├── CHANGELOG.md
├── LogApiDll
    ├── README.md
    ├── dll.vcxproj
    ├── dll.vcxproj.filters
    ├── dll.vcxproj.user
    ├── exports.def
    ├── global.h
    ├── hidedll.c
    ├── hidedll.h
    ├── hooks
    │   ├── advapi32_hook.c
    │   ├── advapi32_hook.h
    │   ├── gdi32_hook.c
    │   ├── gdi32_hook.h
    │   ├── hooks.c
    │   ├── hooks.h
    │   ├── kernel32_hook.c
    │   ├── kernel32_hook.h
    │   ├── mpr_hook.c
    │   ├── mpr_hook.h
    │   ├── netapi32_hook.c
    │   ├── netapi32_hook.h
    │   ├── ntdll_hook.c
    │   ├── ntdll_hook.h
    │   ├── ole32_hook.cpp
    │   ├── ole32_hook.h
    │   ├── psapi_hook.c
    │   ├── psapi_hook.h
    │   ├── rasapi32_hook.c
    │   ├── rasapi32_hook.h
    │   ├── sfc_os_hook.c
    │   ├── sfc_os_hook.h
    │   ├── shell32_hook.c
    │   ├── shell32_hook.h
    │   ├── srclient_hook.c
    │   ├── srclient_hook.h
    │   ├── urlmon_hook.c
    │   ├── urlmon_hook.h
    │   ├── user32_hook.c
    │   ├── user32_hook.h
    │   ├── wininet_hook.c
    │   ├── wininet_hook.h
    │   ├── winscard_hook.c
    │   ├── winscard_hook.h
    │   ├── ws2_32_hook.c
    │   └── ws2_32_hook.h
    ├── logapi.sln
    ├── logger.c
    ├── logger.h
    ├── main.c
    ├── protect.c
    ├── protect.h
    ├── res.rc
    ├── resource.h
    ├── subroutines.c
    ├── subroutines.h
    ├── types.h
    └── xeb.h
├── README.md
├── libMinHook
    ├── .editorconfig
    ├── .gitignore
    ├── AUTHORS.txt
    ├── LICENSE.txt
    ├── README.md
    ├── build
    │   ├── MinGW
    │   │   ├── Makefile
    │   │   └── make.bat
    │   ├── VC10
    │   │   ├── MinHook.vcxproj
    │   │   ├── MinHookVC10.sln
    │   │   ├── libMinHook.vcxproj
    │   │   └── libMinHook.vcxproj.filters
    │   ├── VC11
    │   │   ├── MinHook.vcxproj
    │   │   ├── MinHookVC11.sln
    │   │   ├── libMinHook.vcxproj
    │   │   └── libMinHook.vcxproj.filters
    │   ├── VC12
    │   │   ├── MinHook.vcxproj
    │   │   ├── MinHookVC12.sln
    │   │   ├── libMinHook.vcxproj
    │   │   └── libMinHook.vcxproj.filters
    │   ├── VC14
    │   │   ├── MinHook.vcxproj
    │   │   ├── MinHookVC14.sln
    │   │   ├── libMinHook.vcxproj
    │   │   ├── libMinHook.vcxproj.filters
    │   │   └── libMinHook.vcxproj.user
    │   ├── VC15
    │   │   ├── MinHook.vcxproj
    │   │   ├── MinHookVC15.sln
    │   │   ├── libMinHook.vcxproj
    │   │   ├── libMinHook.vcxproj.filters
    │   │   └── libMinHook.vcxproj.user
    │   └── VC9
    │   │   ├── MinHook.vcproj
    │   │   ├── MinHookVC9.sln
    │   │   └── libMinHook.vcproj
    ├── dll_resources
    │   ├── MinHook.def
    │   └── MinHook.rc
    ├── include
    │   └── MinHook.h
    └── src
    │   ├── buffer.c
    │   ├── buffer.h
    │   ├── hde
    │       ├── hde32.c
    │       ├── hde32.h
    │       ├── hde64.c
    │       ├── hde64.h
    │       ├── pstdint.h
    │       ├── table32.h
    │       └── table64.h
    │   ├── hook.c
    │   ├── trampoline.c
    │   └── trampoline.h
└── phnt
    ├── README.md
    ├── include
        ├── ntdbg.h
        ├── ntexapi.h
        ├── ntgdi.h
        ├── ntioapi.h
        ├── ntkeapi.h
        ├── ntldr.h
        ├── ntlpcapi.h
        ├── ntmisc.h
        ├── ntmmapi.h
        ├── ntnls.h
        ├── ntobapi.h
        ├── ntpebteb.h
        ├── ntpfapi.h
        ├── ntpnpapi.h
        ├── ntpoapi.h
        ├── ntpsapi.h
        ├── ntregapi.h
        ├── ntrtl.h
        ├── ntsam.h
        ├── ntseapi.h
        ├── ntsmss.h
        ├── nttmapi.h
        ├── nttp.h
        ├── ntwow64.h
        ├── ntxcapi.h
        ├── ntzwapi.h
        ├── phnt.h
        ├── phnt_ntdef.h
        ├── phnt_windows.h
        ├── subprocesstag.h
        └── winsta.h
    └── zw_options.txt


/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Changelog
 2 | All notable changes to this project will be documented in this file.
 3 | This project adheres to [Semantic Versioning](http://semver.org/).
 4 | 
 5 | ## [1.0.5] - 2020-06-06
 6 | 
 7 | ### Fixed
 8 | - Greatly Improved load speeds through batch enabling of hooks.
 9 | - fix memory corruption issue
10 | 
11 | 
12 | ## [1.0.4] - 2020-05-31
13 | 
14 | ### Added
15 | - MinHook library
16 | 
17 | ### Changed
18 | - Switched from messages to pipes for communication
19 | - Now using MinHook library to install hooks due to issues with Sbies hooking function
20 | 
21 | ### Fixed
22 | - Applications crashing on startup
23 | 
24 | ### Removed
25 | - Removed dependencies on custom private headers
26 | -- instead ProcessHackers collection of Native API headers is used
27 | -- alternatively Sandboxies header collection can be used as well


--------------------------------------------------------------------------------
/LogApiDll/README.md:
--------------------------------------------------------------------------------
1 | # libApiLog
2 | API logging Library for Buster Sandbox Analyzer
3 | 


--------------------------------------------------------------------------------
/LogApiDll/dll.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <Filter Include="Source Files">
  5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
  6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
  7 |     </Filter>
  8 |     <Filter Include="Header Files">
  9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
 11 |     </Filter>
 12 |     <Filter Include="Resource Files">
 13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 15 |     </Filter>
 16 |     <Filter Include="Hooks">
 17 |       <UniqueIdentifier>{468905b2-3162-4536-ae45-1150b9c299c4}</UniqueIdentifier>
 18 |     </Filter>
 19 |   </ItemGroup>
 20 |   <ItemGroup>
 21 |     <ClCompile Include="logger.c">
 22 |       <Filter>Source Files</Filter>
 23 |     </ClCompile>
 24 |     <ClCompile Include="subroutines.c">
 25 |       <Filter>Source Files</Filter>
 26 |     </ClCompile>
 27 |     <ClCompile Include="hidedll.c">
 28 |       <Filter>Source Files</Filter>
 29 |     </ClCompile>
 30 |     <ClCompile Include="main.c">
 31 |       <Filter>Source Files</Filter>
 32 |     </ClCompile>
 33 |     <ClCompile Include="hooks\advapi32_hook.c">
 34 |       <Filter>Hooks</Filter>
 35 |     </ClCompile>
 36 |     <ClCompile Include="hooks\gdi32_hook.c">
 37 |       <Filter>Hooks</Filter>
 38 |     </ClCompile>
 39 |     <ClCompile Include="hooks\kernel32_hook.c">
 40 |       <Filter>Hooks</Filter>
 41 |     </ClCompile>
 42 |     <ClCompile Include="hooks\mpr_hook.c">
 43 |       <Filter>Hooks</Filter>
 44 |     </ClCompile>
 45 |     <ClCompile Include="hooks\netapi32_hook.c">
 46 |       <Filter>Hooks</Filter>
 47 |     </ClCompile>
 48 |     <ClCompile Include="hooks\ntdll_hook.c">
 49 |       <Filter>Hooks</Filter>
 50 |     </ClCompile>
 51 |     <ClCompile Include="hooks\psapi_hook.c">
 52 |       <Filter>Hooks</Filter>
 53 |     </ClCompile>
 54 |     <ClCompile Include="hooks\rasapi32_hook.c">
 55 |       <Filter>Hooks</Filter>
 56 |     </ClCompile>
 57 |     <ClCompile Include="hooks\sfc_os_hook.c">
 58 |       <Filter>Hooks</Filter>
 59 |     </ClCompile>
 60 |     <ClCompile Include="hooks\srclient_hook.c">
 61 |       <Filter>Hooks</Filter>
 62 |     </ClCompile>
 63 |     <ClCompile Include="hooks\shell32_hook.c">
 64 |       <Filter>Hooks</Filter>
 65 |     </ClCompile>
 66 |     <ClCompile Include="hooks\urlmon_hook.c">
 67 |       <Filter>Hooks</Filter>
 68 |     </ClCompile>
 69 |     <ClCompile Include="hooks\user32_hook.c">
 70 |       <Filter>Hooks</Filter>
 71 |     </ClCompile>
 72 |     <ClCompile Include="hooks\wininet_hook.c">
 73 |       <Filter>Hooks</Filter>
 74 |     </ClCompile>
 75 |     <ClCompile Include="hooks\winscard_hook.c">
 76 |       <Filter>Hooks</Filter>
 77 |     </ClCompile>
 78 |     <ClCompile Include="hooks\ws2_32_hook.c">
 79 |       <Filter>Hooks</Filter>
 80 |     </ClCompile>
 81 |     <ClCompile Include="protect.c">
 82 |       <Filter>Source Files</Filter>
 83 |     </ClCompile>
 84 |     <ClCompile Include="hooks\hooks.c">
 85 |       <Filter>Source Files</Filter>
 86 |     </ClCompile>
 87 |     <ClCompile Include="hooks\ole32_hook.cpp">
 88 |       <Filter>Hooks</Filter>
 89 |     </ClCompile>
 90 |   </ItemGroup>
 91 |   <ItemGroup>
 92 |     <ClInclude Include="global.h">
 93 |       <Filter>Header Files</Filter>
 94 |     </ClInclude>
 95 |     <ClInclude Include="hidedll.h">
 96 |       <Filter>Header Files</Filter>
 97 |     </ClInclude>
 98 |     <ClInclude Include="types.h">
 99 |       <Filter>Header Files</Filter>
100 |     </ClInclude>
101 |     <ClInclude Include="subroutines.h">
102 |       <Filter>Header Files</Filter>
103 |     </ClInclude>
104 |     <ClInclude Include="logger.h">
105 |       <Filter>Header Files</Filter>
106 |     </ClInclude>
107 |     <ClInclude Include="hooks\sfc_os_hook.h">
108 |       <Filter>Hooks</Filter>
109 |     </ClInclude>
110 |     <ClInclude Include="hooks\shell32_hook.h">
111 |       <Filter>Hooks</Filter>
112 |     </ClInclude>
113 |     <ClInclude Include="hooks\srclient_hook.h">
114 |       <Filter>Hooks</Filter>
115 |     </ClInclude>
116 |     <ClInclude Include="hooks\gdi32_hook.h">
117 |       <Filter>Hooks</Filter>
118 |     </ClInclude>
119 |     <ClInclude Include="hooks\rasapi32_hook.h">
120 |       <Filter>Hooks</Filter>
121 |     </ClInclude>
122 |     <ClInclude Include="hooks\mpr_hook.h">
123 |       <Filter>Hooks</Filter>
124 |     </ClInclude>
125 |     <ClInclude Include="hooks\ntdll_hook.h">
126 |       <Filter>Hooks</Filter>
127 |     </ClInclude>
128 |     <ClInclude Include="hooks\psapi_hook.h">
129 |       <Filter>Hooks</Filter>
130 |     </ClInclude>
131 |     <ClInclude Include="hooks\kernel32_hook.h">
132 |       <Filter>Hooks</Filter>
133 |     </ClInclude>
134 |     <ClInclude Include="resource.h">
135 |       <Filter>Header Files</Filter>
136 |     </ClInclude>
137 |     <ClInclude Include="hooks\ws2_32_hook.h">
138 |       <Filter>Hooks</Filter>
139 |     </ClInclude>
140 |     <ClInclude Include="hooks\urlmon_hook.h">
141 |       <Filter>Hooks</Filter>
142 |     </ClInclude>
143 |     <ClInclude Include="hooks\advapi32_hook.h">
144 |       <Filter>Hooks</Filter>
145 |     </ClInclude>
146 |     <ClInclude Include="hooks\wininet_hook.h">
147 |       <Filter>Hooks</Filter>
148 |     </ClInclude>
149 |     <ClInclude Include="hooks\netapi32_hook.h">
150 |       <Filter>Hooks</Filter>
151 |     </ClInclude>
152 |     <ClInclude Include="hooks\user32_hook.h">
153 |       <Filter>Hooks</Filter>
154 |     </ClInclude>
155 |     <ClInclude Include="hooks\winscard_hook.h">
156 |       <Filter>Hooks</Filter>
157 |     </ClInclude>
158 |     <ClInclude Include="hooks\ole32_hook.h">
159 |       <Filter>Hooks</Filter>
160 |     </ClInclude>
161 |     <ClInclude Include="protect.h">
162 |       <Filter>Header Files</Filter>
163 |     </ClInclude>
164 |     <ClInclude Include="hooks\hooks.h">
165 |       <Filter>Header Files</Filter>
166 |     </ClInclude>
167 |   </ItemGroup>
168 |   <ItemGroup>
169 |     <None Include="exports.def">
170 |       <Filter>Resource Files</Filter>
171 |     </None>
172 |   </ItemGroup>
173 |   <ItemGroup>
174 |     <ResourceCompile Include="res.rc">
175 |       <Filter>Resource Files</Filter>
176 |     </ResourceCompile>
177 |   </ItemGroup>
178 | </Project>


--------------------------------------------------------------------------------
/LogApiDll/dll.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 | </Project>


--------------------------------------------------------------------------------
/LogApiDll/exports.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | 
3 |    InjectDllMain
4 | 


--------------------------------------------------------------------------------
/LogApiDll/hidedll.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	hidedll.c
  8 | 
  9 | Abstract:
 10 | 	
 11 | 	Dll hiding implementation.
 12 | 
 13 | 
 14 | 	Last change 05.02.13
 15 | 
 16 | --*/
 17 | 
 18 | #include "global.h"
 19 | 
 20 | BOOL RandomizeDllName(
 21 | 	PLDR_DATA_TABLE_ENTRY Entry
 22 | 	)
 23 | 
 24 | /*++
 25 | 
 26 | Routine Description:
 27 | 
 28 |     Randomize dll name using GetTickCount() result.
 29 | 
 30 | Arguments:
 31 | 
 32 |     Entry - Loader entry describing dll.
 33 | 
 34 | 
 35 | Return Value:
 36 | 
 37 |     TRUE on success.
 38 | 
 39 | --*/
 40 | 
 41 | 
 42 | {
 43 | 	WCHAR *FullDllName = NULL, *BaseDllName = NULL;
 44 | 	DWORD t;
 45 | 	
 46 | 	__try {
 47 | 		t = GetTickCount();
 48 | 		FullDllName = (PWCHAR)mmalloc(PAGE_SIZE);
 49 | 		if ( FullDllName ) {
 50 | 			GetSystemDirectoryW(FullDllName, MAX_PATH);
 51 | 			_strcatW(FullDllName, L"\\");
 52 | 			BaseDllName = _strendW(FullDllName);
 53 | 
 54 | 			utohexW((ULONG_PTR)t, _strendW(BaseDllName));
 55 | 			_strcatW(BaseDllName, L".dll");
 56 | #ifdef _DEBUG
 57 | 			OutputDebugString(FullDllName);
 58 | 			OutputDebugString(BaseDllName);
 59 | #endif			
 60 | 			RtlInitUnicodeString(&Entry->BaseDllName, BaseDllName);
 61 | 			RtlInitUnicodeString(&Entry->FullDllName, FullDllName);
 62 | 		}
 63 | 	} __except (EXCEPTION_EXECUTE_HANDLER) {
 64 | 
 65 | 		return FALSE;
 66 | 	}
 67 | 	return TRUE;
 68 | }
 69 | 
 70 | NTSTATUS HideDllFromPEB(
 71 | 	PVOID DllHandle,
 72 | 	DWORD dwFlags
 73 | 	)
 74 | 
 75 | /*++
 76 | 
 77 | Routine Description:
 78 | 
 79 |     Removes dll from various PEB loader lists.
 80 | 
 81 | Arguments:
 82 | 
 83 |     DllHandle - dll to be removed.
 84 | 
 85 | 
 86 | Return Value:
 87 | 
 88 |     STATUS_SUCCESS if removal was done and STATUS_OBJECT_NAME_NOT_FOUND otherwise.
 89 | 
 90 | --*/
 91 | 
 92 | {
 93 | 	BOOL bFound;
 94 | 	PLIST_ENTRY Head, Next;
 95 | 	PLDR_DATA_TABLE_ENTRY Entry;
 96 | 
 97 | 	RtlEnterCriticalSection( (PRTL_CRITICAL_SECTION)NtCurrentPeb()->LoaderLock);
 98 | 
 99 | 	Head = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
100 | 	Next = Head->Flink;
101 | 	bFound = FALSE;
102 | 
103 | 	while ( Next != Head ) {
104 | 
105 | 		Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
106 | 
107 | 		if ( Entry->DllBase == DllHandle ) {
108 | 
109 | 			bFound = TRUE;
110 | 			RemoveEntryList(&Entry->InLoadOrderLinks);
111 | 			RemoveEntryList(&Entry->InInitializationOrderLinks);
112 | 			RemoveEntryList(&Entry->HashLinks);
113 | 
114 | 			switch ( dwFlags ) {
115 | 
116 | 			case DLL_RENAME_MEMORYORDERENTRY:
117 | 
118 | 				RandomizeDllName(Entry);
119 | 				break;
120 | 
121 | 			default:
122 | 				RemoveEntryList(&Entry->InMemoryOrderLinks);
123 | 				break;
124 | 			}
125 | 		
126 | 		}
127 | 		Next = Next->Flink;
128 | 	}
129 | 
130 | 	RtlLeaveCriticalSection( (PRTL_CRITICAL_SECTION)NtCurrentPeb()->LoaderLock);
131 | 
132 | 	if ( bFound == FALSE ) {
133 | 		return STATUS_OBJECT_NAME_NOT_FOUND;
134 | 	}
135 | 
136 | 	return STATUS_SUCCESS;
137 | }


--------------------------------------------------------------------------------
/LogApiDll/hidedll.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	hidell.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Dll hiding interface.
12 | 
13 | 	Last change 05.02.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHHIDEDLL_
18 | #define _SHHIDEDLL_
19 | 
20 | #ifdef __cplusplus
21 | extern "C" {
22 | #endif //__cplusplus
23 | 
24 | #define DLL_UNLINK_NORMAL			0
25 | #define DLL_RENAME_MEMORYORDERENTRY 1
26 | 
27 | NTSTATUS HideDllFromPEB(
28 | 	PVOID DllHandle,
29 | 	DWORD dwFlags
30 | 	);
31 | 
32 | #ifdef __cplusplus
33 | }
34 | #endif //__cplusplus
35 | 
36 | #endif /* _SHHIDEDLL_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/gdi32_hook.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	gdi32_hook.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Windows GDI hook implementation.
 12 | 
 13 | 	Last change 04.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "..\global.h"
 18 | #include "gdi32_hook.h"
 19 | 
 20 | PCreateDCA pCreateDCA = NULL;
 21 | PCreateDCW pCreateDCW = NULL;
 22 | PBitBlt pBitBlt = NULL;
 23 | 
 24 | HDC WINAPI CreateDCHookA(
 25 | 	LPCSTR pwszDriver, 
 26 | 	LPCSTR pwszDevice, 
 27 | 	LPCSTR pszPort, 
 28 | 	CONST DEVMODEA * pdm
 29 | 	)
 30 | {
 31 | 	PTLS Tls;
 32 | 	CHAR tBuff[LOGBUFFERSIZE];
 33 | 
 34 | 	Tls = GetTls();
 35 | 	if ( Tls ) {
 36 | 		Tls->showcomparision = FALSE;
 37 | 		if ( Tls->ourcall ) 
 38 | 			return pCreateDCA(pwszDriver, pwszDevice, pszPort, pdm);
 39 | 		Tls->ourcall = TRUE;
 40 | 	}
 41 | 
 42 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
 43 | 	_strcpyA(tBuff, "CreateDC(");
 44 | 
 45 | 	__try {
 46 | 		//put pwszDriver
 47 | 		if ( ARGUMENT_PRESENT(pwszDriver) ) {
 48 | 			_strncpyA(_strendA(tBuff), MAX_PATH, pwszDriver, MAX_PATH);
 49 | 		} else {
 50 | 			_strcatA(tBuff, NullStrA);
 51 | 		}
 52 | 		_strcatA(tBuff, CommaA);
 53 | 		
 54 | 		//put pszDevice
 55 | 		if ( ARGUMENT_PRESENT(pwszDevice) ) {
 56 | 			_strncpyA(_strendA(tBuff), MAX_PATH, pwszDevice, MAX_PATH);
 57 | 		} else {
 58 | 			_strcatA(tBuff, NullStrA);
 59 | 		}
 60 | 		_strcatA(tBuff, CommaA);
 61 | 
 62 | 		//put pszPort
 63 | 		if ( ARGUMENT_PRESENT(pszPort) ) { /* pszPort is unused, still log it */
 64 | 			_strncpyA(_strendA(tBuff), MAX_PATH, pszPort, MAX_PATH);
 65 | 		} else {
 66 | 			_strcatA(tBuff, NullStrA);
 67 | 		}
 68 | 		//put pdm
 69 | 		_strcatA(tBuff, CommaA);
 70 | 		utohexA((ULONG_PTR)pdm, _strendA(tBuff));
 71 | 		_strcatA(tBuff, CloseBracketA);
 72 | 
 73 | 	} __except (EXCEPTION_EXECUTE_HANDLER) {
 74 | 		_strcatA(tBuff, GDI32_EXCEPTION_A);
 75 | 		utohexA((ULONG_PTR)GetExceptionCode(), _strendA(tBuff));
 76 | 	}
 77 | 	PushToLogA(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
 78 | 	
 79 | 	if ( Tls ) Tls->ourcall = FALSE;
 80 | 	return pCreateDCA(pwszDriver, pwszDevice, pszPort, pdm);
 81 | }
 82 | 
 83 | HDC WINAPI CreateDCHookW(
 84 | 	LPCWSTR pwszDriver,
 85 | 	LPCWSTR pwszDevice, 
 86 | 	LPCWSTR pszPort, 
 87 | 	CONST DEVMODEW * pdm
 88 | 	)
 89 | {
 90 | 	PTLS Tls;
 91 | 	WCHAR tBuff[LOGBUFFERSIZE];
 92 | 
 93 | 	Tls = GetTls();
 94 | 	if ( Tls ) {
 95 | 		Tls->showcomparision = FALSE;
 96 | 		if ( Tls->ourcall ) 
 97 | 			return pCreateDCW(pwszDriver, pwszDevice, pszPort, pdm);
 98 | 		Tls->ourcall = TRUE;
 99 | 	}
100 | 
101 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
102 | 	_strcpyW(tBuff, L"CreateDC(");
103 | 
104 | 	__try {
105 | 		
106 | 		//put pwszDriver
107 | 		if ( ARGUMENT_PRESENT(pwszDriver) ) {
108 | 			_strncpyW(_strendW(tBuff), MAX_PATH, pwszDriver, MAX_PATH);
109 | 		} else {
110 | 			_strcatW(tBuff, NullStrW);
111 | 		}
112 | 		_strcatW(tBuff, CommaW);
113 | 		
114 | 		//put pwszDevice
115 | 		if ( ARGUMENT_PRESENT(pwszDevice) ) {
116 | 			_strncpyW(_strendW(tBuff), MAX_PATH, pwszDevice, MAX_PATH);
117 | 		} else {
118 | 			_strcatW(tBuff, NullStrW);
119 | 		}
120 | 		_strcatW(tBuff, CommaW);
121 | 
122 | 		//put pszPort
123 | 		if ( ARGUMENT_PRESENT(pszPort) ) { /* pszPort is unused, still log it */
124 | 			_strncpyW(_strendW(tBuff), MAX_PATH, pszPort, MAX_PATH);
125 | 		} else {
126 | 			_strcatW(tBuff, NullStrW);
127 | 		}
128 | 
129 | 		//put pdm
130 | 		_strcatW(tBuff, CommaW);
131 | 		utohexW((ULONG_PTR)pdm, _strendW(tBuff));
132 | 		_strcatW(tBuff, CloseBracketW);
133 | 
134 | 	} __except (EXCEPTION_EXECUTE_HANDLER) {
135 | 		_strcatW(tBuff, GDI32_EXCEPTION);
136 | 		utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
137 | 	}
138 | 	PushToLogW(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
139 | 
140 | 	if ( Tls ) Tls->ourcall = FALSE;
141 | 	return pCreateDCW(pwszDriver, pwszDevice, pszPort, pdm);
142 | }
143 | 
144 | BOOL WINAPI BitBltHook(
145 | 	HDC hdc, 
146 | 	int x, 
147 | 	int y, 
148 | 	int cx, 
149 | 	int cy, 
150 | 	HDC hdcSrc, 
151 | 	int x1, 
152 | 	int y1, 
153 | 	DWORD rop
154 | 	)
155 | {
156 | 	PTLS Tls;
157 | 	CHAR tBuff[LOGBUFFERSIZESMALL];
158 | 
159 | 	Tls = GetTls();
160 | 	if ( Tls ) {
161 | 		Tls->showcomparision = FALSE;
162 | 		if ( Tls->ourcall ) 
163 | 			return pBitBlt(hdc, x, y, cx, cy, hdcSrc, x1, y1, rop);
164 | 		Tls->ourcall = TRUE;
165 | 	}
166 | 
167 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
168 | 
169 | 	_strcpyA(tBuff, "BitBlt(");
170 | 
171 | 	//put hdc
172 | 	utohexA((ULONG_PTR)hdc, _strendA(tBuff));
173 | 	_strcatA(tBuff, CommaExA);
174 | 
175 | 	//put x
176 | 	ultostrA(x, _strendA(tBuff));
177 | 	_strcatA(tBuff, CommaExA);
178 | 
179 | 	//put y
180 | 	ultostrA(y, _strendA(tBuff));
181 | 	_strcatA(tBuff, CommaExA);
182 | 
183 | 	//put cx
184 | 	ultostrA(cx, _strendA(tBuff));
185 | 	_strcatA(tBuff, CommaExA);
186 | 
187 | 	//put cy
188 | 	ultostrA(cy, _strendA(tBuff));
189 | 	_strcatA(tBuff, CommaExA);
190 | 	
191 | 	//put hdcSrc
192 | 	utohexA((ULONG_PTR)hdcSrc, _strendA(tBuff));
193 | 	_strcatA(tBuff, CommaExA);
194 | 
195 | 	//put x1
196 | 	ultostrA(x1, _strendA(tBuff));
197 | 	_strcatA(tBuff, CommaExA);
198 | 
199 | 	//put y1
200 | 	ultostrA(y1, _strendA(tBuff));
201 | 	_strcatA(tBuff, CommaExA);
202 | 
203 | 	//put rop
204 | 	ultostrA(rop, _strendA(tBuff));
205 | 	_strcatA(tBuff, CloseBracketA);
206 | 
207 | 	PushToLogA(tBuff, LOGBUFFERSIZESMALL, LOG_NORMAL);
208 | 
209 | 	if ( Tls ) Tls->ourcall = FALSE;
210 | 	return pBitBlt(hdc, x, y, cx, cy, hdcSrc, x1, y1, rop);
211 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/gdi32_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	gdi32_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Windows GDI hook interface.
12 | 
13 | 	Last change 19.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHGDI32HOOK_
18 | #define _SHGDI32HOOK_
19 | 
20 | #define GDI32_EXCEPTION   L" gdi32!exception 0x"
21 | #define GDI32_EXCEPTION_A " gdi32!exception 0x"
22 | 
23 | typedef HDC (WINAPI *PCreateDCA)(LPCSTR pwszDriver, LPCSTR pwszDevice, LPCSTR pszPort, CONST DEVMODEA * pdm);
24 | typedef HDC (WINAPI *PCreateDCW)(LPCWSTR pwszDriver, LPCWSTR pwszDevice, LPCWSTR pszPort, CONST DEVMODEW * pdm);
25 | typedef BOOL (WINAPI *PBitBlt)(HDC hdc, int x, int y, int cx, int cy, HDC hdcSrc, int x1, int y1, DWORD rop);
26 | 
27 | extern PCreateDCA pCreateDCA;
28 | extern PCreateDCW pCreateDCW;
29 | extern PBitBlt pBitBlt;
30 | 
31 | HDC WINAPI CreateDCHookA(
32 | 	LPCSTR pwszDriver, 
33 | 	LPCSTR pwszDevice, 
34 | 	LPCSTR pszPort, 
35 | 	CONST DEVMODEA * pdm
36 | 	);
37 | 
38 | HDC WINAPI CreateDCHookW(
39 | 	LPCWSTR pwszDriver,
40 | 	LPCWSTR pwszDevice, 
41 | 	LPCWSTR pszPort, 
42 | 	CONST DEVMODEW * pdm
43 | 	);
44 | 
45 | BOOL WINAPI BitBltHook(
46 | 	HDC hdc, 
47 | 	int x, 
48 | 	int y, 
49 | 	int cx, 
50 | 	int cy, 
51 | 	HDC hdcSrc, 
52 | 	int x1, 
53 | 	int y1, 
54 | 	DWORD rop
55 | 	);
56 | 
57 | #endif /* _SHGDI32HOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/hooks.h:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	hooks.h
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Hook install interfaces.
 12 | 
 13 | 	Last change 05.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #ifndef _SHHOOKS_
 18 | #define _SHHOOKS_
 19 | 
 20 | #ifdef __cplusplus
 21 | extern "C" {
 22 | #endif //__cplusplus
 23 | 
 24 | #define ENDCALL(x) goto x
 25 | 
 26 | PVOID HookCode(
 27 | 	HMODULE hLibrary,
 28 | 	LPSTR RoutineName,
 29 | 	PVOID DetourHandler,
 30 | 	PVOID DetourRoutine //<- ordinal case
 31 | 	);
 32 | 
 33 | VOID InstallHooks(
 34 | 	VOID
 35 | 	);
 36 | 
 37 | VOID InstallHooksCallback(
 38 | 	LPWSTR lpLibraryName
 39 | 	);
 40 | 
 41 | VOID HookNTDLL(
 42 | 	VOID
 43 | 	);
 44 | 
 45 | VOID HookAdvapi32(
 46 | 	VOID
 47 | 	);
 48 | 
 49 | VOID HookUser32(
 50 | 	VOID
 51 | 	);
 52 | 
 53 | VOID HookWs2_32(
 54 | 	VOID
 55 | 	);
 56 | 
 57 | VOID HookUrlmon(
 58 | 	VOID
 59 | 	);
 60 | 
 61 | VOID HookWininet(
 62 | 	VOID
 63 | 	);
 64 | 
 65 | VOID HookNetapi32(
 66 | 	VOID
 67 | 	);
 68 | 
 69 | VOID HookMpr(
 70 | 	VOID
 71 | 	);
 72 | 
 73 | VOID HookPsapi(
 74 | 	VOID
 75 | 	);
 76 | 
 77 | VOID HookRasapi32(
 78 | 	VOID
 79 | 	);
 80 | 
 81 | VOID HookGdi32(
 82 | 	VOID
 83 | 	);
 84 | 
 85 | VOID HookSrclient(
 86 | 	VOID
 87 | 	);
 88 | 
 89 | VOID HookShell32(
 90 | 	VOID
 91 | 	);
 92 | 
 93 | VOID HookSfc_os(
 94 | 	VOID
 95 | 	);
 96 | 
 97 | VOID HookKernel32(
 98 | 	VOID
 99 | 	);
100 | 
101 | VOID HookOle32(
102 | 	VOID
103 | 	);
104 | 
105 | VOID HookWinscard(
106 | 	VOID
107 | 	);
108 | 
109 | #ifdef __cplusplus
110 | }
111 | #endif //__cplusplus
112 | 
113 | #endif /* _SHHOOKS_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/mpr_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	mpr_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	Multiple Provider Router hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "mpr_hook.h"
19 | 
20 | PWNetOpenEnumA pWNetOpenEnumA = NULL;
21 | PWNetOpenEnumW pWNetOpenEnumW = NULL;
22 | 
23 | DWORD WINAPI WNetOpenEnumHookA(
24 | 	DWORD dwScope, 
25 | 	DWORD dwType, 
26 | 	DWORD dwUsage, 
27 | 	LPNETRESOURCEA lpNetResource, 
28 | 	LPHANDLE lphEnum
29 | 	)
30 | {
31 | 	PTLS Tls;
32 | 	
33 | 	Tls = GetTls();
34 | 	if ( Tls ) {
35 | 		Tls->showcomparision = FALSE;
36 | 		if ( Tls->ourcall ) 
37 | 			return pWNetOpenEnumA(dwScope, dwType, dwUsage, lpNetResource, lphEnum);
38 | 		Tls->ourcall = TRUE;
39 | 	}
40 | 
41 | 	//put api name and log
42 | 	LogAsCallA("WNetOpenEnum()", LOG_NORMAL); 
43 | 
44 | 	if ( Tls ) Tls->ourcall = FALSE;
45 | 	return pWNetOpenEnumA(dwScope, dwType, dwUsage, lpNetResource, lphEnum);
46 | }
47 | 
48 | DWORD WINAPI WNetOpenEnumHookW(
49 | 	DWORD dwScope, 
50 | 	DWORD dwType, 
51 | 	DWORD dwUsage, 
52 | 	LPNETRESOURCEW lpNetResource, 
53 | 	LPHANDLE lphEnum
54 | 	)
55 | {
56 | 	PTLS Tls;
57 | 
58 | 	Tls = GetTls();
59 | 	if ( Tls ) {
60 | 		Tls->showcomparision = FALSE;
61 | 		if ( Tls->ourcall ) 
62 | 			return pWNetOpenEnumW(dwScope, dwType, dwUsage, lpNetResource, lphEnum);
63 | 		Tls->ourcall = TRUE;
64 | 	}
65 | 
66 | 	//put api name and log
67 | 	LogAsCallA("WNetOpenEnum()", LOG_NORMAL); 
68 | 
69 | 	if ( Tls ) Tls->ourcall = FALSE;
70 | 	return pWNetOpenEnumW(dwScope, dwType, dwUsage, lpNetResource, lphEnum);
71 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/mpr_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	mpr_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Multiple Provider Router hook interface.
12 | 
13 | 	Last change 14.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHMPRHOOK_
18 | #define _SHMPRHOOK_
19 | 
20 | #include <Winnetwk.h>
21 | 
22 | typedef DWORD (WINAPI *PWNetOpenEnumA)(DWORD dwScope, DWORD dwType, DWORD dwUsage, LPNETRESOURCEA lpNetResource, LPHANDLE lphEnum);
23 | typedef DWORD (WINAPI *PWNetOpenEnumW)(DWORD dwScope, DWORD dwType, DWORD dwUsage, LPNETRESOURCEW lpNetResource, LPHANDLE lphEnum);
24 | 
25 | extern PWNetOpenEnumA pWNetOpenEnumA;
26 | extern PWNetOpenEnumW pWNetOpenEnumW;
27 | 
28 | DWORD WINAPI WNetOpenEnumHookA(
29 | 	DWORD dwScope, 
30 | 	DWORD dwType, 
31 | 	DWORD dwUsage, 
32 | 	LPNETRESOURCEA lpNetResource, 
33 | 	LPHANDLE lphEnum
34 | 	);
35 | 
36 | DWORD WINAPI WNetOpenEnumHookW(
37 | 	DWORD dwScope, 
38 | 	DWORD dwType, 
39 | 	DWORD dwUsage, 
40 | 	LPNETRESOURCEW lpNetResource, 
41 | 	LPHANDLE lphEnum
42 | 	);
43 | 
44 | #endif /* _SHMPRHOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/ole32_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	ole32_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	OLE32 API hook interface.
12 | 
13 | 	Last change 07.02.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHOLE32HOOK_
18 | #define _SHOLE32HOOK_
19 | 
20 | #include <Objbase.h>
21 | #include <Wbemcli.h>
22 | #include <Wbemidl.h>
23 | 
24 | #define OLE32_EXCEPTION   L"ole32!exception 0x"
25 | 
26 | #define ConnectServerOffset          3  /*+*/
27 | #define ExecQueryOffset				 20 /*+*/
28 | #define ExecNotificationQueryOffset  22 /*+*/
29 | #define ExecMethodOffset             24 /*+*/
30 | 
31 | typedef HRESULT (STDMETHODCALLTYPE *PConnectServer)( 
32 | 	IUnknown* This, 
33 | 	const BSTR strNetworkResource,
34 | 	const BSTR strUser,
35 | 	const BSTR strPassword,
36 | 	const BSTR strLocale,
37 | 	long lSecurityFlags,
38 | 	const BSTR strAuthority,
39 | 	IWbemContext *pCtx,
40 | 	IWbemServices **ppNamespace
41 | 	);
42 | 
43 | typedef HRESULT (STDMETHODCALLTYPE *PExecQuery)( 
44 | 	IUnknown* This, 
45 | 	const BSTR strQueryLanguage,
46 | 	const BSTR strQuery,
47 | 	long lFlags,
48 | 	IWbemContext *pCtx,
49 | 	IEnumWbemClassObject **ppEnum
50 | 	);
51 | 
52 | typedef HRESULT (STDMETHODCALLTYPE *PExecMethod)( 
53 | 	IUnknown* This, 
54 | 	const BSTR strObjectPath,
55 | 	const BSTR strMethodName,
56 | 	long lFlags,
57 | 	IWbemContext *pCtx,
58 | 	IWbemClassObject *pInParams,
59 | 	IWbemClassObject **ppOutParams,
60 | 	IWbemCallResult **ppCallResult
61 | 	);
62 | 
63 | typedef HRESULT (STDMETHODCALLTYPE *PExecNotificationQuery)( 
64 | 	IUnknown* This, 
65 | 	const BSTR strQueryLanguage,
66 | 	const BSTR strQuery,
67 | 	long lFlags,
68 | 	IWbemContext *pCtx,
69 | 	IEnumWbemClassObject **ppEnum
70 | 	);
71 | 
72 | #ifdef __cplusplus
73 | extern "C" {
74 | #endif //__cplusplus
75 | 
76 | typedef HRESULT (WINAPI *PCoCreateInstance)(
77 | 	REFCLSID rclsid, 
78 |     LPUNKNOWN pUnkOuter,
79 |     DWORD dwClsContext, 
80 |     REFCLSID riid, 
81 |     LPVOID FAR* ppv
82 | 	);
83 | 
84 | extern PCoCreateInstance pCoCreateInstance;
85 | 
86 | HRESULT WINAPI CoCreateInstanceHook(
87 | 	REFCLSID rclsid, 
88 |     LPUNKNOWN pUnkOuter,
89 |     DWORD dwClsContext, 
90 |     REFCLSID riid, 
91 |     LPVOID FAR* ppv
92 | 	);
93 | 
94 | #ifdef __cplusplus
95 | }
96 | #endif //__cplusplus
97 | 
98 | #endif /* _SHOLE32HOOK_ */ 


--------------------------------------------------------------------------------
/LogApiDll/hooks/psapi_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	psapi_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	Process Status API hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "psapi_hook.h"
19 | 
20 | PEnumProcesses pEnumProcesses = NULL;
21 | PEnumProcessModules pEnumProcessModules = NULL;
22 | PEnumProcessModulesEx pEnumProcessModulesEx = NULL;
23 | 
24 | BOOL WINAPI EnumProcessesHook(
25 |     DWORD * lpidProcess,
26 |     DWORD cb,
27 |     LPDWORD lpcbNeeded
28 |     )
29 | {
30 | 	PTLS Tls;
31 | 
32 | 	Tls = GetTls();
33 | 	if ( Tls ) {
34 | 		Tls->showcomparision = FALSE;
35 | 		if ( Tls->ourcall ) 
36 | 			pEnumProcesses(lpidProcess, cb, lpcbNeeded);
37 | 		Tls->ourcall = TRUE;
38 | 	}
39 | 
40 | 	//put api name and log
41 | 	LogAsCall(L"EnumProcesses()", LOG_NORMAL); 
42 | 
43 | 	if ( Tls ) Tls->ourcall = FALSE;
44 | 	return pEnumProcesses(lpidProcess, cb, lpcbNeeded);
45 | }
46 | 
47 | BOOL WINAPI EnumProcessModulesHook(
48 |     HANDLE hProcess,
49 |     HMODULE *lphModule,
50 |     DWORD cb,
51 |     LPDWORD lpcbNeeded
52 |     )
53 |  {
54 | 	PTLS Tls;
55 | 
56 | 	Tls = GetTls();
57 | 	if ( Tls ) {
58 | 		Tls->showcomparision = FALSE;
59 | 		if ( Tls->ourcall ) 
60 | 			return pEnumProcessModules(hProcess, lphModule, cb, lpcbNeeded);
61 | 		Tls->ourcall = TRUE;
62 | 	}
63 | 
64 | 	//put api name and log
65 | 	LogAsCall(L"EnumProcessModules()", LOG_NORMAL); 
66 | 
67 | 	if ( Tls ) Tls->ourcall = FALSE;
68 | 	return pEnumProcessModules(hProcess, lphModule, cb, lpcbNeeded);
69 |  }
70 | 
71 | BOOL WINAPI EnumProcessModulesExHook(
72 |     HANDLE hProcess,
73 |     HMODULE *lphModule,
74 |     DWORD cb,
75 |     LPDWORD lpcbNeeded,
76 |     DWORD dwFilterFlag
77 |     )
78 | {
79 | 	PTLS Tls;
80 | 
81 | 	Tls = GetTls();
82 | 	if ( Tls ) {
83 | 		Tls->showcomparision = FALSE;
84 | 		if ( Tls->ourcall ) 
85 | 			return pEnumProcessModulesEx(hProcess, lphModule, cb, lpcbNeeded, dwFilterFlag);
86 | 		Tls->ourcall = TRUE;
87 | 	}
88 | 
89 | 	//put api name and log
90 | 	LogAsCall(L"EnumProcessModulesEx()", LOG_NORMAL); 
91 | 
92 | 	if ( Tls ) Tls->ourcall = FALSE;
93 | 	return pEnumProcessModulesEx(hProcess, lphModule, cb, lpcbNeeded, dwFilterFlag);
94 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/psapi_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	psapi_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Process Status API hook interface.
12 | 
13 | 	Last change 27.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHPSAPIHOOK_
18 | #define _SHPSAPIHOOK_
19 | 
20 | typedef BOOL (WINAPI *PEnumProcesses) (
21 |     DWORD * lpidProcess,
22 |     DWORD cb,
23 |     LPDWORD lpcbNeeded
24 |     );
25 | 
26 | typedef BOOL (WINAPI *PEnumProcessModules)(
27 |     HANDLE hProcess,
28 |     HMODULE *lphModule,
29 |     DWORD cb,
30 |     LPDWORD lpcbNeeded
31 |     );
32 | 
33 | typedef BOOL (WINAPI *PEnumProcessModulesEx)(
34 |     HANDLE hProcess,
35 |     HMODULE *lphModule,
36 |     DWORD cb,
37 |     LPDWORD lpcbNeeded,
38 |     DWORD dwFilterFlag
39 |     );
40 | 
41 | extern PEnumProcesses pEnumProcesses;
42 | extern PEnumProcessModules pEnumProcessModules;
43 | extern PEnumProcessModulesEx pEnumProcessModulesEx;
44 | 
45 | BOOL WINAPI EnumProcessesHook (
46 |     DWORD * lpidProcess,
47 |     DWORD cb,
48 |     LPDWORD lpcbNeeded
49 |     );
50 | 
51 | BOOL WINAPI EnumProcessModulesHook(
52 |     HANDLE hProcess,
53 |     HMODULE *lphModule,
54 |     DWORD cb,
55 |     LPDWORD lpcbNeeded
56 |     );
57 | 
58 | BOOL WINAPI EnumProcessModulesExHook(
59 |     HANDLE hProcess,
60 |     HMODULE *lphModule,
61 |     DWORD cb,
62 |     LPDWORD lpcbNeeded,
63 |     DWORD dwFilterFlag
64 |     );
65 | 
66 | #endif /* _SHPSAPIHOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/rasapi32_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	rasapi32_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	RAS API hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "rasapi32_hook.h"
19 | 
20 | PRasEnumEntriesA pRasEnumEntriesA = NULL;
21 | PRasEnumEntriesW pRasEnumEntriesW = NULL;
22 | 
23 | DWORD WINAPI RasEnumEntriesHookA(
24 | 	LPCSTR reserved,
25 | 	LPCSTR lpszPhonebook, 
26 | 	LPRASENTRYNAMEA lprasentryname, 
27 | 	LPDWORD lpcb, 
28 | 	LPDWORD lpcEntries
29 | 	)
30 | {
31 | 	PTLS Tls;
32 | 
33 | 	Tls = GetTls();
34 | 	if ( Tls ) {
35 | 		Tls->showcomparision = FALSE;
36 | 		if ( Tls->ourcall ) 
37 | 			return pRasEnumEntriesA(reserved, lpszPhonebook, lprasentryname, lpcb, lpcEntries);
38 | 		Tls->ourcall = TRUE;
39 | 	}
40 | 
41 | 	//put api name and log
42 | 	LogAsCallA("RasEnumEntries()", LOG_NORMAL);
43 | 
44 | 	if ( Tls ) Tls->ourcall = FALSE;
45 | 	return pRasEnumEntriesA(reserved, lpszPhonebook, lprasentryname, lpcb, lpcEntries);
46 | }
47 | 
48 | DWORD WINAPI RasEnumEntriesHookW(
49 | 	LPCWSTR reserved, 
50 | 	LPCWSTR lpszPhonebook, 
51 | 	LPRASENTRYNAMEW lprasentryname, 
52 | 	LPDWORD lpcb, 
53 | 	LPDWORD lpcEntries
54 | 	)
55 | {
56 | 	PTLS Tls;
57 | 
58 | 	Tls = GetTls();
59 | 	if ( Tls ) {
60 | 		Tls->showcomparision = FALSE;
61 | 		if ( Tls->ourcall ) 
62 | 			return pRasEnumEntriesW(reserved, lpszPhonebook, lprasentryname, lpcb, lpcEntries);
63 | 		Tls->ourcall = TRUE;
64 | 	}
65 | 
66 | 	//put api name and log
67 | 	LogAsCall(L"RasEnumEntries()", LOG_NORMAL);
68 | 	
69 | 	if ( Tls ) Tls->ourcall = FALSE;
70 | 	return pRasEnumEntriesW(reserved, lpszPhonebook, lprasentryname, lpcb, lpcEntries);
71 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/rasapi32_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	gdi32_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	RAS API hook interface.
12 | 
13 | 	Last change 14.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHRASAPI32HOOK_
18 | #define _SHRASAPI32HOOK_
19 | 
20 | #include <Ras.h>
21 | 
22 | typedef DWORD (WINAPI *PRasEnumEntriesA)(LPCSTR reserved, LPCSTR lpszPhonebook, LPRASENTRYNAMEA lprasentryname, LPDWORD lpcb, LPDWORD lpcEntries);
23 | typedef DWORD (WINAPI *PRasEnumEntriesW)(LPCWSTR reserved, LPCWSTR lpszPhonebook, LPRASENTRYNAMEW lprasentryname, LPDWORD lpcb, LPDWORD lpcEntries);
24 | 
25 | extern PRasEnumEntriesA pRasEnumEntriesA;
26 | extern PRasEnumEntriesW pRasEnumEntriesW;
27 | 
28 | DWORD WINAPI RasEnumEntriesHookA(
29 | 	LPCSTR reserved,
30 | 	LPCSTR lpszPhonebook, 
31 | 	LPRASENTRYNAMEA lprasentryname, 
32 | 	LPDWORD lpcb, 
33 | 	LPDWORD lpcEntries
34 | 	);
35 | 
36 | DWORD WINAPI RasEnumEntriesHookW(
37 | 	LPCWSTR reserved, 
38 | 	LPCWSTR lpszPhonebook, 
39 | 	LPRASENTRYNAMEW lprasentryname, 
40 | 	LPDWORD lpcb, 
41 | 	LPDWORD lpcEntries
42 | 	);
43 | 
44 | #endif /* _SHRASAPI32HOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/sfc_os_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	sfc_os_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	System File Checker hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "sfc_os_hook.h"
19 | 
20 | PSfcFileException pSfcFileOperation = NULL;
21 | 
22 | DWORD WINAPI SfcFileExceptionHook(
23 | 	HANDLE rpcHandle, 
24 | 	LPWSTR lpFileName, 
25 | 	DWORD dwFlag
26 | 	)
27 | {
28 | 	PTLS Tls;
29 | 	WCHAR tBuff[LOGBUFFERSIZE];
30 | 	
31 | 	Tls = GetTls();
32 | 	if ( Tls ) {
33 | 		Tls->showcomparision = FALSE;
34 | 		if ( Tls->ourcall ) 
35 | 			return pSfcFileOperation(rpcHandle, lpFileName, dwFlag);
36 | 		Tls->ourcall = TRUE;
37 | 	}
38 | 
39 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
40 | 
41 | 	//put prolog
42 | 	_strcpyW(tBuff, L"SetSfcFileException(");
43 | 
44 | 	//put lpFileName
45 | 	if ( ARGUMENT_PRESENT(lpFileName) ) {
46 | 		__try {
47 | 			_strncpyW(_strendW(tBuff), MAX_PATH, lpFileName, MAX_PATH);
48 | 		} __except (EXCEPTION_EXECUTE_HANDLER) {
49 | 			_strcatW(tBuff, SFC_OS_EXCEPTION);
50 | 			utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
51 | 		}
52 | 	} else {
53 | 		_strcatW(tBuff, EmptyStrW);
54 | 	}	
55 | 
56 | 	//put epilog and log
57 | 	_strcatW(tBuff, CloseBracketW);
58 | 	PushToLogW(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
59 | 
60 | 	if ( Tls ) Tls->ourcall = FALSE;
61 | 	return pSfcFileOperation(rpcHandle, lpFileName, dwFlag);
62 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/sfc_os_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	sfc_os_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	System File Checker hook interface.
12 | 
13 | 	Last change 19.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHSFCHOOK_
18 | #define _SHSFCHOOK_
19 | 
20 | #define SFC_OS_EXCEPTION   L"sfc_os!exception 0x"
21 | 
22 | typedef DWORD (WINAPI *PSfcFileException)(HANDLE rpcHandle, PWCHAR lpFileName, DWORD dwFlag);
23 | 
24 | extern PSfcFileException pSfcFileOperation;
25 | 
26 | DWORD WINAPI SfcFileExceptionHook(
27 | 	HANDLE rpcHandle, 
28 | 	LPWSTR lpFileName, 
29 | 	DWORD dwFlag
30 | 	);
31 | 
32 | #endif /* _SHSFCHOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/shell32_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	shell32_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	Shell32 hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "shell32_hook.h"
19 | 
20 | PIsUserAnAdmin pIsUserAnAdmin = NULL;
21 | 
22 | BOOL WINAPI IsUserAnAdminHook(
23 | 	VOID
24 | 	)
25 | {
26 | 	PTLS Tls;
27 | 
28 | 	Tls = GetTls();
29 | 	if ( Tls ) {
30 | 		Tls->showcomparision = FALSE;
31 | 		if ( Tls->ourcall ) 
32 | 			return pIsUserAnAdmin();
33 | 		Tls->ourcall = TRUE;
34 | 	}
35 | 
36 | 	LogAsCall(L"IsUserAnAdmin()", LOG_NORMAL);
37 | 
38 | 	if ( Tls ) Tls->ourcall = FALSE;
39 | 	return pIsUserAnAdmin();
40 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/shell32_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	shell32_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Shell32 hook interface.
12 | 
13 | 	Last change 13.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHSHELL32HOOK_
18 | #define _SHSHELL32HOOK_
19 | 
20 | typedef BOOL (WINAPI *PIsUserAnAdmin)(VOID);
21 | 
22 | extern PIsUserAnAdmin pIsUserAnAdmin;
23 | 
24 | BOOL WINAPI IsUserAnAdminHook(
25 | 	VOID
26 | 	);
27 | 
28 | #endif /* _SHSHELL32HOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/srclient_hook.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	srclient_hook.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	System File Checker hook implementation.
 12 | 
 13 | 	Last change 04.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "..\global.h"
 18 | #include "srclient_hook.h"
 19 | 
 20 | PSRRemoveRestorePoint pSRRemoveRestorePoint = NULL;
 21 | PSRSetRestorePointA pSRSetRestorePointA = NULL;
 22 | PSRSetRestorePointW pSRSetRestorePointW = NULL;
 23 | 
 24 | DWORD WINAPI SRRemoveRestorePointHook(
 25 | 	DWORD dwRPNum
 26 | 	)
 27 | {
 28 | 	PTLS Tls;
 29 | 	WCHAR tBuff[LOGBUFFERSIZESMALL];
 30 | 
 31 | 	Tls = GetTls();
 32 | 	if ( Tls ) {
 33 | 		Tls->showcomparision = FALSE;
 34 | 		if ( Tls->ourcall ) 
 35 | 			return pSRRemoveRestorePoint(dwRPNum);
 36 | 		Tls->ourcall = TRUE;
 37 | 	}
 38 | 
 39 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
 40 | 
 41 | 	//put prolog
 42 | 	_strcpyW(tBuff, L"SRRemoveRestorePoint(");
 43 | 	
 44 | 	//put dwRPNum
 45 | 	ultostrW(dwRPNum, _strendW(tBuff));
 46 | 	
 47 | 	//put epilog and lgo
 48 | 	_strcatW(tBuff, CloseBracketW);
 49 | 	PushToLogW(tBuff, LOGBUFFERSIZESMALL, LOG_NORMAL);
 50 | 
 51 | 	if ( Tls ) Tls->ourcall = FALSE;
 52 | 	return pSRRemoveRestorePoint(dwRPNum);
 53 | }
 54 | 
 55 | BOOL WINAPI SRSetRestorePointHookA(
 56 | 	PRESTOREPOINTINFOA pRestorePtSpec, 
 57 | 	PSTATEMGRSTATUS pSMgrStatus
 58 | 	)
 59 | {
 60 | 	PTLS Tls;
 61 | 	CHAR tBuff[LOGBUFFERSIZE];
 62 | 
 63 | 	Tls = GetTls();
 64 | 	if ( Tls ) {
 65 | 		Tls->showcomparision = FALSE;
 66 | 		if ( Tls->ourcall ) 
 67 | 			return pSRSetRestorePointA(pRestorePtSpec, pSMgrStatus);
 68 | 		Tls->ourcall = TRUE;
 69 | 	}
 70 | 
 71 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
 72 | 
 73 | 	//put prolog
 74 | 	_strcpyA(tBuff, "SRSetRestorePointA(");
 75 | 
 76 | 	//put pRestorePtSpec->szDescription
 77 | 	if ( ARGUMENT_PRESENT(pRestorePtSpec) ) {
 78 | 		__try {
 79 | 			_strncpyA(_strendA(tBuff), MAX_DESC, pRestorePtSpec->szDescription, MAX_DESC); 			
 80 | 		} __except (EXCEPTION_EXECUTE_HANDLER) {
 81 | 			_strcatA(tBuff, SRCLIENT_EXCEPTION_A);
 82 | 			utohexA((ULONG_PTR)GetExceptionCode(), _strendA(tBuff));
 83 | 		}
 84 | 	} else {
 85 | 		_strcatA(tBuff, NullStrA);
 86 | 	}
 87 | 
 88 | 	//put epilog and log
 89 | 	_strcatA(tBuff, CloseBracketA);
 90 | 	PushToLogA(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
 91 | 
 92 | 	if ( Tls ) Tls->ourcall = FALSE;
 93 | 	return pSRSetRestorePointA(pRestorePtSpec, pSMgrStatus);
 94 | }
 95 | 
 96 | BOOL WINAPI SRSetRestorePointHookW(
 97 | 	PRESTOREPOINTINFOW pRestorePtSpec, 
 98 | 	PSTATEMGRSTATUS pSMgrStatus
 99 | 	)
100 | {
101 | 	PTLS Tls;
102 | 	WCHAR tBuff[LOGBUFFERSIZE];
103 | 
104 | 	Tls = GetTls();
105 | 	if ( Tls ) {
106 | 		Tls->showcomparision = FALSE;
107 | 		if ( Tls->ourcall ) 
108 | 			return pSRSetRestorePointW(pRestorePtSpec, pSMgrStatus);
109 | 		Tls->ourcall = TRUE;
110 | 	}
111 | 
112 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
113 | 	
114 | 	//put prolog
115 | 	_strcpyW(tBuff, L"SRSetRestorePointW(");
116 | 
117 | 	//put pRestorePtSpec->szDescription
118 | 	if ( ARGUMENT_PRESENT(pRestorePtSpec) ) {
119 | 		__try {
120 | 			_strncpyW(_strendW(tBuff), MAX_DESC_W, pRestorePtSpec->szDescription, MAX_DESC_W); 		
121 | 		} __except (EXCEPTION_EXECUTE_HANDLER) {
122 | 			_strcatW(tBuff, SRCLIENT_EXCEPTION);
123 | 			utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
124 | 		}
125 | 	} else {
126 | 		_strcatW(tBuff, NullStrW);
127 | 	}
128 | 
129 | 	//put epilog and log
130 | 	_strcatW(tBuff, CloseBracketW);
131 | 	PushToLogW(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
132 | 
133 | 	if ( Tls ) Tls->ourcall = FALSE;
134 | 	return pSRSetRestorePointW(pRestorePtSpec, pSMgrStatus);
135 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/srclient_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	srclient_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	System Restore hook interface.
12 | 
13 | 	Last change 19.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHSRESTOREHOOK_
18 | #define _SHSRESTOREHOOK_
19 | 
20 | #include <SRRestorePtAPI.h>
21 | 
22 | #define SRCLIENT_EXCEPTION   L" srclient!exception 0x"
23 | #define SRCLIENT_EXCEPTION_A   " srclient!exception 0x"
24 | 
25 | typedef DWORD (WINAPI *PSRRemoveRestorePoint)(DWORD dwRPNum);
26 | typedef BOOL (WINAPI *PSRSetRestorePointA)(PRESTOREPOINTINFOA pRestorePtSpec, PSTATEMGRSTATUS pSMgrStatus);
27 | typedef BOOL (WINAPI *PSRSetRestorePointW)(PRESTOREPOINTINFOW pRestorePtSpec, PSTATEMGRSTATUS pSMgrStatus);
28 | 
29 | extern PSRRemoveRestorePoint pSRRemoveRestorePoint;
30 | extern PSRSetRestorePointA pSRSetRestorePointA;
31 | extern PSRSetRestorePointW pSRSetRestorePointW;
32 | 
33 | DWORD WINAPI SRRemoveRestorePointHook(
34 | 	DWORD dwRPNum
35 | 	);
36 | 
37 | BOOL WINAPI SRSetRestorePointHookA(
38 | 	PRESTOREPOINTINFOA pRestorePtSpec, 
39 | 	PSTATEMGRSTATUS pSMgrStatus
40 | 	);
41 | 
42 | BOOL WINAPI SRSetRestorePointHookW(
43 | 	PRESTOREPOINTINFOW pRestorePtSpec, 
44 | 	PSTATEMGRSTATUS pSMgrStatus
45 | 	);
46 | 
47 | #endif /* _SHSRESTOREHOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/urlmon_hook.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	urlmon_hook.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	URL monikers API hook implementation.
 12 | 
 13 | 	Last change 04.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "..\global.h"
 18 | #include "urlmon_hook.h"
 19 | 
 20 | PURLDownloadToFileW pURLDownloadToFileW = NULL;
 21 | PURLDownloadToCacheFileW pURLDownloadToCacheFileW = NULL;
 22 | PURLOpenStreamW pURLOpenStreamW = NULL;
 23 | PURLOpenBlockingStreamW pURLOpenBlockingStreamW = NULL;
 24 | 
 25 | VOID LogUrlmonCall(
 26 | 	LPWSTR ApiName,
 27 | 	LPCWSTR szURL
 28 | 	)
 29 | {
 30 | 	WCHAR tBuff[LOGBUFFERSIZE];
 31 | 
 32 | 	if (! ARGUMENT_PRESENT(ApiName))
 33 | 		return;
 34 | 
 35 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
 36 | 
 37 | 	//put prolog
 38 | 	_strcpyW(tBuff, ApiName);
 39 | 	_strcatW(tBuff, OpenBracketW);
 40 | 
 41 | 	//put szURL
 42 | 	if ( ARGUMENT_PRESENT(szURL) ) {
 43 | 		__try {
 44 | 			_strncpyW(_strendW(tBuff), MAX_PATH, szURL, MAX_PATH);
 45 | 		} __except (EXCEPTION_EXECUTE_HANDLER) {
 46 | 			_strcatW(tBuff, URLMON_EXCEPTION);
 47 | 			utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
 48 | 		}
 49 | 	} else {
 50 | 		_strcatW(tBuff, NullStrW);
 51 | 	}
 52 | 	//put epilog and log
 53 | 	_strcatW(tBuff, CloseBracketW);
 54 | 	PushToLogW(tBuff, LOGBUFFERSIZE, LOG_NORMAL);
 55 | }
 56 | 
 57 | HRESULT WINAPI URLDownloadToFileHookW(
 58 | 	LPUNKNOWN pCaller,
 59 | 	LPCWSTR szURL,
 60 | 	LPCWSTR szFileName,
 61 | 	DWORD dwReserved,
 62 | 	LPBINDSTATUSCALLBACK lpfnCB
 63 | 	)
 64 | {
 65 | 	PTLS Tls;
 66 | 
 67 | 	Tls = GetTls();
 68 | 	if ( Tls ) {
 69 | 		Tls->showcomparision = FALSE;
 70 | 		if ( Tls->ourcall ) {
 71 | 			return pURLDownloadToFileW(pCaller, szURL, szFileName, dwReserved, lpfnCB);
 72 | 		}
 73 | 		Tls->ourcall = TRUE;
 74 | 	}
 75 | 
 76 | 	LogUrlmonCall(L"URLDownloadToFile", szURL);
 77 | 
 78 | 	if ( Tls ) Tls->ourcall = FALSE;
 79 | 	return pURLDownloadToFileW(pCaller, szURL, szFileName, dwReserved, lpfnCB);
 80 | }
 81 | 
 82 | HRESULT WINAPI URLDownloadToCacheFileHookW(
 83 | 	LPUNKNOWN caller,
 84 | 	LPCWSTR szURL,
 85 | 	LPWSTR szFileName,
 86 | 	DWORD dwBufLength,
 87 | 	DWORD dwReserved,
 88 | 	LPBINDSTATUSCALLBACK lpfnCB
 89 | 	)
 90 | {
 91 | 	PTLS Tls;
 92 | 
 93 | 	Tls = GetTls();
 94 | 	if ( Tls ) {
 95 | 		Tls->showcomparision = FALSE;
 96 | 		if ( Tls->ourcall ) {
 97 | 			return pURLDownloadToCacheFileW(caller, szURL, szFileName, dwBufLength, dwReserved, lpfnCB);
 98 | 		}
 99 | 		Tls->ourcall = TRUE;
100 | 	}
101 | 
102 | 	LogUrlmonCall(L"URLDownloadToCache", szURL);
103 | 
104 | 	if ( Tls ) Tls->ourcall = FALSE;
105 | 	return pURLDownloadToCacheFileW(caller, szURL, szFileName, dwBufLength, dwReserved, lpfnCB);
106 | }
107 | 
108 | HRESULT WINAPI URLOpenStreamHookW(
109 | 	LPUNKNOWN caller,
110 | 	LPCWSTR szURL,
111 | 	DWORD dwReserved,
112 | 	LPBINDSTATUSCALLBACK lpfnCB
113 | 	)
114 | {
115 | 	PTLS Tls;
116 | 
117 | 	Tls = GetTls();
118 | 	if ( Tls ) {
119 | 		Tls->showcomparision = FALSE;
120 | 		if ( Tls->ourcall ) {
121 | 			return pURLOpenStreamW(caller, szURL, dwReserved, lpfnCB);
122 | 		}
123 | 		Tls->ourcall = TRUE;
124 | 	}
125 | 
126 | 	LogUrlmonCall(L"URLOpenStream", szURL);
127 | 
128 | 	if ( Tls ) Tls->ourcall = FALSE;
129 | 	return pURLOpenStreamW(caller, szURL, dwReserved, lpfnCB);
130 | }
131 | 
132 | HRESULT WINAPI URLOpenBlockingStreamHookW(
133 | 	LPUNKNOWN caller,
134 | 	LPCWSTR szURL,
135 | 	LPSTREAM* ppStream,
136 | 	DWORD dwReserved,
137 | 	LPBINDSTATUSCALLBACK lpfnCB
138 | 	)
139 | {
140 | 	PTLS Tls;
141 | 
142 | 	Tls = GetTls();
143 | 	if ( Tls ) {
144 | 		Tls->showcomparision = FALSE;
145 | 		if ( Tls->ourcall ) {
146 | 			return pURLOpenBlockingStreamW(caller, szURL, ppStream, dwReserved, lpfnCB);
147 | 		}
148 | 		Tls->ourcall = TRUE;
149 | 	}
150 | 
151 | 	LogUrlmonCall(L"URLOpenBlockingStream", szURL);
152 | 
153 | 	if ( Tls ) Tls->ourcall = FALSE;
154 | 	return pURLOpenBlockingStreamW(caller, szURL, ppStream, dwReserved, lpfnCB);
155 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/urlmon_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	urlmon_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	URL monikers API hook interface.
12 | 
13 | 	Last change 20.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHURLMONHOOK_
18 | #define _SHURLMONHOOK_
19 | 
20 | #include <Urlmon.h>
21 | 
22 | #define URLMON_EXCEPTION   L" urlmon!exception 0x"
23 | 
24 | typedef HRESULT (WINAPI *PURLDownloadToFileW)(
25 | 	LPUNKNOWN pCaller,
26 | 	LPCWSTR szURL,
27 | 	LPCWSTR szFileName,
28 | 	DWORD dwReserved,
29 | 	LPBINDSTATUSCALLBACK lpfnCB
30 | 	);
31 | 
32 | typedef HRESULT (WINAPI *PURLDownloadToCacheFileW)(
33 | 	LPUNKNOWN caller,
34 | 	LPCWSTR szURL,
35 | 	LPWSTR szFileName,
36 | 	DWORD dwBufLength,
37 | 	DWORD dwReserved,
38 | 	LPBINDSTATUSCALLBACK lpfnCB
39 | 	);
40 | 
41 | typedef HRESULT (WINAPI *PURLOpenStreamW)(
42 | 	LPUNKNOWN caller,
43 | 	LPCWSTR szURL,
44 | 	DWORD dwReserved,
45 | 	LPBINDSTATUSCALLBACK lpfnCB
46 | 	);
47 | 
48 | typedef HRESULT (WINAPI *PURLOpenBlockingStreamW)(
49 | 	LPUNKNOWN caller,
50 | 	LPCWSTR szURL,
51 | 	LPSTREAM* ppStream,
52 | 	DWORD dwReserved,
53 | 	LPBINDSTATUSCALLBACK lpfnCB
54 | 	);
55 | 
56 | extern PURLDownloadToFileW pURLDownloadToFileW;
57 | extern PURLDownloadToCacheFileW pURLDownloadToCacheFileW;
58 | extern PURLOpenStreamW pURLOpenStreamW;
59 | extern PURLOpenBlockingStreamW pURLOpenBlockingStreamW;
60 | 
61 | HRESULT WINAPI URLDownloadToFileHookW(
62 | 	LPUNKNOWN pCaller,
63 | 	LPCWSTR szURL,
64 | 	LPCWSTR szFileName,
65 | 	DWORD dwReserved,
66 | 	LPBINDSTATUSCALLBACK lpfnCB
67 | 	);
68 | 
69 | HRESULT WINAPI URLDownloadToCacheFileHookW(
70 | 	LPUNKNOWN caller,
71 | 	LPCWSTR szURL,
72 | 	LPWSTR szFileName,
73 | 	DWORD dwBufLength,
74 | 	DWORD dwReserved,
75 | 	LPBINDSTATUSCALLBACK lpfnCB
76 | 	);
77 | 
78 | HRESULT WINAPI URLOpenStreamHookW(
79 | 	LPUNKNOWN caller,
80 | 	LPCWSTR szURL,
81 | 	DWORD dwReserved,
82 | 	LPBINDSTATUSCALLBACK lpfnCB
83 | 	);
84 | 
85 | HRESULT WINAPI URLOpenBlockingStreamHookW(
86 | 	LPUNKNOWN caller,
87 | 	LPCWSTR szURL,
88 | 	LPSTREAM* ppStream,
89 | 	DWORD dwReserved,
90 | 	LPBINDSTATUSCALLBACK lpfnCB
91 | 	);
92 | 
93 | #endif /* _SHURLMONHOOK_ */


--------------------------------------------------------------------------------
/LogApiDll/hooks/winscard_hook.c:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	winscard_hook.c
 8 | 
 9 | Abstract:
10 | 
11 | 	Smart Card API hook implementation.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #include "..\global.h"
18 | #include "winscard_hook.h"
19 | 
20 | PSCardListReadersA pSCardListReadersA = NULL;
21 | PSCardListReadersW pSCardListReadersW = NULL;
22 | PSCardEstablishContext pSCardEstablishContext = NULL;
23 | 
24 | LONG WINAPI SCardListReadersHookA(
25 |     SCARDCONTEXT hContext,
26 |     LPCSTR mszGroups,
27 |     LPSTR mszReaders,
28 |     LPDWORD pcchReaders
29 | 	)
30 | {
31 | 	PTLS Tls;
32 | 
33 | 	Tls = GetTls();
34 | 	if ( Tls ) {
35 | 		Tls->showcomparision = FALSE;
36 | 		if ( Tls->ourcall ) 
37 | 			return pSCardListReadersA(hContext, mszGroups, mszReaders, pcchReaders);
38 | 		Tls->ourcall = TRUE;
39 | 	}
40 | 
41 | 	LogAsCallA("SCardListReaders()", LOG_NORMAL);
42 | 
43 | 	if ( Tls ) Tls->ourcall = FALSE;
44 | 	return pSCardListReadersA(hContext, mszGroups, mszReaders, pcchReaders);
45 | }
46 | 
47 | LONG WINAPI SCardListReadersHookW(
48 |     SCARDCONTEXT hContext,
49 |     LPCWSTR mszGroups,
50 |     LPWSTR mszReaders,
51 |     LPDWORD pcchReaders
52 | 	)
53 | {
54 | 	PTLS Tls;
55 | 
56 | 	Tls = GetTls();
57 | 	if ( Tls ) {
58 | 		Tls->showcomparision = FALSE;
59 | 		if ( Tls->ourcall ) 
60 | 			return pSCardListReadersW(hContext, mszGroups, mszReaders, pcchReaders);
61 | 		Tls->ourcall = TRUE;
62 | 	}
63 | 
64 | 	LogAsCallA("SCardListReaders()", LOG_NORMAL);
65 | 
66 | 	if ( Tls ) Tls->ourcall = FALSE;
67 | 	return pSCardListReadersW(hContext, mszGroups, mszReaders, pcchReaders);
68 | }
69 | 
70 | LONG WINAPI SCardEstablishContextHook(
71 |     DWORD dwScope,
72 |     LPCVOID pvReserved1,
73 |     LPCVOID pvReserved2,
74 |     LPSCARDCONTEXT phContext
75 | 	)
76 | {
77 | 	PTLS Tls;
78 | 
79 | 	Tls = GetTls();
80 | 	if ( Tls ) {
81 | 		Tls->showcomparision = FALSE;
82 | 		if ( Tls->ourcall ) 
83 | 			return pSCardEstablishContext(dwScope, pvReserved1, pvReserved2, phContext);
84 | 		Tls->ourcall = TRUE;
85 | 	}
86 | 
87 | 	LogAsCallA("SCardEstablishContext()", LOG_NORMAL);
88 | 
89 | 	if ( Tls ) Tls->ourcall = FALSE;
90 | 	return pSCardEstablishContext(dwScope, pvReserved1, pvReserved2, phContext);
91 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/winscard_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	winscard_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Smart Card API hook interface.
12 | 
13 | 	Last change 04.02.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHWINSCARDHOOK_
18 | #define _SHWINSCARDHOOK_
19 | 
20 | #include <Winscard.h>
21 | 
22 | typedef LONG (WINAPI *PSCardListReadersA)(
23 |     SCARDCONTEXT hContext,
24 |     LPCSTR mszGroups,
25 |     LPSTR mszReaders,
26 |     LPDWORD pcchReaders
27 | 	);
28 | 
29 | typedef LONG (WINAPI *PSCardListReadersW)(
30 |     SCARDCONTEXT hContext,
31 |     LPCWSTR mszGroups,
32 |     LPWSTR mszReaders,
33 |     LPDWORD pcchReaders
34 | 	);
35 | 
36 | typedef LONG (WINAPI *PSCardEstablishContext)(
37 |     DWORD dwScope,
38 |     LPCVOID pvReserved1,
39 |     LPCVOID pvReserved2,
40 |     LPSCARDCONTEXT phContext
41 | 	);
42 | 
43 | extern PSCardListReadersA pSCardListReadersA;
44 | extern PSCardListReadersW pSCardListReadersW;
45 | extern PSCardEstablishContext pSCardEstablishContext;
46 | 
47 | LONG WINAPI SCardListReadersHookA(
48 |     SCARDCONTEXT hContext,
49 |     LPCSTR mszGroups,
50 |     LPSTR mszReaders,
51 |     LPDWORD pcchReaders
52 | 	);
53 | 
54 | LONG WINAPI SCardListReadersHookW(
55 |     SCARDCONTEXT hContext,
56 |     LPCWSTR mszGroups,
57 |     LPWSTR mszReaders,
58 |     LPDWORD pcchReaders
59 | 	);
60 | 
61 | LONG WINAPI SCardEstablishContextHook(
62 |     DWORD dwScope,
63 |     LPCVOID pvReserved1,
64 |     LPCVOID pvReserved2,
65 |     LPSCARDCONTEXT phContext
66 | 	);
67 | 
68 | #endif /* _SHWINSCARDHOOK_ */ 


--------------------------------------------------------------------------------
/LogApiDll/hooks/ws2_32_hook.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	ws2_32_hook.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Winsock2 API hook implementation.
 12 | 
 13 | 	Last change 04.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "..\global.h"
 18 | #include "ws2_32_hook.h"
 19 | 
 20 | pfnbind pbind = NULL;
 21 | pfnconnect pconnect = NULL;
 22 | 
 23 | 
 24 | int PASCAL bindHook(
 25 | 	SOCKET s, 
 26 | 	const struct sockaddr FAR *addr, 
 27 | 	int namelen
 28 | 	)
 29 | {
 30 | 	PTLS Tls;
 31 | 	SOCKADDR_IN *in = (SOCKADDR_IN *)addr;
 32 | 	USHORT port;
 33 | 	WCHAR tBuff[LOGBUFFERSIZESMALL];
 34 | 
 35 | 	Tls = GetTls();
 36 | 	if ( Tls ) {
 37 | 		Tls->showcomparision = FALSE;
 38 | 		if ( Tls->ourcall ) {
 39 | 			return pbind(s, addr, namelen);	 
 40 | 		}
 41 | 		Tls->ourcall = TRUE;
 42 | 	}
 43 | 
 44 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
 45 | 
 46 | 	//put prolog
 47 | 	_strcpyW(tBuff, L"bind(");
 48 | 
 49 | 	//put port
 50 | 	if ( ARGUMENT_PRESENT(addr) ) {
 51 | 		__try {
 52 | 			_strcatW(tBuff, L"port=");
 53 | 			port = _htons(in->sin_port);
 54 | 			_ultostrW(port, _strendW(tBuff));
 55 | 		} __except(EXCEPTION_EXECUTE_HANDLER) {
 56 | 			_strcatW(tBuff, WS2_32_EXCEPTION);
 57 | 			utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
 58 | 		}
 59 | 	} else {
 60 | 		_strcatW(tBuff, NullStrW);
 61 | 	}
 62 | 
 63 | 	//put epilog and log
 64 | 	_strcatW(tBuff, CloseBracketW);
 65 | 	PushToLogW(tBuff, LOGBUFFERSIZESMALL, LOG_NORMAL);
 66 | 
 67 | 	if ( Tls ) Tls->ourcall = FALSE;
 68 | 	return pbind(s, addr, namelen);
 69 | }
 70 | 
 71 | VOID PrintIP(
 72 | 	SOCKADDR_IN *addr,
 73 | 	PWSTR Buffer
 74 | 	)
 75 | {
 76 | 	UCHAR k;
 77 | 	if ( !ARGUMENT_PRESENT(addr))
 78 | 		return;
 79 | 	if ( !ARGUMENT_PRESENT(Buffer))
 80 | 		return;
 81 | 
 82 | 	k = addr->sin_addr.S_un.S_un_b.s_b1;
 83 | 	_ultostrW(k, Buffer);
 84 | 	_strcatW(Buffer, DotW);
 85 | 
 86 | 	k = addr->sin_addr.S_un.S_un_b.s_b2;
 87 | 	_ultostrW(k, _strendW(Buffer));
 88 | 	_strcatW(Buffer, DotW);
 89 | 
 90 | 	k = addr->sin_addr.S_un.S_un_b.s_b3;
 91 | 	_ultostrW(k, _strendW(Buffer));
 92 | 	_strcatW(Buffer, DotW);
 93 | 
 94 | 	k = addr->sin_addr.S_un.S_un_b.s_b4;
 95 | 	_ultostrW(k, _strendW(Buffer));
 96 | }
 97 | 
 98 | int PASCAL connectHook(
 99 | 	SOCKET s, 
100 | 	const struct sockaddr FAR *name, 
101 | 	int namelen
102 | 	)
103 | {
104 | 	PTLS Tls;
105 | 	SOCKADDR_IN *in = (SOCKADDR_IN *)name;
106 | 	WCHAR tBuff[LOGBUFFERSIZESMALL];
107 | 
108 | 	Tls = GetTls();
109 | 	if ( Tls ) {
110 | 		Tls->showcomparision = FALSE;
111 | 		if ( Tls->ourcall ) {
112 | 			return pconnect(s, name, namelen);	 
113 | 		}
114 | 		Tls->ourcall = TRUE;
115 | 	}	
116 | 
117 | 	RtlSecureZeroMemory(tBuff, sizeof(tBuff));
118 | 
119 | 	//put prolog
120 | 	_strcpyW(tBuff, L"connect(");
121 | 
122 | 	//put ip:port
123 | 	if ( ARGUMENT_PRESENT(name) ) {
124 | 		__try {
125 | 			PrintIP(in, _strendW(tBuff));
126 | 			_strcatW(tBuff, L":");
127 | 			_ultostrW(_htons(in->sin_port), _strendW(tBuff));
128 | 		} __except(EXCEPTION_EXECUTE_HANDLER) {
129 | 			_strcatW(tBuff, WS2_32_EXCEPTION);
130 | 			utohexW((ULONG_PTR)GetExceptionCode(), _strendW(tBuff));
131 | 		}
132 | 	} else {
133 | 		_strcatW(tBuff, NullStrW);
134 | 	}
135 | 
136 | 	//put epilog and log
137 | 	_strcatW(tBuff, CloseBracketW);
138 | 	PushToLogW(tBuff, LOGBUFFERSIZESMALL, LOG_NORMAL);
139 | 
140 | 	if ( Tls ) Tls->ourcall = FALSE;
141 | 	return pconnect(s, name, namelen);
142 | }


--------------------------------------------------------------------------------
/LogApiDll/hooks/ws2_32_hook.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	ws2_32_hook.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Winsock2 API hook interface.
12 | 
13 | 	Last change 20.01.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHWS232HOOK_
18 | #define _SHWS232HOOK_
19 | 
20 | #define WS2_32_EXCEPTION   L" ws2_32!exception 0x"
21 | 
22 | typedef int (PASCAL *pfnbind) (SOCKET s, const struct sockaddr FAR *addr, int namelen);
23 | typedef int (PASCAL *pfnconnect) (SOCKET s, const struct sockaddr FAR *name, int namelen);
24 | 
25 | extern pfnbind pbind;
26 | extern pfnconnect pconnect;
27 | 
28 | int PASCAL bindHook(
29 | 	SOCKET s, 
30 | 	const struct sockaddr FAR *addr, 
31 | 	int namelen
32 | 	);
33 | 
34 | int PASCAL connectHook(
35 | 	SOCKET s, 
36 | 	const struct sockaddr FAR *name, 
37 | 	int namelen
38 | 	);
39 | 
40 | #endif /* _SHWS232HOOK_ */ 


--------------------------------------------------------------------------------
/LogApiDll/logapi.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 11.00
 3 | # Visual Studio 2010
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dll", "dll.vcxproj", "{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Debug|x64 = Debug|x64
10 | 		Release|Win32 = Release|Win32
11 | 		Release|x64 = Release|x64
12 | 		VerboseDebug|Win32 = VerboseDebug|Win32
13 | 		VerboseDebug|x64 = VerboseDebug|x64
14 | 		VerboseRelease|Win32 = VerboseRelease|Win32
15 | 		VerboseRelease|x64 = VerboseRelease|x64
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Debug|Win32.ActiveCfg = Debug|Win32
19 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Debug|Win32.Build.0 = Debug|Win32
20 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Debug|x64.ActiveCfg = Debug|x64
21 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Debug|x64.Build.0 = Debug|x64
22 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Release|Win32.ActiveCfg = Release|Win32
23 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Release|Win32.Build.0 = Release|Win32
24 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Release|x64.ActiveCfg = Release|x64
25 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.Release|x64.Build.0 = Release|x64
26 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseDebug|Win32.ActiveCfg = VerboseDebug|Win32
27 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseDebug|Win32.Build.0 = VerboseDebug|Win32
28 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseDebug|x64.ActiveCfg = VerboseDebug|x64
29 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseDebug|x64.Build.0 = VerboseDebug|x64
30 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseRelease|Win32.ActiveCfg = VerboseRelease|Win32
31 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseRelease|Win32.Build.0 = VerboseRelease|Win32
32 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseRelease|x64.ActiveCfg = VerboseRelease|x64
33 | 		{A08F70EC-07FB-4A0E-9DB6-89E635358BE5}.VerboseRelease|x64.Build.0 = VerboseRelease|x64
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | EndGlobal
39 | 


--------------------------------------------------------------------------------
/LogApiDll/logger.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	logger.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Logger subsystem.
 12 | 
 13 | 	Last change 25.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "global.h"
 18 | 
 19 | VOID PushToLogA(
 20 | 	LPCSTR lpBuffer,
 21 | 	ULONG_PTR uptrSize, //buffer size, not string len
 22 | 	DWORD dwFlags
 23 | 	)
 24 | {
 25 | 	PTLS pTls;
 26 | 
 27 | 	pTls = GetTls();
 28 | 	if ( pTls == NULL ) 
 29 | 		return;
 30 | 
 31 | 	if (pTls->msgflag == FALSE)
 32 | 		return;
 33 | 
 34 | 	if (( uptrSize == 0 ) || ( lpBuffer == NULL )) 
 35 | 		return;
 36 | 
 37 | 	SendLog((PVOID)lpBuffer, uptrSize, dwFlags, FALSE);
 38 | }
 39 | 
 40 | 
 41 | VOID PushToLogW(
 42 | 	LPWSTR lpBuffer,
 43 | 	ULONG_PTR uptrSize,  //buffer size, not string len
 44 | 	DWORD dwFlags
 45 | 	)
 46 | {
 47 | 	PTLS pTls;
 48 | 
 49 | 	pTls = GetTls();
 50 | 	if ( pTls == NULL ) 
 51 | 		return;
 52 | 
 53 | 	if (pTls->msgflag == FALSE)
 54 | 		return;
 55 | 
 56 | 	if (( uptrSize == 0 ) || ( lpBuffer == NULL )) 
 57 | 		return;
 58 | 
 59 | 	SendLog((PVOID)lpBuffer, uptrSize, dwFlags, TRUE);
 60 | }
 61 | 
 62 | #ifndef ServerPipeName
 63 | VOID SendLog(
 64 | 	PVOID Buffer,
 65 | 	ULONG_PTR uptrSize,  //buffer size, not string len
 66 | 	DWORD dwFlags,
 67 | 	BOOL IsUnicode
 68 | 	)
 69 | {
 70 | 	COPYDATASTRUCT cdata;
 71 | 	CHAR* Log = NULL;
 72 | 	INT i;
 73 | 	DWORD MaximumStaticAllowedLength;
 74 | 	DWORD BracketSize;
 75 | 
 76 | 	CHAR tmpBuf[LOGBUFFERSIZEEXTRA];
 77 | 	BOOL IsLocalBuf = FALSE;
 78 | 
 79 | 	LPWSTR ustr = (LPWSTR)Buffer;
 80 | 	LPCSTR astr = (LPCSTR)Buffer;
 81 | 
 82 | 	/* recalculate bracket size if they are change */
 83 | 	BracketSize = 3;
 84 | 	MaximumStaticAllowedLength = (LOGBUFFERSIZEEXTRA - MAX_PATH) - sizeof(CHAR) - BracketSize;
 85 | 
 86 | 	__try {
 87 | 		if ( uptrSize < MaximumStaticAllowedLength ) {
 88 | 			RtlSecureZeroMemory(tmpBuf, sizeof(tmpBuf));
 89 | 			Log = (CHAR*)&tmpBuf;
 90 | 			IsLocalBuf = TRUE;
 91 | 		} else {
 92 | 			Log = (PCHAR)mmalloc(uptrSize + align(uptrSize, PAGE_SIZE));
 93 | 		}
 94 | 
 95 | 		if ( Log == NULL )
 96 | 			__leave;
 97 | 
 98 | 		if ( IsUnicode ) {
 99 | 			i = (INT)_strlenW(ustr);
100 | 			WideCharToMultiByte(CP_ACP, 0, ustr, i, Log, i, 0, 0);
101 | 		} else {
102 | 			_strcpyA(Log, astr);
103 | 		}
104 | 
105 | 		switch ( dwFlags ) {
106 | 		/* append sandboxed application exename */
107 | 		case LOG_NORMAL:
108 | 			_strcatA(Log, OpenBracketExA);
109 | 			_strcatA(Log, shctx.szLogApp);
110 | 			_strcatA(Log, CloseBracketExA);
111 | 			break;
112 | 		default:
113 | 			break;
114 | 		}
115 | 		if ( shctx.hwndServer != NULL ) {
116 | 			cdata.cbData = (INT)_strlenA(Log);
117 | 			cdata.lpData = (PVOID)Log;
118 | 			cdata.dwData = 3;
119 | 			SendMessageA(shctx.hwndServer, WM_COPYDATA, (WPARAM)0, (LPARAM)&cdata);		
120 | 		}
121 | 	} __finally {
122 | 		if ( IsLocalBuf == FALSE ) {
123 | 			if ( Log != NULL )
124 | 				mmfree(Log);
125 | 		}
126 | 	}
127 | }
128 | #else
129 | 
130 | VOID SendLog(
131 | 	PVOID Buffer,
132 | 	ULONG_PTR uptrSize,  //buffer size, not string len
133 | 	DWORD dwFlags,
134 | 	BOOL IsUnicode
135 | 	)
136 | {
137 | 	CHAR* Log = NULL;
138 | 	INT i;
139 | 	DWORD MaximumStaticAllowedLength;
140 | 	DWORD BracketSize;
141 | 
142 | 	CHAR tmpBuf[LOGBUFFERSIZEEXTRA];
143 | 	BOOL IsLocalBuf = FALSE;
144 | 
145 | 	LPWSTR ustr = (LPWSTR)Buffer;
146 | 	LPCSTR astr = (LPCSTR)Buffer;
147 | 
148 | 	//PTLS Tls = GetTls();
149 | 
150 | 	/* recalculate bracket size if they are change */
151 | 	BracketSize = 3;
152 | 	MaximumStaticAllowedLength = (LOGBUFFERSIZEEXTRA - MAX_PATH) - sizeof(CHAR) - BracketSize;
153 | 
154 | 	__try {
155 | 		if (uptrSize < MaximumStaticAllowedLength) {
156 | 			RtlSecureZeroMemory(tmpBuf, sizeof(tmpBuf));
157 | 			Log = (CHAR*)&tmpBuf;
158 | 			IsLocalBuf = TRUE;
159 | 		}
160 | 		else {
161 | 			Log = (PCHAR)mmalloc(uptrSize + align(uptrSize, PAGE_SIZE));
162 | 		}
163 | 
164 | 		if (Log == NULL)
165 | 			__leave;
166 | 
167 | 		if (IsUnicode) {
168 | 			i = (INT)_strlenW(ustr);
169 | 			WideCharToMultiByte(CP_ACP, 0, ustr, i, Log, i, 0, 0);
170 | 		}
171 | 		else {
172 | 			_strcpyA(Log, astr);
173 | 		}
174 | 
175 | 		switch (dwFlags) {
176 | 			/* append sandboxed application exename */
177 | 		case LOG_NORMAL:
178 | 			_strcatA(Log, OpenBracketExA);
179 | 			_strcatA(Log, shctx.szLogApp);
180 | 			_strcatA(Log, CloseBracketExA);
181 | 			break;
182 | 		default:
183 | 			break;
184 | 		}
185 | 
186 | 		if (shctx.hServerPipe != NULL) 
187 | 		{
188 | 			EnterSpinLock(&shctx.lLock);
189 | 
190 | 			for (DWORD Sent = 0; Sent < _strlenA(Log) + 1;)
191 | 			{
192 | 				DWORD dwNumberOfBytesWritten = 0;
193 | 				WriteFile(shctx.hServerPipe, Log + Sent, _strlenA(Log + Sent) + 1, &dwNumberOfBytesWritten, NULL);
194 | 				Sent += dwNumberOfBytesWritten;
195 | 			}
196 | 
197 | 			LeaveSpinLock(&shctx.lLock);
198 | 		}
199 | 	}
200 | 	__finally {
201 | 		if (IsLocalBuf == FALSE) {
202 | 			if (Log != NULL)
203 | 				mmfree(Log);
204 | 		}
205 | 	}
206 | }
207 | #endif


--------------------------------------------------------------------------------
/LogApiDll/logger.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	logger.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Logger subsystem header.
12 | 
13 | 	Last change 27.02.13
14 | 
15 | --*/
16 | 
17 | #ifdef __cplusplus
18 | extern "C" {
19 | #endif //__cplusplus
20 | 
21 | #ifndef VERBOSE_BUILD
22 | 	#ifdef _M_X86
23 | 		#define LOGAPIVERSIONSTRING "LOG_API_x86 v1.04"
24 | 	#else
25 | 		#ifdef _M_X64
26 | 			#define LOGAPIVERSIONSTRING "LOG_API_x64 v1.04"
27 | 		#endif
28 | 	#endif
29 | #else
30 | 	#ifdef _M_X86
31 | 		#define LOGAPIVERSIONSTRING "LOG_API_x86 v1.04 verbose"
32 | 	#else
33 | 		#ifdef _M_X64
34 | 			#define LOGAPIVERSIONSTRING "LOG_API_x64 v1.04 verbose"
35 | 		#endif
36 | 	#endif	
37 | #endif
38 | 
39 | #define LOG_NORMAL 0
40 | #define LOG_EXECUTING 1
41 | 
42 | VOID PushToLogA(
43 | 	LPCSTR lpBuffer,
44 | 	ULONG_PTR uptrSize,
45 | 	DWORD dwFlags
46 | 	);
47 | 
48 | VOID PushToLogW(
49 | 	LPWSTR lpBuffer,
50 | 	ULONG_PTR uptrSize,
51 | 	DWORD dwFlags
52 | 	);
53 | 
54 | VOID SendLog(
55 | 	PVOID lpBuffer,
56 | 	ULONG_PTR uptrSize,
57 | 	DWORD dwFlags,
58 | 	BOOL IsUnicode
59 | 	);
60 | 
61 | #ifdef __cplusplus
62 | }
63 | #endif //__cplusplus
64 | 


--------------------------------------------------------------------------------
/LogApiDll/protect.c:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	protect.c
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Protected processes list implementation.
 12 | 
 13 | 	Last change 25.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #include "global.h"
 18 | 
 19 | PROTECTEDENTRY PsProcessList[MAX_PROTECTED_PROCESSES];
 20 | 
 21 | CRITICAL_SECTION PsListLock;
 22 | 
 23 | BOOL PsIsInList(
 24 | 	HANDLE ProcessId
 25 | 	)
 26 | {
 27 | 	BOOL bResult;
 28 | 	INT ListIndex;
 29 | 	DWORD dwRet;
 30 | 
 31 | 	EnterCriticalSection(&PsListLock);
 32 | 
 33 | 	bResult = FALSE;
 34 | 
 35 | 	for ( ListIndex=0; ListIndex<MAX_PROTECTED_PROCESSES; ListIndex+=1 ) {
 36 | 
 37 | 		if ( PsProcessList[ListIndex].ProcessId == 0 ) 
 38 | 			continue;
 39 | 
 40 | 		if ( PsProcessList[ListIndex].ProcessId == ProcessId ) {
 41 | 			
 42 | 			bResult = TRUE;
 43 | 
 44 | 			if ( PsProcessList[ListIndex].hProcess != NULL ) {
 45 | 				dwRet = WaitForSingleObject(PsProcessList[ListIndex].hProcess, 0);
 46 | 				if ( dwRet == WAIT_TIMEOUT ) {
 47 | 					bResult = TRUE;	
 48 | 				} else {
 49 | 					NtClose(PsProcessList[ListIndex].hProcess);
 50 | 					PsProcessList[ListIndex].hProcess = NULL;
 51 | 					PsProcessList[ListIndex].ProcessId = NULL;
 52 | 					bResult = FALSE;
 53 | 				}
 54 | 			}
 55 | 
 56 | 			break;
 57 | 		}
 58 | 	}
 59 | 
 60 | 	LeaveCriticalSection(&PsListLock);
 61 | 	return bResult;
 62 | }
 63 | 
 64 | VOID PsPrintList(
 65 | 	VOID
 66 | 	)
 67 | {
 68 | 	INT ListIndex;
 69 | 	CHAR t[100];
 70 | 
 71 | 	for ( ListIndex=0; ListIndex<MAX_PROTECTED_PROCESSES; ListIndex+=1 ) {
 72 | 		t[0] = 0;
 73 | 		_WARNING_OFF(4305);
 74 | 		wsprintfA(t, "PsProcessList[%u]=%u", ListIndex, (DWORD)PsProcessList[ListIndex].ProcessId); 
 75 | 		_WARNING_ON(4305);
 76 | 		OutputDebugStringA(t);
 77 | 	}
 78 | }
 79 | 
 80 | BOOL PsAddToList(
 81 | 	HANDLE ProcessId,
 82 | 	INT ListIndex
 83 | 	)
 84 | {
 85 | 	HANDLE hProcess; 
 86 | 	NTSTATUS Status;
 87 | 	OBJECT_ATTRIBUTES attr;
 88 | 	CLIENT_ID cid;
 89 | 
 90 | 	if ( ListIndex >= MAX_PROTECTED_PROCESSES )
 91 | 		return FALSE;
 92 | 
 93 | 	/* save process id */
 94 | 	PsProcessList[ListIndex].ProcessId = ProcessId;
 95 | 
 96 | 	hProcess = NULL;
 97 | 	cid.UniqueProcess = ProcessId;
 98 | 	cid.UniqueThread = NULL;
 99 | 	InitializeObjectAttributes(&attr, NULL, 0, NULL, NULL);
100 | 	Status = pNtOpenProcess(&hProcess, SYNCHRONIZE, &attr, &cid);
101 | 	if ( NT_SUCCESS(Status) ) {
102 | 		/* save process handle */
103 | 		PsProcessList[ListIndex].hProcess = hProcess;
104 | 	} 
105 | 
106 | 	return TRUE;
107 | }
108 | 
109 | BOOL PsInsertToList(
110 | 	HANDLE ProcessId
111 | 	)
112 | {
113 | 	BOOL bResult;
114 | 	INT ListIndex;
115 | 
116 | 	EnterCriticalSection(&PsListLock);
117 | 
118 | 	bResult = FALSE;
119 | 
120 | 	for ( ListIndex=0; ListIndex<MAX_PROTECTED_PROCESSES; ListIndex+=1 ) {
121 | 		if (( PsProcessList[ListIndex].ProcessId == NULL ) && ( PsProcessList[ListIndex].hProcess == NULL) ) {
122 | 			bResult = PsAddToList(ProcessId, ListIndex);
123 | 			if ( bResult ) break;
124 | 		}
125 | 	}
126 | 
127 | 	LeaveCriticalSection(&PsListLock);
128 | 
129 | 	return bResult;
130 | }
131 | 
132 | VOID PsFreeList(
133 | 	VOID
134 | 	)
135 | {
136 | 	INT ListIndex;
137 | 
138 | 	for ( ListIndex=0; ListIndex<MAX_PROTECTED_PROCESSES; ListIndex+=1 ) {
139 | 		if ( PsProcessList[ListIndex].hProcess != NULL ) {
140 | 			NtClose(PsProcessList[ListIndex].hProcess);
141 | 			PsProcessList[ListIndex].hProcess = NULL;
142 | 		}
143 | 	}
144 | 	DeleteCriticalSection(&PsListLock);
145 | }
146 | 
147 | #pragma warning (disable: 4127)
148 | VOID PsCreateList(
149 | 	 VOID
150 | 	 )
151 | {
152 | 	PCWSTR pImageName;
153 | 	PSYSTEM_PROCESSES_INFORMATION ProcessInfo = NULL;
154 | 	HANDLE ProcessId = NULL;
155 | 	INT ListIndex = 0;
156 | 
157 | 	InitializeCriticalSection(&PsListLock);
158 | 
159 | 	__try {
160 | 
161 | 		ProcessInfo = (PSYSTEM_PROCESSES_INFORMATION)AllocateInfoBuffer(SystemProcessInformation, NULL);
162 | 		if ( ProcessInfo == NULL ) {
163 | 			__leave;
164 | 		}
165 | 
166 | 		while ( TRUE ) {
167 | 			
168 | 			pImageName = ProcessInfo->ImageName.Buffer;
169 | 			if ( (pImageName == NULL) || (ProcessInfo->ImageName.Length == 0) ) {
170 | 				_JMPTO(Next);
171 | 			}
172 | 
173 | 			if ( IsSandboxieProcessW(pImageName) == FALSE ) {
174 | 				_JMPTO(Next);
175 | 			}
176 | 
177 | 			ProcessId = ProcessInfo->UniqueProcessId;
178 | 			if ( ProcessId == 0 ) {
179 | 				_JMPTO(Next);
180 | 			}
181 | 
182 | 			if ( !PsIsInList(ProcessId) ) {
183 | 				if ( PsAddToList(ProcessId, ListIndex) ) {
184 | 					ListIndex += 1;
185 | 					if ( ListIndex >= MAX_PROTECTED_PROCESSES )
186 | 						break;
187 | 				}
188 | 			}
189 | 					
190 | Next:
191 | 			if (ProcessInfo->NextEntryDelta == 0) 
192 | 				break;
193 | 			
194 | 			ProcessInfo = (PSYSTEM_PROCESSES_INFORMATION)(((LPBYTE)ProcessInfo) + ProcessInfo->NextEntryDelta);
195 | 		}
196 | 
197 | 	} __finally {
198 | 		if ( ProcessInfo != NULL) { 
199 | 			mmfree(ProcessInfo);
200 | 		}
201 | 	}
202 | }
203 | #pragma warning (default: 4127)
204 | 
205 | BOOL IsProtectedProcess(
206 | 	 PCLIENT_ID ClientId
207 | 	 )
208 | {
209 | 	NTSTATUS Status;
210 | 	BOOL bResult = FALSE;
211 | 	HANDLE hProcess = NULL;
212 | 
213 | 	OBJECT_ATTRIBUTES attr;
214 | 	WCHAR tBuff[LOGBUFFERSIZE];
215 | 
216 | 	if ( !ARGUMENT_PRESENT(ClientId)) {
217 | 		return FALSE;
218 | 	}
219 | 
220 | 	__try {
221 | 
222 | 		bResult = PsIsInList(ClientId->UniqueProcess);
223 | 
224 | 		if ( bResult == FALSE ) {
225 | 			InitializeObjectAttributes(&attr, NULL, 0, NULL, NULL);
226 | 			Status = pNtOpenProcess(&hProcess, PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, &attr, ClientId);
227 | 			if (!NT_SUCCESS(Status)) {								
228 | 				PsInsertToList(ClientId->UniqueProcess);
229 | 				bResult = TRUE;
230 | 			} else {
231 | 				RtlSecureZeroMemory(tBuff, sizeof(tBuff));
232 | 				Status = QueryProcessNameByProcessHandle(hProcess, tBuff, MAX_PATH * 2);
233 | 				if (NT_SUCCESS(Status)) {
234 | 					ExtractFileNameW_S(tBuff, tBuff, MAX_PATH);
235 | 					if ( IsSandboxieProcessW(tBuff) ) {				
236 | 						PsInsertToList(ClientId->UniqueProcess);
237 | 						bResult = TRUE;
238 | 					}
239 | 				}
240 | 				NtClose(hProcess);
241 | 			}
242 | 		}
243 | 
244 | 	} __except(EXCEPTION_EXECUTE_HANDLER) {
245 | 		return FALSE;
246 | 	}
247 | 	return bResult;
248 | }
249 | 


--------------------------------------------------------------------------------
/LogApiDll/protect.h:
--------------------------------------------------------------------------------
 1 | /*++
 2 | 
 3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
 4 | 
 5 | Module Name:
 6 | 
 7 | 	protect.h
 8 | 
 9 | Abstract:
10 | 
11 | 	Protected processes list interface.
12 | 
13 | 	Last change 06.02.13
14 | 
15 | --*/
16 | 
17 | #ifndef _SHPROTECT_
18 | #define _SHPROTECT_
19 | 
20 | #ifdef __cplusplus
21 | extern "C" {
22 | #endif //__cplusplus
23 | 
24 | #define _JMPTO(x) goto x
25 | #define MAX_PROTECTED_PROCESSES 256
26 | 
27 | typedef struct _PROTECTEDENTRY {
28 | 	HANDLE hProcess;
29 | 	HANDLE ProcessId;
30 | } PROTECTEDENTRY, *PPROTECTEDENTRY;
31 | 
32 | VOID PsCreateList(
33 | 	 VOID
34 | 	 );
35 | 
36 | VOID PsFreeList(
37 | 	VOID
38 | 	);
39 | 
40 | BOOL IsProtectedProcess(
41 | 	 PCLIENT_ID ClientId
42 | 	 );
43 | 
44 | #ifdef __cplusplus
45 | }
46 | #endif //__cplusplus
47 | 
48 | #endif /* _SHPROTECT_ */


--------------------------------------------------------------------------------
/LogApiDll/res.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sandboxie-plus/LogApiDll/92e5a4a922d1bf0b6b73df32b642d1cf7fb7a67b/LogApiDll/res.rc


--------------------------------------------------------------------------------
/LogApiDll/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by res.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/LogApiDll/subroutines.h:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	subroutines.h
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Subroutines interface, macroses and types.
 12 | 
 13 | 	Last change 05.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #ifndef _SHSUBROUTINES_
 18 | #define _SHSUBROUTINES_
 19 | 
 20 | #ifdef __cplusplus
 21 | extern "C" {
 22 | #endif //__cplusplus
 23 | 
 24 | DWORD GetProcessIdByHandle(
 25 | 	HANDLE hProcess
 26 | 	);
 27 | 
 28 | DWORD GetThreadIdByHandle(
 29 | 	HANDLE hThread
 30 | 	);
 31 | 
 32 | BOOL IsSandboxieProcessW(
 33 | 	LPCWSTR lpProcessName
 34 | 	);
 35 | 
 36 | TLS *GetTls(
 37 | 	VOID
 38 | 	);
 39 | 
 40 | VOID FreeTls(
 41 | 	VOID
 42 | 	);
 43 | 
 44 | PVOID mmalloc(
 45 | 	IN SIZE_T Length
 46 | 	);
 47 | 
 48 | VOID mmfree(
 49 | 	IN PVOID BaseAddress
 50 | 	);
 51 | 
 52 | NTSTATUS QueryProcessNameByProcessHandle(
 53 | 	HANDLE hProcess,
 54 | 	PWSTR Buffer,
 55 | 	ULONG BufferSize
 56 | 	);
 57 | 
 58 | NTSTATUS QueryProcessNameByProcessId(
 59 | 	HANDLE ProcessId,
 60 | 	PWSTR Buffer,
 61 | 	ULONG BufferSize
 62 | 	);
 63 | 
 64 | BOOL QueryProcessName(
 65 | 	HANDLE ProcessHandle,
 66 | 	PWSTR Buffer,
 67 | 	ULONG BufferSize,
 68 | 	PDWORD pdwProcessId
 69 | 	);
 70 | 
 71 | NTSTATUS QueryLoaderEntryForDllHandle(
 72 | 	PVOID DllHandle,
 73 | 	PLDR_DATA_TABLE_ENTRY *ReturnEntry
 74 | 	);
 75 | 
 76 | INT CheckNtName(
 77 | 	PWSTR Name
 78 | 	);
 79 | 
 80 | BOOL LogSystemProcess(
 81 | 	DWORD dwProcessId,
 82 | 	PWSTR Buffer
 83 | 	);
 84 | 
 85 | VOID LogAsCall(
 86 | 	PCWSTR CallName,
 87 | 	ULONG LogFlag
 88 | 	);
 89 | 
 90 | VOID LogAsCallA(
 91 | 	PCSTR CallName,
 92 | 	ULONG LogFlag
 93 | 	);
 94 | 
 95 | BOOL IsProcessRunning(
 96 | 	HANDLE ProcessId
 97 | 	);
 98 | 
 99 | PVOID AllocateInfoBuffer(
100 | 	IN SYSTEM_INFORMATION_CLASS InfoClass, 
101 | 	PULONG ReturnLength
102 | 	);
103 | 
104 | VOID FindExplorerProcessId(
105 | 	VOID
106 | 	);
107 | 
108 | BOOL QueryKeyName(
109 | 	HKEY hKey,
110 | 	PVOID Buffer,
111 | 	ULONG BufferSize,
112 | 	BOOL IsUnicodeCall
113 | 	);
114 | 
115 | ULONG GetModuleSize(
116 | 	PVOID DllHandle
117 | 	);
118 | 
119 | VOID EnterSpinLock(
120 | 	volatile LONG* isLocked
121 | 	);
122 | 
123 | VOID LeaveSpinLock(
124 | 	volatile LONG* isLocked
125 | 	);
126 | 
127 | wchar_t *ExtractSufixW_S(
128 | 	const wchar_t *f,
129 | 	const wchar_t s,
130 | 	wchar_t* buf,
131 | 	unsigned int sz
132 | 	);
133 | 
134 | #ifdef __cplusplus
135 | }
136 | #endif //__cplusplus
137 | 
138 | #endif /* _SHSUBROUTINES_ */


--------------------------------------------------------------------------------
/LogApiDll/types.h:
--------------------------------------------------------------------------------
  1 | /*++
  2 | 
  3 | Copyright (c) Project Authors, 2013 (see AUTHORS.txt).  
  4 | 
  5 | Module Name:
  6 | 
  7 | 	types.h
  8 | 
  9 | Abstract:
 10 | 
 11 | 	Self defined types.
 12 | 
 13 | 	Last change 07.02.13
 14 | 
 15 | --*/
 16 | 
 17 | #ifndef _SHTYPES_
 18 | #define _SHTYPES_
 19 | 
 20 | #ifdef __cplusplus
 21 | extern "C" {
 22 | #endif //__cplusplus
 23 | 
 24 | #define MAXUSHORT   0xffff      // winnt
 25 | #define MAX_USTRING ( sizeof(WCHAR) * (MAXUSHORT/sizeof(WCHAR)) )
 26 | #define MAXDLLVER 50
 27 | 
 28 | #define LOGBUFFERSIZEEXTRA  16384
 29 | #define LOGBUFFERSIZELONG	4096
 30 | #define LOGBUFFERSIZE		MAX_PATH * 2
 31 | #define LOGBUFFERSIZESMALL	MAX_PATH
 32 | 
 33 | typedef struct _TLS {
 34 | 	BOOL msgflag;
 35 | 	BOOL showcomparision;
 36 | 	BOOL ourcall; //multithreading
 37 | } TLS, *PTLS;
 38 | 
 39 | typedef struct _DLLENTRY {
 40 | 	PVOID BaseAddress;
 41 | 	ULONG SizeOfImage;
 42 | } DLLENTRY, *PDLLENTRY;
 43 | 
 44 | /* all internally used ntdll routines that are hooked must be declared here */
 45 | 
 46 | typedef NTSTATUS (NTAPI *PNtAllocateVirtualMemory)(
 47 | 	HANDLE ProcessHandle, 
 48 | 	PVOID *BaseAddress, 
 49 | 	ULONG_PTR ZeroBits, 
 50 | 	PSIZE_T RegionSize, 
 51 | 	ULONG AllocationType, 
 52 | 	ULONG Protect);
 53 | 
 54 | typedef NTSTATUS (NTAPI *PNtOpenProcess) (
 55 | 	PHANDLE ProcessHandle,
 56 | 	ACCESS_MASK DesiredAccess,
 57 | 	POBJECT_ATTRIBUTES ObjectAttributes,
 58 | 	PCLIENT_ID ClientId
 59 | 	);
 60 | 
 61 | typedef NTSTATUS (NTAPI *PNtQuerySystemInformation) (
 62 | 	SYSTEM_INFORMATION_CLASS SystemInformationClass,
 63 | 	PVOID SystemInformation,
 64 | 	ULONG SystemInformationLength,
 65 | 	PULONG ReturnLength
 66 | 	);
 67 | 
 68 | typedef NTSTATUS (NTAPI *PNtReadVirtualMemory) (
 69 | 	HANDLE ProcessHandle,
 70 | 	PVOID BaseAddress,
 71 | 	PVOID Buffer,
 72 | 	SIZE_T BufferSize,
 73 | 	PSIZE_T NumberOfBytesRead
 74 | 	);
 75 | 
 76 | typedef NTSTATUS (NTAPI *PNtQueryInformationProcess) (
 77 | 	HANDLE ProcessHandle,
 78 | 	PROCESSINFOCLASS ProcessInformationClass,
 79 | 	PVOID ProcessInformation,
 80 | 	ULONG ProcessInformationLength,
 81 | 	PULONG ReturnLength
 82 | 	);
 83 | 
 84 | typedef VOID (WINAPI *POutputDebugStringA)(
 85 | 	__in_opt LPCSTR lpOutputString
 86 | 	);
 87 | 
 88 | typedef DWORD (WINAPI *PGetFinalPathNameByHandleW)(
 89 | 	HANDLE hFile,
 90 | 	LPWSTR lpszFilePath,
 91 | 	DWORD cchFilePath,
 92 | 	DWORD dwFlags
 93 | 	);
 94 | 
 95 | typedef DWORD (WINAPI *PGetWindowThreadProcessId)(
 96 | 	HWND hWnd,
 97 | 	LPDWORD lpdwProcessId
 98 | 	);
 99 | 
100 | typedef BOOLEAN (WINAPI *PFNDllCallback) (
101 | 	PVOID Callback
102 | 	);
103 | 
104 | typedef PVOID (CALLBACK *PFNHook)(
105 | 	LPCSTR ApiName, 
106 | 	PVOID ApiFunc, 
107 | 	PVOID NewFunc
108 | 	);
109 | 
110 | typedef struct _SPYHOOKCONTEXT {
111 | 
112 | 	BOOL SandboxieProcess;
113 | 
114 | 	PFNHook	SboxHook; //sandboxie hook procedure
115 | 	PFNDllCallback SboxDllCallback; //sandboxie loader callback
116 | 
117 | 	HWND hwndServer; // BSA server window
118 | 	HANDLE hServerPipe; // Log server pipe
119 | 	volatile long lLock;
120 | 
121 | 	DWORD dwCurrentProcessId;
122 | 	DWORD dwExplorerProcessId;
123 | 	DWORD dwSystemProcessId;
124 | 	DWORD dwTlsIndex;
125 | 	ACCESS_MASK ProcessAllAccess;
126 | 
127 | 	HMODULE hmNTDLL;
128 | 	HMODULE hmKernel32;
129 | 	HMODULE hmUser32;
130 | 	HMODULE hmGdi32;
131 | 	HMODULE hmAdvapi32;
132 | 	HMODULE hmShell32;
133 | 	HMODULE hmWs2_32;
134 | 	HMODULE hmUrlmon;
135 | 	HMODULE hmWininet;
136 | 	HMODULE hmNetapi32;
137 | 	HMODULE hmMpr;
138 | 	HMODULE hmPsapi;
139 | 	HMODULE hmRasapi32;
140 | 	HMODULE hmSrclient;
141 | 	HMODULE hmSfc_os;
142 | 	HMODULE hmOle32;
143 | 	HMODULE hmWinscard;
144 | 
145 | 	DLLENTRY SbieDll;
146 | 	DLLENTRY ThisDll;	
147 | 
148 | 	OSVERSIONINFOW osver;
149 | 
150 | 	WCHAR szAppName[MAX_PATH]; //current sandboxed application full path + exename
151 | 	WCHAR szDllName[MAX_PATH]; //current api logger dll name
152 | 	CHAR szLogApp[MAX_PATH]; //ANSI app name for logger 
153 | 
154 | 	CHAR szDLLVersion[MAXDLLVER]; //field used to store BSA related version string
155 | 
156 | //#ifdef USE_MINI_HOOK
157 | //	BOOL initDone;
158 | //#endif
159 | 
160 | } SHCONTEXT, *PSHCONTEXT;
161 | 
162 | #ifdef __cplusplus
163 | }
164 | #endif //__cplusplus
165 | 
166 | #endif /* _SHTYPES_ */


--------------------------------------------------------------------------------
/LogApiDll/xeb.h:
--------------------------------------------------------------------------------
  1 | #ifndef _XEB_
  2 | #define _XEB_
  3 | 
  4 | #define GDI_HANDLE_BUFFER_SIZE32  34
  5 | #define GDI_HANDLE_BUFFER_SIZE64  60
  6 | 
  7 | #if !defined(_M_X64)
  8 | #define GDI_HANDLE_BUFFER_SIZE      GDI_HANDLE_BUFFER_SIZE32
  9 | #else
 10 | #define GDI_HANDLE_BUFFER_SIZE      GDI_HANDLE_BUFFER_SIZE64
 11 | #endif
 12 | 
 13 | typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32];
 14 | typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64];
 15 | typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
 16 | 
 17 | typedef struct _PEB_LDR_DATA
 18 | {
 19 | 	ULONG Length;
 20 | 	BOOLEAN Initialized;
 21 | 	HANDLE SsHandle;
 22 | 	LIST_ENTRY InLoadOrderModuleList;
 23 | 	LIST_ENTRY InMemoryOrderModuleList;
 24 | 	LIST_ENTRY InInitializationOrderModuleList;
 25 | 	PVOID EntryInProgress;
 26 | 	BOOLEAN ShutdownInProgress;
 27 | 	HANDLE ShutdownThreadId;
 28 | } PEB_LDR_DATA, *PPEB_LDR_DATA;
 29 | 
 30 | typedef struct _PEB
 31 | {
 32 | 	BOOLEAN InheritedAddressSpace;
 33 | 	BOOLEAN ReadImageFileExecOptions;
 34 | 	BOOLEAN BeingDebugged;
 35 | 	union
 36 | 	{
 37 | 		BOOLEAN BitField;
 38 | 		struct
 39 | 		{
 40 | 			BOOLEAN ImageUsesLargePages : 1;
 41 | 			BOOLEAN IsProtectedProcess : 1;
 42 | 			BOOLEAN IsLegacyProcess : 1;
 43 | 			BOOLEAN IsImageDynamicallyRelocated : 1;
 44 | 			BOOLEAN SkipPatchingUser32Forwarders : 1;
 45 | 			BOOLEAN SpareBits : 3;
 46 | 		};
 47 | 	};
 48 | 	HANDLE Mutant;
 49 | 
 50 | 	PVOID ImageBaseAddress;
 51 | 	PPEB_LDR_DATA Ldr;
 52 | 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
 53 | 	PVOID SubSystemData;
 54 | 	PVOID ProcessHeap;
 55 | 	PRTL_CRITICAL_SECTION FastPebLock;
 56 | 	PVOID AtlThunkSListPtr;
 57 | 	PVOID IFEOKey;
 58 | 	union
 59 | 	{
 60 | 		ULONG CrossProcessFlags;
 61 | 		struct
 62 | 		{
 63 | 			ULONG ProcessInJob : 1;
 64 | 			ULONG ProcessInitializing : 1;
 65 | 			ULONG ProcessUsingVEH : 1;
 66 | 			ULONG ProcessUsingVCH : 1;
 67 | 			ULONG ProcessUsingFTH : 1;
 68 | 			ULONG ReservedBits0 : 27;
 69 | 		};
 70 | 		ULONG EnvironmentUpdateCount;
 71 | 	};
 72 | 	union
 73 | 	{
 74 | 		PVOID KernelCallbackTable;
 75 | 		PVOID UserSharedInfoPtr;
 76 | 	};
 77 | 	ULONG SystemReserved[1];
 78 | 	ULONG AtlThunkSListPtr32;
 79 | 	PVOID ApiSetMap;
 80 | 	ULONG TlsExpansionCounter;
 81 | 	PVOID TlsBitmap;
 82 | 	ULONG TlsBitmapBits[2];
 83 | 	PVOID ReadOnlySharedMemoryBase;
 84 | 	PVOID HotpatchInformation;
 85 | 	PVOID *ReadOnlyStaticServerData;
 86 | 	PVOID AnsiCodePageData;
 87 | 	PVOID OemCodePageData;
 88 | 	PVOID UnicodeCaseTableData;
 89 | 
 90 | 	ULONG NumberOfProcessors;
 91 | 	ULONG NtGlobalFlag;
 92 | 
 93 | 	LARGE_INTEGER CriticalSectionTimeout;
 94 | 	SIZE_T HeapSegmentReserve;
 95 | 	SIZE_T HeapSegmentCommit;
 96 | 	SIZE_T HeapDeCommitTotalFreeThreshold;
 97 | 	SIZE_T HeapDeCommitFreeBlockThreshold;
 98 | 
 99 | 	ULONG NumberOfHeaps;
100 | 	ULONG MaximumNumberOfHeaps;
101 | 	PVOID *ProcessHeaps;
102 | 
103 | 	PVOID GdiSharedHandleTable;
104 | 	PVOID ProcessStarterHelper;
105 | 	ULONG GdiDCAttributeList;
106 | 
107 | 	PRTL_CRITICAL_SECTION LoaderLock;
108 | 
109 | 	ULONG OSMajorVersion;
110 | 	ULONG OSMinorVersion;
111 | 	USHORT OSBuildNumber;
112 | 	USHORT OSCSDVersion;
113 | 	ULONG OSPlatformId;
114 | 	ULONG ImageSubsystem;
115 | 	ULONG ImageSubsystemMajorVersion;
116 | 	ULONG ImageSubsystemMinorVersion;
117 | 	ULONG_PTR ImageProcessAffinityMask;
118 | 	GDI_HANDLE_BUFFER GdiHandleBuffer;
119 | 	PVOID PostProcessInitRoutine;
120 | 
121 | 	PVOID TlsExpansionBitmap;
122 | 	ULONG TlsExpansionBitmapBits[32];
123 | 
124 | 	ULONG SessionId;
125 | 
126 | 	ULARGE_INTEGER AppCompatFlags;
127 | 	ULARGE_INTEGER AppCompatFlagsUser;
128 | 	PVOID pShimData;
129 | 	PVOID AppCompatInfo;
130 | 
131 | 	UNICODE_STRING CSDVersion;
132 | 
133 | 	PVOID ActivationContextData;
134 | 	PVOID ProcessAssemblyStorageMap;
135 | 	PVOID SystemDefaultActivationContextData;
136 | 	PVOID SystemAssemblyStorageMap;
137 | 
138 | 	SIZE_T MinimumStackCommit;
139 | 
140 | 	PVOID *FlsCallback;
141 | 	LIST_ENTRY FlsListHead;
142 | 	PVOID FlsBitmap;
143 | 	ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)];
144 | 	ULONG FlsHighIndex;
145 | 
146 | 	PVOID WerRegistrationData;
147 | 	PVOID WerShipAssertPtr;
148 | 	PVOID pContextData;
149 | 	PVOID pImageHeaderHash;
150 | 	union
151 | 	{
152 | 		ULONG TracingFlags;
153 | 		struct
154 | 		{
155 | 			ULONG HeapTracingEnabled : 1;
156 | 			ULONG CritSecTracingEnabled : 1;
157 | 			ULONG SpareTracingBits : 30;
158 | 		};
159 | 	};
160 | } PEB, *PPEB;
161 | 
162 | #define GDI_BATCH_BUFFER_SIZE 310
163 | 
164 | typedef struct _GDI_TEB_BATCH {
165 | 	ULONG	Offset;
166 | 	UCHAR	Alignment[4];
167 | 	ULONG_PTR HDC;
168 | 	ULONG	Buffer[GDI_BATCH_BUFFER_SIZE];
169 | } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
170 | 
171 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT
172 | {
173 | 	ULONG Flags;
174 | 	PSTR FrameName;
175 | } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
176 | 
177 | // 17/3/2011 updated
178 | typedef struct _TEB_ACTIVE_FRAME
179 | {
180 | 	ULONG Flags;
181 | 	struct _TEB_ACTIVE_FRAME *Previous;
182 | 	PTEB_ACTIVE_FRAME_CONTEXT Context;
183 | } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
184 | 
185 | typedef struct _TEB
186 | {
187 | 	NT_TIB NtTib;
188 | 
189 | 	PVOID EnvironmentPointer;
190 | 	CLIENT_ID ClientId;
191 | 	PVOID ActiveRpcHandle;
192 | 	PVOID ThreadLocalStoragePointer;
193 | 	PPEB ProcessEnvironmentBlock;
194 | 
195 | 	ULONG LastErrorValue;
196 | 	ULONG CountOfOwnedCriticalSections;
197 | 	PVOID CsrClientThread;
198 | 	PVOID Win32ThreadInfo;
199 | 	ULONG User32Reserved[26];
200 | 	ULONG UserReserved[5];
201 | 	PVOID WOW32Reserved;
202 | 	LCID CurrentLocale;
203 | 	ULONG FpSoftwareStatusRegister;
204 | 	PVOID SystemReserved1[54];
205 | 	NTSTATUS ExceptionCode;
206 | 	PVOID ActivationContextStackPointer;
207 | #if defined(_M_X64)
208 | 	UCHAR SpareBytes[24];
209 | #else
210 | 	UCHAR SpareBytes[36];
211 | #endif
212 | 	ULONG TxFsContext;
213 | 
214 | 	GDI_TEB_BATCH GdiTebBatch;
215 | 	CLIENT_ID RealClientId;
216 | 	HANDLE GdiCachedProcessHandle;
217 | 	ULONG GdiClientPID;
218 | 	ULONG GdiClientTID;
219 | 	PVOID GdiThreadLocalInfo;
220 | 	ULONG_PTR Win32ClientInfo[62];
221 | 	PVOID glDispatchTable[233];
222 | 	ULONG_PTR glReserved1[29];
223 | 	PVOID glReserved2;
224 | 	PVOID glSectionInfo;
225 | 	PVOID glSection;
226 | 	PVOID glTable;
227 | 	PVOID glCurrentRC;
228 | 	PVOID glContext;
229 | 
230 | 	NTSTATUS LastStatusValue;
231 | 	UNICODE_STRING StaticUnicodeString;
232 | 	WCHAR StaticUnicodeBuffer[261];
233 | 
234 | 	PVOID DeallocationStack;
235 | 	PVOID TlsSlots[64];
236 | 	LIST_ENTRY TlsLinks;
237 | 
238 | 	PVOID Vdm;
239 | 	PVOID ReservedForNtRpc;
240 | 	PVOID DbgSsReserved[2];
241 | 
242 | 	ULONG HardErrorMode;
243 | #if defined(_M_X64)
244 | 	PVOID Instrumentation[11];
245 | #else
246 | 	PVOID Instrumentation[9];
247 | #endif
248 | 	GUID ActivityId;
249 | 
250 | 	PVOID SubProcessTag;
251 | 	PVOID EtwLocalData;
252 | 	PVOID EtwTraceData;
253 | 	PVOID WinSockData;
254 | 	ULONG GdiBatchCount;
255 | 
256 | 	union
257 | 	{
258 | 		PROCESSOR_NUMBER CurrentIdealProcessor;
259 | 		ULONG IdealProcessorValue;
260 | 		struct
261 | 		{
262 | 			UCHAR ReservedPad0;
263 | 			UCHAR ReservedPad1;
264 | 			UCHAR ReservedPad2;
265 | 			UCHAR IdealProcessor;
266 | 		};
267 | 	};
268 | 
269 | 	ULONG GuaranteedStackBytes;
270 | 	PVOID ReservedForPerf;
271 | 	PVOID ReservedForOle;
272 | 	ULONG WaitingOnLoaderLock;
273 | 	PVOID SavedPriorityState;
274 | 	ULONG_PTR SoftPatchPtr1;
275 | 	PVOID ThreadPoolData;
276 | 	PVOID *TlsExpansionSlots;
277 | #if defined(_M_X64)
278 | 	PVOID DeallocationBStore;
279 | 	PVOID BStoreLimit;
280 | #endif
281 | 	ULONG MuiGeneration;
282 | 	ULONG IsImpersonating;
283 | 	PVOID NlsCache;
284 | 	PVOID pShimData;
285 | 	ULONG HeapVirtualAffinity;
286 | 	HANDLE CurrentTransactionHandle;
287 | 	PTEB_ACTIVE_FRAME ActiveFrame;
288 | 	PVOID FlsData;
289 | 
290 | 	PVOID PreferredLanguages;
291 | 	PVOID UserPrefLanguages;
292 | 	PVOID MergedPrefLanguages;
293 | 	ULONG MuiImpersonation;
294 | 
295 | 	union
296 | 	{
297 | 		USHORT CrossTebFlags;
298 | 		USHORT SpareCrossTebBits : 16;
299 | 	};
300 | 	union
301 | 	{
302 | 		USHORT SameTebFlags;
303 | 		struct
304 | 		{
305 | 			USHORT SafeThunkCall : 1;
306 | 			USHORT InDebugPrint : 1;
307 | 			USHORT HasFiberData : 1;
308 | 			USHORT SkipThreadAttach : 1;
309 | 			USHORT WerInShipAssertCode : 1;
310 | 			USHORT RanProcessInit : 1;
311 | 			USHORT ClonedThread : 1;
312 | 			USHORT SuppressDebugMsg : 1;
313 | 			USHORT DisableUserStackWalk : 1;
314 | 			USHORT RtlExceptionAttached : 1;
315 | 			USHORT InitialThread : 1;
316 | 			USHORT SpareSameTebBits : 1;
317 | 		};
318 | 	};
319 | 
320 | 	PVOID TxnScopeEnterCallback;
321 | 	PVOID TxnScopeExitCallback;
322 | 	PVOID TxnScopeContext;
323 | 	ULONG LockCount;
324 | 	ULONG SpareUlong0;
325 | 	PVOID ResourceRetValue;
326 | } TEB, *PTEB;
327 | 
328 | __inline struct _PEB * NtCurrentPeb() { return NtCurrentTeb()->ProcessEnvironmentBlock; }
329 | 
330 | #endif // _XEB_


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # libApiLog
 2 | API logging Library for Buster Sandbox Analyzer
 3 | 
 4 | ## Usage
 5 | You need sandboxie to use the LogApiDll's in the sandboxie.ini you need to enable the dll injection and open the required communication pipe
 6 | 
 7 | ```
 8 | InjectDll=...\logapi32.dll
 9 | InjectDll64=...\logapi64.dll
10 | OpenPipePath=\Device\NamedPipe\LogAPI
11 | ```
12 | 
13 | Once this is set up you must open a pipe server at \\\\.\\pipe\\LogAPI and you will get the log messages  as a '\0' separated stream of data.
14 | 


--------------------------------------------------------------------------------
/libMinHook/.editorconfig:
--------------------------------------------------------------------------------
 1 | # EditorConfig is awesome: http://EditorConfig.org
 2 | 
 3 | # top-most EditorConfig file
 4 | root = true
 5 | 
 6 | # Windows-style newlines with a newline ending every file
 7 | [*]
 8 | end_of_line = crlf
 9 | insert_final_newline = true
10 | 
11 | # 4 space indentation
12 | [*.{c,h,def}]
13 | indent_style = space
14 | indent_size = 4
15 | 
16 | # Trim trailing whitespaces
17 | [*.{c,h,def,txt}]
18 | trim_trailing_whitespace = true
19 | 
20 | # UTF-8 with BOM
21 | [*.{c,h,def,txt}]
22 | charset=utf-8-bom
23 | 


--------------------------------------------------------------------------------
/libMinHook/.gitignore:
--------------------------------------------------------------------------------
 1 | #OS junk files
 2 | [Tt]humbs.db
 3 | *.DS_Store
 4 | 
 5 | #Visual Studio files
 6 | *.[Oo]bj
 7 | *.user
 8 | *.aps
 9 | *.pch
10 | *.vspscc
11 | *.vssscc
12 | *_i.c
13 | *_p.c
14 | *.ncb
15 | *.suo
16 | *.tlb
17 | *.tlh
18 | *.bak
19 | *.[Cc]ache
20 | *.ilk
21 | *.log
22 | *.sbr
23 | *.sdf
24 | *.opensdf
25 | *.unsuccessfulbuild
26 | ipch/
27 | obj/
28 | [Ll]ib
29 | [Bb]in
30 | [Dd]ebug*/
31 | [Rr]elease*/
32 | Ankh.NoLoad
33 | *.VC.db
34 | 
35 | #GCC files
36 | *.o
37 | *.d
38 | *.res
39 | *.dll
40 | *.a
41 | 
42 | #Visual Studio Code files
43 | .vscode/
44 | 


--------------------------------------------------------------------------------
/libMinHook/AUTHORS.txt:
--------------------------------------------------------------------------------
1 | Tsuda Kageyu <tsuda.kageyu@gmail.com>
2 |  Creator, maintainer
3 | 
4 | Michael Maltsev <leahcimmar@gmail.com>
5 |  Added "Queue" functions. A lot of bug fixes.
6 | 
7 | Andrey Unis <uniskz@gmail.com>
8 |  Rewrote the hook engine in plain C.
9 | 


--------------------------------------------------------------------------------
/libMinHook/LICENSE.txt:
--------------------------------------------------------------------------------
 1 | MinHook - The Minimalistic API Hooking Library for x64/x86
 2 | Copyright (C) 2009-2017 Tsuda Kageyu.
 3 | All rights reserved.
 4 | 
 5 | Redistribution and use in source and binary forms, with or without
 6 | modification, are permitted provided that the following conditions
 7 | are met:
 8 | 
 9 |  1. Redistributions of source code must retain the above copyright
10 |     notice, this list of conditions and the following disclaimer.
11 |  2. Redistributions in binary form must reproduce the above copyright
12 |     notice, this list of conditions and the following disclaimer in the
13 |     documentation and/or other materials provided with the distribution.
14 | 
15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
18 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
19 | OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
22 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
24 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 | 
27 | ================================================================================
28 | Portions of this software are Copyright (c) 2008-2009, Vyacheslav Patkov.
29 | ================================================================================
30 | Hacker Disassembler Engine 32 C
31 | Copyright (c) 2008-2009, Vyacheslav Patkov.
32 | All rights reserved.
33 | 
34 | Redistribution and use in source and binary forms, with or without
35 | modification, are permitted provided that the following conditions
36 | are met:
37 | 
38 |  1. Redistributions of source code must retain the above copyright
39 |     notice, this list of conditions and the following disclaimer.
40 |  2. Redistributions in binary form must reproduce the above copyright
41 |     notice, this list of conditions and the following disclaimer in the
42 |     documentation and/or other materials provided with the distribution.
43 | 
44 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
45 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
46 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
47 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
48 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
49 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
50 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
51 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
52 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
53 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
54 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
55 | 
56 | -------------------------------------------------------------------------------
57 | Hacker Disassembler Engine 64 C
58 | Copyright (c) 2008-2009, Vyacheslav Patkov.
59 | All rights reserved.
60 | 
61 | Redistribution and use in source and binary forms, with or without
62 | modification, are permitted provided that the following conditions
63 | are met:
64 | 
65 |  1. Redistributions of source code must retain the above copyright
66 |     notice, this list of conditions and the following disclaimer.
67 |  2. Redistributions in binary form must reproduce the above copyright
68 |     notice, this list of conditions and the following disclaimer in the
69 |     documentation and/or other materials provided with the distribution.
70 | 
71 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
72 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
73 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
74 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
75 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
76 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
77 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
78 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
79 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
80 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
81 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
82 | 


--------------------------------------------------------------------------------
/libMinHook/README.md:
--------------------------------------------------------------------------------
 1 | # MinHook
 2 | 
 3 | [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/licenses/BSD-2-Clause)
 4 | 
 5 | The Minimalistic x86/x64 API Hooking Library for Windows
 6 | 
 7 | http://www.codeproject.com/KB/winsdk/LibMinHook.aspx
 8 | 
 9 | ### Donation please
10 | 
11 | I need some funds to continue developing this library. All contributions gratefully accepted.
12 | 
13 | <a href='https://pledgie.com/campaigns/27314'><img alt='Click here to lend your support to: MinHook - Help me continue to develop this library and make a donation at pledgie.com !' src='https://pledgie.com/campaigns/27314.png?skin_name=chrome' border='0' ></a>
14 | 
15 | ### Version history
16 | 
17 | - ####v1.3.3 - 8 Jan 2017
18 |   * Added a helper function ```MH_CreateHookApiEx```. (Thanks to asm256)
19 |   * Support Visual Studio 2017 RC.
20 | 
21 | - ####v1.3.2.1 - 9 Nov 2015  (Nuget package only)
22 |   * Fixed an insufficient support for Visual Studio 2015.
23 | 
24 | - ####v1.3.2 - 1 Nov 2015
25 |   * Support Visual Studio 2015.
26 |   * Support MinGW.
27 | 
28 | - ####v1.3.2-beta3 - 21 Jul 2015  (Nuget package only)
29 |   * Support MinGW. (Experimental)
30 | 
31 | - ####v1.3.2-beta2 - 18 May 2015
32 |   * Fixed some subtle bugs. (Thanks to RaMMicHaeL)
33 |   * Added a helper function ```MH_StatusToString```. (Thanks to Jan Klass)
34 | 
35 | - ####v1.3.2-beta - 12 May 2015
36 |   * Fixed a possible thread deadlock in x64 mode. (Thanks to Aleh Kazakevich)
37 |   * Reduced the footprint a little more.
38 |   * Support Visual Studio 2015 RC. (Experimental)
39 | 
40 | - ####v1.3.1.1 - 7 Apr 2015  (Nuget package only)
41 |   * Support for WDK8.0 and 8.1.
42 | 
43 | - ####v1.3.1 - 19 Mar 2015
44 |   * No major changes from v1.3.1-beta.
45 | 
46 | - ####v1.3.1-beta - 11 Mar 2015
47 |   * Added a helper function ```MH_CreateHookApi```. (Thanks to uniskz).
48 |   * Fixed a false memory leak reported by some tools.
49 |   * Fixed a degradated compatibility issue. 
50 | 
51 | - ####v1.3 - 13 Sep 2014
52 |   * No major changes from v1.3-beta3.
53 | 
54 | - ####v1.3-beta3 - 31 Jul 2014
55 | 
56 |   * Fixed some small bugs.
57 |   * Improved the memory management.
58 | 
59 | - ####v1.3-beta2 - 21 Jul 2014
60 | 
61 |   * Changed the parameters to Windows-friendly types. (void* to LPVOID)
62 |   * Fixed some small bugs.
63 |   * Reorganized the source files.
64 |   * Reduced the footprint a little more.
65 | 
66 | - ####v1.3-beta - 17 Jul 2014
67 | 
68 |   * Rewrote in plain C to reduce the footprint and memory usage. (suggested by Andrey Unis)
69 |   * Simplified the overall code base to make it more readable and maintainable.
70 |   * Changed the license from 3-clause to 2-clause BSD License.
71 | 
72 | - ####v1.2 - 28 Sep 2013
73 |  
74 |   * Removed boost dependency ([jarredholman](https://github.com/jarredholman/minhook)).
75 |   * Fixed a small bug in the GetRelativeBranchDestination function ([pillbug99](http://www.codeproject.com/Messages/4058892/Small-Bug-Found.aspx)).
76 |   * Added the ```MH_RemoveHook``` function, which removes a hook created with the ```MH_CreateHook``` function.
77 |   * Added the following functions to enable or disable multiple hooks in one go: ```MH_QueueEnableHook```, ```MH_QueueDisableHook```, ```MH_ApplyQueued```. This is the preferred way of handling multiple hooks as every call to `MH_EnableHook` or `MH_DisableHook` suspends and resumes all threads.
78 |   * Made the functions ```MH_EnableHook``` and ```MH_DisableHook``` enable/disable all created hooks when the ```MH_ALL_HOOKS``` parameter is passed. This, too, is an efficient way of handling multiple hooks.
79 |   * If the target function is too small to be patched with a jump, MinHook tries to place the jump above the function. If that fails as well, the ```MH_CreateHook``` function returns ```MH_ERROR_UNSUPPORTED_FUNCTION```. This fixes an issue of hooking the LoadLibraryExW function on Windows 7 x64 ([reported by Obble](http://www.codeproject.com/Messages/4578613/Re-Bug-LoadLibraryExW-hook-fails-on-windows-2008-r.aspx)).
80 | 
81 | - ####v1.1 - 26 Nov 2009
82 | 
83 |   * Changed the interface to create a hook and a trampoline function in one go to prevent the detour function from being called before the trampoline function is created. ([reported by xliqz](http://www.codeproject.com/Messages/3280374/Unsafe.aspx))
84 |   * Shortened the function names from ```MinHook_*``` to ```MH_*``` to make them handier.
85 | 
86 | - ####v1.0 - 22 Nov 2009
87 |  
88 |   * Initial release.
89 | 


--------------------------------------------------------------------------------
/libMinHook/build/MinGW/Makefile:
--------------------------------------------------------------------------------
 1 | WINDRES:=$(CROSS_PREFIX)windres
 2 | DLLTOOL:=$(CROSS_PREFIX)dlltool
 3 | AR:=$(CROSS_PREFIX)ar
 4 | CC:=$(CROSS_PREFIX)gcc
 5 | CCLD:=$(CC)
 6 | SRCS:=$(wildcard src/*.c src/hde/*.c)
 7 | OBJS:=$(SRCS:%.c=%.o)
 8 | DEPS:=$(SRCS:%.c=%.d)
 9 | INCS:=-Isrc -Iinclude
10 | CFLAGS:=-masm=intel -Wall -Werror -std=c11
11 | LDFLAGS:=-Wl,-enable-stdcall-fixup -s -static-libgcc
12 | 
13 | all: MinHook.dll libMinHook.dll.a libMinHook.a
14 | 
15 | -include $(DEPS)
16 | 
17 | libMinHook.a: $(OBJS)
18 | 	$(AR) r $@ $^
19 | libMinHook.dll.a: MinHook.dll dll_resources/MinHook.def
20 | 	$(DLLTOOL) --dllname MinHook.dll --def dll_resources/MinHook.def --output-lib $@
21 | MinHook.dll: $(OBJS) dll_resources/MinHook.res dll_resources/MinHook.def
22 | 	$(CCLD) -o $@ -shared $(LDFLAGS) $^
23 | 
24 | .rc.res:
25 | 	$(WINDRES) -o $@ --input-format=rc --output-format=coff $<
26 | .c.o:
27 | 	$(CC) -o $@ -c -MMD -MP $(INCS) $(CFLAGS) $<
28 | 
29 | clean:
30 | 	rm -f $(OBJS) $(DEPS) MinHook.dll libMinHook.dll.a libMinHook.a dll_resources/MinHook.res
31 | 
32 | .PHONY: clean
33 | .SUFFIXES: .rc .res
34 | 


--------------------------------------------------------------------------------
/libMinHook/build/MinGW/make.bat:
--------------------------------------------------------------------------------
1 | windres -i ../../dll_resources/MinHook.rc -o MinHook_rc.o && dllwrap --driver-name g++ -o MinHook.dll -masm=intel --def ../../dll_resources/MinHook.def -Wl,-enable-stdcall-fixup -Wall MinHook_rc.o ../../src/*.c ../../src/HDE/*.c -I../../include -I../../src -Werror -std=c++11 -s -static-libgcc -static-libstdc++|| pause


--------------------------------------------------------------------------------
/libMinHook/build/VC10/MinHookVC10.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 11.00
 3 | # Visual Studio 2010
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 7 | 	ProjectSection(ProjectDependencies) = postProject
 8 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
 9 | 	EndProjectSection
10 | EndProject
11 | Global
12 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
13 | 		Debug|Win32 = Debug|Win32
14 | 		Debug|x64 = Debug|x64
15 | 		Release|Win32 = Release|Win32
16 | 		Release|x64 = Release|x64
17 | 	EndGlobalSection
18 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
19 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
20 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
27 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
28 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
35 | 	EndGlobalSection
36 | 	GlobalSection(SolutionProperties) = preSolution
37 | 		HideSolutionNode = FALSE
38 | 	EndGlobalSection
39 | EndGlobal
40 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC10/libMinHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <ClCompile Include="..\..\src\buffer.c">
 5 |       <Filter>Source Files</Filter>
 6 |     </ClCompile>
 7 |     <ClCompile Include="..\..\src\hook.c">
 8 |       <Filter>Source Files</Filter>
 9 |     </ClCompile>
10 |     <ClCompile Include="..\..\src\trampoline.c">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |     <ClCompile Include="..\..\src\HDE\hde32.c">
14 |       <Filter>HDE</Filter>
15 |     </ClCompile>
16 |     <ClCompile Include="..\..\src\HDE\hde64.c">
17 |       <Filter>HDE</Filter>
18 |     </ClCompile>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="..\..\src\trampoline.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\..\src\buffer.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="..\..\include\MinHook.h" />
28 |     <ClInclude Include="..\..\src\HDE\hde32.h">
29 |       <Filter>HDE</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="..\..\src\HDE\hde64.h">
32 |       <Filter>HDE</Filter>
33 |     </ClInclude>
34 |     <ClInclude Include="..\..\src\HDE\pstdint.h">
35 |       <Filter>HDE</Filter>
36 |     </ClInclude>
37 |     <ClInclude Include="..\..\src\HDE\table32.h">
38 |       <Filter>HDE</Filter>
39 |     </ClInclude>
40 |     <ClInclude Include="..\..\src\HDE\table64.h">
41 |       <Filter>HDE</Filter>
42 |     </ClInclude>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Filter Include="Source Files">
46 |       <UniqueIdentifier>{9d24b740-be2e-4cfd-b9a4-340a50946ee9}</UniqueIdentifier>
47 |     </Filter>
48 |     <Filter Include="Header Files">
49 |       <UniqueIdentifier>{76381bc7-2863-4cc5-aede-926ec2c506e4}</UniqueIdentifier>
50 |     </Filter>
51 |     <Filter Include="HDE">
52 |       <UniqueIdentifier>{56ddb326-6179-430d-ae19-e13bfd767bfa}</UniqueIdentifier>
53 |     </Filter>
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC11/MinHookVC11.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 2012
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 7 | 	ProjectSection(ProjectDependencies) = postProject
 8 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
 9 | 	EndProjectSection
10 | EndProject
11 | Global
12 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
13 | 		Debug|Win32 = Debug|Win32
14 | 		Debug|x64 = Debug|x64
15 | 		Release|Win32 = Release|Win32
16 | 		Release|x64 = Release|x64
17 | 	EndGlobalSection
18 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
19 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
20 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
27 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
28 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
35 | 	EndGlobalSection
36 | 	GlobalSection(SolutionProperties) = preSolution
37 | 		HideSolutionNode = FALSE
38 | 	EndGlobalSection
39 | EndGlobal
40 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC11/libMinHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <ClCompile Include="..\..\src\buffer.c">
 5 |       <Filter>Source Files</Filter>
 6 |     </ClCompile>
 7 |     <ClCompile Include="..\..\src\hook.c">
 8 |       <Filter>Source Files</Filter>
 9 |     </ClCompile>
10 |     <ClCompile Include="..\..\src\trampoline.c">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |     <ClCompile Include="..\..\src\HDE\hde32.c">
14 |       <Filter>HDE</Filter>
15 |     </ClCompile>
16 |     <ClCompile Include="..\..\src\HDE\hde64.c">
17 |       <Filter>HDE</Filter>
18 |     </ClCompile>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="..\..\src\trampoline.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\..\src\buffer.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="..\..\include\MinHook.h" />
28 |     <ClInclude Include="..\..\src\HDE\hde32.h">
29 |       <Filter>HDE</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="..\..\src\HDE\hde64.h">
32 |       <Filter>HDE</Filter>
33 |     </ClInclude>
34 |     <ClInclude Include="..\..\src\HDE\pstdint.h">
35 |       <Filter>HDE</Filter>
36 |     </ClInclude>
37 |     <ClInclude Include="..\..\src\HDE\table32.h">
38 |       <Filter>HDE</Filter>
39 |     </ClInclude>
40 |     <ClInclude Include="..\..\src\HDE\table64.h">
41 |       <Filter>HDE</Filter>
42 |     </ClInclude>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Filter Include="Source Files">
46 |       <UniqueIdentifier>{9d24b740-be2e-4cfd-b9a4-340a50946ee9}</UniqueIdentifier>
47 |     </Filter>
48 |     <Filter Include="Header Files">
49 |       <UniqueIdentifier>{76381bc7-2863-4cc5-aede-926ec2c506e4}</UniqueIdentifier>
50 |     </Filter>
51 |     <Filter Include="HDE">
52 |       <UniqueIdentifier>{56ddb326-6179-430d-ae19-e13bfd767bfa}</UniqueIdentifier>
53 |     </Filter>
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC12/MinHookVC12.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 2013
 4 | VisualStudioVersion = 12.0.30501.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 9 | 	ProjectSection(ProjectDependencies) = postProject
10 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
11 | 	EndProjectSection
12 | EndProject
13 | Global
14 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
15 | 		Debug|Win32 = Debug|Win32
16 | 		Debug|x64 = Debug|x64
17 | 		Release|Win32 = Release|Win32
18 | 		Release|x64 = Release|x64
19 | 	EndGlobalSection
20 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
27 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
28 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
35 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
36 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
37 | 	EndGlobalSection
38 | 	GlobalSection(SolutionProperties) = preSolution
39 | 		HideSolutionNode = FALSE
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC12/libMinHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <ClCompile Include="..\..\src\buffer.c">
 5 |       <Filter>Source Files</Filter>
 6 |     </ClCompile>
 7 |     <ClCompile Include="..\..\src\hook.c">
 8 |       <Filter>Source Files</Filter>
 9 |     </ClCompile>
10 |     <ClCompile Include="..\..\src\trampoline.c">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |     <ClCompile Include="..\..\src\HDE\hde32.c">
14 |       <Filter>HDE</Filter>
15 |     </ClCompile>
16 |     <ClCompile Include="..\..\src\HDE\hde64.c">
17 |       <Filter>HDE</Filter>
18 |     </ClCompile>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="..\..\src\trampoline.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\..\src\buffer.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="..\..\include\MinHook.h" />
28 |     <ClInclude Include="..\..\src\HDE\hde32.h">
29 |       <Filter>HDE</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="..\..\src\HDE\hde64.h">
32 |       <Filter>HDE</Filter>
33 |     </ClInclude>
34 |     <ClInclude Include="..\..\src\HDE\pstdint.h">
35 |       <Filter>HDE</Filter>
36 |     </ClInclude>
37 |     <ClInclude Include="..\..\src\HDE\table32.h">
38 |       <Filter>HDE</Filter>
39 |     </ClInclude>
40 |     <ClInclude Include="..\..\src\HDE\table64.h">
41 |       <Filter>HDE</Filter>
42 |     </ClInclude>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Filter Include="Source Files">
46 |       <UniqueIdentifier>{9d24b740-be2e-4cfd-b9a4-340a50946ee9}</UniqueIdentifier>
47 |     </Filter>
48 |     <Filter Include="Header Files">
49 |       <UniqueIdentifier>{76381bc7-2863-4cc5-aede-926ec2c506e4}</UniqueIdentifier>
50 |     </Filter>
51 |     <Filter Include="HDE">
52 |       <UniqueIdentifier>{56ddb326-6179-430d-ae19-e13bfd767bfa}</UniqueIdentifier>
53 |     </Filter>
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC14/MinHookVC14.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.22823.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 9 | 	ProjectSection(ProjectDependencies) = postProject
10 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
11 | 	EndProjectSection
12 | EndProject
13 | Global
14 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
15 | 		Debug|Win32 = Debug|Win32
16 | 		Debug|x64 = Debug|x64
17 | 		Release|Win32 = Release|Win32
18 | 		Release|x64 = Release|x64
19 | 	EndGlobalSection
20 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
27 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
28 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
35 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
36 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
37 | 	EndGlobalSection
38 | 	GlobalSection(SolutionProperties) = preSolution
39 | 		HideSolutionNode = FALSE
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC14/libMinHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <ClCompile Include="..\..\src\buffer.c">
 5 |       <Filter>Source Files</Filter>
 6 |     </ClCompile>
 7 |     <ClCompile Include="..\..\src\hook.c">
 8 |       <Filter>Source Files</Filter>
 9 |     </ClCompile>
10 |     <ClCompile Include="..\..\src\trampoline.c">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |     <ClCompile Include="..\..\src\HDE\hde32.c">
14 |       <Filter>HDE</Filter>
15 |     </ClCompile>
16 |     <ClCompile Include="..\..\src\HDE\hde64.c">
17 |       <Filter>HDE</Filter>
18 |     </ClCompile>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="..\..\src\trampoline.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\..\src\buffer.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="..\..\include\MinHook.h" />
28 |     <ClInclude Include="..\..\src\HDE\hde32.h">
29 |       <Filter>HDE</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="..\..\src\HDE\hde64.h">
32 |       <Filter>HDE</Filter>
33 |     </ClInclude>
34 |     <ClInclude Include="..\..\src\HDE\pstdint.h">
35 |       <Filter>HDE</Filter>
36 |     </ClInclude>
37 |     <ClInclude Include="..\..\src\HDE\table32.h">
38 |       <Filter>HDE</Filter>
39 |     </ClInclude>
40 |     <ClInclude Include="..\..\src\HDE\table64.h">
41 |       <Filter>HDE</Filter>
42 |     </ClInclude>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Filter Include="Source Files">
46 |       <UniqueIdentifier>{9d24b740-be2e-4cfd-b9a4-340a50946ee9}</UniqueIdentifier>
47 |     </Filter>
48 |     <Filter Include="Header Files">
49 |       <UniqueIdentifier>{76381bc7-2863-4cc5-aede-926ec2c506e4}</UniqueIdentifier>
50 |     </Filter>
51 |     <Filter Include="HDE">
52 |       <UniqueIdentifier>{56ddb326-6179-430d-ae19-e13bfd767bfa}</UniqueIdentifier>
53 |     </Filter>
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC14/libMinHook.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC15/MinHookVC15.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.25123.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 9 | 	ProjectSection(ProjectDependencies) = postProject
10 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
11 | 	EndProjectSection
12 | EndProject
13 | Global
14 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
15 | 		Debug|Win32 = Debug|Win32
16 | 		Debug|x64 = Debug|x64
17 | 		Release|Win32 = Release|Win32
18 | 		Release|x64 = Release|x64
19 | 	EndGlobalSection
20 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
27 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
28 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
35 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
36 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
37 | 	EndGlobalSection
38 | 	GlobalSection(SolutionProperties) = preSolution
39 | 		HideSolutionNode = FALSE
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC15/libMinHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <ClCompile Include="..\..\src\buffer.c">
 5 |       <Filter>Source Files</Filter>
 6 |     </ClCompile>
 7 |     <ClCompile Include="..\..\src\hook.c">
 8 |       <Filter>Source Files</Filter>
 9 |     </ClCompile>
10 |     <ClCompile Include="..\..\src\trampoline.c">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |     <ClCompile Include="..\..\src\HDE\hde32.c">
14 |       <Filter>HDE</Filter>
15 |     </ClCompile>
16 |     <ClCompile Include="..\..\src\HDE\hde64.c">
17 |       <Filter>HDE</Filter>
18 |     </ClCompile>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="..\..\src\trampoline.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\..\src\buffer.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="..\..\include\MinHook.h" />
28 |     <ClInclude Include="..\..\src\HDE\hde32.h">
29 |       <Filter>HDE</Filter>
30 |     </ClInclude>
31 |     <ClInclude Include="..\..\src\HDE\hde64.h">
32 |       <Filter>HDE</Filter>
33 |     </ClInclude>
34 |     <ClInclude Include="..\..\src\HDE\pstdint.h">
35 |       <Filter>HDE</Filter>
36 |     </ClInclude>
37 |     <ClInclude Include="..\..\src\HDE\table32.h">
38 |       <Filter>HDE</Filter>
39 |     </ClInclude>
40 |     <ClInclude Include="..\..\src\HDE\table64.h">
41 |       <Filter>HDE</Filter>
42 |     </ClInclude>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Filter Include="Source Files">
46 |       <UniqueIdentifier>{9d24b740-be2e-4cfd-b9a4-340a50946ee9}</UniqueIdentifier>
47 |     </Filter>
48 |     <Filter Include="Header Files">
49 |       <UniqueIdentifier>{76381bc7-2863-4cc5-aede-926ec2c506e4}</UniqueIdentifier>
50 |     </Filter>
51 |     <Filter Include="HDE">
52 |       <UniqueIdentifier>{56ddb326-6179-430d-ae19-e13bfd767bfa}</UniqueIdentifier>
53 |     </Filter>
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC15/libMinHook.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/libMinHook/build/VC9/MinHook.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="shift_jis"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="MinHook"
  6 | 	ProjectGUID="{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
  7 | 	RootNamespace="MinHook"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 		<Platform
 16 | 			Name="x64"
 17 | 		/>
 18 | 	</Platforms>
 19 | 	<ToolFiles>
 20 | 	</ToolFiles>
 21 | 	<Configurations>
 22 | 		<Configuration
 23 | 			Name="Debug|Win32"
 24 | 			OutputDirectory="$(SolutionDir)bin\$(ConfigurationName)"
 25 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)\$(ProjectName)"
 26 | 			ConfigurationType="2"
 27 | 			CharacterSet="1"
 28 | 			>
 29 | 			<Tool
 30 | 				Name="VCPreBuildEventTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCCustomBuildTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCXMLDataGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCWebServiceProxyGeneratorTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCMIDLTool"
 43 | 			/>
 44 | 			<Tool
 45 | 				Name="VCCLCompilerTool"
 46 | 				Optimization="0"
 47 | 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS"
 48 | 				MinimalRebuild="false"
 49 | 				BasicRuntimeChecks="3"
 50 | 				RuntimeLibrary="1"
 51 | 				UsePrecompiledHeader="0"
 52 | 				WarningLevel="3"
 53 | 				DebugInformationFormat="4"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCManagedResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCResourceCompilerTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCPreLinkEventTool"
 63 | 			/>
 64 | 			<Tool
 65 | 				Name="VCLinkerTool"
 66 | 				OutputFile="$(OutDir)\$(ProjectName).x86.dll"
 67 | 				LinkIncremental="2"
 68 | 				ModuleDefinitionFile="$(SolutionDir)..\..\dll_resources\MinHook.def"
 69 | 				GenerateDebugInformation="false"
 70 | 				SubSystem="2"
 71 | 				TargetMachine="1"
 72 | 			/>
 73 | 			<Tool
 74 | 				Name="VCALinkTool"
 75 | 			/>
 76 | 			<Tool
 77 | 				Name="VCManifestTool"
 78 | 			/>
 79 | 			<Tool
 80 | 				Name="VCXDCMakeTool"
 81 | 			/>
 82 | 			<Tool
 83 | 				Name="VCBscMakeTool"
 84 | 			/>
 85 | 			<Tool
 86 | 				Name="VCFxCopTool"
 87 | 			/>
 88 | 			<Tool
 89 | 				Name="VCAppVerifierTool"
 90 | 			/>
 91 | 			<Tool
 92 | 				Name="VCPostBuildEventTool"
 93 | 			/>
 94 | 		</Configuration>
 95 | 		<Configuration
 96 | 			Name="Debug|x64"
 97 | 			OutputDirectory="$(SolutionDir)bin\$(ConfigurationName)"
 98 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)\$(ProjectName)"
 99 | 			ConfigurationType="2"
100 | 			CharacterSet="1"
101 | 			>
102 | 			<Tool
103 | 				Name="VCPreBuildEventTool"
104 | 			/>
105 | 			<Tool
106 | 				Name="VCCustomBuildTool"
107 | 			/>
108 | 			<Tool
109 | 				Name="VCXMLDataGeneratorTool"
110 | 			/>
111 | 			<Tool
112 | 				Name="VCWebServiceProxyGeneratorTool"
113 | 			/>
114 | 			<Tool
115 | 				Name="VCMIDLTool"
116 | 				TargetEnvironment="3"
117 | 			/>
118 | 			<Tool
119 | 				Name="VCCLCompilerTool"
120 | 				Optimization="0"
121 | 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS"
122 | 				MinimalRebuild="false"
123 | 				BasicRuntimeChecks="3"
124 | 				RuntimeLibrary="1"
125 | 				UsePrecompiledHeader="0"
126 | 				WarningLevel="3"
127 | 				DebugInformationFormat="3"
128 | 			/>
129 | 			<Tool
130 | 				Name="VCManagedResourceCompilerTool"
131 | 			/>
132 | 			<Tool
133 | 				Name="VCResourceCompilerTool"
134 | 			/>
135 | 			<Tool
136 | 				Name="VCPreLinkEventTool"
137 | 			/>
138 | 			<Tool
139 | 				Name="VCLinkerTool"
140 | 				OutputFile="$(OutDir)\$(ProjectName).x64.dll"
141 | 				LinkIncremental="2"
142 | 				ModuleDefinitionFile="$(SolutionDir)..\..\dll_resources\MinHook.def"
143 | 				GenerateDebugInformation="false"
144 | 				SubSystem="2"
145 | 				TargetMachine="17"
146 | 			/>
147 | 			<Tool
148 | 				Name="VCALinkTool"
149 | 			/>
150 | 			<Tool
151 | 				Name="VCManifestTool"
152 | 			/>
153 | 			<Tool
154 | 				Name="VCXDCMakeTool"
155 | 			/>
156 | 			<Tool
157 | 				Name="VCBscMakeTool"
158 | 			/>
159 | 			<Tool
160 | 				Name="VCFxCopTool"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCAppVerifierTool"
164 | 			/>
165 | 			<Tool
166 | 				Name="VCPostBuildEventTool"
167 | 			/>
168 | 		</Configuration>
169 | 		<Configuration
170 | 			Name="Release|Win32"
171 | 			OutputDirectory="$(SolutionDir)bin\$(ConfigurationName)"
172 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)\$(ProjectName)"
173 | 			ConfigurationType="2"
174 | 			CharacterSet="1"
175 | 			WholeProgramOptimization="1"
176 | 			>
177 | 			<Tool
178 | 				Name="VCPreBuildEventTool"
179 | 			/>
180 | 			<Tool
181 | 				Name="VCCustomBuildTool"
182 | 			/>
183 | 			<Tool
184 | 				Name="VCXMLDataGeneratorTool"
185 | 			/>
186 | 			<Tool
187 | 				Name="VCWebServiceProxyGeneratorTool"
188 | 			/>
189 | 			<Tool
190 | 				Name="VCMIDLTool"
191 | 			/>
192 | 			<Tool
193 | 				Name="VCCLCompilerTool"
194 | 				Optimization="1"
195 | 				EnableIntrinsicFunctions="true"
196 | 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS"
197 | 				MinimalRebuild="false"
198 | 				RuntimeLibrary="0"
199 | 				EnableFunctionLevelLinking="true"
200 | 				UsePrecompiledHeader="0"
201 | 				WarningLevel="3"
202 | 				DebugInformationFormat="3"
203 | 			/>
204 | 			<Tool
205 | 				Name="VCManagedResourceCompilerTool"
206 | 			/>
207 | 			<Tool
208 | 				Name="VCResourceCompilerTool"
209 | 			/>
210 | 			<Tool
211 | 				Name="VCPreLinkEventTool"
212 | 			/>
213 | 			<Tool
214 | 				Name="VCLinkerTool"
215 | 				OutputFile="$(OutDir)\$(ProjectName).x86.dll"
216 | 				LinkIncremental="1"
217 | 				ModuleDefinitionFile="$(SolutionDir)..\..\dll_resources\MinHook.def"
218 | 				GenerateDebugInformation="false"
219 | 				SubSystem="2"
220 | 				OptimizeReferences="2"
221 | 				EnableCOMDATFolding="2"
222 | 				ResourceOnlyDLL="true"
223 | 				MergeSections=".CRT=.text"
224 | 				TargetMachine="1"
225 | 			/>
226 | 			<Tool
227 | 				Name="VCALinkTool"
228 | 			/>
229 | 			<Tool
230 | 				Name="VCManifestTool"
231 | 			/>
232 | 			<Tool
233 | 				Name="VCXDCMakeTool"
234 | 			/>
235 | 			<Tool
236 | 				Name="VCBscMakeTool"
237 | 			/>
238 | 			<Tool
239 | 				Name="VCFxCopTool"
240 | 			/>
241 | 			<Tool
242 | 				Name="VCAppVerifierTool"
243 | 			/>
244 | 			<Tool
245 | 				Name="VCPostBuildEventTool"
246 | 			/>
247 | 		</Configuration>
248 | 		<Configuration
249 | 			Name="Release|x64"
250 | 			OutputDirectory="$(SolutionDir)bin\$(ConfigurationName)"
251 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)\$(ProjectName)"
252 | 			ConfigurationType="2"
253 | 			CharacterSet="1"
254 | 			WholeProgramOptimization="1"
255 | 			>
256 | 			<Tool
257 | 				Name="VCPreBuildEventTool"
258 | 			/>
259 | 			<Tool
260 | 				Name="VCCustomBuildTool"
261 | 			/>
262 | 			<Tool
263 | 				Name="VCXMLDataGeneratorTool"
264 | 			/>
265 | 			<Tool
266 | 				Name="VCWebServiceProxyGeneratorTool"
267 | 			/>
268 | 			<Tool
269 | 				Name="VCMIDLTool"
270 | 				TargetEnvironment="3"
271 | 			/>
272 | 			<Tool
273 | 				Name="VCCLCompilerTool"
274 | 				Optimization="1"
275 | 				EnableIntrinsicFunctions="true"
276 | 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS"
277 | 				MinimalRebuild="false"
278 | 				RuntimeLibrary="0"
279 | 				EnableFunctionLevelLinking="true"
280 | 				UsePrecompiledHeader="0"
281 | 				WarningLevel="3"
282 | 				DebugInformationFormat="3"
283 | 			/>
284 | 			<Tool
285 | 				Name="VCManagedResourceCompilerTool"
286 | 			/>
287 | 			<Tool
288 | 				Name="VCResourceCompilerTool"
289 | 			/>
290 | 			<Tool
291 | 				Name="VCPreLinkEventTool"
292 | 			/>
293 | 			<Tool
294 | 				Name="VCLinkerTool"
295 | 				OutputFile="$(OutDir)\$(ProjectName).x64.dll"
296 | 				LinkIncremental="1"
297 | 				ModuleDefinitionFile="$(SolutionDir)..\..\dll_resources\MinHook.def"
298 | 				GenerateDebugInformation="false"
299 | 				SubSystem="2"
300 | 				OptimizeReferences="2"
301 | 				EnableCOMDATFolding="2"
302 | 				ResourceOnlyDLL="true"
303 | 				MergeSections=".CRT=.text"
304 | 				TargetMachine="17"
305 | 			/>
306 | 			<Tool
307 | 				Name="VCALinkTool"
308 | 			/>
309 | 			<Tool
310 | 				Name="VCManifestTool"
311 | 			/>
312 | 			<Tool
313 | 				Name="VCXDCMakeTool"
314 | 			/>
315 | 			<Tool
316 | 				Name="VCBscMakeTool"
317 | 			/>
318 | 			<Tool
319 | 				Name="VCFxCopTool"
320 | 			/>
321 | 			<Tool
322 | 				Name="VCAppVerifierTool"
323 | 			/>
324 | 			<Tool
325 | 				Name="VCPostBuildEventTool"
326 | 			/>
327 | 		</Configuration>
328 | 	</Configurations>
329 | 	<References>
330 | 	</References>
331 | 	<Files>
332 | 		<File
333 | 			RelativePath="..\..\dll_resources\MinHook.def"
334 | 			>
335 | 		</File>
336 | 		<File
337 | 			RelativePath="..\..\dll_resources\MinHook.rc"
338 | 			>
339 | 		</File>
340 | 	</Files>
341 | 	<Globals>
342 | 	</Globals>
343 | </VisualStudioProject>
344 | 


--------------------------------------------------------------------------------
/libMinHook/build/VC9/MinHookVC9.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}"
 7 | 	ProjectSection(ProjectDependencies) = postProject
 8 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE}
 9 | 	EndProjectSection
10 | EndProject
11 | Global
12 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
13 | 		Debug|Win32 = Debug|Win32
14 | 		Debug|x64 = Debug|x64
15 | 		Release|Win32 = Release|Win32
16 | 		Release|x64 = Release|x64
17 | 	EndGlobalSection
18 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
19 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32
20 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32
21 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64
22 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64
23 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32
24 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32
25 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64
26 | 		{F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64
27 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32
28 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32
29 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64
30 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64
31 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32
32 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32
33 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64
34 | 		{027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64
35 | 	EndGlobalSection
36 | 	GlobalSection(SolutionProperties) = preSolution
37 | 		HideSolutionNode = FALSE
38 | 	EndGlobalSection
39 | EndGlobal
40 | 


--------------------------------------------------------------------------------
/libMinHook/dll_resources/MinHook.def:
--------------------------------------------------------------------------------
 1 | EXPORTS
 2 |     MH_Initialize
 3 |     MH_Uninitialize
 4 | 
 5 |     MH_CreateHook
 6 |     MH_CreateHookApi
 7 |     MH_CreateHookApiEx
 8 |     MH_RemoveHook
 9 |     MH_EnableHook
10 |     MH_DisableHook
11 |     MH_QueueEnableHook
12 |     MH_QueueDisableHook
13 |     MH_ApplyQueued
14 |     MH_StatusToString
15 | 


--------------------------------------------------------------------------------
/libMinHook/dll_resources/MinHook.rc:
--------------------------------------------------------------------------------
 1 | 1 VERSIONINFO
 2 |  FILEVERSION 1,3,3,0
 3 |  PRODUCTVERSION 1,3,3,0
 4 |  FILEFLAGSMASK 0x17L
 5 | #ifdef _DEBUG
 6 |  FILEFLAGS 0x1L
 7 | #else
 8 |  FILEFLAGS 0x0L
 9 | #endif
10 |  FILEOS 0x4L
11 |  FILETYPE 0x2L
12 |  FILESUBTYPE 0x0L
13 | BEGIN
14 |     BLOCK "StringFileInfo"
15 |     BEGIN
16 |         BLOCK "040904b0"
17 |         BEGIN
18 |             VALUE "CompanyName", "Tsuda Kageyu"
19 |             VALUE "FileDescription", "MinHook - The Minimalistic API Hook Library for x64/x86"
20 |             VALUE "FileVersion", "1.3.3.0"
21 |             VALUE "InternalName", "MinHookD"
22 |             VALUE "LegalCopyright", "Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved."
23 |             VALUE "LegalTrademarks", "Tsuda Kageyu"
24 |             VALUE "ProductName", "MinHook DLL"
25 |             VALUE "ProductVersion", "1.3.3.0"
26 |         END
27 |     END
28 |     BLOCK "VarFileInfo"
29 |     BEGIN
30 |         VALUE "Translation", 0x409, 1200
31 |     END
32 | END
33 | 


--------------------------------------------------------------------------------
/libMinHook/include/MinHook.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  MinHook - The Minimalistic API Hooking Library for x64/x86
  3 |  *  Copyright (C) 2009-2017 Tsuda Kageyu.
  4 |  *  All rights reserved.
  5 |  *
  6 |  *  Redistribution and use in source and binary forms, with or without
  7 |  *  modification, are permitted provided that the following conditions
  8 |  *  are met:
  9 |  *
 10 |  *   1. Redistributions of source code must retain the above copyright
 11 |  *      notice, this list of conditions and the following disclaimer.
 12 |  *   2. Redistributions in binary form must reproduce the above copyright
 13 |  *      notice, this list of conditions and the following disclaimer in the
 14 |  *      documentation and/or other materials provided with the distribution.
 15 |  *
 16 |  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 17 |  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 18 |  *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 19 |  *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
 20 |  *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 21 |  *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 22 |  *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 23 |  *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 24 |  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 25 |  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 26 |  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 27 |  */
 28 | 
 29 | #pragma once
 30 | 
 31 | #if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__)
 32 |     #error MinHook supports only x86 and x64 systems.
 33 | #endif
 34 | 
 35 | #include <windows.h>
 36 | 
 37 | // MinHook Error Codes.
 38 | typedef enum MH_STATUS
 39 | {
 40 |     // Unknown error. Should not be returned.
 41 |     MH_UNKNOWN = -1,
 42 | 
 43 |     // Successful.
 44 |     MH_OK = 0,
 45 | 
 46 |     // MinHook is already initialized.
 47 |     MH_ERROR_ALREADY_INITIALIZED,
 48 | 
 49 |     // MinHook is not initialized yet, or already uninitialized.
 50 |     MH_ERROR_NOT_INITIALIZED,
 51 | 
 52 |     // The hook for the specified target function is already created.
 53 |     MH_ERROR_ALREADY_CREATED,
 54 | 
 55 |     // The hook for the specified target function is not created yet.
 56 |     MH_ERROR_NOT_CREATED,
 57 | 
 58 |     // The hook for the specified target function is already enabled.
 59 |     MH_ERROR_ENABLED,
 60 | 
 61 |     // The hook for the specified target function is not enabled yet, or already
 62 |     // disabled.
 63 |     MH_ERROR_DISABLED,
 64 | 
 65 |     // The specified pointer is invalid. It points the address of non-allocated
 66 |     // and/or non-executable region.
 67 |     MH_ERROR_NOT_EXECUTABLE,
 68 | 
 69 |     // The specified target function cannot be hooked.
 70 |     MH_ERROR_UNSUPPORTED_FUNCTION,
 71 | 
 72 |     // Failed to allocate memory.
 73 |     MH_ERROR_MEMORY_ALLOC,
 74 | 
 75 |     // Failed to change the memory protection.
 76 |     MH_ERROR_MEMORY_PROTECT,
 77 | 
 78 |     // The specified module is not loaded.
 79 |     MH_ERROR_MODULE_NOT_FOUND,
 80 | 
 81 |     // The specified function is not found.
 82 |     MH_ERROR_FUNCTION_NOT_FOUND
 83 | }
 84 | MH_STATUS;
 85 | 
 86 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook,
 87 | // MH_QueueEnableHook or MH_QueueDisableHook.
 88 | #define MH_ALL_HOOKS NULL
 89 | 
 90 | #ifdef __cplusplus
 91 | extern "C" {
 92 | #endif
 93 | 
 94 |     // Initialize the MinHook library. You must call this function EXACTLY ONCE
 95 |     // at the beginning of your program.
 96 |     MH_STATUS WINAPI MH_Initialize(VOID);
 97 | 
 98 |     // Uninitialize the MinHook library. You must call this function EXACTLY
 99 |     // ONCE at the end of your program.
100 |     MH_STATUS WINAPI MH_Uninitialize(VOID);
101 | 
102 |     // Creates a Hook for the specified target function, in disabled state.
103 |     // Parameters:
104 |     //   pTarget    [in]  A pointer to the target function, which will be
105 |     //                    overridden by the detour function.
106 |     //   pDetour    [in]  A pointer to the detour function, which will override
107 |     //                    the target function.
108 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
109 |     //                    used to call the original target function.
110 |     //                    This parameter can be NULL.
111 |     MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
112 | 
113 |     // Creates a Hook for the specified API function, in disabled state.
114 |     // Parameters:
115 |     //   pszModule  [in]  A pointer to the loaded module name which contains the
116 |     //                    target function.
117 |     //   pszTarget  [in]  A pointer to the target function name, which will be
118 |     //                    overridden by the detour function.
119 |     //   pDetour    [in]  A pointer to the detour function, which will override
120 |     //                    the target function.
121 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
122 |     //                    used to call the original target function.
123 |     //                    This parameter can be NULL.
124 |     MH_STATUS WINAPI MH_CreateHookApi(
125 |         LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
126 | 
127 |     // Creates a Hook for the specified API function, in disabled state.
128 |     // Parameters:
129 |     //   pszModule  [in]  A pointer to the loaded module name which contains the
130 |     //                    target function.
131 |     //   pszTarget  [in]  A pointer to the target function name, which will be
132 |     //                    overridden by the detour function.
133 |     //   pDetour    [in]  A pointer to the detour function, which will override
134 |     //                    the target function.
135 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
136 |     //                    used to call the original target function.
137 |     //                    This parameter can be NULL.
138 |     //   ppTarget   [out] A pointer to the target function, which will be used
139 |     //                    with other functions.
140 |     //                    This parameter can be NULL.
141 |     MH_STATUS WINAPI MH_CreateHookApiEx(
142 |         LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
143 | 
144 |     // Removes an already created hook.
145 |     // Parameters:
146 |     //   pTarget [in] A pointer to the target function.
147 |     MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
148 | 
149 |     // Enables an already created hook.
150 |     // Parameters:
151 |     //   pTarget [in] A pointer to the target function.
152 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
153 |     //                enabled in one go.
154 |     MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
155 | 
156 |     // Disables an already created hook.
157 |     // Parameters:
158 |     //   pTarget [in] A pointer to the target function.
159 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
160 |     //                disabled in one go.
161 |     MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
162 | 
163 |     // Queues to enable an already created hook.
164 |     // Parameters:
165 |     //   pTarget [in] A pointer to the target function.
166 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
167 |     //                queued to be enabled.
168 |     MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
169 | 
170 |     // Queues to disable an already created hook.
171 |     // Parameters:
172 |     //   pTarget [in] A pointer to the target function.
173 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
174 |     //                queued to be disabled.
175 |     MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
176 | 
177 |     // Applies all queued changes in one go.
178 |     MH_STATUS WINAPI MH_ApplyQueued(VOID);
179 | 
180 |     // Translates the MH_STATUS to its name as a string.
181 |     const char * WINAPI MH_StatusToString(MH_STATUS status);
182 | 
183 | #ifdef __cplusplus
184 | }
185 | #endif
186 | 
187 | 


--------------------------------------------------------------------------------
/libMinHook/src/buffer.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  MinHook - The Minimalistic API Hooking Library for x64/x86
 3 |  *  Copyright (C) 2009-2017 Tsuda Kageyu.
 4 |  *  All rights reserved.
 5 |  *
 6 |  *  Redistribution and use in source and binary forms, with or without
 7 |  *  modification, are permitted provided that the following conditions
 8 |  *  are met:
 9 |  *
10 |  *   1. Redistributions of source code must retain the above copyright
11 |  *      notice, this list of conditions and the following disclaimer.
12 |  *   2. Redistributions in binary form must reproduce the above copyright
13 |  *      notice, this list of conditions and the following disclaimer in the
14 |  *      documentation and/or other materials provided with the distribution.
15 |  *
16 |  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 |  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 |  *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
19 |  *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
20 |  *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
21 |  *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 |  *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
23 |  *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
24 |  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
25 |  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 |  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 |  */
28 | 
29 | #pragma once
30 | 
31 | // Size of each memory slot.
32 | #if defined(_M_X64) || defined(__x86_64__)
33 |     #define MEMORY_SLOT_SIZE 64
34 | #else
35 |     #define MEMORY_SLOT_SIZE 32
36 | #endif
37 | 
38 | VOID   InitializeBuffer(VOID);
39 | VOID   UninitializeBuffer(VOID);
40 | LPVOID AllocateBuffer(LPVOID pOrigin);
41 | VOID   FreeBuffer(LPVOID pBuffer);
42 | BOOL   IsExecutableAddress(LPVOID pAddress);
43 | 


--------------------------------------------------------------------------------
/libMinHook/src/hde/hde32.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Hacker Disassembler Engine 32
  3 |  * Copyright (c) 2006-2009, Vyacheslav Patkov.
  4 |  * All rights reserved.
  5 |  *
  6 |  * hde32.h: C/C++ header file
  7 |  *
  8 |  */
  9 | 
 10 | #ifndef _HDE32_H_
 11 | #define _HDE32_H_
 12 | 
 13 | /* stdint.h - C99 standard header
 14 |  * http://en.wikipedia.org/wiki/stdint.h
 15 |  *
 16 |  * if your compiler doesn't contain "stdint.h" header (for
 17 |  * example, Microsoft Visual C++), you can download file:
 18 |  *   http://www.azillionmonkeys.com/qed/pstdint.h
 19 |  * and change next line to:
 20 |  *   #include "pstdint.h"
 21 |  */
 22 | #include "pstdint.h"
 23 | 
 24 | #define F_MODRM         0x00000001
 25 | #define F_SIB           0x00000002
 26 | #define F_IMM8          0x00000004
 27 | #define F_IMM16         0x00000008
 28 | #define F_IMM32         0x00000010
 29 | #define F_DISP8         0x00000020
 30 | #define F_DISP16        0x00000040
 31 | #define F_DISP32        0x00000080
 32 | #define F_RELATIVE      0x00000100
 33 | #define F_2IMM16        0x00000800
 34 | #define F_ERROR         0x00001000
 35 | #define F_ERROR_OPCODE  0x00002000
 36 | #define F_ERROR_LENGTH  0x00004000
 37 | #define F_ERROR_LOCK    0x00008000
 38 | #define F_ERROR_OPERAND 0x00010000
 39 | #define F_PREFIX_REPNZ  0x01000000
 40 | #define F_PREFIX_REPX   0x02000000
 41 | #define F_PREFIX_REP    0x03000000
 42 | #define F_PREFIX_66     0x04000000
 43 | #define F_PREFIX_67     0x08000000
 44 | #define F_PREFIX_LOCK   0x10000000
 45 | #define F_PREFIX_SEG    0x20000000
 46 | #define F_PREFIX_ANY    0x3f000000
 47 | 
 48 | #define PREFIX_SEGMENT_CS   0x2e
 49 | #define PREFIX_SEGMENT_SS   0x36
 50 | #define PREFIX_SEGMENT_DS   0x3e
 51 | #define PREFIX_SEGMENT_ES   0x26
 52 | #define PREFIX_SEGMENT_FS   0x64
 53 | #define PREFIX_SEGMENT_GS   0x65
 54 | #define PREFIX_LOCK         0xf0
 55 | #define PREFIX_REPNZ        0xf2
 56 | #define PREFIX_REPX         0xf3
 57 | #define PREFIX_OPERAND_SIZE 0x66
 58 | #define PREFIX_ADDRESS_SIZE 0x67
 59 | 
 60 | #pragma pack(push,1)
 61 | 
 62 | typedef struct {
 63 |     uint8_t len;
 64 |     uint8_t p_rep;
 65 |     uint8_t p_lock;
 66 |     uint8_t p_seg;
 67 |     uint8_t p_66;
 68 |     uint8_t p_67;
 69 |     uint8_t opcode;
 70 |     uint8_t opcode2;
 71 |     uint8_t modrm;
 72 |     uint8_t modrm_mod;
 73 |     uint8_t modrm_reg;
 74 |     uint8_t modrm_rm;
 75 |     uint8_t sib;
 76 |     uint8_t sib_scale;
 77 |     uint8_t sib_index;
 78 |     uint8_t sib_base;
 79 |     union {
 80 |         uint8_t imm8;
 81 |         uint16_t imm16;
 82 |         uint32_t imm32;
 83 |     } imm;
 84 |     union {
 85 |         uint8_t disp8;
 86 |         uint16_t disp16;
 87 |         uint32_t disp32;
 88 |     } disp;
 89 |     uint32_t flags;
 90 | } hde32s;
 91 | 
 92 | #pragma pack(pop)
 93 | 
 94 | #ifdef __cplusplus
 95 | extern "C" {
 96 | #endif
 97 | 
 98 | /* __cdecl */
 99 | unsigned int hde32_disasm(const void *code, hde32s *hs);
100 | 
101 | #ifdef __cplusplus
102 | }
103 | #endif
104 | 
105 | #endif /* _HDE32_H_ */
106 | 


--------------------------------------------------------------------------------
/libMinHook/src/hde/hde64.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Hacker Disassembler Engine 64
  3 |  * Copyright (c) 2008-2009, Vyacheslav Patkov.
  4 |  * All rights reserved.
  5 |  *
  6 |  * hde64.h: C/C++ header file
  7 |  *
  8 |  */
  9 | 
 10 | #ifndef _HDE64_H_
 11 | #define _HDE64_H_
 12 | 
 13 | /* stdint.h - C99 standard header
 14 |  * http://en.wikipedia.org/wiki/stdint.h
 15 |  *
 16 |  * if your compiler doesn't contain "stdint.h" header (for
 17 |  * example, Microsoft Visual C++), you can download file:
 18 |  *   http://www.azillionmonkeys.com/qed/pstdint.h
 19 |  * and change next line to:
 20 |  *   #include "pstdint.h"
 21 |  */
 22 | #include "pstdint.h"
 23 | 
 24 | #define F_MODRM         0x00000001
 25 | #define F_SIB           0x00000002
 26 | #define F_IMM8          0x00000004
 27 | #define F_IMM16         0x00000008
 28 | #define F_IMM32         0x00000010
 29 | #define F_IMM64         0x00000020
 30 | #define F_DISP8         0x00000040
 31 | #define F_DISP16        0x00000080
 32 | #define F_DISP32        0x00000100
 33 | #define F_RELATIVE      0x00000200
 34 | #define F_ERROR         0x00001000
 35 | #define F_ERROR_OPCODE  0x00002000
 36 | #define F_ERROR_LENGTH  0x00004000
 37 | #define F_ERROR_LOCK    0x00008000
 38 | #define F_ERROR_OPERAND 0x00010000
 39 | #define F_PREFIX_REPNZ  0x01000000
 40 | #define F_PREFIX_REPX   0x02000000
 41 | #define F_PREFIX_REP    0x03000000
 42 | #define F_PREFIX_66     0x04000000
 43 | #define F_PREFIX_67     0x08000000
 44 | #define F_PREFIX_LOCK   0x10000000
 45 | #define F_PREFIX_SEG    0x20000000
 46 | #define F_PREFIX_REX    0x40000000
 47 | #define F_PREFIX_ANY    0x7f000000
 48 | 
 49 | #define PREFIX_SEGMENT_CS   0x2e
 50 | #define PREFIX_SEGMENT_SS   0x36
 51 | #define PREFIX_SEGMENT_DS   0x3e
 52 | #define PREFIX_SEGMENT_ES   0x26
 53 | #define PREFIX_SEGMENT_FS   0x64
 54 | #define PREFIX_SEGMENT_GS   0x65
 55 | #define PREFIX_LOCK         0xf0
 56 | #define PREFIX_REPNZ        0xf2
 57 | #define PREFIX_REPX         0xf3
 58 | #define PREFIX_OPERAND_SIZE 0x66
 59 | #define PREFIX_ADDRESS_SIZE 0x67
 60 | 
 61 | #pragma pack(push,1)
 62 | 
 63 | typedef struct {
 64 |     uint8_t len;
 65 |     uint8_t p_rep;
 66 |     uint8_t p_lock;
 67 |     uint8_t p_seg;
 68 |     uint8_t p_66;
 69 |     uint8_t p_67;
 70 |     uint8_t rex;
 71 |     uint8_t rex_w;
 72 |     uint8_t rex_r;
 73 |     uint8_t rex_x;
 74 |     uint8_t rex_b;
 75 |     uint8_t opcode;
 76 |     uint8_t opcode2;
 77 |     uint8_t modrm;
 78 |     uint8_t modrm_mod;
 79 |     uint8_t modrm_reg;
 80 |     uint8_t modrm_rm;
 81 |     uint8_t sib;
 82 |     uint8_t sib_scale;
 83 |     uint8_t sib_index;
 84 |     uint8_t sib_base;
 85 |     union {
 86 |         uint8_t imm8;
 87 |         uint16_t imm16;
 88 |         uint32_t imm32;
 89 |         uint64_t imm64;
 90 |     } imm;
 91 |     union {
 92 |         uint8_t disp8;
 93 |         uint16_t disp16;
 94 |         uint32_t disp32;
 95 |     } disp;
 96 |     uint32_t flags;
 97 | } hde64s;
 98 | 
 99 | #pragma pack(pop)
100 | 
101 | #ifdef __cplusplus
102 | extern "C" {
103 | #endif
104 | 
105 | /* __cdecl */
106 | unsigned int hde64_disasm(const void *code, hde64s *hs);
107 | 
108 | #ifdef __cplusplus
109 | }
110 | #endif
111 | 
112 | #endif /* _HDE64_H_ */
113 | 


--------------------------------------------------------------------------------
/libMinHook/src/hde/pstdint.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  MinHook - The Minimalistic API Hooking Library for x64/x86
 3 |  *  Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
 4 |  *
 5 |  *  Redistribution and use in source and binary forms, with or without
 6 |  *  modification, are permitted provided that the following conditions
 7 |  *  are met:
 8 |  *
 9 |  *  1. Redistributions of source code must retain the above copyright
10 |  *     notice, this list of conditions and the following disclaimer.
11 |  *  2. Redistributions in binary form must reproduce the above copyright
12 |  *     notice, this list of conditions and the following disclaimer in the
13 |  *     documentation and/or other materials provided with the distribution.
14 |  *
15 |  *  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
16 |  *  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 |  *  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 |  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 |  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 |  *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 |  *  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 |  *  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 |  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 |  *  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 |  */
26 | 
27 | #pragma once
28 | 
29 | #include <windows.h>
30 | 
31 | // Integer types for HDE.
32 | typedef INT8   int8_t;
33 | typedef INT16  int16_t;
34 | typedef INT32  int32_t;
35 | typedef INT64  int64_t;
36 | typedef UINT8  uint8_t;
37 | typedef UINT16 uint16_t;
38 | typedef UINT32 uint32_t;
39 | typedef UINT64 uint64_t;
40 | 


--------------------------------------------------------------------------------
/libMinHook/src/hde/table32.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Hacker Disassembler Engine 32 C
 3 |  * Copyright (c) 2008-2009, Vyacheslav Patkov.
 4 |  * All rights reserved.
 5 |  *
 6 |  */
 7 | 
 8 | #define C_NONE    0x00
 9 | #define C_MODRM   0x01
10 | #define C_IMM8    0x02
11 | #define C_IMM16   0x04
12 | #define C_IMM_P66 0x10
13 | #define C_REL8    0x20
14 | #define C_REL32   0x40
15 | #define C_GROUP   0x80
16 | #define C_ERROR   0xff
17 | 
18 | #define PRE_ANY  0x00
19 | #define PRE_NONE 0x01
20 | #define PRE_F2   0x02
21 | #define PRE_F3   0x04
22 | #define PRE_66   0x08
23 | #define PRE_67   0x10
24 | #define PRE_LOCK 0x20
25 | #define PRE_SEG  0x40
26 | #define PRE_ALL  0xff
27 | 
28 | #define DELTA_OPCODES      0x4a
29 | #define DELTA_FPU_REG      0xf1
30 | #define DELTA_FPU_MODRM    0xf8
31 | #define DELTA_PREFIXES     0x130
32 | #define DELTA_OP_LOCK_OK   0x1a1
33 | #define DELTA_OP2_LOCK_OK  0x1b9
34 | #define DELTA_OP_ONLY_MEM  0x1cb
35 | #define DELTA_OP2_ONLY_MEM 0x1da
36 | 
37 | unsigned char hde32_table[] = {
38 |   0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,
39 |   0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f,
40 |   0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3,
41 |   0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa,
42 |   0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90,
43 |   0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f,
44 |   0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d,
45 |   0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59,
46 |   0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,
47 |   0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0,
48 |   0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01,
49 |   0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11,
50 |   0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8,
51 |   0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca,
52 |   0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff,
53 |   0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03,
54 |   0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,
55 |   0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,
56 |   0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
57 |   0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
58 |   0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f,
59 |   0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a,
60 |   0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,
61 |   0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a,
62 |   0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06,
63 |   0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06,
64 |   0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
65 |   0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08,
66 |   0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,
67 |   0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,
68 |   0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,
69 |   0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,
70 |   0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,
71 |   0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,
72 |   0xe7,0x08,0x00,0xf0,0x02,0x00
73 | };
74 | 


--------------------------------------------------------------------------------
/libMinHook/src/hde/table64.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Hacker Disassembler Engine 64 C
 3 |  * Copyright (c) 2008-2009, Vyacheslav Patkov.
 4 |  * All rights reserved.
 5 |  *
 6 |  */
 7 | 
 8 | #define C_NONE    0x00
 9 | #define C_MODRM   0x01
10 | #define C_IMM8    0x02
11 | #define C_IMM16   0x04
12 | #define C_IMM_P66 0x10
13 | #define C_REL8    0x20
14 | #define C_REL32   0x40
15 | #define C_GROUP   0x80
16 | #define C_ERROR   0xff
17 | 
18 | #define PRE_ANY  0x00
19 | #define PRE_NONE 0x01
20 | #define PRE_F2   0x02
21 | #define PRE_F3   0x04
22 | #define PRE_66   0x08
23 | #define PRE_67   0x10
24 | #define PRE_LOCK 0x20
25 | #define PRE_SEG  0x40
26 | #define PRE_ALL  0xff
27 | 
28 | #define DELTA_OPCODES      0x4a
29 | #define DELTA_FPU_REG      0xfd
30 | #define DELTA_FPU_MODRM    0x104
31 | #define DELTA_PREFIXES     0x13c
32 | #define DELTA_OP_LOCK_OK   0x1ae
33 | #define DELTA_OP2_LOCK_OK  0x1c6
34 | #define DELTA_OP_ONLY_MEM  0x1d8
35 | #define DELTA_OP2_ONLY_MEM 0x1e7
36 | 
37 | unsigned char hde64_table[] = {
38 |   0xa5,0xaa,0xa5,0xb8,0xa5,0xaa,0xa5,0xaa,0xa5,0xb8,0xa5,0xb8,0xa5,0xb8,0xa5,
39 |   0xb8,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xac,0xc0,0xcc,0xc0,0xa1,0xa1,
40 |   0xa1,0xa1,0xb1,0xa5,0xa5,0xa6,0xc0,0xc0,0xd7,0xda,0xe0,0xc0,0xe4,0xc0,0xea,
41 |   0xea,0xe0,0xe0,0x98,0xc8,0xee,0xf1,0xa5,0xd3,0xa5,0xa5,0xa1,0xea,0x9e,0xc0,
42 |   0xc0,0xc2,0xc0,0xe6,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0xab,
43 |   0x8b,0x90,0x64,0x5b,0x5b,0x5b,0x5b,0x5b,0x92,0x5b,0x5b,0x76,0x90,0x92,0x92,
44 |   0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x6a,0x73,0x90,
45 |   0x5b,0x52,0x52,0x52,0x52,0x5b,0x5b,0x5b,0x5b,0x77,0x7c,0x77,0x85,0x5b,0x5b,
46 |   0x70,0x5b,0x7a,0xaf,0x76,0x76,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,
47 |   0x5b,0x5b,0x86,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xd5,0x03,0xcc,0x01,0xbc,
48 |   0x03,0xf0,0x03,0x03,0x04,0x00,0x50,0x50,0x50,0x50,0xff,0x20,0x20,0x20,0x20,
49 |   0x01,0x01,0x01,0x01,0xc4,0x02,0x10,0xff,0xff,0xff,0x01,0x00,0x03,0x11,0xff,
50 |   0x03,0xc4,0xc6,0xc8,0x02,0x10,0x00,0xff,0xcc,0x01,0x01,0x01,0x00,0x00,0x00,
51 |   0x00,0x01,0x01,0x03,0x01,0xff,0xff,0xc0,0xc2,0x10,0x11,0x02,0x03,0x01,0x01,
52 |   0x01,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0x00,0x00,0xff,0xff,0xff,0xff,0x10,
53 |   0x10,0x10,0x10,0x02,0x10,0x00,0x00,0xc6,0xc8,0x02,0x02,0x02,0x02,0x06,0x00,
54 |   0x04,0x00,0x02,0xff,0x00,0xc0,0xc2,0x01,0x01,0x03,0x03,0x03,0xca,0x40,0x00,
55 |   0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,0x00,0x00,0x00,
56 |   0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0xff,0x00,
57 |   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,
58 |   0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7f,0x00,0x00,
59 |   0xff,0x40,0x40,0x40,0x40,0x41,0x49,0x40,0x40,0x40,0x40,0x4c,0x42,0x40,0x40,
60 |   0x40,0x40,0x40,0x40,0x40,0x40,0x4f,0x44,0x53,0x40,0x40,0x40,0x44,0x57,0x43,
61 |   0x5c,0x40,0x60,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,
62 |   0x40,0x40,0x64,0x66,0x6e,0x6b,0x40,0x40,0x6a,0x46,0x40,0x40,0x44,0x46,0x40,
63 |   0x40,0x5b,0x44,0x40,0x40,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x06,0x01,0x06,
64 |   0x06,0x02,0x06,0x06,0x00,0x06,0x00,0x0a,0x0a,0x00,0x00,0x00,0x02,0x07,0x07,
65 |   0x06,0x02,0x0d,0x06,0x06,0x06,0x0e,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
66 |   0x04,0x04,0x05,0x06,0x06,0x06,0x00,0x00,0x00,0x0e,0x00,0x00,0x08,0x00,0x10,
67 |   0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,0x86,0x00,
68 |   0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,0xf8,0xbb,
69 |   0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,0xc4,0xff,
70 |   0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,0x13,0x09,
71 |   0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,0xb2,0xff,
72 |   0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,0xe7,0x08,
73 |   0x00,0xf0,0x02,0x00
74 | };
75 | 


--------------------------------------------------------------------------------
/libMinHook/src/trampoline.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  MinHook - The Minimalistic API Hooking Library for x64/x86
  3 |  *  Copyright (C) 2009-2017 Tsuda Kageyu.
  4 |  *  All rights reserved.
  5 |  *
  6 |  *  Redistribution and use in source and binary forms, with or without
  7 |  *  modification, are permitted provided that the following conditions
  8 |  *  are met:
  9 |  *
 10 |  *   1. Redistributions of source code must retain the above copyright
 11 |  *      notice, this list of conditions and the following disclaimer.
 12 |  *   2. Redistributions in binary form must reproduce the above copyright
 13 |  *      notice, this list of conditions and the following disclaimer in the
 14 |  *      documentation and/or other materials provided with the distribution.
 15 |  *
 16 |  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 17 |  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 18 |  *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 19 |  *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
 20 |  *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 21 |  *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 22 |  *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 23 |  *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 24 |  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 25 |  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 26 |  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 27 |  */
 28 | 
 29 | #pragma once
 30 | 
 31 | #pragma pack(push, 1)
 32 | 
 33 | // Structs for writing x86/x64 instructions.
 34 | 
 35 | // 8-bit relative jump.
 36 | typedef struct _JMP_REL_SHORT
 37 | {
 38 |     UINT8  opcode;      // EB xx: JMP +2+xx
 39 |     UINT8  operand;
 40 | } JMP_REL_SHORT, *PJMP_REL_SHORT;
 41 | 
 42 | // 32-bit direct relative jump/call.
 43 | typedef struct _JMP_REL
 44 | {
 45 |     UINT8  opcode;      // E9/E8 xxxxxxxx: JMP/CALL +5+xxxxxxxx
 46 |     UINT32 operand;     // Relative destination address
 47 | } JMP_REL, *PJMP_REL, CALL_REL;
 48 | 
 49 | // 64-bit indirect absolute jump.
 50 | typedef struct _JMP_ABS
 51 | {
 52 |     UINT8  opcode0;     // FF25 00000000: JMP [+6]
 53 |     UINT8  opcode1;
 54 |     UINT32 dummy;
 55 |     UINT64 address;     // Absolute destination address
 56 | } JMP_ABS, *PJMP_ABS;
 57 | 
 58 | // 64-bit indirect absolute call.
 59 | typedef struct _CALL_ABS
 60 | {
 61 |     UINT8  opcode0;     // FF15 00000002: CALL [+6]
 62 |     UINT8  opcode1;
 63 |     UINT32 dummy0;
 64 |     UINT8  dummy1;      // EB 08:         JMP +10
 65 |     UINT8  dummy2;
 66 |     UINT64 address;     // Absolute destination address
 67 | } CALL_ABS;
 68 | 
 69 | // 32-bit direct relative conditional jumps.
 70 | typedef struct _JCC_REL
 71 | {
 72 |     UINT8  opcode0;     // 0F8* xxxxxxxx: J** +6+xxxxxxxx
 73 |     UINT8  opcode1;
 74 |     UINT32 operand;     // Relative destination address
 75 | } JCC_REL;
 76 | 
 77 | // 64bit indirect absolute conditional jumps that x64 lacks.
 78 | typedef struct _JCC_ABS
 79 | {
 80 |     UINT8  opcode;      // 7* 0E:         J** +16
 81 |     UINT8  dummy0;
 82 |     UINT8  dummy1;      // FF25 00000000: JMP [+6]
 83 |     UINT8  dummy2;
 84 |     UINT32 dummy3;
 85 |     UINT64 address;     // Absolute destination address
 86 | } JCC_ABS;
 87 | 
 88 | #pragma pack(pop)
 89 | 
 90 | typedef struct _TRAMPOLINE
 91 | {
 92 |     LPVOID pTarget;         // [In] Address of the target function.
 93 |     LPVOID pDetour;         // [In] Address of the detour function.
 94 |     LPVOID pTrampoline;     // [In] Buffer address for the trampoline and relay function.
 95 | 
 96 | #if defined(_M_X64) || defined(__x86_64__)
 97 |     LPVOID pRelay;          // [Out] Address of the relay function.
 98 | #endif
 99 |     BOOL   patchAbove;      // [Out] Should use the hot patch area?
100 |     UINT   nIP;             // [Out] Number of the instruction boundaries.
101 |     UINT8  oldIPs[8];       // [Out] Instruction boundaries of the target function.
102 |     UINT8  newIPs[8];       // [Out] Instruction boundaries of the trampoline function.
103 | } TRAMPOLINE, *PTRAMPOLINE;
104 | 
105 | BOOL CreateTrampolineFunction(PTRAMPOLINE ct);
106 | 


--------------------------------------------------------------------------------
/phnt/README.md:
--------------------------------------------------------------------------------
 1 | This collection of Native API header files has been maintained since 2009 for the Process Hacker project, and is the most up-to-date set of Native API definitions that I know of. I have gathered these definitions from official Microsoft header files and symbol files, as well as a lot of reverse engineering and guessing. See `phnt.h` for more information.
 2 | 
 3 | ## Usage
 4 | 
 5 | First make sure that your program is using the latest Windows SDK.
 6 | 
 7 | These header files are designed to be used by user-mode programs. Instead of `#include <windows.h>`, place
 8 | 
 9 | ```
10 | #include <phnt_windows.h>
11 | #include <phnt.h>
12 | ```
13 | 
14 | at the top of your program. The first line provides access to the Win32 API as well as the `NTSTATUS` values. The second line provides access to the entire Native API. By default, only definitions present in Windows XP are included into your program. To change this, use one of the following:
15 | 
16 | ```
17 | #define PHNT_VERSION PHNT_WINXP // Windows XP
18 | #define PHNT_VERSION PHNT_WS03 // Windows Server 2003
19 | #define PHNT_VERSION PHNT_VISTA // Windows Vista
20 | #define PHNT_VERSION PHNT_WIN7 // Windows 7
21 | #define PHNT_VERSION PHNT_WIN8 // Windows 8
22 | #define PHNT_VERSION PHNT_WINBLUE // Windows 8.1
23 | #define PHNT_VERSION PHNT_THRESHOLD // Windows 10
24 | ```
25 | 


--------------------------------------------------------------------------------
/phnt/include/ntgdi.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Process Hacker -
  3 |  *   Graphics device interface support
  4 |  *
  5 |  * This file is part of Process Hacker.
  6 |  *
  7 |  * Process Hacker is free software; you can redistribute it and/or modify
  8 |  * it under the terms of the GNU General Public License as published by
  9 |  * the Free Software Foundation, either version 3 of the License, or
 10 |  * (at your option) any later version.
 11 |  *
 12 |  * Process Hacker is distributed in the hope that it will be useful,
 13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15 |  * GNU General Public License for more details.
 16 |  *
 17 |  * You should have received a copy of the GNU General Public License
 18 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | 
 21 | #ifndef _NTGDI_H
 22 | #define _NTGDI_H
 23 | 
 24 | #define GDI_MAX_HANDLE_COUNT 0x4000
 25 | 
 26 | #define GDI_HANDLE_INDEX_SHIFT 0
 27 | #define GDI_HANDLE_INDEX_BITS 16
 28 | #define GDI_HANDLE_INDEX_MASK 0xffff
 29 | 
 30 | #define GDI_HANDLE_TYPE_SHIFT 16
 31 | #define GDI_HANDLE_TYPE_BITS 5
 32 | #define GDI_HANDLE_TYPE_MASK 0x1f
 33 | 
 34 | #define GDI_HANDLE_ALTTYPE_SHIFT 21
 35 | #define GDI_HANDLE_ALTTYPE_BITS 2
 36 | #define GDI_HANDLE_ALTTYPE_MASK 0x3
 37 | 
 38 | #define GDI_HANDLE_STOCK_SHIFT 23
 39 | #define GDI_HANDLE_STOCK_BITS 1
 40 | #define GDI_HANDLE_STOCK_MASK 0x1
 41 | 
 42 | #define GDI_HANDLE_UNIQUE_SHIFT 24
 43 | #define GDI_HANDLE_UNIQUE_BITS 8
 44 | #define GDI_HANDLE_UNIQUE_MASK 0xff
 45 | 
 46 | #define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK)
 47 | #define GDI_HANDLE_UNIQUE(Handle) ((ULONG)(Handle >> GDI_HANDLE_INDEX_BITS) & GDI_HANDLE_INDEX_MASK)
 48 | #define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK)
 49 | #define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK)
 50 | #define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK)
 51 | 
 52 | #define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index)))
 53 | 
 54 | // GDI server-side types
 55 | 
 56 | #define GDI_DEF_TYPE 0 // invalid handle
 57 | #define GDI_DC_TYPE 1
 58 | #define GDI_DD_DIRECTDRAW_TYPE 2
 59 | #define GDI_DD_SURFACE_TYPE 3
 60 | #define GDI_RGN_TYPE 4
 61 | #define GDI_SURF_TYPE 5
 62 | #define GDI_CLIENTOBJ_TYPE 6
 63 | #define GDI_PATH_TYPE 7
 64 | #define GDI_PAL_TYPE 8
 65 | #define GDI_ICMLCS_TYPE 9
 66 | #define GDI_LFONT_TYPE 10
 67 | #define GDI_RFONT_TYPE 11
 68 | #define GDI_PFE_TYPE 12
 69 | #define GDI_PFT_TYPE 13
 70 | #define GDI_ICMCXF_TYPE 14
 71 | #define GDI_ICMDLL_TYPE 15
 72 | #define GDI_BRUSH_TYPE 16
 73 | #define GDI_PFF_TYPE 17 // unused
 74 | #define GDI_CACHE_TYPE 18 // unused
 75 | #define GDI_SPACE_TYPE 19
 76 | #define GDI_DBRUSH_TYPE 20 // unused
 77 | #define GDI_META_TYPE 21
 78 | #define GDI_EFSTATE_TYPE 22
 79 | #define GDI_BMFD_TYPE 23 // unused
 80 | #define GDI_VTFD_TYPE 24 // unused
 81 | #define GDI_TTFD_TYPE 25 // unused
 82 | #define GDI_RC_TYPE 26 // unused
 83 | #define GDI_TEMP_TYPE 27 // unused
 84 | #define GDI_DRVOBJ_TYPE 28
 85 | #define GDI_DCIOBJ_TYPE 29 // unused
 86 | #define GDI_SPOOL_TYPE 30
 87 | 
 88 | // GDI client-side types
 89 | 
 90 | #define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \
 91 |     (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT)))
 92 | #define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16)
 93 | 
 94 | #define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT)
 95 | #define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT)
 96 | #define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT)
 97 | 
 98 | #define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT)
 99 | #define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT)
100 | #define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT)
101 | #define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT)
102 | #define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT)
103 | #define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT)
104 | #define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT)
105 | 
106 | #define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1)
107 | #define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1)
108 | #define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2)
109 | #define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3)
110 | #define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2)
111 | #define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1)
112 | #define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1)
113 | 
114 | typedef struct _GDI_HANDLE_ENTRY
115 | {
116 |     union
117 |     {
118 |         PVOID Object;
119 |         PVOID NextFree;
120 |     };
121 |     union
122 |     {
123 |         struct
124 |         {
125 |             USHORT ProcessId;
126 |             USHORT Lock : 1;
127 |             USHORT Count : 15;
128 |         };
129 |         ULONG Value;
130 |     } Owner;
131 |     USHORT Unique;
132 |     UCHAR Type;
133 |     UCHAR Flags;
134 |     PVOID UserPointer;
135 | } GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
136 | 
137 | typedef struct _GDI_SHARED_MEMORY
138 | {
139 |     GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
140 | } GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
141 | 
142 | #endif
143 | 


--------------------------------------------------------------------------------
/phnt/include/ntkeapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTKEAPI_H
  2 | #define _NTKEAPI_H
  3 | 
  4 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
  5 | #define LOW_PRIORITY 0 // Lowest thread priority level
  6 | #define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
  7 | #define HIGH_PRIORITY 31 // Highest thread priority level
  8 | #define MAXIMUM_PRIORITY 32 // Number of thread priority levels
  9 | #endif
 10 | 
 11 | typedef enum _KTHREAD_STATE
 12 | {
 13 |     Initialized,
 14 |     Ready,
 15 |     Running,
 16 |     Standby,
 17 |     Terminated,
 18 |     Waiting,
 19 |     Transition,
 20 |     DeferredReady,
 21 |     GateWaitObsolete,
 22 |     WaitingForProcessInSwap,
 23 |     MaximumThreadState
 24 | } KTHREAD_STATE, *PKTHREAD_STATE;
 25 | 
 26 | // private
 27 | typedef enum _KHETERO_CPU_POLICY
 28 | {
 29 |     KHeteroCpuPolicyAll,
 30 |     KHeteroCpuPolicyLarge,
 31 |     KHeteroCpuPolicyLargeOrIdle,
 32 |     KHeteroCpuPolicySmall,
 33 |     KHeteroCpuPolicySmallOrIdle,
 34 |     KHeteroCpuPolicyDynamic,
 35 |     KHeteroCpuPolicyStaticMax,
 36 |     KHeteroCpuPolicyBiasedSmall,
 37 |     KHeteroCpuPolicyBiasedLarge,
 38 |     KHeteroCpuPolicyDefault,
 39 |     KHeteroCpuPolicyMax
 40 | } KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY;
 41 | 
 42 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 43 | 
 44 | typedef enum _KWAIT_REASON
 45 | {
 46 |     Executive,
 47 |     FreePage,
 48 |     PageIn,
 49 |     PoolAllocation,
 50 |     DelayExecution,
 51 |     Suspended,
 52 |     UserRequest,
 53 |     WrExecutive,
 54 |     WrFreePage,
 55 |     WrPageIn,
 56 |     WrPoolAllocation,
 57 |     WrDelayExecution,
 58 |     WrSuspended,
 59 |     WrUserRequest,
 60 |     WrEventPair,
 61 |     WrQueue,
 62 |     WrLpcReceive,
 63 |     WrLpcReply,
 64 |     WrVirtualMemory,
 65 |     WrPageOut,
 66 |     WrRendezvous,
 67 |     WrKeyedEvent,
 68 |     WrTerminated,
 69 |     WrProcessInSwap,
 70 |     WrCpuRateControl,
 71 |     WrCalloutStack,
 72 |     WrKernel,
 73 |     WrResource,
 74 |     WrPushLock,
 75 |     WrMutex,
 76 |     WrQuantumEnd,
 77 |     WrDispatchInt,
 78 |     WrPreempted,
 79 |     WrYieldExecution,
 80 |     WrFastMutex,
 81 |     WrGuardedMutex,
 82 |     WrRundown,
 83 |     WrAlertByThreadId,
 84 |     WrDeferredPreempt,
 85 |     MaximumWaitReason
 86 | } KWAIT_REASON, *PKWAIT_REASON;
 87 | 
 88 | typedef enum _KPROFILE_SOURCE
 89 | {
 90 |     ProfileTime,
 91 |     ProfileAlignmentFixup,
 92 |     ProfileTotalIssues,
 93 |     ProfilePipelineDry,
 94 |     ProfileLoadInstructions,
 95 |     ProfilePipelineFrozen,
 96 |     ProfileBranchInstructions,
 97 |     ProfileTotalNonissues,
 98 |     ProfileDcacheMisses,
 99 |     ProfileIcacheMisses,
100 |     ProfileCacheMisses,
101 |     ProfileBranchMispredictions,
102 |     ProfileStoreInstructions,
103 |     ProfileFpInstructions,
104 |     ProfileIntegerInstructions,
105 |     Profile2Issue,
106 |     Profile3Issue,
107 |     Profile4Issue,
108 |     ProfileSpecialInstructions,
109 |     ProfileTotalCycles,
110 |     ProfileIcacheIssues,
111 |     ProfileDcacheAccesses,
112 |     ProfileMemoryBarrierCycles,
113 |     ProfileLoadLinkedIssues,
114 |     ProfileMaximum
115 | } KPROFILE_SOURCE;
116 | 
117 | #endif
118 | 
119 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
120 | 
121 | NTSYSCALLAPI
122 | NTSTATUS
123 | NTAPI
124 | NtCallbackReturn(
125 |     _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
126 |     _In_ ULONG OutputLength,
127 |     _In_ NTSTATUS Status
128 |     );
129 | 
130 | #if (PHNT_VERSION >= PHNT_VISTA)
131 | NTSYSCALLAPI
132 | VOID
133 | NTAPI
134 | NtFlushProcessWriteBuffers(
135 |     VOID
136 |     );
137 | #endif
138 | 
139 | NTSYSCALLAPI
140 | NTSTATUS
141 | NTAPI
142 | NtQueryDebugFilterState(
143 |     _In_ ULONG ComponentId,
144 |     _In_ ULONG Level
145 |     );
146 | 
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtSetDebugFilterState(
151 |     _In_ ULONG ComponentId,
152 |     _In_ ULONG Level,
153 |     _In_ BOOLEAN State
154 |     );
155 | 
156 | NTSYSCALLAPI
157 | NTSTATUS
158 | NTAPI
159 | NtYieldExecution(
160 |     VOID
161 |     );
162 | 
163 | #endif
164 | 
165 | #endif
166 | 


--------------------------------------------------------------------------------
/phnt/include/ntmisc.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTMISC_H
  2 | #define _NTMISC_H
  3 | 
  4 | // Filter manager
  5 | 
  6 | #define FLT_PORT_CONNECT 0x0001
  7 | #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
  8 | 
  9 | // VDM
 10 | 
 11 | typedef enum _VDMSERVICECLASS
 12 | {
 13 |     VdmStartExecution,
 14 |     VdmQueueInterrupt,
 15 |     VdmDelayInterrupt,
 16 |     VdmInitialize,
 17 |     VdmFeatures,
 18 |     VdmSetInt21Handler,
 19 |     VdmQueryDir,
 20 |     VdmPrinterDirectIoOpen,
 21 |     VdmPrinterDirectIoClose,
 22 |     VdmPrinterInitialize,
 23 |     VdmSetLdtEntries,
 24 |     VdmSetProcessLdtInfo,
 25 |     VdmAdlibEmulation,
 26 |     VdmPMCliControl,
 27 |     VdmQueryVdmProcess
 28 | } VDMSERVICECLASS, *PVDMSERVICECLASS;
 29 | 
 30 | NTSYSCALLAPI
 31 | NTSTATUS
 32 | NTAPI
 33 | NtVdmControl(
 34 |     _In_ VDMSERVICECLASS Service,
 35 |     _Inout_ PVOID ServiceData
 36 |     );
 37 | 
 38 | // WMI/ETW
 39 | 
 40 | NTSYSCALLAPI
 41 | NTSTATUS
 42 | NTAPI
 43 | NtTraceEvent(
 44 |     _In_ HANDLE TraceHandle,
 45 |     _In_ ULONG Flags,
 46 |     _In_ ULONG FieldSize,
 47 |     _In_ PVOID Fields
 48 |     );
 49 | 
 50 | typedef enum _TRACE_CONTROL_INFORMATION_CLASS
 51 | {
 52 |     TraceControlStartLogger = 1,
 53 |     TraceControlStopLogger = 2,
 54 |     TraceControlQueryLogger = 3,
 55 |     TraceControlUpdateLogger = 4,
 56 |     TraceControlFlushLogger = 5,
 57 |     TraceControlIncrementLoggerFile = 6,
 58 | 
 59 |     TraceControlRealtimeConnect = 11,
 60 |     TraceControlWdiDispatchControl = 13,
 61 |     TraceControlRealtimeDisconnectConsumerByHandle = 14,
 62 | 
 63 |     TraceControlReceiveNotification = 16,
 64 |     TraceControlEnableGuid = 17,
 65 |     TraceControlSendReplyDataBlock = 18,
 66 |     TraceControlReceiveReplyDataBlock = 19,
 67 |     TraceControlWdiUpdateSem = 20,
 68 |     TraceControlGetTraceGuidList = 21,
 69 |     TraceControlGetTraceGuidInfo = 22,
 70 |     TraceControlEnumerateTraceGuids = 23,
 71 | 
 72 |     TraceControlQueryReferenceTime = 25,
 73 |     TraceControlTrackProviderBinary = 26,
 74 |     TraceControlAddNotificationEvent = 27,
 75 |     TraceControlUpdateDisallowList = 28,
 76 | 
 77 |     TraceControlUseDescriptorTypeUm = 31,
 78 |     TraceControlGetTraceGroupList = 32,
 79 |     TraceControlGetTraceGroupInfo = 33,
 80 |     TraceControlTraceSetDisallowList= 34,
 81 |     TraceControlSetCompressionSettings = 35,
 82 |     TraceControlGetCompressionSettings= 36,
 83 |     TraceControlUpdatePeriodicCaptureState = 37,
 84 |     TraceControlGetPrivateSessionTraceHandle = 38,
 85 |     TraceControlRegisterPrivateSession = 39,
 86 |     TraceControlQuerySessionDemuxObject = 40,
 87 |     TraceControlSetProviderBinaryTracking = 41,
 88 |     TraceControlMaxLoggers = 42,
 89 |     TraceControlMaxPmcCounter = 43
 90 | } TRACE_CONTROL_INFORMATION_CLASS;
 91 | 
 92 | #if (PHNT_VERSION >= PHNT_VISTA)
 93 | NTSYSCALLAPI
 94 | NTSTATUS
 95 | NTAPI
 96 | NtTraceControl(
 97 |     _In_ TRACE_CONTROL_INFORMATION_CLASS TraceInformationClass,
 98 |     _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
 99 |     _In_ ULONG InputBufferLength,
100 |     _Out_writes_bytes_opt_(TraceInformationLength) PVOID TraceInformation,
101 |     _In_ ULONG TraceInformationLength,
102 |     _Out_ PULONG ReturnLength
103 |     );
104 | #endif
105 | 
106 | #endif
107 | 


--------------------------------------------------------------------------------
/phnt/include/ntnls.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Process Hacker -
 3 |  *   National Language Support functions
 4 |  *
 5 |  * This file is part of Process Hacker.
 6 |  *
 7 |  * Process Hacker is free software; you can redistribute it and/or modify
 8 |  * it under the terms of the GNU General Public License as published by
 9 |  * the Free Software Foundation, either version 3 of the License, or
10 |  * (at your option) any later version.
11 |  *
12 |  * Process Hacker is distributed in the hope that it will be useful,
13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 |  * GNU General Public License for more details.
16 |  *
17 |  * You should have received a copy of the GNU General Public License
18 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
19 |  */
20 | 
21 | #ifndef _NTNLS_H
22 | #define _NTNLS_H
23 | 
24 | #define MAXIMUM_LEADBYTES 12
25 | 
26 | typedef struct _CPTABLEINFO
27 | {
28 |     USHORT CodePage;
29 |     USHORT MaximumCharacterSize;
30 |     USHORT DefaultChar;
31 |     USHORT UniDefaultChar;
32 |     USHORT TransDefaultChar;
33 |     USHORT TransUniDefaultChar;
34 |     USHORT DBCSCodePage;
35 |     UCHAR LeadByte[MAXIMUM_LEADBYTES];
36 |     PUSHORT MultiByteTable;
37 |     PVOID WideCharTable;
38 |     PUSHORT DBCSRanges;
39 |     PUSHORT DBCSOffsets;
40 | } CPTABLEINFO, *PCPTABLEINFO;
41 | 
42 | typedef struct _NLSTABLEINFO
43 | {
44 |     CPTABLEINFO OemTableInfo;
45 |     CPTABLEINFO AnsiTableInfo;
46 |     PUSHORT UpperCaseTable;
47 |     PUSHORT LowerCaseTable;
48 | } NLSTABLEINFO, *PNLSTABLEINFO;
49 | 
50 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
51 | NTSYSAPI USHORT NlsAnsiCodePage;
52 | NTSYSAPI BOOLEAN NlsMbCodePageTag;
53 | NTSYSAPI BOOLEAN NlsMbOemCodePageTag;
54 | #endif
55 | 
56 | #endif
57 | 


--------------------------------------------------------------------------------
/phnt/include/ntpfapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTPFAPI_H
  2 | #define _NTPFAPI_H
  3 | 
  4 | // begin_private
  5 | 
  6 | // Prefetch
  7 | 
  8 | typedef enum _PF_BOOT_PHASE_ID
  9 | {
 10 |     PfKernelInitPhase = 0,
 11 |     PfBootDriverInitPhase = 90,
 12 |     PfSystemDriverInitPhase = 120,
 13 |     PfSessionManagerInitPhase = 150,
 14 |     PfSMRegistryInitPhase = 180,
 15 |     PfVideoInitPhase = 210,
 16 |     PfPostVideoInitPhase = 240,
 17 |     PfBootAcceptedRegistryInitPhase = 270,
 18 |     PfUserShellReadyPhase = 300,
 19 |     PfMaxBootPhaseId = 900
 20 | } PF_BOOT_PHASE_ID;
 21 | 
 22 | typedef enum _PF_ENABLE_STATUS
 23 | {
 24 |     PfSvNotSpecified,
 25 |     PfSvEnabled,
 26 |     PfSvDisabled,
 27 |     PfSvMaxEnableStatus
 28 | } PF_ENABLE_STATUS;
 29 | 
 30 | typedef struct _PF_TRACE_LIMITS
 31 | {
 32 |     ULONG MaxNumPages;
 33 |     ULONG MaxNumSections;
 34 |     LONGLONG TimerPeriod;
 35 | } PF_TRACE_LIMITS, *PPF_TRACE_LIMITS;
 36 | 
 37 | typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS
 38 | {
 39 |     PF_ENABLE_STATUS EnableStatus[2];
 40 |     PF_TRACE_LIMITS TraceLimits[2];
 41 |     ULONG MaxNumActiveTraces;
 42 |     ULONG MaxNumSavedTraces;
 43 |     WCHAR RootDirPath[32];
 44 |     WCHAR HostingApplicationList[128];
 45 | } PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS;
 46 | 
 47 | #define PF_BOOT_CONTROL_VERSION 1
 48 | 
 49 | typedef struct _PF_BOOT_CONTROL
 50 | {
 51 |     ULONG Version;
 52 |     ULONG DisableBootPrefetching;
 53 | } PF_BOOT_CONTROL, *PPF_BOOT_CONTROL;
 54 | 
 55 | typedef enum _PREFETCHER_INFORMATION_CLASS
 56 | {
 57 |     PrefetcherRetrieveTrace = 1, // q: CHAR[]
 58 |     PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS
 59 |     PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID
 60 |     PrefetcherRetrieveBootLoaderTrace, // q: CHAR[]
 61 |     PrefetcherBootControl // s: PF_BOOT_CONTROL
 62 | } PREFETCHER_INFORMATION_CLASS;
 63 | 
 64 | #define PREFETCHER_INFORMATION_VERSION 23 // rev
 65 | #define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev
 66 | 
 67 | typedef struct _PREFETCHER_INFORMATION
 68 | {
 69 |     ULONG Version;
 70 |     ULONG Magic;
 71 |     PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass;
 72 |     PVOID PrefetcherInformation;
 73 |     ULONG PrefetcherInformationLength;
 74 | } PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION;
 75 | 
 76 | // Superfetch
 77 | 
 78 | typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS
 79 | {
 80 |     ULONG EnabledComponents;
 81 |     ULONG BootID;
 82 |     ULONG SavedSectInfoTracesMax;
 83 |     ULONG SavedPageAccessTracesMax;
 84 |     ULONG ScenarioPrefetchTimeoutStandby;
 85 |     ULONG ScenarioPrefetchTimeoutHibernate;
 86 | } PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS;
 87 | 
 88 | #define PF_PFN_PRIO_REQUEST_VERSION 1
 89 | #define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1
 90 | #define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1
 91 | 
 92 | typedef struct _PF_PFN_PRIO_REQUEST
 93 | {
 94 |     ULONG Version;
 95 |     ULONG RequestFlags;
 96 |     ULONG_PTR PfnCount;
 97 |     SYSTEM_MEMORY_LIST_INFORMATION MemInfo;
 98 |     MMPFN_IDENTITY PageData[256];
 99 | } PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST;
100 | 
101 | typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE
102 | {
103 |     PfsPrivateSourceKernel,
104 |     PfsPrivateSourceSession,
105 |     PfsPrivateSourceProcess,
106 |     PfsPrivateSourceMax
107 | } PFS_PRIVATE_PAGE_SOURCE_TYPE;
108 | 
109 | typedef struct _PFS_PRIVATE_PAGE_SOURCE
110 | {
111 |     PFS_PRIVATE_PAGE_SOURCE_TYPE Type;
112 |     union
113 |     {
114 |         ULONG SessionId;
115 |         ULONG ProcessId;
116 |     };
117 |     ULONG ImagePathHash;
118 |     ULONG_PTR UniqueProcessHash;
119 | } PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE;
120 | 
121 | typedef struct _PF_PRIVSOURCE_INFO
122 | {
123 |     PFS_PRIVATE_PAGE_SOURCE DbInfo;
124 |     PVOID EProcess;
125 |     SIZE_T WsPrivatePages;
126 |     SIZE_T TotalPrivatePages;
127 |     ULONG SessionID;
128 |     CHAR ImageName[16];
129 |     union {
130 |         ULONG_PTR WsSwapPages;                 // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES.
131 |         ULONG_PTR SessionPagedPoolPages;       // session only.
132 |         ULONG_PTR StoreSizePages;              // process only PF_PRIVSOURCE_QUERY_STORE_INFO.
133 |     };
134 |     ULONG_PTR WsTotalPages;         // process/session only.
135 |     ULONG DeepFreezeTimeMs;         // process only.
136 |     ULONG ModernApp : 1;            // process only.
137 |     ULONG DeepFrozen : 1;           // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred
138 |     ULONG Foreground : 1;           // process only.
139 |     ULONG PerProcessStore : 1;      // process only.
140 |     ULONG Spare : 28;
141 | } PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO;
142 | 
143 | #define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 8
144 | 
145 | typedef struct _PF_PRIVSOURCE_QUERY_REQUEST
146 | {
147 |     ULONG Version;
148 |     ULONG Flags;
149 |     ULONG InfoCount;
150 |     PF_PRIVSOURCE_INFO InfoArray[1];
151 | } PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST;
152 | 
153 | typedef enum _PF_PHASED_SCENARIO_TYPE
154 | {
155 |     PfScenarioTypeNone,
156 |     PfScenarioTypeStandby,
157 |     PfScenarioTypeHibernate,
158 |     PfScenarioTypeFUS,
159 |     PfScenarioTypeMax
160 | } PF_PHASED_SCENARIO_TYPE;
161 | 
162 | #define PF_SCENARIO_PHASE_INFO_VERSION 4
163 | 
164 | typedef struct _PF_SCENARIO_PHASE_INFO
165 | {
166 |     ULONG Version;
167 |     PF_PHASED_SCENARIO_TYPE ScenType;
168 |     ULONG PhaseId;
169 |     ULONG SequenceNumber;
170 |     ULONG Flags;
171 |     ULONG FUSUserId;
172 | } PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO;
173 | 
174 | typedef struct _PF_MEMORY_LIST_NODE
175 | {
176 |     ULONGLONG Node : 8;
177 |     ULONGLONG Spare : 56;
178 |     ULONGLONG StandbyLowPageCount;
179 |     ULONGLONG StandbyMediumPageCount;
180 |     ULONGLONG StandbyHighPageCount;
181 |     ULONGLONG FreePageCount;
182 |     ULONGLONG ModifiedPageCount;
183 | } PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE;
184 | 
185 | #define PF_MEMORY_LIST_INFO_VERSION 1
186 | 
187 | typedef struct _PF_MEMORY_LIST_INFO
188 | {
189 |     ULONG Version;
190 |     ULONG Size;
191 |     ULONG NodeCount;
192 |     PF_MEMORY_LIST_NODE Nodes[1];
193 | } PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO;
194 | 
195 | typedef struct _PF_PHYSICAL_MEMORY_RANGE
196 | {
197 |     ULONG_PTR BasePfn;
198 |     ULONG_PTR PageCount;
199 | } PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE;
200 | 
201 | #define PF_PHYSICAL_MEMORY_RANGE_INFO_V1_VERSION 1
202 | 
203 | typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V1
204 | {
205 |     ULONG Version;
206 |     ULONG RangeCount;
207 |     PF_PHYSICAL_MEMORY_RANGE Ranges[1];
208 | } PF_PHYSICAL_MEMORY_RANGE_INFO_V1, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V1;
209 | 
210 | #define PF_PHYSICAL_MEMORY_RANGE_INFO_V2_VERSION 2
211 | 
212 | typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V2
213 | {
214 |     ULONG Version;
215 |     ULONG Flags;
216 |     ULONG RangeCount;
217 |     PF_PHYSICAL_MEMORY_RANGE Ranges[ANYSIZE_ARRAY];
218 | } PF_PHYSICAL_MEMORY_RANGE_INFO_V2, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V2;
219 | 
220 | // begin_rev
221 | 
222 | #define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1
223 | 
224 | typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO
225 | {
226 |     ULONG Version;
227 |     ULONG RepurposedByPrefetch;
228 | } PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO;
229 | 
230 | // end_rev
231 | 
232 | typedef enum _SUPERFETCH_INFORMATION_CLASS
233 | {
234 |     SuperfetchRetrieveTrace = 1, // q: CHAR[]
235 |     SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS
236 |     SuperfetchLogEvent,
237 |     SuperfetchGenerateTrace,
238 |     SuperfetchPrefetch,
239 |     SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST
240 |     SuperfetchPfnSetPriority,
241 |     SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST
242 |     SuperfetchSequenceNumberQuery, // q: ULONG
243 |     SuperfetchScenarioPhase, // 10
244 |     SuperfetchWorkerPriority,
245 |     SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO
246 |     SuperfetchScenarioPrefetch,
247 |     SuperfetchRobustnessControl,
248 |     SuperfetchTimeControl,
249 |     SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO
250 |     SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO
251 |     SuperfetchTracingControl,
252 |     SuperfetchTrimWhileAgingControl,
253 |     SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // rev
254 |     SuperfetchInformationMax
255 | } SUPERFETCH_INFORMATION_CLASS;
256 | 
257 | #define SUPERFETCH_INFORMATION_VERSION 45 // rev
258 | #define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev
259 | 
260 | typedef struct _SUPERFETCH_INFORMATION
261 | {
262 |     _In_ ULONG Version;
263 |     _In_ ULONG Magic;
264 |     _In_ SUPERFETCH_INFORMATION_CLASS InfoClass;
265 |     _Inout_ PVOID Data;
266 |     _Inout_ ULONG Length;
267 | } SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION;
268 | 
269 | // end_private
270 | 
271 | #endif
272 | 


--------------------------------------------------------------------------------
/phnt/include/ntpnpapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTPNPAPI_H
  2 | #define _NTPNPAPI_H
  3 | 
  4 | typedef enum _PLUGPLAY_EVENT_CATEGORY
  5 | {
  6 |     HardwareProfileChangeEvent,
  7 |     TargetDeviceChangeEvent,
  8 |     DeviceClassChangeEvent,
  9 |     CustomDeviceEvent,
 10 |     DeviceInstallEvent,
 11 |     DeviceArrivalEvent,
 12 |     PowerEvent,
 13 |     VetoEvent,
 14 |     BlockedDriverEvent,
 15 |     InvalidIDEvent,
 16 |     MaxPlugEventCategory
 17 | } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
 18 | 
 19 | typedef struct _PLUGPLAY_EVENT_BLOCK
 20 | {
 21 |     GUID EventGuid;
 22 |     PLUGPLAY_EVENT_CATEGORY EventCategory;
 23 |     PULONG Result;
 24 |     ULONG Flags;
 25 |     ULONG TotalSize;
 26 |     PVOID DeviceObject;
 27 | 
 28 |     union
 29 |     {
 30 |         struct
 31 |         {
 32 |             GUID ClassGuid;
 33 |             WCHAR SymbolicLinkName[1];
 34 |         } DeviceClass;
 35 |         struct
 36 |         {
 37 |             WCHAR DeviceIds[1];
 38 |         } TargetDevice;
 39 |         struct
 40 |         {
 41 |             WCHAR DeviceId[1];
 42 |         } InstallDevice;
 43 |         struct
 44 |         {
 45 |             PVOID NotificationStructure;
 46 |             WCHAR DeviceIds[1];
 47 |         } CustomNotification;
 48 |         struct
 49 |         {
 50 |             PVOID Notification;
 51 |         } ProfileNotification;
 52 |         struct
 53 |         {
 54 |             ULONG NotificationCode;
 55 |             ULONG NotificationData;
 56 |         } PowerNotification;
 57 |         struct
 58 |         {
 59 |             PNP_VETO_TYPE VetoType;
 60 |             WCHAR DeviceIdVetoNameBuffer[1]; // DeviceId<null>VetoName<null><null>
 61 |         } VetoNotification;
 62 |         struct
 63 |         {
 64 |             GUID BlockedDriverGuid;
 65 |         } BlockedDriverNotification;
 66 |         struct
 67 |         {
 68 |             WCHAR ParentId[1];
 69 |         } InvalidIDNotification;
 70 |     } u;
 71 | } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
 72 | 
 73 | typedef enum _PLUGPLAY_CONTROL_CLASS
 74 | {
 75 |     PlugPlayControlEnumerateDevice,
 76 |     PlugPlayControlRegisterNewDevice,
 77 |     PlugPlayControlDeregisterDevice,
 78 |     PlugPlayControlInitializeDevice,
 79 |     PlugPlayControlStartDevice,
 80 |     PlugPlayControlUnlockDevice,
 81 |     PlugPlayControlQueryAndRemoveDevice,
 82 |     PlugPlayControlUserResponse,
 83 |     PlugPlayControlGenerateLegacyDevice,
 84 |     PlugPlayControlGetInterfaceDeviceList,
 85 |     PlugPlayControlProperty,
 86 |     PlugPlayControlDeviceClassAssociation,
 87 |     PlugPlayControlGetRelatedDevice,
 88 |     PlugPlayControlGetInterfaceDeviceAlias,
 89 |     PlugPlayControlDeviceStatus,
 90 |     PlugPlayControlGetDeviceDepth,
 91 |     PlugPlayControlQueryDeviceRelations,
 92 |     PlugPlayControlTargetDeviceRelation,
 93 |     PlugPlayControlQueryConflictList,
 94 |     PlugPlayControlRetrieveDock,
 95 |     PlugPlayControlResetDevice,
 96 |     PlugPlayControlHaltDevice,
 97 |     PlugPlayControlGetBlockedDriverList,
 98 |     PlugPlayControlGetDeviceInterfaceEnabled,
 99 |     MaxPlugPlayControl
100 | } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS;
101 | 
102 | #if (PHNT_VERSION < PHNT_WIN8)
103 | NTSYSCALLAPI
104 | NTSTATUS
105 | NTAPI
106 | NtGetPlugPlayEvent(
107 |     _In_ HANDLE EventHandle,
108 |     _In_opt_ PVOID Context,
109 |     _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
110 |     _In_ ULONG EventBufferSize
111 |     );
112 | #endif
113 | 
114 | NTSYSCALLAPI
115 | NTSTATUS
116 | NTAPI
117 | NtPlugPlayControl(
118 |     _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
119 |     _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
120 |     _In_ ULONG PnPControlDataLength
121 |     );
122 | 
123 | #if (PHNT_VERSION >= PHNT_WIN7)
124 | 
125 | NTSYSCALLAPI
126 | NTSTATUS
127 | NTAPI
128 | NtSerializeBoot(
129 |     VOID
130 |     );
131 | 
132 | NTSYSCALLAPI
133 | NTSTATUS
134 | NTAPI
135 | NtEnableLastKnownGood(
136 |     VOID
137 |     );
138 | 
139 | NTSYSCALLAPI
140 | NTSTATUS
141 | NTAPI
142 | NtDisableLastKnownGood(
143 |     VOID
144 |     );
145 | 
146 | #endif
147 | 
148 | #if (PHNT_VERSION >= PHNT_VISTA)
149 | NTSYSCALLAPI
150 | NTSTATUS
151 | NTAPI
152 | NtReplacePartitionUnit(
153 |     _In_ PUNICODE_STRING TargetInstancePath,
154 |     _In_ PUNICODE_STRING SpareInstancePath,
155 |     _In_ ULONG Flags
156 |     );
157 | #endif
158 | 
159 | #endif
160 | 


--------------------------------------------------------------------------------
/phnt/include/ntpoapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTPOAPI_H
  2 | #define _NTPOAPI_H
  3 | 
  4 | typedef union _POWER_STATE
  5 | {
  6 |     SYSTEM_POWER_STATE SystemState;
  7 |     DEVICE_POWER_STATE DeviceState;
  8 | } POWER_STATE, *PPOWER_STATE;
  9 | 
 10 | typedef enum _POWER_STATE_TYPE
 11 | {
 12 |     SystemPowerState = 0,
 13 |     DevicePowerState
 14 | } POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
 15 | 
 16 | #if (PHNT_VERSION >= PHNT_VISTA)
 17 | // wdm
 18 | typedef struct _SYSTEM_POWER_STATE_CONTEXT
 19 | {
 20 |     union
 21 |     {
 22 |         struct
 23 |         {
 24 |             ULONG Reserved1 : 8;
 25 |             ULONG TargetSystemState : 4;
 26 |             ULONG EffectiveSystemState : 4;
 27 |             ULONG CurrentSystemState : 4;
 28 |             ULONG IgnoreHibernationPath : 1;
 29 |             ULONG PseudoTransition : 1;
 30 |             ULONG Reserved2 : 10;
 31 |         };
 32 |         ULONG ContextAsUlong;
 33 |     };
 34 | } SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT;
 35 | #endif
 36 | 
 37 | #if (PHNT_VERSION >= PHNT_WIN7)
 38 | /** \cond NEVER */ // disable doxygen warning
 39 | // wdm
 40 | typedef struct _COUNTED_REASON_CONTEXT
 41 | {
 42 |     ULONG Version;
 43 |     ULONG Flags;
 44 |     union
 45 |     {
 46 |         struct
 47 |         {
 48 |             UNICODE_STRING ResourceFileName;
 49 |             USHORT ResourceReasonId;
 50 |             ULONG StringCount;
 51 |             PUNICODE_STRING _Field_size_(StringCount) ReasonStrings;
 52 |         };
 53 |         UNICODE_STRING SimpleString;
 54 |     };
 55 | } COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
 56 | /** \endcond */
 57 | #endif
 58 | 
 59 | typedef enum _POWER_STATE_HANDLER_TYPE
 60 | {
 61 |     PowerStateSleeping1 = 0,
 62 |     PowerStateSleeping2 = 1,
 63 |     PowerStateSleeping3 = 2,
 64 |     PowerStateSleeping4 = 3,
 65 |     PowerStateShutdownOff = 4,
 66 |     PowerStateShutdownReset = 5,
 67 |     PowerStateSleeping4Firmware = 6,
 68 |     PowerStateMaximum = 7
 69 | } POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE;
 70 | 
 71 | typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)(
 72 |     _In_ PVOID SystemContext
 73 |     );
 74 | 
 75 | typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)(
 76 |     _In_ PVOID Context,
 77 |     _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler,
 78 |     _In_ PVOID SystemContext,
 79 |     _In_ LONG NumberProcessors,
 80 |     _In_ volatile PLONG Number
 81 |     );
 82 | 
 83 | typedef struct _POWER_STATE_HANDLER
 84 | {
 85 |     POWER_STATE_HANDLER_TYPE Type;
 86 |     BOOLEAN RtcWake;
 87 |     UCHAR Spare[3];
 88 |     PENTER_STATE_HANDLER Handler;
 89 |     PVOID Context;
 90 | } POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER;
 91 | 
 92 | typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)(
 93 |     _In_ POWER_STATE_HANDLER_TYPE State,
 94 |     _In_ PVOID Context,
 95 |     _In_ BOOLEAN Entering
 96 |     );
 97 | 
 98 | typedef struct _POWER_STATE_NOTIFY_HANDLER
 99 | {
100 |     PENTER_STATE_NOTIFY_HANDLER Handler;
101 |     PVOID Context;
102 | } POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER;
103 | 
104 | typedef struct _PROCESSOR_POWER_INFORMATION
105 | {
106 |     ULONG Number;
107 |     ULONG MaxMhz;
108 |     ULONG CurrentMhz;
109 |     ULONG MhzLimit;
110 |     ULONG MaxIdleState;
111 |     ULONG CurrentIdleState;
112 | } PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION;
113 | 
114 | typedef struct _SYSTEM_POWER_INFORMATION
115 | {
116 |     ULONG MaxIdlenessAllowed;
117 |     ULONG Idleness;
118 |     ULONG TimeRemaining;
119 |     UCHAR CoolingMode;
120 | } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
121 | 
122 | NTSYSCALLAPI
123 | NTSTATUS
124 | NTAPI
125 | NtPowerInformation(
126 |     _In_ POWER_INFORMATION_LEVEL InformationLevel,
127 |     _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
128 |     _In_ ULONG InputBufferLength,
129 |     _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
130 |     _In_ ULONG OutputBufferLength
131 |     );
132 | 
133 | NTSYSCALLAPI
134 | NTSTATUS
135 | NTAPI
136 | NtSetThreadExecutionState(
137 |     _In_ EXECUTION_STATE NewFlags, // ES_* flags
138 |     _Out_ EXECUTION_STATE *PreviousFlags
139 |     );
140 | 
141 | NTSYSCALLAPI
142 | NTSTATUS
143 | NTAPI
144 | NtRequestWakeupLatency(
145 |     _In_ LATENCY_TIME latency
146 |     );
147 | 
148 | NTSYSCALLAPI
149 | NTSTATUS
150 | NTAPI
151 | NtInitiatePowerAction(
152 |     _In_ POWER_ACTION SystemAction,
153 |     _In_ SYSTEM_POWER_STATE LightestSystemState,
154 |     _In_ ULONG Flags, // POWER_ACTION_* flags
155 |     _In_ BOOLEAN Asynchronous
156 |     );
157 | 
158 | NTSYSCALLAPI
159 | NTSTATUS
160 | NTAPI
161 | NtSetSystemPowerState(
162 |     _In_ POWER_ACTION SystemAction,
163 |     _In_ SYSTEM_POWER_STATE LightestSystemState,
164 |     _In_ ULONG Flags // POWER_ACTION_* flags
165 |     );
166 | 
167 | NTSYSCALLAPI
168 | NTSTATUS
169 | NTAPI
170 | NtGetDevicePowerState(
171 |     _In_ HANDLE Device,
172 |     _Out_ PDEVICE_POWER_STATE State
173 |     );
174 | 
175 | NTSYSCALLAPI
176 | BOOLEAN
177 | NTAPI
178 | NtIsSystemResumeAutomatic(
179 |     VOID
180 |     );
181 | 
182 | #endif
183 | 


--------------------------------------------------------------------------------
/phnt/include/ntsmss.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTSMSS_H
 2 | #define _NTSMSS_H
 3 | 
 4 | NTSYSAPI
 5 | NTSTATUS
 6 | NTAPI
 7 | RtlConnectToSm(
 8 |     _In_ PUNICODE_STRING ApiPortName,
 9 |     _In_ HANDLE ApiPortHandle,
10 |     _In_ DWORD ProcessImageType,
11 |     _Out_ PHANDLE SmssConnection
12 |     );
13 | 
14 | NTSYSAPI
15 | NTSTATUS
16 | NTAPI
17 | RtlSendMsgToSm(
18 |     _In_ HANDLE ApiPortHandle,
19 |     _In_ PPORT_MESSAGE MessageData
20 |     );
21 | 
22 | #endif
23 | 


--------------------------------------------------------------------------------
/phnt/include/ntxcapi.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTXCAPI_H
 2 | #define _NTXCAPI_H
 3 | 
 4 | NTSYSAPI
 5 | BOOLEAN
 6 | NTAPI
 7 | RtlDispatchException(
 8 |     _In_ PEXCEPTION_RECORD ExceptionRecord,
 9 |     _In_ PCONTEXT ContextRecord
10 |     );
11 | 
12 | NTSYSAPI
13 | DECLSPEC_NORETURN
14 | VOID
15 | NTAPI
16 | RtlRaiseStatus(
17 |     _In_ NTSTATUS Status
18 |     );
19 | 
20 | NTSYSAPI
21 | VOID
22 | NTAPI
23 | RtlRaiseException(
24 |     _In_ PEXCEPTION_RECORD ExceptionRecord
25 |     );
26 | 
27 | NTSYSCALLAPI
28 | NTSTATUS
29 | NTAPI
30 | NtContinue(
31 |     _In_ PCONTEXT ContextRecord,
32 |     _In_ BOOLEAN TestAlert
33 |     );
34 | 
35 | NTSYSCALLAPI
36 | NTSTATUS
37 | NTAPI
38 | NtRaiseException(
39 |     _In_ PEXCEPTION_RECORD ExceptionRecord,
40 |     _In_ PCONTEXT ContextRecord,
41 |     _In_ BOOLEAN FirstChance
42 |     );
43 | 
44 | __analysis_noreturn
45 | NTSYSCALLAPI
46 | VOID
47 | NTAPI
48 | RtlAssert(
49 |     _In_ PVOID VoidFailedAssertion,
50 |     _In_ PVOID VoidFileName,
51 |     _In_ ULONG LineNumber,
52 |     _In_opt_ PSTR MutableMessage
53 |     );
54 | 
55 | #define RTL_ASSERT(exp) \
56 |     ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE)
57 | #define RTL_ASSERTMSG(msg, exp) \
58 |     ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE)
59 | #define RTL_SOFT_ASSERT(_exp) \
60 |     ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n   Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE)
61 | #define RTL_SOFT_ASSERTMSG(_msg, _exp) \
62 |     ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n   Expression: %s\n   Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
63 | 
64 | #endif
65 | 


--------------------------------------------------------------------------------
/phnt/include/phnt.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PHNT_H
  2 | #define _PHNT_H
  3 | 
  4 | // This header file provides access to NT APIs.
  5 | 
  6 | // Definitions are annotated to indicate their source. If a definition is not annotated, it has been
  7 | // retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h).
  8 | 
  9 | // * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in
 10 | //   winbase.h.
 11 | // * "rev" indicates that a definition has been reverse-engineered.
 12 | // * "dbg" indicates that a definition has been obtained from a debug message or assertion in a
 13 | //   checked build of the kernel or file.
 14 | 
 15 | // Reliability:
 16 | // 1. No annotation.
 17 | // 2. dbg.
 18 | // 3. symbols, private. Types may be incorrect.
 19 | // 4. winbase. Names and types may be incorrect.
 20 | // 5. rev.
 21 | 
 22 | // Mode
 23 | #define PHNT_MODE_KERNEL 0
 24 | #define PHNT_MODE_USER 1
 25 | 
 26 | // Version
 27 | #define PHNT_WIN2K 50
 28 | #define PHNT_WINXP 51
 29 | #define PHNT_WS03 52
 30 | #define PHNT_VISTA 60
 31 | #define PHNT_WIN7 61
 32 | #define PHNT_WIN8 62
 33 | #define PHNT_WINBLUE 63
 34 | #define PHNT_THRESHOLD 100
 35 | #define PHNT_THRESHOLD2 101
 36 | #define PHNT_REDSTONE 102
 37 | #define PHNT_REDSTONE2 103
 38 | #define PHNT_REDSTONE3 104
 39 | #define PHNT_REDSTONE4 105
 40 | #define PHNT_REDSTONE5 106
 41 | #define PHNT_19H1 107
 42 | #define PHNT_19H2 108
 43 | 
 44 | #ifndef PHNT_MODE
 45 | #define PHNT_MODE PHNT_MODE_USER
 46 | #endif
 47 | 
 48 | #ifndef PHNT_VERSION
 49 | #define PHNT_VERSION PHNT_WIN7
 50 | #endif
 51 | 
 52 | // Options
 53 | 
 54 | //#define PHNT_NO_INLINE_INIT_STRING
 55 | 
 56 | #ifdef __cplusplus
 57 | extern "C" {
 58 | #endif
 59 | 
 60 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 61 | #include <phnt_ntdef.h>
 62 | #include <ntnls.h>
 63 | #include <ntkeapi.h>
 64 | #endif
 65 | 
 66 | #include <ntldr.h>
 67 | #include <ntexapi.h>
 68 | 
 69 | #include <ntmmapi.h>
 70 | #include <ntobapi.h>
 71 | #include <ntpsapi.h>
 72 | 
 73 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 74 | #include <cfg.h>
 75 | #include <ntdbg.h>
 76 | #include <ntioapi.h>
 77 | #include <ntlpcapi.h>
 78 | #include <ntpfapi.h>
 79 | #include <ntpnpapi.h>
 80 | #include <ntpoapi.h>
 81 | #include <ntregapi.h>
 82 | #include <ntrtl.h>
 83 | #endif
 84 | 
 85 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 86 | 
 87 | #include <ntseapi.h>
 88 | #include <nttmapi.h>
 89 | #include <nttp.h>
 90 | #include <ntxcapi.h>
 91 | 
 92 | #include <ntwow64.h>
 93 | 
 94 | #include <ntlsa.h>
 95 | #include <ntsam.h>
 96 | 
 97 | #include <ntmisc.h>
 98 | 
 99 | #include <ntzwapi.h>
100 | 
101 | #endif
102 | 
103 | #ifdef __cplusplus
104 | }
105 | #endif
106 | 
107 | #endif
108 | 


--------------------------------------------------------------------------------
/phnt/include/phnt_ntdef.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PHNT_NTDEF_H
  2 | #define _PHNT_NTDEF_H
  3 | 
  4 | #ifndef _NTDEF_
  5 | #define _NTDEF_
  6 | 
  7 | // This header file provides basic NT types not included in Win32. If you have included winnt.h
  8 | // (perhaps indirectly), you must use this file instead of ntdef.h.
  9 | 
 10 | #ifndef NOTHING
 11 | #define NOTHING
 12 | #endif
 13 | 
 14 | // Basic types
 15 | 
 16 | typedef struct _QUAD
 17 | {
 18 |     union
 19 |     {
 20 |         __int64 UseThisFieldToCopy;
 21 |         double DoNotUseThisField;
 22 |     };
 23 | } QUAD, *PQUAD;
 24 | 
 25 | // This isn't in NT, but it's useful.
 26 | typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR
 27 | {
 28 |     ULONG_PTR DoNotUseThisField1;
 29 |     ULONG_PTR DoNotUseThisField2;
 30 | } QUAD_PTR, *PQUAD_PTR;
 31 | 
 32 | typedef ULONG LOGICAL;
 33 | typedef ULONG *PLOGICAL;
 34 | 
 35 | typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
 36 | typedef NTSTATUS *PNTSTATUS;
 37 | 
 38 | // Cardinal types
 39 | 
 40 | typedef char CCHAR;
 41 | typedef short CSHORT;
 42 | typedef ULONG CLONG;
 43 | 
 44 | typedef CCHAR *PCCHAR;
 45 | typedef CSHORT *PCSHORT;
 46 | typedef CLONG *PCLONG;
 47 | 
 48 | typedef PCSTR PCSZ;
 49 | 
 50 | // Specific
 51 | 
 52 | typedef UCHAR KIRQL, *PKIRQL;
 53 | typedef LONG KPRIORITY;
 54 | typedef USHORT RTL_ATOM, *PRTL_ATOM;
 55 | 
 56 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
 57 | 
 58 | // NT status macros
 59 | 
 60 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
 61 | #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
 62 | #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
 63 | #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
 64 | 
 65 | #define NT_FACILITY_MASK 0xfff
 66 | #define NT_FACILITY_SHIFT 16
 67 | #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK)
 68 | 
 69 | #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32)
 70 | #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff)
 71 | 
 72 | // Functions
 73 | 
 74 | #ifndef _WIN64
 75 | #define FASTCALL __fastcall
 76 | #else
 77 | #define FASTCALL
 78 | #endif
 79 | 
 80 | // Synchronization enumerations
 81 | 
 82 | typedef enum _EVENT_TYPE
 83 | {
 84 |     NotificationEvent,
 85 |     SynchronizationEvent
 86 | } EVENT_TYPE;
 87 | 
 88 | typedef enum _TIMER_TYPE
 89 | {
 90 |     NotificationTimer,
 91 |     SynchronizationTimer
 92 | } TIMER_TYPE;
 93 | 
 94 | typedef enum _WAIT_TYPE
 95 | {
 96 |     WaitAll,
 97 |     WaitAny,
 98 |     WaitNotification
 99 | } WAIT_TYPE;
100 | 
101 | // Strings
102 | 
103 | typedef struct _STRING
104 | {
105 |     USHORT Length;
106 |     USHORT MaximumLength;
107 |     _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer;
108 | } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING;
109 | 
110 | typedef const STRING *PCSTRING;
111 | typedef const ANSI_STRING *PCANSI_STRING;
112 | typedef const OEM_STRING *PCOEM_STRING;
113 | 
114 | typedef struct _UNICODE_STRING
115 | {
116 |     USHORT Length;
117 |     USHORT MaximumLength;
118 |     _Field_size_bytes_part_(MaximumLength, Length) PWCH Buffer;
119 | } UNICODE_STRING, *PUNICODE_STRING;
120 | 
121 | typedef const UNICODE_STRING *PCUNICODE_STRING;
122 | 
123 | #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s }
124 | 
125 | // Balanced tree node
126 | 
127 | #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3
128 | 
129 | typedef struct _RTL_BALANCED_NODE
130 | {
131 |     union
132 |     {
133 |         struct _RTL_BALANCED_NODE *Children[2];
134 |         struct
135 |         {
136 |             struct _RTL_BALANCED_NODE *Left;
137 |             struct _RTL_BALANCED_NODE *Right;
138 |         };
139 |     };
140 |     union
141 |     {
142 |         UCHAR Red : 1;
143 |         UCHAR Balance : 2;
144 |         ULONG_PTR ParentValue;
145 |     };
146 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE;
147 | 
148 | #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \
149 |     ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK))
150 | 
151 | // Portability
152 | 
153 | typedef struct _SINGLE_LIST_ENTRY32
154 | {
155 |     ULONG Next;
156 | } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32;
157 | 
158 | typedef struct _STRING32
159 | {
160 |     USHORT Length;
161 |     USHORT MaximumLength;
162 |     ULONG Buffer;
163 | } STRING32, *PSTRING32;
164 | 
165 | typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
166 | typedef STRING32 ANSI_STRING32, *PANSI_STRING32;
167 | 
168 | typedef struct _STRING64
169 | {
170 |     USHORT Length;
171 |     USHORT MaximumLength;
172 |     ULONGLONG Buffer;
173 | } STRING64, *PSTRING64;
174 | 
175 | typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64;
176 | typedef STRING64 ANSI_STRING64, *PANSI_STRING64;
177 | 
178 | // Object attributes
179 | 
180 | #define OBJ_INHERIT 0x00000002
181 | #define OBJ_PERMANENT 0x00000010
182 | #define OBJ_EXCLUSIVE 0x00000020
183 | #define OBJ_CASE_INSENSITIVE 0x00000040
184 | #define OBJ_OPENIF 0x00000080
185 | #define OBJ_OPENLINK 0x00000100
186 | #define OBJ_KERNEL_HANDLE 0x00000200
187 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400
188 | #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800
189 | #define OBJ_DONT_REPARSE 0x00001000
190 | #define OBJ_VALID_ATTRIBUTES 0x00001ff2
191 | 
192 | typedef struct _OBJECT_ATTRIBUTES
193 | {
194 |     ULONG Length;
195 |     HANDLE RootDirectory;
196 |     PUNICODE_STRING ObjectName;
197 |     ULONG Attributes;
198 |     PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR;
199 |     PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE
200 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
201 | 
202 | typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
203 | 
204 | #define InitializeObjectAttributes(p, n, a, r, s) { \
205 |     (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
206 |     (p)->RootDirectory = r; \
207 |     (p)->Attributes = a; \
208 |     (p)->ObjectName = n; \
209 |     (p)->SecurityDescriptor = s; \
210 |     (p)->SecurityQualityOfService = NULL; \
211 |     }
212 | 
213 | #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL }
214 | #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
215 | 
216 | #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
217 | 
218 | // Portability
219 | 
220 | typedef struct _OBJECT_ATTRIBUTES64
221 | {
222 |     ULONG Length;
223 |     ULONG64 RootDirectory;
224 |     ULONG64 ObjectName;
225 |     ULONG Attributes;
226 |     ULONG64 SecurityDescriptor;
227 |     ULONG64 SecurityQualityOfService;
228 | } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64;
229 | 
230 | typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64;
231 | 
232 | typedef struct _OBJECT_ATTRIBUTES32
233 | {
234 |     ULONG Length;
235 |     ULONG RootDirectory;
236 |     ULONG ObjectName;
237 |     ULONG Attributes;
238 |     ULONG SecurityDescriptor;
239 |     ULONG SecurityQualityOfService;
240 | } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32;
241 | 
242 | typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32;
243 | 
244 | // Product types
245 | 
246 | typedef enum _NT_PRODUCT_TYPE
247 | {
248 |     NtProductWinNt = 1,
249 |     NtProductLanManNt,
250 |     NtProductServer
251 | } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
252 | 
253 | typedef enum _SUITE_TYPE
254 | {
255 |     SmallBusiness,
256 |     Enterprise,
257 |     BackOffice,
258 |     CommunicationServer,
259 |     TerminalServer,
260 |     SmallBusinessRestricted,
261 |     EmbeddedNT,
262 |     DataCenter,
263 |     SingleUserTS,
264 |     Personal,
265 |     Blade,
266 |     EmbeddedRestricted,
267 |     SecurityAppliance,
268 |     StorageServer,
269 |     ComputeServer,
270 |     WHServer,
271 |     PhoneNT,
272 |     MaxSuiteType
273 | } SUITE_TYPE;
274 | 
275 | // Specific
276 | 
277 | typedef struct _CLIENT_ID
278 | {
279 |     HANDLE UniqueProcess;
280 |     HANDLE UniqueThread;
281 | } CLIENT_ID, *PCLIENT_ID;
282 | 
283 | typedef struct _CLIENT_ID32
284 | {
285 |     ULONG UniqueProcess;
286 |     ULONG UniqueThread;
287 | } CLIENT_ID32, *PCLIENT_ID32;
288 | 
289 | typedef struct _CLIENT_ID64
290 | {
291 |     ULONGLONG UniqueProcess;
292 |     ULONGLONG UniqueThread;
293 | } CLIENT_ID64, *PCLIENT_ID64;
294 | 
295 | #include <pshpack4.h>
296 | 
297 | typedef struct _KSYSTEM_TIME
298 | {
299 |     ULONG LowPart;
300 |     LONG High1Time;
301 |     LONG High2Time;
302 | } KSYSTEM_TIME, *PKSYSTEM_TIME;
303 | 
304 | #include <poppack.h>
305 | 
306 | #endif
307 | 
308 | #endif
309 | 


--------------------------------------------------------------------------------
/phnt/include/phnt_windows.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PHNT_WINDOWS_H
 2 | #define _PHNT_WINDOWS_H
 3 | 
 4 | // This header file provides access to Win32, plus NTSTATUS values and some access mask values.
 5 | 
 6 | #ifndef CINTERFACE
 7 | #define CINTERFACE
 8 | #endif
 9 | 
10 | #ifndef COBJMACROS
11 | #define COBJMACROS
12 | #endif
13 | 
14 | #ifndef INITGUID
15 | #define INITGUID
16 | #endif
17 | 
18 | #ifndef WIN32_LEAN_AND_MEAN
19 | #define WIN32_LEAN_AND_MEAN
20 | #endif
21 | 
22 | #ifndef WIN32_NO_STATUS
23 | #define WIN32_NO_STATUS
24 | #endif
25 | 
26 | #include <windows.h>
27 | #include <windowsx.h>
28 | #undef WIN32_NO_STATUS
29 | #include <ntstatus.h>
30 | #include <winioctl.h>
31 | 
32 | typedef double DOUBLE;
33 | typedef GUID *PGUID;
34 | 
35 | // Desktop access rights
36 | #define DESKTOP_ALL_ACCESS \
37 |     (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \
38 |     DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
39 |     DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \
40 |     STANDARD_RIGHTS_REQUIRED)
41 | #define DESKTOP_GENERIC_READ \
42 |     (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ)
43 | #define DESKTOP_GENERIC_WRITE \
44 |     (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \
45 |     DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \
46 |     STANDARD_RIGHTS_WRITE)
47 | #define DESKTOP_GENERIC_EXECUTE \
48 |     (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE)
49 | 
50 | // Window station access rights
51 | #define WINSTA_GENERIC_READ \
52 |     (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \
53 |     WINSTA_READSCREEN | STANDARD_RIGHTS_READ)
54 | #define WINSTA_GENERIC_WRITE \
55 |     (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \
56 |     STANDARD_RIGHTS_WRITE)
57 | #define WINSTA_GENERIC_EXECUTE \
58 |     (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE)
59 | 
60 | // WMI access rights
61 | #define WMIGUID_GENERIC_READ \
62 |     (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \
63 |     STANDARD_RIGHTS_READ)
64 | #define WMIGUID_GENERIC_WRITE \
65 |     (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \
66 |     STANDARD_RIGHTS_WRITE)
67 | #define WMIGUID_GENERIC_EXECUTE \
68 |     (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \
69 |     TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \
70 |     STANDARD_RIGHTS_EXECUTE)
71 | 
72 | #endif
73 | 


--------------------------------------------------------------------------------
/phnt/include/subprocesstag.h:
--------------------------------------------------------------------------------
 1 | #ifndef _SUBPROCESSTAG_H
 2 | #define _SUBPROCESSTAG_H
 3 | 
 4 | // Subprocess tag information
 5 | 
 6 | typedef enum _TAG_INFO_LEVEL
 7 | {
 8 |     eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG
 9 |     eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE
10 |     eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING
11 |     eTagInfoLevelMax
12 | } TAG_INFO_LEVEL;
13 | 
14 | typedef enum _TAG_TYPE
15 | {
16 |     eTagTypeService = 1,
17 |     eTagTypeMax
18 | } TAG_TYPE;
19 | 
20 | typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS
21 | {
22 |     ULONG dwPid;
23 |     ULONG dwTag;
24 | } TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS;
25 | 
26 | typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS
27 | {
28 |     ULONG eTagType;
29 |     PWSTR pszName;
30 | } TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
31 | 
32 | typedef struct _TAG_INFO_NAME_FROM_TAG
33 | {
34 |     TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams;
35 |     TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams;
36 | } TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG;
37 | 
38 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS
39 | {
40 |     ULONG dwPid;
41 |     PWSTR pszModule;
42 | } TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
43 | 
44 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS
45 | {
46 |     ULONG eTagType;
47 |     PWSTR pmszNames;
48 | } TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
49 | 
50 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE
51 | {
52 |     TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams;
53 |     TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams;
54 | } TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE;
55 | 
56 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS
57 | {
58 |     ULONG dwPid;
59 | } TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
60 | 
61 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT
62 | {
63 |     ULONG eTagType;
64 |     ULONG dwTag;
65 |     PWSTR pszName;
66 |     PWSTR pszGroupName;
67 | } TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT;
68 | 
69 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS
70 | {
71 |     ULONG cElements;
72 |     PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements;
73 | } TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
74 | 
75 | typedef struct _TAG_INFO_NAME_TAG_MAPPING
76 | {
77 |     TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams;
78 |     PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams;
79 | } TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING;
80 | 
81 | _Must_inspect_result_
82 | ULONG
83 | WINAPI
84 | I_QueryTagInformation(
85 |     _In_opt_ PCWSTR MachineName,
86 |     _In_ TAG_INFO_LEVEL InfoLevel,
87 |     _Inout_ PVOID TagInfo
88 |     );
89 | 
90 | typedef ULONG (WINAPI *PQUERY_TAG_INFORMATION)(
91 |     _In_opt_ PCWSTR MachineName,
92 |     _In_ TAG_INFO_LEVEL InfoLevel,
93 |     _Inout_ PVOID TagInfo
94 |     );
95 | 
96 | #endif
97 | 


--------------------------------------------------------------------------------
/phnt/zw_options.txt:
--------------------------------------------------------------------------------
1 | base=include
2 | in=ntdbg.h;ntexapi.h;ntgdi.h;ntioapi.h;ntkeapi.h;ntldr.h;ntlpcapi.h;ntmisc.h;ntmmapi.h;ntnls.h;ntobapi.h;ntpebteb.h;ntpfapi.h;ntpnpapi.h;ntpoapi.h;ntpsapi.h;ntregapi.h;ntrtl.h;ntsam.h;ntseapi.h;nttmapi.h;nttp.h;ntwow64.h;ntxcapi.h
3 | out=ntzwapi.h
4 | header=#ifndef _NTZWAPI_H\r\n#define _NTZWAPI_H\r\n\r\n// This file was automatically generated. Do not edit.\r\n\r\n
5 | footer=#endif\r\n


--------------------------------------------------------------------------------