├── .gitattributes ├── .gitignore ├── Common ├── IPC │ ├── SharedMemMutex.h │ ├── SharedMemQueue.h │ └── SharedSignal.h └── Utilities.h ├── LICENSE ├── PolyHook ├── .gitattributes ├── .gitignore ├── Capstone │ ├── include │ │ ├── arm.h │ │ ├── arm64.h │ │ ├── capstone.h │ │ ├── mips.h │ │ ├── platform.h │ │ ├── ppc.h │ │ ├── sparc.h │ │ ├── systemz.h │ │ ├── x86.h │ │ └── xcore.h │ └── msvc │ │ ├── x64 │ │ ├── Debug │ │ │ └── capstone.lib │ │ └── Release │ │ │ └── capstone.lib │ │ └── x86 │ │ ├── Debug │ │ └── capstone.lib │ │ └── Release │ │ └── capstone.lib ├── LICENSE.md ├── PolyHook.sln ├── PolyHook │ ├── Main.cpp │ ├── PolyHook.cpp │ ├── PolyHook.h │ ├── PolyHook.vcxproj │ └── PolyHook.vcxproj.filters └── README.md ├── README.md ├── UniHook.sln ├── UniHook ├── DissasemblyRoutines.cpp ├── Dissassembly │ └── DissasemblyRoutines.h ├── HookHandler64.h ├── HookHandler86.h ├── PDB Query │ └── PDBReader.h ├── ReadMe.txt ├── Tools.h ├── UniHook.vcxproj ├── UniHook.vcxproj.filters └── dllmain.cpp └── UniHookLoader ├── CmdLineParser.h ├── Injector.cpp ├── Injector.h ├── ReadMe.txt ├── UniHookLoader.cpp ├── UniHookLoader.vcxproj └── UniHookLoader.vcxproj.filters /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | x64/ 19 | x86/ 20 | build/ 21 | bld/ 22 | [Bb]in/ 23 | [Oo]bj/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | 28 | # MSTest test Results 29 | [Tt]est[Rr]esult*/ 30 | [Bb]uild[Ll]og.* 31 | 32 | # NUNIT 33 | *.VisualState.xml 34 | TestResult.xml 35 | 36 | # Build Results of an ATL Project 37 | [Dd]ebugPS/ 38 | [Rr]eleasePS/ 39 | dlldata.c 40 | 41 | # DNX 42 | project.lock.json 43 | artifacts/ 44 | 45 | *_i.c 46 | *_p.c 47 | *_i.h 48 | *.ilk 49 | *.meta 50 | *.obj 51 | *.pch 52 | *.pdb 53 | *.pgc 54 | *.pgd 55 | *.rsp 56 | *.sbr 57 | *.tlb 58 | *.tli 59 | *.tlh 60 | *.tmp 61 | *.tmp_proj 62 | *.log 63 | *.vspscc 64 | *.vssscc 65 | .builds 66 | *.pidb 67 | *.svclog 68 | *.scc 69 | 70 | # Chutzpah Test files 71 | _Chutzpah* 72 | 73 | # Visual C++ cache files 74 | ipch/ 75 | *.aps 76 | *.ncb 77 | *.opensdf 78 | *.sdf 79 | *.cachefile 80 | 81 | # Visual Studio profiler 82 | *.psess 83 | *.vsp 84 | *.vspx 85 | 86 | # TFS 2012 Local Workspace 87 | $tf/ 88 | 89 | # Guidance Automation Toolkit 90 | *.gpState 91 | 92 | # ReSharper is a .NET coding add-in 93 | _ReSharper*/ 94 | *.[Rr]e[Ss]harper 95 | *.DotSettings.user 96 | 97 | # JustCode is a .NET coding add-in 98 | .JustCode 99 | 100 | # TeamCity is a build add-in 101 | _TeamCity* 102 | 103 | # DotCover is a Code Coverage Tool 104 | *.dotCover 105 | 106 | # NCrunch 107 | _NCrunch_* 108 | .*crunch*.local.xml 109 | 110 | # MightyMoose 111 | *.mm.* 112 | AutoTest.Net/ 113 | 114 | # Web workbench (sass) 115 | .sass-cache/ 116 | 117 | # Installshield output folder 118 | [Ee]xpress/ 119 | 120 | # DocProject is a documentation generator add-in 121 | DocProject/buildhelp/ 122 | DocProject/Help/*.HxT 123 | DocProject/Help/*.HxC 124 | DocProject/Help/*.hhc 125 | DocProject/Help/*.hhk 126 | DocProject/Help/*.hhp 127 | DocProject/Help/Html2 128 | DocProject/Help/html 129 | 130 | # Click-Once directory 131 | publish/ 132 | 133 | # Publish Web Output 134 | *.[Pp]ublish.xml 135 | *.azurePubxml 136 | ## TODO: Comment the next line if you want to checkin your 137 | ## web deploy settings but do note that will include unencrypted 138 | ## passwords 139 | #*.pubxml 140 | 141 | *.publishproj 142 | 143 | # NuGet Packages 144 | *.nupkg 145 | # The packages folder can be ignored because of Package Restore 146 | **/packages/* 147 | # except build/, which is used as an MSBuild target. 148 | !**/packages/build/ 149 | # Uncomment if necessary however generally it will be regenerated when needed 150 | #!**/packages/repositories.config 151 | 152 | # Windows Azure Build Output 153 | csx/ 154 | *.build.csdef 155 | 156 | # Windows Store app package directory 157 | AppPackages/ 158 | 159 | # Visual Studio cache files 160 | # files ending in .cache can be ignored 161 | *.[Cc]ache 162 | # but keep track of directories ending in .cache 163 | !*.[Cc]ache/ 164 | 165 | # Others 166 | ClientBin/ 167 | [Ss]tyle[Cc]op.* 168 | ~$* 169 | *~ 170 | *.dbmdl 171 | *.dbproj.schemaview 172 | *.pfx 173 | *.publishsettings 174 | node_modules/ 175 | orleans.codegen.cs 176 | 177 | # RIA/Silverlight projects 178 | Generated_Code/ 179 | 180 | # Backup & report files from converting an old project file 181 | # to a newer Visual Studio version. Backup files are not needed, 182 | # because we have git ;-) 183 | _UpgradeReport_Files/ 184 | Backup*/ 185 | UpgradeLog*.XML 186 | UpgradeLog*.htm 187 | 188 | # SQL Server files 189 | *.mdf 190 | *.ldf 191 | 192 | # Business Intelligence projects 193 | *.rdl.data 194 | *.bim.layout 195 | *.bim_*.settings 196 | 197 | # Microsoft Fakes 198 | FakesAssemblies/ 199 | 200 | # Node.js Tools for Visual Studio 201 | .ntvs_analysis.dat 202 | 203 | # Visual Studio 6 build log 204 | *.plg 205 | 206 | # Visual Studio 6 workspace options file 207 | *.opt 208 | 209 | # LightSwitch generated files 210 | GeneratedArtifacts/ 211 | _Pvt_Extensions/ 212 | ModelManifest.xml 213 | -------------------------------------------------------------------------------- /Common/IPC/SharedMemMutex.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | class SharedMemMutex 4 | { 5 | public: 6 | enum class Mode 7 | { 8 | Server , 9 | Client 10 | }; 11 | SharedMemMutex(const std::string& Name, Mode Type); 12 | ~SharedMemMutex(); 13 | bool lock(); 14 | bool unlock(); 15 | private: 16 | HANDLE m_hMutex; 17 | bool m_InitOk; 18 | }; 19 | 20 | SharedMemMutex::SharedMemMutex(const std::string& Name, Mode Type) 21 | { 22 | m_InitOk = true; 23 | 24 | //Create mutex if it doesn't exist, join if it does 25 | m_hMutex = CreateMutexA(NULL, (Type == Mode::Server) ? FALSE : TRUE, Name.c_str()); 26 | if (m_hMutex == NULL) 27 | { 28 | m_InitOk = false; 29 | return; 30 | } 31 | } 32 | 33 | SharedMemMutex::~SharedMemMutex() 34 | { 35 | if (!m_InitOk) 36 | return; 37 | CloseHandle(m_hMutex); 38 | } 39 | 40 | bool SharedMemMutex::lock() 41 | { 42 | if (!m_InitOk) 43 | return false; 44 | 45 | //Blocks until it has ownership 46 | DWORD Result = WaitForSingleObject(m_hMutex, INFINITE); 47 | if (Result == WAIT_OBJECT_0) 48 | return true; 49 | return false; 50 | } 51 | 52 | bool SharedMemMutex::unlock() 53 | { 54 | if (!m_InitOk) 55 | return false; 56 | 57 | if (ReleaseMutex(m_hMutex) != NULL) 58 | return true; 59 | return false; 60 | } 61 | -------------------------------------------------------------------------------- /Common/IPC/SharedMemQueue.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "SharedMemMutex.h" 3 | #include "SharedSignal.h" 4 | #include 5 | 6 | DWORD WINAPI MsgThread(LPVOID lparam); 7 | struct MemMessage 8 | { 9 | MemMessage(BYTE* Data,DWORD Size) 10 | { 11 | m_DataSize = Size; 12 | m_Data.resize(Size); 13 | memcpy(&m_Data[0], Data, m_DataSize); 14 | } 15 | MemMessage(const char* Frmt, ...) 16 | { 17 | va_list args; 18 | va_start(args, Frmt); 19 | char szBuffer[512]; 20 | int nBuf = vsnprintf_s(szBuffer, 511,Frmt, args); 21 | va_end(args); 22 | 23 | m_DataSize = nBuf + 1; 24 | m_Data.resize(m_DataSize); 25 | memcpy(&m_Data[0], szBuffer, m_DataSize); 26 | } 27 | MemMessage(const std::string& Msg) 28 | { 29 | m_DataSize = Msg.size(); 30 | m_Data.resize(m_DataSize); 31 | memcpy(&m_Data[0], Msg.c_str(), m_DataSize); 32 | } 33 | MemMessage() 34 | { 35 | 36 | } 37 | //Vector data is written into shared Mem 38 | std::vector m_Data; 39 | DWORD m_DataSize; 40 | }; 41 | 42 | struct SharedMemQHeader 43 | { 44 | DWORD m_OffsetToEndOfLastMessage; 45 | DWORD m_MessageCount; 46 | }; 47 | 48 | class SharedMemQueue 49 | { 50 | public: 51 | typedef void(*tMsgReceivedCallback)(); 52 | enum class Mode 53 | { 54 | Server, 55 | Client 56 | }; 57 | SharedMemQueue(const std::string& ServerName, const DWORD BufSize, Mode Type); 58 | ~SharedMemQueue(); 59 | 60 | void SetCallback(tMsgReceivedCallback Callback); 61 | 62 | //For batch operations 63 | void ManualLock(); 64 | void ManualUnlock(); 65 | 66 | //Call with true to use manual lock features 67 | bool PushMessage(MemMessage Msg,bool ManualLocking = false); 68 | bool PopMessage(MemMessage& Msg); 69 | bool IsMessageAvailable(); 70 | void WaitForMessage(); 71 | DWORD GetOutMessageCount() const; 72 | DWORD GetInMessageCount() const; 73 | private: 74 | mutable SharedMemMutex m_Mutex; 75 | SharedMemQHeader* m_OutHeader; 76 | SharedMemQHeader* m_InHeader; 77 | DWORD m_BufSize; 78 | BYTE* m_Buffer; 79 | HANDLE m_hMappedFile; 80 | HANDLE m_hMsgThread; 81 | SharedSignal m_ServerToClientSignal; 82 | SharedSignal m_ClientToServerSignal; 83 | Mode m_Type; 84 | bool m_InitOk; 85 | tMsgReceivedCallback m_ReceivedCallback; 86 | }; 87 | 88 | SharedMemQueue::SharedMemQueue(const std::string& ServerName, const DWORD BufSize, Mode Type) : 89 | m_Mutex(std::string(ServerName + "_MTX"), (Type == Mode::Server) ? SharedMemMutex::Mode::Server : SharedMemMutex::Mode::Client), 90 | m_ServerToClientSignal(std::string(ServerName+"_SC_SGNL")),m_ClientToServerSignal(std::string(ServerName+"_CS_SGNL")) 91 | { 92 | m_InitOk = true; 93 | m_BufSize = BufSize; 94 | m_Type = Type; 95 | 96 | if (Type == Mode::Server) 97 | { 98 | m_hMappedFile = CreateFileMappingA(INVALID_HANDLE_VALUE, NULL, 99 | PAGE_READWRITE, 0, BufSize, ServerName.c_str()); 100 | } 101 | else if (Type == Mode::Client) { 102 | m_hMappedFile = OpenFileMappingA(FILE_MAP_ALL_ACCESS, FALSE, ServerName.c_str()); 103 | } 104 | 105 | if (m_hMappedFile == NULL) 106 | { 107 | m_InitOk = false; 108 | return; 109 | } 110 | 111 | m_Buffer = (BYTE*)MapViewOfFile(m_hMappedFile, FILE_MAP_ALL_ACCESS, 0, 0, BufSize); 112 | if (m_Buffer == NULL) 113 | { 114 | CloseHandle(m_hMappedFile); 115 | m_InitOk = false; 116 | return; 117 | } 118 | 119 | if (Type == Mode::Server) 120 | { 121 | m_OutHeader = (SharedMemQHeader*)m_Buffer; 122 | m_OutHeader->m_MessageCount = 0; 123 | m_OutHeader->m_OffsetToEndOfLastMessage = 0; 124 | 125 | m_InHeader = (SharedMemQHeader*)(m_Buffer + (BufSize/2)); 126 | m_InHeader->m_MessageCount = 0; 127 | m_InHeader->m_OffsetToEndOfLastMessage = 0; 128 | } 129 | 130 | if (Type == Mode::Client) 131 | { 132 | m_InHeader = (SharedMemQHeader*)m_Buffer; 133 | m_OutHeader = (SharedMemQHeader*)(m_Buffer + (BufSize/2)); 134 | } 135 | m_hMsgThread = CreateThread(NULL, NULL, MsgThread, this, NULL, NULL); 136 | } 137 | 138 | SharedMemQueue::~SharedMemQueue() 139 | { 140 | UnmapViewOfFile(m_Buffer); 141 | CloseHandle(m_hMappedFile); 142 | CloseHandle(m_hMsgThread); 143 | } 144 | 145 | void SharedMemQueue::SetCallback(tMsgReceivedCallback Callback) 146 | { 147 | m_ReceivedCallback = Callback; 148 | } 149 | 150 | void SharedMemQueue::ManualLock() 151 | { 152 | m_Mutex.lock(); 153 | } 154 | 155 | void SharedMemQueue::ManualUnlock() 156 | { 157 | m_Mutex.unlock(); 158 | } 159 | 160 | bool SharedMemQueue::PushMessage(MemMessage Msg,bool ManualLocking) 161 | { 162 | if (!m_InitOk) 163 | return false; 164 | 165 | if(!ManualLocking) 166 | std::lock_guard Lock(m_Mutex); 167 | 168 | BYTE* WriteLocation = ((BYTE*)m_OutHeader) + sizeof(SharedMemQHeader) + m_OutHeader->m_OffsetToEndOfLastMessage; 169 | 170 | //sizeof(DWORD) = sizeof(MemMessage::m_DataSize), Qt doesn't like that syntax 171 | //Make sure we don't overrun our buffer 172 | intptr_t Delta = (WriteLocation + Msg.m_DataSize + sizeof(DWORD)) - ((BYTE*)m_OutHeader); 173 | if (Delta >= (m_BufSize/2)) 174 | return false; 175 | 176 | //Write Data 177 | memcpy(WriteLocation, &Msg.m_Data[0], Msg.m_DataSize); 178 | WriteLocation += Msg.m_DataSize; 179 | 180 | //Write the message size 181 | *(DWORD*)WriteLocation = Msg.m_DataSize; 182 | 183 | m_OutHeader->m_OffsetToEndOfLastMessage += Msg.m_DataSize + sizeof(DWORD); 184 | m_OutHeader->m_MessageCount++; 185 | 186 | if (m_Type == Mode::Server) 187 | m_ServerToClientSignal.Signal(); 188 | else 189 | m_ClientToServerSignal.Signal(); 190 | return true; 191 | } 192 | 193 | bool SharedMemQueue::PopMessage(MemMessage& Msg) 194 | { 195 | if (!m_InitOk) 196 | return false; 197 | 198 | std::lock_guard Lock(m_Mutex); 199 | if (m_InHeader->m_MessageCount < 1) 200 | return false; 201 | 202 | BYTE* ReadLocation = ((BYTE*)m_InHeader) + sizeof(SharedMemQHeader) + m_InHeader->m_OffsetToEndOfLastMessage - sizeof(DWORD); 203 | 204 | //Get size of message data 205 | DWORD MsgSize = *(DWORD*)ReadLocation; 206 | ReadLocation -= MsgSize; 207 | 208 | //Make room in the vector for our data 209 | Msg.m_Data.resize(MsgSize); 210 | 211 | //Read the data 212 | memcpy(&Msg.m_Data[0], ReadLocation, MsgSize); 213 | 214 | //Set the size of the message in the struct 215 | Msg.m_DataSize = MsgSize; 216 | 217 | m_InHeader->m_OffsetToEndOfLastMessage -= MsgSize + sizeof(DWORD); 218 | m_InHeader->m_MessageCount--; 219 | return true; 220 | } 221 | 222 | DWORD SharedMemQueue::GetOutMessageCount() const 223 | { 224 | if (!m_InitOk) 225 | return 0; 226 | 227 | std::lock_guard Lock(m_Mutex); 228 | return m_OutHeader->m_MessageCount; 229 | } 230 | 231 | DWORD SharedMemQueue::GetInMessageCount() const 232 | { 233 | if (!m_InitOk) 234 | return 0; 235 | 236 | std::lock_guard Lock(m_Mutex); 237 | return m_InHeader->m_MessageCount; 238 | } 239 | 240 | bool SharedMemQueue::IsMessageAvailable() 241 | { 242 | if (!m_InitOk) 243 | return false; 244 | 245 | std::lock_guard Lock(m_Mutex); 246 | if (m_InHeader->m_MessageCount > 0) 247 | return true; 248 | 249 | return false; 250 | } 251 | 252 | void SharedMemQueue::WaitForMessage() 253 | { 254 | if (m_Type == Mode::Server) 255 | { 256 | m_ClientToServerSignal.Wait(); 257 | m_ClientToServerSignal.Reset(); 258 | }else { 259 | m_ServerToClientSignal.Wait(); 260 | m_ServerToClientSignal.Reset(); 261 | } 262 | if(m_ReceivedCallback) 263 | m_ReceivedCallback(); 264 | } 265 | 266 | DWORD WINAPI MsgThread(LPVOID lparam) 267 | { 268 | do 269 | { 270 | SharedMemQueue* pThis = (SharedMemQueue*)lparam; 271 | if(pThis) 272 | pThis->WaitForMessage(); 273 | } while (1); 274 | } 275 | -------------------------------------------------------------------------------- /Common/IPC/SharedSignal.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | class SharedSignal 4 | { 5 | public: 6 | SharedSignal(const std::string& Name); 7 | ~SharedSignal(); 8 | bool Signal(); 9 | bool Wait(); 10 | bool Reset(); 11 | private: 12 | HANDLE m_hEvent; 13 | bool m_InitOk; 14 | }; 15 | 16 | SharedSignal::SharedSignal(const std::string& Name) 17 | { 18 | m_InitOk = true; 19 | 20 | m_hEvent = CreateEventA(NULL, TRUE, FALSE, Name.c_str()); 21 | if (m_hEvent == NULL) 22 | m_InitOk = false; 23 | } 24 | 25 | SharedSignal::~SharedSignal() 26 | { 27 | CloseHandle(m_hEvent); 28 | } 29 | 30 | bool SharedSignal::Signal() 31 | { 32 | if (!m_InitOk) 33 | return false; 34 | 35 | return SetEvent(m_hEvent) == NULL ? false:true; 36 | } 37 | 38 | bool SharedSignal::Wait() 39 | { 40 | if (!m_InitOk) 41 | return false; 42 | 43 | if (WaitForSingleObject(m_hEvent, INFINITE) == WAIT_OBJECT_0) 44 | return true; 45 | return false; 46 | } 47 | 48 | bool SharedSignal::Reset() 49 | { 50 | return ResetEvent(m_hEvent) == NULL ? false : true; 51 | } -------------------------------------------------------------------------------- /Common/Utilities.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | std::vector split(const std::string &s, const std::string& delim) 5 | { 6 | std::vector tokens; 7 | size_t start = 0; 8 | size_t end = s.find(delim); 9 | 10 | while (end != std::string::npos) 11 | { 12 | tokens.push_back(s.substr(start, end - start)); 13 | start = end + delim.length(); 14 | end = s.find(delim, start); 15 | } 16 | tokens.push_back(s.substr(start, end)); 17 | return tokens; 18 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Stephen Eckels 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /PolyHook/.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /PolyHook/.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | x64/ 19 | x86/ 20 | build/ 21 | bld/ 22 | [Bb]in/ 23 | [Oo]bj/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | 28 | # MSTest test Results 29 | [Tt]est[Rr]esult*/ 30 | [Bb]uild[Ll]og.* 31 | 32 | # NUNIT 33 | *.VisualState.xml 34 | TestResult.xml 35 | 36 | # Build Results of an ATL Project 37 | [Dd]ebugPS/ 38 | [Rr]eleasePS/ 39 | dlldata.c 40 | 41 | # DNX 42 | project.lock.json 43 | artifacts/ 44 | 45 | *_i.c 46 | *_p.c 47 | *_i.h 48 | *.ilk 49 | *.meta 50 | *.obj 51 | *.pch 52 | *.pdb 53 | *.pgc 54 | *.pgd 55 | *.rsp 56 | *.sbr 57 | *.tlb 58 | *.tli 59 | *.tlh 60 | *.tmp 61 | *.tmp_proj 62 | *.log 63 | *.vspscc 64 | *.vssscc 65 | .builds 66 | *.pidb 67 | *.svclog 68 | *.scc 69 | 70 | # Chutzpah Test files 71 | _Chutzpah* 72 | 73 | # Visual C++ cache files 74 | ipch/ 75 | *.aps 76 | *.ncb 77 | *.opensdf 78 | *.sdf 79 | *.cachefile 80 | 81 | # Visual Studio profiler 82 | *.psess 83 | *.vsp 84 | *.vspx 85 | 86 | # TFS 2012 Local Workspace 87 | $tf/ 88 | 89 | # Guidance Automation Toolkit 90 | *.gpState 91 | 92 | # ReSharper is a .NET coding add-in 93 | _ReSharper*/ 94 | *.[Rr]e[Ss]harper 95 | *.DotSettings.user 96 | 97 | # JustCode is a .NET coding add-in 98 | .JustCode 99 | 100 | # TeamCity is a build add-in 101 | _TeamCity* 102 | 103 | # DotCover is a Code Coverage Tool 104 | *.dotCover 105 | 106 | # NCrunch 107 | _NCrunch_* 108 | .*crunch*.local.xml 109 | 110 | # MightyMoose 111 | *.mm.* 112 | AutoTest.Net/ 113 | 114 | # Web workbench (sass) 115 | .sass-cache/ 116 | 117 | # Installshield output folder 118 | [Ee]xpress/ 119 | 120 | # DocProject is a documentation generator add-in 121 | DocProject/buildhelp/ 122 | DocProject/Help/*.HxT 123 | DocProject/Help/*.HxC 124 | DocProject/Help/*.hhc 125 | DocProject/Help/*.hhk 126 | DocProject/Help/*.hhp 127 | DocProject/Help/Html2 128 | DocProject/Help/html 129 | 130 | # Click-Once directory 131 | publish/ 132 | 133 | # Publish Web Output 134 | *.[Pp]ublish.xml 135 | *.azurePubxml 136 | ## TODO: Comment the next line if you want to checkin your 137 | ## web deploy settings but do note that will include unencrypted 138 | ## passwords 139 | #*.pubxml 140 | 141 | *.publishproj 142 | 143 | # NuGet Packages 144 | *.nupkg 145 | # The packages folder can be ignored because of Package Restore 146 | **/packages/* 147 | # except build/, which is used as an MSBuild target. 148 | !**/packages/build/ 149 | # Uncomment if necessary however generally it will be regenerated when needed 150 | #!**/packages/repositories.config 151 | 152 | # Windows Azure Build Output 153 | csx/ 154 | *.build.csdef 155 | 156 | # Windows Store app package directory 157 | AppPackages/ 158 | 159 | # Visual Studio cache files 160 | # files ending in .cache can be ignored 161 | *.[Cc]ache 162 | # but keep track of directories ending in .cache 163 | !*.[Cc]ache/ 164 | 165 | # Others 166 | ClientBin/ 167 | [Ss]tyle[Cc]op.* 168 | ~$* 169 | *~ 170 | *.dbmdl 171 | *.dbproj.schemaview 172 | *.pfx 173 | *.publishsettings 174 | node_modules/ 175 | orleans.codegen.cs 176 | 177 | # RIA/Silverlight projects 178 | Generated_Code/ 179 | 180 | # Backup & report files from converting an old project file 181 | # to a newer Visual Studio version. Backup files are not needed, 182 | # because we have git ;-) 183 | _UpgradeReport_Files/ 184 | Backup*/ 185 | UpgradeLog*.XML 186 | UpgradeLog*.htm 187 | 188 | # SQL Server files 189 | *.mdf 190 | *.ldf 191 | 192 | # Business Intelligence projects 193 | *.rdl.data 194 | *.bim.layout 195 | *.bim_*.settings 196 | 197 | # Microsoft Fakes 198 | FakesAssemblies/ 199 | 200 | # Node.js Tools for Visual Studio 201 | .ntvs_analysis.dat 202 | 203 | # Visual Studio 6 build log 204 | *.plg 205 | 206 | # Visual Studio 6 workspace options file 207 | *.opt 208 | 209 | # LightSwitch generated files 210 | GeneratedArtifacts/ 211 | _Pvt_Extensions/ 212 | ModelManifest.xml 213 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/arm.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM_H 2 | #define CAPSTONE_ARM_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM shift type 19 | typedef enum arm_shifter { 20 | ARM_SFT_INVALID = 0, 21 | ARM_SFT_ASR, // shift with immediate const 22 | ARM_SFT_LSL, // shift with immediate const 23 | ARM_SFT_LSR, // shift with immediate const 24 | ARM_SFT_ROR, // shift with immediate const 25 | ARM_SFT_RRX, // shift with immediate const 26 | ARM_SFT_ASR_REG, // shift with register 27 | ARM_SFT_LSL_REG, // shift with register 28 | ARM_SFT_LSR_REG, // shift with register 29 | ARM_SFT_ROR_REG, // shift with register 30 | ARM_SFT_RRX_REG, // shift with register 31 | } arm_shifter; 32 | 33 | //> ARM condition code 34 | typedef enum arm_cc { 35 | ARM_CC_INVALID = 0, 36 | ARM_CC_EQ, // Equal Equal 37 | ARM_CC_NE, // Not equal Not equal, or unordered 38 | ARM_CC_HS, // Carry set >, ==, or unordered 39 | ARM_CC_LO, // Carry clear Less than 40 | ARM_CC_MI, // Minus, negative Less than 41 | ARM_CC_PL, // Plus, positive or zero >, ==, or unordered 42 | ARM_CC_VS, // Overflow Unordered 43 | ARM_CC_VC, // No overflow Not unordered 44 | ARM_CC_HI, // Unsigned higher Greater than, or unordered 45 | ARM_CC_LS, // Unsigned lower or same Less than or equal 46 | ARM_CC_GE, // Greater than or equal Greater than or equal 47 | ARM_CC_LT, // Less than Less than, or unordered 48 | ARM_CC_GT, // Greater than Greater than 49 | ARM_CC_LE, // Less than or equal <, ==, or unordered 50 | ARM_CC_AL // Always (unconditional) Always (unconditional) 51 | } arm_cc; 52 | 53 | typedef enum arm_sysreg { 54 | //> Special registers for MSR 55 | ARM_SYSREG_INVALID = 0, 56 | 57 | // SPSR* registers can be OR combined 58 | ARM_SYSREG_SPSR_C = 1, 59 | ARM_SYSREG_SPSR_X = 2, 60 | ARM_SYSREG_SPSR_S = 4, 61 | ARM_SYSREG_SPSR_F = 8, 62 | 63 | // CPSR* registers can be OR combined 64 | ARM_SYSREG_CPSR_C = 16, 65 | ARM_SYSREG_CPSR_X = 32, 66 | ARM_SYSREG_CPSR_S = 64, 67 | ARM_SYSREG_CPSR_F = 128, 68 | 69 | // independent registers 70 | ARM_SYSREG_APSR = 256, 71 | ARM_SYSREG_APSR_G, 72 | ARM_SYSREG_APSR_NZCVQ, 73 | ARM_SYSREG_APSR_NZCVQG, 74 | 75 | ARM_SYSREG_IAPSR, 76 | ARM_SYSREG_IAPSR_G, 77 | ARM_SYSREG_IAPSR_NZCVQG, 78 | 79 | ARM_SYSREG_EAPSR, 80 | ARM_SYSREG_EAPSR_G, 81 | ARM_SYSREG_EAPSR_NZCVQG, 82 | 83 | ARM_SYSREG_XPSR, 84 | ARM_SYSREG_XPSR_G, 85 | ARM_SYSREG_XPSR_NZCVQG, 86 | 87 | ARM_SYSREG_IPSR, 88 | ARM_SYSREG_EPSR, 89 | ARM_SYSREG_IEPSR, 90 | 91 | ARM_SYSREG_MSP, 92 | ARM_SYSREG_PSP, 93 | ARM_SYSREG_PRIMASK, 94 | ARM_SYSREG_BASEPRI, 95 | ARM_SYSREG_BASEPRI_MAX, 96 | ARM_SYSREG_FAULTMASK, 97 | ARM_SYSREG_CONTROL, 98 | } arm_sysreg; 99 | 100 | //> The memory barrier constants map directly to the 4-bit encoding of 101 | //> the option field for Memory Barrier operations. 102 | typedef enum arm_mem_barrier { 103 | ARM_MB_INVALID = 0, 104 | ARM_MB_RESERVED_0, 105 | ARM_MB_OSHLD, 106 | ARM_MB_OSHST, 107 | ARM_MB_OSH, 108 | ARM_MB_RESERVED_4, 109 | ARM_MB_NSHLD, 110 | ARM_MB_NSHST, 111 | ARM_MB_NSH, 112 | ARM_MB_RESERVED_8, 113 | ARM_MB_ISHLD, 114 | ARM_MB_ISHST, 115 | ARM_MB_ISH, 116 | ARM_MB_RESERVED_12, 117 | ARM_MB_LD, 118 | ARM_MB_ST, 119 | ARM_MB_SY, 120 | } arm_mem_barrier; 121 | 122 | //> Operand type for instruction's operands 123 | typedef enum arm_op_type { 124 | ARM_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 125 | ARM_OP_REG, // = CS_OP_REG (Register operand). 126 | ARM_OP_IMM, // = CS_OP_IMM (Immediate operand). 127 | ARM_OP_MEM, // = CS_OP_MEM (Memory operand). 128 | ARM_OP_FP, // = CS_OP_FP (Floating-Point operand). 129 | ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers) 130 | ARM_OP_PIMM, // P-Immediate (coprocessor registers) 131 | ARM_OP_SETEND, // operand for SETEND instruction 132 | ARM_OP_SYSREG, // MSR/MSR special register operand 133 | } arm_op_type; 134 | 135 | //> Operand type for SETEND instruction 136 | typedef enum arm_setend_type { 137 | ARM_SETEND_INVALID = 0, // Uninitialized. 138 | ARM_SETEND_BE, // BE operand. 139 | ARM_SETEND_LE, // LE operand 140 | } arm_setend_type; 141 | 142 | typedef enum arm_cpsmode_type { 143 | ARM_CPSMODE_INVALID = 0, 144 | ARM_CPSMODE_IE = 2, 145 | ARM_CPSMODE_ID = 3 146 | } arm_cpsmode_type; 147 | 148 | //> Operand type for SETEND instruction 149 | typedef enum arm_cpsflag_type { 150 | ARM_CPSFLAG_INVALID = 0, 151 | ARM_CPSFLAG_F = 1, 152 | ARM_CPSFLAG_I = 2, 153 | ARM_CPSFLAG_A = 4, 154 | ARM_CPSFLAG_NONE = 16, // no flag 155 | } arm_cpsflag_type; 156 | 157 | //> Data type for elements of vector instructions. 158 | typedef enum arm_vectordata_type { 159 | ARM_VECTORDATA_INVALID = 0, 160 | 161 | // Integer type 162 | ARM_VECTORDATA_I8, 163 | ARM_VECTORDATA_I16, 164 | ARM_VECTORDATA_I32, 165 | ARM_VECTORDATA_I64, 166 | 167 | // Signed integer type 168 | ARM_VECTORDATA_S8, 169 | ARM_VECTORDATA_S16, 170 | ARM_VECTORDATA_S32, 171 | ARM_VECTORDATA_S64, 172 | 173 | // Unsigned integer type 174 | ARM_VECTORDATA_U8, 175 | ARM_VECTORDATA_U16, 176 | ARM_VECTORDATA_U32, 177 | ARM_VECTORDATA_U64, 178 | 179 | // Data type for VMUL/VMULL 180 | ARM_VECTORDATA_P8, 181 | 182 | // Floating type 183 | ARM_VECTORDATA_F32, 184 | ARM_VECTORDATA_F64, 185 | 186 | // Convert float <-> float 187 | ARM_VECTORDATA_F16F64, // f16.f64 188 | ARM_VECTORDATA_F64F16, // f64.f16 189 | ARM_VECTORDATA_F32F16, // f32.f16 190 | ARM_VECTORDATA_F16F32, // f32.f16 191 | ARM_VECTORDATA_F64F32, // f64.f32 192 | ARM_VECTORDATA_F32F64, // f32.f64 193 | 194 | // Convert integer <-> float 195 | ARM_VECTORDATA_S32F32, // s32.f32 196 | ARM_VECTORDATA_U32F32, // u32.f32 197 | ARM_VECTORDATA_F32S32, // f32.s32 198 | ARM_VECTORDATA_F32U32, // f32.u32 199 | ARM_VECTORDATA_F64S16, // f64.s16 200 | ARM_VECTORDATA_F32S16, // f32.s16 201 | ARM_VECTORDATA_F64S32, // f64.s32 202 | ARM_VECTORDATA_S16F64, // s16.f64 203 | ARM_VECTORDATA_S16F32, // s16.f64 204 | ARM_VECTORDATA_S32F64, // s32.f64 205 | ARM_VECTORDATA_U16F64, // u16.f64 206 | ARM_VECTORDATA_U16F32, // u16.f32 207 | ARM_VECTORDATA_U32F64, // u32.f64 208 | ARM_VECTORDATA_F64U16, // f64.u16 209 | ARM_VECTORDATA_F32U16, // f32.u16 210 | ARM_VECTORDATA_F64U32, // f64.u32 211 | } arm_vectordata_type; 212 | 213 | // Instruction's operand referring to memory 214 | // This is associated with ARM_OP_MEM operand type above 215 | typedef struct arm_op_mem { 216 | unsigned int base; // base register 217 | unsigned int index; // index register 218 | int scale; // scale for index register (can be 1, or -1) 219 | int disp; // displacement/offset value 220 | } arm_op_mem; 221 | 222 | // Instruction operand 223 | typedef struct cs_arm_op { 224 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 225 | struct { 226 | arm_shifter type; 227 | unsigned int value; 228 | } shift; 229 | arm_op_type type; // operand type 230 | union { 231 | unsigned int reg; // register value for REG/SYSREG operand 232 | int32_t imm; // immediate value for C-IMM, P-IMM or IMM operand 233 | double fp; // floating point value for FP operand 234 | arm_op_mem mem; // base/index/scale/disp value for MEM operand 235 | arm_setend_type setend; // SETEND instruction's operand type 236 | }; 237 | // in some instructions, an operand can be subtracted or added to 238 | // the base register, 239 | bool subtracted; // if TRUE, this operand is subtracted. otherwise, it is added. 240 | } cs_arm_op; 241 | 242 | // Instruction structure 243 | typedef struct cs_arm { 244 | bool usermode; // User-mode registers to be loaded (for LDM/STM instructions) 245 | int vector_size; // Scalar size for vector instructions 246 | arm_vectordata_type vector_data; // Data type for elements of vector instructions 247 | arm_cpsmode_type cps_mode; // CPS mode for CPS instruction 248 | arm_cpsflag_type cps_flag; // CPS mode for CPS instruction 249 | arm_cc cc; // conditional code for this insn 250 | bool update_flags; // does this insn update flags? 251 | bool writeback; // does this insn write-back? 252 | arm_mem_barrier mem_barrier; // Option for some memory barrier instructions 253 | 254 | // Number of operands of this instruction, 255 | // or 0 when instruction has no operand. 256 | uint8_t op_count; 257 | 258 | cs_arm_op operands[36]; // operands for this instruction. 259 | } cs_arm; 260 | 261 | //> ARM registers 262 | typedef enum arm_reg { 263 | ARM_REG_INVALID = 0, 264 | ARM_REG_APSR, 265 | ARM_REG_APSR_NZCV, 266 | ARM_REG_CPSR, 267 | ARM_REG_FPEXC, 268 | ARM_REG_FPINST, 269 | ARM_REG_FPSCR, 270 | ARM_REG_FPSCR_NZCV, 271 | ARM_REG_FPSID, 272 | ARM_REG_ITSTATE, 273 | ARM_REG_LR, 274 | ARM_REG_PC, 275 | ARM_REG_SP, 276 | ARM_REG_SPSR, 277 | ARM_REG_D0, 278 | ARM_REG_D1, 279 | ARM_REG_D2, 280 | ARM_REG_D3, 281 | ARM_REG_D4, 282 | ARM_REG_D5, 283 | ARM_REG_D6, 284 | ARM_REG_D7, 285 | ARM_REG_D8, 286 | ARM_REG_D9, 287 | ARM_REG_D10, 288 | ARM_REG_D11, 289 | ARM_REG_D12, 290 | ARM_REG_D13, 291 | ARM_REG_D14, 292 | ARM_REG_D15, 293 | ARM_REG_D16, 294 | ARM_REG_D17, 295 | ARM_REG_D18, 296 | ARM_REG_D19, 297 | ARM_REG_D20, 298 | ARM_REG_D21, 299 | ARM_REG_D22, 300 | ARM_REG_D23, 301 | ARM_REG_D24, 302 | ARM_REG_D25, 303 | ARM_REG_D26, 304 | ARM_REG_D27, 305 | ARM_REG_D28, 306 | ARM_REG_D29, 307 | ARM_REG_D30, 308 | ARM_REG_D31, 309 | ARM_REG_FPINST2, 310 | ARM_REG_MVFR0, 311 | ARM_REG_MVFR1, 312 | ARM_REG_MVFR2, 313 | ARM_REG_Q0, 314 | ARM_REG_Q1, 315 | ARM_REG_Q2, 316 | ARM_REG_Q3, 317 | ARM_REG_Q4, 318 | ARM_REG_Q5, 319 | ARM_REG_Q6, 320 | ARM_REG_Q7, 321 | ARM_REG_Q8, 322 | ARM_REG_Q9, 323 | ARM_REG_Q10, 324 | ARM_REG_Q11, 325 | ARM_REG_Q12, 326 | ARM_REG_Q13, 327 | ARM_REG_Q14, 328 | ARM_REG_Q15, 329 | ARM_REG_R0, 330 | ARM_REG_R1, 331 | ARM_REG_R2, 332 | ARM_REG_R3, 333 | ARM_REG_R4, 334 | ARM_REG_R5, 335 | ARM_REG_R6, 336 | ARM_REG_R7, 337 | ARM_REG_R8, 338 | ARM_REG_R9, 339 | ARM_REG_R10, 340 | ARM_REG_R11, 341 | ARM_REG_R12, 342 | ARM_REG_S0, 343 | ARM_REG_S1, 344 | ARM_REG_S2, 345 | ARM_REG_S3, 346 | ARM_REG_S4, 347 | ARM_REG_S5, 348 | ARM_REG_S6, 349 | ARM_REG_S7, 350 | ARM_REG_S8, 351 | ARM_REG_S9, 352 | ARM_REG_S10, 353 | ARM_REG_S11, 354 | ARM_REG_S12, 355 | ARM_REG_S13, 356 | ARM_REG_S14, 357 | ARM_REG_S15, 358 | ARM_REG_S16, 359 | ARM_REG_S17, 360 | ARM_REG_S18, 361 | ARM_REG_S19, 362 | ARM_REG_S20, 363 | ARM_REG_S21, 364 | ARM_REG_S22, 365 | ARM_REG_S23, 366 | ARM_REG_S24, 367 | ARM_REG_S25, 368 | ARM_REG_S26, 369 | ARM_REG_S27, 370 | ARM_REG_S28, 371 | ARM_REG_S29, 372 | ARM_REG_S30, 373 | ARM_REG_S31, 374 | 375 | ARM_REG_ENDING, // <-- mark the end of the list or registers 376 | 377 | //> alias registers 378 | ARM_REG_R13 = ARM_REG_SP, 379 | ARM_REG_R14 = ARM_REG_LR, 380 | ARM_REG_R15 = ARM_REG_PC, 381 | 382 | ARM_REG_SB = ARM_REG_R9, 383 | ARM_REG_SL = ARM_REG_R10, 384 | ARM_REG_FP = ARM_REG_R11, 385 | ARM_REG_IP = ARM_REG_R12, 386 | } arm_reg; 387 | 388 | //> ARM instruction 389 | typedef enum arm_insn { 390 | ARM_INS_INVALID = 0, 391 | 392 | ARM_INS_ADC, 393 | ARM_INS_ADD, 394 | ARM_INS_ADR, 395 | ARM_INS_AESD, 396 | ARM_INS_AESE, 397 | ARM_INS_AESIMC, 398 | ARM_INS_AESMC, 399 | ARM_INS_AND, 400 | ARM_INS_BFC, 401 | ARM_INS_BFI, 402 | ARM_INS_BIC, 403 | ARM_INS_BKPT, 404 | ARM_INS_BL, 405 | ARM_INS_BLX, 406 | ARM_INS_BX, 407 | ARM_INS_BXJ, 408 | ARM_INS_B, 409 | ARM_INS_CDP, 410 | ARM_INS_CDP2, 411 | ARM_INS_CLREX, 412 | ARM_INS_CLZ, 413 | ARM_INS_CMN, 414 | ARM_INS_CMP, 415 | ARM_INS_CPS, 416 | ARM_INS_CRC32B, 417 | ARM_INS_CRC32CB, 418 | ARM_INS_CRC32CH, 419 | ARM_INS_CRC32CW, 420 | ARM_INS_CRC32H, 421 | ARM_INS_CRC32W, 422 | ARM_INS_DBG, 423 | ARM_INS_DMB, 424 | ARM_INS_DSB, 425 | ARM_INS_EOR, 426 | ARM_INS_VMOV, 427 | ARM_INS_FLDMDBX, 428 | ARM_INS_FLDMIAX, 429 | ARM_INS_VMRS, 430 | ARM_INS_FSTMDBX, 431 | ARM_INS_FSTMIAX, 432 | ARM_INS_HINT, 433 | ARM_INS_HLT, 434 | ARM_INS_ISB, 435 | ARM_INS_LDA, 436 | ARM_INS_LDAB, 437 | ARM_INS_LDAEX, 438 | ARM_INS_LDAEXB, 439 | ARM_INS_LDAEXD, 440 | ARM_INS_LDAEXH, 441 | ARM_INS_LDAH, 442 | ARM_INS_LDC2L, 443 | ARM_INS_LDC2, 444 | ARM_INS_LDCL, 445 | ARM_INS_LDC, 446 | ARM_INS_LDMDA, 447 | ARM_INS_LDMDB, 448 | ARM_INS_LDM, 449 | ARM_INS_LDMIB, 450 | ARM_INS_LDRBT, 451 | ARM_INS_LDRB, 452 | ARM_INS_LDRD, 453 | ARM_INS_LDREX, 454 | ARM_INS_LDREXB, 455 | ARM_INS_LDREXD, 456 | ARM_INS_LDREXH, 457 | ARM_INS_LDRH, 458 | ARM_INS_LDRHT, 459 | ARM_INS_LDRSB, 460 | ARM_INS_LDRSBT, 461 | ARM_INS_LDRSH, 462 | ARM_INS_LDRSHT, 463 | ARM_INS_LDRT, 464 | ARM_INS_LDR, 465 | ARM_INS_MCR, 466 | ARM_INS_MCR2, 467 | ARM_INS_MCRR, 468 | ARM_INS_MCRR2, 469 | ARM_INS_MLA, 470 | ARM_INS_MLS, 471 | ARM_INS_MOV, 472 | ARM_INS_MOVT, 473 | ARM_INS_MOVW, 474 | ARM_INS_MRC, 475 | ARM_INS_MRC2, 476 | ARM_INS_MRRC, 477 | ARM_INS_MRRC2, 478 | ARM_INS_MRS, 479 | ARM_INS_MSR, 480 | ARM_INS_MUL, 481 | ARM_INS_MVN, 482 | ARM_INS_ORR, 483 | ARM_INS_PKHBT, 484 | ARM_INS_PKHTB, 485 | ARM_INS_PLDW, 486 | ARM_INS_PLD, 487 | ARM_INS_PLI, 488 | ARM_INS_QADD, 489 | ARM_INS_QADD16, 490 | ARM_INS_QADD8, 491 | ARM_INS_QASX, 492 | ARM_INS_QDADD, 493 | ARM_INS_QDSUB, 494 | ARM_INS_QSAX, 495 | ARM_INS_QSUB, 496 | ARM_INS_QSUB16, 497 | ARM_INS_QSUB8, 498 | ARM_INS_RBIT, 499 | ARM_INS_REV, 500 | ARM_INS_REV16, 501 | ARM_INS_REVSH, 502 | ARM_INS_RFEDA, 503 | ARM_INS_RFEDB, 504 | ARM_INS_RFEIA, 505 | ARM_INS_RFEIB, 506 | ARM_INS_RSB, 507 | ARM_INS_RSC, 508 | ARM_INS_SADD16, 509 | ARM_INS_SADD8, 510 | ARM_INS_SASX, 511 | ARM_INS_SBC, 512 | ARM_INS_SBFX, 513 | ARM_INS_SDIV, 514 | ARM_INS_SEL, 515 | ARM_INS_SETEND, 516 | ARM_INS_SHA1C, 517 | ARM_INS_SHA1H, 518 | ARM_INS_SHA1M, 519 | ARM_INS_SHA1P, 520 | ARM_INS_SHA1SU0, 521 | ARM_INS_SHA1SU1, 522 | ARM_INS_SHA256H, 523 | ARM_INS_SHA256H2, 524 | ARM_INS_SHA256SU0, 525 | ARM_INS_SHA256SU1, 526 | ARM_INS_SHADD16, 527 | ARM_INS_SHADD8, 528 | ARM_INS_SHASX, 529 | ARM_INS_SHSAX, 530 | ARM_INS_SHSUB16, 531 | ARM_INS_SHSUB8, 532 | ARM_INS_SMC, 533 | ARM_INS_SMLABB, 534 | ARM_INS_SMLABT, 535 | ARM_INS_SMLAD, 536 | ARM_INS_SMLADX, 537 | ARM_INS_SMLAL, 538 | ARM_INS_SMLALBB, 539 | ARM_INS_SMLALBT, 540 | ARM_INS_SMLALD, 541 | ARM_INS_SMLALDX, 542 | ARM_INS_SMLALTB, 543 | ARM_INS_SMLALTT, 544 | ARM_INS_SMLATB, 545 | ARM_INS_SMLATT, 546 | ARM_INS_SMLAWB, 547 | ARM_INS_SMLAWT, 548 | ARM_INS_SMLSD, 549 | ARM_INS_SMLSDX, 550 | ARM_INS_SMLSLD, 551 | ARM_INS_SMLSLDX, 552 | ARM_INS_SMMLA, 553 | ARM_INS_SMMLAR, 554 | ARM_INS_SMMLS, 555 | ARM_INS_SMMLSR, 556 | ARM_INS_SMMUL, 557 | ARM_INS_SMMULR, 558 | ARM_INS_SMUAD, 559 | ARM_INS_SMUADX, 560 | ARM_INS_SMULBB, 561 | ARM_INS_SMULBT, 562 | ARM_INS_SMULL, 563 | ARM_INS_SMULTB, 564 | ARM_INS_SMULTT, 565 | ARM_INS_SMULWB, 566 | ARM_INS_SMULWT, 567 | ARM_INS_SMUSD, 568 | ARM_INS_SMUSDX, 569 | ARM_INS_SRSDA, 570 | ARM_INS_SRSDB, 571 | ARM_INS_SRSIA, 572 | ARM_INS_SRSIB, 573 | ARM_INS_SSAT, 574 | ARM_INS_SSAT16, 575 | ARM_INS_SSAX, 576 | ARM_INS_SSUB16, 577 | ARM_INS_SSUB8, 578 | ARM_INS_STC2L, 579 | ARM_INS_STC2, 580 | ARM_INS_STCL, 581 | ARM_INS_STC, 582 | ARM_INS_STL, 583 | ARM_INS_STLB, 584 | ARM_INS_STLEX, 585 | ARM_INS_STLEXB, 586 | ARM_INS_STLEXD, 587 | ARM_INS_STLEXH, 588 | ARM_INS_STLH, 589 | ARM_INS_STMDA, 590 | ARM_INS_STMDB, 591 | ARM_INS_STM, 592 | ARM_INS_STMIB, 593 | ARM_INS_STRBT, 594 | ARM_INS_STRB, 595 | ARM_INS_STRD, 596 | ARM_INS_STREX, 597 | ARM_INS_STREXB, 598 | ARM_INS_STREXD, 599 | ARM_INS_STREXH, 600 | ARM_INS_STRH, 601 | ARM_INS_STRHT, 602 | ARM_INS_STRT, 603 | ARM_INS_STR, 604 | ARM_INS_SUB, 605 | ARM_INS_SVC, 606 | ARM_INS_SWP, 607 | ARM_INS_SWPB, 608 | ARM_INS_SXTAB, 609 | ARM_INS_SXTAB16, 610 | ARM_INS_SXTAH, 611 | ARM_INS_SXTB, 612 | ARM_INS_SXTB16, 613 | ARM_INS_SXTH, 614 | ARM_INS_TEQ, 615 | ARM_INS_TRAP, 616 | ARM_INS_TST, 617 | ARM_INS_UADD16, 618 | ARM_INS_UADD8, 619 | ARM_INS_UASX, 620 | ARM_INS_UBFX, 621 | ARM_INS_UDF, 622 | ARM_INS_UDIV, 623 | ARM_INS_UHADD16, 624 | ARM_INS_UHADD8, 625 | ARM_INS_UHASX, 626 | ARM_INS_UHSAX, 627 | ARM_INS_UHSUB16, 628 | ARM_INS_UHSUB8, 629 | ARM_INS_UMAAL, 630 | ARM_INS_UMLAL, 631 | ARM_INS_UMULL, 632 | ARM_INS_UQADD16, 633 | ARM_INS_UQADD8, 634 | ARM_INS_UQASX, 635 | ARM_INS_UQSAX, 636 | ARM_INS_UQSUB16, 637 | ARM_INS_UQSUB8, 638 | ARM_INS_USAD8, 639 | ARM_INS_USADA8, 640 | ARM_INS_USAT, 641 | ARM_INS_USAT16, 642 | ARM_INS_USAX, 643 | ARM_INS_USUB16, 644 | ARM_INS_USUB8, 645 | ARM_INS_UXTAB, 646 | ARM_INS_UXTAB16, 647 | ARM_INS_UXTAH, 648 | ARM_INS_UXTB, 649 | ARM_INS_UXTB16, 650 | ARM_INS_UXTH, 651 | ARM_INS_VABAL, 652 | ARM_INS_VABA, 653 | ARM_INS_VABDL, 654 | ARM_INS_VABD, 655 | ARM_INS_VABS, 656 | ARM_INS_VACGE, 657 | ARM_INS_VACGT, 658 | ARM_INS_VADD, 659 | ARM_INS_VADDHN, 660 | ARM_INS_VADDL, 661 | ARM_INS_VADDW, 662 | ARM_INS_VAND, 663 | ARM_INS_VBIC, 664 | ARM_INS_VBIF, 665 | ARM_INS_VBIT, 666 | ARM_INS_VBSL, 667 | ARM_INS_VCEQ, 668 | ARM_INS_VCGE, 669 | ARM_INS_VCGT, 670 | ARM_INS_VCLE, 671 | ARM_INS_VCLS, 672 | ARM_INS_VCLT, 673 | ARM_INS_VCLZ, 674 | ARM_INS_VCMP, 675 | ARM_INS_VCMPE, 676 | ARM_INS_VCNT, 677 | ARM_INS_VCVTA, 678 | ARM_INS_VCVTB, 679 | ARM_INS_VCVT, 680 | ARM_INS_VCVTM, 681 | ARM_INS_VCVTN, 682 | ARM_INS_VCVTP, 683 | ARM_INS_VCVTT, 684 | ARM_INS_VDIV, 685 | ARM_INS_VDUP, 686 | ARM_INS_VEOR, 687 | ARM_INS_VEXT, 688 | ARM_INS_VFMA, 689 | ARM_INS_VFMS, 690 | ARM_INS_VFNMA, 691 | ARM_INS_VFNMS, 692 | ARM_INS_VHADD, 693 | ARM_INS_VHSUB, 694 | ARM_INS_VLD1, 695 | ARM_INS_VLD2, 696 | ARM_INS_VLD3, 697 | ARM_INS_VLD4, 698 | ARM_INS_VLDMDB, 699 | ARM_INS_VLDMIA, 700 | ARM_INS_VLDR, 701 | ARM_INS_VMAXNM, 702 | ARM_INS_VMAX, 703 | ARM_INS_VMINNM, 704 | ARM_INS_VMIN, 705 | ARM_INS_VMLA, 706 | ARM_INS_VMLAL, 707 | ARM_INS_VMLS, 708 | ARM_INS_VMLSL, 709 | ARM_INS_VMOVL, 710 | ARM_INS_VMOVN, 711 | ARM_INS_VMSR, 712 | ARM_INS_VMUL, 713 | ARM_INS_VMULL, 714 | ARM_INS_VMVN, 715 | ARM_INS_VNEG, 716 | ARM_INS_VNMLA, 717 | ARM_INS_VNMLS, 718 | ARM_INS_VNMUL, 719 | ARM_INS_VORN, 720 | ARM_INS_VORR, 721 | ARM_INS_VPADAL, 722 | ARM_INS_VPADDL, 723 | ARM_INS_VPADD, 724 | ARM_INS_VPMAX, 725 | ARM_INS_VPMIN, 726 | ARM_INS_VQABS, 727 | ARM_INS_VQADD, 728 | ARM_INS_VQDMLAL, 729 | ARM_INS_VQDMLSL, 730 | ARM_INS_VQDMULH, 731 | ARM_INS_VQDMULL, 732 | ARM_INS_VQMOVUN, 733 | ARM_INS_VQMOVN, 734 | ARM_INS_VQNEG, 735 | ARM_INS_VQRDMULH, 736 | ARM_INS_VQRSHL, 737 | ARM_INS_VQRSHRN, 738 | ARM_INS_VQRSHRUN, 739 | ARM_INS_VQSHL, 740 | ARM_INS_VQSHLU, 741 | ARM_INS_VQSHRN, 742 | ARM_INS_VQSHRUN, 743 | ARM_INS_VQSUB, 744 | ARM_INS_VRADDHN, 745 | ARM_INS_VRECPE, 746 | ARM_INS_VRECPS, 747 | ARM_INS_VREV16, 748 | ARM_INS_VREV32, 749 | ARM_INS_VREV64, 750 | ARM_INS_VRHADD, 751 | ARM_INS_VRINTA, 752 | ARM_INS_VRINTM, 753 | ARM_INS_VRINTN, 754 | ARM_INS_VRINTP, 755 | ARM_INS_VRINTR, 756 | ARM_INS_VRINTX, 757 | ARM_INS_VRINTZ, 758 | ARM_INS_VRSHL, 759 | ARM_INS_VRSHRN, 760 | ARM_INS_VRSHR, 761 | ARM_INS_VRSQRTE, 762 | ARM_INS_VRSQRTS, 763 | ARM_INS_VRSRA, 764 | ARM_INS_VRSUBHN, 765 | ARM_INS_VSELEQ, 766 | ARM_INS_VSELGE, 767 | ARM_INS_VSELGT, 768 | ARM_INS_VSELVS, 769 | ARM_INS_VSHLL, 770 | ARM_INS_VSHL, 771 | ARM_INS_VSHRN, 772 | ARM_INS_VSHR, 773 | ARM_INS_VSLI, 774 | ARM_INS_VSQRT, 775 | ARM_INS_VSRA, 776 | ARM_INS_VSRI, 777 | ARM_INS_VST1, 778 | ARM_INS_VST2, 779 | ARM_INS_VST3, 780 | ARM_INS_VST4, 781 | ARM_INS_VSTMDB, 782 | ARM_INS_VSTMIA, 783 | ARM_INS_VSTR, 784 | ARM_INS_VSUB, 785 | ARM_INS_VSUBHN, 786 | ARM_INS_VSUBL, 787 | ARM_INS_VSUBW, 788 | ARM_INS_VSWP, 789 | ARM_INS_VTBL, 790 | ARM_INS_VTBX, 791 | ARM_INS_VCVTR, 792 | ARM_INS_VTRN, 793 | ARM_INS_VTST, 794 | ARM_INS_VUZP, 795 | ARM_INS_VZIP, 796 | ARM_INS_ADDW, 797 | ARM_INS_ASR, 798 | ARM_INS_DCPS1, 799 | ARM_INS_DCPS2, 800 | ARM_INS_DCPS3, 801 | ARM_INS_IT, 802 | ARM_INS_LSL, 803 | ARM_INS_LSR, 804 | ARM_INS_ASRS, 805 | ARM_INS_LSRS, 806 | ARM_INS_ORN, 807 | ARM_INS_ROR, 808 | ARM_INS_RRX, 809 | ARM_INS_SUBS, 810 | ARM_INS_SUBW, 811 | ARM_INS_TBB, 812 | ARM_INS_TBH, 813 | ARM_INS_CBNZ, 814 | ARM_INS_CBZ, 815 | ARM_INS_MOVS, 816 | ARM_INS_POP, 817 | ARM_INS_PUSH, 818 | 819 | // special instructions 820 | ARM_INS_NOP, 821 | ARM_INS_YIELD, 822 | ARM_INS_WFE, 823 | ARM_INS_WFI, 824 | ARM_INS_SEV, 825 | ARM_INS_SEVL, 826 | ARM_INS_VPUSH, 827 | ARM_INS_VPOP, 828 | 829 | ARM_INS_ENDING, // <-- mark the end of the list of instructions 830 | } arm_insn; 831 | 832 | //> Group of ARM instructions 833 | typedef enum arm_insn_group { 834 | ARM_GRP_INVALID = 0, // = CS_GRP_INVALID 835 | 836 | //> Generic groups 837 | // all jump instructions (conditional+direct+indirect jumps) 838 | ARM_GRP_JUMP, // = CS_GRP_JUMP 839 | 840 | //> Architecture-specific groups 841 | ARM_GRP_CRYPTO = 128, 842 | ARM_GRP_DATABARRIER, 843 | ARM_GRP_DIVIDE, 844 | ARM_GRP_FPARMV8, 845 | ARM_GRP_MULTPRO, 846 | ARM_GRP_NEON, 847 | ARM_GRP_T2EXTRACTPACK, 848 | ARM_GRP_THUMB2DSP, 849 | ARM_GRP_TRUSTZONE, 850 | ARM_GRP_V4T, 851 | ARM_GRP_V5T, 852 | ARM_GRP_V5TE, 853 | ARM_GRP_V6, 854 | ARM_GRP_V6T2, 855 | ARM_GRP_V7, 856 | ARM_GRP_V8, 857 | ARM_GRP_VFP2, 858 | ARM_GRP_VFP3, 859 | ARM_GRP_VFP4, 860 | ARM_GRP_ARM, 861 | ARM_GRP_MCLASS, 862 | ARM_GRP_NOTMCLASS, 863 | ARM_GRP_THUMB, 864 | ARM_GRP_THUMB1ONLY, 865 | ARM_GRP_THUMB2, 866 | ARM_GRP_PREV8, 867 | ARM_GRP_FPVMLX, 868 | ARM_GRP_MULOPS, 869 | ARM_GRP_CRC, 870 | ARM_GRP_DPVFP, 871 | ARM_GRP_V6M, 872 | 873 | ARM_GRP_ENDING, 874 | } arm_insn_group; 875 | 876 | #ifdef __cplusplus 877 | } 878 | #endif 879 | 880 | #endif 881 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/mips.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_MIPS_H 2 | #define CAPSTONE_MIPS_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC MIPS toolchain has a default macro called "mips" which breaks 15 | // compilation 16 | #undef mips 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Operand type for instruction's operands 23 | typedef enum mips_op_type { 24 | MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 25 | MIPS_OP_REG, // = CS_OP_REG (Register operand). 26 | MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand). 27 | MIPS_OP_MEM, // = CS_OP_MEM (Memory operand). 28 | } mips_op_type; 29 | 30 | // Instruction's operand referring to memory 31 | // This is associated with MIPS_OP_MEM operand type above 32 | typedef struct mips_op_mem { 33 | unsigned int base; // base register 34 | int64_t disp; // displacement/offset value 35 | } mips_op_mem; 36 | 37 | // Instruction operand 38 | typedef struct cs_mips_op { 39 | mips_op_type type; // operand type 40 | union { 41 | unsigned int reg; // register value for REG operand 42 | int64_t imm; // immediate value for IMM operand 43 | mips_op_mem mem; // base/index/scale/disp value for MEM operand 44 | }; 45 | } cs_mips_op; 46 | 47 | // Instruction structure 48 | typedef struct cs_mips { 49 | // Number of operands of this instruction, 50 | // or 0 when instruction has no operand. 51 | uint8_t op_count; 52 | cs_mips_op operands[8]; // operands for this instruction. 53 | } cs_mips; 54 | 55 | //> MIPS registers 56 | typedef enum mips_reg { 57 | MIPS_REG_INVALID = 0, 58 | //> General purpose registers 59 | MIPS_REG_0, 60 | MIPS_REG_1, 61 | MIPS_REG_2, 62 | MIPS_REG_3, 63 | MIPS_REG_4, 64 | MIPS_REG_5, 65 | MIPS_REG_6, 66 | MIPS_REG_7, 67 | MIPS_REG_8, 68 | MIPS_REG_9, 69 | MIPS_REG_10, 70 | MIPS_REG_11, 71 | MIPS_REG_12, 72 | MIPS_REG_13, 73 | MIPS_REG_14, 74 | MIPS_REG_15, 75 | MIPS_REG_16, 76 | MIPS_REG_17, 77 | MIPS_REG_18, 78 | MIPS_REG_19, 79 | MIPS_REG_20, 80 | MIPS_REG_21, 81 | MIPS_REG_22, 82 | MIPS_REG_23, 83 | MIPS_REG_24, 84 | MIPS_REG_25, 85 | MIPS_REG_26, 86 | MIPS_REG_27, 87 | MIPS_REG_28, 88 | MIPS_REG_29, 89 | MIPS_REG_30, 90 | MIPS_REG_31, 91 | 92 | //> DSP registers 93 | MIPS_REG_DSPCCOND, 94 | MIPS_REG_DSPCARRY, 95 | MIPS_REG_DSPEFI, 96 | MIPS_REG_DSPOUTFLAG, 97 | MIPS_REG_DSPOUTFLAG16_19, 98 | MIPS_REG_DSPOUTFLAG20, 99 | MIPS_REG_DSPOUTFLAG21, 100 | MIPS_REG_DSPOUTFLAG22, 101 | MIPS_REG_DSPOUTFLAG23, 102 | MIPS_REG_DSPPOS, 103 | MIPS_REG_DSPSCOUNT, 104 | 105 | //> ACC registers 106 | MIPS_REG_AC0, 107 | MIPS_REG_AC1, 108 | MIPS_REG_AC2, 109 | MIPS_REG_AC3, 110 | 111 | //> COP registers 112 | MIPS_REG_CC0, 113 | MIPS_REG_CC1, 114 | MIPS_REG_CC2, 115 | MIPS_REG_CC3, 116 | MIPS_REG_CC4, 117 | MIPS_REG_CC5, 118 | MIPS_REG_CC6, 119 | MIPS_REG_CC7, 120 | 121 | //> FPU registers 122 | MIPS_REG_F0, 123 | MIPS_REG_F1, 124 | MIPS_REG_F2, 125 | MIPS_REG_F3, 126 | MIPS_REG_F4, 127 | MIPS_REG_F5, 128 | MIPS_REG_F6, 129 | MIPS_REG_F7, 130 | MIPS_REG_F8, 131 | MIPS_REG_F9, 132 | MIPS_REG_F10, 133 | MIPS_REG_F11, 134 | MIPS_REG_F12, 135 | MIPS_REG_F13, 136 | MIPS_REG_F14, 137 | MIPS_REG_F15, 138 | MIPS_REG_F16, 139 | MIPS_REG_F17, 140 | MIPS_REG_F18, 141 | MIPS_REG_F19, 142 | MIPS_REG_F20, 143 | MIPS_REG_F21, 144 | MIPS_REG_F22, 145 | MIPS_REG_F23, 146 | MIPS_REG_F24, 147 | MIPS_REG_F25, 148 | MIPS_REG_F26, 149 | MIPS_REG_F27, 150 | MIPS_REG_F28, 151 | MIPS_REG_F29, 152 | MIPS_REG_F30, 153 | MIPS_REG_F31, 154 | 155 | MIPS_REG_FCC0, 156 | MIPS_REG_FCC1, 157 | MIPS_REG_FCC2, 158 | MIPS_REG_FCC3, 159 | MIPS_REG_FCC4, 160 | MIPS_REG_FCC5, 161 | MIPS_REG_FCC6, 162 | MIPS_REG_FCC7, 163 | 164 | //> AFPR128 165 | MIPS_REG_W0, 166 | MIPS_REG_W1, 167 | MIPS_REG_W2, 168 | MIPS_REG_W3, 169 | MIPS_REG_W4, 170 | MIPS_REG_W5, 171 | MIPS_REG_W6, 172 | MIPS_REG_W7, 173 | MIPS_REG_W8, 174 | MIPS_REG_W9, 175 | MIPS_REG_W10, 176 | MIPS_REG_W11, 177 | MIPS_REG_W12, 178 | MIPS_REG_W13, 179 | MIPS_REG_W14, 180 | MIPS_REG_W15, 181 | MIPS_REG_W16, 182 | MIPS_REG_W17, 183 | MIPS_REG_W18, 184 | MIPS_REG_W19, 185 | MIPS_REG_W20, 186 | MIPS_REG_W21, 187 | MIPS_REG_W22, 188 | MIPS_REG_W23, 189 | MIPS_REG_W24, 190 | MIPS_REG_W25, 191 | MIPS_REG_W26, 192 | MIPS_REG_W27, 193 | MIPS_REG_W28, 194 | MIPS_REG_W29, 195 | MIPS_REG_W30, 196 | MIPS_REG_W31, 197 | 198 | MIPS_REG_HI, 199 | MIPS_REG_LO, 200 | 201 | MIPS_REG_P0, 202 | MIPS_REG_P1, 203 | MIPS_REG_P2, 204 | 205 | MIPS_REG_MPL0, 206 | MIPS_REG_MPL1, 207 | MIPS_REG_MPL2, 208 | 209 | MIPS_REG_ENDING, // <-- mark the end of the list or registers 210 | 211 | // alias registers 212 | MIPS_REG_ZERO = MIPS_REG_0, 213 | MIPS_REG_AT = MIPS_REG_1, 214 | MIPS_REG_V0 = MIPS_REG_2, 215 | MIPS_REG_V1 = MIPS_REG_3, 216 | MIPS_REG_A0 = MIPS_REG_4, 217 | MIPS_REG_A1 = MIPS_REG_5, 218 | MIPS_REG_A2 = MIPS_REG_6, 219 | MIPS_REG_A3 = MIPS_REG_7, 220 | MIPS_REG_T0 = MIPS_REG_8, 221 | MIPS_REG_T1 = MIPS_REG_9, 222 | MIPS_REG_T2 = MIPS_REG_10, 223 | MIPS_REG_T3 = MIPS_REG_11, 224 | MIPS_REG_T4 = MIPS_REG_12, 225 | MIPS_REG_T5 = MIPS_REG_13, 226 | MIPS_REG_T6 = MIPS_REG_14, 227 | MIPS_REG_T7 = MIPS_REG_15, 228 | MIPS_REG_S0 = MIPS_REG_16, 229 | MIPS_REG_S1 = MIPS_REG_17, 230 | MIPS_REG_S2 = MIPS_REG_18, 231 | MIPS_REG_S3 = MIPS_REG_19, 232 | MIPS_REG_S4 = MIPS_REG_20, 233 | MIPS_REG_S5 = MIPS_REG_21, 234 | MIPS_REG_S6 = MIPS_REG_22, 235 | MIPS_REG_S7 = MIPS_REG_23, 236 | MIPS_REG_T8 = MIPS_REG_24, 237 | MIPS_REG_T9 = MIPS_REG_25, 238 | MIPS_REG_K0 = MIPS_REG_26, 239 | MIPS_REG_K1 = MIPS_REG_27, 240 | MIPS_REG_GP = MIPS_REG_28, 241 | MIPS_REG_SP = MIPS_REG_29, 242 | MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30, 243 | MIPS_REG_RA = MIPS_REG_31, 244 | 245 | MIPS_REG_HI0 = MIPS_REG_AC0, 246 | MIPS_REG_HI1 = MIPS_REG_AC1, 247 | MIPS_REG_HI2 = MIPS_REG_AC2, 248 | MIPS_REG_HI3 = MIPS_REG_AC3, 249 | 250 | MIPS_REG_LO0 = MIPS_REG_HI0, 251 | MIPS_REG_LO1 = MIPS_REG_HI1, 252 | MIPS_REG_LO2 = MIPS_REG_HI2, 253 | MIPS_REG_LO3 = MIPS_REG_HI3, 254 | } mips_reg; 255 | 256 | //> MIPS instruction 257 | typedef enum mips_insn { 258 | MIPS_INS_INVALID = 0, 259 | 260 | MIPS_INS_ABSQ_S, 261 | MIPS_INS_ADD, 262 | MIPS_INS_ADDIUPC, 263 | MIPS_INS_ADDQH, 264 | MIPS_INS_ADDQH_R, 265 | MIPS_INS_ADDQ, 266 | MIPS_INS_ADDQ_S, 267 | MIPS_INS_ADDSC, 268 | MIPS_INS_ADDS_A, 269 | MIPS_INS_ADDS_S, 270 | MIPS_INS_ADDS_U, 271 | MIPS_INS_ADDUH, 272 | MIPS_INS_ADDUH_R, 273 | MIPS_INS_ADDU, 274 | MIPS_INS_ADDU_S, 275 | MIPS_INS_ADDVI, 276 | MIPS_INS_ADDV, 277 | MIPS_INS_ADDWC, 278 | MIPS_INS_ADD_A, 279 | MIPS_INS_ADDI, 280 | MIPS_INS_ADDIU, 281 | MIPS_INS_ALIGN, 282 | MIPS_INS_ALUIPC, 283 | MIPS_INS_AND, 284 | MIPS_INS_ANDI, 285 | MIPS_INS_APPEND, 286 | MIPS_INS_ASUB_S, 287 | MIPS_INS_ASUB_U, 288 | MIPS_INS_AUI, 289 | MIPS_INS_AUIPC, 290 | MIPS_INS_AVER_S, 291 | MIPS_INS_AVER_U, 292 | MIPS_INS_AVE_S, 293 | MIPS_INS_AVE_U, 294 | MIPS_INS_BADDU, 295 | MIPS_INS_BAL, 296 | MIPS_INS_BALC, 297 | MIPS_INS_BALIGN, 298 | MIPS_INS_BC, 299 | MIPS_INS_BC0F, 300 | MIPS_INS_BC0FL, 301 | MIPS_INS_BC0T, 302 | MIPS_INS_BC0TL, 303 | MIPS_INS_BC1EQZ, 304 | MIPS_INS_BC1F, 305 | MIPS_INS_BC1FL, 306 | MIPS_INS_BC1NEZ, 307 | MIPS_INS_BC1T, 308 | MIPS_INS_BC1TL, 309 | MIPS_INS_BC2EQZ, 310 | MIPS_INS_BC2F, 311 | MIPS_INS_BC2FL, 312 | MIPS_INS_BC2NEZ, 313 | MIPS_INS_BC2T, 314 | MIPS_INS_BC2TL, 315 | MIPS_INS_BC3F, 316 | MIPS_INS_BC3FL, 317 | MIPS_INS_BC3T, 318 | MIPS_INS_BC3TL, 319 | MIPS_INS_BCLRI, 320 | MIPS_INS_BCLR, 321 | MIPS_INS_BEQ, 322 | MIPS_INS_BEQC, 323 | MIPS_INS_BEQL, 324 | MIPS_INS_BEQZALC, 325 | MIPS_INS_BEQZC, 326 | MIPS_INS_BGEC, 327 | MIPS_INS_BGEUC, 328 | MIPS_INS_BGEZ, 329 | MIPS_INS_BGEZAL, 330 | MIPS_INS_BGEZALC, 331 | MIPS_INS_BGEZALL, 332 | MIPS_INS_BGEZALS, 333 | MIPS_INS_BGEZC, 334 | MIPS_INS_BGEZL, 335 | MIPS_INS_BGTZ, 336 | MIPS_INS_BGTZALC, 337 | MIPS_INS_BGTZC, 338 | MIPS_INS_BGTZL, 339 | MIPS_INS_BINSLI, 340 | MIPS_INS_BINSL, 341 | MIPS_INS_BINSRI, 342 | MIPS_INS_BINSR, 343 | MIPS_INS_BITREV, 344 | MIPS_INS_BITSWAP, 345 | MIPS_INS_BLEZ, 346 | MIPS_INS_BLEZALC, 347 | MIPS_INS_BLEZC, 348 | MIPS_INS_BLEZL, 349 | MIPS_INS_BLTC, 350 | MIPS_INS_BLTUC, 351 | MIPS_INS_BLTZ, 352 | MIPS_INS_BLTZAL, 353 | MIPS_INS_BLTZALC, 354 | MIPS_INS_BLTZALL, 355 | MIPS_INS_BLTZALS, 356 | MIPS_INS_BLTZC, 357 | MIPS_INS_BLTZL, 358 | MIPS_INS_BMNZI, 359 | MIPS_INS_BMNZ, 360 | MIPS_INS_BMZI, 361 | MIPS_INS_BMZ, 362 | MIPS_INS_BNE, 363 | MIPS_INS_BNEC, 364 | MIPS_INS_BNEGI, 365 | MIPS_INS_BNEG, 366 | MIPS_INS_BNEL, 367 | MIPS_INS_BNEZALC, 368 | MIPS_INS_BNEZC, 369 | MIPS_INS_BNVC, 370 | MIPS_INS_BNZ, 371 | MIPS_INS_BOVC, 372 | MIPS_INS_BPOSGE32, 373 | MIPS_INS_BREAK, 374 | MIPS_INS_BSELI, 375 | MIPS_INS_BSEL, 376 | MIPS_INS_BSETI, 377 | MIPS_INS_BSET, 378 | MIPS_INS_BZ, 379 | MIPS_INS_BEQZ, 380 | MIPS_INS_B, 381 | MIPS_INS_BNEZ, 382 | MIPS_INS_BTEQZ, 383 | MIPS_INS_BTNEZ, 384 | MIPS_INS_CACHE, 385 | MIPS_INS_CEIL, 386 | MIPS_INS_CEQI, 387 | MIPS_INS_CEQ, 388 | MIPS_INS_CFC1, 389 | MIPS_INS_CFCMSA, 390 | MIPS_INS_CINS, 391 | MIPS_INS_CINS32, 392 | MIPS_INS_CLASS, 393 | MIPS_INS_CLEI_S, 394 | MIPS_INS_CLEI_U, 395 | MIPS_INS_CLE_S, 396 | MIPS_INS_CLE_U, 397 | MIPS_INS_CLO, 398 | MIPS_INS_CLTI_S, 399 | MIPS_INS_CLTI_U, 400 | MIPS_INS_CLT_S, 401 | MIPS_INS_CLT_U, 402 | MIPS_INS_CLZ, 403 | MIPS_INS_CMPGDU, 404 | MIPS_INS_CMPGU, 405 | MIPS_INS_CMPU, 406 | MIPS_INS_CMP, 407 | MIPS_INS_COPY_S, 408 | MIPS_INS_COPY_U, 409 | MIPS_INS_CTC1, 410 | MIPS_INS_CTCMSA, 411 | MIPS_INS_CVT, 412 | MIPS_INS_C, 413 | MIPS_INS_CMPI, 414 | MIPS_INS_DADD, 415 | MIPS_INS_DADDI, 416 | MIPS_INS_DADDIU, 417 | MIPS_INS_DADDU, 418 | MIPS_INS_DAHI, 419 | MIPS_INS_DALIGN, 420 | MIPS_INS_DATI, 421 | MIPS_INS_DAUI, 422 | MIPS_INS_DBITSWAP, 423 | MIPS_INS_DCLO, 424 | MIPS_INS_DCLZ, 425 | MIPS_INS_DDIV, 426 | MIPS_INS_DDIVU, 427 | MIPS_INS_DERET, 428 | MIPS_INS_DEXT, 429 | MIPS_INS_DEXTM, 430 | MIPS_INS_DEXTU, 431 | MIPS_INS_DI, 432 | MIPS_INS_DINS, 433 | MIPS_INS_DINSM, 434 | MIPS_INS_DINSU, 435 | MIPS_INS_DIV, 436 | MIPS_INS_DIVU, 437 | MIPS_INS_DIV_S, 438 | MIPS_INS_DIV_U, 439 | MIPS_INS_DLSA, 440 | MIPS_INS_DMFC0, 441 | MIPS_INS_DMFC1, 442 | MIPS_INS_DMFC2, 443 | MIPS_INS_DMOD, 444 | MIPS_INS_DMODU, 445 | MIPS_INS_DMTC0, 446 | MIPS_INS_DMTC1, 447 | MIPS_INS_DMTC2, 448 | MIPS_INS_DMUH, 449 | MIPS_INS_DMUHU, 450 | MIPS_INS_DMUL, 451 | MIPS_INS_DMULT, 452 | MIPS_INS_DMULTU, 453 | MIPS_INS_DMULU, 454 | MIPS_INS_DOTP_S, 455 | MIPS_INS_DOTP_U, 456 | MIPS_INS_DPADD_S, 457 | MIPS_INS_DPADD_U, 458 | MIPS_INS_DPAQX_SA, 459 | MIPS_INS_DPAQX_S, 460 | MIPS_INS_DPAQ_SA, 461 | MIPS_INS_DPAQ_S, 462 | MIPS_INS_DPAU, 463 | MIPS_INS_DPAX, 464 | MIPS_INS_DPA, 465 | MIPS_INS_DPOP, 466 | MIPS_INS_DPSQX_SA, 467 | MIPS_INS_DPSQX_S, 468 | MIPS_INS_DPSQ_SA, 469 | MIPS_INS_DPSQ_S, 470 | MIPS_INS_DPSUB_S, 471 | MIPS_INS_DPSUB_U, 472 | MIPS_INS_DPSU, 473 | MIPS_INS_DPSX, 474 | MIPS_INS_DPS, 475 | MIPS_INS_DROTR, 476 | MIPS_INS_DROTR32, 477 | MIPS_INS_DROTRV, 478 | MIPS_INS_DSBH, 479 | MIPS_INS_DSHD, 480 | MIPS_INS_DSLL, 481 | MIPS_INS_DSLL32, 482 | MIPS_INS_DSLLV, 483 | MIPS_INS_DSRA, 484 | MIPS_INS_DSRA32, 485 | MIPS_INS_DSRAV, 486 | MIPS_INS_DSRL, 487 | MIPS_INS_DSRL32, 488 | MIPS_INS_DSRLV, 489 | MIPS_INS_DSUB, 490 | MIPS_INS_DSUBU, 491 | MIPS_INS_EHB, 492 | MIPS_INS_EI, 493 | MIPS_INS_ERET, 494 | MIPS_INS_EXT, 495 | MIPS_INS_EXTP, 496 | MIPS_INS_EXTPDP, 497 | MIPS_INS_EXTPDPV, 498 | MIPS_INS_EXTPV, 499 | MIPS_INS_EXTRV_RS, 500 | MIPS_INS_EXTRV_R, 501 | MIPS_INS_EXTRV_S, 502 | MIPS_INS_EXTRV, 503 | MIPS_INS_EXTR_RS, 504 | MIPS_INS_EXTR_R, 505 | MIPS_INS_EXTR_S, 506 | MIPS_INS_EXTR, 507 | MIPS_INS_EXTS, 508 | MIPS_INS_EXTS32, 509 | MIPS_INS_ABS, 510 | MIPS_INS_FADD, 511 | MIPS_INS_FCAF, 512 | MIPS_INS_FCEQ, 513 | MIPS_INS_FCLASS, 514 | MIPS_INS_FCLE, 515 | MIPS_INS_FCLT, 516 | MIPS_INS_FCNE, 517 | MIPS_INS_FCOR, 518 | MIPS_INS_FCUEQ, 519 | MIPS_INS_FCULE, 520 | MIPS_INS_FCULT, 521 | MIPS_INS_FCUNE, 522 | MIPS_INS_FCUN, 523 | MIPS_INS_FDIV, 524 | MIPS_INS_FEXDO, 525 | MIPS_INS_FEXP2, 526 | MIPS_INS_FEXUPL, 527 | MIPS_INS_FEXUPR, 528 | MIPS_INS_FFINT_S, 529 | MIPS_INS_FFINT_U, 530 | MIPS_INS_FFQL, 531 | MIPS_INS_FFQR, 532 | MIPS_INS_FILL, 533 | MIPS_INS_FLOG2, 534 | MIPS_INS_FLOOR, 535 | MIPS_INS_FMADD, 536 | MIPS_INS_FMAX_A, 537 | MIPS_INS_FMAX, 538 | MIPS_INS_FMIN_A, 539 | MIPS_INS_FMIN, 540 | MIPS_INS_MOV, 541 | MIPS_INS_FMSUB, 542 | MIPS_INS_FMUL, 543 | MIPS_INS_MUL, 544 | MIPS_INS_NEG, 545 | MIPS_INS_FRCP, 546 | MIPS_INS_FRINT, 547 | MIPS_INS_FRSQRT, 548 | MIPS_INS_FSAF, 549 | MIPS_INS_FSEQ, 550 | MIPS_INS_FSLE, 551 | MIPS_INS_FSLT, 552 | MIPS_INS_FSNE, 553 | MIPS_INS_FSOR, 554 | MIPS_INS_FSQRT, 555 | MIPS_INS_SQRT, 556 | MIPS_INS_FSUB, 557 | MIPS_INS_SUB, 558 | MIPS_INS_FSUEQ, 559 | MIPS_INS_FSULE, 560 | MIPS_INS_FSULT, 561 | MIPS_INS_FSUNE, 562 | MIPS_INS_FSUN, 563 | MIPS_INS_FTINT_S, 564 | MIPS_INS_FTINT_U, 565 | MIPS_INS_FTQ, 566 | MIPS_INS_FTRUNC_S, 567 | MIPS_INS_FTRUNC_U, 568 | MIPS_INS_HADD_S, 569 | MIPS_INS_HADD_U, 570 | MIPS_INS_HSUB_S, 571 | MIPS_INS_HSUB_U, 572 | MIPS_INS_ILVEV, 573 | MIPS_INS_ILVL, 574 | MIPS_INS_ILVOD, 575 | MIPS_INS_ILVR, 576 | MIPS_INS_INS, 577 | MIPS_INS_INSERT, 578 | MIPS_INS_INSV, 579 | MIPS_INS_INSVE, 580 | MIPS_INS_J, 581 | MIPS_INS_JAL, 582 | MIPS_INS_JALR, 583 | MIPS_INS_JALRS, 584 | MIPS_INS_JALS, 585 | MIPS_INS_JALX, 586 | MIPS_INS_JIALC, 587 | MIPS_INS_JIC, 588 | MIPS_INS_JR, 589 | MIPS_INS_JRADDIUSP, 590 | MIPS_INS_JRC, 591 | MIPS_INS_JALRC, 592 | MIPS_INS_LB, 593 | MIPS_INS_LBUX, 594 | MIPS_INS_LBU, 595 | MIPS_INS_LD, 596 | MIPS_INS_LDC1, 597 | MIPS_INS_LDC2, 598 | MIPS_INS_LDC3, 599 | MIPS_INS_LDI, 600 | MIPS_INS_LDL, 601 | MIPS_INS_LDPC, 602 | MIPS_INS_LDR, 603 | MIPS_INS_LDXC1, 604 | MIPS_INS_LH, 605 | MIPS_INS_LHX, 606 | MIPS_INS_LHU, 607 | MIPS_INS_LL, 608 | MIPS_INS_LLD, 609 | MIPS_INS_LSA, 610 | MIPS_INS_LUXC1, 611 | MIPS_INS_LUI, 612 | MIPS_INS_LW, 613 | MIPS_INS_LWC1, 614 | MIPS_INS_LWC2, 615 | MIPS_INS_LWC3, 616 | MIPS_INS_LWL, 617 | MIPS_INS_LWPC, 618 | MIPS_INS_LWR, 619 | MIPS_INS_LWUPC, 620 | MIPS_INS_LWU, 621 | MIPS_INS_LWX, 622 | MIPS_INS_LWXC1, 623 | MIPS_INS_LI, 624 | MIPS_INS_MADD, 625 | MIPS_INS_MADDF, 626 | MIPS_INS_MADDR_Q, 627 | MIPS_INS_MADDU, 628 | MIPS_INS_MADDV, 629 | MIPS_INS_MADD_Q, 630 | MIPS_INS_MAQ_SA, 631 | MIPS_INS_MAQ_S, 632 | MIPS_INS_MAXA, 633 | MIPS_INS_MAXI_S, 634 | MIPS_INS_MAXI_U, 635 | MIPS_INS_MAX_A, 636 | MIPS_INS_MAX, 637 | MIPS_INS_MAX_S, 638 | MIPS_INS_MAX_U, 639 | MIPS_INS_MFC0, 640 | MIPS_INS_MFC1, 641 | MIPS_INS_MFC2, 642 | MIPS_INS_MFHC1, 643 | MIPS_INS_MFHI, 644 | MIPS_INS_MFLO, 645 | MIPS_INS_MINA, 646 | MIPS_INS_MINI_S, 647 | MIPS_INS_MINI_U, 648 | MIPS_INS_MIN_A, 649 | MIPS_INS_MIN, 650 | MIPS_INS_MIN_S, 651 | MIPS_INS_MIN_U, 652 | MIPS_INS_MOD, 653 | MIPS_INS_MODSUB, 654 | MIPS_INS_MODU, 655 | MIPS_INS_MOD_S, 656 | MIPS_INS_MOD_U, 657 | MIPS_INS_MOVE, 658 | MIPS_INS_MOVF, 659 | MIPS_INS_MOVN, 660 | MIPS_INS_MOVT, 661 | MIPS_INS_MOVZ, 662 | MIPS_INS_MSUB, 663 | MIPS_INS_MSUBF, 664 | MIPS_INS_MSUBR_Q, 665 | MIPS_INS_MSUBU, 666 | MIPS_INS_MSUBV, 667 | MIPS_INS_MSUB_Q, 668 | MIPS_INS_MTC0, 669 | MIPS_INS_MTC1, 670 | MIPS_INS_MTC2, 671 | MIPS_INS_MTHC1, 672 | MIPS_INS_MTHI, 673 | MIPS_INS_MTHLIP, 674 | MIPS_INS_MTLO, 675 | MIPS_INS_MTM0, 676 | MIPS_INS_MTM1, 677 | MIPS_INS_MTM2, 678 | MIPS_INS_MTP0, 679 | MIPS_INS_MTP1, 680 | MIPS_INS_MTP2, 681 | MIPS_INS_MUH, 682 | MIPS_INS_MUHU, 683 | MIPS_INS_MULEQ_S, 684 | MIPS_INS_MULEU_S, 685 | MIPS_INS_MULQ_RS, 686 | MIPS_INS_MULQ_S, 687 | MIPS_INS_MULR_Q, 688 | MIPS_INS_MULSAQ_S, 689 | MIPS_INS_MULSA, 690 | MIPS_INS_MULT, 691 | MIPS_INS_MULTU, 692 | MIPS_INS_MULU, 693 | MIPS_INS_MULV, 694 | MIPS_INS_MUL_Q, 695 | MIPS_INS_MUL_S, 696 | MIPS_INS_NLOC, 697 | MIPS_INS_NLZC, 698 | MIPS_INS_NMADD, 699 | MIPS_INS_NMSUB, 700 | MIPS_INS_NOR, 701 | MIPS_INS_NORI, 702 | MIPS_INS_NOT, 703 | MIPS_INS_OR, 704 | MIPS_INS_ORI, 705 | MIPS_INS_PACKRL, 706 | MIPS_INS_PAUSE, 707 | MIPS_INS_PCKEV, 708 | MIPS_INS_PCKOD, 709 | MIPS_INS_PCNT, 710 | MIPS_INS_PICK, 711 | MIPS_INS_POP, 712 | MIPS_INS_PRECEQU, 713 | MIPS_INS_PRECEQ, 714 | MIPS_INS_PRECEU, 715 | MIPS_INS_PRECRQU_S, 716 | MIPS_INS_PRECRQ, 717 | MIPS_INS_PRECRQ_RS, 718 | MIPS_INS_PRECR, 719 | MIPS_INS_PRECR_SRA, 720 | MIPS_INS_PRECR_SRA_R, 721 | MIPS_INS_PREF, 722 | MIPS_INS_PREPEND, 723 | MIPS_INS_RADDU, 724 | MIPS_INS_RDDSP, 725 | MIPS_INS_RDHWR, 726 | MIPS_INS_REPLV, 727 | MIPS_INS_REPL, 728 | MIPS_INS_RINT, 729 | MIPS_INS_ROTR, 730 | MIPS_INS_ROTRV, 731 | MIPS_INS_ROUND, 732 | MIPS_INS_SAT_S, 733 | MIPS_INS_SAT_U, 734 | MIPS_INS_SB, 735 | MIPS_INS_SC, 736 | MIPS_INS_SCD, 737 | MIPS_INS_SD, 738 | MIPS_INS_SDBBP, 739 | MIPS_INS_SDC1, 740 | MIPS_INS_SDC2, 741 | MIPS_INS_SDC3, 742 | MIPS_INS_SDL, 743 | MIPS_INS_SDR, 744 | MIPS_INS_SDXC1, 745 | MIPS_INS_SEB, 746 | MIPS_INS_SEH, 747 | MIPS_INS_SELEQZ, 748 | MIPS_INS_SELNEZ, 749 | MIPS_INS_SEL, 750 | MIPS_INS_SEQ, 751 | MIPS_INS_SEQI, 752 | MIPS_INS_SH, 753 | MIPS_INS_SHF, 754 | MIPS_INS_SHILO, 755 | MIPS_INS_SHILOV, 756 | MIPS_INS_SHLLV, 757 | MIPS_INS_SHLLV_S, 758 | MIPS_INS_SHLL, 759 | MIPS_INS_SHLL_S, 760 | MIPS_INS_SHRAV, 761 | MIPS_INS_SHRAV_R, 762 | MIPS_INS_SHRA, 763 | MIPS_INS_SHRA_R, 764 | MIPS_INS_SHRLV, 765 | MIPS_INS_SHRL, 766 | MIPS_INS_SLDI, 767 | MIPS_INS_SLD, 768 | MIPS_INS_SLL, 769 | MIPS_INS_SLLI, 770 | MIPS_INS_SLLV, 771 | MIPS_INS_SLT, 772 | MIPS_INS_SLTI, 773 | MIPS_INS_SLTIU, 774 | MIPS_INS_SLTU, 775 | MIPS_INS_SNE, 776 | MIPS_INS_SNEI, 777 | MIPS_INS_SPLATI, 778 | MIPS_INS_SPLAT, 779 | MIPS_INS_SRA, 780 | MIPS_INS_SRAI, 781 | MIPS_INS_SRARI, 782 | MIPS_INS_SRAR, 783 | MIPS_INS_SRAV, 784 | MIPS_INS_SRL, 785 | MIPS_INS_SRLI, 786 | MIPS_INS_SRLRI, 787 | MIPS_INS_SRLR, 788 | MIPS_INS_SRLV, 789 | MIPS_INS_SSNOP, 790 | MIPS_INS_ST, 791 | MIPS_INS_SUBQH, 792 | MIPS_INS_SUBQH_R, 793 | MIPS_INS_SUBQ, 794 | MIPS_INS_SUBQ_S, 795 | MIPS_INS_SUBSUS_U, 796 | MIPS_INS_SUBSUU_S, 797 | MIPS_INS_SUBS_S, 798 | MIPS_INS_SUBS_U, 799 | MIPS_INS_SUBUH, 800 | MIPS_INS_SUBUH_R, 801 | MIPS_INS_SUBU, 802 | MIPS_INS_SUBU_S, 803 | MIPS_INS_SUBVI, 804 | MIPS_INS_SUBV, 805 | MIPS_INS_SUXC1, 806 | MIPS_INS_SW, 807 | MIPS_INS_SWC1, 808 | MIPS_INS_SWC2, 809 | MIPS_INS_SWC3, 810 | MIPS_INS_SWL, 811 | MIPS_INS_SWR, 812 | MIPS_INS_SWXC1, 813 | MIPS_INS_SYNC, 814 | MIPS_INS_SYSCALL, 815 | MIPS_INS_TEQ, 816 | MIPS_INS_TEQI, 817 | MIPS_INS_TGE, 818 | MIPS_INS_TGEI, 819 | MIPS_INS_TGEIU, 820 | MIPS_INS_TGEU, 821 | MIPS_INS_TLBP, 822 | MIPS_INS_TLBR, 823 | MIPS_INS_TLBWI, 824 | MIPS_INS_TLBWR, 825 | MIPS_INS_TLT, 826 | MIPS_INS_TLTI, 827 | MIPS_INS_TLTIU, 828 | MIPS_INS_TLTU, 829 | MIPS_INS_TNE, 830 | MIPS_INS_TNEI, 831 | MIPS_INS_TRUNC, 832 | MIPS_INS_V3MULU, 833 | MIPS_INS_VMM0, 834 | MIPS_INS_VMULU, 835 | MIPS_INS_VSHF, 836 | MIPS_INS_WAIT, 837 | MIPS_INS_WRDSP, 838 | MIPS_INS_WSBH, 839 | MIPS_INS_XOR, 840 | MIPS_INS_XORI, 841 | 842 | //> some alias instructions 843 | MIPS_INS_NOP, 844 | MIPS_INS_NEGU, 845 | 846 | //> special instructions 847 | MIPS_INS_JALR_HB, // jump and link with Hazard Barrier 848 | MIPS_INS_JR_HB, // jump register with Hazard Barrier 849 | 850 | MIPS_INS_ENDING, 851 | } mips_insn; 852 | 853 | //> Group of MIPS instructions 854 | typedef enum mips_insn_group { 855 | MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID 856 | 857 | //> Generic groups 858 | // all jump instructions (conditional+direct+indirect jumps) 859 | MIPS_GRP_JUMP, // = CS_GRP_JUMP 860 | 861 | //> Architecture-specific groups 862 | MIPS_GRP_BITCOUNT = 128, 863 | MIPS_GRP_DSP, 864 | MIPS_GRP_DSPR2, 865 | MIPS_GRP_FPIDX, 866 | MIPS_GRP_MSA, 867 | MIPS_GRP_MIPS32R2, 868 | MIPS_GRP_MIPS64, 869 | MIPS_GRP_MIPS64R2, 870 | MIPS_GRP_SEINREG, 871 | MIPS_GRP_STDENC, 872 | MIPS_GRP_SWAP, 873 | MIPS_GRP_MICROMIPS, 874 | MIPS_GRP_MIPS16MODE, 875 | MIPS_GRP_FP64BIT, 876 | MIPS_GRP_NONANSFPMATH, 877 | MIPS_GRP_NOTFP64BIT, 878 | MIPS_GRP_NOTINMICROMIPS, 879 | MIPS_GRP_NOTNACL, 880 | MIPS_GRP_NOTMIPS32R6, 881 | MIPS_GRP_NOTMIPS64R6, 882 | MIPS_GRP_CNMIPS, 883 | MIPS_GRP_MIPS32, 884 | MIPS_GRP_MIPS32R6, 885 | MIPS_GRP_MIPS64R6, 886 | MIPS_GRP_MIPS2, 887 | MIPS_GRP_MIPS3, 888 | MIPS_GRP_MIPS3_32, 889 | MIPS_GRP_MIPS3_32R2, 890 | MIPS_GRP_MIPS4_32, 891 | MIPS_GRP_MIPS4_32R2, 892 | MIPS_GRP_MIPS5_32R2, 893 | MIPS_GRP_GP32BIT, 894 | MIPS_GRP_GP64BIT, 895 | 896 | MIPS_GRP_ENDING, 897 | } mips_insn_group; 898 | 899 | #ifdef __cplusplus 900 | } 901 | #endif 902 | 903 | #endif 904 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | // handle C99 issue (for pre-2013 VisualStudio) 5 | #ifndef CAPSTONE_PLATFORM_H 6 | #define CAPSTONE_PLATFORM_H 7 | 8 | #if !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 9 | // MSVC 10 | 11 | // stdbool.h 12 | #if (_MSC_VER < 1800) 13 | #ifndef __cplusplus 14 | typedef unsigned char bool; 15 | #define false 0 16 | #define true 1 17 | #endif 18 | 19 | #else 20 | // VisualStudio 2013+ -> C99 is supported 21 | #include 22 | #endif 23 | 24 | #else // not MSVC -> C99 is supported 25 | #include 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/sparc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SPARC_H 2 | #define CAPSTONE_SPARC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC SPARC toolchain has a default macro called "sparc" which breaks 15 | // compilation 16 | #undef sparc 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's. 23 | typedef enum sparc_cc { 24 | SPARC_CC_INVALID = 0, // invalid CC (default) 25 | //> Integer condition codes 26 | SPARC_CC_ICC_A = 8+256, // Always 27 | SPARC_CC_ICC_N = 0+256, // Never 28 | SPARC_CC_ICC_NE = 9+256, // Not Equal 29 | SPARC_CC_ICC_E = 1+256, // Equal 30 | SPARC_CC_ICC_G = 10+256, // Greater 31 | SPARC_CC_ICC_LE = 2+256, // Less or Equal 32 | SPARC_CC_ICC_GE = 11+256, // Greater or Equal 33 | SPARC_CC_ICC_L = 3+256, // Less 34 | SPARC_CC_ICC_GU = 12+256, // Greater Unsigned 35 | SPARC_CC_ICC_LEU = 4+256, // Less or Equal Unsigned 36 | SPARC_CC_ICC_CC = 13+256, // Carry Clear/Great or Equal Unsigned 37 | SPARC_CC_ICC_CS = 5+256, // Carry Set/Less Unsigned 38 | SPARC_CC_ICC_POS = 14+256, // Positive 39 | SPARC_CC_ICC_NEG = 6+256, // Negative 40 | SPARC_CC_ICC_VC = 15+256, // Overflow Clear 41 | SPARC_CC_ICC_VS = 7+256, // Overflow Set 42 | 43 | //> Floating condition codes 44 | SPARC_CC_FCC_A = 8+16+256, // Always 45 | SPARC_CC_FCC_N = 0+16+256, // Never 46 | SPARC_CC_FCC_U = 7+16+256, // Unordered 47 | SPARC_CC_FCC_G = 6+16+256, // Greater 48 | SPARC_CC_FCC_UG = 5+16+256, // Unordered or Greater 49 | SPARC_CC_FCC_L = 4+16+256, // Less 50 | SPARC_CC_FCC_UL = 3+16+256, // Unordered or Less 51 | SPARC_CC_FCC_LG = 2+16+256, // Less or Greater 52 | SPARC_CC_FCC_NE = 1+16+256, // Not Equal 53 | SPARC_CC_FCC_E = 9+16+256, // Equal 54 | SPARC_CC_FCC_UE = 10+16+256, // Unordered or Equal 55 | SPARC_CC_FCC_GE = 11+16+256, // Greater or Equal 56 | SPARC_CC_FCC_UGE = 12+16+256, // Unordered or Greater or Equal 57 | SPARC_CC_FCC_LE = 13+16+256, // Less or Equal 58 | SPARC_CC_FCC_ULE = 14+16+256, // Unordered or Less or Equal 59 | SPARC_CC_FCC_O = 15+16+256, // Ordered 60 | } sparc_cc; 61 | 62 | //> Branch hint 63 | typedef enum sparc_hint { 64 | SPARC_HINT_INVALID = 0, // no hint 65 | SPARC_HINT_A = 1 << 0, // annul delay slot instruction 66 | SPARC_HINT_PT = 1 << 1, // branch taken 67 | SPARC_HINT_PN = 1 << 2, // branch NOT taken 68 | } sparc_hint; 69 | 70 | //> Operand type for instruction's operands 71 | typedef enum sparc_op_type { 72 | SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 73 | SPARC_OP_REG, // = CS_OP_REG (Register operand). 74 | SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand). 75 | SPARC_OP_MEM, // = CS_OP_MEM (Memory operand). 76 | } sparc_op_type; 77 | 78 | // Instruction's operand referring to memory 79 | // This is associated with SPARC_OP_MEM operand type above 80 | typedef struct sparc_op_mem { 81 | uint8_t base; // base register 82 | uint8_t index; // index register 83 | int32_t disp; // displacement/offset value 84 | } sparc_op_mem; 85 | 86 | // Instruction operand 87 | typedef struct cs_sparc_op { 88 | sparc_op_type type; // operand type 89 | union { 90 | unsigned int reg; // register value for REG operand 91 | int32_t imm; // immediate value for IMM operand 92 | sparc_op_mem mem; // base/disp value for MEM operand 93 | }; 94 | } cs_sparc_op; 95 | 96 | // Instruction structure 97 | typedef struct cs_sparc { 98 | sparc_cc cc; // code condition for this insn 99 | sparc_hint hint; // branch hint: encoding as bitwise OR of sparc_hint. 100 | // Number of operands of this instruction, 101 | // or 0 when instruction has no operand. 102 | uint8_t op_count; 103 | cs_sparc_op operands[4]; // operands for this instruction. 104 | } cs_sparc; 105 | 106 | //> SPARC registers 107 | typedef enum sparc_reg { 108 | SPARC_REG_INVALID = 0, 109 | 110 | SPARC_REG_F0, 111 | SPARC_REG_F1, 112 | SPARC_REG_F2, 113 | SPARC_REG_F3, 114 | SPARC_REG_F4, 115 | SPARC_REG_F5, 116 | SPARC_REG_F6, 117 | SPARC_REG_F7, 118 | SPARC_REG_F8, 119 | SPARC_REG_F9, 120 | SPARC_REG_F10, 121 | SPARC_REG_F11, 122 | SPARC_REG_F12, 123 | SPARC_REG_F13, 124 | SPARC_REG_F14, 125 | SPARC_REG_F15, 126 | SPARC_REG_F16, 127 | SPARC_REG_F17, 128 | SPARC_REG_F18, 129 | SPARC_REG_F19, 130 | SPARC_REG_F20, 131 | SPARC_REG_F21, 132 | SPARC_REG_F22, 133 | SPARC_REG_F23, 134 | SPARC_REG_F24, 135 | SPARC_REG_F25, 136 | SPARC_REG_F26, 137 | SPARC_REG_F27, 138 | SPARC_REG_F28, 139 | SPARC_REG_F29, 140 | SPARC_REG_F30, 141 | SPARC_REG_F31, 142 | SPARC_REG_F32, 143 | SPARC_REG_F34, 144 | SPARC_REG_F36, 145 | SPARC_REG_F38, 146 | SPARC_REG_F40, 147 | SPARC_REG_F42, 148 | SPARC_REG_F44, 149 | SPARC_REG_F46, 150 | SPARC_REG_F48, 151 | SPARC_REG_F50, 152 | SPARC_REG_F52, 153 | SPARC_REG_F54, 154 | SPARC_REG_F56, 155 | SPARC_REG_F58, 156 | SPARC_REG_F60, 157 | SPARC_REG_F62, 158 | SPARC_REG_FCC0, // Floating condition codes 159 | SPARC_REG_FCC1, 160 | SPARC_REG_FCC2, 161 | SPARC_REG_FCC3, 162 | SPARC_REG_FP, 163 | SPARC_REG_G0, 164 | SPARC_REG_G1, 165 | SPARC_REG_G2, 166 | SPARC_REG_G3, 167 | SPARC_REG_G4, 168 | SPARC_REG_G5, 169 | SPARC_REG_G6, 170 | SPARC_REG_G7, 171 | SPARC_REG_I0, 172 | SPARC_REG_I1, 173 | SPARC_REG_I2, 174 | SPARC_REG_I3, 175 | SPARC_REG_I4, 176 | SPARC_REG_I5, 177 | SPARC_REG_I7, 178 | SPARC_REG_ICC, // Integer condition codes 179 | SPARC_REG_L0, 180 | SPARC_REG_L1, 181 | SPARC_REG_L2, 182 | SPARC_REG_L3, 183 | SPARC_REG_L4, 184 | SPARC_REG_L5, 185 | SPARC_REG_L6, 186 | SPARC_REG_L7, 187 | SPARC_REG_O0, 188 | SPARC_REG_O1, 189 | SPARC_REG_O2, 190 | SPARC_REG_O3, 191 | SPARC_REG_O4, 192 | SPARC_REG_O5, 193 | SPARC_REG_O7, 194 | SPARC_REG_SP, 195 | SPARC_REG_Y, 196 | 197 | // special register 198 | SPARC_REG_XCC, 199 | 200 | SPARC_REG_ENDING, // <-- mark the end of the list of registers 201 | 202 | // extras 203 | SPARC_REG_O6 = SPARC_REG_SP, 204 | SPARC_REG_I6 = SPARC_REG_FP, 205 | } sparc_reg; 206 | 207 | //> SPARC instruction 208 | typedef enum sparc_insn { 209 | SPARC_INS_INVALID = 0, 210 | 211 | SPARC_INS_ADDCC, 212 | SPARC_INS_ADDX, 213 | SPARC_INS_ADDXCC, 214 | SPARC_INS_ADDXC, 215 | SPARC_INS_ADDXCCC, 216 | SPARC_INS_ADD, 217 | SPARC_INS_ALIGNADDR, 218 | SPARC_INS_ALIGNADDRL, 219 | SPARC_INS_ANDCC, 220 | SPARC_INS_ANDNCC, 221 | SPARC_INS_ANDN, 222 | SPARC_INS_AND, 223 | SPARC_INS_ARRAY16, 224 | SPARC_INS_ARRAY32, 225 | SPARC_INS_ARRAY8, 226 | SPARC_INS_B, 227 | SPARC_INS_JMP, 228 | SPARC_INS_BMASK, 229 | SPARC_INS_FB, 230 | SPARC_INS_BRGEZ, 231 | SPARC_INS_BRGZ, 232 | SPARC_INS_BRLEZ, 233 | SPARC_INS_BRLZ, 234 | SPARC_INS_BRNZ, 235 | SPARC_INS_BRZ, 236 | SPARC_INS_BSHUFFLE, 237 | SPARC_INS_CALL, 238 | SPARC_INS_CASX, 239 | SPARC_INS_CAS, 240 | SPARC_INS_CMASK16, 241 | SPARC_INS_CMASK32, 242 | SPARC_INS_CMASK8, 243 | SPARC_INS_CMP, 244 | SPARC_INS_EDGE16, 245 | SPARC_INS_EDGE16L, 246 | SPARC_INS_EDGE16LN, 247 | SPARC_INS_EDGE16N, 248 | SPARC_INS_EDGE32, 249 | SPARC_INS_EDGE32L, 250 | SPARC_INS_EDGE32LN, 251 | SPARC_INS_EDGE32N, 252 | SPARC_INS_EDGE8, 253 | SPARC_INS_EDGE8L, 254 | SPARC_INS_EDGE8LN, 255 | SPARC_INS_EDGE8N, 256 | SPARC_INS_FABSD, 257 | SPARC_INS_FABSQ, 258 | SPARC_INS_FABSS, 259 | SPARC_INS_FADDD, 260 | SPARC_INS_FADDQ, 261 | SPARC_INS_FADDS, 262 | SPARC_INS_FALIGNDATA, 263 | SPARC_INS_FAND, 264 | SPARC_INS_FANDNOT1, 265 | SPARC_INS_FANDNOT1S, 266 | SPARC_INS_FANDNOT2, 267 | SPARC_INS_FANDNOT2S, 268 | SPARC_INS_FANDS, 269 | SPARC_INS_FCHKSM16, 270 | SPARC_INS_FCMPD, 271 | SPARC_INS_FCMPEQ16, 272 | SPARC_INS_FCMPEQ32, 273 | SPARC_INS_FCMPGT16, 274 | SPARC_INS_FCMPGT32, 275 | SPARC_INS_FCMPLE16, 276 | SPARC_INS_FCMPLE32, 277 | SPARC_INS_FCMPNE16, 278 | SPARC_INS_FCMPNE32, 279 | SPARC_INS_FCMPQ, 280 | SPARC_INS_FCMPS, 281 | SPARC_INS_FDIVD, 282 | SPARC_INS_FDIVQ, 283 | SPARC_INS_FDIVS, 284 | SPARC_INS_FDMULQ, 285 | SPARC_INS_FDTOI, 286 | SPARC_INS_FDTOQ, 287 | SPARC_INS_FDTOS, 288 | SPARC_INS_FDTOX, 289 | SPARC_INS_FEXPAND, 290 | SPARC_INS_FHADDD, 291 | SPARC_INS_FHADDS, 292 | SPARC_INS_FHSUBD, 293 | SPARC_INS_FHSUBS, 294 | SPARC_INS_FITOD, 295 | SPARC_INS_FITOQ, 296 | SPARC_INS_FITOS, 297 | SPARC_INS_FLCMPD, 298 | SPARC_INS_FLCMPS, 299 | SPARC_INS_FLUSHW, 300 | SPARC_INS_FMEAN16, 301 | SPARC_INS_FMOVD, 302 | SPARC_INS_FMOVQ, 303 | SPARC_INS_FMOVRDGEZ, 304 | SPARC_INS_FMOVRQGEZ, 305 | SPARC_INS_FMOVRSGEZ, 306 | SPARC_INS_FMOVRDGZ, 307 | SPARC_INS_FMOVRQGZ, 308 | SPARC_INS_FMOVRSGZ, 309 | SPARC_INS_FMOVRDLEZ, 310 | SPARC_INS_FMOVRQLEZ, 311 | SPARC_INS_FMOVRSLEZ, 312 | SPARC_INS_FMOVRDLZ, 313 | SPARC_INS_FMOVRQLZ, 314 | SPARC_INS_FMOVRSLZ, 315 | SPARC_INS_FMOVRDNZ, 316 | SPARC_INS_FMOVRQNZ, 317 | SPARC_INS_FMOVRSNZ, 318 | SPARC_INS_FMOVRDZ, 319 | SPARC_INS_FMOVRQZ, 320 | SPARC_INS_FMOVRSZ, 321 | SPARC_INS_FMOVS, 322 | SPARC_INS_FMUL8SUX16, 323 | SPARC_INS_FMUL8ULX16, 324 | SPARC_INS_FMUL8X16, 325 | SPARC_INS_FMUL8X16AL, 326 | SPARC_INS_FMUL8X16AU, 327 | SPARC_INS_FMULD, 328 | SPARC_INS_FMULD8SUX16, 329 | SPARC_INS_FMULD8ULX16, 330 | SPARC_INS_FMULQ, 331 | SPARC_INS_FMULS, 332 | SPARC_INS_FNADDD, 333 | SPARC_INS_FNADDS, 334 | SPARC_INS_FNAND, 335 | SPARC_INS_FNANDS, 336 | SPARC_INS_FNEGD, 337 | SPARC_INS_FNEGQ, 338 | SPARC_INS_FNEGS, 339 | SPARC_INS_FNHADDD, 340 | SPARC_INS_FNHADDS, 341 | SPARC_INS_FNOR, 342 | SPARC_INS_FNORS, 343 | SPARC_INS_FNOT1, 344 | SPARC_INS_FNOT1S, 345 | SPARC_INS_FNOT2, 346 | SPARC_INS_FNOT2S, 347 | SPARC_INS_FONE, 348 | SPARC_INS_FONES, 349 | SPARC_INS_FOR, 350 | SPARC_INS_FORNOT1, 351 | SPARC_INS_FORNOT1S, 352 | SPARC_INS_FORNOT2, 353 | SPARC_INS_FORNOT2S, 354 | SPARC_INS_FORS, 355 | SPARC_INS_FPACK16, 356 | SPARC_INS_FPACK32, 357 | SPARC_INS_FPACKFIX, 358 | SPARC_INS_FPADD16, 359 | SPARC_INS_FPADD16S, 360 | SPARC_INS_FPADD32, 361 | SPARC_INS_FPADD32S, 362 | SPARC_INS_FPADD64, 363 | SPARC_INS_FPMERGE, 364 | SPARC_INS_FPSUB16, 365 | SPARC_INS_FPSUB16S, 366 | SPARC_INS_FPSUB32, 367 | SPARC_INS_FPSUB32S, 368 | SPARC_INS_FQTOD, 369 | SPARC_INS_FQTOI, 370 | SPARC_INS_FQTOS, 371 | SPARC_INS_FQTOX, 372 | SPARC_INS_FSLAS16, 373 | SPARC_INS_FSLAS32, 374 | SPARC_INS_FSLL16, 375 | SPARC_INS_FSLL32, 376 | SPARC_INS_FSMULD, 377 | SPARC_INS_FSQRTD, 378 | SPARC_INS_FSQRTQ, 379 | SPARC_INS_FSQRTS, 380 | SPARC_INS_FSRA16, 381 | SPARC_INS_FSRA32, 382 | SPARC_INS_FSRC1, 383 | SPARC_INS_FSRC1S, 384 | SPARC_INS_FSRC2, 385 | SPARC_INS_FSRC2S, 386 | SPARC_INS_FSRL16, 387 | SPARC_INS_FSRL32, 388 | SPARC_INS_FSTOD, 389 | SPARC_INS_FSTOI, 390 | SPARC_INS_FSTOQ, 391 | SPARC_INS_FSTOX, 392 | SPARC_INS_FSUBD, 393 | SPARC_INS_FSUBQ, 394 | SPARC_INS_FSUBS, 395 | SPARC_INS_FXNOR, 396 | SPARC_INS_FXNORS, 397 | SPARC_INS_FXOR, 398 | SPARC_INS_FXORS, 399 | SPARC_INS_FXTOD, 400 | SPARC_INS_FXTOQ, 401 | SPARC_INS_FXTOS, 402 | SPARC_INS_FZERO, 403 | SPARC_INS_FZEROS, 404 | SPARC_INS_JMPL, 405 | SPARC_INS_LDD, 406 | SPARC_INS_LD, 407 | SPARC_INS_LDQ, 408 | SPARC_INS_LDSB, 409 | SPARC_INS_LDSH, 410 | SPARC_INS_LDSW, 411 | SPARC_INS_LDUB, 412 | SPARC_INS_LDUH, 413 | SPARC_INS_LDX, 414 | SPARC_INS_LZCNT, 415 | SPARC_INS_MEMBAR, 416 | SPARC_INS_MOVDTOX, 417 | SPARC_INS_MOV, 418 | SPARC_INS_MOVRGEZ, 419 | SPARC_INS_MOVRGZ, 420 | SPARC_INS_MOVRLEZ, 421 | SPARC_INS_MOVRLZ, 422 | SPARC_INS_MOVRNZ, 423 | SPARC_INS_MOVRZ, 424 | SPARC_INS_MOVSTOSW, 425 | SPARC_INS_MOVSTOUW, 426 | SPARC_INS_MULX, 427 | SPARC_INS_NOP, 428 | SPARC_INS_ORCC, 429 | SPARC_INS_ORNCC, 430 | SPARC_INS_ORN, 431 | SPARC_INS_OR, 432 | SPARC_INS_PDIST, 433 | SPARC_INS_PDISTN, 434 | SPARC_INS_POPC, 435 | SPARC_INS_RD, 436 | SPARC_INS_RESTORE, 437 | SPARC_INS_RETT, 438 | SPARC_INS_SAVE, 439 | SPARC_INS_SDIVCC, 440 | SPARC_INS_SDIVX, 441 | SPARC_INS_SDIV, 442 | SPARC_INS_SETHI, 443 | SPARC_INS_SHUTDOWN, 444 | SPARC_INS_SIAM, 445 | SPARC_INS_SLLX, 446 | SPARC_INS_SLL, 447 | SPARC_INS_SMULCC, 448 | SPARC_INS_SMUL, 449 | SPARC_INS_SRAX, 450 | SPARC_INS_SRA, 451 | SPARC_INS_SRLX, 452 | SPARC_INS_SRL, 453 | SPARC_INS_STBAR, 454 | SPARC_INS_STB, 455 | SPARC_INS_STD, 456 | SPARC_INS_ST, 457 | SPARC_INS_STH, 458 | SPARC_INS_STQ, 459 | SPARC_INS_STX, 460 | SPARC_INS_SUBCC, 461 | SPARC_INS_SUBX, 462 | SPARC_INS_SUBXCC, 463 | SPARC_INS_SUB, 464 | SPARC_INS_SWAP, 465 | SPARC_INS_TADDCCTV, 466 | SPARC_INS_TADDCC, 467 | SPARC_INS_T, 468 | SPARC_INS_TSUBCCTV, 469 | SPARC_INS_TSUBCC, 470 | SPARC_INS_UDIVCC, 471 | SPARC_INS_UDIVX, 472 | SPARC_INS_UDIV, 473 | SPARC_INS_UMULCC, 474 | SPARC_INS_UMULXHI, 475 | SPARC_INS_UMUL, 476 | SPARC_INS_UNIMP, 477 | SPARC_INS_FCMPED, 478 | SPARC_INS_FCMPEQ, 479 | SPARC_INS_FCMPES, 480 | SPARC_INS_WR, 481 | SPARC_INS_XMULX, 482 | SPARC_INS_XMULXHI, 483 | SPARC_INS_XNORCC, 484 | SPARC_INS_XNOR, 485 | SPARC_INS_XORCC, 486 | SPARC_INS_XOR, 487 | 488 | // alias instructions 489 | SPARC_INS_RET, 490 | SPARC_INS_RETL, 491 | 492 | SPARC_INS_ENDING, // <-- mark the end of the list of instructions 493 | } sparc_insn; 494 | 495 | //> Group of SPARC instructions 496 | typedef enum sparc_insn_group { 497 | SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID 498 | 499 | //> Generic groups 500 | // all jump instructions (conditional+direct+indirect jumps) 501 | SPARC_GRP_JUMP, // = CS_GRP_JUMP 502 | 503 | //> Architecture-specific groups 504 | SPARC_GRP_HARDQUAD = 128, 505 | SPARC_GRP_V9, 506 | SPARC_GRP_VIS, 507 | SPARC_GRP_VIS2, 508 | SPARC_GRP_VIS3, 509 | SPARC_GRP_32BIT, 510 | SPARC_GRP_64BIT, 511 | 512 | SPARC_GRP_ENDING, // <-- mark the end of the list of groups 513 | } sparc_insn_group; 514 | 515 | #ifdef __cplusplus 516 | } 517 | #endif 518 | 519 | #endif 520 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/systemz.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SYSTEMZ_H 2 | #define CAPSTONE_SYSTEMZ_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Enums corresponding to SystemZ condition codes 19 | typedef enum sysz_cc { 20 | SYSZ_CC_INVALID = 0, // invalid CC (default) 21 | 22 | SYSZ_CC_O, 23 | SYSZ_CC_H, 24 | SYSZ_CC_NLE, 25 | SYSZ_CC_L, 26 | SYSZ_CC_NHE, 27 | SYSZ_CC_LH, 28 | SYSZ_CC_NE, 29 | SYSZ_CC_E, 30 | SYSZ_CC_NLH, 31 | SYSZ_CC_HE, 32 | SYSZ_CC_NL, 33 | SYSZ_CC_LE, 34 | SYSZ_CC_NH, 35 | SYSZ_CC_NO, 36 | } sysz_cc; 37 | 38 | //> Operand type for instruction's operands 39 | typedef enum sysz_op_type { 40 | SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 41 | SYSZ_OP_REG, // = CS_OP_REG (Register operand). 42 | SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand). 43 | SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand). 44 | SYSZ_OP_ACREG = 64, // Access register operand. 45 | } sysz_op_type; 46 | 47 | // Instruction's operand referring to memory 48 | // This is associated with SYSZ_OP_MEM operand type above 49 | typedef struct sysz_op_mem { 50 | uint8_t base; // base register 51 | uint8_t index; // index register 52 | uint64_t length; // BDLAddr operand 53 | int64_t disp; // displacement/offset value 54 | } sysz_op_mem; 55 | 56 | // Instruction operand 57 | typedef struct cs_sysz_op { 58 | sysz_op_type type; // operand type 59 | union { 60 | unsigned int reg; // register value for REG operand 61 | int64_t imm; // immediate value for IMM operand 62 | sysz_op_mem mem; // base/disp value for MEM operand 63 | }; 64 | } cs_sysz_op; 65 | 66 | // Instruction structure 67 | typedef struct cs_sysz { 68 | sysz_cc cc; // Code condition 69 | // Number of operands of this instruction, 70 | // or 0 when instruction has no operand. 71 | uint8_t op_count; 72 | cs_sysz_op operands[6]; // operands for this instruction. 73 | } cs_sysz; 74 | 75 | //> SystemZ registers 76 | typedef enum sysz_reg { 77 | SYSZ_REG_INVALID = 0, 78 | 79 | SYSZ_REG_0, 80 | SYSZ_REG_1, 81 | SYSZ_REG_2, 82 | SYSZ_REG_3, 83 | SYSZ_REG_4, 84 | SYSZ_REG_5, 85 | SYSZ_REG_6, 86 | SYSZ_REG_7, 87 | SYSZ_REG_8, 88 | SYSZ_REG_9, 89 | SYSZ_REG_10, 90 | SYSZ_REG_11, 91 | SYSZ_REG_12, 92 | SYSZ_REG_13, 93 | SYSZ_REG_14, 94 | SYSZ_REG_15, 95 | SYSZ_REG_CC, 96 | SYSZ_REG_F0, 97 | SYSZ_REG_F1, 98 | SYSZ_REG_F2, 99 | SYSZ_REG_F3, 100 | SYSZ_REG_F4, 101 | SYSZ_REG_F5, 102 | SYSZ_REG_F6, 103 | SYSZ_REG_F7, 104 | SYSZ_REG_F8, 105 | SYSZ_REG_F9, 106 | SYSZ_REG_F10, 107 | SYSZ_REG_F11, 108 | SYSZ_REG_F12, 109 | SYSZ_REG_F13, 110 | SYSZ_REG_F14, 111 | SYSZ_REG_F15, 112 | 113 | SYSZ_REG_R0L, 114 | 115 | SYSZ_REG_ENDING, 116 | } sysz_reg; 117 | 118 | //> SystemZ instruction 119 | typedef enum sysz_insn { 120 | SYSZ_INS_INVALID = 0, 121 | 122 | SYSZ_INS_A, 123 | SYSZ_INS_ADB, 124 | SYSZ_INS_ADBR, 125 | SYSZ_INS_AEB, 126 | SYSZ_INS_AEBR, 127 | SYSZ_INS_AFI, 128 | SYSZ_INS_AG, 129 | SYSZ_INS_AGF, 130 | SYSZ_INS_AGFI, 131 | SYSZ_INS_AGFR, 132 | SYSZ_INS_AGHI, 133 | SYSZ_INS_AGHIK, 134 | SYSZ_INS_AGR, 135 | SYSZ_INS_AGRK, 136 | SYSZ_INS_AGSI, 137 | SYSZ_INS_AH, 138 | SYSZ_INS_AHI, 139 | SYSZ_INS_AHIK, 140 | SYSZ_INS_AHY, 141 | SYSZ_INS_AIH, 142 | SYSZ_INS_AL, 143 | SYSZ_INS_ALC, 144 | SYSZ_INS_ALCG, 145 | SYSZ_INS_ALCGR, 146 | SYSZ_INS_ALCR, 147 | SYSZ_INS_ALFI, 148 | SYSZ_INS_ALG, 149 | SYSZ_INS_ALGF, 150 | SYSZ_INS_ALGFI, 151 | SYSZ_INS_ALGFR, 152 | SYSZ_INS_ALGHSIK, 153 | SYSZ_INS_ALGR, 154 | SYSZ_INS_ALGRK, 155 | SYSZ_INS_ALHSIK, 156 | SYSZ_INS_ALR, 157 | SYSZ_INS_ALRK, 158 | SYSZ_INS_ALY, 159 | SYSZ_INS_AR, 160 | SYSZ_INS_ARK, 161 | SYSZ_INS_ASI, 162 | SYSZ_INS_AXBR, 163 | SYSZ_INS_AY, 164 | SYSZ_INS_BCR, 165 | SYSZ_INS_BRC, 166 | SYSZ_INS_BRCL, 167 | SYSZ_INS_CGIJ, 168 | SYSZ_INS_CGRJ, 169 | SYSZ_INS_CIJ, 170 | SYSZ_INS_CLGIJ, 171 | SYSZ_INS_CLGRJ, 172 | SYSZ_INS_CLIJ, 173 | SYSZ_INS_CLRJ, 174 | SYSZ_INS_CRJ, 175 | SYSZ_INS_BER, 176 | SYSZ_INS_JE, 177 | SYSZ_INS_JGE, 178 | SYSZ_INS_LOCE, 179 | SYSZ_INS_LOCGE, 180 | SYSZ_INS_LOCGRE, 181 | SYSZ_INS_LOCRE, 182 | SYSZ_INS_STOCE, 183 | SYSZ_INS_STOCGE, 184 | SYSZ_INS_BHR, 185 | SYSZ_INS_BHER, 186 | SYSZ_INS_JHE, 187 | SYSZ_INS_JGHE, 188 | SYSZ_INS_LOCHE, 189 | SYSZ_INS_LOCGHE, 190 | SYSZ_INS_LOCGRHE, 191 | SYSZ_INS_LOCRHE, 192 | SYSZ_INS_STOCHE, 193 | SYSZ_INS_STOCGHE, 194 | SYSZ_INS_JH, 195 | SYSZ_INS_JGH, 196 | SYSZ_INS_LOCH, 197 | SYSZ_INS_LOCGH, 198 | SYSZ_INS_LOCGRH, 199 | SYSZ_INS_LOCRH, 200 | SYSZ_INS_STOCH, 201 | SYSZ_INS_STOCGH, 202 | SYSZ_INS_CGIJNLH, 203 | SYSZ_INS_CGRJNLH, 204 | SYSZ_INS_CIJNLH, 205 | SYSZ_INS_CLGIJNLH, 206 | SYSZ_INS_CLGRJNLH, 207 | SYSZ_INS_CLIJNLH, 208 | SYSZ_INS_CLRJNLH, 209 | SYSZ_INS_CRJNLH, 210 | SYSZ_INS_CGIJE, 211 | SYSZ_INS_CGRJE, 212 | SYSZ_INS_CIJE, 213 | SYSZ_INS_CLGIJE, 214 | SYSZ_INS_CLGRJE, 215 | SYSZ_INS_CLIJE, 216 | SYSZ_INS_CLRJE, 217 | SYSZ_INS_CRJE, 218 | SYSZ_INS_CGIJNLE, 219 | SYSZ_INS_CGRJNLE, 220 | SYSZ_INS_CIJNLE, 221 | SYSZ_INS_CLGIJNLE, 222 | SYSZ_INS_CLGRJNLE, 223 | SYSZ_INS_CLIJNLE, 224 | SYSZ_INS_CLRJNLE, 225 | SYSZ_INS_CRJNLE, 226 | SYSZ_INS_CGIJH, 227 | SYSZ_INS_CGRJH, 228 | SYSZ_INS_CIJH, 229 | SYSZ_INS_CLGIJH, 230 | SYSZ_INS_CLGRJH, 231 | SYSZ_INS_CLIJH, 232 | SYSZ_INS_CLRJH, 233 | SYSZ_INS_CRJH, 234 | SYSZ_INS_CGIJNL, 235 | SYSZ_INS_CGRJNL, 236 | SYSZ_INS_CIJNL, 237 | SYSZ_INS_CLGIJNL, 238 | SYSZ_INS_CLGRJNL, 239 | SYSZ_INS_CLIJNL, 240 | SYSZ_INS_CLRJNL, 241 | SYSZ_INS_CRJNL, 242 | SYSZ_INS_CGIJHE, 243 | SYSZ_INS_CGRJHE, 244 | SYSZ_INS_CIJHE, 245 | SYSZ_INS_CLGIJHE, 246 | SYSZ_INS_CLGRJHE, 247 | SYSZ_INS_CLIJHE, 248 | SYSZ_INS_CLRJHE, 249 | SYSZ_INS_CRJHE, 250 | SYSZ_INS_CGIJNHE, 251 | SYSZ_INS_CGRJNHE, 252 | SYSZ_INS_CIJNHE, 253 | SYSZ_INS_CLGIJNHE, 254 | SYSZ_INS_CLGRJNHE, 255 | SYSZ_INS_CLIJNHE, 256 | SYSZ_INS_CLRJNHE, 257 | SYSZ_INS_CRJNHE, 258 | SYSZ_INS_CGIJL, 259 | SYSZ_INS_CGRJL, 260 | SYSZ_INS_CIJL, 261 | SYSZ_INS_CLGIJL, 262 | SYSZ_INS_CLGRJL, 263 | SYSZ_INS_CLIJL, 264 | SYSZ_INS_CLRJL, 265 | SYSZ_INS_CRJL, 266 | SYSZ_INS_CGIJNH, 267 | SYSZ_INS_CGRJNH, 268 | SYSZ_INS_CIJNH, 269 | SYSZ_INS_CLGIJNH, 270 | SYSZ_INS_CLGRJNH, 271 | SYSZ_INS_CLIJNH, 272 | SYSZ_INS_CLRJNH, 273 | SYSZ_INS_CRJNH, 274 | SYSZ_INS_CGIJLE, 275 | SYSZ_INS_CGRJLE, 276 | SYSZ_INS_CIJLE, 277 | SYSZ_INS_CLGIJLE, 278 | SYSZ_INS_CLGRJLE, 279 | SYSZ_INS_CLIJLE, 280 | SYSZ_INS_CLRJLE, 281 | SYSZ_INS_CRJLE, 282 | SYSZ_INS_CGIJNE, 283 | SYSZ_INS_CGRJNE, 284 | SYSZ_INS_CIJNE, 285 | SYSZ_INS_CLGIJNE, 286 | SYSZ_INS_CLGRJNE, 287 | SYSZ_INS_CLIJNE, 288 | SYSZ_INS_CLRJNE, 289 | SYSZ_INS_CRJNE, 290 | SYSZ_INS_CGIJLH, 291 | SYSZ_INS_CGRJLH, 292 | SYSZ_INS_CIJLH, 293 | SYSZ_INS_CLGIJLH, 294 | SYSZ_INS_CLGRJLH, 295 | SYSZ_INS_CLIJLH, 296 | SYSZ_INS_CLRJLH, 297 | SYSZ_INS_CRJLH, 298 | SYSZ_INS_BLR, 299 | SYSZ_INS_BLER, 300 | SYSZ_INS_JLE, 301 | SYSZ_INS_JGLE, 302 | SYSZ_INS_LOCLE, 303 | SYSZ_INS_LOCGLE, 304 | SYSZ_INS_LOCGRLE, 305 | SYSZ_INS_LOCRLE, 306 | SYSZ_INS_STOCLE, 307 | SYSZ_INS_STOCGLE, 308 | SYSZ_INS_BLHR, 309 | SYSZ_INS_JLH, 310 | SYSZ_INS_JGLH, 311 | SYSZ_INS_LOCLH, 312 | SYSZ_INS_LOCGLH, 313 | SYSZ_INS_LOCGRLH, 314 | SYSZ_INS_LOCRLH, 315 | SYSZ_INS_STOCLH, 316 | SYSZ_INS_STOCGLH, 317 | SYSZ_INS_JL, 318 | SYSZ_INS_JGL, 319 | SYSZ_INS_LOCL, 320 | SYSZ_INS_LOCGL, 321 | SYSZ_INS_LOCGRL, 322 | SYSZ_INS_LOCRL, 323 | SYSZ_INS_LOC, 324 | SYSZ_INS_LOCG, 325 | SYSZ_INS_LOCGR, 326 | SYSZ_INS_LOCR, 327 | SYSZ_INS_STOCL, 328 | SYSZ_INS_STOCGL, 329 | SYSZ_INS_BNER, 330 | SYSZ_INS_JNE, 331 | SYSZ_INS_JGNE, 332 | SYSZ_INS_LOCNE, 333 | SYSZ_INS_LOCGNE, 334 | SYSZ_INS_LOCGRNE, 335 | SYSZ_INS_LOCRNE, 336 | SYSZ_INS_STOCNE, 337 | SYSZ_INS_STOCGNE, 338 | SYSZ_INS_BNHR, 339 | SYSZ_INS_BNHER, 340 | SYSZ_INS_JNHE, 341 | SYSZ_INS_JGNHE, 342 | SYSZ_INS_LOCNHE, 343 | SYSZ_INS_LOCGNHE, 344 | SYSZ_INS_LOCGRNHE, 345 | SYSZ_INS_LOCRNHE, 346 | SYSZ_INS_STOCNHE, 347 | SYSZ_INS_STOCGNHE, 348 | SYSZ_INS_JNH, 349 | SYSZ_INS_JGNH, 350 | SYSZ_INS_LOCNH, 351 | SYSZ_INS_LOCGNH, 352 | SYSZ_INS_LOCGRNH, 353 | SYSZ_INS_LOCRNH, 354 | SYSZ_INS_STOCNH, 355 | SYSZ_INS_STOCGNH, 356 | SYSZ_INS_BNLR, 357 | SYSZ_INS_BNLER, 358 | SYSZ_INS_JNLE, 359 | SYSZ_INS_JGNLE, 360 | SYSZ_INS_LOCNLE, 361 | SYSZ_INS_LOCGNLE, 362 | SYSZ_INS_LOCGRNLE, 363 | SYSZ_INS_LOCRNLE, 364 | SYSZ_INS_STOCNLE, 365 | SYSZ_INS_STOCGNLE, 366 | SYSZ_INS_BNLHR, 367 | SYSZ_INS_JNLH, 368 | SYSZ_INS_JGNLH, 369 | SYSZ_INS_LOCNLH, 370 | SYSZ_INS_LOCGNLH, 371 | SYSZ_INS_LOCGRNLH, 372 | SYSZ_INS_LOCRNLH, 373 | SYSZ_INS_STOCNLH, 374 | SYSZ_INS_STOCGNLH, 375 | SYSZ_INS_JNL, 376 | SYSZ_INS_JGNL, 377 | SYSZ_INS_LOCNL, 378 | SYSZ_INS_LOCGNL, 379 | SYSZ_INS_LOCGRNL, 380 | SYSZ_INS_LOCRNL, 381 | SYSZ_INS_STOCNL, 382 | SYSZ_INS_STOCGNL, 383 | SYSZ_INS_BNOR, 384 | SYSZ_INS_JNO, 385 | SYSZ_INS_JGNO, 386 | SYSZ_INS_LOCNO, 387 | SYSZ_INS_LOCGNO, 388 | SYSZ_INS_LOCGRNO, 389 | SYSZ_INS_LOCRNO, 390 | SYSZ_INS_STOCNO, 391 | SYSZ_INS_STOCGNO, 392 | SYSZ_INS_BOR, 393 | SYSZ_INS_JO, 394 | SYSZ_INS_JGO, 395 | SYSZ_INS_LOCO, 396 | SYSZ_INS_LOCGO, 397 | SYSZ_INS_LOCGRO, 398 | SYSZ_INS_LOCRO, 399 | SYSZ_INS_STOCO, 400 | SYSZ_INS_STOCGO, 401 | SYSZ_INS_STOC, 402 | SYSZ_INS_STOCG, 403 | SYSZ_INS_BASR, 404 | SYSZ_INS_BR, 405 | SYSZ_INS_BRAS, 406 | SYSZ_INS_BRASL, 407 | SYSZ_INS_J, 408 | SYSZ_INS_JG, 409 | SYSZ_INS_BRCT, 410 | SYSZ_INS_BRCTG, 411 | SYSZ_INS_C, 412 | SYSZ_INS_CDB, 413 | SYSZ_INS_CDBR, 414 | SYSZ_INS_CDFBR, 415 | SYSZ_INS_CDGBR, 416 | SYSZ_INS_CDLFBR, 417 | SYSZ_INS_CDLGBR, 418 | SYSZ_INS_CEB, 419 | SYSZ_INS_CEBR, 420 | SYSZ_INS_CEFBR, 421 | SYSZ_INS_CEGBR, 422 | SYSZ_INS_CELFBR, 423 | SYSZ_INS_CELGBR, 424 | SYSZ_INS_CFDBR, 425 | SYSZ_INS_CFEBR, 426 | SYSZ_INS_CFI, 427 | SYSZ_INS_CFXBR, 428 | SYSZ_INS_CG, 429 | SYSZ_INS_CGDBR, 430 | SYSZ_INS_CGEBR, 431 | SYSZ_INS_CGF, 432 | SYSZ_INS_CGFI, 433 | SYSZ_INS_CGFR, 434 | SYSZ_INS_CGFRL, 435 | SYSZ_INS_CGH, 436 | SYSZ_INS_CGHI, 437 | SYSZ_INS_CGHRL, 438 | SYSZ_INS_CGHSI, 439 | SYSZ_INS_CGR, 440 | SYSZ_INS_CGRL, 441 | SYSZ_INS_CGXBR, 442 | SYSZ_INS_CH, 443 | SYSZ_INS_CHF, 444 | SYSZ_INS_CHHSI, 445 | SYSZ_INS_CHI, 446 | SYSZ_INS_CHRL, 447 | SYSZ_INS_CHSI, 448 | SYSZ_INS_CHY, 449 | SYSZ_INS_CIH, 450 | SYSZ_INS_CL, 451 | SYSZ_INS_CLC, 452 | SYSZ_INS_CLFDBR, 453 | SYSZ_INS_CLFEBR, 454 | SYSZ_INS_CLFHSI, 455 | SYSZ_INS_CLFI, 456 | SYSZ_INS_CLFXBR, 457 | SYSZ_INS_CLG, 458 | SYSZ_INS_CLGDBR, 459 | SYSZ_INS_CLGEBR, 460 | SYSZ_INS_CLGF, 461 | SYSZ_INS_CLGFI, 462 | SYSZ_INS_CLGFR, 463 | SYSZ_INS_CLGFRL, 464 | SYSZ_INS_CLGHRL, 465 | SYSZ_INS_CLGHSI, 466 | SYSZ_INS_CLGR, 467 | SYSZ_INS_CLGRL, 468 | SYSZ_INS_CLGXBR, 469 | SYSZ_INS_CLHF, 470 | SYSZ_INS_CLHHSI, 471 | SYSZ_INS_CLHRL, 472 | SYSZ_INS_CLI, 473 | SYSZ_INS_CLIH, 474 | SYSZ_INS_CLIY, 475 | SYSZ_INS_CLR, 476 | SYSZ_INS_CLRL, 477 | SYSZ_INS_CLST, 478 | SYSZ_INS_CLY, 479 | SYSZ_INS_CPSDR, 480 | SYSZ_INS_CR, 481 | SYSZ_INS_CRL, 482 | SYSZ_INS_CS, 483 | SYSZ_INS_CSG, 484 | SYSZ_INS_CSY, 485 | SYSZ_INS_CXBR, 486 | SYSZ_INS_CXFBR, 487 | SYSZ_INS_CXGBR, 488 | SYSZ_INS_CXLFBR, 489 | SYSZ_INS_CXLGBR, 490 | SYSZ_INS_CY, 491 | SYSZ_INS_DDB, 492 | SYSZ_INS_DDBR, 493 | SYSZ_INS_DEB, 494 | SYSZ_INS_DEBR, 495 | SYSZ_INS_DL, 496 | SYSZ_INS_DLG, 497 | SYSZ_INS_DLGR, 498 | SYSZ_INS_DLR, 499 | SYSZ_INS_DSG, 500 | SYSZ_INS_DSGF, 501 | SYSZ_INS_DSGFR, 502 | SYSZ_INS_DSGR, 503 | SYSZ_INS_DXBR, 504 | SYSZ_INS_EAR, 505 | SYSZ_INS_FIDBR, 506 | SYSZ_INS_FIDBRA, 507 | SYSZ_INS_FIEBR, 508 | SYSZ_INS_FIEBRA, 509 | SYSZ_INS_FIXBR, 510 | SYSZ_INS_FIXBRA, 511 | SYSZ_INS_FLOGR, 512 | SYSZ_INS_IC, 513 | SYSZ_INS_ICY, 514 | SYSZ_INS_IIHF, 515 | SYSZ_INS_IIHH, 516 | SYSZ_INS_IIHL, 517 | SYSZ_INS_IILF, 518 | SYSZ_INS_IILH, 519 | SYSZ_INS_IILL, 520 | SYSZ_INS_IPM, 521 | SYSZ_INS_L, 522 | SYSZ_INS_LA, 523 | SYSZ_INS_LAA, 524 | SYSZ_INS_LAAG, 525 | SYSZ_INS_LAAL, 526 | SYSZ_INS_LAALG, 527 | SYSZ_INS_LAN, 528 | SYSZ_INS_LANG, 529 | SYSZ_INS_LAO, 530 | SYSZ_INS_LAOG, 531 | SYSZ_INS_LARL, 532 | SYSZ_INS_LAX, 533 | SYSZ_INS_LAXG, 534 | SYSZ_INS_LAY, 535 | SYSZ_INS_LB, 536 | SYSZ_INS_LBH, 537 | SYSZ_INS_LBR, 538 | SYSZ_INS_LCDBR, 539 | SYSZ_INS_LCEBR, 540 | SYSZ_INS_LCGFR, 541 | SYSZ_INS_LCGR, 542 | SYSZ_INS_LCR, 543 | SYSZ_INS_LCXBR, 544 | SYSZ_INS_LD, 545 | SYSZ_INS_LDEB, 546 | SYSZ_INS_LDEBR, 547 | SYSZ_INS_LDGR, 548 | SYSZ_INS_LDR, 549 | SYSZ_INS_LDXBR, 550 | SYSZ_INS_LDXBRA, 551 | SYSZ_INS_LDY, 552 | SYSZ_INS_LE, 553 | SYSZ_INS_LEDBR, 554 | SYSZ_INS_LEDBRA, 555 | SYSZ_INS_LER, 556 | SYSZ_INS_LEXBR, 557 | SYSZ_INS_LEXBRA, 558 | SYSZ_INS_LEY, 559 | SYSZ_INS_LFH, 560 | SYSZ_INS_LG, 561 | SYSZ_INS_LGB, 562 | SYSZ_INS_LGBR, 563 | SYSZ_INS_LGDR, 564 | SYSZ_INS_LGF, 565 | SYSZ_INS_LGFI, 566 | SYSZ_INS_LGFR, 567 | SYSZ_INS_LGFRL, 568 | SYSZ_INS_LGH, 569 | SYSZ_INS_LGHI, 570 | SYSZ_INS_LGHR, 571 | SYSZ_INS_LGHRL, 572 | SYSZ_INS_LGR, 573 | SYSZ_INS_LGRL, 574 | SYSZ_INS_LH, 575 | SYSZ_INS_LHH, 576 | SYSZ_INS_LHI, 577 | SYSZ_INS_LHR, 578 | SYSZ_INS_LHRL, 579 | SYSZ_INS_LHY, 580 | SYSZ_INS_LLC, 581 | SYSZ_INS_LLCH, 582 | SYSZ_INS_LLCR, 583 | SYSZ_INS_LLGC, 584 | SYSZ_INS_LLGCR, 585 | SYSZ_INS_LLGF, 586 | SYSZ_INS_LLGFR, 587 | SYSZ_INS_LLGFRL, 588 | SYSZ_INS_LLGH, 589 | SYSZ_INS_LLGHR, 590 | SYSZ_INS_LLGHRL, 591 | SYSZ_INS_LLH, 592 | SYSZ_INS_LLHH, 593 | SYSZ_INS_LLHR, 594 | SYSZ_INS_LLHRL, 595 | SYSZ_INS_LLIHF, 596 | SYSZ_INS_LLIHH, 597 | SYSZ_INS_LLIHL, 598 | SYSZ_INS_LLILF, 599 | SYSZ_INS_LLILH, 600 | SYSZ_INS_LLILL, 601 | SYSZ_INS_LMG, 602 | SYSZ_INS_LNDBR, 603 | SYSZ_INS_LNEBR, 604 | SYSZ_INS_LNGFR, 605 | SYSZ_INS_LNGR, 606 | SYSZ_INS_LNR, 607 | SYSZ_INS_LNXBR, 608 | SYSZ_INS_LPDBR, 609 | SYSZ_INS_LPEBR, 610 | SYSZ_INS_LPGFR, 611 | SYSZ_INS_LPGR, 612 | SYSZ_INS_LPR, 613 | SYSZ_INS_LPXBR, 614 | SYSZ_INS_LR, 615 | SYSZ_INS_LRL, 616 | SYSZ_INS_LRV, 617 | SYSZ_INS_LRVG, 618 | SYSZ_INS_LRVGR, 619 | SYSZ_INS_LRVR, 620 | SYSZ_INS_LT, 621 | SYSZ_INS_LTDBR, 622 | SYSZ_INS_LTEBR, 623 | SYSZ_INS_LTG, 624 | SYSZ_INS_LTGF, 625 | SYSZ_INS_LTGFR, 626 | SYSZ_INS_LTGR, 627 | SYSZ_INS_LTR, 628 | SYSZ_INS_LTXBR, 629 | SYSZ_INS_LXDB, 630 | SYSZ_INS_LXDBR, 631 | SYSZ_INS_LXEB, 632 | SYSZ_INS_LXEBR, 633 | SYSZ_INS_LXR, 634 | SYSZ_INS_LY, 635 | SYSZ_INS_LZDR, 636 | SYSZ_INS_LZER, 637 | SYSZ_INS_LZXR, 638 | SYSZ_INS_MADB, 639 | SYSZ_INS_MADBR, 640 | SYSZ_INS_MAEB, 641 | SYSZ_INS_MAEBR, 642 | SYSZ_INS_MDB, 643 | SYSZ_INS_MDBR, 644 | SYSZ_INS_MDEB, 645 | SYSZ_INS_MDEBR, 646 | SYSZ_INS_MEEB, 647 | SYSZ_INS_MEEBR, 648 | SYSZ_INS_MGHI, 649 | SYSZ_INS_MH, 650 | SYSZ_INS_MHI, 651 | SYSZ_INS_MHY, 652 | SYSZ_INS_MLG, 653 | SYSZ_INS_MLGR, 654 | SYSZ_INS_MS, 655 | SYSZ_INS_MSDB, 656 | SYSZ_INS_MSDBR, 657 | SYSZ_INS_MSEB, 658 | SYSZ_INS_MSEBR, 659 | SYSZ_INS_MSFI, 660 | SYSZ_INS_MSG, 661 | SYSZ_INS_MSGF, 662 | SYSZ_INS_MSGFI, 663 | SYSZ_INS_MSGFR, 664 | SYSZ_INS_MSGR, 665 | SYSZ_INS_MSR, 666 | SYSZ_INS_MSY, 667 | SYSZ_INS_MVC, 668 | SYSZ_INS_MVGHI, 669 | SYSZ_INS_MVHHI, 670 | SYSZ_INS_MVHI, 671 | SYSZ_INS_MVI, 672 | SYSZ_INS_MVIY, 673 | SYSZ_INS_MVST, 674 | SYSZ_INS_MXBR, 675 | SYSZ_INS_MXDB, 676 | SYSZ_INS_MXDBR, 677 | SYSZ_INS_N, 678 | SYSZ_INS_NC, 679 | SYSZ_INS_NG, 680 | SYSZ_INS_NGR, 681 | SYSZ_INS_NGRK, 682 | SYSZ_INS_NI, 683 | SYSZ_INS_NIHF, 684 | SYSZ_INS_NIHH, 685 | SYSZ_INS_NIHL, 686 | SYSZ_INS_NILF, 687 | SYSZ_INS_NILH, 688 | SYSZ_INS_NILL, 689 | SYSZ_INS_NIY, 690 | SYSZ_INS_NR, 691 | SYSZ_INS_NRK, 692 | SYSZ_INS_NY, 693 | SYSZ_INS_O, 694 | SYSZ_INS_OC, 695 | SYSZ_INS_OG, 696 | SYSZ_INS_OGR, 697 | SYSZ_INS_OGRK, 698 | SYSZ_INS_OI, 699 | SYSZ_INS_OIHF, 700 | SYSZ_INS_OIHH, 701 | SYSZ_INS_OIHL, 702 | SYSZ_INS_OILF, 703 | SYSZ_INS_OILH, 704 | SYSZ_INS_OILL, 705 | SYSZ_INS_OIY, 706 | SYSZ_INS_OR, 707 | SYSZ_INS_ORK, 708 | SYSZ_INS_OY, 709 | SYSZ_INS_PFD, 710 | SYSZ_INS_PFDRL, 711 | SYSZ_INS_RISBG, 712 | SYSZ_INS_RISBHG, 713 | SYSZ_INS_RISBLG, 714 | SYSZ_INS_RLL, 715 | SYSZ_INS_RLLG, 716 | SYSZ_INS_RNSBG, 717 | SYSZ_INS_ROSBG, 718 | SYSZ_INS_RXSBG, 719 | SYSZ_INS_S, 720 | SYSZ_INS_SDB, 721 | SYSZ_INS_SDBR, 722 | SYSZ_INS_SEB, 723 | SYSZ_INS_SEBR, 724 | SYSZ_INS_SG, 725 | SYSZ_INS_SGF, 726 | SYSZ_INS_SGFR, 727 | SYSZ_INS_SGR, 728 | SYSZ_INS_SGRK, 729 | SYSZ_INS_SH, 730 | SYSZ_INS_SHY, 731 | SYSZ_INS_SL, 732 | SYSZ_INS_SLB, 733 | SYSZ_INS_SLBG, 734 | SYSZ_INS_SLBR, 735 | SYSZ_INS_SLFI, 736 | SYSZ_INS_SLG, 737 | SYSZ_INS_SLBGR, 738 | SYSZ_INS_SLGF, 739 | SYSZ_INS_SLGFI, 740 | SYSZ_INS_SLGFR, 741 | SYSZ_INS_SLGR, 742 | SYSZ_INS_SLGRK, 743 | SYSZ_INS_SLL, 744 | SYSZ_INS_SLLG, 745 | SYSZ_INS_SLLK, 746 | SYSZ_INS_SLR, 747 | SYSZ_INS_SLRK, 748 | SYSZ_INS_SLY, 749 | SYSZ_INS_SQDB, 750 | SYSZ_INS_SQDBR, 751 | SYSZ_INS_SQEB, 752 | SYSZ_INS_SQEBR, 753 | SYSZ_INS_SQXBR, 754 | SYSZ_INS_SR, 755 | SYSZ_INS_SRA, 756 | SYSZ_INS_SRAG, 757 | SYSZ_INS_SRAK, 758 | SYSZ_INS_SRK, 759 | SYSZ_INS_SRL, 760 | SYSZ_INS_SRLG, 761 | SYSZ_INS_SRLK, 762 | SYSZ_INS_SRST, 763 | SYSZ_INS_ST, 764 | SYSZ_INS_STC, 765 | SYSZ_INS_STCH, 766 | SYSZ_INS_STCY, 767 | SYSZ_INS_STD, 768 | SYSZ_INS_STDY, 769 | SYSZ_INS_STE, 770 | SYSZ_INS_STEY, 771 | SYSZ_INS_STFH, 772 | SYSZ_INS_STG, 773 | SYSZ_INS_STGRL, 774 | SYSZ_INS_STH, 775 | SYSZ_INS_STHH, 776 | SYSZ_INS_STHRL, 777 | SYSZ_INS_STHY, 778 | SYSZ_INS_STMG, 779 | SYSZ_INS_STRL, 780 | SYSZ_INS_STRV, 781 | SYSZ_INS_STRVG, 782 | SYSZ_INS_STY, 783 | SYSZ_INS_SXBR, 784 | SYSZ_INS_SY, 785 | SYSZ_INS_TM, 786 | SYSZ_INS_TMHH, 787 | SYSZ_INS_TMHL, 788 | SYSZ_INS_TMLH, 789 | SYSZ_INS_TMLL, 790 | SYSZ_INS_TMY, 791 | SYSZ_INS_X, 792 | SYSZ_INS_XC, 793 | SYSZ_INS_XG, 794 | SYSZ_INS_XGR, 795 | SYSZ_INS_XGRK, 796 | SYSZ_INS_XI, 797 | SYSZ_INS_XIHF, 798 | SYSZ_INS_XILF, 799 | SYSZ_INS_XIY, 800 | SYSZ_INS_XR, 801 | SYSZ_INS_XRK, 802 | SYSZ_INS_XY, 803 | 804 | SYSZ_INS_ENDING, // <-- mark the end of the list of instructions 805 | } sysz_insn; 806 | 807 | //> Group of SystemZ instructions 808 | typedef enum sysz_insn_group { 809 | SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID 810 | 811 | //> Generic groups 812 | // all jump instructions (conditional+direct+indirect jumps) 813 | SYSZ_GRP_JUMP, // = CS_GRP_JUMP 814 | 815 | //> Architecture-specific groups 816 | SYSZ_GRP_DISTINCTOPS = 128, 817 | SYSZ_GRP_FPEXTENSION, 818 | SYSZ_GRP_HIGHWORD, 819 | SYSZ_GRP_INTERLOCKEDACCESS1, 820 | SYSZ_GRP_LOADSTOREONCOND, 821 | 822 | SYSZ_GRP_ENDING, // <-- mark the end of the list of groups 823 | } sysz_insn_group; 824 | 825 | #ifdef __cplusplus 826 | } 827 | #endif 828 | 829 | #endif 830 | -------------------------------------------------------------------------------- /PolyHook/Capstone/include/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Operand type for instruction's operands 19 | typedef enum xcore_op_type { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | // Instruction's operand referring to memory 27 | // This is associated with XCORE_OP_MEM operand type above 28 | typedef struct xcore_op_mem { 29 | uint8_t base; // base register 30 | uint8_t index; // index register 31 | int32_t disp; // displacement/offset value 32 | int direct; // +1: forward, -1: backward 33 | } xcore_op_mem; 34 | 35 | // Instruction operand 36 | typedef struct cs_xcore_op { 37 | xcore_op_type type; // operand type 38 | union { 39 | unsigned int reg; // register value for REG operand 40 | int32_t imm; // immediate value for IMM operand 41 | xcore_op_mem mem; // base/disp value for MEM operand 42 | }; 43 | } cs_xcore_op; 44 | 45 | // Instruction structure 46 | typedef struct cs_xcore { 47 | // Number of operands of this instruction, 48 | // or 0 when instruction has no operand. 49 | uint8_t op_count; 50 | cs_xcore_op operands[8]; // operands for this instruction. 51 | } cs_xcore; 52 | 53 | //> XCore registers 54 | typedef enum xcore_reg { 55 | XCORE_REG_INVALID = 0, 56 | 57 | XCORE_REG_CP, 58 | XCORE_REG_DP, 59 | XCORE_REG_LR, 60 | XCORE_REG_SP, 61 | XCORE_REG_R0, 62 | XCORE_REG_R1, 63 | XCORE_REG_R2, 64 | XCORE_REG_R3, 65 | XCORE_REG_R4, 66 | XCORE_REG_R5, 67 | XCORE_REG_R6, 68 | XCORE_REG_R7, 69 | XCORE_REG_R8, 70 | XCORE_REG_R9, 71 | XCORE_REG_R10, 72 | XCORE_REG_R11, 73 | 74 | //> pseudo registers 75 | XCORE_REG_PC, // pc 76 | 77 | // internal thread registers 78 | // see The-XMOS-XS1-Architecture(X7879A).pdf 79 | XCORE_REG_SCP, // save pc 80 | XCORE_REG_SSR, // save status 81 | XCORE_REG_ET, // exception type 82 | XCORE_REG_ED, // exception data 83 | XCORE_REG_SED, // save exception data 84 | XCORE_REG_KEP, // kernel entry pointer 85 | XCORE_REG_KSP, // kernel stack pointer 86 | XCORE_REG_ID, // thread ID 87 | 88 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 89 | } xcore_reg; 90 | 91 | //> XCore instruction 92 | typedef enum xcore_insn { 93 | XCORE_INS_INVALID = 0, 94 | 95 | XCORE_INS_ADD, 96 | XCORE_INS_ANDNOT, 97 | XCORE_INS_AND, 98 | XCORE_INS_ASHR, 99 | XCORE_INS_BAU, 100 | XCORE_INS_BITREV, 101 | XCORE_INS_BLA, 102 | XCORE_INS_BLAT, 103 | XCORE_INS_BL, 104 | XCORE_INS_BF, 105 | XCORE_INS_BT, 106 | XCORE_INS_BU, 107 | XCORE_INS_BRU, 108 | XCORE_INS_BYTEREV, 109 | XCORE_INS_CHKCT, 110 | XCORE_INS_CLRE, 111 | XCORE_INS_CLRPT, 112 | XCORE_INS_CLRSR, 113 | XCORE_INS_CLZ, 114 | XCORE_INS_CRC8, 115 | XCORE_INS_CRC32, 116 | XCORE_INS_DCALL, 117 | XCORE_INS_DENTSP, 118 | XCORE_INS_DGETREG, 119 | XCORE_INS_DIVS, 120 | XCORE_INS_DIVU, 121 | XCORE_INS_DRESTSP, 122 | XCORE_INS_DRET, 123 | XCORE_INS_ECALLF, 124 | XCORE_INS_ECALLT, 125 | XCORE_INS_EDU, 126 | XCORE_INS_EEF, 127 | XCORE_INS_EET, 128 | XCORE_INS_EEU, 129 | XCORE_INS_ENDIN, 130 | XCORE_INS_ENTSP, 131 | XCORE_INS_EQ, 132 | XCORE_INS_EXTDP, 133 | XCORE_INS_EXTSP, 134 | XCORE_INS_FREER, 135 | XCORE_INS_FREET, 136 | XCORE_INS_GETD, 137 | XCORE_INS_GET, 138 | XCORE_INS_GETN, 139 | XCORE_INS_GETR, 140 | XCORE_INS_GETSR, 141 | XCORE_INS_GETST, 142 | XCORE_INS_GETTS, 143 | XCORE_INS_INCT, 144 | XCORE_INS_INIT, 145 | XCORE_INS_INPW, 146 | XCORE_INS_INSHR, 147 | XCORE_INS_INT, 148 | XCORE_INS_IN, 149 | XCORE_INS_KCALL, 150 | XCORE_INS_KENTSP, 151 | XCORE_INS_KRESTSP, 152 | XCORE_INS_KRET, 153 | XCORE_INS_LADD, 154 | XCORE_INS_LD16S, 155 | XCORE_INS_LD8U, 156 | XCORE_INS_LDA16, 157 | XCORE_INS_LDAP, 158 | XCORE_INS_LDAW, 159 | XCORE_INS_LDC, 160 | XCORE_INS_LDW, 161 | XCORE_INS_LDIVU, 162 | XCORE_INS_LMUL, 163 | XCORE_INS_LSS, 164 | XCORE_INS_LSUB, 165 | XCORE_INS_LSU, 166 | XCORE_INS_MACCS, 167 | XCORE_INS_MACCU, 168 | XCORE_INS_MJOIN, 169 | XCORE_INS_MKMSK, 170 | XCORE_INS_MSYNC, 171 | XCORE_INS_MUL, 172 | XCORE_INS_NEG, 173 | XCORE_INS_NOT, 174 | XCORE_INS_OR, 175 | XCORE_INS_OUTCT, 176 | XCORE_INS_OUTPW, 177 | XCORE_INS_OUTSHR, 178 | XCORE_INS_OUTT, 179 | XCORE_INS_OUT, 180 | XCORE_INS_PEEK, 181 | XCORE_INS_REMS, 182 | XCORE_INS_REMU, 183 | XCORE_INS_RETSP, 184 | XCORE_INS_SETCLK, 185 | XCORE_INS_SET, 186 | XCORE_INS_SETC, 187 | XCORE_INS_SETD, 188 | XCORE_INS_SETEV, 189 | XCORE_INS_SETN, 190 | XCORE_INS_SETPSC, 191 | XCORE_INS_SETPT, 192 | XCORE_INS_SETRDY, 193 | XCORE_INS_SETSR, 194 | XCORE_INS_SETTW, 195 | XCORE_INS_SETV, 196 | XCORE_INS_SEXT, 197 | XCORE_INS_SHL, 198 | XCORE_INS_SHR, 199 | XCORE_INS_SSYNC, 200 | XCORE_INS_ST16, 201 | XCORE_INS_ST8, 202 | XCORE_INS_STW, 203 | XCORE_INS_SUB, 204 | XCORE_INS_SYNCR, 205 | XCORE_INS_TESTCT, 206 | XCORE_INS_TESTLCL, 207 | XCORE_INS_TESTWCT, 208 | XCORE_INS_TSETMR, 209 | XCORE_INS_START, 210 | XCORE_INS_WAITEF, 211 | XCORE_INS_WAITET, 212 | XCORE_INS_WAITEU, 213 | XCORE_INS_XOR, 214 | XCORE_INS_ZEXT, 215 | 216 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 217 | } xcore_insn; 218 | 219 | //> Group of XCore instructions 220 | typedef enum xcore_insn_group { 221 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 222 | 223 | //> Generic groups 224 | // all jump instructions (conditional+direct+indirect jumps) 225 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 226 | 227 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 228 | } xcore_insn_group; 229 | 230 | #ifdef __cplusplus 231 | } 232 | #endif 233 | 234 | #endif 235 | -------------------------------------------------------------------------------- /PolyHook/Capstone/msvc/x64/Debug/capstone.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stevemk14ebr/UniHook/0d542ff5b9439bc48898dec648df06e5c43f7a61/PolyHook/Capstone/msvc/x64/Debug/capstone.lib -------------------------------------------------------------------------------- /PolyHook/Capstone/msvc/x64/Release/capstone.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stevemk14ebr/UniHook/0d542ff5b9439bc48898dec648df06e5c43f7a61/PolyHook/Capstone/msvc/x64/Release/capstone.lib -------------------------------------------------------------------------------- /PolyHook/Capstone/msvc/x86/Debug/capstone.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stevemk14ebr/UniHook/0d542ff5b9439bc48898dec648df06e5c43f7a61/PolyHook/Capstone/msvc/x86/Debug/capstone.lib -------------------------------------------------------------------------------- /PolyHook/Capstone/msvc/x86/Release/capstone.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stevemk14ebr/UniHook/0d542ff5b9439bc48898dec648df06e5c43f7a61/PolyHook/Capstone/msvc/x86/Release/capstone.lib -------------------------------------------------------------------------------- /PolyHook/LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Stephen Eckels 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /PolyHook/PolyHook.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.23107.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PolyHook", "PolyHook\PolyHook.vcxproj", "{64269F60-A538-4327-82EE-AB4BF4766CE9}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Debug|x64.ActiveCfg = Debug|x64 17 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Debug|x64.Build.0 = Debug|x64 18 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Debug|x86.ActiveCfg = Debug|Win32 19 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Debug|x86.Build.0 = Debug|Win32 20 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Release|x64.ActiveCfg = Release|x64 21 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Release|x64.Build.0 = Release|x64 22 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Release|x86.ActiveCfg = Release|Win32 23 | {64269F60-A538-4327-82EE-AB4BF4766CE9}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /PolyHook/PolyHook/Main.cpp: -------------------------------------------------------------------------------- 1 | // PolyHook.cpp : Defines the entry point for the console application. 2 | // 3 | #include 4 | #include "PolyHook.h" 5 | #define PLH_SHOW_DEBUG_MESSAGES 1 //To print messages even in release 6 | 7 | typedef int(__stdcall* tMessageBoxA)(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType); 8 | tMessageBoxA oMessageBoxA; 9 | 10 | typedef void(__stdcall* tVirtNoParams)(DWORD_PTR pThis); 11 | tVirtNoParams oVirtNoParams; 12 | 13 | typedef void(__stdcall* tGetCurrentThreadId)(); 14 | tGetCurrentThreadId oGetCurrentThreadID; 15 | 16 | typedef int(__stdcall* tVEH)(int intparam); 17 | tVEH oVEHTest; 18 | 19 | std::shared_ptr VEHHook_Ex; 20 | 21 | DWORD __stdcall hkGetCurrentThreadId() 22 | { 23 | printf("Called hkGetCurrentThreadID\n"); 24 | return 1337; 25 | } 26 | 27 | int __stdcall hkMessageBoxA(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) 28 | { 29 | printf("In Hook\n"); 30 | int Result =oMessageBoxA(hWnd, (LPCTSTR)"Hooked", lpCaption, uType); 31 | printf("Still here\n"); 32 | return Result; 33 | } 34 | 35 | void __stdcall hkVirtNoParams(DWORD_PTR pThis) 36 | { 37 | printf("hk Virt Called\n"); 38 | return oVirtNoParams(pThis); 39 | } 40 | 41 | __declspec(noinline) int __stdcall VEHTest(int param) 42 | { 43 | printf("VEHFunc %d\n",param); 44 | return 3; 45 | } 46 | 47 | __declspec(noinline) int __stdcall hkVEHTest(int param) 48 | { 49 | printf("hkVEH %d\n",param); 50 | auto ProtectionObject = VEHHook_Ex->GetProtectionObject(); 51 | 52 | return oVEHTest(param); 53 | } 54 | 55 | class VirtualTest 56 | { 57 | public: 58 | virtual void NoParamVirt() 59 | { 60 | volatile int x = 0; 61 | printf("Called Virt\n"); 62 | } 63 | virtual void BS() 64 | { 65 | volatile int y = 0; 66 | } 67 | }; 68 | 69 | int _tmain(int argc, _TCHAR* argv[]) 70 | { 71 | std::vector> Hooks; 72 | 73 | ///X86/x64 Detour Example 74 | std::shared_ptr Detour_Ex(new PLH::Detour); 75 | Detour_Ex->SetupHook((BYTE*)&MessageBoxA,(BYTE*) &hkMessageBoxA); //can cast to byte* to 76 | Detour_Ex->Hook(); 77 | oMessageBoxA = Detour_Ex->GetOriginal(); 78 | MessageBoxA(NULL, "Message", "Sample", MB_OK); 79 | Detour_Ex->UnHook(); 80 | MessageBoxA(NULL, "Message", "Sample", MB_OK); 81 | Hooks.push_back(Detour_Ex); 82 | 83 | ///x86/x64 IAT Hook Example 84 | //std::shared_ptr IATHook_Ex(new PLH::IATHook); 85 | //IATHook_Ex->SetupHook("kernel32.dll", "GetCurrentThreadId", (BYTE*)&hkGetCurrentThreadId); 86 | //IATHook_Ex->Hook(); 87 | //oGetCurrentThreadID = IATHook_Ex->GetOriginal(); 88 | //printf("Thread ID:%d \n", GetCurrentThreadId()); 89 | //IATHook_Ex->UnHook(); 90 | //printf("Real Thread ID:%d\n", GetCurrentThreadId()); 91 | //Hooks.push_back(IATHook_Ex); 92 | 93 | std::shared_ptr ClassToHook(new VirtualTest); 94 | ///x86/x64 VFuncDetour Example 95 | /*std::shared_ptr VFuncDetour_Ex(new PLH::VFuncDetour); 96 | VFuncDetour_Ex->SetupHook(*(BYTE***)ClassToHook.get(), 0, (BYTE*)&hkVirtNoParams); 97 | VFuncDetour_Ex->Hook(); 98 | oVirtNoParams = VFuncDetour_Ex->GetOriginal(); 99 | ClassToHook->NoParamVirt(); 100 | VFuncDetour_Ex->UnHook(); 101 | ClassToHook->NoParamVirt(); 102 | Hooks.push_back(VFuncDetour_Ex);*/ 103 | 104 | ///x86/x64 VFuncSwap Example 105 | //std::shared_ptr VFuncSwap_Ex(new PLH::VFuncSwap); 106 | //VFuncSwap_Ex->SetupHook(*(BYTE***)ClassToHook.get(), 0, (BYTE*)&hkVirtNoParams); 107 | //VFuncSwap_Ex->Hook(); 108 | //oVirtNoParams = VFuncSwap_Ex->GetOriginal(); 109 | //ClassToHook->NoParamVirt(); 110 | //VFuncSwap_Ex->UnHook(); 111 | //ClassToHook->NoParamVirt(); 112 | //Hooks.push_back(VFuncSwap_Ex); 113 | 114 | ///x86/x64 VTableSwap Example 115 | /*std::shared_ptr VTableSwap_Ex(new PLH::VTableSwap); 116 | VTableSwap_Ex->SetupHook((BYTE*)ClassToHook.get(), 0, (BYTE*)&hkVirtNoParams); 117 | VTableSwap_Ex->Hook(); 118 | oVirtNoParams = VTableSwap_Ex->GetOriginal(); 119 | ClassToHook->NoParamVirt(); 120 | VTableSwap_Ex->UnHook(); 121 | ClassToHook->NoParamVirt(); 122 | Hooks.push_back(VTableSwap_Ex);*/ 123 | 124 | /*!!!!IMPORTANT!!!!!: Since this demo is small it's possible for internal methods to be on the same memory page 125 | as the VEHTest function. If that happens the GUARD_PAGE type method will fail with an unexpected exception. 126 | If this method is used in larger applications this risk is incredibly small, to the point where it should not 127 | be worried about. You CANNOT run this demo under a debugger when using VEH type 128 | */ 129 | ///x86/x64 VEH Example (GUARD_PAGE and INT3_BP) 130 | /*VEHHook_Ex = std::make_shared(); 131 | VEHHook_Ex->SetupHook((BYTE*)&VEHTest, (BYTE*)&hkVEHTest, PLH::VEHHook::VEHMethod::INT3_BP); 132 | VEHHook_Ex->Hook(); 133 | oVEHTest = VEHHook_Ex->GetOriginal(); 134 | VEHTest(3); 135 | VEHHook_Ex->UnHook(); 136 | VEHTest(1); 137 | Hooks.push_back(VEHHook_Ex);*/ 138 | 139 | for (auto&& HookInstance : Hooks) 140 | { 141 | HookInstance->PrintError(HookInstance->GetLastError()); 142 | } 143 | Sleep(100000); 144 | return 0; 145 | } 146 | -------------------------------------------------------------------------------- /PolyHook/PolyHook/PolyHook.h: -------------------------------------------------------------------------------- 1 | #ifndef POLYHOOK_H 2 | #define POLYHOOK_H 3 | #include 4 | #include "../Capstone/include/capstone.h" 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #pragma comment(lib,"Dbghelp.lib") 12 | #pragma comment(lib,"capstone.lib") 13 | 14 | namespace PLH { 15 | class ASMHelper 16 | { 17 | public: 18 | enum DISP 19 | { 20 | D_INT64 = 8, 21 | D_INT32 = 4, 22 | D_INT16 = 2, 23 | D_INT8 = 1, 24 | D_INVALID = -1 25 | }; 26 | DISP GetDisplacementType(const uint8_t DispVal) 27 | { 28 | switch (DispVal) 29 | { 30 | case 1: 31 | return DISP::D_INT8; 32 | case 2: 33 | return DISP::D_INT16; 34 | case 4: 35 | return DISP::D_INT32; 36 | case 8: 37 | return DISP::D_INT64; 38 | default: 39 | return DISP::D_INVALID; 40 | } 41 | } 42 | bool IsConditionalJump(const BYTE* bytes,const uint16_t Size) 43 | { 44 | //http://unixwiz.net/techtips/x86-jumps.html 45 | if (Size < 1) 46 | return false; 47 | 48 | if (bytes[0] == 0x0F && Size > 1) 49 | { 50 | if (bytes[1] >= 0x80 && bytes[1] <= 0x8F) 51 | return true; 52 | } 53 | 54 | if (bytes[0] >= 0x70 && bytes[0] <= 0x7F) 55 | return true; 56 | 57 | if (bytes[0] == 0xE3) 58 | return true; 59 | 60 | return false; 61 | } 62 | 63 | template 64 | T GetDisplacement(BYTE* Instruction, const uint32_t Offset) 65 | { 66 | T Disp; 67 | memset(&Disp, 0x00, sizeof(T)); 68 | memcpy(&Disp, &Instruction[Offset], sizeof(T)); 69 | return Disp; 70 | } 71 | }; 72 | 73 | class RuntimeError 74 | { 75 | public: 76 | enum class Severity 77 | { 78 | Warning, //Might have an issue 79 | Critical, //Definitely have an issue, but it's not serious 80 | UnRecoverable, //Definitely have an issue, it's serious 81 | NoError //Default 82 | }; 83 | RuntimeError(); 84 | RuntimeError(Severity Sev, const std::string& Msg); 85 | virtual ~RuntimeError() = default; 86 | const Severity GetSeverity() const; 87 | const std::string GetString() const; 88 | private: 89 | Severity m_Severity; 90 | std::string m_Message; 91 | }; 92 | 93 | enum class HookType 94 | { 95 | X86Detour, 96 | X64Detour, 97 | VFuncSwap, 98 | VFuncDetour, 99 | VTableSwap, 100 | IAT, 101 | VEH, 102 | UNKNOWN 103 | }; 104 | class IHook 105 | { 106 | public: 107 | IHook() = default; 108 | IHook(IHook&& other) = default; //move 109 | IHook& operator=(IHook&& other) = default;//move assignment 110 | IHook(const IHook& other) = delete; //copy 111 | IHook& operator=(const IHook& other) = delete; //copy assignment 112 | virtual ~IHook() = default; 113 | 114 | virtual bool Hook() = 0; 115 | virtual void UnHook() = 0; 116 | virtual HookType GetType() = 0; 117 | 118 | virtual RuntimeError GetLastError() const; 119 | virtual void PrintError(const RuntimeError& Err) const; 120 | 121 | protected: 122 | virtual void PostError(const RuntimeError& Err); 123 | RuntimeError m_LastError; 124 | }; 125 | 126 | class AbstractDetour :public IHook 127 | { 128 | public: 129 | AbstractDetour(); 130 | AbstractDetour(const AbstractDetour& other) = delete; 131 | AbstractDetour& operator=(const AbstractDetour& other) = delete; 132 | virtual ~AbstractDetour(); 133 | 134 | template 135 | void SetupHook(T* Src, T* Dest) 136 | { 137 | SetupHook((BYTE*)Src, (BYTE*)Dest); 138 | } 139 | void SetupHook(BYTE* Src, BYTE* Dest); 140 | 141 | virtual void UnHook() override; 142 | 143 | template 144 | T GetOriginal() 145 | { 146 | return (T)m_Trampoline; 147 | } 148 | protected: 149 | template 150 | T CalculateRelativeDisplacement(DWORD64 From, DWORD64 To, DWORD InsSize) 151 | { 152 | if (To < From) 153 | return 0 - (From - To) - InsSize; 154 | return To - (From + InsSize); 155 | } 156 | DWORD CalculateLength(BYTE* Src, DWORD NeededLength); 157 | void RelocateASM(BYTE* Code, DWORD& CodeSize, DWORD64 From, DWORD64 To); 158 | void _Relocate(cs_insn* CurIns, DWORD64 From, DWORD64 To, const uint8_t DispSize, const uint8_t DispOffset); 159 | void RelocateConditionalJMP(cs_insn* CurIns, DWORD& CodeSize, DWORD64 From, DWORD64 To, const uint8_t DispSize, const uint8_t DispOffset); 160 | virtual x86_reg GetIpReg() = 0; 161 | virtual void FreeTrampoline() = 0; 162 | virtual void WriteJMP(DWORD_PTR From, DWORD_PTR To) = 0; 163 | virtual int GetJMPSize() = 0; 164 | void FlushSrcInsCache(); 165 | void Initialize(cs_mode Mode); 166 | csh m_CapstoneHandle; 167 | ASMHelper m_ASMInfo; 168 | 169 | BYTE m_OriginalCode[64]; 170 | DWORD m_OriginalLength; 171 | BYTE* m_Trampoline; 172 | bool m_NeedFree; 173 | BYTE* m_hkSrc; 174 | BYTE* m_hkDest; 175 | DWORD m_hkLength; 176 | cs_mode m_CapMode; 177 | }; 178 | 179 | #ifndef _WIN64 180 | #define Detour X86Detour 181 | //x86 5 Byte Detour 182 | class X86Detour :public AbstractDetour 183 | { 184 | public: 185 | friend class VFuncDetour; 186 | X86Detour(); 187 | X86Detour(X86Detour&& other) = default; //move 188 | X86Detour& operator=(X86Detour&& other) = default;//move assignment 189 | X86Detour(const X86Detour& other) = delete; //copy 190 | X86Detour& operator=(const X86Detour& other) = delete; //copy assignment 191 | virtual ~X86Detour(); 192 | 193 | virtual bool Hook() override; 194 | virtual HookType GetType() override; 195 | protected: 196 | virtual x86_reg GetIpReg() override; 197 | virtual void FreeTrampoline(); 198 | virtual void WriteJMP(DWORD_PTR From, DWORD_PTR To); 199 | virtual int GetJMPSize(); 200 | private: 201 | void WriteRelativeJMP(DWORD Destination, DWORD JMPDestination); 202 | }; 203 | #else 204 | #define Detour X64Detour 205 | //X64 6 Byte Detour 206 | class X64Detour :public AbstractDetour 207 | { 208 | public: 209 | friend class VFuncDetour; 210 | //Credits DarthTon, evolution536 211 | X64Detour(); 212 | X64Detour(X64Detour&& other) = default; //move 213 | X64Detour& operator=(X64Detour&& other) = default;//move assignment 214 | X64Detour(const X64Detour& other) = delete; //copy 215 | X64Detour& operator=(const X64Detour& other) = delete; //copy assignment 216 | virtual ~X64Detour(); 217 | 218 | virtual bool Hook() override; 219 | virtual HookType GetType() override; 220 | protected: 221 | virtual x86_reg GetIpReg() override; 222 | virtual void FreeTrampoline() override; 223 | virtual void WriteJMP(DWORD_PTR From, DWORD_PTR To) override; 224 | virtual int GetJMPSize() override; 225 | private: 226 | void WriteAbsoluteJMP(DWORD64 Destination, DWORD64 JMPDestination); 227 | }; 228 | #endif //END _WIN64 IFDEF 229 | 230 | //Swap Virtual Function Pointer to Destination 231 | class VFuncSwap : public IHook 232 | { 233 | public: 234 | VFuncSwap() = default; 235 | VFuncSwap(VFuncSwap&& other) = default; 236 | VFuncSwap& operator=(VFuncSwap&& other) = default; 237 | VFuncSwap(const VFuncSwap& other) = delete; 238 | VFuncSwap& operator=(const VFuncSwap& other) = delete; 239 | virtual ~VFuncSwap() = default; 240 | 241 | virtual bool Hook() override; 242 | virtual void UnHook() override; 243 | virtual HookType GetType() override; 244 | 245 | void SetupHook(BYTE** Vtable, const int Index, BYTE* Dest); 246 | template 247 | T GetOriginal() 248 | { 249 | return (T)m_OrigVFunc; 250 | } 251 | private: 252 | BYTE** m_hkVtable; 253 | BYTE* m_hkDest; 254 | BYTE* m_OrigVFunc; 255 | int m_hkIndex; 256 | }; 257 | 258 | //Detour the Function the VTable Points to 259 | class VFuncDetour :public IHook 260 | { 261 | public: 262 | VFuncDetour(); 263 | VFuncDetour(VFuncDetour&& other) = default; //move 264 | VFuncDetour& operator=(VFuncDetour&& other) = default;//move assignment 265 | VFuncDetour(const VFuncDetour& other) = delete; //copy 266 | VFuncDetour& operator=(const VFuncDetour& other) = delete; //copy assignment 267 | virtual ~VFuncDetour(); 268 | 269 | virtual bool Hook() override; 270 | virtual void UnHook() override; 271 | virtual HookType GetType() override; 272 | 273 | void SetupHook(BYTE** Vtable, const int Index, BYTE* Dest); 274 | template 275 | T GetOriginal() 276 | { 277 | return m_Detour->GetOriginal(); 278 | } 279 | virtual RuntimeError GetLastError() const override; 280 | protected: 281 | virtual void PostError(const RuntimeError& Err) override; 282 | private: 283 | std::unique_ptr m_Detour; 284 | }; 285 | 286 | //Credit to Dogmatt for IsValidPtr 287 | #ifdef _WIN64 288 | #define _PTR_MAX_VALUE ((PVOID)0x000F000000000000) 289 | #else 290 | #define _PTR_MAX_VALUE ((PVOID)0xFFF00000) 291 | #endif 292 | __forceinline bool IsValidPtr(PVOID p) { return (p >= (PVOID)0x10000) && (p < _PTR_MAX_VALUE) && p != nullptr; } 293 | 294 | class VTableSwap : public IHook 295 | { 296 | public: 297 | VTableSwap(); 298 | VTableSwap(VTableSwap&& other) = default; //move 299 | VTableSwap& operator=(VTableSwap&& other) = default;//move assignment 300 | VTableSwap(const VTableSwap& other) = delete; //copy 301 | VTableSwap& operator=(const VTableSwap& other) = delete; //copy assignment 302 | virtual ~VTableSwap(); 303 | 304 | virtual bool Hook() override; 305 | virtual HookType GetType() override; 306 | 307 | template 308 | T HookAdditional(const int Index, BYTE* Dest) 309 | { 310 | //The makes sure we called Hook first 311 | if (!m_NeedFree) 312 | return nullptr; 313 | 314 | m_NewVtable[Index] = Dest; 315 | return (T)m_OrigVtable[Index]; 316 | } 317 | virtual void UnHook() override; 318 | void SetupHook(BYTE* pClass, const int Index, BYTE* Dest); 319 | template 320 | T GetOriginal() 321 | { 322 | return (T)m_hkOriginal; 323 | } 324 | private: 325 | int GetVFuncCount(BYTE** pVtable); 326 | void FreeNewVtable(); 327 | BYTE** m_NewVtable; 328 | BYTE** m_OrigVtable; 329 | BYTE*** m_phkClass; 330 | BYTE* m_hkDest; 331 | BYTE* m_hkOriginal; 332 | int m_hkIndex; 333 | int m_VFuncCount; 334 | bool m_NeedFree; 335 | }; 336 | 337 | #define ResolveRVA(base,rva) (( (BYTE*)base) +rva) 338 | class IATHook:public IHook 339 | { 340 | public: 341 | IATHook() = default; 342 | IATHook(IATHook&& other) = default; //move 343 | IATHook& operator=(IATHook&& other) = default;//move assignment 344 | IATHook(const IATHook& other) = delete; //copy 345 | IATHook& operator=(const IATHook& other) = delete; //copy assignment 346 | virtual ~IATHook() = default; 347 | 348 | virtual bool Hook() override; 349 | virtual void UnHook() override; 350 | virtual HookType GetType() override; 351 | 352 | template 353 | T GetOriginal() 354 | { 355 | return (T)m_pIATFuncOrig; 356 | } 357 | void SetupHook(const char* LibraryName,const char* SrcFunc, BYTE* Dest,const char* Module = ""); 358 | private: 359 | bool FindIATFunc(const char* LibraryName,const char* FuncName,PIMAGE_THUNK_DATA* pFuncThunkOut,const char* Module = ""); 360 | std::string m_hkSrcFunc; 361 | std::string m_hkLibraryName; 362 | std::string m_hkModuleName; 363 | BYTE* m_hkDest; 364 | void* m_pIATFuncOrig; 365 | }; 366 | 367 | template 368 | class FinalAction { 369 | public: 370 | FinalAction(Func f) :FinalActionFunc(std::move(f)) {} 371 | ~FinalAction() 372 | { 373 | FinalActionFunc(); 374 | } 375 | private: 376 | Func FinalActionFunc; 377 | 378 | /*Uses RAII to call a final function on destruction 379 | C++ 11 version of java's finally (kindof)*/ 380 | }; 381 | 382 | template 383 | FinalAction finally(F f) { 384 | return FinalAction(f); 385 | } 386 | 387 | class MemoryProtect 388 | { 389 | public: 390 | MemoryProtect(void* Address, size_t Size, DWORD ProtectionFlags); 391 | ~MemoryProtect(); 392 | private: 393 | bool Protect(void* Address, size_t Size, DWORD ProtectionFlags); 394 | void* m_Address; 395 | size_t m_Size; 396 | DWORD m_Flags; 397 | DWORD m_OldProtection; 398 | }; 399 | 400 | class VEHHook : public IHook 401 | { 402 | public: 403 | enum class VEHMethod 404 | { 405 | INT3_BP, 406 | HARDWARE_BP, 407 | GUARD_PAGE, 408 | ERROR_TYPE 409 | }; 410 | VEHHook(); 411 | VEHHook(VEHHook&& other) = default; //move 412 | VEHHook& operator=(VEHHook&& other) = default;//move assignment 413 | VEHHook(const VEHHook& other) = delete; //copy 414 | VEHHook& operator=(const VEHHook& other) = delete; //copy assignment 415 | virtual ~VEHHook() = default; 416 | 417 | virtual bool Hook() override; 418 | virtual void UnHook() override; 419 | virtual HookType GetType() override; 420 | 421 | template 422 | T GetOriginal() 423 | { 424 | return (T)m_ThisCtx.m_Src; 425 | } 426 | void SetupHook(BYTE* Src, BYTE* Dest,VEHMethod Method); 427 | 428 | auto GetProtectionObject() 429 | { 430 | //Return an object to restore INT3_BP after callback is done 431 | return finally([&]() { 432 | if (m_ThisCtx.m_Type == VEHMethod::INT3_BP) 433 | { 434 | MemoryProtect Protector(m_ThisCtx.m_Src, 1, PAGE_EXECUTE_READWRITE); 435 | *m_ThisCtx.m_Src = 0xCC; 436 | }else if (m_ThisCtx.m_Type == VEHMethod::GUARD_PAGE) { 437 | DWORD OldProtection; 438 | VirtualProtect(m_ThisCtx.m_Src, 1, PAGE_EXECUTE_READWRITE | PAGE_GUARD, &OldProtection); 439 | } 440 | }); 441 | } 442 | protected: 443 | struct HookCtx { 444 | VEHMethod m_Type; 445 | BYTE* m_Src; 446 | BYTE* m_Dest; 447 | BYTE m_StorageByte; 448 | /*Different methods store different things in this byte, 449 | INT3_BP = hold the byte overwritten 450 | HARDWARE_BP = the index of the debug register we used 451 | GUARD_PAGE = unused*/ 452 | 453 | HookCtx(BYTE* Src, BYTE* Dest,VEHMethod Method) 454 | { 455 | m_Dest = Dest; 456 | m_Src = Src; 457 | m_Type = Method; 458 | } 459 | HookCtx() 460 | { 461 | m_Type = VEHMethod::ERROR_TYPE; 462 | } 463 | friend bool operator==(const HookCtx& Ctx1, const HookCtx& Ctx2) 464 | { 465 | if (Ctx1.m_Dest == Ctx2.m_Dest && Ctx1.m_Src == Ctx2.m_Src && Ctx1.m_Type == Ctx2.m_Type) 466 | return true; 467 | return false; 468 | } 469 | }; 470 | private: 471 | static bool AreInSamePage(BYTE* Addr1, BYTE* Addr2); 472 | static LONG CALLBACK VEHHandler(EXCEPTION_POINTERS* ExceptionInfo); 473 | static std::vector m_HookTargets; 474 | static std::mutex m_TargetMutex; 475 | HookCtx m_ThisCtx; 476 | DWORD m_PageSize; 477 | }; 478 | }//end PLH namespace 479 | #endif//end include guard -------------------------------------------------------------------------------- /PolyHook/PolyHook/PolyHook.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {64269F60-A538-4327-82EE-AB4BF4766CE9} 23 | Win32Proj 24 | PolyHook 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | $(IncludePath) 75 | ../Capstone/msvc/x86/Debug;$(LibraryPath) 76 | 77 | 78 | true 79 | $(IncludePath) 80 | ../Capstone/msvc/x64/Debug;$(LibraryPath) 81 | 82 | 83 | false 84 | $(IncludePath) 85 | ../Capstone/msvc/x86/Release;$(LibraryPath) 86 | 87 | 88 | false 89 | $(IncludePath) 90 | ../Capstone/msvc/x64/Release;$(LibraryPath) 91 | 92 | 93 | 94 | NotUsing 95 | Level3 96 | Disabled 97 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 98 | true 99 | MultiThreadedDebug 100 | 101 | 102 | Console 103 | true 104 | 105 | 106 | 107 | 108 | NotUsing 109 | Level3 110 | Disabled 111 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 112 | true 113 | MultiThreadedDebug 114 | 115 | 116 | Console 117 | true 118 | 119 | 120 | 121 | 122 | Level3 123 | NotUsing 124 | Full 125 | true 126 | true 127 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 128 | true 129 | MultiThreaded 130 | 131 | 132 | Console 133 | true 134 | true 135 | true 136 | 137 | 138 | 139 | 140 | Level3 141 | NotUsing 142 | Full 143 | true 144 | true 145 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 146 | true 147 | MultiThreaded 148 | 149 | 150 | Console 151 | true 152 | true 153 | true 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | -------------------------------------------------------------------------------- /PolyHook/PolyHook/PolyHook.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | 26 | 27 | Source Files 28 | 29 | 30 | Source Files 31 | 32 | 33 | -------------------------------------------------------------------------------- /PolyHook/README.md: -------------------------------------------------------------------------------- 1 | # PolyHook - x86/x64 Hooking Library 2 | **Provides abstract C++ 11 interface for various hooking methods** 3 | 4 | #Hooking Methods*: 5 | 6 | 1. **_Detour_** 7 | * Description: Modifies opcode to jmp to hook and allocates a trampoline for jmp back 8 | * Length Disassembler Support (Capstone) 9 | * Supports Code Relocation, including EIP/RIP relative instructions 10 | 11 | 2. **_Virtual Function Detour_** : 12 | * Description: Detours the function pointed to by the Vtable 13 | 14 | 3. **_Virtual Function Pointer Swap_** 15 | * Description: Swaps the pointer in the Vtable to your hook 16 | 17 | 4. **_Virtual Table Pointer Swap_** 18 | * Description: Swaps the Vtable pointer after copying pointers in source Vtable, 19 | then swaps virtual function pointer in the new copy 20 | 21 | 5. **Import Address Table** 22 | * Description: Swaps pointer in the import address table to the hook 23 | 24 | 6. **VEH** 25 | * Description: Intercepts an exception generated on purpose, sets instruction pointer to handler, then resets exception generating mechanism 26 | * Methods to generate exception: INT3 Breakpoints, Guard Page violations. 27 | * **Note**: it is important to call the GetProtectionObject function INSIDE of your callback as per my example for all VEH hooks 28 | * Other exception generation methods are in development 29 | 30 | * All methods support x86 and x64 31 | * Relies on modified capstone branch https://github.com/stevemk14ebr/capstone 32 | * More Information can be found at the wiki to the right 33 | 34 | Credits to DarthTon, evolution536, Dogmatt 35 | 36 | #LICENSE: 37 | MIT 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # UniHook 2 | 3 | *Pre-Alpha Source Code, seriously there are issues!! THIS IS A POC*. This is an example project on how to use PolyHook to intercept ANY arbitrary function, without knowing it's typedef. It hooks the specified function and calls an "Interupt" function before and after executing the original hooked function. This is useful for cases where someone may wish to time how long a function takes to execute. This relies both on PolyHook,and it's dependancy Capstone (the modified branch in my GitHub). 4 | 5 | # How it works: 6 | 7 | It allocates a callback at runtime that PolyHook redirects the hooked function to. This callback is filled with assembly at runtime that will handle executing the intercepts, and the original function. This is done by first storing all registers, calling the intercept, and restoring the registers, then it calls the original function, and repeats the register storing and poping before it calls the second interupt and returns to the caller of the hooked function. 8 | 9 | Caller->Store Regs->Interupt1->Restore Regs->Original Hooked Func->Store Regs->Interupt2->Restore Regs->Return to Caller 10 | 11 | # Project Setup 12 | 13 | This demo has 3 core parts 14 | 15 | 1. PolyHook for hooking backend 16 | * PolyHook relies on Capstone for disassembly 17 | 2. UniHook dll which uses polyhook, and then creates runtime callbacks 18 | 3. UniHook loader which injects the UniHook dll, and sends it commands via a shared memory queue/stack system 19 | * Shared memory synchronization is done through the Shared Memory Mutex object, which uses a WINAPI named mutex, this object can be managed by c++11's locking wrappers such as lock_guard 20 | 21 | # LIMITATIONS 22 | 1. No XMM registers or SIMD instructions can be used when compiling in x64, my variation of pusha and popa doesn't restore these. 23 | 2. Possible stack alignment issues may exist when the original function is executed after the first interupt 24 | 3. A heap corruption bug is floating around somewhere 25 | 26 | # LICENSE 27 | MIT 28 | -------------------------------------------------------------------------------- /UniHook.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.23107.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "UniHook", "UniHook\UniHook.vcxproj", "{77644EB0-B708-418D-997B-15A16110DBF2}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "UniHookLoader", "UniHookLoader\UniHookLoader.vcxproj", "{C379F1C4-1DFB-4D55-8CE5-402ACB352E83}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {77644EB0-B708-418D-997B-15A16110DBF2}.Debug|x64.ActiveCfg = Debug|x64 19 | {77644EB0-B708-418D-997B-15A16110DBF2}.Debug|x64.Build.0 = Debug|x64 20 | {77644EB0-B708-418D-997B-15A16110DBF2}.Debug|x86.ActiveCfg = Debug|Win32 21 | {77644EB0-B708-418D-997B-15A16110DBF2}.Debug|x86.Build.0 = Debug|Win32 22 | {77644EB0-B708-418D-997B-15A16110DBF2}.Release|x64.ActiveCfg = Release|x64 23 | {77644EB0-B708-418D-997B-15A16110DBF2}.Release|x64.Build.0 = Release|x64 24 | {77644EB0-B708-418D-997B-15A16110DBF2}.Release|x86.ActiveCfg = Release|Win32 25 | {77644EB0-B708-418D-997B-15A16110DBF2}.Release|x86.Build.0 = Release|Win32 26 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Debug|x64.ActiveCfg = Debug|x64 27 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Debug|x64.Build.0 = Debug|x64 28 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Debug|x86.ActiveCfg = Debug|Win32 29 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Debug|x86.Build.0 = Debug|Win32 30 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Release|x64.ActiveCfg = Release|x64 31 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Release|x64.Build.0 = Release|x64 32 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Release|x86.ActiveCfg = Release|Win32 33 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | EndGlobal 39 | -------------------------------------------------------------------------------- /UniHook/DissasemblyRoutines.cpp: -------------------------------------------------------------------------------- 1 | #include "Dissassembly/DissasemblyRoutines.h" 2 | void cPrint(char* lpszFormat, ...); 3 | InstructionSearcher::InstructionSearcher() 4 | { 5 | #ifdef _WIN64 6 | InitCapstone(CS_MODE_64); 7 | #else 8 | InitCapstone(CS_MODE_32); 9 | #endif 10 | } 11 | 12 | InstructionSearcher::~InstructionSearcher() 13 | { 14 | cs_close(&m_CapstoneHandle); 15 | } 16 | 17 | std::vector InstructionSearcher::SearchForInstruction(INSType Type, DWORD_PTR StartRange, DWORD_PTR EndRange) 18 | { 19 | cs_insn* InstructionInfo; 20 | size_t InstructionCount = cs_disasm(m_CapstoneHandle, (BYTE*)StartRange, EndRange-StartRange, (uint64_t)StartRange, 0, &InstructionInfo); 21 | 22 | for (int i = 0; i < InstructionCount; i++) 23 | { 24 | cs_insn* CurIns = (cs_insn*)&InstructionInfo[i]; 25 | cs_x86* x86 = &(CurIns->detail->x86); 26 | 27 | for (int j = 0; j < x86->op_count; j++) 28 | { 29 | cs_x86_op* op = &(x86->operands[j]); 30 | if (op->type == X86_OP_IMM) 31 | { 32 | //IMM types are like call 0xdeadbeef 33 | if (x86->op_count > 1) //exclude types like sub rsp,0x20 34 | continue; 35 | 36 | //Hex compare is too inaccurate, have to do strcmp 37 | if (strcmp(CurIns->mnemonic, "call") != 0) 38 | continue; 39 | 40 | DWORD_PTR CallDestination = m_ASMHelper.GetCallDestination(CurIns, x86->offsets.imm_size, x86->offsets.imm_offset); 41 | 42 | bool Found = false; 43 | for (SearchResult Item : m_Results) 44 | { 45 | if (Item.GetCallDestination() == CallDestination) 46 | Found = true; 47 | } 48 | if(!Found) 49 | m_Results.push_back(SearchResult(CurIns->address,CallDestination)); 50 | } 51 | } 52 | } 53 | cs_free(InstructionInfo, InstructionCount); 54 | return m_Results; 55 | } 56 | 57 | void InstructionSearcher::InitCapstone(cs_mode Mode) 58 | { 59 | if (cs_open(CS_ARCH_X86, Mode, &m_CapstoneHandle) != CS_ERR_OK) 60 | cPrint("[+]Error Initializing Capstone\n"); 61 | cs_option(m_CapstoneHandle, CS_OPT_DETAIL, CS_OPT_ON); 62 | } -------------------------------------------------------------------------------- /UniHook/Dissassembly/DissasemblyRoutines.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "../PolyHook/Capstone/include/capstone.h" 3 | #pragma comment(lib,"capstone.lib") 4 | #include 5 | #include 6 | enum class INSType 7 | { 8 | GENERIC, 9 | CALL 10 | }; 11 | 12 | class SearchResult 13 | { 14 | public: 15 | SearchResult(DWORD_PTR InsAddress, DWORD_PTR CallAddress) 16 | { 17 | m_InstructionAddress = InsAddress; 18 | m_CallDestination = CallAddress; 19 | } 20 | 21 | DWORD_PTR GetCallDestination() const 22 | { 23 | return m_CallDestination; 24 | } 25 | 26 | bool operator==(const SearchResult& rhs) const 27 | { 28 | if (GetCallDestination() == rhs.GetCallDestination()) 29 | return true; 30 | return false; 31 | } 32 | protected: 33 | DWORD_PTR m_InstructionAddress; 34 | DWORD_PTR m_CallDestination; 35 | }; 36 | 37 | class ASMHelper 38 | { 39 | public: 40 | bool IsCall(const BYTE* bytes, const uint16_t Size) 41 | { 42 | if (Size < 1) 43 | return false; 44 | 45 | if (bytes[0] == 0xE8) 46 | return true; 47 | } 48 | template 49 | T GetDisplacement(BYTE* Instruction, const uint32_t Offset) 50 | { 51 | T Disp; 52 | memset(&Disp, 0x00, sizeof(T)); 53 | memcpy(&Disp, &Instruction[Offset], sizeof(T)); 54 | return Disp; 55 | } 56 | DWORD_PTR GetCallDestination(cs_insn* CurIns, const uint8_t DispSize, const uint8_t DispOffset) 57 | { 58 | if (DispSize == 1) 59 | { 60 | int8_t Disp = GetDisplacement(CurIns->bytes, DispOffset); 61 | return CurIns->address + Disp + CurIns->size; 62 | } 63 | else if (DispSize == 2) { 64 | int16_t Disp = GetDisplacement(CurIns->bytes, DispOffset); 65 | return CurIns->address + Disp + CurIns->size; 66 | }else if (DispSize == 4) { 67 | int32_t Disp = GetDisplacement(CurIns->bytes, DispOffset); 68 | return CurIns->address + Disp + CurIns->size; 69 | } 70 | } 71 | }; 72 | 73 | class InstructionSearcher 74 | { 75 | public: 76 | InstructionSearcher(); 77 | ~InstructionSearcher(); 78 | std::vector SearchForInstruction(INSType Type, DWORD_PTR StartRange, DWORD_PTR EndRange); 79 | protected: 80 | void InitCapstone(cs_mode Mode); 81 | private: 82 | csh m_CapstoneHandle; 83 | std::vector m_Results; 84 | ASMHelper m_ASMHelper; 85 | }; -------------------------------------------------------------------------------- /UniHook/HookHandler64.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | typedef void(__stdcall* tGeneric)(); 3 | __declspec(noinline) void PrologInterupt(void* pOriginal) 4 | { 5 | cPrint("[+] In Prolog, pOriginal:[%I64X]\n",pOriginal); 6 | } 7 | 8 | __declspec(noinline) void PostlogInterupt(PLH::IHook* pHook) 9 | { 10 | if (pHook->GetType() == PLH::HookType::VEH) 11 | { 12 | auto ProtectionObject = ((PLH::VEHHook*)pHook)->GetProtectionObject(); 13 | } 14 | cPrint("[+] In Postlog\n"); 15 | } 16 | 17 | BYTE ABS_JMP_ASM[] = { 0x50, 0x48, 0xB8, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x48, 0x87, 0x04, 0x24, 0xC3 }; 18 | volatile int WriteAbsoluteJMP(BYTE* Destination, DWORD64 JMPDestination) 19 | { 20 | /*push rax 21 | mov rax ... //Address to original 22 | xchg qword ptr ss:[rsp], rax 23 | ret*/ 24 | memcpy(Destination, ABS_JMP_ASM, sizeof(ABS_JMP_ASM)); 25 | *(DWORD64*)&((BYTE*)Destination)[3] = JMPDestination; 26 | return sizeof(ABS_JMP_ASM); 27 | } 28 | 29 | volatile int WriteAbsoluteCall(BYTE* Destination, DWORD64 JMPDestination) 30 | { 31 | /* 32 | mov rax, ... 33 | call rax 34 | */ 35 | BYTE call[] = {0x48, 0xB8, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xFF, 0xD0 }; 36 | memcpy(Destination, call, sizeof(call)); 37 | *(DWORD64*)&((BYTE*)Destination)[2] = JMPDestination; 38 | return sizeof(call); 39 | } 40 | 41 | volatile int WritePUSHA(BYTE* Address) 42 | { 43 | /* 44 | push rbx 45 | push rsp 46 | push rax 47 | push rcx 48 | push rdx 49 | push r8 50 | push r9 51 | push r10 52 | push r11 53 | sub rsp, 0x20 54 | */ 55 | BYTE X64PUSHFA[] = { 0x53, 0x54, 0x50, 0x51, 0x52, 0x41, 0x50, 0x41, 0x51, 0x41, 0x52, 0x41, 0x53, 0x48, 0x83, 0xEC, 0x20 }; 56 | memcpy(Address, X64PUSHFA, sizeof(X64PUSHFA)); 57 | return sizeof(X64PUSHFA); 58 | } 59 | 60 | volatile int WritePOPA(BYTE* Address) 61 | { 62 | /* 63 | add rsp,0x20 64 | pop r11 65 | pop r10 66 | pop r9 67 | pop r8 68 | pop rdx 69 | pop rcx 70 | pop rax 71 | pop rsp 72 | pop rbx 73 | */ 74 | BYTE X64POPFA[] = { 0x48, 0x83, 0xC4, 0x20, 0x41, 0x5B, 0x41, 0x5A, 0x41, 0x59, 0x41, 0x58, 0x5A, 0x59, 0x58, 0x5C, 0x5B }; 75 | memcpy(Address, X64POPFA, sizeof(X64POPFA)); 76 | return sizeof(X64POPFA); 77 | } 78 | 79 | volatile int WritePUSHA_WPARAM(BYTE* Address, __int64 RCXVal) 80 | { 81 | /* 82 | PUSHA From above 83 | + 84 | movabs rcx,0xCCCCCCCCCCCCCCCC 85 | sub rsp, 0x20 86 | */ 87 | BYTE X64PUSHFA[] = { 0x53, 0x54, 0x50, 0x51, 0x52, 0x41, 0x50, 0x41, 0x51, 88 | 0x41, 0x52, 0x41, 0x53, 0x48, 0xB9, 89 | 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 90 | 0x48, 0x83, 0xEC, 0x20 }; 91 | memcpy(Address, X64PUSHFA, sizeof(X64PUSHFA)); 92 | *(DWORD64*)&((BYTE*)Address)[15] = RCXVal; 93 | return sizeof(X64PUSHFA); 94 | } 95 | 96 | #define LODWORD(_qw) ((DWORD)(_qw)) 97 | #define HIDWORD(_qw) ((DWORD)(((_qw) >> 32) & 0xffffffff)) 98 | BYTE PushRet[] = { 0x48, 0x83, 0xEC, 0x08, 0xC7, 0x04, 0x24, 0xCC, 0xCC, 0xCC, 0xCC, 0xC7, 0x44, 0x24, 0x04, 0xCC, 0xCC, 0xCC, 0xCC }; 99 | volatile int WriteRetAddress(BYTE* Address, DWORD64 Destination) 100 | { 101 | /* 102 | sub rsp,8 103 | mov dword ptr [rsp],0xCCCCCCCC 104 | mov dword ptr [rsp + 0x4],0xCCCCCCCC 105 | */ 106 | memcpy(Address, PushRet, sizeof(PushRet)); 107 | *(DWORD*)(Address + 7) = LODWORD(Destination); 108 | *(DWORD*)(Address + 15) = HIDWORD(Destination); 109 | return sizeof(PushRet); 110 | } 111 | 112 | BYTE SHADOWSUB_ASM[] = { 0x48, 0x83, 0xEC, 0x28 }; 113 | volatile int WriteSubShadowSpace(BYTE* Address) 114 | { 115 | //sub rsp,0x28 116 | memcpy(Address, SHADOWSUB_ASM, sizeof(SHADOWSUB_ASM)); 117 | return sizeof(SHADOWSUB_ASM); 118 | } 119 | 120 | BYTE SHADOWADD_ASM[] = { 0x48, 0x83, 0xC4, 0x28 }; 121 | volatile int WriteAddShadowSpace(BYTE* Address) 122 | { 123 | //add rsp,0x28 124 | memcpy(Address, SHADOWADD_ASM, sizeof(SHADOWADD_ASM)); 125 | return sizeof(SHADOWADD_ASM); 126 | } 127 | 128 | volatile int WriteRET(BYTE* Address) 129 | { 130 | BYTE ret[] = { 0xC3 }; 131 | memcpy(Address, ret, sizeof(ret)); 132 | return sizeof(ret); 133 | } 134 | 135 | void HookFunctionAtRuntime(BYTE* SubRoutineAddress, HookMethod Method) 136 | { 137 | BYTE* Callback = new BYTE[146]; 138 | DWORD Old; 139 | VirtualProtect(Callback, 146, PAGE_EXECUTE_READWRITE, &Old); 140 | 141 | std::shared_ptr Hook; 142 | DWORD64 Original; 143 | if (Method == HookMethod::INLINE) 144 | { 145 | Hook.reset(new PLH::Detour, [&](PLH::Detour* Hook) { 146 | Hook->UnHook(); 147 | delete Hook; 148 | delete[] Callback; 149 | }); 150 | ((PLH::Detour*)Hook.get())->SetupHook((BYTE*)SubRoutineAddress, (BYTE*)Callback); 151 | Hook->Hook(); 152 | Original = ((PLH::Detour*)Hook.get())->GetOriginal(); 153 | } 154 | else if (Method == HookMethod::INT3_BP) { 155 | Hook.reset(new PLH::VEHHook, [&](PLH::VEHHook* Hook) { 156 | Hook->UnHook(); 157 | delete Hook; 158 | delete[] Callback; 159 | }); 160 | ((PLH::VEHHook*)Hook.get())->SetupHook((BYTE*)SubRoutineAddress, (BYTE*)Callback, PLH::VEHHook::VEHMethod::INT3_BP); 161 | Hook->Hook(); 162 | Original = ((PLH::VEHHook*)Hook.get())->GetOriginal(); 163 | } 164 | 165 | int WriteOffset = 0; 166 | WriteOffset += WritePUSHA_WPARAM(Callback,(DWORD64)SubRoutineAddress); 167 | WriteOffset += WriteAbsoluteCall(Callback + WriteOffset, (DWORD64)&PrologInterupt); 168 | WriteOffset += WritePOPA(Callback + WriteOffset); 169 | 170 | WriteOffset += WriteSubShadowSpace(Callback+WriteOffset); 171 | WriteOffset += WriteRetAddress(Callback + WriteOffset,(DWORD64)(Callback+WriteOffset+sizeof(PushRet) +sizeof(ABS_JMP_ASM))); 172 | WriteOffset += WriteAbsoluteJMP(Callback + WriteOffset, Original); 173 | WriteOffset += WriteAddShadowSpace(Callback + WriteOffset); 174 | 175 | WriteOffset += WritePUSHA_WPARAM(Callback + WriteOffset,(DWORD64)Hook.get()); 176 | WriteOffset += WriteAbsoluteCall(Callback + WriteOffset, (DWORD64)&PostlogInterupt); 177 | WriteOffset += WritePOPA(Callback + WriteOffset); 178 | 179 | WriteOffset += WriteRET(Callback + WriteOffset); 180 | 181 | cPrint("[+] Callback at: %I64X\n", Callback); 182 | m_Hooks.push_back(Hook); 183 | } 184 | -------------------------------------------------------------------------------- /UniHook/HookHandler86.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | //A pointer to the function that was detoured 4 | __declspec(noinline) void __stdcall PrologInterupt(void* pOriginal) 5 | { 6 | cPrint("[+] In Prolog, pOriginal:[%p]\n", pOriginal); 7 | } 8 | 9 | //A pointer to our PolyHook object, can be used to unhook, etc 10 | __declspec(noinline) void __stdcall PostlogInterupt(PLH::IHook* pHook) 11 | { 12 | if (pHook->GetType() == PLH::HookType::VEH) 13 | { 14 | auto ProtectionObject = ((PLH::VEHHook*)pHook)->GetProtectionObject(); 15 | } 16 | cPrint("[+] In Postlog\n"); 17 | } 18 | 19 | template 20 | T CalculateRelativeDisplacement(DWORD64 From, DWORD64 To, DWORD InsSize) 21 | { 22 | if (To < From) 23 | return 0 - (From - To) - InsSize; 24 | return To - (From + InsSize); 25 | } 26 | 27 | volatile int WriteRelativeCALL(DWORD Destination, DWORD JMPDestination) 28 | { 29 | *(BYTE*)Destination = 0xE8; 30 | *(long*)(Destination + 1) = CalculateRelativeDisplacement(Destination, JMPDestination, 5); 31 | return 5; 32 | } 33 | 34 | volatile int WritePUSHA(BYTE* Address) 35 | { 36 | BYTE PUSHA[] = { 0x60, 0x9C }; 37 | memcpy(Address, PUSHA, sizeof(PUSHA)); 38 | return sizeof(PUSHA); 39 | } 40 | 41 | volatile int WritePUSHA_WPARAM(BYTE* Address, DWORD ParamVal) 42 | { 43 | /* 44 | pusha 45 | pushf 46 | push 0xCCCCCCCC <-First Param 47 | */ 48 | BYTE PUSHA[] = { 0x60, 0x9C, 0x68, 0xCC, 0xCC, 0xCC, 0xCC }; 49 | memcpy(Address, PUSHA, sizeof(PUSHA)); 50 | *(DWORD*)&((BYTE*)Address)[3] = ParamVal; 51 | return sizeof(PUSHA); 52 | } 53 | 54 | volatile int WritePOPA(BYTE* Address) 55 | { 56 | BYTE POPA[] = { 0x9D, 0x61 }; 57 | memcpy(Address, POPA, sizeof(POPA)); 58 | return sizeof(POPA); 59 | } 60 | 61 | volatile int WriteRET(BYTE* Address) 62 | { 63 | BYTE ret[] = { 0xC3 }; 64 | memcpy(Address, ret, sizeof(ret)); 65 | return sizeof(ret); 66 | } 67 | 68 | void HookFunctionAtRuntime(BYTE* SubRoutineAddress,HookMethod Method) 69 | { 70 | BYTE* Callback = new BYTE[29]; 71 | DWORD Old; 72 | VirtualProtect(Callback, 29, PAGE_EXECUTE_READWRITE, &Old); 73 | 74 | std::shared_ptr Hook; 75 | DWORD Original; 76 | if (Method == HookMethod::INLINE) 77 | { 78 | Hook.reset(new PLH::Detour, [&](PLH::Detour* Hook) { 79 | Hook->UnHook(); 80 | delete Hook; 81 | delete[] Callback; 82 | }); 83 | ((PLH::Detour*)Hook.get())->SetupHook((BYTE*)SubRoutineAddress, (BYTE*)Callback); 84 | Hook->Hook(); 85 | Original =((PLH::Detour*)Hook.get())->GetOriginal(); 86 | }else if (Method == HookMethod::INT3_BP){ 87 | Hook.reset(new PLH::VEHHook, [&](PLH::VEHHook* Hook) { 88 | Hook->UnHook(); 89 | delete Hook; 90 | delete[] Callback; 91 | }); 92 | ((PLH::VEHHook*)Hook.get())->SetupHook((BYTE*)SubRoutineAddress, (BYTE*)Callback,PLH::VEHHook::VEHMethod::INT3_BP); 93 | Hook->Hook(); 94 | Original = ((PLH::VEHHook*)Hook.get())->GetOriginal(); 95 | } 96 | 97 | int WriteOffset = 0; 98 | WriteOffset += WritePUSHA_WPARAM(Callback,(DWORD)SubRoutineAddress); 99 | WriteOffset += WriteRelativeCALL((DWORD)Callback + WriteOffset, (DWORD)&PrologInterupt); 100 | WriteOffset += WritePOPA(Callback + WriteOffset); 101 | 102 | WriteOffset += WriteRelativeCALL((DWORD)Callback + WriteOffset, Original); 103 | 104 | WriteOffset += WritePUSHA_WPARAM(Callback+WriteOffset,(DWORD)Hook.get()); 105 | WriteOffset += WriteRelativeCALL((DWORD)Callback + WriteOffset, (DWORD)&PostlogInterupt); 106 | WriteOffset += WritePOPA(Callback + WriteOffset); 107 | 108 | WriteOffset += WriteRET(Callback + WriteOffset); 109 | 110 | cPrint("[+] Callback at: %p\n", Callback); 111 | m_Hooks.push_back(Hook); 112 | } -------------------------------------------------------------------------------- /UniHook/PDB Query/PDBReader.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | //https://msdn.microsoft.com/en-us/library/t6tay6cz.aspx 3 | #include 4 | #include 5 | class PDBReader 6 | { 7 | public: 8 | PDBReader(); 9 | bool LoadFile(const std::string& FilePath); 10 | bool Enumerate(DWORD_PTR Address, std::string& NameOut); 11 | private: 12 | bool m_InitOk; 13 | }; 14 | 15 | PDBReader::PDBReader() 16 | { 17 | m_InitOk = SymInitialize(GetCurrentProcess(), NULL, TRUE) ? true:false; 18 | if(!m_InitOk) 19 | cPrint("SymInit Failed\n"); 20 | } 21 | 22 | bool PDBReader::LoadFile(const std::string& FilePath) 23 | { 24 | if (!m_InitOk) 25 | return false; 26 | 27 | return SymSetSearchPath(GetCurrentProcess(), FilePath.c_str()) ? true:false; 28 | } 29 | 30 | bool PDBReader::Enumerate(DWORD_PTR Address,std::string& NameOut) 31 | { 32 | if (!m_InitOk) 33 | return false; 34 | 35 | char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(TCHAR)]; 36 | PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; 37 | 38 | pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); 39 | pSymbol->MaxNameLen = MAX_SYM_NAME; 40 | 41 | if (SymFromAddr(GetCurrentProcess(), Address, 0, pSymbol)) 42 | { 43 | NameOut = std::string((char*)pSymbol->Name); 44 | return true; 45 | }else { 46 | NameOut = std::string(""); 47 | return false; 48 | } 49 | } -------------------------------------------------------------------------------- /UniHook/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | DYNAMIC LINK LIBRARY : ASMSubRoutineIdentifier Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this ASMSubRoutineIdentifier DLL for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your ASMSubRoutineIdentifier application. 9 | 10 | 11 | ASMSubRoutineIdentifier.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | ASMSubRoutineIdentifier.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | ASMSubRoutineIdentifier.cpp 25 | This is the main DLL source file. 26 | 27 | When created, this DLL does not export any symbols. As a result, it 28 | will not produce a .lib file when it is built. If you wish this project 29 | to be a project dependency of some other project, you will either need to 30 | add code to export some symbols from the DLL so that an export library 31 | will be produced, or you can set the Ignore Input Library property to Yes 32 | on the General propert page of the Linker folder in the project's Property 33 | Pages dialog box. 34 | 35 | ///////////////////////////////////////////////////////////////////////////// 36 | Other standard files: 37 | 38 | StdAfx.h, StdAfx.cpp 39 | These files are used to build a precompiled header (PCH) file 40 | named ASMSubRoutineIdentifier.pch and a precompiled types file named StdAfx.obj. 41 | 42 | ///////////////////////////////////////////////////////////////////////////// 43 | Other notes: 44 | 45 | AppWizard uses "TODO:" comments to indicate parts of the source code you 46 | should add to or customize. 47 | 48 | ///////////////////////////////////////////////////////////////////////////// 49 | -------------------------------------------------------------------------------- /UniHook/Tools.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | static BOOL WINAPI MyConsoleCtrlHandler(DWORD dwCtrlEvent) { return dwCtrlEvent == CTRL_C_EVENT; } 9 | 10 | static HANDLE hConsoleWrite; 11 | static HANDLE hConsoleRead; 12 | void CreateConsole() 13 | { 14 | AllocConsole(); 15 | hConsoleWrite = GetStdHandle(STD_OUTPUT_HANDLE); 16 | hConsoleRead = GetStdHandle(STD_INPUT_HANDLE); 17 | } 18 | 19 | //Waits for enter 20 | std::string GetConsoleInput() 21 | { 22 | char Buffer[1024]; 23 | DWORD num; 24 | ReadConsoleA(hConsoleRead, Buffer, 1023, &num, NULL); 25 | Buffer[num] = '\0'; 26 | std::string stdbuff(Buffer); 27 | stdbuff.erase(std::remove(stdbuff.begin(), stdbuff.end(), '\n'), stdbuff.end()); 28 | stdbuff.erase(std::remove(stdbuff.begin(), stdbuff.end(), '\r'), stdbuff.end()); 29 | return stdbuff; 30 | } 31 | 32 | void cPrint(char* lpszFormat, ...) 33 | { 34 | va_list args; 35 | va_start(args, lpszFormat); 36 | int nBuf; 37 | char szBuffer[512]; 38 | nBuf = _vsnprintf_s(szBuffer, 511, lpszFormat, args); 39 | va_end(args); 40 | #if !USE_OUTPUT 41 | return; 42 | #endif 43 | DWORD CharsWritten = 0; 44 | WriteConsole(hConsoleWrite, szBuffer, nBuf, &CharsWritten, NULL); 45 | } 46 | -------------------------------------------------------------------------------- /UniHook/UniHook.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {77644EB0-B708-418D-997B-15A16110DBF2} 23 | Win32Proj 24 | ASMSubRoutineIdentifier 25 | 8.1 26 | UniHook 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v140 33 | MultiByte 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v140 39 | true 40 | MultiByte 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v140 46 | MultiByte 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v140 52 | true 53 | MultiByte 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | ../PolyHook/Capstone/msvc/x86/Debug;$(LibraryPath) 76 | 77 | 78 | true 79 | ../PolyHook/Capstone/msvc/x64/Debug;$(LibraryPath) 80 | 81 | 82 | false 83 | ../PolyHook/Capstone/msvc/x86/Release;$(LibraryPath) 84 | 85 | 86 | false 87 | ../PolyHook/Capstone/msvc/x64/Release;$(LibraryPath) 88 | 89 | 90 | 91 | 92 | 93 | Level3 94 | Disabled 95 | WIN32;_DEBUG;_WINDOWS;_USRDLL;ASMSUBROUTINEIDENTIFIER_EXPORTS;%(PreprocessorDefinitions) 96 | true 97 | 98 | 99 | Windows 100 | true 101 | 102 | 103 | 104 | 105 | 106 | 107 | Level3 108 | Disabled 109 | _DEBUG;_WINDOWS;_USRDLL;ASMSUBROUTINEIDENTIFIER_EXPORTS;%(PreprocessorDefinitions) 110 | true 111 | 112 | 113 | Windows 114 | true 115 | 116 | 117 | 118 | 119 | Level3 120 | 121 | 122 | MaxSpeed 123 | true 124 | true 125 | WIN32;NDEBUG;_WINDOWS;_USRDLL;ASMSUBROUTINEIDENTIFIER_EXPORTS;%(PreprocessorDefinitions) 126 | true 127 | 128 | 129 | Windows 130 | true 131 | true 132 | true 133 | 134 | 135 | 136 | 137 | Level3 138 | 139 | 140 | MaxSpeed 141 | true 142 | true 143 | NDEBUG;_WINDOWS;_USRDLL;ASMSUBROUTINEIDENTIFIER_EXPORTS;%(PreprocessorDefinitions) 144 | true 145 | 146 | 147 | Windows 148 | true 149 | true 150 | true 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | false 161 | 162 | 163 | false 164 | 165 | 166 | false 167 | 168 | 169 | false 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | -------------------------------------------------------------------------------- /UniHook/UniHook.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {359084a6-6a48-4ec8-a727-f3dc5ed5073d} 18 | 19 | 20 | {ea12684c-09cb-4bef-8b24-d1ebe3c32ad8} 21 | 22 | 23 | {46a39944-1c4d-446a-94a7-a692013e47d1} 24 | 25 | 26 | {919b5691-47a3-421e-8b43-c3f3b98d09a3} 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files\Dissassembly 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files\PDB Query 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files\Common\IPC 64 | 65 | 66 | Header Files\Common\IPC 67 | 68 | 69 | Header Files\Common 70 | 71 | 72 | Header Files\Common\IPC 73 | 74 | 75 | -------------------------------------------------------------------------------- /UniHook/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Defines the entry point for the DLL application. 2 | // git subtree pull --prefix=PolyHook PolyHook master --squash 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define USE_OUTPUT 1 9 | 10 | #include "Tools.h" 11 | #include "../PolyHook/PolyHook/PolyHook.h" 12 | #include "Dissassembly/DissasemblyRoutines.h" 13 | #include "PDB Query/PDBReader.h" 14 | #include "../Common/IPC/SharedMemQueue.h" 15 | #include "../Common/Utilities.h" 16 | 17 | InstructionSearcher m_InsSearcher; 18 | std::vector> m_Hooks; 19 | std::vector Results; 20 | 21 | enum class HookMethod 22 | { 23 | INLINE, 24 | INT3_BP 25 | }; 26 | 27 | #ifdef _WIN64 28 | #include "HookHandler64.h" 29 | #define StrToAddress(x) strtoll(x,NULL,16) 30 | #else 31 | #define StrToAddress(x) strtol(x,NULL,16) 32 | #include "HookHandler86.h" 33 | #endif 34 | PDBReader m_PDBReader; 35 | std::unique_ptr MemClient; 36 | __declspec(noinline) volatile void FindSubRoutines() 37 | { 38 | HANDLE hMod = GetModuleHandle(NULL); //Get Current Process (Base Address) 39 | IMAGE_DOS_HEADER* DosHeader = (IMAGE_DOS_HEADER*)hMod; 40 | IMAGE_NT_HEADERS* NTHeader = (IMAGE_NT_HEADERS*)((BYTE*)DosHeader + DosHeader->e_lfanew); 41 | IMAGE_FILE_HEADER* FileHeader = (IMAGE_FILE_HEADER*)&NTHeader->FileHeader; 42 | IMAGE_SECTION_HEADER* SectionHeader = (IMAGE_SECTION_HEADER*)IMAGE_FIRST_SECTION(NTHeader); 43 | 44 | //Find all executable code sections 45 | for (int i = 0; i < FileHeader->NumberOfSections; i++) 46 | { 47 | IMAGE_SECTION_HEADER pThisSection = SectionHeader[i]; 48 | 49 | //Skip sections that aren't code, and are not executable 50 | if (!(pThisSection.Characteristics & IMAGE_SCN_CNT_CODE) && !(pThisSection.Characteristics & IMAGE_SCN_MEM_EXECUTE)) 51 | continue; 52 | 53 | DWORD_PTR SectionStart = (DWORD_PTR)((BYTE*)DosHeader + pThisSection.VirtualAddress); 54 | DWORD_PTR SectionEnd = (DWORD_PTR)((BYTE*)DosHeader + pThisSection.VirtualAddress + pThisSection.SizeOfRawData); 55 | cPrint("[+] Found Section: %s [%p - %p]\n", SectionHeader[i].Name, SectionStart, SectionEnd); 56 | 57 | Results = m_InsSearcher.SearchForInstruction(INSType::CALL, SectionStart, SectionEnd); 58 | } 59 | } 60 | 61 | void PrintFoundSubs() 62 | { 63 | MemClient->ManualLock(); 64 | auto CloseLock = PLH::finally([&] { 65 | //Ensures we close lock even with exceptions 66 | MemClient->ManualUnlock(); 67 | }); 68 | for (int j = 0; j < Results.size(); j++) 69 | { 70 | SearchResult SubRoutine = Results[j]; 71 | 72 | std::string ResolvedName; 73 | if (m_PDBReader.Enumerate(SubRoutine.GetCallDestination(), ResolvedName)) 74 | { 75 | cPrint("[+] Found Subroutine [%d] at: [%p] [%s]\n", j, SubRoutine.GetCallDestination(), ResolvedName.c_str()); 76 | 77 | MemMessage Msg("[%d] at: [%p] [%s]", j, SubRoutine.GetCallDestination(), ResolvedName.c_str()); 78 | MemClient->PushMessage(Msg, true); 79 | }else { 80 | cPrint("[+] Found Subroutine [%d] at: [%p] [%s]\n", j, SubRoutine.GetCallDestination(), " "); 81 | 82 | MemMessage Msg("[%d] at: [%p] [%s]", j, SubRoutine.GetCallDestination(), " "); 83 | MemClient->PushMessage(Msg, true); 84 | } 85 | } 86 | cPrint("[+] Found: %d Subroutines\n", Results.size()); 87 | MemMessage Msg("Found %d Subroutines", Results.size()); 88 | MemClient->PushMessage(Msg, true); 89 | } 90 | 91 | void ParseAndExecuteCommands() 92 | { 93 | MemMessage Msg; 94 | if (!MemClient->PopMessage(Msg)) 95 | return; 96 | 97 | //Convert message to string 98 | std::string Cmd((char*)&Msg.m_Data[0], Msg.m_DataSize); 99 | if (strcmp(Cmd.c_str(), "ListSubs") == 0) 100 | { 101 | cPrint("[+] Executing Command: %s\n", Cmd.c_str()); 102 | FindSubRoutines(); 103 | PrintFoundSubs(); 104 | } 105 | 106 | //These types of messages have two parts, split by : 107 | std::vector SplitCmd = split(Cmd, "[:."); 108 | if (SplitCmd.size() == 2) 109 | { 110 | if (strcmp(SplitCmd[0].c_str(), "HookAtIndex") == 0) 111 | { 112 | if (Results.size() < 1) 113 | FindSubRoutines(); 114 | 115 | int Index = atoi(SplitCmd[1].c_str()); 116 | cPrint("[+] Hooking Function at index:%d\n", Index); 117 | HookFunctionAtRuntime((BYTE*)Results[Index].GetCallDestination(), HookMethod::INLINE); 118 | 119 | MemMessage Msg("Hooking Function at:%d", Index); 120 | MemClient->PushMessage(Msg); 121 | } 122 | else if (strcmp(SplitCmd[0].c_str(), "HookAtAddr") == 0) 123 | { 124 | DWORD_PTR Address = StrToAddress(SplitCmd[1].c_str()); 125 | 126 | cPrint("[+] Hooking Function:%p\n", Address); 127 | HookFunctionAtRuntime((BYTE*)Address, HookMethod::INLINE); 128 | 129 | MemMessage Msg("Hooking Function at:%p", Address); 130 | MemClient->PushMessage(Msg); 131 | } 132 | else if (strcmp(SplitCmd[0].c_str(), "HookMultiple") == 0) 133 | { 134 | //Remove quotes from path 135 | std::string path = SplitCmd[1]; 136 | path.erase(std::remove(path.begin(), path.end(), '"'), path.end()); 137 | 138 | std::ifstream File(path); 139 | std::string line; 140 | while (std::getline(File, line)) 141 | { 142 | std::vector Split = split(line, " "); 143 | if (Split.size() != 2) 144 | continue; 145 | 146 | if (strcmp(Split[0].c_str(), "Index") == 0) 147 | { 148 | int Index = atoi(Split[1].c_str()); 149 | if (Results.size() < 1) 150 | FindSubRoutines(); 151 | 152 | cPrint("Index:%d\n", Index); 153 | HookFunctionAtRuntime((BYTE*)Results[Index].GetCallDestination(), HookMethod::INLINE); 154 | } 155 | else if (strcmp(Split[0].c_str(), "Address") == 0) 156 | { 157 | cPrint("Address:%p\n", StrToAddress(Split[1].c_str())); 158 | HookFunctionAtRuntime((BYTE*)StrToAddress(Split[1].c_str()), HookMethod::INLINE); 159 | } 160 | } 161 | } 162 | } 163 | } 164 | 165 | void ReceivedSharedMsg() 166 | { 167 | ParseAndExecuteCommands(); 168 | } 169 | 170 | DWORD WINAPI InitThread(LPVOID lparam) 171 | { 172 | #if USE_OUTPUT 173 | CreateConsole(); 174 | #endif 175 | MemClient.reset(new SharedMemQueue("Local\\UniHook_IPC", 100000, SharedMemQueue::Mode::Client)); 176 | MemClient->SetCallback(ReceivedSharedMsg); 177 | 178 | //m_PDBReader.LoadFile("C:\\Users\\Steve\\Desktop\\Testing.pdb"); 179 | return 1; 180 | } 181 | 182 | BOOL APIENTRY DllMain( HMODULE hModule, 183 | DWORD ul_reason_for_call, 184 | LPVOID lpReserved 185 | ) 186 | { 187 | switch (ul_reason_for_call) 188 | { 189 | case DLL_PROCESS_ATTACH: 190 | CloseHandle(CreateThread(NULL, NULL, InitThread, NULL, NULL, NULL)); 191 | case DLL_THREAD_ATTACH: 192 | 193 | case DLL_THREAD_DETACH: 194 | case DLL_PROCESS_DETACH: 195 | break; 196 | } 197 | return TRUE; 198 | } 199 | 200 | -------------------------------------------------------------------------------- /UniHookLoader/CmdLineParser.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | enum class Parameter 6 | { 7 | STRING, 8 | NONE 9 | }; 10 | 11 | std::string WStringToString(std::wstring& str) 12 | { 13 | typedef std::codecvt_utf8 convert_type; 14 | std::wstring_convert converter; 15 | return converter.to_bytes(str); 16 | } 17 | 18 | std::wstring StringToWString(std::string& str) 19 | { 20 | typedef std::codecvt_utf8 convert_type; 21 | std::wstring_convert converter; 22 | return converter.from_bytes(str); 23 | } 24 | 25 | struct Command 26 | { 27 | std::string m_ShortName; 28 | std::string m_LongName; 29 | Parameter m_Param; 30 | std::string m_ParamOut; 31 | DWORD m_EnumID; 32 | }; 33 | 34 | class CmdLineParser 35 | { 36 | public: 37 | CmdLineParser(int ArgCount, char** Args); 38 | void ResetArguments(int ArgCount, char** Args); 39 | void ResetArguments(const std::vector& Args); 40 | void RegisterArgs(DWORD EnumID,const std::string& ShortName, const std::string& LongName, Parameter Param); 41 | void Parse(); 42 | std::vector GetFoundArgs(); 43 | private: 44 | std::vector m_Args; 45 | std::vector m_RegisteredArgs; 46 | std::vector m_FoundArgs; 47 | }; 48 | 49 | CmdLineParser::CmdLineParser(int ArgCount, char** Args) 50 | { 51 | for (int i = 0; i < ArgCount; i++) 52 | { 53 | m_Args.push_back(Args[i]); 54 | } 55 | } 56 | 57 | void CmdLineParser::ResetArguments(int ArgCount, char** Args) 58 | { 59 | m_Args.clear(); 60 | m_FoundArgs.clear(); 61 | for (int i = 0; i < ArgCount; i++) 62 | { 63 | m_Args.push_back(Args[i]); 64 | } 65 | } 66 | 67 | void CmdLineParser::ResetArguments(const std::vector& Args) 68 | { 69 | m_Args.clear(); 70 | m_FoundArgs.clear(); 71 | for (std::string Arg : Args) 72 | { 73 | m_Args.push_back(Arg); 74 | } 75 | } 76 | 77 | void CmdLineParser::RegisterArgs(DWORD EnumID,const std::string& ShortName, const std::string& LongName, Parameter Param) 78 | { 79 | Command Cmd; 80 | Cmd.m_ShortName = ShortName; 81 | Cmd.m_LongName = LongName; 82 | Cmd.m_Param = Param; 83 | Cmd.m_EnumID = EnumID; 84 | m_RegisteredArgs.push_back(Cmd); 85 | } 86 | 87 | void CmdLineParser::Parse() 88 | { 89 | for (int i = 0; i < m_Args.size();i++) 90 | { 91 | std::string Arg = m_Args[i]; 92 | for (int j = 0; j < m_RegisteredArgs.size();j++) 93 | { 94 | std::string ShortName = m_RegisteredArgs[j].m_ShortName; 95 | std::string LongName = m_RegisteredArgs[j].m_LongName; 96 | if(ShortName != Arg && LongName != Arg) 97 | continue; 98 | 99 | //Make a copy 100 | Command FoundCommand = m_RegisteredArgs[j]; 101 | 102 | if (FoundCommand.m_Param == Parameter::NONE) 103 | { 104 | m_FoundArgs.push_back(FoundCommand); 105 | continue; 106 | } 107 | 108 | //Next Index is a parameter 109 | if (++i >= m_Args.size()) 110 | { 111 | FoundCommand.m_ParamOut = ""; 112 | m_FoundArgs.push_back(FoundCommand); 113 | continue; 114 | } 115 | Arg = m_Args[i]; 116 | 117 | FoundCommand.m_ParamOut = Arg; 118 | m_FoundArgs.push_back(FoundCommand); 119 | } 120 | } 121 | } 122 | 123 | std::vector CmdLineParser::GetFoundArgs() 124 | { 125 | return m_FoundArgs; 126 | } -------------------------------------------------------------------------------- /UniHookLoader/Injector.cpp: -------------------------------------------------------------------------------- 1 | #include "Injector.h" 2 | #include 3 | Injector::Injector() 4 | { 5 | 6 | } 7 | 8 | Injector::~Injector() 9 | { 10 | CloseHandle(m_Target); 11 | } 12 | 13 | bool Injector::OpenTarget(DWORD PID) 14 | { 15 | m_Target = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID); 16 | if (m_Target == NULL) 17 | return false; 18 | return true; 19 | } 20 | 21 | bool Injector::OpenTarget(const std::wstring& ProcessName) 22 | { 23 | auto Processes = GetProcessList(); 24 | for (Process Proc : Processes) 25 | { 26 | if(ProcessName != Proc.m_Name) 27 | continue; 28 | 29 | return OpenTarget(Proc.m_PID); 30 | } 31 | return false; 32 | } 33 | 34 | bool Injector::KillTarget() 35 | { 36 | return TerminateProcess(m_Target, 0) == 0 ? false:true; 37 | } 38 | 39 | bool Injector::OpenTargetPath(const std::wstring& ProcessPath) 40 | { 41 | STARTUPINFOW si; 42 | PROCESS_INFORMATION pi; 43 | 44 | ZeroMemory(&si, sizeof(si)); 45 | ZeroMemory(&pi, sizeof(pi)); 46 | si.cb = sizeof(si); 47 | if (!CreateProcessW(ProcessPath.c_str(), NULL, 0, 0, false, CREATE_NEW_CONSOLE, 0, NULL, &si, &pi)) 48 | return false; 49 | OpenTarget(pi.dwProcessId); 50 | return true; 51 | } 52 | 53 | bool Injector::Inject(const std::wstring& DllPath) 54 | { 55 | if (m_Target == NULL) 56 | return false; 57 | 58 | //Allocate space in target to hold dll path 59 | size_t PathLength = wcslen(DllPath.c_str()) * sizeof(wchar_t); 60 | void* Mem = VirtualAllocEx(m_Target, NULL, PathLength, MEM_COMMIT, PAGE_READWRITE); 61 | auto FreePathMem = finally([&]() { 62 | VirtualFreeEx(m_Target, Mem, PathLength, MEM_RELEASE); 63 | }); 64 | if (Mem == NULL) 65 | return false; 66 | 67 | //Write dll path into the allocated mem 68 | if (WriteProcessMemory(m_Target, Mem, DllPath.c_str(), PathLength, NULL) == FALSE) 69 | return false; 70 | 71 | void* LoadLibAddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryW"); 72 | if (LoadLibAddr == NULL) 73 | return false; 74 | 75 | /*Make a thread that calls LoadLibrary, and pass it the path of the dll to load, this 76 | works because Windows ASLR puts LoadLibrary at the same location in every process*/ 77 | DWORD ThreadId; 78 | HANDLE hThread = CreateRemoteThread(m_Target, NULL, NULL,(LPTHREAD_START_ROUTINE)LoadLibAddr, Mem, NULL, &ThreadId); 79 | if (hThread == NULL) 80 | return false; 81 | 82 | auto CloseRemotThrd = finally([&]() { 83 | CloseHandle(hThread); 84 | }); 85 | 86 | if (WaitForSingleObject(hThread, 5000) != WAIT_OBJECT_0) 87 | return false; 88 | 89 | DWORD ExitCode; 90 | if (GetExitCodeThread(hThread, &ExitCode) == 0) 91 | return false; 92 | 93 | return true; 94 | } 95 | 96 | std::vector Injector::GetProcessList() 97 | { 98 | PROCESSENTRY32W pe; 99 | HANDLE thSnapShot; 100 | BOOL CurProc = false; 101 | BOOL ProcFound = false; 102 | std::vector Processes; 103 | 104 | thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 105 | if (thSnapShot == INVALID_HANDLE_VALUE) 106 | { 107 | return Processes; 108 | } 109 | pe.dwSize = sizeof(PROCESSENTRY32W); 110 | 111 | for (CurProc = Process32FirstW(thSnapShot, &pe); CurProc; CurProc = Process32NextW(thSnapShot, &pe)) 112 | { 113 | Process Proc; 114 | Proc.m_PID = pe.th32ProcessID; 115 | Proc.m_Name = pe.szExeFile; 116 | 117 | Processes.push_back(Proc); 118 | } 119 | CloseHandle(thSnapShot); 120 | return Processes; 121 | } 122 | -------------------------------------------------------------------------------- /UniHookLoader/Injector.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | struct Process 6 | { 7 | std::wstring m_Name; 8 | DWORD m_PID; 9 | }; 10 | 11 | class Injector 12 | { 13 | public: 14 | Injector(); 15 | ~Injector(); 16 | bool OpenTarget(DWORD PID); 17 | bool OpenTarget(const std::wstring& ProcessName); 18 | bool OpenTargetPath(const std::wstring& ProcessPath); 19 | bool Inject(const std::wstring& DllPath); 20 | bool KillTarget(); 21 | private: 22 | std::vector GetProcessList(); 23 | HANDLE m_Target; 24 | }; 25 | 26 | template 27 | class FinalAction { 28 | public: 29 | FinalAction(Func f) :FinalActionFunc(std::move(f)) {} 30 | ~FinalAction() 31 | { 32 | FinalActionFunc(); 33 | } 34 | private: 35 | Func FinalActionFunc; 36 | 37 | /*Uses RAII to call a final function on destruction 38 | C++ 11 version of java's finally (kindof)*/ 39 | }; 40 | 41 | template 42 | FinalAction finally(F f) { 43 | return FinalAction(f); 44 | } 45 | -------------------------------------------------------------------------------- /UniHookLoader/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | CONSOLE APPLICATION : UniHookLoader Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this UniHookLoader application for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your UniHookLoader application. 9 | 10 | 11 | UniHookLoader.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | UniHookLoader.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | UniHookLoader.cpp 25 | This is the main application source file. 26 | 27 | ///////////////////////////////////////////////////////////////////////////// 28 | Other standard files: 29 | 30 | StdAfx.h, StdAfx.cpp 31 | These files are used to build a precompiled header (PCH) file 32 | named UniHookLoader.pch and a precompiled types file named StdAfx.obj. 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | Other notes: 36 | 37 | AppWizard uses "TODO:" comments to indicate parts of the source code you 38 | should add to or customize. 39 | 40 | ///////////////////////////////////////////////////////////////////////////// 41 | -------------------------------------------------------------------------------- /UniHookLoader/UniHookLoader.cpp: -------------------------------------------------------------------------------- 1 | // UniHookLoader.cpp : Defines the entry point for the console application. 2 | // 3 | #include 4 | #include "Injector.h" 5 | #include "CmdLineParser.h" 6 | #include "../Common/IPC/SharedMemQueue.h" 7 | #include "../Common/Utilities.h" 8 | #include 9 | 10 | #define USE_STDIN 1 11 | enum Options 12 | { 13 | OpenProc, //Open an existing process 14 | Inject, //Inject into the process opened by OpenProc 15 | OpenProcPath, //Launch not yet open process 16 | ProcExit, //Kills the process that was opened 17 | ListSubroutines, //List subroutines in the injected process 18 | HookSubroutineAtIndex, //Hook subroutine at index from ListSubs 19 | HookSubAtAddress, //Hook subroutine at address 20 | HookSubMultiple, //Hook multiple subroutines, pass it path to .txt file 21 | Exit, //Close injector 22 | Help 23 | }; 24 | 25 | //Shared memory IPC mechanism to talk to our injected DLL 26 | SharedMemQueue MemServer("Local\\UniHook_IPC", 100000, SharedMemQueue::Mode::Server); 27 | Injector WindowsInjector; 28 | bool ShouldExit = false; 29 | void PrintDllMessages() 30 | { 31 | MemMessage Msg; 32 | while (MemServer.PopMessage(Msg)) 33 | { 34 | printf("From Client:%s\n", &Msg.m_Data[0]); 35 | } 36 | } 37 | 38 | void ExecuteCommands(std::vector& Commands) 39 | { 40 | bool ExitTarget = false; 41 | for (Command Cmd : Commands) 42 | { 43 | if (Cmd.m_EnumID == Options::OpenProc) 44 | { 45 | WindowsInjector.OpenTarget(StringToWString(Cmd.m_ParamOut)); 46 | } 47 | 48 | else if (Cmd.m_EnumID == Options::OpenProcPath) 49 | { 50 | WindowsInjector.OpenTargetPath(StringToWString(Cmd.m_ParamOut)); 51 | } 52 | 53 | else if (Cmd.m_EnumID == Options::ProcExit) 54 | { 55 | ExitTarget = true; 56 | } 57 | 58 | else if (Cmd.m_EnumID == Options::Inject) 59 | { 60 | WindowsInjector.Inject(StringToWString(Cmd.m_ParamOut)); 61 | } 62 | 63 | else if (Cmd.m_EnumID == Options::Help) 64 | { 65 | printf("-openproc -p \n" 66 | "-inject -i \n"); 67 | } 68 | 69 | else if (Cmd.m_EnumID == Options::Exit) 70 | { 71 | ShouldExit = true; 72 | } 73 | 74 | //Commands below here are sent to our dll 75 | else if (Cmd.m_EnumID == Options::ListSubroutines) 76 | { 77 | printf("Sending Message to Dll: ListSubs\n"); 78 | MemServer.PushMessage(MemMessage("ListSubs")); 79 | } 80 | 81 | else if (Cmd.m_EnumID == Options::HookSubAtAddress) 82 | { 83 | printf("Sending Message to Dll: Hook At Address\n"); 84 | std::string Msg(std::string("HookAtAddr[:.") + Cmd.m_ParamOut); 85 | MemServer.PushMessage(MemMessage(Msg)); 86 | } 87 | 88 | else if (Cmd.m_EnumID == Options::HookSubroutineAtIndex) 89 | { 90 | printf("Sending Message to Dll: Hook At Index\n"); 91 | std::string Msg(std::string("HookAtIndex[:.") + Cmd.m_ParamOut); 92 | MemServer.PushMessage(MemMessage(Msg)); 93 | } 94 | 95 | else if (Cmd.m_EnumID == Options::HookSubMultiple) 96 | { 97 | printf("Sending Message to Dll: Hook Multiple Subroutines\n"); 98 | std::string Msg(std::string("HookMultiple[:.") + Cmd.m_ParamOut); 99 | MemServer.PushMessage(MemMessage(Msg)); 100 | } 101 | } 102 | if(ExitTarget) 103 | WindowsInjector.KillTarget(); 104 | } 105 | 106 | void ReceivedSharedMsg() 107 | { 108 | PrintDllMessages(); 109 | } 110 | 111 | int main(int argc,char* argv[]) 112 | { 113 | MemServer.PushMessage(MemMessage("IPC Connection Initialized!")); 114 | MemServer.SetCallback(ReceivedSharedMsg); 115 | 116 | //Read Command Line Arguments, then execute if found 117 | CmdLineParser Parser(argc, argv); 118 | Parser.RegisterArgs(Options::OpenProc,"-p", "-openproc", Parameter::STRING); 119 | Parser.RegisterArgs(Options::Inject,"-i", "-inject", Parameter::STRING); 120 | Parser.RegisterArgs(Options::ProcExit, "-pe", "-procexit", Parameter::NONE); 121 | Parser.RegisterArgs(Options::Help, "-h", "-help", Parameter::NONE); 122 | Parser.RegisterArgs(Options::ListSubroutines, "-ls", "-listsubs", Parameter::NONE); 123 | Parser.RegisterArgs(Options::HookSubAtAddress, "-hsa", "-hooksuba", Parameter::STRING); 124 | Parser.RegisterArgs(Options::HookSubroutineAtIndex, "-hsi", "-hooksubi", Parameter::STRING); 125 | Parser.RegisterArgs(Options::Exit, "-x", "-exit", Parameter::NONE); 126 | Parser.RegisterArgs(Options::OpenProcPath, "-pp", "-openprocpath", Parameter::STRING); 127 | Parser.RegisterArgs(Options::HookSubMultiple, "-hsm", "-hooksubm", Parameter::STRING); 128 | Parser.Parse(); 129 | ExecuteCommands(Parser.GetFoundArgs()); 130 | 131 | #if !USE_STDIN 132 | return 0; 133 | #endif 134 | do 135 | { 136 | std::string Input; 137 | std::cout << "Enter Command: "; 138 | std::getline(std::cin, Input); 139 | 140 | Parser.ResetArguments(split(Input, " ")); 141 | Parser.Parse(); 142 | ExecuteCommands(Parser.GetFoundArgs()); 143 | } while (!ShouldExit); 144 | return 0; 145 | } 146 | 147 | -------------------------------------------------------------------------------- /UniHookLoader/UniHookLoader.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {C379F1C4-1DFB-4D55-8CE5-402ACB352E83} 23 | Win32Proj 24 | UniHookLoader 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | MultiByte 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | MultiByte 40 | 41 | 42 | Application 43 | true 44 | v140 45 | MultiByte 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | MultiByte 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | true 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | true 106 | 107 | 108 | Console 109 | true 110 | 111 | 112 | 113 | 114 | Level3 115 | 116 | 117 | MaxSpeed 118 | true 119 | true 120 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 121 | true 122 | 123 | 124 | Console 125 | true 126 | true 127 | true 128 | 129 | 130 | 131 | 132 | Level3 133 | 134 | 135 | MaxSpeed 136 | true 137 | true 138 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 139 | true 140 | 141 | 142 | Console 143 | true 144 | true 145 | true 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | -------------------------------------------------------------------------------- /UniHookLoader/UniHookLoader.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {79fd5fd8-fb1d-4207-a3f1-c8a7e067d38d} 18 | 19 | 20 | {65dcfaf1-2c32-4cfb-8bbf-40cf5f03831b} 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | 35 | 36 | Header Files 37 | 38 | 39 | Header Files 40 | 41 | 42 | Header Files\Common\IPC 43 | 44 | 45 | Header Files\Common\IPC 46 | 47 | 48 | Header Files\Common 49 | 50 | 51 | Header Files\Common\IPC 52 | 53 | 54 | --------------------------------------------------------------------------------