalk(HANDLE hHeap, LPPROCESS_HEAP_ENTRY lpEntry); 16 | -------------------------------------------------------------------------------- /dll/win32/wt_profileapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | BOOL 6 | WtQueryPerformanceCounter( 7 | PLARGE_INTEGER lpPerformanceCount 8 | ) 9 | { 10 | BOOL Ret; 11 | 12 | if (BeginTrace(E_QueryPerformanceCounter)) 13 | { 14 | WriteFuncBuffer("(0x%p)", lpPerformanceCount); 15 | Ret = QueryPerformanceCounter(lpPerformanceCount); 16 | WriteFuncBuffer(" = %d", Ret); 17 | EndTrace(E_QueryPerformanceCounter, FALSE); 18 | } 19 | else 20 | { 21 | Ret = QueryPerformanceCounter(lpPerformanceCount); 22 | } 23 | 24 | return (Ret); 25 | } 26 | 27 | BOOL 28 | WtQueryPerformanceFrequency( 29 | PLARGE_INTEGER lpFrequency 30 | ) 31 | { 32 | BOOL Ret; 33 | 34 | if (BeginTrace(E_QueryPerformanceFrequency)) 35 | { 36 | WriteFuncBuffer("(0x%p)", lpFrequency); 37 | Ret = QueryPerformanceFrequency(lpFrequency); 38 | WriteFuncBuffer(" = %d", Ret); 39 | EndTrace(E_QueryPerformanceFrequency, FALSE); 40 | } 41 | else 42 | { 43 | Ret = QueryPerformanceFrequency(lpFrequency); 44 | } 45 | 46 | return (Ret); 47 | } 48 | 49 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Matthew Georgy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /hookgen/compile.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | hookgen 4 | 5 | :: Win32 hooks 6 | move wt_debugapi.h ..\dll\inc\win32 7 | move wt_fileapi.h ..\dll\inc\win32 8 | move wt_heapapi.h ..\dll\inc\win32 9 | move wt_memoryapi.h ..\dll\inc\win32 10 | move wt_processthreadsapi.h ..\dll\inc\win32 11 | move wt_profileapi.h ..\dll\inc\win32 12 | move wt_winuser.h ..\dll\inc\win32 13 | move wt_syncapi.h ..\dll\inc\win32 14 | 15 | move wt_debugapi.c ..\dll\win32 16 | move wt_fileapi.c ..\dll\win32 17 | move wt_heapapi.c ..\dll\win32 18 | move wt_memoryapi.c ..\dll\win32 19 | move wt_processthreadsapi.c ..\dll\win32 20 | move wt_profileapi.c ..\dll\win32 21 | move wt_winuser.c ..\dll\win32 22 | move wt_syncapi.c ..\dll\win32 23 | 24 | :: CRT hooks 25 | move wt_stdio.h ..\dll\inc\crt 26 | move wt_stdlib.h ..\dll\inc\crt 27 | 28 | move wt_stdio.c ..\dll\crt 29 | move wt_stdlib.c ..\dll\crt 30 | 31 | :: Func records 32 | move func_records.h ..\dll\inc 33 | move func_records.c ..\dll 34 | 35 | :: PatchFunction 36 | move patch_function.c ..\dll 37 | 38 | :: Function hashes 39 | move func_hashes.h ..\dll\inc 40 | 41 | :: Supported function list 42 | move supported_functions.md ..\ 43 | 44 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_heapapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_HEAPAPI_H 2 | #define WT_HEAPAPI_H 3 | 4 | #include "common.h" 5 | 6 | HANDLE WtGetProcessHeap(); 7 | DWORD WtGetProcessHeaps(DWORD NumberOfHeaps, PHANDLE ProcessHeaps); 8 | LPVOID WtHeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 9 | SIZE_T WtHeapCompact(HANDLE hHeap, DWORD dwFlags); 10 | HANDLE WtHeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize); 11 | BOOL WtHeapDestroy(HANDLE hHeap); 12 | BOOL WtHeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem); 13 | BOOL WtHeapLock(HANDLE hHeap); 14 | BOOL WtHeapQueryInformation(HANDLE HeapHandle, HEAP_INFORMATION_CLASS HeapInformationClass, PVOID HeapInformation, SIZE_T HeapInformationLength, PSIZE_T ReturnLength); 15 | LPVOID WtHeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes); 16 | BOOL WtHeapSetInformation(HANDLE HeapHandle, HEAP_INFORMATION_CLASS HeapInformationClass, PVOID HeapInformation, SIZE_T HeapInformationLength); 17 | SIZE_T WtHeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem); 18 | BOOL WtHeapUnlock(HANDLE hHeap); 19 | BOOL WtHeapValidate(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem); 20 | BOOL WtHeapWalk(HANDLE hHeap, LPPROCESS_HEAP_ENTRY lpEntry); 21 | 22 | #endif // WT_HEAPAPI_H 23 | -------------------------------------------------------------------------------- /make.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | if [%1]==[] goto :install 4 | if "%1"=="clean" goto :clean 5 | if "%1"=="test" goto :test 6 | 7 | :install 8 | pushd hookgen 9 | call make.bat 10 | call compile.bat 11 | popd 12 | pushd build 13 | cl /MP /W4 /c /nologo /I"..\dll\inc" ..\dll\crt\*.c ..\dll\win32\*.c ..\dll\*.c 14 | :: cl /W4 /c /I"..\dll\inc" ..\dll\win32\*.c 15 | :: cl /W4 /c /I"..\dll\inc" ..\dll\*.c 16 | link /DLL *.obj /nologo /OUT:wintrace.dll kernel32.lib user32.lib advapi32.lib 17 | cl /W4 /MP /nologo /Fe"wintrace.exe" ..\core\*.c kernel32.lib 18 | popd 19 | if "%1"=="all" goto :test 20 | goto :EOF 21 | 22 | :test 23 | pushd build\tests 24 | cl /W4 /MD /nologo ..\..\tests\test_heapapi.c 25 | cl /W4 /MD /nologo ..\..\tests\test_fileapi.c 26 | cl /W4 /MD /nologo ..\..\tests\test_winuser.c user32.lib 27 | cl /W4 /MD /nologo ..\..\tests\test_memoryapi.c 28 | cl /W4 /MD /nologo ..\..\tests\test_stdio.c 29 | cl /W4 /MD /nologo ..\..\tests\test_stdlib.c 30 | cl /W4 /MD /nologo ..\..\tests\test_threads.c 31 | del /Q *.obj 32 | popd 33 | goto :EOF 34 | 35 | :clean 36 | pushd build 37 | del /Q *.obj *.exe *.pdb *.ilk *.lib *.exp *.dll 38 | del /Q Foo\* 39 | rmdir Foo 40 | pushd tests 41 | del /Q *.exe 42 | popd 43 | popd 44 | goto :EOF 45 | 46 | -------------------------------------------------------------------------------- /tests/test_fileapi.c: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | #include 3 | #include 4 | 5 | int 6 | main(void) 7 | { 8 | BOOL Status; 9 | HANDLE File; 10 | DWORD Written, Read, Offset; 11 | char *MyStringBuffer = "Hello World!\r\n"; 12 | char MyBuffer[200]; 13 | 14 | 15 | printf("\n|------------TEST: %s------------|\n", __FILE__); 16 | Status = CreateDirectoryA("Foo", NULL); 17 | File = CreateFileA("Foo\\bar.txt", GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 18 | Status = WriteFile(File, MyStringBuffer, (DWORD)strlen(MyStringBuffer), &Written, NULL); 19 | Offset = SetFilePointer(File, 0, 0, FILE_BEGIN); 20 | Status = ReadFile(File, MyBuffer, sizeof(MyBuffer) - 1, &Read, NULL); 21 | CloseHandle(File); 22 | Status = DeleteFileA("Foo\\bar.txt"); 23 | Status = RemoveDirectoryA("Foo"); 24 | 25 | printf("\n"); 26 | Status = CreateDirectoryW(L"Foo", NULL); 27 | File = CreateFileW(L"Foo\\bar.txt", GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 28 | Status = WriteFile(File, MyStringBuffer, (DWORD)strlen(MyStringBuffer), &Written, NULL); 29 | Offset = SetFilePointer(File, 0, 0, FILE_BEGIN); 30 | Status = ReadFile(File, MyBuffer, sizeof(MyBuffer) - 1, &Read, NULL); 31 | // Intentionally fail since the file handle has not been closed yet 32 | Status = DeleteFileW(L"Foo\\bar.txt"); 33 | Status = RemoveDirectoryW(L"Foo"); 34 | CloseHandle(File); 35 | printf("|-----------------------------|\n\n"); 36 | 37 | return 0; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /hookgen/wt_fileapi: -------------------------------------------------------------------------------- 1 | BOOL CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 2 | BOOL CreateDirectoryW(LPCWSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 3 | HANDLE CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);; 4 | HANDLE CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);; 5 | BOOL DeleteFileA(LPCSTR lpFileName); 6 | BOOL DeleteFileW(LPCWSTR lpFileName); 7 | DWORD GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh); 8 | BOOL GetFileSizeEx(HANDLE hFile, PLARGE_INTEGER lpFileSize); 9 | DWORD GetFileType(HANDLE hFile); 10 | BOOL ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); 11 | BOOL ReadFileEx(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine); 12 | BOOL RemoveDirectoryA(LPCSTR lpPathName); 13 | BOOL RemoveDirectoryW(LPCWSTR lpPathName); 14 | BOOL SetEndOfFile(HANDLE hFile); 15 | DWORD SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod); 16 | BOOL SetFilePointerEx(HANDLE hFile, LARGE_INTEGER liDistanceToMove, PLARGE_INTEGER lpNewFilePointer, DWORD dwMoveMethod); 17 | BOOL WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped); 18 | BOOL WriteFileEx(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine); 19 | -------------------------------------------------------------------------------- /tests/test_memoryapi.c: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | #include 3 | #include 4 | 5 | void TestVirtualFunctions(void); 6 | void TestMapFunctions(void); 7 | 8 | int 9 | main(void) 10 | { 11 | printf("\n|------------TEST: %s------------|\n", __FILE__); 12 | 13 | TestVirtualFunctions(); 14 | 15 | TestMapFunctions(); 16 | 17 | printf("|-----------------------------|\n\n"); 18 | return 0; 19 | } 20 | 21 | void 22 | TestVirtualFunctions(void) 23 | { 24 | LPVOID Ptr; 25 | SIZE_T MemSize = 4096, 26 | RetSize; 27 | BOOL Status; 28 | MEMORY_BASIC_INFORMATION MemoryInfo; 29 | DWORD OldProtect; 30 | 31 | 32 | Ptr = VirtualAlloc(NULL, MemSize, MEM_COMMIT, PAGE_READWRITE); 33 | RetSize = VirtualQuery(Ptr, &MemoryInfo, MemSize); 34 | Status = VirtualLock(Ptr, MemSize); 35 | Status = VirtualUnlock(Ptr, MemSize); 36 | Status = VirtualProtect(Ptr, MemSize, PAGE_EXECUTE, &OldProtect); 37 | Status = VirtualFree(Ptr, MemSize, MEM_DECOMMIT); 38 | } 39 | 40 | void 41 | TestMapFunctions(void) 42 | { 43 | HANDLE FileMap; 44 | HANDLE View; 45 | DWORD Data, 46 | *pData; 47 | 48 | 49 | FileMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, sizeof(Data), "test_memoryapi"); 50 | if (!FileMap) 51 | { 52 | printf("Could not create file map (%d)\n", GetLastError()); 53 | return; 54 | } 55 | 56 | pData = (DWORD *)MapViewOfFile(FileMap, FILE_MAP_ALL_ACCESS, 0, 0, sizeof(Data)); 57 | if (!pData) 58 | { 59 | printf("Could not create map view (%d)\n", GetLastError()); 60 | CloseHandle(FileMap); 61 | return; 62 | } 63 | 64 | CopyMemory((LPVOID)pData, &Data, sizeof(Data)); 65 | 66 | View = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, "test_memoryapi"); 67 | 68 | UnmapViewOfFile(FileMap); 69 | CloseHandle(FileMap); 70 | 71 | UnmapViewOfFile(View); 72 | CloseHandle(View); 73 | } 74 | 75 | -------------------------------------------------------------------------------- /hookgen/wt_memoryapi: -------------------------------------------------------------------------------- 1 | HANDLE CreateFileMappingA(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); 2 | HANDLE CreateFileMappingW(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCWSTR lpName); 3 | BOOL FlushViewOfFile(LPCVOID lpBaseAddress, SIZE_T dwNumberOfBytesToFlush); 4 | LPVOID MapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap); 5 | LPVOID MapViewOfFileEx(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap, LPVOID lpBaseAddress); 6 | HANDLE OpenFileMappingA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName); 7 | HANDLE OpenFileMappingW(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName); 8 | BOOL UnmapViewOfFile(LPCVOID lpBaseAddress); 9 | LPVOID VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 10 | LPVOID VirtualAllocEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 11 | BOOL VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 12 | BOOL VirtualFreeEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 13 | BOOL VirtualLock(LPVOID lpAddress, SIZE_T dwSize); 14 | BOOL VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 15 | BOOL VirtualProtectEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 16 | SIZE_T VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); 17 | SIZE_T VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); 18 | BOOL VirtualUnlock(LPVOID lpAddress, SIZE_T dwSize); 19 | -------------------------------------------------------------------------------- /tests/test_winuser.c: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | #include 3 | #include 4 | 5 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); 6 | 7 | int 8 | main(void) 9 | { 10 | WNDCLASSEX WndClass = {0}; 11 | HWND Wnd; 12 | MSG Msg; 13 | RECT WndDim; 14 | INT N = 0; 15 | 16 | 17 | printf("\n|------------TEST: %s------------|\n", __FILE__); 18 | WndClass.cbSize = sizeof(WndClass); 19 | WndClass.style = CS_OWNDC | CS_HREDRAW | CS_VREDRAW; 20 | WndClass.lpfnWndProc = &WndProc; 21 | WndClass.hInstance = GetModuleHandle(NULL); 22 | WndClass.lpszClassName = "WinuserTestClass"; 23 | 24 | if (!RegisterClassEx(&WndClass)) 25 | { 26 | MessageBoxA(NULL, "Failed to register class!", "Error", MB_OK | MB_ICONERROR); 27 | return -1; 28 | } 29 | 30 | WndDim.left = 0; 31 | WndDim.top = 0; 32 | WndDim.right = 640; 33 | WndDim.bottom = 480; 34 | AdjustWindowRect(&WndDim, WS_OVERLAPPEDWINDOW, FALSE); 35 | 36 | Wnd = CreateWindowEx(0, WndClass.lpszClassName, "test_winuser", WS_OVERLAPPEDWINDOW, 37 | CW_USEDEFAULT, CW_USEDEFAULT, WndDim.right - WndDim.left, 38 | WndDim.bottom - WndDim.top, NULL, NULL, WndClass.hInstance, NULL); 39 | 40 | if (!Wnd) 41 | { 42 | MessageBoxA(NULL, "Failed to create window!", "Error", MB_OK | MB_ICONERROR); 43 | return -1; 44 | } 45 | 46 | ShowWindow(Wnd, SW_SHOW); 47 | UpdateWindow(Wnd); 48 | 49 | // N = 0 -> N++ so that we have only 1 iteration of message handling 50 | while (N == 0) 51 | { 52 | if (PeekMessage(&Msg, 0, 0, 0, PM_REMOVE)) 53 | { 54 | if (Msg.message == WM_QUIT) 55 | break; 56 | TranslateMessage(&Msg); 57 | DispatchMessage(&Msg); 58 | } 59 | N++; 60 | } 61 | printf("|-----------------------------|\n\n"); 62 | 63 | return 0; 64 | } 65 | 66 | LRESULT CALLBACK 67 | WndProc(HWND hWnd, 68 | UINT Msg, 69 | WPARAM wParam, 70 | LPARAM lParam) 71 | { 72 | return DefWindowProc(hWnd, Msg, wParam, lParam); 73 | } 74 | 75 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_fileapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_FILEAPI_H 2 | #define WT_FILEAPI_H 3 | 4 | #include "common.h" 5 | 6 | BOOL WtCreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 7 | BOOL WtCreateDirectoryW(LPCWSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 8 | HANDLE WtCreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 9 | HANDLE WtCreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 10 | BOOL WtDeleteFileA(LPCSTR lpFileName); 11 | BOOL WtDeleteFileW(LPCWSTR lpFileName); 12 | DWORD WtGetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh); 13 | BOOL WtGetFileSizeEx(HANDLE hFile, PLARGE_INTEGER lpFileSize); 14 | DWORD WtGetFileType(HANDLE hFile); 15 | BOOL WtReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); 16 | BOOL WtReadFileEx(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine); 17 | BOOL WtRemoveDirectoryA(LPCSTR lpPathName); 18 | BOOL WtRemoveDirectoryW(LPCWSTR lpPathName); 19 | BOOL WtSetEndOfFile(HANDLE hFile); 20 | DWORD WtSetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod); 21 | BOOL WtSetFilePointerEx(HANDLE hFile, LARGE_INTEGER liDistanceToMove, PLARGE_INTEGER lpNewFilePointer, DWORD dwMoveMethod); 22 | BOOL WtWriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped); 23 | BOOL WtWriteFileEx(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine); 24 | 25 | #endif // WT_FILEAPI_H 26 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_memoryapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_MEMORYAPI_H 2 | #define WT_MEMORYAPI_H 3 | 4 | #include "common.h" 5 | 6 | HANDLE WtCreateFileMappingA(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); 7 | HANDLE WtCreateFileMappingW(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCWSTR lpName); 8 | BOOL WtFlushViewOfFile(LPCVOID lpBaseAddress, SIZE_T dwNumberOfBytesToFlush); 9 | LPVOID WtMapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap); 10 | LPVOID WtMapViewOfFileEx(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap, LPVOID lpBaseAddress); 11 | HANDLE WtOpenFileMappingA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName); 12 | HANDLE WtOpenFileMappingW(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName); 13 | BOOL WtUnmapViewOfFile(LPCVOID lpBaseAddress); 14 | LPVOID WtVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 15 | LPVOID WtVirtualAllocEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 16 | BOOL WtVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 17 | BOOL WtVirtualFreeEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 18 | BOOL WtVirtualLock(LPVOID lpAddress, SIZE_T dwSize); 19 | BOOL WtVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 20 | BOOL WtVirtualProtectEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 21 | SIZE_T WtVirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); 22 | SIZE_T WtVirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); 23 | BOOL WtVirtualUnlock(LPVOID lpAddress, SIZE_T dwSize); 24 | 25 | #endif // WT_MEMORYAPI_H 26 | -------------------------------------------------------------------------------- /dll/inc/common.h: -------------------------------------------------------------------------------- 1 | #ifndef COMMON_H 2 | #define COMMON_H 3 | 4 | #define _CRT_SECURE_NO_WARNINGS 5 | #define WIN32_LEAN_AND_MEAN 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | typedef FILE *LPFILE; 13 | 14 | // Options structure that mirrors the core executable's 15 | typedef struct _tag_WintraceOpts 16 | { 17 | BOOL ShowThreadID; 18 | BOOL ShowProcessID; 19 | BOOL ShowFuncCount; 20 | CHAR OutputFilename[64]; 21 | CHAR TraceList[32][32]; 22 | CHAR BlockList[32][32]; 23 | CHAR *ProgramName, 24 | CmdArgs[128]; 25 | } T_WintraceOpts; 26 | 27 | // Function string trace buffer 28 | typedef struct _tag_FuncBuffer 29 | { 30 | CHAR Buff[1024]; 31 | SIZE_T Pos; 32 | } T_FuncBuffer; 33 | 34 | typedef struct _tag_FuncList 35 | { 36 | T_FuncBuffer Buffers[64]; 37 | SIZE_T Index; 38 | } T_FuncList; 39 | 40 | // See djb2 hash function online 41 | DWORD Djb2(LPSTR String); 42 | 43 | // Prints info about thread ID, proc ID, and call count 44 | void ShowDetails(T_WintraceOpts *pOpts, DWORD Cnt); 45 | 46 | // Begin the trace for a function; obtain the func record through the passed 47 | // enum, then conditionally print info and return a bool to the hook that 48 | // tells whether or not to trace the function (ie, print info) 49 | BOOL BeginTrace(E_FuncEnum FunctionName); 50 | 51 | // Initialize the function records array, specifically setting the conditional 52 | // tracing flag (will add more later) 53 | void InitFuncRecs(); 54 | 55 | // Set whether a function in g_FuncRecs should be traced 56 | void SetTrace(DWORD Hash, BOOL bTrace); 57 | 58 | // End the trace for a function 59 | void EndTrace(E_FuncEnum FunctionName, BOOL bError); 60 | 61 | // Write to the current global function buffer 62 | void WriteFuncBuffer(char *Format, ...); 63 | 64 | // Print the specified function buffer 65 | void PrintFuncBuffer(T_FuncBuffer *Buffer); 66 | 67 | #endif // COMMON_H 68 | 69 | -------------------------------------------------------------------------------- /hookgen/wt_syncapi: -------------------------------------------------------------------------------- 1 | HANDLE CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName); 2 | HANDLE CreateMutexW(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCWSTR lpName); 3 | HANDLE CreateMutexExA(LPSECURITY_ATTRIBUTES lpMutexAttributes, LPCSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 4 | HANDLE CreateMutexExW(LPSECURITY_ATTRIBUTES lpMutexAttributes, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 5 | BOOL ReleaseMutex(HANDLE hMutex); 6 | HANDLE CreateSemaphoreExW(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 7 | BOOL ReleaseSemaphore(HANDLE hSemaphore, LONG lReleaseCount, LPLONG lpPreviousCount); 8 | HANDLE CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName); 9 | HANDLE CreateEventW(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName); 10 | HANDLE CreateEventExA(LPSECURITY_ATTRIBUTES lpEventAttributes, LPCSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 11 | HANDLE CreateEventExW(LPSECURITY_ATTRIBUTES lpEventAttributes, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 12 | BOOL SetEvent(HANDLE hEvent); 13 | BOOL ResetEvent(HANDLE hEvent); 14 | void InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 15 | void EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 16 | void LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 17 | BOOL InitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount); 18 | BOOL InitializeCriticalSectionEx(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount, DWORD Flags); 19 | DWORD SetCriticalSectionSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount); 20 | BOOL TryEnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 21 | void DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 22 | DWORD WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds); 23 | DWORD WaitForSingleObjectEx(HANDLE hHandle, DWORD dwMilliseconds, BOOL bAlertable); 24 | DWORD WaitForMultipleObjectsEx(DWORD nCount, HANDLE *lpHandles, BOOL bWaitAll, DWORD dwMilliseconds, BOOL bAlertable); 25 | DWORD SleepEx(DWORD dwMilliseconds, BOOL bAlertable); 26 | -------------------------------------------------------------------------------- /hookgen/wt_processthreadsapi: -------------------------------------------------------------------------------- 1 | BOOL CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 2 | BOOL CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 3 | BOOL CreateProcessAsUserA(HANDLE hToken, LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 4 | BOOL CreateProcessAsUserW(HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 5 | HANDLE CreateRemoteThread(HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 6 | HANDLE CreateRemoteThreadEx(HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, LPDWORD lpThreadId); 7 | HANDLE CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 8 | void DeleteProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList); 9 | void ExitProcess(UINT uExitCode); 10 | void ExitThread(DWORD dwExitCode); 11 | HANDLE GetCurrentProcess(void); 12 | DWORD GetCurrentProcessId(void); 13 | DWORD ResumeThread(HANDLE hThread); 14 | DWORD SuspendThread(HANDLE hThread); 15 | BOOL TerminateProcess(HANDLE hProcess, UINT uExitCode); 16 | BOOL TerminateThread(HANDLE hThread, DWORD dwExitCode); 17 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_syncapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_SYNCAPI_H 2 | #define WT_SYNCAPI_H 3 | 4 | #include "common.h" 5 | 6 | HANDLE WtCreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName); 7 | HANDLE WtCreateMutexW(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCWSTR lpName); 8 | HANDLE WtCreateMutexExA(LPSECURITY_ATTRIBUTES lpMutexAttributes, LPCSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 9 | HANDLE WtCreateMutexExW(LPSECURITY_ATTRIBUTES lpMutexAttributes, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 10 | BOOL WtReleaseMutex(HANDLE hMutex); 11 | HANDLE WtCreateSemaphoreExW(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 12 | BOOL WtReleaseSemaphore(HANDLE hSemaphore, LONG lReleaseCount, LPLONG lpPreviousCount); 13 | HANDLE WtCreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName); 14 | HANDLE WtCreateEventW(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName); 15 | HANDLE WtCreateEventExA(LPSECURITY_ATTRIBUTES lpEventAttributes, LPCSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 16 | HANDLE WtCreateEventExW(LPSECURITY_ATTRIBUTES lpEventAttributes, LPCWSTR lpName, DWORD dwFlags, DWORD dwDesiredAccess); 17 | BOOL WtSetEvent(HANDLE hEvent); 18 | BOOL WtResetEvent(HANDLE hEvent); 19 | void WtInitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 20 | void WtEnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 21 | void WtLeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 22 | BOOL WtInitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount); 23 | BOOL WtInitializeCriticalSectionEx(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount, DWORD Flags); 24 | DWORD WtSetCriticalSectionSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount); 25 | BOOL WtTryEnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 26 | void WtDeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection); 27 | DWORD WtWaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds); 28 | DWORD WtWaitForSingleObjectEx(HANDLE hHandle, DWORD dwMilliseconds, BOOL bAlertable); 29 | DWORD WtWaitForMultipleObjectsEx(DWORD nCount, HANDLE *lpHandles, BOOL bWaitAll, DWORD dwMilliseconds, BOOL bAlertable); 30 | DWORD WtSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 31 | 32 | #endif // WT_SYNCAPI_H 33 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_processthreadsapi.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_PROCESSTHREADSAPI_H 2 | #define WT_PROCESSTHREADSAPI_H 3 | 4 | #include "common.h" 5 | 6 | BOOL WtCreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 7 | BOOL WtCreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 8 | BOOL WtCreateProcessAsUserA(HANDLE hToken, LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 9 | BOOL WtCreateProcessAsUserW(HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 10 | HANDLE WtCreateRemoteThread(HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 11 | HANDLE WtCreateRemoteThreadEx(HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, LPDWORD lpThreadId); 12 | HANDLE WtCreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 13 | void WtDeleteProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList); 14 | void WtExitProcess(UINT uExitCode); 15 | void WtExitThread(DWORD dwExitCode); 16 | HANDLE WtGetCurrentProcess(); 17 | DWORD WtGetCurrentProcessId(); 18 | DWORD WtResumeThread(HANDLE hThread); 19 | DWORD WtSuspendThread(HANDLE hThread); 20 | BOOL WtTerminateProcess(HANDLE hProcess, UINT uExitCode); 21 | BOOL WtTerminateThread(HANDLE hThread, DWORD dwExitCode); 22 | 23 | #endif // WT_PROCESSTHREADSAPI_H 24 | -------------------------------------------------------------------------------- /dll/crt/wt_stdlib.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | double 6 | wt_atof( 7 | LPCSTR str 8 | ) 9 | { 10 | double Ret; 11 | 12 | if (BeginTrace(E_atof)) 13 | { 14 | WriteFuncBuffer("(\"%s\")", str); 15 | Ret = atof(str); 16 | WriteFuncBuffer(" = %lf", Ret); 17 | EndTrace(E_atof, FALSE); 18 | } 19 | else 20 | { 21 | Ret = atof(str); 22 | } 23 | 24 | return (Ret); 25 | } 26 | 27 | int 28 | wt_atoi( 29 | LPCSTR str 30 | ) 31 | { 32 | int Ret; 33 | 34 | if (BeginTrace(E_atoi)) 35 | { 36 | WriteFuncBuffer("(\"%s\")", str); 37 | Ret = atoi(str); 38 | WriteFuncBuffer(" = %d", Ret); 39 | EndTrace(E_atoi, FALSE); 40 | } 41 | else 42 | { 43 | Ret = atoi(str); 44 | } 45 | 46 | return (Ret); 47 | } 48 | 49 | long 50 | wt_atol( 51 | LPCSTR str 52 | ) 53 | { 54 | long Ret; 55 | 56 | if (BeginTrace(E_atol)) 57 | { 58 | WriteFuncBuffer("(\"%s\")", str); 59 | Ret = atol(str); 60 | WriteFuncBuffer(" = %d", Ret); 61 | EndTrace(E_atol, FALSE); 62 | } 63 | else 64 | { 65 | Ret = atol(str); 66 | } 67 | 68 | return (Ret); 69 | } 70 | 71 | LPVOID 72 | wt_malloc( 73 | size_t size 74 | ) 75 | { 76 | LPVOID Ret; 77 | 78 | if (BeginTrace(E_malloc)) 79 | { 80 | WriteFuncBuffer("(%llu)", size); 81 | Ret = malloc(size); 82 | WriteFuncBuffer(" = 0x%p", Ret); 83 | EndTrace(E_malloc, FALSE); 84 | } 85 | else 86 | { 87 | Ret = malloc(size); 88 | } 89 | 90 | return (Ret); 91 | } 92 | 93 | LPVOID 94 | wt_calloc( 95 | size_t nitems, 96 | size_t size 97 | ) 98 | { 99 | LPVOID Ret; 100 | 101 | if (BeginTrace(E_calloc)) 102 | { 103 | WriteFuncBuffer("(%llu, %llu)", nitems, size); 104 | Ret = calloc(nitems, size); 105 | WriteFuncBuffer(" = 0x%p", Ret); 106 | EndTrace(E_calloc, FALSE); 107 | } 108 | else 109 | { 110 | Ret = calloc(nitems, size); 111 | } 112 | 113 | return (Ret); 114 | } 115 | 116 | LPVOID 117 | wt_realloc( 118 | LPVOID ptr, 119 | size_t size 120 | ) 121 | { 122 | LPVOID Ret; 123 | 124 | if (BeginTrace(E_realloc)) 125 | { 126 | WriteFuncBuffer("(0x%p, %llu)", ptr, size); 127 | Ret = realloc(ptr, size); 128 | WriteFuncBuffer(" = 0x%p", Ret); 129 | EndTrace(E_realloc, FALSE); 130 | } 131 | else 132 | { 133 | Ret = realloc(ptr, size); 134 | } 135 | 136 | return (Ret); 137 | } 138 | 139 | void 140 | wt_free( 141 | LPVOID memblock 142 | ) 143 | { 144 | if (BeginTrace(E_free)) 145 | { 146 | WriteFuncBuffer("(0x%p)", memblock); 147 | WriteFuncBuffer(" = VOID"); 148 | EndTrace(E_free, FALSE); 149 | } 150 | 151 | free(memblock); 152 | } 153 | 154 | -------------------------------------------------------------------------------- /tests/test_threads.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #define WIN32_LEAN_AND_MEAN 4 | #include 5 | 6 | #define LOOP_COUNT 1 7 | 8 | void TaskLocked(void *); 9 | void TaskUnlocked(void *); 10 | 11 | HANDLE Threads[5]; 12 | HANDLE Mutex; 13 | HANDLE File; 14 | 15 | int 16 | main(void) 17 | { 18 | CHAR ClearLine[16] = "\r\n\r\n"; 19 | 20 | Mutex = CreateMutex(NULL, FALSE, NULL); 21 | if (!Mutex) 22 | { 23 | printf("failed to create mutex! %d\r\n", GetLastError()); 24 | return 1; 25 | } 26 | 27 | File = CreateFileA("blah.txt", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 28 | if (!File) 29 | { 30 | printf("failed to create file!...%d\r\n", GetLastError()); 31 | return -1; 32 | } 33 | 34 | printf("-----------LOCKED------------\r\n\r\n"); 35 | 36 | Threads[0] = (HANDLE)_beginthread(&TaskLocked, 0, "First\r\n"); 37 | Threads[1] = (HANDLE)_beginthread(&TaskLocked, 0, "Second\r\n"); 38 | Threads[2] = (HANDLE)_beginthread(&TaskLocked, 0, "Third\r\n"); 39 | Threads[3] = (HANDLE)_beginthread(&TaskLocked, 0, "Fourth\r\n"); 40 | Threads[4] = (HANDLE)_beginthread(&TaskLocked, 0, "Fifth\r\n"); 41 | 42 | WaitForMultipleObjects(5, Threads, TRUE, INFINITE); 43 | WriteFile(File, ClearLine, (DWORD)strlen(ClearLine), NULL, NULL); 44 | 45 | printf("-----------UNLOCKED------------\r\n\r\n"); 46 | 47 | Threads[0] = (HANDLE)_beginthread(&TaskUnlocked, 0, "First\r\n"); 48 | Threads[1] = (HANDLE)_beginthread(&TaskUnlocked, 0, "Second\r\n"); 49 | Threads[2] = (HANDLE)_beginthread(&TaskUnlocked, 0, "Third\r\n"); 50 | Threads[3] = (HANDLE)_beginthread(&TaskUnlocked, 0, "Fourth\r\n"); 51 | Threads[4] = (HANDLE)_beginthread(&TaskUnlocked, 0, "Fifth\r\n"); 52 | 53 | WaitForMultipleObjects(5, Threads, TRUE, INFINITE); 54 | 55 | CloseHandle(File); 56 | 57 | return 0; 58 | } 59 | 60 | void 61 | TaskLocked(void *String) 62 | { 63 | INT i; 64 | CHAR *Ch; 65 | DWORD WaitResult; 66 | 67 | 68 | for (i = 0; i < LOOP_COUNT; i++) 69 | { 70 | WaitResult = WaitForSingleObject(Mutex, INFINITE); 71 | 72 | switch (WaitResult) 73 | { 74 | case WAIT_OBJECT_0: 75 | { 76 | for (Ch = (char *)String; *Ch; ++Ch) 77 | { 78 | WriteFile(File, Ch, 1, NULL, NULL); 79 | } 80 | ReleaseMutex(Mutex); 81 | } break; 82 | } 83 | } 84 | } 85 | 86 | void 87 | TaskUnlocked(void *String) 88 | { 89 | INT i; 90 | CHAR *Ch; 91 | 92 | 93 | for (i = 0; i < LOOP_COUNT; i++) 94 | { 95 | for (Ch = (CHAR *)String; *Ch; ++Ch) 96 | { 97 | WriteFile(File, Ch, 1, NULL, NULL); 98 | } 99 | } 100 | } 101 | 102 | 103 | -------------------------------------------------------------------------------- /hookgen/type_hash.c: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | #define _CRT_SECURE_NO_WARNINGS 3 | #include 4 | #include 5 | #include 6 | 7 | #define CRLF "\r\n" 8 | 9 | LPSTR Types[] = 10 | { 11 | "BOOL", 12 | "BOOLEAN", 13 | 14 | "char", 15 | "short", 16 | "int", 17 | "long", 18 | "float", 19 | "double", 20 | "size_t", 21 | "INT", 22 | "INT8", 23 | "INT16", 24 | "INT32", 25 | "INT64", 26 | "UINT", 27 | "UINT8", 28 | "UINT16", 29 | "UINT32", 30 | "UINT64", 31 | "SHORT", 32 | "BYTE", 33 | "WORD", 34 | "DWORD", 35 | "QWORD", 36 | "SIZE_T", 37 | "LONG", 38 | "HEAP_INFORMATION_CLASS", 39 | 40 | "CHAR", 41 | "WCHAR", 42 | "LPSTR", 43 | "LPWSTR", 44 | "LPCSTR", 45 | "LPCWSTR", 46 | "ATOM", 47 | 48 | "LPOVERLAPPED", 49 | "LPOVERLAPPED_COMPLETION_ROUTINE", 50 | "PLARGE_INTEGER", 51 | "LARGE_INTEGER", 52 | "FLOAT", 53 | "LPFLOAT", 54 | "LPCVOID", 55 | "LPBYTE", 56 | "LPWORD", 57 | "PLONG", 58 | "LPLONG", 59 | "LPDWORD", 60 | "PDWORD", 61 | "LPPROCESS_HEAP_ENTRY", 62 | "LPCRITICAL_SECTION", 63 | "HWND", 64 | "HMODULE", 65 | "HANDLE", 66 | "PHANDLE", 67 | "LPVOID", 68 | "PVOID", 69 | "PSIZE_T", 70 | "void", 71 | "VOID", 72 | "LPSECURITY_ATTRIBUTES", 73 | "PMEMORY_BASIC_INFORMATION", 74 | "LPPROC_THREAD_ATTRIBUTE_LIST", 75 | "LPSTARTUPINFOA", 76 | "LPSTARTUPINFOW", 77 | "LPPROCESS_INFORMATION", 78 | "LPTHREAD_START_ROUTINE", 79 | "LPDEBUG_EVENT", 80 | "LPBOOL", 81 | "PBOOL", 82 | "LPRECT", 83 | "LRESULT", 84 | "PAINTSTRUCT", 85 | "LPPAINTSTRUCT", 86 | "HDC", 87 | "LPPOINT", 88 | "HMENU", 89 | "HINSTANCE", 90 | "WPARAM", 91 | "LPARAM", 92 | "LPMSG", 93 | "HBRUSH", 94 | "LPWNDCLASSEXA", 95 | "LPWNDCLASSEXW", 96 | "LPFILE" 97 | }; 98 | 99 | DWORD 100 | Djb2(LPSTR String) 101 | { 102 | DWORD Hash = 5381; 103 | INT C = *String++; 104 | 105 | 106 | while (C) 107 | { 108 | Hash = ((Hash << 5) + Hash) + C; 109 | C = *String++; 110 | } 111 | 112 | return Hash; 113 | } 114 | 115 | int 116 | main(void) 117 | { 118 | HANDLE HashFile; 119 | SIZE_T TypesLen = sizeof(Types) / sizeof(Types[0]); 120 | INT I; 121 | CHAR Str[256]; 122 | 123 | 124 | HashFile = CreateFile("type_hashes.h", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 125 | 126 | for (I = 0; I < TypesLen; I++) 127 | { 128 | sprintf(Str, "#define TYPE_%s %u" CRLF, Types[I], Djb2(Types[I])); 129 | WriteFile(HashFile, Str, (DWORD)strlen(Str), NULL, NULL); 130 | } 131 | sprintf(Str, CRLF); 132 | WriteFile(HashFile, Str, (DWORD)strlen(Str), NULL, NULL); 133 | 134 | CloseHandle(HashFile); 135 | 136 | return 0; 137 | } 138 | 139 | -------------------------------------------------------------------------------- /hookgen/wt_winuser: -------------------------------------------------------------------------------- 1 | BOOL AdjustWindowRect(LPRECT lpRect, DWORD dwStyle, BOOL bMenu); 2 | BOOL AdjustWindowRectEx(LPRECT lpRect, DWORD dwStyle, BOOL bMenu, DWORD dwExStyle); 3 | HDC BeginPaint(HWND hWnd, LPPAINTSTRUCT lpPaint); 4 | BOOL ClientToScreen(HWND hWnd, LPPOINT lpPoint); 5 | BOOL ClipCursor(LPRECT lpRect); 6 | BOOL CloseWindow(HWND hWnd); 7 | HWND CreateWindowA(LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 8 | HWND CreateWindowW(LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 9 | HWND CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 10 | HWND CreateWindowExW(DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 11 | LRESULT DefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 12 | LRESULT DefWindowProcW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 13 | BOOL DestroyWindow(HWND hWnd); 14 | LRESULT DispatchMessageA(LPMSG lpMsg); 15 | LRESULT DispatchMessageW(LPMSG lpMsg); 16 | BOOL EndPaint(HWND hWnd, LPPAINTSTRUCT lpPaint); 17 | int FillRect(HDC hDC, LPRECT lprc, HBRUSH hbr); 18 | BOOL GetClientRect(HWND hWnd, LPRECT lpRect); 19 | BOOL GetCursorPos(LPPOINT lpPoint); 20 | HDC GetDC(HWND hWnd); 21 | BOOL GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax); 22 | BOOL GetMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax); 23 | BOOL GetWindowRect(HWND hWnd, LPRECT lpRect); 24 | int MessageBoxA(HWND hwnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); 25 | int MessageBoxW(HWND hwnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType); 26 | int MessageBoxExA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType, WORD wLanguageId); 27 | int MessageBoxExW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType, WORD wLanguageId); 28 | BOOL PeekMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg); 29 | BOOL PeekMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg); 30 | BOOL PostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 31 | BOOL PostMessageW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 32 | void PostQuitMessage(int nExitCode); 33 | ATOM RegisterClassExA(LPWNDCLASSEXA unnamedParam1); 34 | ATOM RegisterClassExW(LPWNDCLASSEXW unnamedParam1); 35 | int ReleaseDC(HWND hWnd, HDC hDC); 36 | BOOL ScreenToClient(HWND hWnd, LPPOINT lpPoint); 37 | int ShowCursor(BOOL bShow); 38 | BOOL ShowWindow(HWND hWnd, int nCmdShow); 39 | BOOL TranslateMessage(LPMSG lpMsg); 40 | BOOL UpdateWindow(HWND hWnd); 41 | -------------------------------------------------------------------------------- /hookgen/hashes.h: -------------------------------------------------------------------------------- 1 | #define TYPE_BOOL 2088934161 2 | #define TYPE_BOOLEAN 2588621733 3 | #define TYPE_char 2090147939 4 | #define TYPE_short 274395349 5 | #define TYPE_int 193495088 6 | #define TYPE_long 2090479413 7 | #define TYPE_float 259121563 8 | #define TYPE_double 4181547808 9 | #define TYPE_size_t 466678419 10 | #define TYPE_INT 193459152 11 | #define TYPE_INT8 2089184776 12 | #define TYPE_INT16 223620695 13 | #define TYPE_INT32 223620757 14 | #define TYPE_INT64 223620858 15 | #define TYPE_UINT 2089610405 16 | #define TYPE_UINT8 237666685 17 | #define TYPE_UINT16 3548033132 18 | #define TYPE_UINT32 3548033194 19 | #define TYPE_UINT64 3548033295 20 | #define TYPE_SHORT 235259957 21 | #define TYPE_BYTE 2088945209 22 | #define TYPE_WORD 2089688929 23 | #define TYPE_DWORD 218010181 24 | #define TYPE_QWORD 233427154 25 | #define TYPE_SIZE_T 3470178803 26 | #define TYPE_LONG 2089293493 27 | #define TYPE_HEAP_INFORMATION_CLASS 793713533 28 | #define TYPE_CHAR 2088962019 29 | #define TYPE_WCHAR 239815770 30 | #define TYPE_LPSTR 227250426 31 | #define TYPE_LPWSTR 3204439569 32 | #define TYPE_LPCSTR 3203720829 33 | #define TYPE_LPCWSTR 2643715060 34 | #define TYPE_ATOM 2088903670 35 | #define TYPE_LPOVERLAPPED 4208933875 36 | #define TYPE_LPOVERLAPPED_COMPLETION_ROUTINE 3371653649 37 | #define TYPE_PLARGE_INTEGER 645337997 38 | #define TYPE_LARGE_INTEGER 49966237 39 | #define TYPE_FLOAT 219986171 40 | #define TYPE_LPFLOAT 2646872535 41 | #define TYPE_LPCVOID 2643674390 42 | #define TYPE_LPBYTE 3203691413 43 | #define TYPE_LPWORD 3204435133 44 | #define TYPE_PLONG 231845797 45 | #define TYPE_LPDWORD 2644896545 46 | #define TYPE_PDWORD 3346745653 47 | #define TYPE_LPPROCESS_HEAP_ENTRY 4244571726 48 | #define TYPE_HWND 2089158454 49 | #define TYPE_HMODULE 1668954451 50 | #define TYPE_HANDLE 3029769137 51 | #define TYPE_PHANDLE 3198824609 52 | #define TYPE_LPVOID 3204398899 53 | #define TYPE_PVOID 232204999 54 | #define TYPE_PSIZE_T 3639234275 55 | #define TYPE_void 2090838615 56 | #define TYPE_LPSECURITY_ATTRIBUTES 382941407 57 | #define TYPE_PMEMORY_BASIC_INFORMATION 2601075860 58 | #define TYPE_LPPROC_THREAD_ATTRIBUTE_LIST 1522577178 59 | #define TYPE_LPSTARTUPINFOA 1034520609 60 | #define TYPE_LPSTARTUPINFOW 1034520631 61 | #define TYPE_LPPROCESS_INFORMATION 3385903365 62 | #define TYPE_LPTHREAD_START_ROUTINE 4112980875 63 | #define TYPE_LPDEBUG_EVENT 2193312361 64 | #define TYPE_LPBOOL 3203680365 65 | #define TYPE_PBOOL 231486465 66 | #define TYPE_LPRECT 3204244079 67 | #define TYPE_LRESULT 2724215856 68 | #define TYPE_PAINTSTRUCT 3698518758 69 | #define TYPE_LPPAINTSTRUCT 977828034 70 | #define TYPE_HDC 193457716 71 | #define TYPE_LPPOINT 2658833451 72 | #define TYPE_HMENU 222383490 73 | #define TYPE_HINSTANCE 1339144642 74 | #define TYPE_WPARAM 3634136557 75 | #define TYPE_LPARAM 3203647234 76 | #define TYPE_LPMSG 227243848 77 | #define TYPE_HBRUSH 3031117553 78 | #define TYPE_LPWNDCLASSEXA 355984030 79 | #define TYPE_LPWNDCLASSEXW 355984052 80 | #define TYPE_LPFILE 3203817473 81 | 82 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | CFLAGS = -I. -Idll/inc -Idll/inc/win32 -Idll/inc/crt -Wall -Wno-unused-variable -Wno-unused-function -Wno-unused-but-set-variable 3 | LDFLAGS = -shared 4 | 5 | # Hookgen targets 6 | HOOKGEN_DIR = hookgen 7 | HOOKGEN_EXE = $(HOOKGEN_DIR)/hookgen.exe 8 | TYPE_HASH_EXE = $(HOOKGEN_DIR)/type_hash.exe 9 | TYPE_HASHES_H = $(HOOKGEN_DIR)/type_hashes.h 10 | 11 | # DLL targets 12 | DLL_SRCS = \ 13 | dll/crt/wt_stdio.c dll/crt/wt_stdlib.c \ 14 | dll/win32/wt_debugapi.c dll/win32/wt_fileapi.c \ 15 | dll/win32/wt_heapapi.c dll/win32/wt_memoryapi.c \ 16 | dll/win32/wt_processthreadsapi.c dll/win32/wt_profileapi.c \ 17 | dll/win32/wt_winuser.c dll/win32/wt_syncapi.c \ 18 | dll/common.c dll/dllmain.c dll/func_records.c dll/patch_function.c 19 | 20 | DLL_OUT = build/wintrace.dll 21 | 22 | # Core targets 23 | CORE_SRCS = core/main.c 24 | CORE_OUT = build/wintrace.exe 25 | 26 | .PHONY: all clean generate_hooks 27 | 28 | all: $(DLL_OUT) $(CORE_OUT) 29 | 30 | $(TYPE_HASH_EXE): $(HOOKGEN_DIR)/type_hash.c 31 | $(CC) -o $@ $< 32 | 33 | $(TYPE_HASHES_H): $(TYPE_HASH_EXE) 34 | cd $(HOOKGEN_DIR) && ./type_hash.exe 35 | 36 | $(HOOKGEN_EXE): $(HOOKGEN_DIR)/main.c $(TYPE_HASHES_H) 37 | $(CC) -D"_countof(x)=(sizeof(x)/sizeof((x)[0]))" -o $@ $(HOOKGEN_DIR)/main.c -I$(HOOKGEN_DIR) 38 | 39 | generate_hooks: $(HOOKGEN_EXE) 40 | cd $(HOOKGEN_DIR) && ./hookgen.exe 41 | mv $(HOOKGEN_DIR)/wt_debugapi.h dll/inc/win32/ 42 | mv $(HOOKGEN_DIR)/wt_fileapi.h dll/inc/win32/ 43 | mv $(HOOKGEN_DIR)/wt_heapapi.h dll/inc/win32/ 44 | mv $(HOOKGEN_DIR)/wt_memoryapi.h dll/inc/win32/ 45 | mv $(HOOKGEN_DIR)/wt_processthreadsapi.h dll/inc/win32/ 46 | mv $(HOOKGEN_DIR)/wt_profileapi.h dll/inc/win32/ 47 | mv $(HOOKGEN_DIR)/wt_winuser.h dll/inc/win32/ 48 | mv $(HOOKGEN_DIR)/wt_syncapi.h dll/inc/win32/ 49 | mv $(HOOKGEN_DIR)/wt_debugapi.c dll/win32/ 50 | mv $(HOOKGEN_DIR)/wt_fileapi.c dll/win32/ 51 | mv $(HOOKGEN_DIR)/wt_heapapi.c dll/win32/ 52 | mv $(HOOKGEN_DIR)/wt_memoryapi.c dll/win32/ 53 | mv $(HOOKGEN_DIR)/wt_processthreadsapi.c dll/win32/ 54 | mv $(HOOKGEN_DIR)/wt_profileapi.c dll/win32/ 55 | mv $(HOOKGEN_DIR)/wt_winuser.c dll/win32/ 56 | mv $(HOOKGEN_DIR)/wt_syncapi.c dll/win32/ 57 | mv $(HOOKGEN_DIR)/wt_stdio.h dll/inc/crt/ 58 | mv $(HOOKGEN_DIR)/wt_stdlib.h dll/inc/crt/ 59 | mv $(HOOKGEN_DIR)/wt_stdio.c dll/crt/ 60 | mv $(HOOKGEN_DIR)/wt_stdlib.c dll/crt/ 61 | mv $(HOOKGEN_DIR)/func_records.h dll/inc/ 62 | mv $(HOOKGEN_DIR)/func_records.c dll/ 63 | mv $(HOOKGEN_DIR)/patch_function.c dll/ 64 | mv $(HOOKGEN_DIR)/func_hashes.h dll/inc/ 65 | mv $(HOOKGEN_DIR)/supported_functions.md ./ 66 | 67 | $(DLL_OUT): generate_hooks 68 | mkdir -p build 69 | $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(DLL_SRCS) -lkernel32 -luser32 -ladvapi32 70 | 71 | $(CORE_OUT): $(CORE_SRCS) 72 | mkdir -p build 73 | $(CC) $(CFLAGS) -o $@ $(CORE_SRCS) -lkernel32 74 | 75 | clean: 76 | rm -f $(HOOKGEN_EXE) $(TYPE_HASH_EXE) $(TYPE_HASHES_H) 77 | rm -f $(DLL_OUT) $(CORE_OUT) 78 | -------------------------------------------------------------------------------- /hookgen/type_hashes.h: -------------------------------------------------------------------------------- 1 | #define TYPE_BOOL 2088934161 2 | #define TYPE_BOOLEAN 2588621733 3 | #define TYPE_char 2090147939 4 | #define TYPE_short 274395349 5 | #define TYPE_int 193495088 6 | #define TYPE_long 2090479413 7 | #define TYPE_float 259121563 8 | #define TYPE_double 4181547808 9 | #define TYPE_size_t 466678419 10 | #define TYPE_INT 193459152 11 | #define TYPE_INT8 2089184776 12 | #define TYPE_INT16 223620695 13 | #define TYPE_INT32 223620757 14 | #define TYPE_INT64 223620858 15 | #define TYPE_UINT 2089610405 16 | #define TYPE_UINT8 237666685 17 | #define TYPE_UINT16 3548033132 18 | #define TYPE_UINT32 3548033194 19 | #define TYPE_UINT64 3548033295 20 | #define TYPE_SHORT 235259957 21 | #define TYPE_BYTE 2088945209 22 | #define TYPE_WORD 2089688929 23 | #define TYPE_DWORD 218010181 24 | #define TYPE_QWORD 233427154 25 | #define TYPE_SIZE_T 3470178803 26 | #define TYPE_LONG 2089293493 27 | #define TYPE_HEAP_INFORMATION_CLASS 793713533 28 | #define TYPE_CHAR 2088962019 29 | #define TYPE_WCHAR 239815770 30 | #define TYPE_LPSTR 227250426 31 | #define TYPE_LPWSTR 3204439569 32 | #define TYPE_LPCSTR 3203720829 33 | #define TYPE_LPCWSTR 2643715060 34 | #define TYPE_ATOM 2088903670 35 | #define TYPE_LPOVERLAPPED 4208933875 36 | #define TYPE_LPOVERLAPPED_COMPLETION_ROUTINE 3371653649 37 | #define TYPE_PLARGE_INTEGER 645337997 38 | #define TYPE_LARGE_INTEGER 49966237 39 | #define TYPE_FLOAT 219986171 40 | #define TYPE_LPFLOAT 2646872535 41 | #define TYPE_LPCVOID 2643674390 42 | #define TYPE_LPBYTE 3203691413 43 | #define TYPE_LPWORD 3204435133 44 | #define TYPE_PLONG 231845797 45 | #define TYPE_LPLONG 3204039697 46 | #define TYPE_LPDWORD 2644896545 47 | #define TYPE_PDWORD 3346745653 48 | #define TYPE_LPPROCESS_HEAP_ENTRY 4244571726 49 | #define TYPE_LPCRITICAL_SECTION 542280640 50 | #define TYPE_HWND 2089158454 51 | #define TYPE_HMODULE 1668954451 52 | #define TYPE_HANDLE 3029769137 53 | #define TYPE_PHANDLE 3198824609 54 | #define TYPE_LPVOID 3204398899 55 | #define TYPE_PVOID 232204999 56 | #define TYPE_PSIZE_T 3639234275 57 | #define TYPE_void 2090838615 58 | #define TYPE_VOID 2089652695 59 | #define TYPE_LPSECURITY_ATTRIBUTES 382941407 60 | #define TYPE_PMEMORY_BASIC_INFORMATION 2601075860 61 | #define TYPE_LPPROC_THREAD_ATTRIBUTE_LIST 1522577178 62 | #define TYPE_LPSTARTUPINFOA 1034520609 63 | #define TYPE_LPSTARTUPINFOW 1034520631 64 | #define TYPE_LPPROCESS_INFORMATION 3385903365 65 | #define TYPE_LPTHREAD_START_ROUTINE 4112980875 66 | #define TYPE_LPDEBUG_EVENT 2193312361 67 | #define TYPE_LPBOOL 3203680365 68 | #define TYPE_PBOOL 231486465 69 | #define TYPE_LPRECT 3204244079 70 | #define TYPE_LRESULT 2724215856 71 | #define TYPE_PAINTSTRUCT 3698518758 72 | #define TYPE_LPPAINTSTRUCT 977828034 73 | #define TYPE_HDC 193457716 74 | #define TYPE_LPPOINT 2658833451 75 | #define TYPE_HMENU 222383490 76 | #define TYPE_HINSTANCE 1339144642 77 | #define TYPE_WPARAM 3634136557 78 | #define TYPE_LPARAM 3203647234 79 | #define TYPE_LPMSG 227243848 80 | #define TYPE_HBRUSH 3031117553 81 | #define TYPE_LPWNDCLASSEXA 355984030 82 | #define TYPE_LPWNDCLASSEXW 355984052 83 | #define TYPE_LPFILE 3203817473 84 | 85 | -------------------------------------------------------------------------------- /dll/inc/win32/wt_winuser.h: -------------------------------------------------------------------------------- 1 | #ifndef WT_WINUSER_H 2 | #define WT_WINUSER_H 3 | 4 | #include "common.h" 5 | 6 | BOOL WtAdjustWindowRect(LPRECT lpRect, DWORD dwStyle, BOOL bMenu); 7 | BOOL WtAdjustWindowRectEx(LPRECT lpRect, DWORD dwStyle, BOOL bMenu, DWORD dwExStyle); 8 | HDC WtBeginPaint(HWND hWnd, LPPAINTSTRUCT lpPaint); 9 | BOOL WtClientToScreen(HWND hWnd, LPPOINT lpPoint); 10 | BOOL WtClipCursor(LPRECT lpRect); 11 | BOOL WtCloseWindow(HWND hWnd); 12 | HWND WtCreateWindowA(LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 13 | HWND WtCreateWindowW(LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 14 | HWND WtCreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 15 | HWND WtCreateWindowExW(DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam); 16 | LRESULT WtDefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 17 | LRESULT WtDefWindowProcW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 18 | BOOL WtDestroyWindow(HWND hWnd); 19 | LRESULT WtDispatchMessageA(LPMSG lpMsg); 20 | LRESULT WtDispatchMessageW(LPMSG lpMsg); 21 | BOOL WtEndPaint(HWND hWnd, LPPAINTSTRUCT lpPaint); 22 | int WtFillRect(HDC hDC, LPRECT lprc, HBRUSH hbr); 23 | BOOL WtGetClientRect(HWND hWnd, LPRECT lpRect); 24 | BOOL WtGetCursorPos(LPPOINT lpPoint); 25 | HDC WtGetDC(HWND hWnd); 26 | BOOL WtGetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax); 27 | BOOL WtGetMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax); 28 | BOOL WtGetWindowRect(HWND hWnd, LPRECT lpRect); 29 | int WtMessageBoxA(HWND hwnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); 30 | int WtMessageBoxW(HWND hwnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType); 31 | int WtMessageBoxExA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType, WORD wLanguageId); 32 | int WtMessageBoxExW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType, WORD wLanguageId); 33 | BOOL WtPeekMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg); 34 | BOOL WtPeekMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg); 35 | BOOL WtPostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 36 | BOOL WtPostMessageW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); 37 | void WtPostQuitMessage(int nExitCode); 38 | ATOM WtRegisterClassExA(LPWNDCLASSEXA unnamedParam1); 39 | ATOM WtRegisterClassExW(LPWNDCLASSEXW unnamedParam1); 40 | int WtReleaseDC(HWND hWnd, HDC hDC); 41 | BOOL WtScreenToClient(HWND hWnd, LPPOINT lpPoint); 42 | int WtShowCursor(BOOL bShow); 43 | BOOL WtShowWindow(HWND hWnd, int nCmdShow); 44 | BOOL WtTranslateMessage(LPMSG lpMsg); 45 | BOOL WtUpdateWindow(HWND hWnd); 46 | 47 | #endif // WT_WINUSER_H 48 | -------------------------------------------------------------------------------- /dll/common.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | // Globals 5 | extern T_FuncRec g_FuncRecs[]; 6 | extern T_WintraceOpts *pOpts; 7 | BOOL g_TraceAll = TRUE; 8 | INT g_CallLvl = 0; 9 | T_FuncList g_FuncList; 10 | extern HANDLE g_Pipe; 11 | extern HANDLE g_Fence; 12 | 13 | void 14 | ShowDetails(T_WintraceOpts *Opts, 15 | DWORD Cnt) 16 | { 17 | if (Opts->ShowProcessID) 18 | WriteFuncBuffer("[%u] ", GetCurrentProcessId()); 19 | if (Opts->ShowThreadID) 20 | WriteFuncBuffer("<%u> ", GetCurrentThreadId()); 21 | if (Opts->ShowFuncCount) 22 | WriteFuncBuffer("(%u) ", Cnt); 23 | } 24 | 25 | DWORD 26 | Djb2(LPSTR String) 27 | { 28 | DWORD Hash = 5381; 29 | INT C = *String++; 30 | 31 | 32 | while (C) 33 | { 34 | Hash = ((Hash << 5) + Hash) + C; 35 | C = *String++; 36 | } 37 | 38 | return Hash; 39 | } 40 | 41 | BOOL 42 | BeginTrace(E_FuncEnum FunctionName) 43 | { 44 | T_FuncRec *Func = &g_FuncRecs[FunctionName]; 45 | 46 | 47 | if (Func->bTrace) 48 | { 49 | g_CallLvl++; 50 | ShowDetails(pOpts, ++(Func->Cnt)); 51 | WriteFuncBuffer("%*c%s", g_CallLvl, ' ', Func->Name); 52 | return TRUE; 53 | } 54 | 55 | return FALSE; 56 | } 57 | 58 | // *could use this param to check for if a function can report GetLastError() 59 | void 60 | EndTrace(E_FuncEnum FunctionName, // reserved for now* 61 | BOOL bError) 62 | { 63 | UNREFERENCED_PARAMETER(FunctionName); 64 | 65 | if (bError) 66 | WriteFuncBuffer(" (ERROR: %u) ", GetLastError()); 67 | WriteFuncBuffer("\r\n"); 68 | PrintFuncBuffer(&g_FuncList.Buffers[g_CallLvl--]); 69 | } 70 | 71 | void 72 | WriteFuncBuffer(char *Format, 73 | ...) 74 | { 75 | T_FuncBuffer *Buffer = &g_FuncList.Buffers[g_CallLvl]; 76 | SIZE_T Bytes; 77 | va_list VarArgs; 78 | 79 | va_start(VarArgs, Format); 80 | 81 | Bytes = vsprintf(Buffer->Buff + Buffer->Pos, Format, VarArgs); 82 | Buffer->Pos += Bytes; 83 | 84 | va_end(VarArgs); 85 | } 86 | 87 | void 88 | PrintFuncBuffer(T_FuncBuffer *Buffer) 89 | { 90 | BOOL Status; 91 | DWORD NumRead; 92 | 93 | 94 | Status = WriteFile(g_Pipe, Buffer->Buff, 512, &NumRead, NULL); 95 | if (!Status) 96 | { 97 | fprintf(stderr, "[DLL] Failed to write to pipe %d...!\r\n", GetLastError()); 98 | } 99 | WaitForSingleObject(g_Fence, INFINITE); 100 | 101 | Buffer->Pos = 0; 102 | } 103 | 104 | void 105 | InitFuncRecs() 106 | { 107 | DWORD Hash; 108 | INT I; 109 | 110 | 111 | // Only tracing specific functions, set just these to TRUE 112 | if (pOpts->TraceList[0][0]) 113 | { 114 | for (I = 0; I < 32 && pOpts->TraceList[I]; I++) 115 | { 116 | Hash = Djb2(pOpts->TraceList[I]); 117 | 118 | SetTrace(Hash, TRUE); 119 | } 120 | } 121 | 122 | // Blocking specific functions 123 | else if (pOpts->BlockList[0][0]) 124 | { 125 | for (I = 0; I < E_Count; I++) 126 | { 127 | g_FuncRecs[I].bTrace = TRUE; 128 | } 129 | 130 | for (I = 0; I < 32 && pOpts->BlockList[I]; I++) 131 | { 132 | Hash = Djb2(pOpts->BlockList[I]); 133 | 134 | SetTrace(Hash, FALSE); 135 | } 136 | } 137 | 138 | // Tracing all functions 139 | else 140 | { 141 | for (I = 0; I < E_Count; I++) 142 | { 143 | g_FuncRecs[I].bTrace = TRUE; 144 | } 145 | } 146 | } 147 | 148 | -------------------------------------------------------------------------------- /dll/win32/wt_debugapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | BOOL 6 | WtCheckRemoteDebuggerPresent( 7 | HANDLE hProcess, 8 | PBOOL pbDebuggerPresent 9 | ) 10 | { 11 | BOOL Ret; 12 | 13 | if (BeginTrace(E_CheckRemoteDebuggerPresent)) 14 | { 15 | WriteFuncBuffer("(0x%p, 0x%p)", hProcess, pbDebuggerPresent); 16 | Ret = CheckRemoteDebuggerPresent(hProcess, pbDebuggerPresent); 17 | WriteFuncBuffer(" = %d", Ret); 18 | EndTrace(E_CheckRemoteDebuggerPresent, FALSE); 19 | } 20 | else 21 | { 22 | Ret = CheckRemoteDebuggerPresent(hProcess, pbDebuggerPresent); 23 | } 24 | 25 | return (Ret); 26 | } 27 | 28 | BOOL 29 | WtContinueDebugEvent( 30 | DWORD dwProcessId, 31 | DWORD dwThreadId, 32 | DWORD dwContinueStatus 33 | ) 34 | { 35 | BOOL Ret; 36 | 37 | if (BeginTrace(E_ContinueDebugEvent)) 38 | { 39 | WriteFuncBuffer("(%u, %u, %u)", dwProcessId, dwThreadId, dwContinueStatus); 40 | Ret = ContinueDebugEvent(dwProcessId, dwThreadId, dwContinueStatus); 41 | WriteFuncBuffer(" = %d", Ret); 42 | EndTrace(E_ContinueDebugEvent, FALSE); 43 | } 44 | else 45 | { 46 | Ret = ContinueDebugEvent(dwProcessId, dwThreadId, dwContinueStatus); 47 | } 48 | 49 | return (Ret); 50 | } 51 | 52 | BOOL 53 | WtDebugActiveProcess( 54 | DWORD dwProcessId 55 | ) 56 | { 57 | BOOL Ret; 58 | 59 | if (BeginTrace(E_DebugActiveProcess)) 60 | { 61 | WriteFuncBuffer("(%u)", dwProcessId); 62 | Ret = DebugActiveProcess(dwProcessId); 63 | WriteFuncBuffer(" = %d", Ret); 64 | EndTrace(E_DebugActiveProcess, FALSE); 65 | } 66 | else 67 | { 68 | Ret = DebugActiveProcess(dwProcessId); 69 | } 70 | 71 | return (Ret); 72 | } 73 | 74 | BOOL 75 | WtDebugActiveProcessStop( 76 | DWORD dwProcessId 77 | ) 78 | { 79 | BOOL Ret; 80 | 81 | if (BeginTrace(E_DebugActiveProcessStop)) 82 | { 83 | WriteFuncBuffer("(%u)", dwProcessId); 84 | Ret = DebugActiveProcessStop(dwProcessId); 85 | WriteFuncBuffer(" = %d", Ret); 86 | EndTrace(E_DebugActiveProcessStop, FALSE); 87 | } 88 | else 89 | { 90 | Ret = DebugActiveProcessStop(dwProcessId); 91 | } 92 | 93 | return (Ret); 94 | } 95 | 96 | void 97 | WtDebugBreak() 98 | { 99 | if (BeginTrace(E_DebugBreak)) 100 | { 101 | WriteFuncBuffer("()"); 102 | WriteFuncBuffer(" = VOID"); 103 | EndTrace(E_DebugBreak, FALSE); 104 | } 105 | 106 | DebugBreak(); 107 | } 108 | 109 | BOOL 110 | WtIsDebuggerPresent() 111 | { 112 | BOOL Ret; 113 | 114 | if (BeginTrace(E_IsDebuggerPresent)) 115 | { 116 | WriteFuncBuffer("()"); 117 | Ret = IsDebuggerPresent(); 118 | WriteFuncBuffer(" = %d", Ret); 119 | EndTrace(E_IsDebuggerPresent, FALSE); 120 | } 121 | else 122 | { 123 | Ret = IsDebuggerPresent(); 124 | } 125 | 126 | return (Ret); 127 | } 128 | 129 | void 130 | WtOutputDebugStringA( 131 | LPCSTR lpOutputString 132 | ) 133 | { 134 | if (BeginTrace(E_OutputDebugStringA)) 135 | { 136 | WriteFuncBuffer("(\"%s\")", lpOutputString); 137 | WriteFuncBuffer(" = VOID"); 138 | EndTrace(E_OutputDebugStringA, FALSE); 139 | } 140 | 141 | OutputDebugStringA(lpOutputString); 142 | } 143 | 144 | void 145 | WtOutputDebugStringW( 146 | LPCWSTR lpOutputString 147 | ) 148 | { 149 | if (BeginTrace(E_OutputDebugStringW)) 150 | { 151 | WriteFuncBuffer("(\"%ws\")", lpOutputString); 152 | WriteFuncBuffer(" = VOID"); 153 | EndTrace(E_OutputDebugStringW, FALSE); 154 | } 155 | 156 | OutputDebugStringW(lpOutputString); 157 | } 158 | 159 | BOOL 160 | WtWaitForDebugEvent( 161 | LPDEBUG_EVENT lpDebugEvent, 162 | DWORD dwMilliseconds 163 | ) 164 | { 165 | BOOL Ret; 166 | 167 | if (BeginTrace(E_WaitForDebugEvent)) 168 | { 169 | WriteFuncBuffer("(0x%p, %u)", lpDebugEvent, dwMilliseconds); 170 | Ret = WaitForDebugEvent(lpDebugEvent, dwMilliseconds); 171 | WriteFuncBuffer(" = %d", Ret); 172 | EndTrace(E_WaitForDebugEvent, FALSE); 173 | } 174 | else 175 | { 176 | Ret = WaitForDebugEvent(lpDebugEvent, dwMilliseconds); 177 | } 178 | 179 | return (Ret); 180 | } 181 | 182 | -------------------------------------------------------------------------------- /dll/crt/wt_stdio.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | LPFILE 6 | wt_fopen( 7 | LPCSTR filename, 8 | LPCSTR mode 9 | ) 10 | { 11 | LPFILE Ret; 12 | 13 | if (BeginTrace(E_fopen)) 14 | { 15 | WriteFuncBuffer("(\"%s\", \"%s\")", filename, mode); 16 | Ret = fopen(filename, mode); 17 | WriteFuncBuffer(" = 0x%p", Ret); 18 | EndTrace(E_fopen, FALSE); 19 | } 20 | else 21 | { 22 | Ret = fopen(filename, mode); 23 | } 24 | 25 | return (Ret); 26 | } 27 | 28 | LPFILE 29 | wt__wfopen( 30 | LPCWSTR filename, 31 | LPCWSTR mode 32 | ) 33 | { 34 | LPFILE Ret; 35 | 36 | if (BeginTrace(E__wfopen)) 37 | { 38 | WriteFuncBuffer("(\"%ws\", \"%ws\")", filename, mode); 39 | Ret = _wfopen(filename, mode); 40 | WriteFuncBuffer(" = 0x%p", Ret); 41 | EndTrace(E__wfopen, FALSE); 42 | } 43 | else 44 | { 45 | Ret = _wfopen(filename, mode); 46 | } 47 | 48 | return (Ret); 49 | } 50 | 51 | int 52 | wt_fclose( 53 | LPFILE stream 54 | ) 55 | { 56 | int Ret; 57 | 58 | if (BeginTrace(E_fclose)) 59 | { 60 | WriteFuncBuffer("(0x%p)", stream); 61 | Ret = fclose(stream); 62 | WriteFuncBuffer(" = %d", Ret); 63 | EndTrace(E_fclose, FALSE); 64 | } 65 | else 66 | { 67 | Ret = fclose(stream); 68 | } 69 | 70 | return (Ret); 71 | } 72 | 73 | int 74 | wt_feof( 75 | LPFILE stream 76 | ) 77 | { 78 | int Ret; 79 | 80 | if (BeginTrace(E_feof)) 81 | { 82 | WriteFuncBuffer("(0x%p)", stream); 83 | Ret = feof(stream); 84 | WriteFuncBuffer(" = %d", Ret); 85 | EndTrace(E_feof, FALSE); 86 | } 87 | else 88 | { 89 | Ret = feof(stream); 90 | } 91 | 92 | return (Ret); 93 | } 94 | 95 | int 96 | wt_ferror( 97 | LPFILE stream 98 | ) 99 | { 100 | int Ret; 101 | 102 | if (BeginTrace(E_ferror)) 103 | { 104 | WriteFuncBuffer("(0x%p)", stream); 105 | Ret = ferror(stream); 106 | WriteFuncBuffer(" = %d", Ret); 107 | EndTrace(E_ferror, FALSE); 108 | } 109 | else 110 | { 111 | Ret = ferror(stream); 112 | } 113 | 114 | return (Ret); 115 | } 116 | 117 | int 118 | wt_fflush( 119 | LPFILE stream 120 | ) 121 | { 122 | int Ret; 123 | 124 | if (BeginTrace(E_fflush)) 125 | { 126 | WriteFuncBuffer("(0x%p)", stream); 127 | Ret = fflush(stream); 128 | WriteFuncBuffer(" = %d", Ret); 129 | EndTrace(E_fflush, FALSE); 130 | } 131 | else 132 | { 133 | Ret = fflush(stream); 134 | } 135 | 136 | return (Ret); 137 | } 138 | 139 | size_t 140 | wt_fread( 141 | LPVOID ptr, 142 | size_t size, 143 | size_t nmemb, 144 | LPFILE stream 145 | ) 146 | { 147 | size_t Ret; 148 | 149 | if (BeginTrace(E_fread)) 150 | { 151 | WriteFuncBuffer("(0x%p, %llu, %llu, 0x%p)", ptr, size, nmemb, stream); 152 | Ret = fread(ptr, size, nmemb, stream); 153 | WriteFuncBuffer(" = %llu", Ret); 154 | EndTrace(E_fread, FALSE); 155 | } 156 | else 157 | { 158 | Ret = fread(ptr, size, nmemb, stream); 159 | } 160 | 161 | return (Ret); 162 | } 163 | 164 | size_t 165 | wt_fwrite( 166 | LPVOID ptr, 167 | size_t size, 168 | size_t nmemb, 169 | LPFILE stream 170 | ) 171 | { 172 | size_t Ret; 173 | 174 | if (BeginTrace(E_fwrite)) 175 | { 176 | WriteFuncBuffer("(0x%p, %llu, %llu, 0x%p)", ptr, size, nmemb, stream); 177 | Ret = fwrite(ptr, size, nmemb, stream); 178 | WriteFuncBuffer(" = %llu", Ret); 179 | EndTrace(E_fwrite, FALSE); 180 | } 181 | else 182 | { 183 | Ret = fwrite(ptr, size, nmemb, stream); 184 | } 185 | 186 | return (Ret); 187 | } 188 | 189 | int 190 | wt_fseek( 191 | LPFILE stream, 192 | long offset, 193 | int whence 194 | ) 195 | { 196 | int Ret; 197 | 198 | if (BeginTrace(E_fseek)) 199 | { 200 | WriteFuncBuffer("(0x%p, %d, %d)", stream, offset, whence); 201 | Ret = fseek(stream, offset, whence); 202 | WriteFuncBuffer(" = %d", Ret); 203 | EndTrace(E_fseek, FALSE); 204 | } 205 | else 206 | { 207 | Ret = fseek(stream, offset, whence); 208 | } 209 | 210 | return (Ret); 211 | } 212 | 213 | long 214 | wt_ftell( 215 | LPFILE stream 216 | ) 217 | { 218 | long Ret; 219 | 220 | if (BeginTrace(E_ftell)) 221 | { 222 | WriteFuncBuffer("(0x%p)", stream); 223 | Ret = ftell(stream); 224 | WriteFuncBuffer(" = %d", Ret); 225 | EndTrace(E_ftell, FALSE); 226 | } 227 | else 228 | { 229 | Ret = ftell(stream); 230 | } 231 | 232 | return (Ret); 233 | } 234 | 235 | -------------------------------------------------------------------------------- /dll/inc/func_records.h: -------------------------------------------------------------------------------- 1 | #ifndef FUNC_RECORDS_H 2 | #define FUNC_RECORDS_H 3 | 4 | #define WIN32_LEAN_AND_MEAN 5 | #include 6 | 7 | typedef struct _tag_FuncRec 8 | { 9 | CHAR *Name; 10 | DWORD Cnt; 11 | BOOL bTrace; 12 | } T_FuncRec; 13 | 14 | typedef enum _tag_FuncEnum 15 | { 16 | // debugapi.h 17 | E_CheckRemoteDebuggerPresent, 18 | E_ContinueDebugEvent, 19 | E_DebugActiveProcess, 20 | E_DebugActiveProcessStop, 21 | E_DebugBreak, 22 | E_IsDebuggerPresent, 23 | E_OutputDebugStringA, 24 | E_OutputDebugStringW, 25 | E_WaitForDebugEvent, 26 | // fileapi.h 27 | E_CreateDirectoryA, 28 | E_CreateDirectoryW, 29 | E_CreateFileA, 30 | E_CreateFileW, 31 | E_DeleteFileA, 32 | E_DeleteFileW, 33 | E_GetFileSize, 34 | E_GetFileSizeEx, 35 | E_GetFileType, 36 | E_ReadFile, 37 | E_ReadFileEx, 38 | E_RemoveDirectoryA, 39 | E_RemoveDirectoryW, 40 | E_SetEndOfFile, 41 | E_SetFilePointer, 42 | E_SetFilePointerEx, 43 | E_WriteFile, 44 | E_WriteFileEx, 45 | // heapapi.h 46 | E_GetProcessHeap, 47 | E_GetProcessHeaps, 48 | E_HeapAlloc, 49 | E_HeapCompact, 50 | E_HeapCreate, 51 | E_HeapDestroy, 52 | E_HeapFree, 53 | E_HeapLock, 54 | E_HeapQueryInformation, 55 | E_HeapReAlloc, 56 | E_HeapSetInformation, 57 | E_HeapSize, 58 | E_HeapUnlock, 59 | E_HeapValidate, 60 | E_HeapWalk, 61 | // memoryapi.h 62 | E_CreateFileMappingA, 63 | E_CreateFileMappingW, 64 | E_FlushViewOfFile, 65 | E_MapViewOfFile, 66 | E_MapViewOfFileEx, 67 | E_OpenFileMappingA, 68 | E_OpenFileMappingW, 69 | E_UnmapViewOfFile, 70 | E_VirtualAlloc, 71 | E_VirtualAllocEx, 72 | E_VirtualFree, 73 | E_VirtualFreeEx, 74 | E_VirtualLock, 75 | E_VirtualProtect, 76 | E_VirtualProtectEx, 77 | E_VirtualQuery, 78 | E_VirtualQueryEx, 79 | E_VirtualUnlock, 80 | // processthreadsapi.h 81 | E_CreateProcessA, 82 | E_CreateProcessW, 83 | E_CreateProcessAsUserA, 84 | E_CreateProcessAsUserW, 85 | E_CreateRemoteThread, 86 | E_CreateRemoteThreadEx, 87 | E_CreateThread, 88 | E_DeleteProcThreadAttributeList, 89 | E_ExitProcess, 90 | E_ExitThread, 91 | E_GetCurrentProcess, 92 | E_GetCurrentProcessId, 93 | E_ResumeThread, 94 | E_SuspendThread, 95 | E_TerminateProcess, 96 | E_TerminateThread, 97 | // profileapi.h 98 | E_QueryPerformanceCounter, 99 | E_QueryPerformanceFrequency, 100 | // winuser.h 101 | E_AdjustWindowRect, 102 | E_AdjustWindowRectEx, 103 | E_BeginPaint, 104 | E_ClientToScreen, 105 | E_ClipCursor, 106 | E_CloseWindow, 107 | E_CreateWindowA, 108 | E_CreateWindowW, 109 | E_CreateWindowExA, 110 | E_CreateWindowExW, 111 | E_DefWindowProcA, 112 | E_DefWindowProcW, 113 | E_DestroyWindow, 114 | E_DispatchMessageA, 115 | E_DispatchMessageW, 116 | E_EndPaint, 117 | E_FillRect, 118 | E_GetClientRect, 119 | E_GetCursorPos, 120 | E_GetDC, 121 | E_GetMessageA, 122 | E_GetMessageW, 123 | E_GetWindowRect, 124 | E_MessageBoxA, 125 | E_MessageBoxW, 126 | E_MessageBoxExA, 127 | E_MessageBoxExW, 128 | E_PeekMessageA, 129 | E_PeekMessageW, 130 | E_PostMessageA, 131 | E_PostMessageW, 132 | E_PostQuitMessage, 133 | E_RegisterClassExA, 134 | E_RegisterClassExW, 135 | E_ReleaseDC, 136 | E_ScreenToClient, 137 | E_ShowCursor, 138 | E_ShowWindow, 139 | E_TranslateMessage, 140 | E_UpdateWindow, 141 | // syncapi.h 142 | E_CreateMutexA, 143 | E_CreateMutexW, 144 | E_CreateMutexExA, 145 | E_CreateMutexExW, 146 | E_ReleaseMutex, 147 | E_CreateSemaphoreExW, 148 | E_ReleaseSemaphore, 149 | E_CreateEventA, 150 | E_CreateEventW, 151 | E_CreateEventExA, 152 | E_CreateEventExW, 153 | E_SetEvent, 154 | E_ResetEvent, 155 | E_InitializeCriticalSection, 156 | E_EnterCriticalSection, 157 | E_LeaveCriticalSection, 158 | E_InitializeCriticalSectionAndSpinCount, 159 | E_InitializeCriticalSectionEx, 160 | E_SetCriticalSectionSpinCount, 161 | E_TryEnterCriticalSection, 162 | E_DeleteCriticalSection, 163 | E_WaitForSingleObject, 164 | E_WaitForSingleObjectEx, 165 | E_WaitForMultipleObjectsEx, 166 | E_SleepEx, 167 | // stdio.h 168 | E_fopen, 169 | E__wfopen, 170 | E_fclose, 171 | E_feof, 172 | E_ferror, 173 | E_fflush, 174 | E_fread, 175 | E_fwrite, 176 | E_fseek, 177 | E_ftell, 178 | // stdlib.h 179 | E_atof, 180 | E_atoi, 181 | E_atol, 182 | E_malloc, 183 | E_calloc, 184 | E_realloc, 185 | E_free, 186 | E_Count, 187 | } E_FuncEnum; 188 | 189 | #endif // FUNC_RECORDS_H -------------------------------------------------------------------------------- /supported_functions.md: -------------------------------------------------------------------------------- 1 | # Supported function list 2 | 3 | Below is a list of all the functions currently supported by `wintrace`, sorted by library / header file 4 | 5 | ## debugapi 6 | 7 |
    8 |
  • CheckRemoteDebuggerPresent
    • 9 |
  • ContinueDebugEvent
    • 10 |
  • DebugActiveProcess
    • 11 |
  • DebugActiveProcessStop
    • 12 |
  • DebugBreak
    • 13 |
  • IsDebuggerPresent
    • 14 |
  • OutputDebugStringA
    • 15 |
  • OutputDebugStringW
    • 16 |
  • WaitForDebugEvent
    • 17 |
18 | 19 | ## fileapi 20 | 21 |
    22 |
  • CreateDirectoryA
    • 23 |
  • CreateDirectoryW
    • 24 |
  • CreateFileA
    • 25 |
  • CreateFileW
    • 26 |
  • DeleteFileA
    • 27 |
  • DeleteFileW
    • 28 |
  • GetFileSize
    • 29 |
  • GetFileSizeEx
    • 30 |
  • GetFileType
    • 31 |
  • ReadFile
    • 32 |
  • ReadFileEx
    • 33 |
  • RemoveDirectoryA
    • 34 |
  • RemoveDirectoryW
    • 35 |
  • SetEndOfFile
    • 36 |
  • SetFilePointer
    • 37 |
  • SetFilePointerEx
    • 38 |
  • WriteFile
    • 39 |
  • WriteFileEx
    • 40 |
41 | 42 | ## heapapi 43 | 44 |
    45 |
  • GetProcessHeap
    • 46 |
  • GetProcessHeaps
    • 47 |
  • HeapAlloc
    • 48 |
  • HeapCompact
    • 49 |
  • HeapCreate
    • 50 |
  • HeapDestroy
    • 51 |
  • HeapFree
    • 52 |
  • HeapLock
    • 53 |
  • HeapQueryInformation
    • 54 |
  • HeapReAlloc
    • 55 |
  • HeapSetInformation
    • 56 |
  • HeapSize
    • 57 |
  • HeapUnlock
    • 58 |
  • HeapValidate
    • 59 |
  • HeapWalk
    • 60 |
61 | 62 | ## memoryapi 63 | 64 |
    65 |
  • CreateFileMappingA
    • 66 |
  • CreateFileMappingW
    • 67 |
  • FlushViewOfFile
    • 68 |
  • MapViewOfFile
    • 69 |
  • MapViewOfFileEx
    • 70 |
  • OpenFileMappingA
    • 71 |
  • OpenFileMappingW
    • 72 |
  • UnmapViewOfFile
    • 73 |
  • VirtualAlloc
    • 74 |
  • VirtualAllocEx
    • 75 |
  • VirtualFree
    • 76 |
  • VirtualFreeEx
    • 77 |
  • VirtualLock
    • 78 |
  • VirtualProtect
    • 79 |
  • VirtualProtectEx
    • 80 |
  • VirtualQuery
    • 81 |
  • VirtualQueryEx
    • 82 |
  • VirtualUnlock
    • 83 |
84 | 85 | ## processthreadsapi 86 | 87 |
    88 |
  • CreateProcessA
    • 89 |
  • CreateProcessW
    • 90 |
  • CreateProcessAsUserA
    • 91 |
  • CreateProcessAsUserW
    • 92 |
  • CreateRemoteThread
    • 93 |
  • CreateRemoteThreadEx
    • 94 |
  • CreateThread
    • 95 |
  • DeleteProcThreadAttributeList
    • 96 |
  • ExitProcess
    • 97 |
  • ExitThread
    • 98 |
  • GetCurrentProcess
    • 99 |
  • GetCurrentProcessId
    • 100 |
  • ResumeThread
    • 101 |
  • SuspendThread
    • 102 |
  • TerminateProcess
    • 103 |
  • TerminateThread
    • 104 |
105 | 106 | ## profileapi 107 | 108 |
    109 |
  • QueryPerformanceCounter
    • 110 |
  • QueryPerformanceFrequency
    • 111 |
112 | 113 | ## winuser 114 | 115 |
    116 |
  • AdjustWindowRect
    • 117 |
  • AdjustWindowRectEx
    • 118 |
  • BeginPaint
    • 119 |
  • ClientToScreen
    • 120 |
  • ClipCursor
    • 121 |
  • CloseWindow
    • 122 |
  • CreateWindowA
    • 123 |
  • CreateWindowW
    • 124 |
  • CreateWindowExA
    • 125 |
  • CreateWindowExW
    • 126 |
  • DefWindowProcA
    • 127 |
  • DefWindowProcW
    • 128 |
  • DestroyWindow
    • 129 |
  • DispatchMessageA
    • 130 |
  • DispatchMessageW
    • 131 |
  • EndPaint
    • 132 |
  • FillRect
    • 133 |
  • GetClientRect
    • 134 |
  • GetCursorPos
    • 135 |
  • GetDC
    • 136 |
  • GetMessageA
    • 137 |
  • GetMessageW
    • 138 |
  • GetWindowRect
    • 139 |
  • MessageBoxA
    • 140 |
  • MessageBoxW
    • 141 |
  • MessageBoxExA
    • 142 |
  • MessageBoxExW
    • 143 |
  • PeekMessageA
    • 144 |
  • PeekMessageW
    • 145 |
  • PostMessageA
    • 146 |
  • PostMessageW
    • 147 |
  • PostQuitMessage
    • 148 |
  • RegisterClassExA
    • 149 |
  • RegisterClassExW
    • 150 |
  • ReleaseDC
    • 151 |
  • ScreenToClient
    • 152 |
  • ShowCursor
    • 153 |
  • ShowWindow
    • 154 |
  • TranslateMessage
    • 155 |
  • UpdateWindow
    • 156 |
157 | 158 | ## syncapi 159 | 160 |
    161 |
  • CreateMutexA
    • 162 |
  • CreateMutexW
    • 163 |
  • CreateMutexExA
    • 164 |
  • CreateMutexExW
    • 165 |
  • ReleaseMutex
    • 166 |
  • CreateSemaphoreExW
    • 167 |
  • ReleaseSemaphore
    • 168 |
  • CreateEventA
    • 169 |
  • CreateEventW
    • 170 |
  • CreateEventExA
    • 171 |
  • CreateEventExW
    • 172 |
  • SetEvent
    • 173 |
  • ResetEvent
    • 174 |
  • InitializeCriticalSection
    • 175 |
  • EnterCriticalSection
    • 176 |
  • LeaveCriticalSection
    • 177 |
  • InitializeCriticalSectionAndSpinCount
    • 178 |
  • InitializeCriticalSectionEx
    • 179 |
  • SetCriticalSectionSpinCount
    • 180 |
  • TryEnterCriticalSection
    • 181 |
  • DeleteCriticalSection
    • 182 |
  • WaitForSingleObject
    • 183 |
  • WaitForSingleObjectEx
    • 184 |
  • WaitForMultipleObjectsEx
    • 185 |
  • SleepEx
    • 186 |
187 | 188 | ## stdio 189 | 190 |
    191 |
  • fopen
    • 192 |
  • _wfopen
    • 193 |
  • fclose
    • 194 |
  • feof
    • 195 |
  • ferror
    • 196 |
  • fflush
    • 197 |
  • fread
    • 198 |
  • fwrite
    • 199 |
  • fseek
    • 200 |
  • ftell
    • 201 |
202 | 203 | ## stdlib 204 | 205 |
    206 |
  • atof
    • 207 |
  • atoi
    • 208 |
  • atol
    • 209 |
  • malloc
    • 210 |
  • calloc
    • 211 |
  • realloc
    • 212 |
  • free
    • 213 |
214 | 215 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # wintrace 2 | 3 | wintrace is a simple tracing utility for Windows programs. 4 | It's essentially an strace/ltrace equivalent like on Linux, but for Windows. 5 | 6 | It currently supports a wide range of Win32 functions, as well as some functions from the CRT. See [supported_functions.md](supported_functions.md) for a list of supported functions. 7 | 8 | ## Build instructions 9 | 10 | **NOTE: Currently, only building for x64 is supported.** 11 | 12 | ### 1. Requirements 13 | 14 | To work with the codebase, you'll need Visual Studio 2015 (or later) and the Windows SDK. 15 | 16 | ### 2. Build environment setup 17 | 18 | Building the codebase must be done in a terminal that can call MSVC. This is generally done by calling `vcvarsall.bat x64` in the Visual Studio install directory. 19 | 20 | Alternatively, you can use the developer command prompt that is provided with the Visual Studio install. It is typically called something like `x64 Native Tools Command Prompt for VS `. 21 | 22 | You can ensure that the MSVC compiler is accessible from your command line by running: 23 | ``` 24 | cl 25 | ``` 26 | 27 | If everything is set up correctly, you should have output similar to the following: 28 | ``` 29 | Microsoft (R) C/C++ Optimizing Compiler Version 19.00.24215.1 for x64 30 | Copyright (C) Microsoft Corporation. All rights reserved. 31 | 32 | usage: cl [ option... ] filename... [ /link linkoption... ] 33 | ``` 34 | 35 | ### 3. Building 36 | 37 | Start by cloning the repo: 38 | 39 | 40 | ``` 41 | git clone https://github.com/matthewgeorgy/wintrace/ 42 | cd wintrace 43 | ``` 44 | 45 | Building wintrace is done by using the `make.bat` script in the root of the directory. You have multiple options: 46 | 47 | ``` 48 | make (builds the core executable wintrace.exe and DLL wintrace.dll) 49 | make install (same as above) 50 | make test (builds the tests) 51 | make all (builds everything) 52 | make clean (cleans the build\ directory) 53 | ``` 54 | 55 | ## Usage 56 | 57 | wintrace is a CLI tool, so it's very simple to start using. 58 | 59 | The following is an available list of options you can specify, 60 | which can be obtained by running `wintrace /?`. 61 | 62 | ``` 63 | Usage: wintrace [options...] [args...] 64 | 65 | Options: 66 | /c Show function call count 67 | /p Show process ID 68 | /t Show thread ID 69 | /T:fns Trace only fns, a comma separated list of function names 70 | /o:file Output to file 71 | /? Show available options 72 | ``` 73 | 74 | Here is some sample output, taken from running the `test_fileapi` test: 75 | ``` 76 | > wintrace /c /t /p tests\test_fileapi.exe 77 | [CORE] Initialized successfully: 78 | PID: 7008 79 | Opts: WintraceOpts_7008 80 | Pipe: \\.\pipe\WintracePipe_7008 81 | Fence: WintraceFence_7008 82 | [CORE] Created pipe... 83 | [DLL] Connected pipe... 84 | [DLL] Opened the fence... 85 | [CORE] Connected pipe... 86 | |------------TEST: ..\..\tests\test_fileapi.c------------| 87 | [7008] <3484> (1) CreateDirectoryA("Foo", 0x0000000000000000) = 1 88 | [7008] <3484> (1) CreateFileA("Foo\bar.txt", 3221225472, 0, 0x0000000000000000, 2, 128, 0x0000000000000000) = 0x00000000000000A0 89 | [7008] <3484> (1) WriteFile(0x00000000000000A0, 0x00007FF6A3FE3000, 14, 0x0000000000FEFC60, 0x0000000000000000) = 1 90 | [7008] <3484> (1) SetFilePointer(0x00000000000000A0, 0, 0x0000000000000000, 0) = 0 91 | [7008] <3484> (1) ReadFile(0x00000000000000A0, 0x0000000000FEFC70, 199, 0x0000000000FEFC54, 0x0000000000000000) = 1 92 | [7008] <3484> (1) DeleteFileA("Foo\bar.txt") = 1 93 | [7008] <3484> (1) RemoveDirectoryA("Foo") = 1 94 | 95 | [7008] <3484> (1) CreateDirectoryW("Foo", 0x0000000000000000) = 1 96 | [7008] <3484> (1) CreateFileW("Foo\bar.txt", 3221225472, 0, 0x0000000000000000, 2, 128, 0x0000000000000000) = 0x0000000000000058 97 | [7008] <3484> (2) WriteFile(0x0000000000000058, 0x00007FF6A3FE3000, 14, 0x0000000000FEFC60, 0x0000000000000000) = 1 98 | [7008] <3484> (2) SetFilePointer(0x0000000000000058, 0, 0x0000000000000000, 0) = 0 99 | [7008] <3484> (2) ReadFile(0x0000000000000058, 0x0000000000FEFC70, 199, 0x0000000000FEFC54, 0x0000000000000000) = 1 100 | [7008] <3484> (1) DeleteFileW("Foo\bar.txt") = 0 (ERROR: 32) 101 | [7008] <3484> (1) RemoveDirectoryW("Foo") = 0 (ERROR: 145) 102 | |-----------------------------| 103 | ``` 104 | 105 | The full format of wintrace's output is as follows: 106 | 107 | `[Process ID] (Call count) FunctionName(Args...) = Return Value` 108 | 109 | ## Limitations 110 | 111 | The only current "limitation" with using wintrace actually has to do with the CRT. If your target program statically links to the CRT, then the output from wintrace will be polluted with a lot of extra function calls that come from the CRT internally. This is especially noticeable at program startup/exit where the CRT initializes/deinitializes. 112 | 113 | As an example, consider `malloc` and `free`. Commonly, in CRT implementations, these are actually just stubs that call into the Win32 functions `HeapAlloc` and `HeapFree`, respectively. If the CRT is statically linked, then these heap function calls will go directly in your executable, and you'll see them in the output where you call `malloc` and `free`. Furthermore, the heap functions require a heap handle (such as from `GetProcessHeap`). Many CRT implementations actually create a separate, private heap that is specfically for use by CRT functions like `malloc` and `free`. So, if you see a call to `HeapCreate` in the startup of your program, then that's probabaly what that is. 114 | 115 | There are only two ways (that I know of) to get around this problem: 116 | 117 | 1. Dynamically link to the CRT, which can be done in several ways. The simplest is with the `/MD` switch. 118 | 119 | 2. Don't link to the CRT at all: https://gist.github.com/mmozeiko/81e9c0253cc724638947a53b826888e9. 120 | 121 | ## How does it work? 122 | 123 | Coming soon. 124 | 125 | -------------------------------------------------------------------------------- /dll/dllmain.c: -------------------------------------------------------------------------------- 1 | #define _CRT_SECURE_NO_WARNINGS 2 | #include 3 | 4 | T_WintraceOpts *pOpts; 5 | HANDLE g_Pipe; 6 | HANDLE g_Fence; 7 | 8 | LPSTR __stdcall 9 | GetWintraceDllVersion(void) 10 | { 11 | return (WINTRACE_DLL_VERSION); 12 | } 13 | 14 | BOOL APIENTRY 15 | DllMain(HMODULE hModule, 16 | DWORD fdwReason, 17 | LPVOID lpReserved) 18 | { 19 | // Names 20 | CHAR OptsName[32], 21 | PipeName[32], 22 | FenceName[32]; 23 | 24 | 25 | UNREFERENCED_PARAMETER(hModule); 26 | UNREFERENCED_PARAMETER(lpReserved); 27 | 28 | switch (fdwReason) 29 | { 30 | case DLL_PROCESS_ATTACH: 31 | { 32 | HANDLE FileMap; 33 | DWORD ProcessId; 34 | 35 | ProcessId = GetCurrentProcessId(); 36 | 37 | // Construct names 38 | sprintf(OptsName, "WintraceOpts_%u", ProcessId); 39 | sprintf(PipeName, "\\\\.\\pipe\\WintracePipe_%u", ProcessId); 40 | sprintf(FenceName, "WintraceFence_%u", ProcessId); 41 | 42 | g_Pipe = CreateFileA(PipeName, 43 | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 44 | NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); 45 | if (g_Pipe) 46 | { 47 | fprintf(stderr, "[DLL] Connected pipe...\r\n"); 48 | } 49 | 50 | g_Fence = OpenEventA(SYNCHRONIZE, FALSE, FenceName); 51 | if (g_Fence) 52 | { 53 | fprintf(stderr, "[DLL] Opened the fence...\r\n"); 54 | } 55 | 56 | FileMap = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, OptsName); 57 | if (FileMap) 58 | { 59 | pOpts = (T_WintraceOpts *)MapViewOfFile(FileMap, FILE_MAP_ALL_ACCESS, 0, 0, sizeof(T_WintraceOpts)); 60 | if (pOpts) 61 | { 62 | } 63 | else 64 | { 65 | fprintf(stderr, "[DLL] Failed to map file view!(%d)\n", GetLastError()); 66 | } 67 | } 68 | else 69 | { 70 | fprintf(stderr, "[DLL] Could not open file map!(%d)\n", GetLastError()); 71 | } 72 | 73 | InitFuncRecs(); 74 | PatchIAT(); 75 | 76 | } break; 77 | case DLL_PROCESS_DETACH: 78 | { 79 | CloseHandle(g_Pipe); 80 | } break; 81 | } 82 | 83 | return TRUE; 84 | } 85 | 86 | void 87 | PatchIAT(void) 88 | { 89 | HANDLE ImageBase; 90 | PIMAGE_DOS_HEADER DosHeader; 91 | PIMAGE_NT_HEADERS NtHeader; 92 | PIMAGE_IMPORT_DESCRIPTOR ImportDesc; 93 | IMAGE_DATA_DIRECTORY ImportDir; 94 | PIMAGE_IMPORT_BY_NAME FunctionName; 95 | PIMAGE_THUNK_DATA OriginalFirstThunk, 96 | FirstThunk; 97 | DWORD FuncHash; 98 | 99 | 100 | ImageBase = GetModuleHandleA(NULL); 101 | DosHeader = (PIMAGE_DOS_HEADER)ImageBase; 102 | NtHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)ImageBase + DosHeader->e_lfanew); 103 | 104 | ImportDir = NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]; 105 | ImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)(ImportDir.VirtualAddress + (DWORD_PTR)ImageBase); 106 | 107 | while (ImportDesc->Name != 0) 108 | { 109 | OriginalFirstThunk = (PIMAGE_THUNK_DATA)((DWORD_PTR)ImageBase + ImportDesc->OriginalFirstThunk); 110 | FirstThunk = (PIMAGE_THUNK_DATA)((DWORD_PTR)ImageBase + ImportDesc->FirstThunk); 111 | 112 | while (OriginalFirstThunk->u1.AddressOfData != 0) 113 | { 114 | FunctionName = (PIMAGE_IMPORT_BY_NAME)((DWORD_PTR)ImageBase + OriginalFirstThunk->u1.AddressOfData); 115 | FuncHash = Djb2((LPSTR)FunctionName->Name); 116 | 117 | PatchFunction(FuncHash, FirstThunk); 118 | 119 | OriginalFirstThunk++; 120 | FirstThunk++; 121 | } 122 | 123 | ImportDesc++; 124 | } 125 | } 126 | 127 | void 128 | ReadIAT(void) 129 | { 130 | LPVOID ImageBase; 131 | PIMAGE_DOS_HEADER DosHeader; 132 | PIMAGE_NT_HEADERS NtHeader; 133 | PIMAGE_IMPORT_DESCRIPTOR ImportDesc; 134 | IMAGE_DATA_DIRECTORY ImportDir; 135 | LPCSTR LibraryName; 136 | HMODULE Library; 137 | PIMAGE_IMPORT_BY_NAME FunctionName; 138 | PIMAGE_THUNK_DATA OriginalFirstThunk, 139 | FirstThunk; 140 | 141 | 142 | printf("\n"); 143 | ImageBase = GetModuleHandle(NULL); 144 | DosHeader = (PIMAGE_DOS_HEADER)ImageBase; 145 | NtHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)ImageBase + DosHeader->e_lfanew); 146 | 147 | ImportDir = NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]; 148 | ImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)(ImportDir.VirtualAddress + (DWORD_PTR)ImageBase); 149 | 150 | while (ImportDesc->Name != 0) 151 | { 152 | LibraryName = (LPCSTR)((DWORD_PTR)ImportDesc->Name) + (DWORD_PTR)ImageBase; 153 | Library = LoadLibraryA(LibraryName); 154 | printf("\n%s\n", LibraryName); 155 | 156 | if (Library) 157 | { 158 | OriginalFirstThunk = (PIMAGE_THUNK_DATA)((DWORD_PTR)ImageBase + ImportDesc->OriginalFirstThunk); 159 | FirstThunk = (PIMAGE_THUNK_DATA)((DWORD_PTR)ImageBase + ImportDesc->FirstThunk); 160 | 161 | while (OriginalFirstThunk->u1.AddressOfData != 0) 162 | { 163 | FunctionName = (PIMAGE_IMPORT_BY_NAME)((DWORD_PTR)ImageBase + OriginalFirstThunk->u1.AddressOfData); 164 | 165 | printf("%s\n", FunctionName->Name); 166 | 167 | OriginalFirstThunk++; 168 | FirstThunk++; 169 | } 170 | } 171 | 172 | ImportDesc++; 173 | } 174 | } 175 | 176 | -------------------------------------------------------------------------------- /dll/inc/dllmain.h: -------------------------------------------------------------------------------- 1 | /* 2 | Version History 3 | 4 | 0.6.3 More stdio & stdlib function hooks 5 | 0.6.2 Cleanups 6 | 0.6.1 Added wt_syncapi.c/h 7 | 0.6.0 All output printing is now done with pipes, ONLY 8 | 0.5.6 Made printing in core & dll a bit nicer 9 | 0.5.5 Explicit /B option for blocking functions to trace 10 | 0.5.4 Naming Opts, Pipe, and Fence with the target PID 11 | 0.5.3 Tidying up some DLL stuff 12 | 0.5.2 Added a switch /P to use named pipes to print debug output through the EXE instead of the DLL (WIP) 13 | 0.5.1 CRT function hooks are now generated using hookgen 14 | 0.5.0 Win32 function hooks are now generated using hookgen 15 | 0.4.10 Added function for getting wintrace.dll version 16 | 0.4.9 Added ~ specifier to the /T switch to specify functions that 17 | are not to be traced 18 | Needs a bit of bulletproofing 19 | 0.4.8 Added wt_stdlib.h with a few function hooks 20 | 0.4.7 Beginning to add CRT support; currently a few stdio.h functions 21 | 0.4.6 Tested printing with new system; still needs a slight fix 22 | Fixed hooks for DefWindowProcA/W 23 | 0.4.5 Added basic printing with Write/PrintFuncBuffer(); 24 | Need to test it with actual nested calls next 25 | 0.4.4 Implemented EndTrace() in hooks; fixed misc bugs 26 | 0.4.3 Added EndTrace(), g_CallLvl, WriteFuncBuffer(), PrintFuncBuffer() 27 | Need to actually implement/integrate these into the hooks 28 | 0.4.2 Misc cleanups/fixes + added some comments/documentation 29 | 0.4.1 Added specific tracing 30 | 0.4.0 Fixed GetMessage 31 | 0.3.9 Cleaned up warnings 32 | 0.3.8 Added WtRemoveDirectoryA/W 33 | 0.3.7 Added wt_memoryapi.c/h 34 | 0.3.6 Added wt_profileapi.c/h 35 | 0.3.5 Added wt_debugapi.c/h + filled functions + updated hashes 36 | 0.3.4 General cleanup + fixes after testing with ppmview 37 | Removed _WIN64 requirement for Heap functions 38 | 0.3.3 Added custom output file parsing 39 | 0.3.2 Output now goes to stderr instead of stdout 40 | 0.3.1 Small print fix in WtHeapCompact 41 | 0.3.0 Added wt_fileapi.h/c + functions + added to patch list 42 | 0.2.9 PatchIAT now uses switch+case table with Djb2 hashes 43 | 0.2.8 Added more winuser functions + added them to the patch list 44 | 0.2.7 Removed FARPROC + lpfn function loading in hooks 45 | 0.2.6 Added more winuser functions 46 | 0.2.5 Added processthreadsapi functions to the patch list 47 | 0.2.4 Added more functions to wt_processthreadsapi 48 | 0.2.3 Added common.c and ShowDetails() to display trace opts 49 | 0.2.2 Added procID/threadID tracing 50 | 0.2.1 Function call counts starts at 1 and enclosed in () 51 | 0.2.0 Function call counts print conditionally according to options 52 | 0.1.9 Added common.h to contain common defs we'll need across files 53 | 0.1.8 Added basic file mapping to retrieve options from core process 54 | 0.1.7 Cleanup + retab; forcing x64 DLLCRT 55 | 0.1.6 Fixed wt_heapapi bug*, added ReadIAT() 56 | 0.1.5 Added counters for hooked function calls 57 | 0.1.4 Fully added wt_heapapi.h/c; wt_heapapi BUG ON x86! 58 | 0.1.3 Added dummy macro to easily patch individual IAT entries 59 | 0.1.2 Added dllmain.h and moved #includes around 60 | 0.1.1 Added wt_winuser.h/c and wt_processthreadsapi.c/h 61 | 0.1.0 Initial creation 62 | */ 63 | 64 | // TODO: Fix bug that requires test programs to be compiled with msvcrt.lib: 65 | // If I don't compile the test program with msvcrt.lib, then WtHeapAlloc() 66 | // causes a stack overflow. This is because the printf() calls to malloc(), 67 | // which calls HeapAlloc(). However, because the original HeapAlloc was 68 | // overwritten, it actually calls WtHeapAlloc(), causing an infinite recursion 69 | // until eventual stack overflow. Although not tested, I would expect a 70 | // similar issue with WtHeapFree(). On x86, this causes an almost immediate 71 | // crash; on x64, this doesn't crash, but the recursed HeapAlloc calls can be 72 | // seen in the output. 73 | // However, if I DO compile the test program with msvcrt.lib, then this issue 74 | // somehow disappears. 75 | // NOTE: For now, I am ignoring this issue; target programs MUST be built for 76 | // x64 and linked to the CRT DLL (/MD or link ... msvcrt.lib). I'll 77 | // investigate this later. 78 | // TODO: Check functions with 64bit params and see what format specifier to 79 | // use (ie, %u vs %lu vs %llu). 80 | // TODO: Create our own printf that does fprintf(pOpts->...) internally? 81 | 82 | #ifndef DLLMAIN_H 83 | #define DLLMAIN_H 84 | 85 | #define WIN32_LEAN_AND_MEAN 86 | #include 87 | #include 88 | #include 89 | 90 | #include 91 | 92 | #include 93 | #include 94 | #include 95 | #include 96 | #include 97 | #include 98 | #include 99 | #include 100 | #include 101 | #include 102 | 103 | #define WINTRACE_DLL_VERSION "0.6.3" 104 | 105 | // Goes through the IAT and patches the function addresses 106 | void PatchIAT(void); 107 | 108 | // Patches a function using its Djb2 hash 109 | void PatchFunction(DWORD FuncHash, PIMAGE_THUNK_DATA FirstThunk); 110 | 111 | // 'Dummy' function for printing the IAT (function names + addresses) 112 | void ReadIAT(void); 113 | 114 | __declspec(dllexport) LPSTR __stdcall GetWintraceDllVersion(void); 115 | 116 | // Simpe macro for patching a functions address in the IAT 117 | // Takes FirstThunk and OldProtect from the scope of PatchFunction()! 118 | #define PatchEntry(__Func) \ 119 | do \ 120 | { \ 121 | VirtualProtect((LPVOID)(&FirstThunk->u1.Function), sizeof(DWORD_PTR), PAGE_READWRITE, &OldProtect); \ 122 | FirstThunk->u1.Function = (DWORD_PTR)(__Func); \ 123 | } while (0); 124 | 125 | #endif // DLLMAIN_H 126 | 127 | -------------------------------------------------------------------------------- /dll/inc/func_hashes.h: -------------------------------------------------------------------------------- 1 | #ifndef FUNC_HASHES_H 2 | #define FUNC_HASHES_H 3 | 4 | // debugapi.h 5 | #define FUNC_CheckRemoteDebuggerPresent 107187221 6 | #define FUNC_ContinueDebugEvent 2549675251 7 | #define FUNC_DebugActiveProcess 3798885479 8 | #define FUNC_DebugActiveProcessStop 2188885901 9 | #define FUNC_DebugBreak 3528731537 10 | #define FUNC_IsDebuggerPresent 3869395015 11 | #define FUNC_OutputDebugStringA 2037555093 12 | #define FUNC_OutputDebugStringW 2037555115 13 | #define FUNC_WaitForDebugEvent 3195682730 14 | // fileapi.h 15 | #define FUNC_CreateDirectoryA 1106952175 16 | #define FUNC_CreateDirectoryW 1106952197 17 | #define FUNC_CreateFileA 3952526842 18 | #define FUNC_CreateFileW 3952526864 19 | #define FUNC_DeleteFileA 483952409 20 | #define FUNC_DeleteFileW 483952431 21 | #define FUNC_GetFileSize 2022819104 22 | #define FUNC_GetFileSizeEx 3826751101 23 | #define FUNC_GetFileType 2022872135 24 | #define FUNC_ReadFile 1895930145 25 | #define FUNC_ReadFileEx 3083628222 26 | #define FUNC_RemoveDirectoryA 1100116521 27 | #define FUNC_RemoveDirectoryW 1100116543 28 | #define FUNC_SetEndOfFile 1696626301 29 | #define FUNC_SetFilePointer 1408199666 30 | #define FUNC_SetFilePointerEx 226113999 31 | #define FUNC_WriteFile 1715268784 32 | #define FUNC_WriteFileEx 3911901709 33 | // heapapi.h 34 | #define FUNC_GetProcessHeap 3327659266 35 | #define FUNC_GetProcessHeaps 2438573493 36 | #define FUNC_HeapAlloc 536700686 37 | #define FUNC_HeapCompact 3053059978 38 | #define FUNC_HeapCreate 616373623 39 | #define FUNC_HeapDestroy 3960452205 40 | #define FUNC_HeapFree 927503301 41 | #define FUNC_HeapLock 927715596 42 | #define FUNC_HeapQueryInformation 2411812863 43 | #define FUNC_HeapReAlloc 506577189 44 | #define FUNC_HeapSetInformation 4089094677 45 | #define FUNC_HeapSize 927961374 46 | #define FUNC_HeapUnlock 1316333263 47 | #define FUNC_HeapValidate 3315282893 48 | #define FUNC_HeapWalk 928095954 49 | // memoryapi.h 50 | #define FUNC_CreateFileMappingA 4081056902 51 | #define FUNC_CreateFileMappingW 4081056924 52 | #define FUNC_FlushViewOfFile 2411283351 53 | #define FUNC_MapViewOfFile 299806899 54 | #define FUNC_MapViewOfFileEx 72200912 55 | #define FUNC_OpenFileMappingA 1942271556 56 | #define FUNC_OpenFileMappingW 1942271578 57 | #define FUNC_UnmapViewOfFile 3594121814 58 | #define FUNC_VirtualAlloc 942411671 59 | #define FUNC_VirtualAllocEx 4084095668 60 | #define FUNC_VirtualFree 1720700718 61 | #define FUNC_VirtualFreeEx 1237343243 62 | #define FUNC_VirtualLock 1720913013 63 | #define FUNC_VirtualProtect 2219831693 64 | #define FUNC_VirtualProtectEx 3625095722 65 | #define FUNC_VirtualQuery 961702338 66 | #define FUNC_VirtualQueryEx 3616795551 67 | #define FUNC_VirtualUnlock 1819893880 68 | // processthreadsapi.h 69 | #define FUNC_CreateProcessA 2931109401 70 | #define FUNC_CreateProcessW 2931109423 71 | #define FUNC_CreateProcessAsUserA 2958281772 72 | #define FUNC_CreateProcessAsUserW 2958281794 73 | #define FUNC_CreateRemoteThread 2855303005 74 | #define FUNC_CreateRemoteThreadEx 4163619834 75 | #define FUNC_CreateThread 2131293265 76 | #define FUNC_DeleteProcThreadAttributeList 672166644 77 | #define FUNC_ExitProcess 3077125022 78 | #define FUNC_ExitThread 2060145751 79 | #define FUNC_GetCurrentProcess 3398268199 80 | #define FUNC_GetCurrentProcessId 2747229364 81 | #define FUNC_ResumeThread 1947609710 82 | #define FUNC_SuspendThread 2348241503 83 | #define FUNC_TerminateProcess 1622083437 84 | #define FUNC_TerminateThread 2276354630 85 | // profileapi.h 86 | #define FUNC_QueryPerformanceCounter 3679327501 87 | #define FUNC_QueryPerformanceFrequency 1087381631 88 | // winuser.h 89 | #define FUNC_AdjustWindowRect 2713507990 90 | #define FUNC_AdjustWindowRectEx 72703859 91 | #define FUNC_BeginPaint 3709176934 92 | #define FUNC_ClientToScreen 4019554119 93 | #define FUNC_ClipCursor 2721823819 94 | #define FUNC_CloseWindow 1543434227 95 | #define FUNC_CreateWindowA 1227009330 96 | #define FUNC_CreateWindowW 1227009352 97 | #define FUNC_CreateWindowExA 478339695 98 | #define FUNC_CreateWindowExW 478339717 99 | #define FUNC_DefWindowProcA 1760583233 100 | #define FUNC_DefWindowProcW 1760583255 101 | #define FUNC_DestroyWindow 344202887 102 | #define FUNC_DispatchMessageA 2879414363 103 | #define FUNC_DispatchMessageW 2879414385 104 | #define FUNC_EndPaint 739920600 105 | #define FUNC_FillRect 2887030522 106 | #define FUNC_GetClientRect 2958303922 107 | #define FUNC_GetCursorPos 821011093 108 | #define FUNC_GetDC 222110892 109 | #define FUNC_GetMessageA 3419322795 110 | #define FUNC_GetMessageW 3419322817 111 | #define FUNC_GetWindowRect 4136403979 112 | #define FUNC_MessageBoxA 944706740 113 | #define FUNC_MessageBoxW 944706762 114 | #define FUNC_MessageBoxExA 2288464497 115 | #define FUNC_MessageBoxExW 2288464519 116 | #define FUNC_PeekMessageA 227682608 117 | #define FUNC_PeekMessageW 227682630 118 | #define FUNC_PostMessageA 2485462673 119 | #define FUNC_PostMessageW 2485462695 120 | #define FUNC_PostQuitMessage 563058387 121 | #define FUNC_RegisterClassExA 2469310590 122 | #define FUNC_RegisterClassExW 2469310612 123 | #define FUNC_ReleaseDC 3828904397 124 | #define FUNC_ScreenToClient 2379331655 125 | #define FUNC_ShowCursor 3042291940 126 | #define FUNC_ShowWindow 3810608670 127 | #define FUNC_TranslateMessage 3846330968 128 | #define FUNC_UpdateWindow 3899713536 129 | // syncapi.h 130 | #define FUNC_CreateMutexA 1872835085 131 | #define FUNC_CreateMutexW 1872835107 132 | #define FUNC_CreateMutexExA 3702917642 133 | #define FUNC_CreateMutexExW 3702917664 134 | #define FUNC_ReleaseMutex 1482652953 135 | #define FUNC_CreateSemaphoreExW 4058358097 136 | #define FUNC_ReleaseSemaphore 434477162 137 | #define FUNC_CreateEventA 1560408476 138 | #define FUNC_CreateEventW 1560408498 139 | #define FUNC_CreateEventExA 2772756825 140 | #define FUNC_CreateEventExW 2772756847 141 | #define FUNC_SetEvent 2273229779 142 | #define FUNC_ResetEvent 170852138 143 | #define FUNC_InitializeCriticalSection 1366379447 144 | #define FUNC_EnterCriticalSection 3228481347 145 | #define FUNC_LeaveCriticalSection 2482237650 146 | #define FUNC_InitializeCriticalSectionAndSpinCount 2697350381 147 | #define FUNC_InitializeCriticalSectionEx 1928535764 148 | #define FUNC_SetCriticalSectionSpinCount 932078804 149 | #define FUNC_TryEnterCriticalSection 1566883618 150 | #define FUNC_DeleteCriticalSection 763806584 151 | #define FUNC_WaitForSingleObject 3972899258 152 | #define FUNC_WaitForSingleObjectEx 1455227287 153 | #define FUNC_WaitForMultipleObjectsEx 1469995796 154 | #define FUNC_SleepEx 4230702811 155 | // stdio.h 156 | #define FUNC_fopen 259230589 157 | #define FUNC__wfopen 2980484915 158 | #define FUNC_fclose 4245278497 159 | #define FUNC_feof 2090252933 160 | #define FUNC_ferror 4247869109 161 | #define FUNC_fflush 4248842797 162 | #define FUNC_fread 259326279 163 | #define FUNC_fwrite 4269206038 164 | #define FUNC_fseek 259362355 165 | #define FUNC_ftell 259398524 166 | // stdlib.h 167 | #define FUNC_atof 2090089583 168 | #define FUNC_atoi 2090089586 169 | #define FUNC_atol 2090089589 170 | #define FUNC_malloc 221883709 171 | #define FUNC_calloc 4125497075 172 | #define FUNC_realloc 1038094023 173 | #define FUNC_free 2090266759 174 | 175 | #endif // FUNC_HASHES_H 176 | -------------------------------------------------------------------------------- /dll/win32/wt_heapapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | HANDLE 6 | WtGetProcessHeap() 7 | { 8 | HANDLE Ret; 9 | 10 | if (BeginTrace(E_GetProcessHeap)) 11 | { 12 | WriteFuncBuffer("()"); 13 | Ret = GetProcessHeap(); 14 | WriteFuncBuffer(" = 0x%p", Ret); 15 | EndTrace(E_GetProcessHeap, FALSE); 16 | } 17 | else 18 | { 19 | Ret = GetProcessHeap(); 20 | } 21 | 22 | return (Ret); 23 | } 24 | 25 | DWORD 26 | WtGetProcessHeaps( 27 | DWORD NumberOfHeaps, 28 | PHANDLE ProcessHeaps 29 | ) 30 | { 31 | DWORD Ret; 32 | 33 | if (BeginTrace(E_GetProcessHeaps)) 34 | { 35 | WriteFuncBuffer("(%u, 0x%p)", NumberOfHeaps, ProcessHeaps); 36 | Ret = GetProcessHeaps(NumberOfHeaps, ProcessHeaps); 37 | WriteFuncBuffer(" = %u", Ret); 38 | EndTrace(E_GetProcessHeaps, FALSE); 39 | } 40 | else 41 | { 42 | Ret = GetProcessHeaps(NumberOfHeaps, ProcessHeaps); 43 | } 44 | 45 | return (Ret); 46 | } 47 | 48 | LPVOID 49 | WtHeapAlloc( 50 | HANDLE hHeap, 51 | DWORD dwFlags, 52 | SIZE_T dwBytes 53 | ) 54 | { 55 | LPVOID Ret; 56 | 57 | if (BeginTrace(E_HeapAlloc)) 58 | { 59 | WriteFuncBuffer("(0x%p, %u, %llu)", hHeap, dwFlags, dwBytes); 60 | Ret = HeapAlloc(hHeap, dwFlags, dwBytes); 61 | WriteFuncBuffer(" = 0x%p", Ret); 62 | EndTrace(E_HeapAlloc, FALSE); 63 | } 64 | else 65 | { 66 | Ret = HeapAlloc(hHeap, dwFlags, dwBytes); 67 | } 68 | 69 | return (Ret); 70 | } 71 | 72 | SIZE_T 73 | WtHeapCompact( 74 | HANDLE hHeap, 75 | DWORD dwFlags 76 | ) 77 | { 78 | SIZE_T Ret; 79 | 80 | if (BeginTrace(E_HeapCompact)) 81 | { 82 | WriteFuncBuffer("(0x%p, %u)", hHeap, dwFlags); 83 | Ret = HeapCompact(hHeap, dwFlags); 84 | WriteFuncBuffer(" = %llu", Ret); 85 | EndTrace(E_HeapCompact, FALSE); 86 | } 87 | else 88 | { 89 | Ret = HeapCompact(hHeap, dwFlags); 90 | } 91 | 92 | return (Ret); 93 | } 94 | 95 | HANDLE 96 | WtHeapCreate( 97 | DWORD flOptions, 98 | SIZE_T dwInitialSize, 99 | SIZE_T dwMaximumSize 100 | ) 101 | { 102 | HANDLE Ret; 103 | 104 | if (BeginTrace(E_HeapCreate)) 105 | { 106 | WriteFuncBuffer("(%u, %llu, %llu)", flOptions, dwInitialSize, dwMaximumSize); 107 | Ret = HeapCreate(flOptions, dwInitialSize, dwMaximumSize); 108 | WriteFuncBuffer(" = 0x%p", Ret); 109 | EndTrace(E_HeapCreate, FALSE); 110 | } 111 | else 112 | { 113 | Ret = HeapCreate(flOptions, dwInitialSize, dwMaximumSize); 114 | } 115 | 116 | return (Ret); 117 | } 118 | 119 | BOOL 120 | WtHeapDestroy( 121 | HANDLE hHeap 122 | ) 123 | { 124 | BOOL Ret; 125 | 126 | if (BeginTrace(E_HeapDestroy)) 127 | { 128 | WriteFuncBuffer("(0x%p)", hHeap); 129 | Ret = HeapDestroy(hHeap); 130 | WriteFuncBuffer(" = %d", Ret); 131 | EndTrace(E_HeapDestroy, FALSE); 132 | } 133 | else 134 | { 135 | Ret = HeapDestroy(hHeap); 136 | } 137 | 138 | return (Ret); 139 | } 140 | 141 | BOOL 142 | WtHeapFree( 143 | HANDLE hHeap, 144 | DWORD dwFlags, 145 | LPVOID lpMem 146 | ) 147 | { 148 | BOOL Ret; 149 | 150 | if (BeginTrace(E_HeapFree)) 151 | { 152 | WriteFuncBuffer("(0x%p, %u, 0x%p)", hHeap, dwFlags, lpMem); 153 | Ret = HeapFree(hHeap, dwFlags, lpMem); 154 | WriteFuncBuffer(" = %d", Ret); 155 | EndTrace(E_HeapFree, FALSE); 156 | } 157 | else 158 | { 159 | Ret = HeapFree(hHeap, dwFlags, lpMem); 160 | } 161 | 162 | return (Ret); 163 | } 164 | 165 | BOOL 166 | WtHeapLock( 167 | HANDLE hHeap 168 | ) 169 | { 170 | BOOL Ret; 171 | 172 | if (BeginTrace(E_HeapLock)) 173 | { 174 | WriteFuncBuffer("(0x%p)", hHeap); 175 | Ret = HeapLock(hHeap); 176 | WriteFuncBuffer(" = %d", Ret); 177 | EndTrace(E_HeapLock, FALSE); 178 | } 179 | else 180 | { 181 | Ret = HeapLock(hHeap); 182 | } 183 | 184 | return (Ret); 185 | } 186 | 187 | BOOL 188 | WtHeapQueryInformation( 189 | HANDLE HeapHandle, 190 | HEAP_INFORMATION_CLASS HeapInformationClass, 191 | PVOID HeapInformation, 192 | SIZE_T HeapInformationLength, 193 | PSIZE_T ReturnLength 194 | ) 195 | { 196 | BOOL Ret; 197 | 198 | if (BeginTrace(E_HeapQueryInformation)) 199 | { 200 | WriteFuncBuffer("(0x%p, %d, 0x%p, %llu, 0x%p)", HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength, ReturnLength); 201 | Ret = HeapQueryInformation(HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength, ReturnLength); 202 | WriteFuncBuffer(" = %d", Ret); 203 | EndTrace(E_HeapQueryInformation, FALSE); 204 | } 205 | else 206 | { 207 | Ret = HeapQueryInformation(HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength, ReturnLength); 208 | } 209 | 210 | return (Ret); 211 | } 212 | 213 | LPVOID 214 | WtHeapReAlloc( 215 | HANDLE hHeap, 216 | DWORD dwFlags, 217 | LPVOID lpMem, 218 | SIZE_T dwBytes 219 | ) 220 | { 221 | LPVOID Ret; 222 | 223 | if (BeginTrace(E_HeapReAlloc)) 224 | { 225 | WriteFuncBuffer("(0x%p, %u, 0x%p, %llu)", hHeap, dwFlags, lpMem, dwBytes); 226 | Ret = HeapReAlloc(hHeap, dwFlags, lpMem, dwBytes); 227 | WriteFuncBuffer(" = 0x%p", Ret); 228 | EndTrace(E_HeapReAlloc, FALSE); 229 | } 230 | else 231 | { 232 | Ret = HeapReAlloc(hHeap, dwFlags, lpMem, dwBytes); 233 | } 234 | 235 | return (Ret); 236 | } 237 | 238 | BOOL 239 | WtHeapSetInformation( 240 | HANDLE HeapHandle, 241 | HEAP_INFORMATION_CLASS HeapInformationClass, 242 | PVOID HeapInformation, 243 | SIZE_T HeapInformationLength 244 | ) 245 | { 246 | BOOL Ret; 247 | 248 | if (BeginTrace(E_HeapSetInformation)) 249 | { 250 | WriteFuncBuffer("(0x%p, %d, 0x%p, %llu)", HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength); 251 | Ret = HeapSetInformation(HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength); 252 | WriteFuncBuffer(" = %d", Ret); 253 | EndTrace(E_HeapSetInformation, FALSE); 254 | } 255 | else 256 | { 257 | Ret = HeapSetInformation(HeapHandle, HeapInformationClass, HeapInformation, HeapInformationLength); 258 | } 259 | 260 | return (Ret); 261 | } 262 | 263 | SIZE_T 264 | WtHeapSize( 265 | HANDLE hHeap, 266 | DWORD dwFlags, 267 | LPCVOID lpMem 268 | ) 269 | { 270 | SIZE_T Ret; 271 | 272 | if (BeginTrace(E_HeapSize)) 273 | { 274 | WriteFuncBuffer("(0x%p, %u, 0x%p)", hHeap, dwFlags, lpMem); 275 | Ret = HeapSize(hHeap, dwFlags, lpMem); 276 | WriteFuncBuffer(" = %llu", Ret); 277 | EndTrace(E_HeapSize, FALSE); 278 | } 279 | else 280 | { 281 | Ret = HeapSize(hHeap, dwFlags, lpMem); 282 | } 283 | 284 | return (Ret); 285 | } 286 | 287 | BOOL 288 | WtHeapUnlock( 289 | HANDLE hHeap 290 | ) 291 | { 292 | BOOL Ret; 293 | 294 | if (BeginTrace(E_HeapUnlock)) 295 | { 296 | WriteFuncBuffer("(0x%p)", hHeap); 297 | Ret = HeapUnlock(hHeap); 298 | WriteFuncBuffer(" = %d", Ret); 299 | EndTrace(E_HeapUnlock, FALSE); 300 | } 301 | else 302 | { 303 | Ret = HeapUnlock(hHeap); 304 | } 305 | 306 | return (Ret); 307 | } 308 | 309 | BOOL 310 | WtHeapValidate( 311 | HANDLE hHeap, 312 | DWORD dwFlags, 313 | LPCVOID lpMem 314 | ) 315 | { 316 | BOOL Ret; 317 | 318 | if (BeginTrace(E_HeapValidate)) 319 | { 320 | WriteFuncBuffer("(0x%p, %u, 0x%p)", hHeap, dwFlags, lpMem); 321 | Ret = HeapValidate( hHeap, dwFlags, lpMem); 322 | WriteFuncBuffer(" = %d", Ret); 323 | EndTrace(E_HeapValidate, FALSE); 324 | } 325 | else 326 | { 327 | Ret = HeapValidate( hHeap, dwFlags, lpMem); 328 | } 329 | 330 | return (Ret); 331 | } 332 | 333 | BOOL 334 | WtHeapWalk( 335 | HANDLE hHeap, 336 | LPPROCESS_HEAP_ENTRY lpEntry 337 | ) 338 | { 339 | BOOL Ret; 340 | 341 | if (BeginTrace(E_HeapWalk)) 342 | { 343 | WriteFuncBuffer("(0x%p, 0x%p)", hHeap, lpEntry); 344 | Ret = HeapWalk(hHeap, lpEntry); 345 | WriteFuncBuffer(" = %d", Ret); 346 | EndTrace(E_HeapWalk, FALSE); 347 | } 348 | else 349 | { 350 | Ret = HeapWalk(hHeap, lpEntry); 351 | } 352 | 353 | return (Ret); 354 | } 355 | 356 | -------------------------------------------------------------------------------- /dll/win32/wt_fileapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | BOOL 6 | WtCreateDirectoryA( 7 | LPCSTR lpPathName, 8 | LPSECURITY_ATTRIBUTES lpSecurityAttributes 9 | ) 10 | { 11 | BOOL Ret; 12 | 13 | if (BeginTrace(E_CreateDirectoryA)) 14 | { 15 | WriteFuncBuffer("(\"%s\", 0x%p)", lpPathName, lpSecurityAttributes); 16 | Ret = CreateDirectoryA(lpPathName, lpSecurityAttributes); 17 | WriteFuncBuffer(" = %d", Ret); 18 | EndTrace(E_CreateDirectoryA, FALSE); 19 | } 20 | else 21 | { 22 | Ret = CreateDirectoryA(lpPathName, lpSecurityAttributes); 23 | } 24 | 25 | return (Ret); 26 | } 27 | 28 | BOOL 29 | WtCreateDirectoryW( 30 | LPCWSTR lpPathName, 31 | LPSECURITY_ATTRIBUTES lpSecurityAttributes 32 | ) 33 | { 34 | BOOL Ret; 35 | 36 | if (BeginTrace(E_CreateDirectoryW)) 37 | { 38 | WriteFuncBuffer("(\"%ws\", 0x%p)", lpPathName, lpSecurityAttributes); 39 | Ret = CreateDirectoryW(lpPathName, lpSecurityAttributes); 40 | WriteFuncBuffer(" = %d", Ret); 41 | EndTrace(E_CreateDirectoryW, FALSE); 42 | } 43 | else 44 | { 45 | Ret = CreateDirectoryW(lpPathName, lpSecurityAttributes); 46 | } 47 | 48 | return (Ret); 49 | } 50 | 51 | HANDLE 52 | WtCreateFileA( 53 | LPCSTR lpFileName, 54 | DWORD dwDesiredAccess, 55 | DWORD dwShareMode, 56 | LPSECURITY_ATTRIBUTES lpSecurityAttributes, 57 | DWORD dwCreationDisposition, 58 | DWORD dwFlagsAndAttributes, 59 | HANDLE hTemplateFile 60 | ) 61 | { 62 | HANDLE Ret; 63 | 64 | if (BeginTrace(E_CreateFileA)) 65 | { 66 | WriteFuncBuffer("(\"%s\", %u, %u, 0x%p, %u, %u, 0x%p)", lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 67 | Ret = CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 68 | WriteFuncBuffer(" = 0x%p", Ret); 69 | EndTrace(E_CreateFileA, FALSE); 70 | } 71 | else 72 | { 73 | Ret = CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 74 | } 75 | 76 | return (Ret); 77 | } 78 | 79 | HANDLE 80 | WtCreateFileW( 81 | LPCWSTR lpFileName, 82 | DWORD dwDesiredAccess, 83 | DWORD dwShareMode, 84 | LPSECURITY_ATTRIBUTES lpSecurityAttributes, 85 | DWORD dwCreationDisposition, 86 | DWORD dwFlagsAndAttributes, 87 | HANDLE hTemplateFile 88 | ) 89 | { 90 | HANDLE Ret; 91 | 92 | if (BeginTrace(E_CreateFileW)) 93 | { 94 | WriteFuncBuffer("(\"%ws\", %u, %u, 0x%p, %u, %u, 0x%p)", lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 95 | Ret = CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 96 | WriteFuncBuffer(" = 0x%p", Ret); 97 | EndTrace(E_CreateFileW, FALSE); 98 | } 99 | else 100 | { 101 | Ret = CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); 102 | } 103 | 104 | return (Ret); 105 | } 106 | 107 | BOOL 108 | WtDeleteFileA( 109 | LPCSTR lpFileName 110 | ) 111 | { 112 | BOOL Ret; 113 | 114 | if (BeginTrace(E_DeleteFileA)) 115 | { 116 | WriteFuncBuffer("(\"%s\")", lpFileName); 117 | Ret = DeleteFileA(lpFileName); 118 | WriteFuncBuffer(" = %d", Ret); 119 | EndTrace(E_DeleteFileA, FALSE); 120 | } 121 | else 122 | { 123 | Ret = DeleteFileA(lpFileName); 124 | } 125 | 126 | return (Ret); 127 | } 128 | 129 | BOOL 130 | WtDeleteFileW( 131 | LPCWSTR lpFileName 132 | ) 133 | { 134 | BOOL Ret; 135 | 136 | if (BeginTrace(E_DeleteFileW)) 137 | { 138 | WriteFuncBuffer("(\"%ws\")", lpFileName); 139 | Ret = DeleteFileW(lpFileName); 140 | WriteFuncBuffer(" = %d", Ret); 141 | EndTrace(E_DeleteFileW, FALSE); 142 | } 143 | else 144 | { 145 | Ret = DeleteFileW(lpFileName); 146 | } 147 | 148 | return (Ret); 149 | } 150 | 151 | DWORD 152 | WtGetFileSize( 153 | HANDLE hFile, 154 | LPDWORD lpFileSizeHigh 155 | ) 156 | { 157 | DWORD Ret; 158 | 159 | if (BeginTrace(E_GetFileSize)) 160 | { 161 | WriteFuncBuffer("(0x%p, 0x%p)", hFile, lpFileSizeHigh); 162 | Ret = GetFileSize(hFile, lpFileSizeHigh); 163 | WriteFuncBuffer(" = %u", Ret); 164 | EndTrace(E_GetFileSize, FALSE); 165 | } 166 | else 167 | { 168 | Ret = GetFileSize(hFile, lpFileSizeHigh); 169 | } 170 | 171 | return (Ret); 172 | } 173 | 174 | BOOL 175 | WtGetFileSizeEx( 176 | HANDLE hFile, 177 | PLARGE_INTEGER lpFileSize 178 | ) 179 | { 180 | BOOL Ret; 181 | 182 | if (BeginTrace(E_GetFileSizeEx)) 183 | { 184 | WriteFuncBuffer("(0x%p, 0x%p)", hFile, lpFileSize); 185 | Ret = GetFileSizeEx(hFile, lpFileSize); 186 | WriteFuncBuffer(" = %d", Ret); 187 | EndTrace(E_GetFileSizeEx, FALSE); 188 | } 189 | else 190 | { 191 | Ret = GetFileSizeEx(hFile, lpFileSize); 192 | } 193 | 194 | return (Ret); 195 | } 196 | 197 | DWORD 198 | WtGetFileType( 199 | HANDLE hFile 200 | ) 201 | { 202 | DWORD Ret; 203 | 204 | if (BeginTrace(E_GetFileType)) 205 | { 206 | WriteFuncBuffer("(0x%p)", hFile); 207 | Ret = GetFileType(hFile); 208 | WriteFuncBuffer(" = %u", Ret); 209 | EndTrace(E_GetFileType, FALSE); 210 | } 211 | else 212 | { 213 | Ret = GetFileType(hFile); 214 | } 215 | 216 | return (Ret); 217 | } 218 | 219 | BOOL 220 | WtReadFile( 221 | HANDLE hFile, 222 | LPVOID lpBuffer, 223 | DWORD nNumberOfBytesToRead, 224 | LPDWORD lpNumberOfBytesRead, 225 | LPOVERLAPPED lpOverlapped 226 | ) 227 | { 228 | BOOL Ret; 229 | 230 | if (BeginTrace(E_ReadFile)) 231 | { 232 | WriteFuncBuffer("(0x%p, 0x%p, %u, 0x%p, 0x%p)", hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped); 233 | Ret = ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped); 234 | WriteFuncBuffer(" = %d", Ret); 235 | EndTrace(E_ReadFile, FALSE); 236 | } 237 | else 238 | { 239 | Ret = ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped); 240 | } 241 | 242 | return (Ret); 243 | } 244 | 245 | BOOL 246 | WtReadFileEx( 247 | HANDLE hFile, 248 | LPVOID lpBuffer, 249 | DWORD nNumberOfBytesToRead, 250 | LPOVERLAPPED lpOverlapped, 251 | LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine 252 | ) 253 | { 254 | BOOL Ret; 255 | 256 | if (BeginTrace(E_ReadFileEx)) 257 | { 258 | WriteFuncBuffer("(0x%p, 0x%p, %u, 0x%p, 0x%p)", hFile, lpBuffer, nNumberOfBytesToRead, lpOverlapped, lpCompletionRoutine); 259 | Ret = ReadFileEx(hFile, lpBuffer, nNumberOfBytesToRead, lpOverlapped, lpCompletionRoutine); 260 | WriteFuncBuffer(" = %d", Ret); 261 | EndTrace(E_ReadFileEx, FALSE); 262 | } 263 | else 264 | { 265 | Ret = ReadFileEx(hFile, lpBuffer, nNumberOfBytesToRead, lpOverlapped, lpCompletionRoutine); 266 | } 267 | 268 | return (Ret); 269 | } 270 | 271 | BOOL 272 | WtRemoveDirectoryA( 273 | LPCSTR lpPathName 274 | ) 275 | { 276 | BOOL Ret; 277 | 278 | if (BeginTrace(E_RemoveDirectoryA)) 279 | { 280 | WriteFuncBuffer("(\"%s\")", lpPathName); 281 | Ret = RemoveDirectoryA(lpPathName); 282 | WriteFuncBuffer(" = %d", Ret); 283 | EndTrace(E_RemoveDirectoryA, FALSE); 284 | } 285 | else 286 | { 287 | Ret = RemoveDirectoryA(lpPathName); 288 | } 289 | 290 | return (Ret); 291 | } 292 | 293 | BOOL 294 | WtRemoveDirectoryW( 295 | LPCWSTR lpPathName 296 | ) 297 | { 298 | BOOL Ret; 299 | 300 | if (BeginTrace(E_RemoveDirectoryW)) 301 | { 302 | WriteFuncBuffer("(\"%ws\")", lpPathName); 303 | Ret = RemoveDirectoryW(lpPathName); 304 | WriteFuncBuffer(" = %d", Ret); 305 | EndTrace(E_RemoveDirectoryW, FALSE); 306 | } 307 | else 308 | { 309 | Ret = RemoveDirectoryW(lpPathName); 310 | } 311 | 312 | return (Ret); 313 | } 314 | 315 | BOOL 316 | WtSetEndOfFile( 317 | HANDLE hFile 318 | ) 319 | { 320 | BOOL Ret; 321 | 322 | if (BeginTrace(E_SetEndOfFile)) 323 | { 324 | WriteFuncBuffer("(0x%p)", hFile); 325 | Ret = SetEndOfFile(hFile); 326 | WriteFuncBuffer(" = %d", Ret); 327 | EndTrace(E_SetEndOfFile, FALSE); 328 | } 329 | else 330 | { 331 | Ret = SetEndOfFile(hFile); 332 | } 333 | 334 | return (Ret); 335 | } 336 | 337 | DWORD 338 | WtSetFilePointer( 339 | HANDLE hFile, 340 | LONG lDistanceToMove, 341 | PLONG lpDistanceToMoveHigh, 342 | DWORD dwMoveMethod 343 | ) 344 | { 345 | DWORD Ret; 346 | 347 | if (BeginTrace(E_SetFilePointer)) 348 | { 349 | WriteFuncBuffer("(0x%p, %d, 0x%p, %u)", hFile, lDistanceToMove, lpDistanceToMoveHigh, dwMoveMethod); 350 | Ret = SetFilePointer(hFile, lDistanceToMove, lpDistanceToMoveHigh, dwMoveMethod); 351 | WriteFuncBuffer(" = %u", Ret); 352 | EndTrace(E_SetFilePointer, FALSE); 353 | } 354 | else 355 | { 356 | Ret = SetFilePointer(hFile, lDistanceToMove, lpDistanceToMoveHigh, dwMoveMethod); 357 | } 358 | 359 | return (Ret); 360 | } 361 | 362 | BOOL 363 | WtSetFilePointerEx( 364 | HANDLE hFile, 365 | LARGE_INTEGER liDistanceToMove, 366 | PLARGE_INTEGER lpNewFilePointer, 367 | DWORD dwMoveMethod 368 | ) 369 | { 370 | BOOL Ret; 371 | 372 | if (BeginTrace(E_SetFilePointerEx)) 373 | { 374 | WriteFuncBuffer("(0x%p, %d, 0x%p, %u)", hFile, liDistanceToMove, lpNewFilePointer, dwMoveMethod); 375 | Ret = SetFilePointerEx(hFile, liDistanceToMove, lpNewFilePointer, dwMoveMethod); 376 | WriteFuncBuffer(" = %d", Ret); 377 | EndTrace(E_SetFilePointerEx, FALSE); 378 | } 379 | else 380 | { 381 | Ret = SetFilePointerEx(hFile, liDistanceToMove, lpNewFilePointer, dwMoveMethod); 382 | } 383 | 384 | return (Ret); 385 | } 386 | 387 | BOOL 388 | WtWriteFile( 389 | HANDLE hFile, 390 | LPCVOID lpBuffer, 391 | DWORD nNumberOfBytesToWrite, 392 | LPDWORD lpNumberOfBytesWritten, 393 | LPOVERLAPPED lpOverlapped 394 | ) 395 | { 396 | BOOL Ret; 397 | 398 | if (BeginTrace(E_WriteFile)) 399 | { 400 | WriteFuncBuffer("(0x%p, 0x%p, %u, 0x%p, 0x%p)", hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped); 401 | Ret = WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped); 402 | WriteFuncBuffer(" = %d", Ret); 403 | EndTrace(E_WriteFile, FALSE); 404 | } 405 | else 406 | { 407 | Ret = WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped); 408 | } 409 | 410 | return (Ret); 411 | } 412 | 413 | BOOL 414 | WtWriteFileEx( 415 | HANDLE hFile, 416 | LPCVOID lpBuffer, 417 | DWORD nNumberOfBytesToWrite, 418 | LPOVERLAPPED lpOverlapped, 419 | LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine 420 | ) 421 | { 422 | BOOL Ret; 423 | 424 | if (BeginTrace(E_WriteFileEx)) 425 | { 426 | WriteFuncBuffer("(0x%p, 0x%p, %u, 0x%p, 0x%p)", hFile, lpBuffer, nNumberOfBytesToWrite, lpOverlapped, lpCompletionRoutine); 427 | Ret = WriteFileEx(hFile, lpBuffer, nNumberOfBytesToWrite, lpOverlapped, lpCompletionRoutine); 428 | WriteFuncBuffer(" = %d", Ret); 429 | EndTrace(E_WriteFileEx, FALSE); 430 | } 431 | else 432 | { 433 | Ret = WriteFileEx(hFile, lpBuffer, nNumberOfBytesToWrite, lpOverlapped, lpCompletionRoutine); 434 | } 435 | 436 | return (Ret); 437 | } 438 | 439 | -------------------------------------------------------------------------------- /dll/win32/wt_memoryapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | HANDLE 6 | WtCreateFileMappingA( 7 | HANDLE hFile, 8 | LPSECURITY_ATTRIBUTES lpFileMappingAttributes, 9 | DWORD flProtect, 10 | DWORD dwMaximumSizeHigh, 11 | DWORD dwMaximumSizeLow, 12 | LPCSTR lpName 13 | ) 14 | { 15 | HANDLE Ret; 16 | 17 | if (BeginTrace(E_CreateFileMappingA)) 18 | { 19 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u, %u, \"%s\")", hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 20 | Ret = CreateFileMappingA(hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 21 | WriteFuncBuffer(" = 0x%p", Ret); 22 | EndTrace(E_CreateFileMappingA, FALSE); 23 | } 24 | else 25 | { 26 | Ret = CreateFileMappingA(hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 27 | } 28 | 29 | return (Ret); 30 | } 31 | 32 | HANDLE 33 | WtCreateFileMappingW( 34 | HANDLE hFile, 35 | LPSECURITY_ATTRIBUTES lpFileMappingAttributes, 36 | DWORD flProtect, 37 | DWORD dwMaximumSizeHigh, 38 | DWORD dwMaximumSizeLow, 39 | LPCWSTR lpName 40 | ) 41 | { 42 | HANDLE Ret; 43 | 44 | if (BeginTrace(E_CreateFileMappingW)) 45 | { 46 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u, %u, \"%ws\")", hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 47 | Ret = CreateFileMappingW(hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 48 | WriteFuncBuffer(" = 0x%p", Ret); 49 | EndTrace(E_CreateFileMappingW, FALSE); 50 | } 51 | else 52 | { 53 | Ret = CreateFileMappingW(hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName); 54 | } 55 | 56 | return (Ret); 57 | } 58 | 59 | BOOL 60 | WtFlushViewOfFile( 61 | LPCVOID lpBaseAddress, 62 | SIZE_T dwNumberOfBytesToFlush 63 | ) 64 | { 65 | BOOL Ret; 66 | 67 | if (BeginTrace(E_FlushViewOfFile)) 68 | { 69 | WriteFuncBuffer("(0x%p, %llu)", lpBaseAddress, dwNumberOfBytesToFlush); 70 | Ret = FlushViewOfFile(lpBaseAddress, dwNumberOfBytesToFlush); 71 | WriteFuncBuffer(" = %d", Ret); 72 | EndTrace(E_FlushViewOfFile, FALSE); 73 | } 74 | else 75 | { 76 | Ret = FlushViewOfFile(lpBaseAddress, dwNumberOfBytesToFlush); 77 | } 78 | 79 | return (Ret); 80 | } 81 | 82 | LPVOID 83 | WtMapViewOfFile( 84 | HANDLE hFileMappingObject, 85 | DWORD dwDesiredAccess, 86 | DWORD dwFileOffsetHigh, 87 | DWORD dwFileOffsetLow, 88 | SIZE_T dwNumberOfBytesToMap 89 | ) 90 | { 91 | LPVOID Ret; 92 | 93 | if (BeginTrace(E_MapViewOfFile)) 94 | { 95 | WriteFuncBuffer("(0x%p, %u, %u, %u, %llu)", hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap); 96 | Ret = MapViewOfFile(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap); 97 | WriteFuncBuffer(" = 0x%p", Ret); 98 | EndTrace(E_MapViewOfFile, FALSE); 99 | } 100 | else 101 | { 102 | Ret = MapViewOfFile(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap); 103 | } 104 | 105 | return (Ret); 106 | } 107 | 108 | LPVOID 109 | WtMapViewOfFileEx( 110 | HANDLE hFileMappingObject, 111 | DWORD dwDesiredAccess, 112 | DWORD dwFileOffsetHigh, 113 | DWORD dwFileOffsetLow, 114 | SIZE_T dwNumberOfBytesToMap, 115 | LPVOID lpBaseAddress 116 | ) 117 | { 118 | LPVOID Ret; 119 | 120 | if (BeginTrace(E_MapViewOfFileEx)) 121 | { 122 | WriteFuncBuffer("(0x%p, %u, %u, %u, %llu, 0x%p)", hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap, lpBaseAddress); 123 | Ret = MapViewOfFileEx(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap, lpBaseAddress); 124 | WriteFuncBuffer(" = 0x%p", Ret); 125 | EndTrace(E_MapViewOfFileEx, FALSE); 126 | } 127 | else 128 | { 129 | Ret = MapViewOfFileEx(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap, lpBaseAddress); 130 | } 131 | 132 | return (Ret); 133 | } 134 | 135 | HANDLE 136 | WtOpenFileMappingA( 137 | DWORD dwDesiredAccess, 138 | BOOL bInheritHandle, 139 | LPCSTR lpName 140 | ) 141 | { 142 | HANDLE Ret; 143 | 144 | if (BeginTrace(E_OpenFileMappingA)) 145 | { 146 | WriteFuncBuffer("(%u, %d, \"%s\")", dwDesiredAccess, bInheritHandle, lpName); 147 | Ret = OpenFileMappingA(dwDesiredAccess, bInheritHandle, lpName); 148 | WriteFuncBuffer(" = 0x%p", Ret); 149 | EndTrace(E_OpenFileMappingA, FALSE); 150 | } 151 | else 152 | { 153 | Ret = OpenFileMappingA(dwDesiredAccess, bInheritHandle, lpName); 154 | } 155 | 156 | return (Ret); 157 | } 158 | 159 | HANDLE 160 | WtOpenFileMappingW( 161 | DWORD dwDesiredAccess, 162 | BOOL bInheritHandle, 163 | LPCWSTR lpName 164 | ) 165 | { 166 | HANDLE Ret; 167 | 168 | if (BeginTrace(E_OpenFileMappingW)) 169 | { 170 | WriteFuncBuffer("(%u, %d, \"%ws\")", dwDesiredAccess, bInheritHandle, lpName); 171 | Ret = OpenFileMappingW(dwDesiredAccess, bInheritHandle, lpName); 172 | WriteFuncBuffer(" = 0x%p", Ret); 173 | EndTrace(E_OpenFileMappingW, FALSE); 174 | } 175 | else 176 | { 177 | Ret = OpenFileMappingW(dwDesiredAccess, bInheritHandle, lpName); 178 | } 179 | 180 | return (Ret); 181 | } 182 | 183 | BOOL 184 | WtUnmapViewOfFile( 185 | LPCVOID lpBaseAddress 186 | ) 187 | { 188 | BOOL Ret; 189 | 190 | if (BeginTrace(E_UnmapViewOfFile)) 191 | { 192 | WriteFuncBuffer("(0x%p)", lpBaseAddress); 193 | Ret = UnmapViewOfFile(lpBaseAddress); 194 | WriteFuncBuffer(" = %d", Ret); 195 | EndTrace(E_UnmapViewOfFile, FALSE); 196 | } 197 | else 198 | { 199 | Ret = UnmapViewOfFile(lpBaseAddress); 200 | } 201 | 202 | return (Ret); 203 | } 204 | 205 | LPVOID 206 | WtVirtualAlloc( 207 | LPVOID lpAddress, 208 | SIZE_T dwSize, 209 | DWORD flAllocationType, 210 | DWORD flProtect 211 | ) 212 | { 213 | LPVOID Ret; 214 | 215 | if (BeginTrace(E_VirtualAlloc)) 216 | { 217 | WriteFuncBuffer("(0x%p, %llu, %u, %u)", lpAddress, dwSize, flAllocationType, flProtect); 218 | Ret = VirtualAlloc(lpAddress, dwSize, flAllocationType, flProtect); 219 | WriteFuncBuffer(" = 0x%p", Ret); 220 | EndTrace(E_VirtualAlloc, FALSE); 221 | } 222 | else 223 | { 224 | Ret = VirtualAlloc(lpAddress, dwSize, flAllocationType, flProtect); 225 | } 226 | 227 | return (Ret); 228 | } 229 | 230 | LPVOID 231 | WtVirtualAllocEx( 232 | HANDLE hProcess, 233 | LPVOID lpAddress, 234 | SIZE_T dwSize, 235 | DWORD flAllocationType, 236 | DWORD flProtect 237 | ) 238 | { 239 | LPVOID Ret; 240 | 241 | if (BeginTrace(E_VirtualAllocEx)) 242 | { 243 | WriteFuncBuffer("(0x%p, 0x%p, %llu, %u, %u)", hProcess, lpAddress, dwSize, flAllocationType, flProtect); 244 | Ret = VirtualAllocEx(hProcess, lpAddress, dwSize, flAllocationType, flProtect); 245 | WriteFuncBuffer(" = 0x%p", Ret); 246 | EndTrace(E_VirtualAllocEx, FALSE); 247 | } 248 | else 249 | { 250 | Ret = VirtualAllocEx(hProcess, lpAddress, dwSize, flAllocationType, flProtect); 251 | } 252 | 253 | return (Ret); 254 | } 255 | 256 | BOOL 257 | WtVirtualFree( 258 | LPVOID lpAddress, 259 | SIZE_T dwSize, 260 | DWORD dwFreeType 261 | ) 262 | { 263 | BOOL Ret; 264 | 265 | if (BeginTrace(E_VirtualFree)) 266 | { 267 | WriteFuncBuffer("(0x%p, %llu, %u)", lpAddress, dwSize, dwFreeType); 268 | Ret = VirtualFree(lpAddress, dwSize, dwFreeType); 269 | WriteFuncBuffer(" = %d", Ret); 270 | EndTrace(E_VirtualFree, FALSE); 271 | } 272 | else 273 | { 274 | Ret = VirtualFree(lpAddress, dwSize, dwFreeType); 275 | } 276 | 277 | return (Ret); 278 | } 279 | 280 | BOOL 281 | WtVirtualFreeEx( 282 | HANDLE hProcess, 283 | LPVOID lpAddress, 284 | SIZE_T dwSize, 285 | DWORD dwFreeType 286 | ) 287 | { 288 | BOOL Ret; 289 | 290 | if (BeginTrace(E_VirtualFreeEx)) 291 | { 292 | WriteFuncBuffer("(0x%p, 0x%p, %llu, %u)", hProcess, lpAddress, dwSize, dwFreeType); 293 | Ret = VirtualFreeEx(hProcess, lpAddress, dwSize, dwFreeType); 294 | WriteFuncBuffer(" = %d", Ret); 295 | EndTrace(E_VirtualFreeEx, FALSE); 296 | } 297 | else 298 | { 299 | Ret = VirtualFreeEx(hProcess, lpAddress, dwSize, dwFreeType); 300 | } 301 | 302 | return (Ret); 303 | } 304 | 305 | BOOL 306 | WtVirtualLock( 307 | LPVOID lpAddress, 308 | SIZE_T dwSize 309 | ) 310 | { 311 | BOOL Ret; 312 | 313 | if (BeginTrace(E_VirtualLock)) 314 | { 315 | WriteFuncBuffer("(0x%p, %llu)", lpAddress, dwSize); 316 | Ret = VirtualLock(lpAddress, dwSize); 317 | WriteFuncBuffer(" = %d", Ret); 318 | EndTrace(E_VirtualLock, FALSE); 319 | } 320 | else 321 | { 322 | Ret = VirtualLock(lpAddress, dwSize); 323 | } 324 | 325 | return (Ret); 326 | } 327 | 328 | BOOL 329 | WtVirtualProtect( 330 | LPVOID lpAddress, 331 | SIZE_T dwSize, 332 | DWORD flNewProtect, 333 | PDWORD lpflOldProtect 334 | ) 335 | { 336 | BOOL Ret; 337 | 338 | if (BeginTrace(E_VirtualProtect)) 339 | { 340 | WriteFuncBuffer("(0x%p, %llu, %u, 0x%p)", lpAddress, dwSize, flNewProtect, lpflOldProtect); 341 | Ret = VirtualProtect(lpAddress, dwSize, flNewProtect, lpflOldProtect); 342 | WriteFuncBuffer(" = %d", Ret); 343 | EndTrace(E_VirtualProtect, FALSE); 344 | } 345 | else 346 | { 347 | Ret = VirtualProtect(lpAddress, dwSize, flNewProtect, lpflOldProtect); 348 | } 349 | 350 | return (Ret); 351 | } 352 | 353 | BOOL 354 | WtVirtualProtectEx( 355 | HANDLE hProcess, 356 | LPVOID lpAddress, 357 | SIZE_T dwSize, 358 | DWORD flNewProtect, 359 | PDWORD lpflOldProtect 360 | ) 361 | { 362 | BOOL Ret; 363 | 364 | if (BeginTrace(E_VirtualProtectEx)) 365 | { 366 | WriteFuncBuffer("(0x%p, 0x%p, %llu, %u, 0x%p)", hProcess, lpAddress, dwSize, flNewProtect, lpflOldProtect); 367 | Ret = VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect, lpflOldProtect); 368 | WriteFuncBuffer(" = %d", Ret); 369 | EndTrace(E_VirtualProtectEx, FALSE); 370 | } 371 | else 372 | { 373 | Ret = VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect, lpflOldProtect); 374 | } 375 | 376 | return (Ret); 377 | } 378 | 379 | SIZE_T 380 | WtVirtualQuery( 381 | LPCVOID lpAddress, 382 | PMEMORY_BASIC_INFORMATION lpBuffer, 383 | SIZE_T dwLength 384 | ) 385 | { 386 | SIZE_T Ret; 387 | 388 | if (BeginTrace(E_VirtualQuery)) 389 | { 390 | WriteFuncBuffer("(0x%p, 0x%p, %llu)", lpAddress, lpBuffer, dwLength); 391 | Ret = VirtualQuery(lpAddress, lpBuffer, dwLength); 392 | WriteFuncBuffer(" = %llu", Ret); 393 | EndTrace(E_VirtualQuery, FALSE); 394 | } 395 | else 396 | { 397 | Ret = VirtualQuery(lpAddress, lpBuffer, dwLength); 398 | } 399 | 400 | return (Ret); 401 | } 402 | 403 | SIZE_T 404 | WtVirtualQueryEx( 405 | HANDLE hProcess, 406 | LPCVOID lpAddress, 407 | PMEMORY_BASIC_INFORMATION lpBuffer, 408 | SIZE_T dwLength 409 | ) 410 | { 411 | SIZE_T Ret; 412 | 413 | if (BeginTrace(E_VirtualQueryEx)) 414 | { 415 | WriteFuncBuffer("(0x%p, 0x%p, 0x%p, %llu)", hProcess, lpAddress, lpBuffer, dwLength); 416 | Ret = VirtualQueryEx(hProcess, lpAddress, lpBuffer, dwLength); 417 | WriteFuncBuffer(" = %llu", Ret); 418 | EndTrace(E_VirtualQueryEx, FALSE); 419 | } 420 | else 421 | { 422 | Ret = VirtualQueryEx(hProcess, lpAddress, lpBuffer, dwLength); 423 | } 424 | 425 | return (Ret); 426 | } 427 | 428 | BOOL 429 | WtVirtualUnlock( 430 | LPVOID lpAddress, 431 | SIZE_T dwSize 432 | ) 433 | { 434 | BOOL Ret; 435 | 436 | if (BeginTrace(E_VirtualUnlock)) 437 | { 438 | WriteFuncBuffer("(0x%p, %llu)", lpAddress, dwSize); 439 | Ret = VirtualUnlock(lpAddress, dwSize); 440 | WriteFuncBuffer(" = %d", Ret); 441 | EndTrace(E_VirtualUnlock, FALSE); 442 | } 443 | else 444 | { 445 | Ret = VirtualUnlock(lpAddress, dwSize); 446 | } 447 | 448 | return (Ret); 449 | } 450 | 451 | -------------------------------------------------------------------------------- /dll/win32/wt_processthreadsapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | BOOL 6 | WtCreateProcessA( 7 | LPCSTR lpApplicationName, 8 | LPSTR lpCommandLine, 9 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 10 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 11 | BOOL bInheritHandles, 12 | DWORD dwCreationFlags, 13 | LPVOID lpEnvironment, 14 | LPCSTR lpCurrentDirectory, 15 | LPSTARTUPINFOA lpStartupInfo, 16 | LPPROCESS_INFORMATION lpProcessInformation 17 | ) 18 | { 19 | BOOL Ret; 20 | 21 | if (BeginTrace(E_CreateProcessA)) 22 | { 23 | WriteFuncBuffer("(\"%s\", \"%s\", 0x%p, 0x%p, %d, %u, 0x%p, \"%s\", 0x%p, 0x%p)", lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 24 | Ret = CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 25 | WriteFuncBuffer(" = %d", Ret); 26 | EndTrace(E_CreateProcessA, FALSE); 27 | } 28 | else 29 | { 30 | Ret = CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 31 | } 32 | 33 | return (Ret); 34 | } 35 | 36 | BOOL 37 | WtCreateProcessW( 38 | LPCWSTR lpApplicationName, 39 | LPWSTR lpCommandLine, 40 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 41 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 42 | BOOL bInheritHandles, 43 | DWORD dwCreationFlags, 44 | LPVOID lpEnvironment, 45 | LPCWSTR lpCurrentDirectory, 46 | LPSTARTUPINFOW lpStartupInfo, 47 | LPPROCESS_INFORMATION lpProcessInformation 48 | ) 49 | { 50 | BOOL Ret; 51 | 52 | if (BeginTrace(E_CreateProcessW)) 53 | { 54 | WriteFuncBuffer("(\"%ws\", \"%ws\", 0x%p, 0x%p, %d, %u, 0x%p, \"%ws\", 0x%p, 0x%p)", lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 55 | Ret = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 56 | WriteFuncBuffer(" = %d", Ret); 57 | EndTrace(E_CreateProcessW, FALSE); 58 | } 59 | else 60 | { 61 | Ret = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 62 | } 63 | 64 | return (Ret); 65 | } 66 | 67 | BOOL 68 | WtCreateProcessAsUserA( 69 | HANDLE hToken, 70 | LPCSTR lpApplicationName, 71 | LPSTR lpCommandLine, 72 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 73 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 74 | BOOL bInheritHandles, 75 | DWORD dwCreationFlags, 76 | LPVOID lpEnvironment, 77 | LPCSTR lpCurrentDirectory, 78 | LPSTARTUPINFOA lpStartupInfo, 79 | LPPROCESS_INFORMATION lpProcessInformation 80 | ) 81 | { 82 | BOOL Ret; 83 | 84 | if (BeginTrace(E_CreateProcessAsUserA)) 85 | { 86 | WriteFuncBuffer("(0x%p, \"%s\", \"%s\", 0x%p, 0x%p, %d, %u, 0x%p, \"%s\", 0x%p, 0x%p)", hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 87 | Ret = CreateProcessAsUserA(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 88 | WriteFuncBuffer(" = %d", Ret); 89 | EndTrace(E_CreateProcessAsUserA, FALSE); 90 | } 91 | else 92 | { 93 | Ret = CreateProcessAsUserA(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 94 | } 95 | 96 | return (Ret); 97 | } 98 | 99 | BOOL 100 | WtCreateProcessAsUserW( 101 | HANDLE hToken, 102 | LPCWSTR lpApplicationName, 103 | LPWSTR lpCommandLine, 104 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 105 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 106 | BOOL bInheritHandles, 107 | DWORD dwCreationFlags, 108 | LPVOID lpEnvironment, 109 | LPCWSTR lpCurrentDirectory, 110 | LPSTARTUPINFOW lpStartupInfo, 111 | LPPROCESS_INFORMATION lpProcessInformation 112 | ) 113 | { 114 | BOOL Ret; 115 | 116 | if (BeginTrace(E_CreateProcessAsUserW)) 117 | { 118 | WriteFuncBuffer("(0x%p, \"%ws\", \"%ws\", 0x%p, 0x%p, %d, %u, 0x%p, \"%ws\", 0x%p, 0x%p)", hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 119 | Ret = CreateProcessAsUserW(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 120 | WriteFuncBuffer(" = %d", Ret); 121 | EndTrace(E_CreateProcessAsUserW, FALSE); 122 | } 123 | else 124 | { 125 | Ret = CreateProcessAsUserW(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); 126 | } 127 | 128 | return (Ret); 129 | } 130 | 131 | HANDLE 132 | WtCreateRemoteThread( 133 | HANDLE hProcess, 134 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 135 | SIZE_T dwStackSize, 136 | LPTHREAD_START_ROUTINE lpStartAddress, 137 | LPVOID lpParameter, 138 | DWORD dwCreationFlags, 139 | LPDWORD lpThreadId 140 | ) 141 | { 142 | HANDLE Ret; 143 | 144 | if (BeginTrace(E_CreateRemoteThread)) 145 | { 146 | WriteFuncBuffer("(0x%p, 0x%p, %llu, 0x%p, 0x%p, %u, 0x%p)", hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 147 | Ret = CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 148 | WriteFuncBuffer(" = 0x%p", Ret); 149 | EndTrace(E_CreateRemoteThread, FALSE); 150 | } 151 | else 152 | { 153 | Ret = CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 154 | } 155 | 156 | return (Ret); 157 | } 158 | 159 | HANDLE 160 | WtCreateRemoteThreadEx( 161 | HANDLE hProcess, 162 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 163 | SIZE_T dwStackSize, 164 | LPTHREAD_START_ROUTINE lpStartAddress, 165 | LPVOID lpParameter, 166 | DWORD dwCreationFlags, 167 | LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, 168 | LPDWORD lpThreadId 169 | ) 170 | { 171 | HANDLE Ret; 172 | 173 | if (BeginTrace(E_CreateRemoteThreadEx)) 174 | { 175 | WriteFuncBuffer("(0x%p, 0x%p, %llu, 0x%p, 0x%p, %u, 0x%p, 0x%p)", hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId); 176 | Ret = CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId); 177 | WriteFuncBuffer(" = 0x%p", Ret); 178 | EndTrace(E_CreateRemoteThreadEx, FALSE); 179 | } 180 | else 181 | { 182 | Ret = CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId); 183 | } 184 | 185 | return (Ret); 186 | } 187 | 188 | HANDLE 189 | WtCreateThread( 190 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 191 | SIZE_T dwStackSize, 192 | LPTHREAD_START_ROUTINE lpStartAddress, 193 | LPVOID lpParameter, 194 | DWORD dwCreationFlags, 195 | LPDWORD lpThreadId 196 | ) 197 | { 198 | HANDLE Ret; 199 | 200 | if (BeginTrace(E_CreateThread)) 201 | { 202 | WriteFuncBuffer("(0x%p, %llu, 0x%p, 0x%p, %u, 0x%p)", lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 203 | Ret = CreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 204 | WriteFuncBuffer(" = 0x%p", Ret); 205 | EndTrace(E_CreateThread, FALSE); 206 | } 207 | else 208 | { 209 | Ret = CreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId); 210 | } 211 | 212 | return (Ret); 213 | } 214 | 215 | void 216 | WtDeleteProcThreadAttributeList( 217 | LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList 218 | ) 219 | { 220 | if (BeginTrace(E_DeleteProcThreadAttributeList)) 221 | { 222 | WriteFuncBuffer("(0x%p)", lpAttributeList); 223 | WriteFuncBuffer(" = VOID"); 224 | EndTrace(E_DeleteProcThreadAttributeList, FALSE); 225 | } 226 | 227 | DeleteProcThreadAttributeList(lpAttributeList); 228 | } 229 | 230 | void 231 | WtExitProcess( 232 | UINT uExitCode 233 | ) 234 | { 235 | if (BeginTrace(E_ExitProcess)) 236 | { 237 | WriteFuncBuffer("(%u)", uExitCode); 238 | WriteFuncBuffer(" = VOID"); 239 | EndTrace(E_ExitProcess, FALSE); 240 | } 241 | 242 | ExitProcess(uExitCode); 243 | } 244 | 245 | void 246 | WtExitThread( 247 | DWORD dwExitCode 248 | ) 249 | { 250 | if (BeginTrace(E_ExitThread)) 251 | { 252 | WriteFuncBuffer("(%u)", dwExitCode); 253 | WriteFuncBuffer(" = VOID"); 254 | EndTrace(E_ExitThread, FALSE); 255 | } 256 | 257 | ExitThread(dwExitCode); 258 | } 259 | 260 | HANDLE 261 | WtGetCurrentProcess() 262 | { 263 | HANDLE Ret; 264 | 265 | if (BeginTrace(E_GetCurrentProcess)) 266 | { 267 | WriteFuncBuffer("()"); 268 | Ret = GetCurrentProcess(); 269 | WriteFuncBuffer(" = 0x%p", Ret); 270 | EndTrace(E_GetCurrentProcess, FALSE); 271 | } 272 | else 273 | { 274 | Ret = GetCurrentProcess(); 275 | } 276 | 277 | return (Ret); 278 | } 279 | 280 | DWORD 281 | WtGetCurrentProcessId() 282 | { 283 | DWORD Ret; 284 | 285 | if (BeginTrace(E_GetCurrentProcessId)) 286 | { 287 | WriteFuncBuffer("()"); 288 | Ret = GetCurrentProcessId(); 289 | WriteFuncBuffer(" = %u", Ret); 290 | EndTrace(E_GetCurrentProcessId, FALSE); 291 | } 292 | else 293 | { 294 | Ret = GetCurrentProcessId(); 295 | } 296 | 297 | return (Ret); 298 | } 299 | 300 | DWORD 301 | WtResumeThread( 302 | HANDLE hThread 303 | ) 304 | { 305 | DWORD Ret; 306 | 307 | if (BeginTrace(E_ResumeThread)) 308 | { 309 | WriteFuncBuffer("(0x%p)", hThread); 310 | Ret = ResumeThread(hThread); 311 | WriteFuncBuffer(" = %u", Ret); 312 | EndTrace(E_ResumeThread, FALSE); 313 | } 314 | else 315 | { 316 | Ret = ResumeThread(hThread); 317 | } 318 | 319 | return (Ret); 320 | } 321 | 322 | DWORD 323 | WtSuspendThread( 324 | HANDLE hThread 325 | ) 326 | { 327 | DWORD Ret; 328 | 329 | if (BeginTrace(E_SuspendThread)) 330 | { 331 | WriteFuncBuffer("(0x%p)", hThread); 332 | Ret = SuspendThread(hThread); 333 | WriteFuncBuffer(" = %u", Ret); 334 | EndTrace(E_SuspendThread, FALSE); 335 | } 336 | else 337 | { 338 | Ret = SuspendThread(hThread); 339 | } 340 | 341 | return (Ret); 342 | } 343 | 344 | BOOL 345 | WtTerminateProcess( 346 | HANDLE hProcess, 347 | UINT uExitCode 348 | ) 349 | { 350 | BOOL Ret; 351 | 352 | if (BeginTrace(E_TerminateProcess)) 353 | { 354 | WriteFuncBuffer("(0x%p, %u)", hProcess, uExitCode); 355 | Ret = TerminateProcess(hProcess, uExitCode); 356 | WriteFuncBuffer(" = %d", Ret); 357 | EndTrace(E_TerminateProcess, FALSE); 358 | } 359 | else 360 | { 361 | Ret = TerminateProcess(hProcess, uExitCode); 362 | } 363 | 364 | return (Ret); 365 | } 366 | 367 | BOOL 368 | WtTerminateThread( 369 | HANDLE hThread, 370 | DWORD dwExitCode 371 | ) 372 | { 373 | BOOL Ret; 374 | 375 | if (BeginTrace(E_TerminateThread)) 376 | { 377 | WriteFuncBuffer("(0x%p, %u)", hThread, dwExitCode); 378 | Ret = TerminateThread(hThread, dwExitCode); 379 | WriteFuncBuffer(" = %d", Ret); 380 | EndTrace(E_TerminateThread, FALSE); 381 | } 382 | else 383 | { 384 | Ret = TerminateThread(hThread, dwExitCode); 385 | } 386 | 387 | return (Ret); 388 | } 389 | 390 | -------------------------------------------------------------------------------- /dll/win32/wt_syncapi.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | HANDLE 6 | WtCreateMutexA( 7 | LPSECURITY_ATTRIBUTES lpMutexAttributes, 8 | BOOL bInitialOwner, 9 | LPCSTR lpName 10 | ) 11 | { 12 | HANDLE Ret; 13 | 14 | if (BeginTrace(E_CreateMutexA)) 15 | { 16 | WriteFuncBuffer("(0x%p, %d, \"%s\")", lpMutexAttributes, bInitialOwner, lpName); 17 | Ret = CreateMutexA(lpMutexAttributes, bInitialOwner, lpName); 18 | WriteFuncBuffer(" = 0x%p", Ret); 19 | EndTrace(E_CreateMutexA, FALSE); 20 | } 21 | else 22 | { 23 | Ret = CreateMutexA(lpMutexAttributes, bInitialOwner, lpName); 24 | } 25 | 26 | return (Ret); 27 | } 28 | 29 | HANDLE 30 | WtCreateMutexW( 31 | LPSECURITY_ATTRIBUTES lpMutexAttributes, 32 | BOOL bInitialOwner, 33 | LPCWSTR lpName 34 | ) 35 | { 36 | HANDLE Ret; 37 | 38 | if (BeginTrace(E_CreateMutexW)) 39 | { 40 | WriteFuncBuffer("(0x%p, %d, \"%ws\")", lpMutexAttributes, bInitialOwner, lpName); 41 | Ret = CreateMutexW(lpMutexAttributes, bInitialOwner, lpName); 42 | WriteFuncBuffer(" = 0x%p", Ret); 43 | EndTrace(E_CreateMutexW, FALSE); 44 | } 45 | else 46 | { 47 | Ret = CreateMutexW(lpMutexAttributes, bInitialOwner, lpName); 48 | } 49 | 50 | return (Ret); 51 | } 52 | 53 | HANDLE 54 | WtCreateMutexExA( 55 | LPSECURITY_ATTRIBUTES lpMutexAttributes, 56 | LPCSTR lpName, 57 | DWORD dwFlags, 58 | DWORD dwDesiredAccess 59 | ) 60 | { 61 | HANDLE Ret; 62 | 63 | if (BeginTrace(E_CreateMutexExA)) 64 | { 65 | WriteFuncBuffer("(0x%p, \"%s\", %u, %u)", lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 66 | Ret = CreateMutexExA(lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 67 | WriteFuncBuffer(" = 0x%p", Ret); 68 | EndTrace(E_CreateMutexExA, FALSE); 69 | } 70 | else 71 | { 72 | Ret = CreateMutexExA(lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 73 | } 74 | 75 | return (Ret); 76 | } 77 | 78 | HANDLE 79 | WtCreateMutexExW( 80 | LPSECURITY_ATTRIBUTES lpMutexAttributes, 81 | LPCWSTR lpName, 82 | DWORD dwFlags, 83 | DWORD dwDesiredAccess 84 | ) 85 | { 86 | HANDLE Ret; 87 | 88 | if (BeginTrace(E_CreateMutexExW)) 89 | { 90 | WriteFuncBuffer("(0x%p, \"%ws\", %u, %u)", lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 91 | Ret = CreateMutexExW(lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 92 | WriteFuncBuffer(" = 0x%p", Ret); 93 | EndTrace(E_CreateMutexExW, FALSE); 94 | } 95 | else 96 | { 97 | Ret = CreateMutexExW(lpMutexAttributes, lpName, dwFlags, dwDesiredAccess); 98 | } 99 | 100 | return (Ret); 101 | } 102 | 103 | BOOL 104 | WtReleaseMutex( 105 | HANDLE hMutex 106 | ) 107 | { 108 | BOOL Ret; 109 | 110 | if (BeginTrace(E_ReleaseMutex)) 111 | { 112 | WriteFuncBuffer("(0x%p)", hMutex); 113 | Ret = ReleaseMutex(hMutex); 114 | WriteFuncBuffer(" = %d", Ret); 115 | EndTrace(E_ReleaseMutex, FALSE); 116 | } 117 | else 118 | { 119 | Ret = ReleaseMutex(hMutex); 120 | } 121 | 122 | return (Ret); 123 | } 124 | 125 | HANDLE 126 | WtCreateSemaphoreExW( 127 | LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, 128 | LONG lInitialCount, 129 | LONG lMaximumCount, 130 | LPCWSTR lpName, 131 | DWORD dwFlags, 132 | DWORD dwDesiredAccess 133 | ) 134 | { 135 | HANDLE Ret; 136 | 137 | if (BeginTrace(E_CreateSemaphoreExW)) 138 | { 139 | WriteFuncBuffer("(0x%p, %d, %d, \"%ws\", %u, %u)", lpSemaphoreAttributes, lInitialCount, lMaximumCount, lpName, dwFlags, dwDesiredAccess); 140 | Ret = CreateSemaphoreExW(lpSemaphoreAttributes, lInitialCount, lMaximumCount, lpName, dwFlags, dwDesiredAccess); 141 | WriteFuncBuffer(" = 0x%p", Ret); 142 | EndTrace(E_CreateSemaphoreExW, FALSE); 143 | } 144 | else 145 | { 146 | Ret = CreateSemaphoreExW(lpSemaphoreAttributes, lInitialCount, lMaximumCount, lpName, dwFlags, dwDesiredAccess); 147 | } 148 | 149 | return (Ret); 150 | } 151 | 152 | BOOL 153 | WtReleaseSemaphore( 154 | HANDLE hSemaphore, 155 | LONG lReleaseCount, 156 | LPLONG lpPreviousCount 157 | ) 158 | { 159 | BOOL Ret; 160 | 161 | if (BeginTrace(E_ReleaseSemaphore)) 162 | { 163 | WriteFuncBuffer("(0x%p, %d, 0x%p)", hSemaphore, lReleaseCount, lpPreviousCount); 164 | Ret = ReleaseSemaphore(hSemaphore, lReleaseCount, lpPreviousCount); 165 | WriteFuncBuffer(" = %d", Ret); 166 | EndTrace(E_ReleaseSemaphore, FALSE); 167 | } 168 | else 169 | { 170 | Ret = ReleaseSemaphore(hSemaphore, lReleaseCount, lpPreviousCount); 171 | } 172 | 173 | return (Ret); 174 | } 175 | 176 | HANDLE 177 | WtCreateEventA( 178 | LPSECURITY_ATTRIBUTES lpEventAttributes, 179 | BOOL bManualReset, 180 | BOOL bInitialState, 181 | LPCSTR lpName 182 | ) 183 | { 184 | HANDLE Ret; 185 | 186 | if (BeginTrace(E_CreateEventA)) 187 | { 188 | WriteFuncBuffer("(0x%p, %d, %d, \"%s\")", lpEventAttributes, bManualReset, bInitialState, lpName); 189 | Ret = CreateEventA(lpEventAttributes, bManualReset, bInitialState, lpName); 190 | WriteFuncBuffer(" = 0x%p", Ret); 191 | EndTrace(E_CreateEventA, FALSE); 192 | } 193 | else 194 | { 195 | Ret = CreateEventA(lpEventAttributes, bManualReset, bInitialState, lpName); 196 | } 197 | 198 | return (Ret); 199 | } 200 | 201 | HANDLE 202 | WtCreateEventW( 203 | LPSECURITY_ATTRIBUTES lpEventAttributes, 204 | BOOL bManualReset, 205 | BOOL bInitialState, 206 | LPCWSTR lpName 207 | ) 208 | { 209 | HANDLE Ret; 210 | 211 | if (BeginTrace(E_CreateEventW)) 212 | { 213 | WriteFuncBuffer("(0x%p, %d, %d, \"%ws\")", lpEventAttributes, bManualReset, bInitialState, lpName); 214 | Ret = CreateEventW(lpEventAttributes, bManualReset, bInitialState, lpName); 215 | WriteFuncBuffer(" = 0x%p", Ret); 216 | EndTrace(E_CreateEventW, FALSE); 217 | } 218 | else 219 | { 220 | Ret = CreateEventW(lpEventAttributes, bManualReset, bInitialState, lpName); 221 | } 222 | 223 | return (Ret); 224 | } 225 | 226 | HANDLE 227 | WtCreateEventExA( 228 | LPSECURITY_ATTRIBUTES lpEventAttributes, 229 | LPCSTR lpName, 230 | DWORD dwFlags, 231 | DWORD dwDesiredAccess 232 | ) 233 | { 234 | HANDLE Ret; 235 | 236 | if (BeginTrace(E_CreateEventExA)) 237 | { 238 | WriteFuncBuffer("(0x%p, \"%s\", %u, %u)", lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 239 | Ret = CreateEventExA(lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 240 | WriteFuncBuffer(" = 0x%p", Ret); 241 | EndTrace(E_CreateEventExA, FALSE); 242 | } 243 | else 244 | { 245 | Ret = CreateEventExA(lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 246 | } 247 | 248 | return (Ret); 249 | } 250 | 251 | HANDLE 252 | WtCreateEventExW( 253 | LPSECURITY_ATTRIBUTES lpEventAttributes, 254 | LPCWSTR lpName, 255 | DWORD dwFlags, 256 | DWORD dwDesiredAccess 257 | ) 258 | { 259 | HANDLE Ret; 260 | 261 | if (BeginTrace(E_CreateEventExW)) 262 | { 263 | WriteFuncBuffer("(0x%p, \"%ws\", %u, %u)", lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 264 | Ret = CreateEventExW(lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 265 | WriteFuncBuffer(" = 0x%p", Ret); 266 | EndTrace(E_CreateEventExW, FALSE); 267 | } 268 | else 269 | { 270 | Ret = CreateEventExW(lpEventAttributes, lpName, dwFlags, dwDesiredAccess); 271 | } 272 | 273 | return (Ret); 274 | } 275 | 276 | BOOL 277 | WtSetEvent( 278 | HANDLE hEvent 279 | ) 280 | { 281 | BOOL Ret; 282 | 283 | if (BeginTrace(E_SetEvent)) 284 | { 285 | WriteFuncBuffer("(0x%p)", hEvent); 286 | Ret = SetEvent(hEvent); 287 | WriteFuncBuffer(" = %d", Ret); 288 | EndTrace(E_SetEvent, FALSE); 289 | } 290 | else 291 | { 292 | Ret = SetEvent(hEvent); 293 | } 294 | 295 | return (Ret); 296 | } 297 | 298 | BOOL 299 | WtResetEvent( 300 | HANDLE hEvent 301 | ) 302 | { 303 | BOOL Ret; 304 | 305 | if (BeginTrace(E_ResetEvent)) 306 | { 307 | WriteFuncBuffer("(0x%p)", hEvent); 308 | Ret = ResetEvent(hEvent); 309 | WriteFuncBuffer(" = %d", Ret); 310 | EndTrace(E_ResetEvent, FALSE); 311 | } 312 | else 313 | { 314 | Ret = ResetEvent(hEvent); 315 | } 316 | 317 | return (Ret); 318 | } 319 | 320 | void 321 | WtInitializeCriticalSection( 322 | LPCRITICAL_SECTION lpCriticalSection 323 | ) 324 | { 325 | if (BeginTrace(E_InitializeCriticalSection)) 326 | { 327 | WriteFuncBuffer("(0x%p)", lpCriticalSection); 328 | WriteFuncBuffer(" = VOID"); 329 | EndTrace(E_InitializeCriticalSection, FALSE); 330 | } 331 | 332 | InitializeCriticalSection(lpCriticalSection); 333 | } 334 | 335 | void 336 | WtEnterCriticalSection( 337 | LPCRITICAL_SECTION lpCriticalSection 338 | ) 339 | { 340 | if (BeginTrace(E_EnterCriticalSection)) 341 | { 342 | WriteFuncBuffer("(0x%p)", lpCriticalSection); 343 | WriteFuncBuffer(" = VOID"); 344 | EndTrace(E_EnterCriticalSection, FALSE); 345 | } 346 | 347 | EnterCriticalSection(lpCriticalSection); 348 | } 349 | 350 | void 351 | WtLeaveCriticalSection( 352 | LPCRITICAL_SECTION lpCriticalSection 353 | ) 354 | { 355 | if (BeginTrace(E_LeaveCriticalSection)) 356 | { 357 | WriteFuncBuffer("(0x%p)", lpCriticalSection); 358 | WriteFuncBuffer(" = VOID"); 359 | EndTrace(E_LeaveCriticalSection, FALSE); 360 | } 361 | 362 | LeaveCriticalSection(lpCriticalSection); 363 | } 364 | 365 | BOOL 366 | WtInitializeCriticalSectionAndSpinCount( 367 | LPCRITICAL_SECTION lpCriticalSection, 368 | DWORD dwSpinCount 369 | ) 370 | { 371 | BOOL Ret; 372 | 373 | if (BeginTrace(E_InitializeCriticalSectionAndSpinCount)) 374 | { 375 | WriteFuncBuffer("(0x%p, %u)", lpCriticalSection, dwSpinCount); 376 | Ret = InitializeCriticalSectionAndSpinCount(lpCriticalSection, dwSpinCount); 377 | WriteFuncBuffer(" = %d", Ret); 378 | EndTrace(E_InitializeCriticalSectionAndSpinCount, FALSE); 379 | } 380 | else 381 | { 382 | Ret = InitializeCriticalSectionAndSpinCount(lpCriticalSection, dwSpinCount); 383 | } 384 | 385 | return (Ret); 386 | } 387 | 388 | BOOL 389 | WtInitializeCriticalSectionEx( 390 | LPCRITICAL_SECTION lpCriticalSection, 391 | DWORD dwSpinCount, 392 | DWORD Flags 393 | ) 394 | { 395 | BOOL Ret; 396 | 397 | if (BeginTrace(E_InitializeCriticalSectionEx)) 398 | { 399 | WriteFuncBuffer("(0x%p, %u, %u)", lpCriticalSection, dwSpinCount, Flags); 400 | Ret = InitializeCriticalSectionEx(lpCriticalSection, dwSpinCount, Flags); 401 | WriteFuncBuffer(" = %d", Ret); 402 | EndTrace(E_InitializeCriticalSectionEx, FALSE); 403 | } 404 | else 405 | { 406 | Ret = InitializeCriticalSectionEx(lpCriticalSection, dwSpinCount, Flags); 407 | } 408 | 409 | return (Ret); 410 | } 411 | 412 | DWORD 413 | WtSetCriticalSectionSpinCount( 414 | LPCRITICAL_SECTION lpCriticalSection, 415 | DWORD dwSpinCount 416 | ) 417 | { 418 | DWORD Ret; 419 | 420 | if (BeginTrace(E_SetCriticalSectionSpinCount)) 421 | { 422 | WriteFuncBuffer("(0x%p, %u)", lpCriticalSection, dwSpinCount); 423 | Ret = SetCriticalSectionSpinCount(lpCriticalSection, dwSpinCount); 424 | WriteFuncBuffer(" = %u", Ret); 425 | EndTrace(E_SetCriticalSectionSpinCount, FALSE); 426 | } 427 | else 428 | { 429 | Ret = SetCriticalSectionSpinCount(lpCriticalSection, dwSpinCount); 430 | } 431 | 432 | return (Ret); 433 | } 434 | 435 | BOOL 436 | WtTryEnterCriticalSection( 437 | LPCRITICAL_SECTION lpCriticalSection 438 | ) 439 | { 440 | BOOL Ret; 441 | 442 | if (BeginTrace(E_TryEnterCriticalSection)) 443 | { 444 | WriteFuncBuffer("(0x%p)", lpCriticalSection); 445 | Ret = TryEnterCriticalSection(lpCriticalSection); 446 | WriteFuncBuffer(" = %d", Ret); 447 | EndTrace(E_TryEnterCriticalSection, FALSE); 448 | } 449 | else 450 | { 451 | Ret = TryEnterCriticalSection(lpCriticalSection); 452 | } 453 | 454 | return (Ret); 455 | } 456 | 457 | void 458 | WtDeleteCriticalSection( 459 | LPCRITICAL_SECTION lpCriticalSection 460 | ) 461 | { 462 | if (BeginTrace(E_DeleteCriticalSection)) 463 | { 464 | WriteFuncBuffer("(0x%p)", lpCriticalSection); 465 | WriteFuncBuffer(" = VOID"); 466 | EndTrace(E_DeleteCriticalSection, FALSE); 467 | } 468 | 469 | DeleteCriticalSection(lpCriticalSection); 470 | } 471 | 472 | DWORD 473 | WtWaitForSingleObject( 474 | HANDLE hHandle, 475 | DWORD dwMilliseconds 476 | ) 477 | { 478 | DWORD Ret; 479 | 480 | if (BeginTrace(E_WaitForSingleObject)) 481 | { 482 | WriteFuncBuffer("(0x%p, %u)", hHandle, dwMilliseconds); 483 | Ret = WaitForSingleObject(hHandle, dwMilliseconds); 484 | WriteFuncBuffer(" = %u", Ret); 485 | EndTrace(E_WaitForSingleObject, FALSE); 486 | } 487 | else 488 | { 489 | Ret = WaitForSingleObject(hHandle, dwMilliseconds); 490 | } 491 | 492 | return (Ret); 493 | } 494 | 495 | DWORD 496 | WtWaitForSingleObjectEx( 497 | HANDLE hHandle, 498 | DWORD dwMilliseconds, 499 | BOOL bAlertable 500 | ) 501 | { 502 | DWORD Ret; 503 | 504 | if (BeginTrace(E_WaitForSingleObjectEx)) 505 | { 506 | WriteFuncBuffer("(0x%p, %u, %d)", hHandle, dwMilliseconds, bAlertable); 507 | Ret = WaitForSingleObjectEx(hHandle, dwMilliseconds, bAlertable); 508 | WriteFuncBuffer(" = %u", Ret); 509 | EndTrace(E_WaitForSingleObjectEx, FALSE); 510 | } 511 | else 512 | { 513 | Ret = WaitForSingleObjectEx(hHandle, dwMilliseconds, bAlertable); 514 | } 515 | 516 | return (Ret); 517 | } 518 | 519 | DWORD 520 | WtWaitForMultipleObjectsEx( 521 | DWORD nCount, 522 | HANDLE *lpHandles, 523 | BOOL bWaitAll, 524 | DWORD dwMilliseconds, 525 | BOOL bAlertable 526 | ) 527 | { 528 | DWORD Ret; 529 | 530 | if (BeginTrace(E_WaitForMultipleObjectsEx)) 531 | { 532 | WriteFuncBuffer("(%u, 0x%p, %d, %u, %d)", nCount, *lpHandles, bWaitAll, dwMilliseconds, bAlertable); 533 | Ret = WaitForMultipleObjectsEx(nCount, *lpHandles, bWaitAll, dwMilliseconds, bAlertable); 534 | WriteFuncBuffer(" = %u", Ret); 535 | EndTrace(E_WaitForMultipleObjectsEx, FALSE); 536 | } 537 | else 538 | { 539 | Ret = WaitForMultipleObjectsEx(nCount, *lpHandles, bWaitAll, dwMilliseconds, bAlertable); 540 | } 541 | 542 | return (Ret); 543 | } 544 | 545 | DWORD 546 | WtSleepEx( 547 | DWORD dwMilliseconds, 548 | BOOL bAlertable 549 | ) 550 | { 551 | DWORD Ret; 552 | 553 | if (BeginTrace(E_SleepEx)) 554 | { 555 | WriteFuncBuffer("(%u, %d)", dwMilliseconds, bAlertable); 556 | Ret = SleepEx(dwMilliseconds, bAlertable); 557 | WriteFuncBuffer(" = %u", Ret); 558 | EndTrace(E_SleepEx, FALSE); 559 | } 560 | else 561 | { 562 | Ret = SleepEx(dwMilliseconds, bAlertable); 563 | } 564 | 565 | return (Ret); 566 | } 567 | 568 | -------------------------------------------------------------------------------- /core/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | Version History 3 | 4 | 0.3.1 Cleanups 5 | 0.3.0 All output printing is now done with pipes, ONLY 6 | 0.2.6 Made printing in core & dll a bit nicer 7 | 0.2.5 Explicit /B option for blocking functions to trace 8 | 0.2.4 Naming Opts, Pipe, and Fence with the target PID 9 | 0.2.3 Added a switch /P to use named pipes to print debug output through the EXE instead of the DLL (WIP) 10 | 0.2.2 /? now shows the core and dll version 11 | 0.2.1 Changed help/usage display to look nicer and to accommodate 12 | wintrace being able to receive program args 13 | 0.2.0 Fixed more CRLF's + added some TODO's 14 | 0.1.9 Added cmdline argument parsing for the target EXE 15 | 0.1.8 Cleanups 16 | 0.1.7 Misc cleanups/fixes + added some comments/documentation 17 | 0.1.6 Added specific tracing 18 | 0.1.5 Cleaned up warnings 19 | 0.1.4 Added custom output file parsing 20 | 0.1.3 Tidied up option parsing and usage printing 21 | 0.1.2 Added plumbing for option/switch parsing 22 | 0.1.1 Added VirtualFreeEx in the remote thread to free DllPath 23 | 0.1.0 Initial creation 24 | */ 25 | 26 | // TODO: New features: 27 | /* 28 | Error / Injection synopsis: 29 | 30 | wintrace /e:HeapCreate ... Fail ALL HeapCreate calls 31 | wintrace /e:HeapCreate:4 ... Fail the 4th HeapCreate call 32 | wintrace /i:GetFileSize:25 ... ALL GetFileSize calls return 25 33 | wintrace /i:GetFileSize:25:3 ... GetFileSize call #3 returns 25 34 | 35 | wintrace {/i|/e}:HeapAlloc,HeapFree ... Chain multiple funcs?? 36 | */ 37 | 38 | /* 39 | Organize nested calls: 40 | 41 | GetMessage(0x0000000000BCF698, 0x00000000000A06A8, 0, 0) = 1 42 | TranslateMessageA(0x0000000000BCF698) = 1 43 | DispatchMessageA(0x0000000000BCF698) = 0 44 | DestroyWindow(0x00000000000A06A8) = 1 45 | PostQuitMessage(0) = VOID 46 | 47 | __global DWORD CallLvl determines how many indents to print 48 | CallLvl++ when entering function, CallLvl-- when leaving 49 | Need a way to organize the string to print so it can be done in correct order (not a stack) 50 | 51 | We can make it so that by default, DestroyWindow + PostQuitMessage are not printed, 52 | but then specifying option /n WILL print them. No /n specified is easy: just 53 | check that CallLvl == 1 before printing any output. 54 | */ 55 | 56 | #define _CRT_SECURE_NO_WARNINGS 57 | #include 58 | #include 59 | #include 60 | 61 | #define CRLF "\r\n" 62 | 63 | // Version 64 | #define WINTRACE_CORE_VERSION "0.3.1" 65 | 66 | // Extra options here that aren't used by the DLL (ProgramName and CmdArgs) 67 | // Might rename this to T_WintraceOptsEx or something to specify this, or 68 | // might just update the DLL struct. 69 | // dunno yet, not currently important :/ 70 | typedef struct _tag_WintraceOpts 71 | { 72 | BOOL ShowThreadID; 73 | BOOL ShowProcessID; 74 | BOOL ShowFuncCount; 75 | CHAR OutputFilename[64]; 76 | CHAR TraceList[32][32]; 77 | CHAR BlockList[32][32]; 78 | CHAR *ProgramName, 79 | CmdArgs[128]; 80 | } T_WintraceOpts; 81 | 82 | // Show full list of options/switches 83 | void PrintUsage(void); 84 | 85 | // Read cmdline arguments 86 | T_WintraceOpts ParseOpts(int argc, char **argv); 87 | 88 | // Pipe stuff 89 | HANDLE g_Pipe; 90 | DWORD __stdcall InitializePipe(LPVOID Param); 91 | 92 | // Function pointer signature for querying DLL version 93 | typedef LPSTR (__stdcall *MYPROC)(void); 94 | 95 | // Names 96 | CHAR OptsName[32], 97 | PipeName[32], 98 | FenceName[32]; 99 | 100 | int 101 | main(int argc, 102 | char **argv) 103 | { 104 | LPCSTR DllPath = "wintrace.dll"; 105 | STARTUPINFO StartupInfo = {0}; 106 | PROCESS_INFORMATION ProcessInfo = {0}; 107 | LPVOID pDllPath; 108 | HANDLE LoadThread; 109 | SIZE_T Len = strlen(DllPath) + 1; 110 | BOOL Status; 111 | LPTHREAD_START_ROUTINE lpfnLoadLibA; 112 | LPTHREAD_START_ROUTINE lpfnFreeLib; 113 | T_WintraceOpts Opts; 114 | LPVOID pOpts; 115 | HANDLE FileMap, 116 | PipeThread; 117 | HANDLE Fence; 118 | 119 | 120 | // Parse opts 121 | Opts = ParseOpts(argc, argv); 122 | 123 | // Create process 124 | StartupInfo.cb = sizeof(STARTUPINFO); 125 | Status = CreateProcess(Opts.ProgramName, Opts.CmdArgs, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &StartupInfo, &ProcessInfo); 126 | if (!Status) 127 | { 128 | fprintf(stderr, "[CORE] Failed to create process...! (Error: %u)" CRLF, GetLastError()); 129 | return -1; 130 | } 131 | 132 | // Construct names 133 | sprintf(OptsName, "WintraceOpts_%u", ProcessInfo.dwProcessId); 134 | sprintf(PipeName, "\\\\.\\pipe\\WintracePipe_%u", ProcessInfo.dwProcessId); 135 | sprintf(FenceName, "WintraceFence_%u", ProcessInfo.dwProcessId); 136 | 137 | fprintf(stderr, 138 | "[CORE] Initialized successfully:" CRLF 139 | " PID: %u" CRLF 140 | " Opts: %s" CRLF 141 | " Pipe: %s" CRLF 142 | " Fence: %s" CRLF, 143 | ProcessInfo.dwProcessId, OptsName, PipeName, FenceName); 144 | 145 | // Map shared memory 146 | FileMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, sizeof(T_WintraceOpts), OptsName); 147 | if (!FileMap) 148 | { 149 | fprintf(stderr, "[CORE] Could not create file map...! (Error: %u)" CRLF, GetLastError()); 150 | return -1; 151 | } 152 | pOpts = (T_WintraceOpts *)MapViewOfFile(FileMap, FILE_MAP_ALL_ACCESS, 0, 0, sizeof(T_WintraceOpts)); 153 | if (!pOpts) 154 | { 155 | fprintf(stderr, "[CORE] Could not create map view...! (Error: %u)" CRLF, GetLastError()); 156 | CloseHandle(FileMap); 157 | return -1; 158 | } 159 | CopyMemory((LPVOID)pOpts, &Opts, sizeof(T_WintraceOpts)); 160 | 161 | // Inject DLL 162 | lpfnLoadLibA = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA"); 163 | if (!lpfnLoadLibA) 164 | { 165 | fprintf(stderr, "[CORE] Could no locate LoadLibraryA...! (Error: %u)" CRLF, GetLastError()); 166 | return -1; 167 | } 168 | 169 | lpfnFreeLib = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32.dll"), "FreeLibrary"); 170 | if (!lpfnFreeLib) 171 | { 172 | fprintf(stderr, "[CORE] Could no locate FreeLibrary...! (Error: %u)" CRLF, GetLastError()); 173 | return -1; 174 | } 175 | 176 | pDllPath = VirtualAllocEx(ProcessInfo.hProcess, 0, Len, MEM_COMMIT, PAGE_READWRITE); 177 | if (!pDllPath) 178 | { 179 | fprintf(stderr, "[CORE] Failed to allocate DLL path...! (Error: %u)" CRLF, GetLastError()); 180 | return -1; 181 | } 182 | 183 | Status = WriteProcessMemory(ProcessInfo.hProcess, pDllPath, (LPVOID)DllPath, Len, 0); 184 | if (!Status) 185 | { 186 | fprintf(stderr, "[CORE] Failed to write target memory...! (Error: %u)" CRLF, GetLastError()); 187 | return -1; 188 | } 189 | 190 | // Fence 191 | Fence = CreateEventA(NULL, FALSE, FALSE, FenceName); 192 | if (!Fence) 193 | { 194 | fprintf(stderr, "[CORE] Failed to create fence...! (Error: %u)" CRLF, GetLastError()); 195 | return (-1); 196 | } 197 | 198 | // Pipe thread 199 | PipeThread = CreateThread(NULL, 0, &InitializePipe, NULL, 0, NULL); 200 | 201 | // LoadLibrary thread 202 | LoadThread = CreateRemoteThread(ProcessInfo.hProcess, NULL, 0, lpfnLoadLibA, pDllPath, 0, NULL); 203 | if (!LoadThread) 204 | { 205 | fprintf(stderr, "[CORE] Failed to load remote thread...! (Error: %u)" CRLF, GetLastError()); 206 | return -1; 207 | } 208 | WaitForSingleObject(LoadThread, INFINITE); 209 | 210 | // Main thread 211 | ResumeThread(ProcessInfo.hThread); 212 | 213 | // Read from pipe 214 | { 215 | CHAR Buffer[1024]; 216 | DWORD NumRead; 217 | FILE *OutputFile = stderr; 218 | 219 | 220 | if (Opts.OutputFilename[0]) 221 | { 222 | OutputFile = fopen(Opts.OutputFilename, "w+"); 223 | } 224 | 225 | for (;;) 226 | { 227 | Status = ReadFile(g_Pipe, Buffer, 512, &NumRead, NULL); 228 | if (Status) 229 | { 230 | Buffer[NumRead] = 0; 231 | fprintf(OutputFile, "%s", Buffer); 232 | SetEvent(Fence); 233 | } 234 | else 235 | { 236 | // target EXE is finished executing -> pipe closed 237 | break; 238 | } 239 | } 240 | 241 | if (Opts.OutputFilename[0]) 242 | { 243 | fclose(OutputFile); 244 | } 245 | } 246 | 247 | WaitForSingleObject(ProcessInfo.hThread, INFINITE); 248 | 249 | // FreeLibrary thread 250 | LoadThread = CreateRemoteThread(ProcessInfo.hProcess, NULL, 0, lpfnFreeLib, pDllPath, 0, NULL); 251 | WaitForSingleObject(ProcessInfo.hThread, INFINITE); 252 | 253 | // Cleanup 254 | VirtualFreeEx(ProcessInfo.hProcess, pDllPath, Len, MEM_RELEASE); 255 | UnmapViewOfFile(FileMap); 256 | CloseHandle(FileMap); 257 | CloseHandle(g_Pipe); 258 | CloseHandle(Fence); 259 | 260 | return 0; 261 | } 262 | 263 | void 264 | PrintUsage(void) 265 | { 266 | HMODULE WintraceDll; 267 | MYPROC GetDllVersion; 268 | 269 | 270 | WintraceDll = LoadLibraryExA("wintrace.dll", NULL, DONT_RESOLVE_DLL_REFERENCES); 271 | GetDllVersion = (MYPROC)GetProcAddress(WintraceDll, "GetWintraceDllVersion"); 272 | 273 | fprintf(stderr, CRLF 274 | "core version: %s" CRLF 275 | "dll version: %s" CRLF CRLF 276 | "Usage: wintrace [options...] [args...]" CRLF CRLF 277 | "Options:" CRLF 278 | " /c Show function call count" CRLF 279 | " /p Show process ID" CRLF 280 | " /t Show thread ID" CRLF 281 | " /T:fns Trace only fns, a comma separated list of function names" CRLF 282 | " /B:fns Trace all functions except fns, a comma separated list of function names" CRLF 283 | " /o:file Output to file" CRLF 284 | " /? Show available options" CRLF, 285 | WINTRACE_CORE_VERSION, GetDllVersion()); 286 | } 287 | 288 | T_WintraceOpts 289 | ParseOpts(int argc, 290 | char **argv) 291 | { 292 | INT OptInd; 293 | T_WintraceOpts Opts = {0}; 294 | 295 | 296 | if (argc < 2) 297 | { 298 | fprintf(stderr, CRLF "Usage: wintrace [options...] [args...]" CRLF); 299 | fprintf(stderr, "Use /? for more info" CRLF CRLF); 300 | exit(-1); 301 | } 302 | 303 | for (OptInd = 1; (OptInd < argc) && argv[OptInd][0] == '/'; OptInd++) 304 | { 305 | switch (argv[OptInd][1]) 306 | { 307 | case 'c': 308 | { 309 | Opts.ShowFuncCount = TRUE; 310 | } break; 311 | case 't': 312 | { 313 | Opts.ShowThreadID = TRUE; 314 | } break; 315 | case 'p': 316 | { 317 | Opts.ShowProcessID = TRUE; 318 | } break; 319 | case 'o': 320 | { 321 | strcpy(Opts.OutputFilename, argv[OptInd] + 3); 322 | } break; 323 | case 'T': 324 | { 325 | CHAR *Token; 326 | INT I = 0; 327 | 328 | Token = strtok(argv[OptInd] + 3, ","); 329 | while (Token != NULL && I < 32) 330 | { 331 | strcpy(Opts.TraceList[I], Token); 332 | Token = strtok(NULL, ","); 333 | I++; 334 | } 335 | } break; 336 | case 'B': 337 | { 338 | CHAR *Token; 339 | INT I = 0; 340 | 341 | Token = strtok(argv[OptInd] + 3, ","); 342 | while (Token != NULL && I < 32) 343 | { 344 | strcpy(Opts.BlockList[I], Token); 345 | Token = strtok(NULL, ","); 346 | I++; 347 | } 348 | } break; 349 | case '?': 350 | { 351 | PrintUsage(); 352 | exit(1); 353 | } break; 354 | 355 | default: 356 | { 357 | fprintf(stderr, CRLF "Usage: wintrace [options...] [args...]" CRLF); 358 | fprintf(stderr, "Use /? for more info" CRLF); 359 | exit(-1); 360 | } break; 361 | } 362 | } 363 | 364 | if (Opts.TraceList[0][0] && Opts.BlockList[0][0]) 365 | { 366 | fprintf(stderr, "Error: can only trace (/T) OR block (/B) functions...!" CRLF); 367 | exit(-1); 368 | } 369 | 370 | // Fill out EXE name 371 | Opts.ProgramName = argv[OptInd++]; 372 | 373 | // Fill out the cmdline args, if any 374 | if (OptInd < argc) 375 | { 376 | // Put program name as argv[0] because documentation says so 377 | strcpy(Opts.CmdArgs, Opts.ProgramName); 378 | for (OptInd; OptInd < argc; OptInd++) 379 | { 380 | strcat(Opts.CmdArgs, " "); 381 | strcat(Opts.CmdArgs, argv[OptInd]); 382 | } 383 | } 384 | 385 | return Opts; 386 | } 387 | 388 | DWORD __stdcall 389 | InitializePipe(LPVOID Param) 390 | { 391 | BOOL Status; 392 | 393 | 394 | UNREFERENCED_PARAMETER(Param); 395 | 396 | g_Pipe = CreateNamedPipe(PipeName, PIPE_ACCESS_INBOUND, PIPE_TYPE_BYTE, 1, 0, 0, 0, NULL); 397 | fprintf(stderr, "[CORE] Created pipe...\r\n"); 398 | Status = ConnectNamedPipe(g_Pipe, NULL); 399 | if (!Status) 400 | { 401 | fprintf(stderr, "[CORE] Failed to connect pipe...!\r\n"); 402 | } 403 | else 404 | { 405 | fprintf(stderr, "[CORE] Connected pipe...\r\n"); 406 | } 407 | 408 | return (0); 409 | } 410 | 411 | -------------------------------------------------------------------------------- /dll/patch_function.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void 4 | PatchFunction(DWORD FuncHash, 5 | PIMAGE_THUNK_DATA FirstThunk) 6 | { 7 | DWORD OldProtect; 8 | 9 | 10 | switch (FuncHash) 11 | { 12 | #pragma warning(disable: 4127) 13 | // debugapi.h 14 | case FUNC_CheckRemoteDebuggerPresent: { PatchEntry(WtCheckRemoteDebuggerPresent); } break; 15 | case FUNC_ContinueDebugEvent: { PatchEntry(WtContinueDebugEvent); } break; 16 | case FUNC_DebugActiveProcess: { PatchEntry(WtDebugActiveProcess); } break; 17 | case FUNC_DebugActiveProcessStop: { PatchEntry(WtDebugActiveProcessStop); } break; 18 | case FUNC_DebugBreak: { PatchEntry(WtDebugBreak); } break; 19 | case FUNC_IsDebuggerPresent: { PatchEntry(WtIsDebuggerPresent); } break; 20 | case FUNC_OutputDebugStringA: { PatchEntry(WtOutputDebugStringA); } break; 21 | case FUNC_OutputDebugStringW: { PatchEntry(WtOutputDebugStringW); } break; 22 | case FUNC_WaitForDebugEvent: { PatchEntry(WtWaitForDebugEvent); } break; 23 | // fileapi.h 24 | case FUNC_CreateDirectoryA: { PatchEntry(WtCreateDirectoryA); } break; 25 | case FUNC_CreateDirectoryW: { PatchEntry(WtCreateDirectoryW); } break; 26 | case FUNC_CreateFileA: { PatchEntry(WtCreateFileA); } break; 27 | case FUNC_CreateFileW: { PatchEntry(WtCreateFileW); } break; 28 | case FUNC_DeleteFileA: { PatchEntry(WtDeleteFileA); } break; 29 | case FUNC_DeleteFileW: { PatchEntry(WtDeleteFileW); } break; 30 | case FUNC_GetFileSize: { PatchEntry(WtGetFileSize); } break; 31 | case FUNC_GetFileSizeEx: { PatchEntry(WtGetFileSizeEx); } break; 32 | case FUNC_GetFileType: { PatchEntry(WtGetFileType); } break; 33 | case FUNC_ReadFile: { PatchEntry(WtReadFile); } break; 34 | case FUNC_ReadFileEx: { PatchEntry(WtReadFileEx); } break; 35 | case FUNC_RemoveDirectoryA: { PatchEntry(WtRemoveDirectoryA); } break; 36 | case FUNC_RemoveDirectoryW: { PatchEntry(WtRemoveDirectoryW); } break; 37 | case FUNC_SetEndOfFile: { PatchEntry(WtSetEndOfFile); } break; 38 | case FUNC_SetFilePointer: { PatchEntry(WtSetFilePointer); } break; 39 | case FUNC_SetFilePointerEx: { PatchEntry(WtSetFilePointerEx); } break; 40 | case FUNC_WriteFile: { PatchEntry(WtWriteFile); } break; 41 | case FUNC_WriteFileEx: { PatchEntry(WtWriteFileEx); } break; 42 | // heapapi.h 43 | case FUNC_GetProcessHeap: { PatchEntry(WtGetProcessHeap); } break; 44 | case FUNC_GetProcessHeaps: { PatchEntry(WtGetProcessHeaps); } break; 45 | case FUNC_HeapAlloc: { PatchEntry(WtHeapAlloc); } break; 46 | case FUNC_HeapCompact: { PatchEntry(WtHeapCompact); } break; 47 | case FUNC_HeapCreate: { PatchEntry(WtHeapCreate); } break; 48 | case FUNC_HeapDestroy: { PatchEntry(WtHeapDestroy); } break; 49 | case FUNC_HeapFree: { PatchEntry(WtHeapFree); } break; 50 | case FUNC_HeapLock: { PatchEntry(WtHeapLock); } break; 51 | case FUNC_HeapQueryInformation: { PatchEntry(WtHeapQueryInformation); } break; 52 | case FUNC_HeapReAlloc: { PatchEntry(WtHeapReAlloc); } break; 53 | case FUNC_HeapSetInformation: { PatchEntry(WtHeapSetInformation); } break; 54 | case FUNC_HeapSize: { PatchEntry(WtHeapSize); } break; 55 | case FUNC_HeapUnlock: { PatchEntry(WtHeapUnlock); } break; 56 | case FUNC_HeapValidate: { PatchEntry(WtHeapValidate); } break; 57 | case FUNC_HeapWalk: { PatchEntry(WtHeapWalk); } break; 58 | // memoryapi.h 59 | case FUNC_CreateFileMappingA: { PatchEntry(WtCreateFileMappingA); } break; 60 | case FUNC_CreateFileMappingW: { PatchEntry(WtCreateFileMappingW); } break; 61 | case FUNC_FlushViewOfFile: { PatchEntry(WtFlushViewOfFile); } break; 62 | case FUNC_MapViewOfFile: { PatchEntry(WtMapViewOfFile); } break; 63 | case FUNC_MapViewOfFileEx: { PatchEntry(WtMapViewOfFileEx); } break; 64 | case FUNC_OpenFileMappingA: { PatchEntry(WtOpenFileMappingA); } break; 65 | case FUNC_OpenFileMappingW: { PatchEntry(WtOpenFileMappingW); } break; 66 | case FUNC_UnmapViewOfFile: { PatchEntry(WtUnmapViewOfFile); } break; 67 | case FUNC_VirtualAlloc: { PatchEntry(WtVirtualAlloc); } break; 68 | case FUNC_VirtualAllocEx: { PatchEntry(WtVirtualAllocEx); } break; 69 | case FUNC_VirtualFree: { PatchEntry(WtVirtualFree); } break; 70 | case FUNC_VirtualFreeEx: { PatchEntry(WtVirtualFreeEx); } break; 71 | case FUNC_VirtualLock: { PatchEntry(WtVirtualLock); } break; 72 | case FUNC_VirtualProtect: { PatchEntry(WtVirtualProtect); } break; 73 | case FUNC_VirtualProtectEx: { PatchEntry(WtVirtualProtectEx); } break; 74 | case FUNC_VirtualQuery: { PatchEntry(WtVirtualQuery); } break; 75 | case FUNC_VirtualQueryEx: { PatchEntry(WtVirtualQueryEx); } break; 76 | case FUNC_VirtualUnlock: { PatchEntry(WtVirtualUnlock); } break; 77 | // processthreadsapi.h 78 | case FUNC_CreateProcessA: { PatchEntry(WtCreateProcessA); } break; 79 | case FUNC_CreateProcessW: { PatchEntry(WtCreateProcessW); } break; 80 | case FUNC_CreateProcessAsUserA: { PatchEntry(WtCreateProcessAsUserA); } break; 81 | case FUNC_CreateProcessAsUserW: { PatchEntry(WtCreateProcessAsUserW); } break; 82 | case FUNC_CreateRemoteThread: { PatchEntry(WtCreateRemoteThread); } break; 83 | case FUNC_CreateRemoteThreadEx: { PatchEntry(WtCreateRemoteThreadEx); } break; 84 | case FUNC_CreateThread: { PatchEntry(WtCreateThread); } break; 85 | case FUNC_DeleteProcThreadAttributeList: { PatchEntry(WtDeleteProcThreadAttributeList); } break; 86 | case FUNC_ExitProcess: { PatchEntry(WtExitProcess); } break; 87 | case FUNC_ExitThread: { PatchEntry(WtExitThread); } break; 88 | case FUNC_GetCurrentProcess: { PatchEntry(WtGetCurrentProcess); } break; 89 | case FUNC_GetCurrentProcessId: { PatchEntry(WtGetCurrentProcessId); } break; 90 | case FUNC_ResumeThread: { PatchEntry(WtResumeThread); } break; 91 | case FUNC_SuspendThread: { PatchEntry(WtSuspendThread); } break; 92 | case FUNC_TerminateProcess: { PatchEntry(WtTerminateProcess); } break; 93 | case FUNC_TerminateThread: { PatchEntry(WtTerminateThread); } break; 94 | // profileapi.h 95 | case FUNC_QueryPerformanceCounter: { PatchEntry(WtQueryPerformanceCounter); } break; 96 | case FUNC_QueryPerformanceFrequency: { PatchEntry(WtQueryPerformanceFrequency); } break; 97 | // winuser.h 98 | case FUNC_AdjustWindowRect: { PatchEntry(WtAdjustWindowRect); } break; 99 | case FUNC_AdjustWindowRectEx: { PatchEntry(WtAdjustWindowRectEx); } break; 100 | case FUNC_BeginPaint: { PatchEntry(WtBeginPaint); } break; 101 | case FUNC_ClientToScreen: { PatchEntry(WtClientToScreen); } break; 102 | case FUNC_ClipCursor: { PatchEntry(WtClipCursor); } break; 103 | case FUNC_CloseWindow: { PatchEntry(WtCloseWindow); } break; 104 | case FUNC_CreateWindowA: { PatchEntry(WtCreateWindowA); } break; 105 | case FUNC_CreateWindowW: { PatchEntry(WtCreateWindowW); } break; 106 | case FUNC_CreateWindowExA: { PatchEntry(WtCreateWindowExA); } break; 107 | case FUNC_CreateWindowExW: { PatchEntry(WtCreateWindowExW); } break; 108 | case FUNC_DefWindowProcA: { PatchEntry(WtDefWindowProcA); } break; 109 | case FUNC_DefWindowProcW: { PatchEntry(WtDefWindowProcW); } break; 110 | case FUNC_DestroyWindow: { PatchEntry(WtDestroyWindow); } break; 111 | case FUNC_DispatchMessageA: { PatchEntry(WtDispatchMessageA); } break; 112 | case FUNC_DispatchMessageW: { PatchEntry(WtDispatchMessageW); } break; 113 | case FUNC_EndPaint: { PatchEntry(WtEndPaint); } break; 114 | case FUNC_FillRect: { PatchEntry(WtFillRect); } break; 115 | case FUNC_GetClientRect: { PatchEntry(WtGetClientRect); } break; 116 | case FUNC_GetCursorPos: { PatchEntry(WtGetCursorPos); } break; 117 | case FUNC_GetDC: { PatchEntry(WtGetDC); } break; 118 | case FUNC_GetMessageA: { PatchEntry(WtGetMessageA); } break; 119 | case FUNC_GetMessageW: { PatchEntry(WtGetMessageW); } break; 120 | case FUNC_GetWindowRect: { PatchEntry(WtGetWindowRect); } break; 121 | case FUNC_MessageBoxA: { PatchEntry(WtMessageBoxA); } break; 122 | case FUNC_MessageBoxW: { PatchEntry(WtMessageBoxW); } break; 123 | case FUNC_MessageBoxExA: { PatchEntry(WtMessageBoxExA); } break; 124 | case FUNC_MessageBoxExW: { PatchEntry(WtMessageBoxExW); } break; 125 | case FUNC_PeekMessageA: { PatchEntry(WtPeekMessageA); } break; 126 | case FUNC_PeekMessageW: { PatchEntry(WtPeekMessageW); } break; 127 | case FUNC_PostMessageA: { PatchEntry(WtPostMessageA); } break; 128 | case FUNC_PostMessageW: { PatchEntry(WtPostMessageW); } break; 129 | case FUNC_PostQuitMessage: { PatchEntry(WtPostQuitMessage); } break; 130 | case FUNC_RegisterClassExA: { PatchEntry(WtRegisterClassExA); } break; 131 | case FUNC_RegisterClassExW: { PatchEntry(WtRegisterClassExW); } break; 132 | case FUNC_ReleaseDC: { PatchEntry(WtReleaseDC); } break; 133 | case FUNC_ScreenToClient: { PatchEntry(WtScreenToClient); } break; 134 | case FUNC_ShowCursor: { PatchEntry(WtShowCursor); } break; 135 | case FUNC_ShowWindow: { PatchEntry(WtShowWindow); } break; 136 | case FUNC_TranslateMessage: { PatchEntry(WtTranslateMessage); } break; 137 | case FUNC_UpdateWindow: { PatchEntry(WtUpdateWindow); } break; 138 | // syncapi.h 139 | case FUNC_CreateMutexA: { PatchEntry(WtCreateMutexA); } break; 140 | case FUNC_CreateMutexW: { PatchEntry(WtCreateMutexW); } break; 141 | case FUNC_CreateMutexExA: { PatchEntry(WtCreateMutexExA); } break; 142 | case FUNC_CreateMutexExW: { PatchEntry(WtCreateMutexExW); } break; 143 | case FUNC_ReleaseMutex: { PatchEntry(WtReleaseMutex); } break; 144 | case FUNC_CreateSemaphoreExW: { PatchEntry(WtCreateSemaphoreExW); } break; 145 | case FUNC_ReleaseSemaphore: { PatchEntry(WtReleaseSemaphore); } break; 146 | case FUNC_CreateEventA: { PatchEntry(WtCreateEventA); } break; 147 | case FUNC_CreateEventW: { PatchEntry(WtCreateEventW); } break; 148 | case FUNC_CreateEventExA: { PatchEntry(WtCreateEventExA); } break; 149 | case FUNC_CreateEventExW: { PatchEntry(WtCreateEventExW); } break; 150 | case FUNC_SetEvent: { PatchEntry(WtSetEvent); } break; 151 | case FUNC_ResetEvent: { PatchEntry(WtResetEvent); } break; 152 | case FUNC_InitializeCriticalSection: { PatchEntry(WtInitializeCriticalSection); } break; 153 | case FUNC_EnterCriticalSection: { PatchEntry(WtEnterCriticalSection); } break; 154 | case FUNC_LeaveCriticalSection: { PatchEntry(WtLeaveCriticalSection); } break; 155 | case FUNC_InitializeCriticalSectionAndSpinCount: { PatchEntry(WtInitializeCriticalSectionAndSpinCount); } break; 156 | case FUNC_InitializeCriticalSectionEx: { PatchEntry(WtInitializeCriticalSectionEx); } break; 157 | case FUNC_SetCriticalSectionSpinCount: { PatchEntry(WtSetCriticalSectionSpinCount); } break; 158 | case FUNC_TryEnterCriticalSection: { PatchEntry(WtTryEnterCriticalSection); } break; 159 | case FUNC_DeleteCriticalSection: { PatchEntry(WtDeleteCriticalSection); } break; 160 | case FUNC_WaitForSingleObject: { PatchEntry(WtWaitForSingleObject); } break; 161 | case FUNC_WaitForSingleObjectEx: { PatchEntry(WtWaitForSingleObjectEx); } break; 162 | case FUNC_WaitForMultipleObjectsEx: { PatchEntry(WtWaitForMultipleObjectsEx); } break; 163 | case FUNC_SleepEx: { PatchEntry(WtSleepEx); } break; 164 | // stdio.h 165 | case FUNC_fopen: { PatchEntry(wt_fopen); } break; 166 | case FUNC__wfopen: { PatchEntry(wt__wfopen); } break; 167 | case FUNC_fclose: { PatchEntry(wt_fclose); } break; 168 | case FUNC_feof: { PatchEntry(wt_feof); } break; 169 | case FUNC_ferror: { PatchEntry(wt_ferror); } break; 170 | case FUNC_fflush: { PatchEntry(wt_fflush); } break; 171 | case FUNC_fread: { PatchEntry(wt_fread); } break; 172 | case FUNC_fwrite: { PatchEntry(wt_fwrite); } break; 173 | case FUNC_fseek: { PatchEntry(wt_fseek); } break; 174 | case FUNC_ftell: { PatchEntry(wt_ftell); } break; 175 | // stdlib.h 176 | case FUNC_atof: { PatchEntry(wt_atof); } break; 177 | case FUNC_atoi: { PatchEntry(wt_atoi); } break; 178 | case FUNC_atol: { PatchEntry(wt_atol); } break; 179 | case FUNC_malloc: { PatchEntry(wt_malloc); } break; 180 | case FUNC_calloc: { PatchEntry(wt_calloc); } break; 181 | case FUNC_realloc: { PatchEntry(wt_realloc); } break; 182 | case FUNC_free: { PatchEntry(wt_free); } break; 183 | #pragma warning(default: 4127) 184 | } 185 | } 186 | -------------------------------------------------------------------------------- /dll/win32/wt_winuser.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern T_WintraceOpts *pOpts; 4 | 5 | BOOL 6 | WtAdjustWindowRect( 7 | LPRECT lpRect, 8 | DWORD dwStyle, 9 | BOOL bMenu 10 | ) 11 | { 12 | BOOL Ret; 13 | 14 | if (BeginTrace(E_AdjustWindowRect)) 15 | { 16 | WriteFuncBuffer("(0x%p, %u, %d)", lpRect, dwStyle, bMenu); 17 | Ret = AdjustWindowRect(lpRect, dwStyle, bMenu); 18 | WriteFuncBuffer(" = %d", Ret); 19 | EndTrace(E_AdjustWindowRect, FALSE); 20 | } 21 | else 22 | { 23 | Ret = AdjustWindowRect(lpRect, dwStyle, bMenu); 24 | } 25 | 26 | return (Ret); 27 | } 28 | 29 | BOOL 30 | WtAdjustWindowRectEx( 31 | LPRECT lpRect, 32 | DWORD dwStyle, 33 | BOOL bMenu, 34 | DWORD dwExStyle 35 | ) 36 | { 37 | BOOL Ret; 38 | 39 | if (BeginTrace(E_AdjustWindowRectEx)) 40 | { 41 | WriteFuncBuffer("(0x%p, %u, %d, %u)", lpRect, dwStyle, bMenu, dwExStyle); 42 | Ret = AdjustWindowRectEx(lpRect, dwStyle, bMenu, dwExStyle); 43 | WriteFuncBuffer(" = %d", Ret); 44 | EndTrace(E_AdjustWindowRectEx, FALSE); 45 | } 46 | else 47 | { 48 | Ret = AdjustWindowRectEx(lpRect, dwStyle, bMenu, dwExStyle); 49 | } 50 | 51 | return (Ret); 52 | } 53 | 54 | HDC 55 | WtBeginPaint( 56 | HWND hWnd, 57 | LPPAINTSTRUCT lpPaint 58 | ) 59 | { 60 | HDC Ret; 61 | 62 | if (BeginTrace(E_BeginPaint)) 63 | { 64 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpPaint); 65 | Ret = BeginPaint(hWnd, lpPaint); 66 | WriteFuncBuffer(" = 0x%p", Ret); 67 | EndTrace(E_BeginPaint, FALSE); 68 | } 69 | else 70 | { 71 | Ret = BeginPaint(hWnd, lpPaint); 72 | } 73 | 74 | return (Ret); 75 | } 76 | 77 | BOOL 78 | WtClientToScreen( 79 | HWND hWnd, 80 | LPPOINT lpPoint 81 | ) 82 | { 83 | BOOL Ret; 84 | 85 | if (BeginTrace(E_ClientToScreen)) 86 | { 87 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpPoint); 88 | Ret = ClientToScreen(hWnd, lpPoint); 89 | WriteFuncBuffer(" = %d", Ret); 90 | EndTrace(E_ClientToScreen, FALSE); 91 | } 92 | else 93 | { 94 | Ret = ClientToScreen(hWnd, lpPoint); 95 | } 96 | 97 | return (Ret); 98 | } 99 | 100 | BOOL 101 | WtClipCursor( 102 | LPRECT lpRect 103 | ) 104 | { 105 | BOOL Ret; 106 | 107 | if (BeginTrace(E_ClipCursor)) 108 | { 109 | WriteFuncBuffer("(0x%p)", lpRect); 110 | Ret = ClipCursor(lpRect); 111 | WriteFuncBuffer(" = %d", Ret); 112 | EndTrace(E_ClipCursor, FALSE); 113 | } 114 | else 115 | { 116 | Ret = ClipCursor(lpRect); 117 | } 118 | 119 | return (Ret); 120 | } 121 | 122 | BOOL 123 | WtCloseWindow( 124 | HWND hWnd 125 | ) 126 | { 127 | BOOL Ret; 128 | 129 | if (BeginTrace(E_CloseWindow)) 130 | { 131 | WriteFuncBuffer("(0x%p)", hWnd); 132 | Ret = CloseWindow(hWnd); 133 | WriteFuncBuffer(" = %d", Ret); 134 | EndTrace(E_CloseWindow, FALSE); 135 | } 136 | else 137 | { 138 | Ret = CloseWindow(hWnd); 139 | } 140 | 141 | return (Ret); 142 | } 143 | 144 | HWND 145 | WtCreateWindowA( 146 | LPCSTR lpClassName, 147 | LPCSTR lpWindowName, 148 | DWORD dwStyle, 149 | int x, 150 | int y, 151 | int nWidth, 152 | int nHeight, 153 | HWND hWndParent, 154 | HMENU hMenu, 155 | HINSTANCE hInstance, 156 | LPVOID lpParam 157 | ) 158 | { 159 | HWND Ret; 160 | 161 | if (BeginTrace(E_CreateWindowA)) 162 | { 163 | WriteFuncBuffer("(\"%s\", \"%s\", %u, %d, %d, %d, %d, 0x%p, 0x%p, 0x%p, 0x%p)", lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 164 | Ret = CreateWindowA(lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 165 | WriteFuncBuffer(" = 0x%p", Ret); 166 | EndTrace(E_CreateWindowA, FALSE); 167 | } 168 | else 169 | { 170 | Ret = CreateWindowA(lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 171 | } 172 | 173 | return (Ret); 174 | } 175 | 176 | HWND 177 | WtCreateWindowW( 178 | LPCWSTR lpClassName, 179 | LPCWSTR lpWindowName, 180 | DWORD dwStyle, 181 | int x, 182 | int y, 183 | int nWidth, 184 | int nHeight, 185 | HWND hWndParent, 186 | HMENU hMenu, 187 | HINSTANCE hInstance, 188 | LPVOID lpParam 189 | ) 190 | { 191 | HWND Ret; 192 | 193 | if (BeginTrace(E_CreateWindowW)) 194 | { 195 | WriteFuncBuffer("(\"%ws\", \"%ws\", %u, %d, %d, %d, %d, 0x%p, 0x%p, 0x%p, 0x%p)", lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 196 | Ret = CreateWindowW(lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 197 | WriteFuncBuffer(" = 0x%p", Ret); 198 | EndTrace(E_CreateWindowW, FALSE); 199 | } 200 | else 201 | { 202 | Ret = CreateWindowW(lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 203 | } 204 | 205 | return (Ret); 206 | } 207 | 208 | HWND 209 | WtCreateWindowExA( 210 | DWORD dwExStyle, 211 | LPCSTR lpClassName, 212 | LPCSTR lpWindowName, 213 | DWORD dwStyle, 214 | int x, 215 | int y, 216 | int nWidth, 217 | int nHeight, 218 | HWND hWndParent, 219 | HMENU hMenu, 220 | HINSTANCE hInstance, 221 | LPVOID lpParam 222 | ) 223 | { 224 | HWND Ret; 225 | 226 | if (BeginTrace(E_CreateWindowExA)) 227 | { 228 | WriteFuncBuffer("(%u, \"%s\", \"%s\", %u, %d, %d, %d, %d, 0x%p, 0x%p, 0x%p, 0x%p)", dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 229 | Ret = CreateWindowExA(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 230 | WriteFuncBuffer(" = 0x%p", Ret); 231 | EndTrace(E_CreateWindowExA, FALSE); 232 | } 233 | else 234 | { 235 | Ret = CreateWindowExA(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 236 | } 237 | 238 | return (Ret); 239 | } 240 | 241 | HWND 242 | WtCreateWindowExW( 243 | DWORD dwExStyle, 244 | LPCWSTR lpClassName, 245 | LPCWSTR lpWindowName, 246 | DWORD dwStyle, 247 | int x, 248 | int y, 249 | int nWidth, 250 | int nHeight, 251 | HWND hWndParent, 252 | HMENU hMenu, 253 | HINSTANCE hInstance, 254 | LPVOID lpParam 255 | ) 256 | { 257 | HWND Ret; 258 | 259 | if (BeginTrace(E_CreateWindowExW)) 260 | { 261 | WriteFuncBuffer("(%u, \"%ws\", \"%ws\", %u, %d, %d, %d, %d, 0x%p, 0x%p, 0x%p, 0x%p)", dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 262 | Ret = CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 263 | WriteFuncBuffer(" = 0x%p", Ret); 264 | EndTrace(E_CreateWindowExW, FALSE); 265 | } 266 | else 267 | { 268 | Ret = CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 269 | } 270 | 271 | return (Ret); 272 | } 273 | 274 | LRESULT 275 | WtDefWindowProcA( 276 | HWND hWnd, 277 | UINT Msg, 278 | WPARAM wParam, 279 | LPARAM lParam 280 | ) 281 | { 282 | LRESULT Ret; 283 | 284 | if (BeginTrace(E_DefWindowProcA)) 285 | { 286 | WriteFuncBuffer("(0x%p, %u, %u, %u)", hWnd, Msg, wParam, lParam); 287 | Ret = DefWindowProcA(hWnd, Msg, wParam, lParam); 288 | WriteFuncBuffer(" = %u", Ret); 289 | EndTrace(E_DefWindowProcA, FALSE); 290 | } 291 | else 292 | { 293 | Ret = DefWindowProcA(hWnd, Msg, wParam, lParam); 294 | } 295 | 296 | return (Ret); 297 | } 298 | 299 | LRESULT 300 | WtDefWindowProcW( 301 | HWND hWnd, 302 | UINT Msg, 303 | WPARAM wParam, 304 | LPARAM lParam 305 | ) 306 | { 307 | LRESULT Ret; 308 | 309 | if (BeginTrace(E_DefWindowProcW)) 310 | { 311 | WriteFuncBuffer("(0x%p, %u, %u, %u)", hWnd, Msg, wParam, lParam); 312 | Ret = DefWindowProcW(hWnd, Msg, wParam, lParam); 313 | WriteFuncBuffer(" = %u", Ret); 314 | EndTrace(E_DefWindowProcW, FALSE); 315 | } 316 | else 317 | { 318 | Ret = DefWindowProcW(hWnd, Msg, wParam, lParam); 319 | } 320 | 321 | return (Ret); 322 | } 323 | 324 | BOOL 325 | WtDestroyWindow( 326 | HWND hWnd 327 | ) 328 | { 329 | BOOL Ret; 330 | 331 | if (BeginTrace(E_DestroyWindow)) 332 | { 333 | WriteFuncBuffer("(0x%p)", hWnd); 334 | Ret = DestroyWindow(hWnd); 335 | WriteFuncBuffer(" = %d", Ret); 336 | EndTrace(E_DestroyWindow, FALSE); 337 | } 338 | else 339 | { 340 | Ret = DestroyWindow(hWnd); 341 | } 342 | 343 | return (Ret); 344 | } 345 | 346 | LRESULT 347 | WtDispatchMessageA( 348 | LPMSG lpMsg 349 | ) 350 | { 351 | LRESULT Ret; 352 | 353 | if (BeginTrace(E_DispatchMessageA)) 354 | { 355 | WriteFuncBuffer("(0x%p)", lpMsg); 356 | Ret = DispatchMessageA(lpMsg); 357 | WriteFuncBuffer(" = %u", Ret); 358 | EndTrace(E_DispatchMessageA, FALSE); 359 | } 360 | else 361 | { 362 | Ret = DispatchMessageA(lpMsg); 363 | } 364 | 365 | return (Ret); 366 | } 367 | 368 | LRESULT 369 | WtDispatchMessageW( 370 | LPMSG lpMsg 371 | ) 372 | { 373 | LRESULT Ret; 374 | 375 | if (BeginTrace(E_DispatchMessageW)) 376 | { 377 | WriteFuncBuffer("(0x%p)", lpMsg); 378 | Ret = DispatchMessageW(lpMsg); 379 | WriteFuncBuffer(" = %u", Ret); 380 | EndTrace(E_DispatchMessageW, FALSE); 381 | } 382 | else 383 | { 384 | Ret = DispatchMessageW(lpMsg); 385 | } 386 | 387 | return (Ret); 388 | } 389 | 390 | BOOL 391 | WtEndPaint( 392 | HWND hWnd, 393 | LPPAINTSTRUCT lpPaint 394 | ) 395 | { 396 | BOOL Ret; 397 | 398 | if (BeginTrace(E_EndPaint)) 399 | { 400 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpPaint); 401 | Ret = EndPaint(hWnd, lpPaint); 402 | WriteFuncBuffer(" = %d", Ret); 403 | EndTrace(E_EndPaint, FALSE); 404 | } 405 | else 406 | { 407 | Ret = EndPaint(hWnd, lpPaint); 408 | } 409 | 410 | return (Ret); 411 | } 412 | 413 | int 414 | WtFillRect( 415 | HDC hDC, 416 | LPRECT lprc, 417 | HBRUSH hbr 418 | ) 419 | { 420 | int Ret; 421 | 422 | if (BeginTrace(E_FillRect)) 423 | { 424 | WriteFuncBuffer("(0x%p, 0x%p, 0x%p)", hDC, lprc, hbr); 425 | Ret = FillRect(hDC, lprc, hbr); 426 | WriteFuncBuffer(" = %d", Ret); 427 | EndTrace(E_FillRect, FALSE); 428 | } 429 | else 430 | { 431 | Ret = FillRect(hDC, lprc, hbr); 432 | } 433 | 434 | return (Ret); 435 | } 436 | 437 | BOOL 438 | WtGetClientRect( 439 | HWND hWnd, 440 | LPRECT lpRect 441 | ) 442 | { 443 | BOOL Ret; 444 | 445 | if (BeginTrace(E_GetClientRect)) 446 | { 447 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpRect); 448 | Ret = GetClientRect(hWnd, lpRect); 449 | WriteFuncBuffer(" = %d", Ret); 450 | EndTrace(E_GetClientRect, FALSE); 451 | } 452 | else 453 | { 454 | Ret = GetClientRect(hWnd, lpRect); 455 | } 456 | 457 | return (Ret); 458 | } 459 | 460 | BOOL 461 | WtGetCursorPos( 462 | LPPOINT lpPoint 463 | ) 464 | { 465 | BOOL Ret; 466 | 467 | if (BeginTrace(E_GetCursorPos)) 468 | { 469 | WriteFuncBuffer("(0x%p)", lpPoint); 470 | Ret = GetCursorPos(lpPoint); 471 | WriteFuncBuffer(" = %d", Ret); 472 | EndTrace(E_GetCursorPos, FALSE); 473 | } 474 | else 475 | { 476 | Ret = GetCursorPos(lpPoint); 477 | } 478 | 479 | return (Ret); 480 | } 481 | 482 | HDC 483 | WtGetDC( 484 | HWND hWnd 485 | ) 486 | { 487 | HDC Ret; 488 | 489 | if (BeginTrace(E_GetDC)) 490 | { 491 | WriteFuncBuffer("(0x%p)", hWnd); 492 | Ret = GetDC(hWnd); 493 | WriteFuncBuffer(" = 0x%p", Ret); 494 | EndTrace(E_GetDC, FALSE); 495 | } 496 | else 497 | { 498 | Ret = GetDC(hWnd); 499 | } 500 | 501 | return (Ret); 502 | } 503 | 504 | BOOL 505 | WtGetMessageA( 506 | LPMSG lpMsg, 507 | HWND hWnd, 508 | UINT wMsgFilterMin, 509 | UINT wMsgFilterMax 510 | ) 511 | { 512 | BOOL Ret; 513 | 514 | if (BeginTrace(E_GetMessageA)) 515 | { 516 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u)", lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 517 | Ret = GetMessageA(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 518 | WriteFuncBuffer(" = %d", Ret); 519 | EndTrace(E_GetMessageA, FALSE); 520 | } 521 | else 522 | { 523 | Ret = GetMessageA(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 524 | } 525 | 526 | return (Ret); 527 | } 528 | 529 | BOOL 530 | WtGetMessageW( 531 | LPMSG lpMsg, 532 | HWND hWnd, 533 | UINT wMsgFilterMin, 534 | UINT wMsgFilterMax 535 | ) 536 | { 537 | BOOL Ret; 538 | 539 | if (BeginTrace(E_GetMessageW)) 540 | { 541 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u)", lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 542 | Ret = GetMessageW(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 543 | WriteFuncBuffer(" = %d", Ret); 544 | EndTrace(E_GetMessageW, FALSE); 545 | } 546 | else 547 | { 548 | Ret = GetMessageW(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax); 549 | } 550 | 551 | return (Ret); 552 | } 553 | 554 | BOOL 555 | WtGetWindowRect( 556 | HWND hWnd, 557 | LPRECT lpRect 558 | ) 559 | { 560 | BOOL Ret; 561 | 562 | if (BeginTrace(E_GetWindowRect)) 563 | { 564 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpRect); 565 | Ret = GetWindowRect(hWnd, lpRect); 566 | WriteFuncBuffer(" = %d", Ret); 567 | EndTrace(E_GetWindowRect, FALSE); 568 | } 569 | else 570 | { 571 | Ret = GetWindowRect(hWnd, lpRect); 572 | } 573 | 574 | return (Ret); 575 | } 576 | 577 | int 578 | WtMessageBoxA( 579 | HWND hwnd, 580 | LPCSTR lpText, 581 | LPCSTR lpCaption, 582 | UINT uType 583 | ) 584 | { 585 | int Ret; 586 | 587 | if (BeginTrace(E_MessageBoxA)) 588 | { 589 | WriteFuncBuffer("(0x%p, \"%s\", \"%s\", %u)", hwnd, lpText, lpCaption, uType); 590 | Ret = MessageBoxA(hwnd, lpText, lpCaption, uType); 591 | WriteFuncBuffer(" = %d", Ret); 592 | EndTrace(E_MessageBoxA, FALSE); 593 | } 594 | else 595 | { 596 | Ret = MessageBoxA(hwnd, lpText, lpCaption, uType); 597 | } 598 | 599 | return (Ret); 600 | } 601 | 602 | int 603 | WtMessageBoxW( 604 | HWND hwnd, 605 | LPCWSTR lpText, 606 | LPCWSTR lpCaption, 607 | UINT uType 608 | ) 609 | { 610 | int Ret; 611 | 612 | if (BeginTrace(E_MessageBoxW)) 613 | { 614 | WriteFuncBuffer("(0x%p, \"%ws\", \"%ws\", %u)", hwnd, lpText, lpCaption, uType); 615 | Ret = MessageBoxW(hwnd, lpText, lpCaption, uType); 616 | WriteFuncBuffer(" = %d", Ret); 617 | EndTrace(E_MessageBoxW, FALSE); 618 | } 619 | else 620 | { 621 | Ret = MessageBoxW(hwnd, lpText, lpCaption, uType); 622 | } 623 | 624 | return (Ret); 625 | } 626 | 627 | int 628 | WtMessageBoxExA( 629 | HWND hWnd, 630 | LPCSTR lpText, 631 | LPCSTR lpCaption, 632 | UINT uType, 633 | WORD wLanguageId 634 | ) 635 | { 636 | int Ret; 637 | 638 | if (BeginTrace(E_MessageBoxExA)) 639 | { 640 | WriteFuncBuffer("(0x%p, \"%s\", \"%s\", %u, %u)", hWnd, lpText, lpCaption, uType, wLanguageId); 641 | Ret = MessageBoxExA(hWnd, lpText, lpCaption, uType, wLanguageId); 642 | WriteFuncBuffer(" = %d", Ret); 643 | EndTrace(E_MessageBoxExA, FALSE); 644 | } 645 | else 646 | { 647 | Ret = MessageBoxExA(hWnd, lpText, lpCaption, uType, wLanguageId); 648 | } 649 | 650 | return (Ret); 651 | } 652 | 653 | int 654 | WtMessageBoxExW( 655 | HWND hWnd, 656 | LPCWSTR lpText, 657 | LPCWSTR lpCaption, 658 | UINT uType, 659 | WORD wLanguageId 660 | ) 661 | { 662 | int Ret; 663 | 664 | if (BeginTrace(E_MessageBoxExW)) 665 | { 666 | WriteFuncBuffer("(0x%p, \"%ws\", \"%ws\", %u, %u)", hWnd, lpText, lpCaption, uType, wLanguageId); 667 | Ret = MessageBoxExW(hWnd, lpText, lpCaption, uType, wLanguageId); 668 | WriteFuncBuffer(" = %d", Ret); 669 | EndTrace(E_MessageBoxExW, FALSE); 670 | } 671 | else 672 | { 673 | Ret = MessageBoxExW(hWnd, lpText, lpCaption, uType, wLanguageId); 674 | } 675 | 676 | return (Ret); 677 | } 678 | 679 | BOOL 680 | WtPeekMessageA( 681 | LPMSG lpMsg, 682 | HWND hWnd, 683 | UINT wMsgFilterMin, 684 | UINT wMsgFilterMax, 685 | UINT wRemoveMsg 686 | ) 687 | { 688 | BOOL Ret; 689 | 690 | if (BeginTrace(E_PeekMessageA)) 691 | { 692 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u, %u)", lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 693 | Ret = PeekMessageA(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 694 | WriteFuncBuffer(" = %d", Ret); 695 | EndTrace(E_PeekMessageA, FALSE); 696 | } 697 | else 698 | { 699 | Ret = PeekMessageA(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 700 | } 701 | 702 | return (Ret); 703 | } 704 | 705 | BOOL 706 | WtPeekMessageW( 707 | LPMSG lpMsg, 708 | HWND hWnd, 709 | UINT wMsgFilterMin, 710 | UINT wMsgFilterMax, 711 | UINT wRemoveMsg 712 | ) 713 | { 714 | BOOL Ret; 715 | 716 | if (BeginTrace(E_PeekMessageW)) 717 | { 718 | WriteFuncBuffer("(0x%p, 0x%p, %u, %u, %u)", lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 719 | Ret = PeekMessageW(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 720 | WriteFuncBuffer(" = %d", Ret); 721 | EndTrace(E_PeekMessageW, FALSE); 722 | } 723 | else 724 | { 725 | Ret = PeekMessageW(lpMsg, hWnd, wMsgFilterMin, wMsgFilterMax, wRemoveMsg); 726 | } 727 | 728 | return (Ret); 729 | } 730 | 731 | BOOL 732 | WtPostMessageA( 733 | HWND hWnd, 734 | UINT Msg, 735 | WPARAM wParam, 736 | LPARAM lParam 737 | ) 738 | { 739 | BOOL Ret; 740 | 741 | if (BeginTrace(E_PostMessageA)) 742 | { 743 | WriteFuncBuffer("(0x%p, %u, %u, %u)", hWnd, Msg, wParam, lParam); 744 | Ret = PostMessageA(hWnd, Msg, wParam, lParam); 745 | WriteFuncBuffer(" = %d", Ret); 746 | EndTrace(E_PostMessageA, FALSE); 747 | } 748 | else 749 | { 750 | Ret = PostMessageA(hWnd, Msg, wParam, lParam); 751 | } 752 | 753 | return (Ret); 754 | } 755 | 756 | BOOL 757 | WtPostMessageW( 758 | HWND hWnd, 759 | UINT Msg, 760 | WPARAM wParam, 761 | LPARAM lParam 762 | ) 763 | { 764 | BOOL Ret; 765 | 766 | if (BeginTrace(E_PostMessageW)) 767 | { 768 | WriteFuncBuffer("(0x%p, %u, %u, %u)", hWnd, Msg, wParam, lParam); 769 | Ret = PostMessageW(hWnd, Msg, wParam, lParam); 770 | WriteFuncBuffer(" = %d", Ret); 771 | EndTrace(E_PostMessageW, FALSE); 772 | } 773 | else 774 | { 775 | Ret = PostMessageW(hWnd, Msg, wParam, lParam); 776 | } 777 | 778 | return (Ret); 779 | } 780 | 781 | void 782 | WtPostQuitMessage( 783 | int nExitCode 784 | ) 785 | { 786 | if (BeginTrace(E_PostQuitMessage)) 787 | { 788 | WriteFuncBuffer("(%d)", nExitCode); 789 | WriteFuncBuffer(" = VOID"); 790 | EndTrace(E_PostQuitMessage, FALSE); 791 | } 792 | 793 | PostQuitMessage(nExitCode); 794 | } 795 | 796 | ATOM 797 | WtRegisterClassExA( 798 | LPWNDCLASSEXA unnamedParam1 799 | ) 800 | { 801 | ATOM Ret; 802 | 803 | if (BeginTrace(E_RegisterClassExA)) 804 | { 805 | WriteFuncBuffer("(%u)", unnamedParam1); 806 | Ret = RegisterClassExA(unnamedParam1); 807 | WriteFuncBuffer(" = %u", Ret); 808 | EndTrace(E_RegisterClassExA, FALSE); 809 | } 810 | else 811 | { 812 | Ret = RegisterClassExA(unnamedParam1); 813 | } 814 | 815 | return (Ret); 816 | } 817 | 818 | ATOM 819 | WtRegisterClassExW( 820 | LPWNDCLASSEXW unnamedParam1 821 | ) 822 | { 823 | ATOM Ret; 824 | 825 | if (BeginTrace(E_RegisterClassExW)) 826 | { 827 | WriteFuncBuffer("(%u)", unnamedParam1); 828 | Ret = RegisterClassExW(unnamedParam1); 829 | WriteFuncBuffer(" = %u", Ret); 830 | EndTrace(E_RegisterClassExW, FALSE); 831 | } 832 | else 833 | { 834 | Ret = RegisterClassExW(unnamedParam1); 835 | } 836 | 837 | return (Ret); 838 | } 839 | 840 | int 841 | WtReleaseDC( 842 | HWND hWnd, 843 | HDC hDC 844 | ) 845 | { 846 | int Ret; 847 | 848 | if (BeginTrace(E_ReleaseDC)) 849 | { 850 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, hDC); 851 | Ret = ReleaseDC(hWnd, hDC); 852 | WriteFuncBuffer(" = %d", Ret); 853 | EndTrace(E_ReleaseDC, FALSE); 854 | } 855 | else 856 | { 857 | Ret = ReleaseDC(hWnd, hDC); 858 | } 859 | 860 | return (Ret); 861 | } 862 | 863 | BOOL 864 | WtScreenToClient( 865 | HWND hWnd, 866 | LPPOINT lpPoint 867 | ) 868 | { 869 | BOOL Ret; 870 | 871 | if (BeginTrace(E_ScreenToClient)) 872 | { 873 | WriteFuncBuffer("(0x%p, 0x%p)", hWnd, lpPoint); 874 | Ret = ScreenToClient(hWnd, lpPoint); 875 | WriteFuncBuffer(" = %d", Ret); 876 | EndTrace(E_ScreenToClient, FALSE); 877 | } 878 | else 879 | { 880 | Ret = ScreenToClient(hWnd, lpPoint); 881 | } 882 | 883 | return (Ret); 884 | } 885 | 886 | int 887 | WtShowCursor( 888 | BOOL bShow 889 | ) 890 | { 891 | int Ret; 892 | 893 | if (BeginTrace(E_ShowCursor)) 894 | { 895 | WriteFuncBuffer("(%d)", bShow); 896 | Ret = ShowCursor(bShow); 897 | WriteFuncBuffer(" = %d", Ret); 898 | EndTrace(E_ShowCursor, FALSE); 899 | } 900 | else 901 | { 902 | Ret = ShowCursor(bShow); 903 | } 904 | 905 | return (Ret); 906 | } 907 | 908 | BOOL 909 | WtShowWindow( 910 | HWND hWnd, 911 | int nCmdShow 912 | ) 913 | { 914 | BOOL Ret; 915 | 916 | if (BeginTrace(E_ShowWindow)) 917 | { 918 | WriteFuncBuffer("(0x%p, %d)", hWnd, nCmdShow); 919 | Ret = ShowWindow(hWnd, nCmdShow); 920 | WriteFuncBuffer(" = %d", Ret); 921 | EndTrace(E_ShowWindow, FALSE); 922 | } 923 | else 924 | { 925 | Ret = ShowWindow(hWnd, nCmdShow); 926 | } 927 | 928 | return (Ret); 929 | } 930 | 931 | BOOL 932 | WtTranslateMessage( 933 | LPMSG lpMsg 934 | ) 935 | { 936 | BOOL Ret; 937 | 938 | if (BeginTrace(E_TranslateMessage)) 939 | { 940 | WriteFuncBuffer("(0x%p)", lpMsg); 941 | Ret = TranslateMessage(lpMsg); 942 | WriteFuncBuffer(" = %d", Ret); 943 | EndTrace(E_TranslateMessage, FALSE); 944 | } 945 | else 946 | { 947 | Ret = TranslateMessage(lpMsg); 948 | } 949 | 950 | return (Ret); 951 | } 952 | 953 | BOOL 954 | WtUpdateWindow( 955 | HWND hWnd 956 | ) 957 | { 958 | BOOL Ret; 959 | 960 | if (BeginTrace(E_UpdateWindow)) 961 | { 962 | WriteFuncBuffer("(0x%p)", hWnd); 963 | Ret = UpdateWindow(hWnd); 964 | WriteFuncBuffer(" = %d", Ret); 965 | EndTrace(E_UpdateWindow, FALSE); 966 | } 967 | else 968 | { 969 | Ret = UpdateWindow(hWnd); 970 | } 971 | 972 | return (Ret); 973 | } 974 | 975 | --------------------------------------------------------------------------------