├── .gitattributes
├── .gitignore
├── Bin_Debug
├── config.ini
└── dbghelp.dll
├── Bin_NtLayer-Debug
├── config.ini
└── dbghelp.dll
├── Bin_NtLayer-Release
├── config.ini
└── dbghelp.dll
├── Bin_Release
├── config.ini
└── dbghelp.dll
├── HSHook
├── Detoursor.cpp
├── Detoursor.h
├── DetoursorHelper.h
├── HSHook.aps
├── HSHook.cpp
├── HSHook.rc
├── HSHook.vcproj
├── HSHook.vcxproj
├── HSHook.vcxproj.filters
├── HandleApis.cpp
├── NtHandleApis.cpp
├── SysTypedef.h
├── WitlessCriticalSection.cpp
├── WitlessCriticalSection.h
├── callstack
│ ├── CallStack.cpp
│ ├── CallStack.h
│ └── PdbSig.cpp
├── detours
│ ├── creatwth.cpp
│ ├── detours.cpp
│ ├── detours.h
│ ├── detver.h
│ ├── disasm.cpp
│ ├── image.cpp
│ ├── modules.cpp
│ └── uimports.cpp
├── dprintf
│ ├── DPrintf.cpp
│ └── DPrintf.h
├── resource.h
├── stdafx.cpp
└── stdafx.h
├── HandleSpy
├── AboutDlg.h
├── Api.cpp
├── Api.h
├── ApiListView.cpp
├── ApiListView.h
├── CProgressBarDlg.cpp
├── CProgressBarDlg.h
├── ChartView.cpp
├── ChartView.h
├── DetectDlg.cpp
├── DetectDlg.h
├── Detector.cpp
├── Detector.h
├── FuncCallDlg.cpp
├── FuncCallDlg.h
├── HandleSpy.aps
├── HandleSpy.cpp
├── HandleSpy.h
├── HandleSpy.rc
├── HandleSpy.vcproj
├── HandleSpy.vcxproj
├── HandleSpy.vcxproj.filters
├── HandleSpy.vcxproj.user
├── Inject.cpp
├── Inject.h
├── LeakedFunCallDlg.cpp
├── LeakedFunCallDlg.h
├── MainFrm.cpp
├── MainFrm.h
├── ProcessSelDlg.cpp
├── ProcessSelDlg.h
├── ProgressDlg.cpp
├── ProgressDlg.h
├── ShionChartView.cpp
├── ShionChartView.h
├── StackDlg.cpp
├── StackDlg.h
├── SymbolHandler.cpp
├── SymbolHandler.h
├── dbghelp.h
├── lib
│ └── dbghelp.lib
├── res
│ ├── HandleSpy.ico
│ └── Toolbar.bmp
├── resource.h
├── stdafx.cpp
├── stdafx.h
└── wtl
│ └── include
│ ├── atlapp.h
│ ├── atlcrack.h
│ ├── atlctrls.h
│ ├── atlctrlw.h
│ ├── atlctrlx.h
│ ├── atlddx.h
│ ├── atldlgs.h
│ ├── atlfind.h
│ ├── atlframe.h
│ ├── atlgdi.h
│ ├── atlmisc.h
│ ├── atlprint.h
│ ├── atlres.h
│ ├── atlresce.h
│ ├── atlscrl.h
│ ├── atlsplit.h
│ ├── atltheme.h
│ ├── atluser.h
│ ├── atlwince.h
│ └── atlwinx.h
├── HandleSpy_vs2008.sln
├── HandleSpy_vs2010.sln
├── README.md
├── Storage
├── StackStorage.cpp
└── StackStorage.h
├── hs0.jpg
├── hs1.jpg
└── include
├── ApiIndex.h
├── CallStackTypeDefine.h
├── CountAndTimeTypeDefine.h
└── NtApiIndex.h
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 |
7 | # Standard to msysgit
8 | *.doc diff=astextplain
9 | *.DOC diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot diff=astextplain
13 | *.DOT diff=astextplain
14 | *.pdf diff=astextplain
15 | *.PDF diff=astextplain
16 | *.rtf diff=astextplain
17 | *.RTF diff=astextplain
18 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Windows image file caches
2 | Thumbs.db
3 | ehthumbs.db
4 |
5 | # Folder config file
6 | Desktop.ini
7 |
8 | # Recycle Bin used on file shares
9 | $RECYCLE.BIN/
10 |
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 |
17 | # Windows shortcuts
18 | *.lnk
19 |
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 |
24 | # OSX
25 | # =========================
26 |
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 |
31 | # Thumbnails
32 | ._*
33 |
34 | # Files that might appear on external disk
35 | .Spotlight-V100
36 | .Trashes
37 |
38 | # Directories potentially created on remote AFP share
39 | .AppleDB
40 | .AppleDesktop
41 | Network Trash Folder
42 | Temporary Items
43 | .apdisk
44 |
--------------------------------------------------------------------------------
/Bin_Debug/config.ini:
--------------------------------------------------------------------------------
1 | [Config]
2 | sympath=E:\Symbols;
--------------------------------------------------------------------------------
/Bin_Debug/dbghelp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/Bin_Debug/dbghelp.dll
--------------------------------------------------------------------------------
/Bin_NtLayer-Debug/config.ini:
--------------------------------------------------------------------------------
1 | [Config]
2 | sympath=F:\Symbols;
--------------------------------------------------------------------------------
/Bin_NtLayer-Debug/dbghelp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/Bin_NtLayer-Debug/dbghelp.dll
--------------------------------------------------------------------------------
/Bin_NtLayer-Release/config.ini:
--------------------------------------------------------------------------------
1 | [Config]
2 | sympath=F:\Symbols;
--------------------------------------------------------------------------------
/Bin_NtLayer-Release/dbghelp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/Bin_NtLayer-Release/dbghelp.dll
--------------------------------------------------------------------------------
/Bin_Release/config.ini:
--------------------------------------------------------------------------------
1 | [Config]
2 | sympath=F:\Symbols;
--------------------------------------------------------------------------------
/Bin_Release/dbghelp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/Bin_Release/dbghelp.dll
--------------------------------------------------------------------------------
/HSHook/Detoursor.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/Detoursor.cpp
--------------------------------------------------------------------------------
/HSHook/Detoursor.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/Detoursor.h
--------------------------------------------------------------------------------
/HSHook/DetoursorHelper.h:
--------------------------------------------------------------------------------
1 | #ifndef __HANDLEAPIS_H__
2 | #define __HANDLEAPIS_H__
3 | #include "Detoursor.h"
4 |
5 | namespace DetoursorHelper
6 | {
7 | /*
8 | * Helper function of CDetoursor
9 | * Add many functions to CDetoursor
10 | */
11 | BOOL AddAllFunctionsToDetoursor(CDetoursor *pDetoursor);
12 | }
13 | #endif
--------------------------------------------------------------------------------
/HSHook/HSHook.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/HSHook.aps
--------------------------------------------------------------------------------
/HSHook/HSHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/HSHook.cpp
--------------------------------------------------------------------------------
/HSHook/HSHook.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "afxres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // Chinese (P.R.C.) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
19 | #ifdef _WIN32
20 | LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
21 | #pragma code_page(936)
22 | #endif //_WIN32
23 |
24 | #ifdef APSTUDIO_INVOKED
25 | /////////////////////////////////////////////////////////////////////////////
26 | //
27 | // TEXTINCLUDE
28 | //
29 |
30 | 1 TEXTINCLUDE
31 | BEGIN
32 | "resource.h\0"
33 | END
34 |
35 | 2 TEXTINCLUDE
36 | BEGIN
37 | "#include ""afxres.h""\r\n"
38 | "\0"
39 | END
40 |
41 | 3 TEXTINCLUDE
42 | BEGIN
43 | "\r\n"
44 | "\0"
45 | END
46 |
47 | #endif // APSTUDIO_INVOKED
48 |
49 |
50 | /////////////////////////////////////////////////////////////////////////////
51 | //
52 | // Version
53 | //
54 |
55 | VS_VERSION_INFO VERSIONINFO
56 | FILEVERSION 1,0,0,7
57 | PRODUCTVERSION 1,0,0,7
58 | FILEFLAGSMASK 0x17L
59 | #ifdef _DEBUG
60 | FILEFLAGS 0x1L
61 | #else
62 | FILEFLAGS 0x0L
63 | #endif
64 | FILEOS 0x4L
65 | FILETYPE 0x2L
66 | FILESUBTYPE 0x0L
67 | BEGIN
68 | BLOCK "StringFileInfo"
69 | BEGIN
70 | BLOCK "080404b0"
71 | BEGIN
72 | VALUE "FileDescription", "HandleSpy Api Hook Module"
73 | VALUE "FileVersion", "1. 0. 0. 7"
74 | VALUE "InternalName", "HSHook"
75 | VALUE "LegalCopyright", "Copyright (C) 2013"
76 | VALUE "OriginalFilename", "HSHook.dll"
77 | VALUE "ProductName", "HSHook"
78 | VALUE "ProductVersion", "1. 0. 0. 7"
79 | END
80 | END
81 | BLOCK "VarFileInfo"
82 | BEGIN
83 | VALUE "Translation", 0x804, 1200
84 | END
85 | END
86 |
87 | #endif // Chinese (P.R.C.) resources
88 | /////////////////////////////////////////////////////////////////////////////
89 |
90 |
91 |
92 | #ifndef APSTUDIO_INVOKED
93 | /////////////////////////////////////////////////////////////////////////////
94 | //
95 | // Generated from the TEXTINCLUDE 3 resource.
96 | //
97 |
98 |
99 | /////////////////////////////////////////////////////////////////////////////
100 | #endif // not APSTUDIO_INVOKED
101 |
102 |
--------------------------------------------------------------------------------
/HSHook/HSHook.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
55 |
58 |
61 |
64 |
73 |
76 |
79 |
82 |
85 |
88 |
91 |
94 |
95 |
103 |
106 |
109 |
112 |
115 |
118 |
133 |
136 |
139 |
142 |
154 |
157 |
160 |
163 |
166 |
169 |
172 |
175 |
176 |
184 |
187 |
190 |
193 |
196 |
199 |
214 |
217 |
220 |
223 |
235 |
238 |
241 |
244 |
247 |
250 |
253 |
256 |
257 |
264 |
267 |
270 |
273 |
276 |
279 |
293 |
296 |
299 |
302 |
311 |
314 |
317 |
320 |
323 |
326 |
329 |
332 |
333 |
334 |
335 |
336 |
337 |
342 |
345 |
346 |
349 |
350 |
353 |
354 |
357 |
360 |
366 |
367 |
370 |
376 |
377 |
378 |
381 |
384 |
388 |
389 |
392 |
396 |
397 |
398 |
401 |
404 |
410 |
411 |
412 |
415 |
416 |
419 |
422 |
426 |
427 |
430 |
434 |
435 |
438 |
442 |
443 |
446 |
450 |
451 |
452 |
455 |
456 |
459 |
460 |
463 |
464 |
467 |
468 |
469 |
474 |
477 |
478 |
479 |
482 |
485 |
488 |
492 |
493 |
496 |
500 |
501 |
504 |
508 |
509 |
512 |
516 |
517 |
518 |
521 |
524 |
528 |
529 |
532 |
536 |
537 |
540 |
544 |
545 |
548 |
552 |
553 |
554 |
557 |
558 |
561 |
562 |
565 |
568 |
572 |
573 |
576 |
580 |
581 |
584 |
588 |
589 |
592 |
596 |
597 |
598 |
601 |
604 |
608 |
609 |
612 |
616 |
617 |
620 |
624 |
625 |
628 |
632 |
633 |
634 |
637 |
640 |
644 |
645 |
648 |
652 |
653 |
656 |
660 |
661 |
664 |
668 |
669 |
670 |
671 |
674 |
677 |
680 |
684 |
685 |
688 |
692 |
693 |
696 |
700 |
701 |
704 |
708 |
709 |
710 |
713 |
714 |
715 |
718 |
721 |
724 |
728 |
729 |
732 |
736 |
737 |
740 |
744 |
745 |
748 |
752 |
753 |
754 |
757 |
758 |
761 |
762 |
763 |
766 |
769 |
770 |
773 |
774 |
777 |
778 |
779 |
782 |
785 |
786 |
789 |
790 |
791 |
794 |
795 |
796 |
797 |
798 |
799 |
--------------------------------------------------------------------------------
/HSHook/HSHook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | NtLayer-Debug
10 | Win32
11 |
12 |
13 | NtLayer-Release
14 | Win32
15 |
16 |
17 | Release
18 | Win32
19 |
20 |
21 |
22 | {E46E2CB2-88F0-4EC2-A761-C84AE3EE6FB1}
23 | HSHook
24 | Win32Proj
25 |
26 |
27 |
28 | DynamicLibrary
29 | Unicode
30 | v120
31 |
32 |
33 | DynamicLibrary
34 | Unicode
35 | true
36 | v120
37 |
38 |
39 | DynamicLibrary
40 | Unicode
41 | true
42 | v120
43 |
44 |
45 | DynamicLibrary
46 | Unicode
47 | v120
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 | <_ProjectFileVersion>10.0.40219.1
67 | $(SolutionDir)Bin_$(Configuration)\
68 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
69 | true
70 | $(SolutionDir)Bin_$(Configuration)\
71 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
72 | false
73 | $(SolutionDir)Bin_$(Configuration)\
74 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
75 | false
76 | $(SolutionDir)Bin_$(Configuration)\
77 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
78 | true
79 |
80 |
81 |
82 | Disabled
83 | $(SolutionDir)include;$(SolutionDir)Storage;%(AdditionalIncludeDirectories)
84 | WIN32;_DEBUG;_WINDOWS;_USRDLL;HSHOOK_EXPORTS;DETOURS_X86;DETOURS_32BIT;%(PreprocessorDefinitions)
85 | true
86 | EnableFastChecks
87 | MultiThreadedDebugDLL
88 | Use
89 | All
90 | Level3
91 | EditAndContinue
92 |
93 |
94 | true
95 | Windows
96 | false
97 |
98 |
99 | MachineX86
100 |
101 |
102 |
103 |
104 | Disabled
105 | false
106 | $(SolutionDir)include;$(SolutionDir)Storage;%(AdditionalIncludeDirectories)
107 | WIN32;NDEBUG;_WINDOWS;_USRDLL;HSHOOK_EXPORTS;DETOURS_X86;DETOURS_32BIT;%(PreprocessorDefinitions)
108 | Default
109 | MultiThreadedDLL
110 | false
111 | Use
112 | All
113 | Level3
114 | ProgramDatabase
115 |
116 |
117 | true
118 | Windows
119 | true
120 | true
121 |
122 |
123 | false
124 |
125 |
126 | MachineX86
127 |
128 |
129 |
130 |
131 | Disabled
132 | false
133 | $(SolutionDir)include;$(SolutionDir)Storage;%(AdditionalIncludeDirectories)
134 | WIN32;NDEBUG;_WINDOWS;_USRDLL;HSHOOK_EXPORTS;DETOURS_X86;DETOURS_32BIT;NT_LAYER_FUNCTION_HOOK;%(PreprocessorDefinitions)
135 | Default
136 | MultiThreadedDLL
137 | false
138 | Use
139 | All
140 | Level3
141 | ProgramDatabase
142 |
143 |
144 | true
145 | Windows
146 | true
147 | true
148 |
149 |
150 | false
151 |
152 |
153 | MachineX86
154 |
155 |
156 |
157 |
158 | Disabled
159 | $(SolutionDir)include;$(SolutionDir)Storage;%(AdditionalIncludeDirectories)
160 | WIN32;_DEBUG;_WINDOWS;_USRDLL;HSHOOK_EXPORTS;DETOURS_X86;DETOURS_32BIT;NT_LAYER_FUNCTION_HOOK;%(PreprocessorDefinitions)
161 | true
162 | EnableFastChecks
163 | MultiThreadedDebugDLL
164 | Use
165 | AssemblyCode
166 | Level3
167 | EditAndContinue
168 |
169 |
170 | true
171 | Windows
172 | false
173 |
174 |
175 | MachineX86
176 |
177 |
178 |
179 |
180 |
181 | Disabled
182 | Use
183 | All
184 | Disabled
185 | Use
186 | All
187 |
188 |
189 | AssemblyAndSourceCode
190 | AssemblyAndSourceCode
191 |
192 |
193 | Default
194 | false
195 |
196 |
197 |
198 |
199 | Create
200 | Create
201 | Create
202 | Create
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 |
264 |
265 |
266 |
267 |
268 |
269 |
270 |
271 |
272 |
273 |
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 |
282 |
283 |
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 |
293 |
294 |
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
--------------------------------------------------------------------------------
/HSHook/HSHook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
6 | h;hpp;hxx;hm;inl;inc;xsd
7 |
8 |
9 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
10 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav
11 |
12 |
13 | {831452be-62ba-4b45-9201-fb2946576b22}
14 |
15 |
16 | {01937b47-b5f8-42c0-8b38-9dbd224f6fc8}
17 |
18 |
19 | {bfdc4d4b-4db1-4bf5-a5a3-563bec2562ae}
20 |
21 |
22 | {8d6338cf-2f01-4ba3-b59d-72fe7e650953}
23 |
24 |
25 | {6969edd7-9099-45fd-a8c7-c27113a88812}
26 |
27 |
28 |
29 |
30 | dllmain
31 |
32 |
33 | dllmain
34 |
35 |
36 | dllmain
37 |
38 |
39 | dllmain
40 |
41 |
42 | dllmain
43 |
44 |
45 | dllmain
46 |
47 |
48 | detours
49 |
50 |
51 | detours
52 |
53 |
54 | detours
55 |
56 |
57 | detours
58 |
59 |
60 | detours
61 |
62 |
63 | dprintf
64 |
65 |
66 | callstack
67 |
68 |
69 | callstack
70 |
71 |
72 | storage
73 |
74 |
75 |
76 |
77 | dllmain
78 |
79 |
80 | dllmain
81 |
82 |
83 | dllmain
84 |
85 |
86 | dllmain
87 |
88 |
89 | dllmain
90 |
91 |
92 | dllmain
93 |
94 |
95 | detours
96 |
97 |
98 | detours
99 |
100 |
101 | dprintf
102 |
103 |
104 | callstack
105 |
106 |
107 | include
108 |
109 |
110 | include
111 |
112 |
113 | include
114 |
115 |
116 | storage
117 |
118 |
119 |
120 |
121 | Resource Files
122 |
123 |
124 |
125 |
126 |
127 |
--------------------------------------------------------------------------------
/HSHook/HandleApis.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/HandleApis.cpp
--------------------------------------------------------------------------------
/HSHook/NtHandleApis.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/NtHandleApis.cpp
--------------------------------------------------------------------------------
/HSHook/SysTypedef.h:
--------------------------------------------------------------------------------
1 | typedef LONG NTSTATUS;
2 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
3 |
4 | typedef struct _UNICODE_STRING {
5 | USHORT Length;
6 | USHORT MaximumLength;
7 | PWSTR Buffer;
8 | } UNICODE_STRING;
9 | typedef UNICODE_STRING *PUNICODE_STRING;
10 | typedef const UNICODE_STRING *PCUNICODE_STRING;
11 |
12 | typedef struct _OBJECT_ATTRIBUTES {
13 | ULONG Length;
14 | HANDLE RootDirectory;
15 | PUNICODE_STRING ObjectName;
16 | ULONG Attributes;
17 | PVOID SecurityDescriptor;
18 | PVOID SecurityQualityOfService;
19 | } OBJECT_ATTRIBUTES;
20 | typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
21 |
22 |
23 | typedef struct _LDR_MODULE {
24 | LIST_ENTRY InLoadOrderModuleList;
25 | LIST_ENTRY InMemoryOrderModuleList;
26 | LIST_ENTRY InInitializationOrderModuleList;
27 | PVOID BaseAddress;
28 | PVOID EntryPoint;
29 | ULONG SizeOfImage;
30 | UNICODE_STRING FullDllName;
31 | UNICODE_STRING BaseDllName;
32 | ULONG Flags;
33 | SHORT LoadCount;
34 | SHORT TlsIndex;
35 | LIST_ENTRY HashTableEntry;
36 | ULONG TimeDateStamp;
37 | } LDR_MODULE, *PLDR_MODULE;
38 |
39 | typedef struct _PEB_LDR_DATA {
40 | ULONG Length;
41 | BOOLEAN Initialized;
42 | PVOID SsHandle;
43 | LIST_ENTRY InLoadOrderModuleList;
44 | LIST_ENTRY InMemoryOrderModuleList;
45 | LIST_ENTRY InInitializationOrderModuleList;
46 | } PEB_LDR_DATA, *PPEB_LDR_DATA;
47 |
48 | typedef struct _PEB {
49 | BYTE Reserved1[0x02];
50 | BYTE BeingDebugged;
51 | BYTE Reserved2[0x01];
52 | PVOID Reserved3[0x02];
53 | PPEB_LDR_DATA Ldr;
54 | PVOID ProcessParameters;/*PRTL_USER_PROCESS_PARAMETERS*/
55 | BYTE Reserved4[0x24];
56 | PVOID ApiSetMap;
57 | BYTE Reserved5[0x40];
58 | PVOID Reserved6[52];
59 | PVOID PostProcessInitRoutine;/*PPS_POST_PROCESS_INIT_ROUTINE*/
60 | BYTE Reserved7[0x80];
61 | PVOID Reserved8[0x01];
62 | ULONG SessionId;
63 | } PEB, *PPEB;
64 |
65 | typedef struct _TEB {
66 | NT_TIB NtTib;
67 | BYTE Reserved1[0x078c];
68 | PVOID Reserved2[0x019c];
69 | PVOID TlsSlots[0x40];
70 | BYTE Reserved3[0x08];
71 | PVOID Reserved4[0x1a];
72 | PVOID ReservedForOle;
73 | PVOID Reserved5[0x04];
74 | PVOID TlsExpansionSlots;
75 | } TEB, *PTEB;
--------------------------------------------------------------------------------
/HSHook/WitlessCriticalSection.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/WitlessCriticalSection.cpp
--------------------------------------------------------------------------------
/HSHook/WitlessCriticalSection.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class CWitlessCriticalSection
4 | {
5 | public:
6 | CWitlessCriticalSection(void);
7 | ~CWitlessCriticalSection(void);
8 |
9 | void Enter();
10 | void Leave();
11 |
12 | private:
13 | volatile long m_lLockCount;
14 | unsigned long m_lOwninThread;
15 | unsigned long m_lRecursionCount;
16 | };
17 |
--------------------------------------------------------------------------------
/HSHook/callstack/CallStack.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/callstack/CallStack.cpp
--------------------------------------------------------------------------------
/HSHook/callstack/CallStack.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HSHook/callstack/CallStack.h
--------------------------------------------------------------------------------
/HSHook/callstack/PdbSig.cpp:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "stdafx.h"
4 | #include
5 | #include
6 | #include
7 |
8 | #define CV_SIGNATURE_NB10 '01BN'
9 | #define CV_SIGNATURE_RSDS 'SDSR'
10 |
11 | // CodeView header
12 | struct CV_HEADER
13 | {
14 | DWORD CvSignature; // NBxx
15 | LONG Offset; // Always 0 for NB10
16 | };
17 |
18 | // CodeView NB10 debug information
19 | // (used when debug information is stored in a PDB 2.00 file)
20 | struct CV_INFO_PDB20
21 | {
22 | CV_HEADER Header;
23 | DWORD Signature; // seconds since 01.01.1970
24 | DWORD Age; // an always-incrementing value
25 | BYTE PdbFileName[1]; // zero terminated string with the name of the PDB file
26 | };
27 |
28 | // CodeView RSDS debug information
29 | // (used when debug information is stored in a PDB 7.00 file)
30 | struct CV_INFO_PDB70
31 | {
32 | DWORD CvSignature;
33 | GUID Signature; // unique identifier
34 | DWORD Age; // an always-incrementing value
35 | BYTE PdbFileName[1]; // zero terminated string with the name of the PDB file
36 | };
37 |
38 | BOOL IsPEFile(LPVOID ImageBase)
39 | {
40 | PIMAGE_DOS_HEADER pDH = NULL;
41 | PIMAGE_NT_HEADERS pNtH = NULL;
42 |
43 | if(!ImageBase)
44 | return FALSE;
45 |
46 | pDH = (PIMAGE_DOS_HEADER)ImageBase;
47 | if (pDH->e_magic != IMAGE_DOS_SIGNATURE)
48 | return FALSE;
49 |
50 | pNtH = (PIMAGE_NT_HEADERS32)UIntToPtr(PtrToUint(pDH) + pDH->e_lfanew);
51 | if (pNtH->Signature != IMAGE_NT_SIGNATURE )
52 | return FALSE;
53 |
54 | return TRUE;
55 | }
56 |
57 | PIMAGE_NT_HEADERS GetNtHeaders(LPVOID ImageBase)
58 | {
59 | if(!IsPEFile(ImageBase))
60 | return NULL;
61 |
62 | PIMAGE_NT_HEADERS pNtH;
63 | PIMAGE_DOS_HEADER pDH;
64 | pDH = (PIMAGE_DOS_HEADER)ImageBase;
65 | pNtH = (PIMAGE_NT_HEADERS)UIntToPtr(PtrToUint(pDH) + pDH->e_lfanew);
66 | return pNtH;
67 | }
68 |
69 | PIMAGE_FILE_HEADER GetFileHeader(LPVOID ImageBase)
70 | {
71 | PIMAGE_DOS_HEADER pDH=NULL;
72 | PIMAGE_NT_HEADERS pNtH=NULL;
73 | PIMAGE_FILE_HEADER pFH=NULL;
74 |
75 | if (!IsPEFile(ImageBase))
76 | return NULL;
77 | pDH = (PIMAGE_DOS_HEADER)ImageBase;
78 | pNtH = (PIMAGE_NT_HEADERS)UIntToPtr(PtrToUint(pDH) + pDH->e_lfanew);
79 | pFH = &pNtH->FileHeader;
80 | return pFH;
81 | }
82 |
83 | PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase)
84 | {
85 | PIMAGE_DOS_HEADER pDH=NULL;
86 | PIMAGE_NT_HEADERS pNtH=NULL;
87 | PIMAGE_OPTIONAL_HEADER pOH=NULL;
88 |
89 | if (!IsPEFile(ImageBase))
90 | return NULL;
91 |
92 | pDH = (PIMAGE_DOS_HEADER)ImageBase;
93 | pNtH = (PIMAGE_NT_HEADERS)UIntToPtr(PtrToUint(pDH) + pDH->e_lfanew);
94 | pOH = &pNtH->OptionalHeader;
95 | return pOH;
96 | }
97 |
98 | PIMAGE_SECTION_HEADER GetFirstSectionHeader(LPVOID ImageBase)
99 | {
100 | PIMAGE_NT_HEADERS pNtH=NULL;
101 | PIMAGE_SECTION_HEADER pSH=NULL;
102 |
103 | pNtH = GetNtHeaders(ImageBase);
104 | pSH = IMAGE_FIRST_SECTION(pNtH);
105 | return pSH;
106 | }
107 |
108 | const std::wstring GetModuleIndexString(void *pModBase, BOOL bPDB)
109 | {
110 | wchar_t sig[128] = {0};
111 | if (!IsPEFile(pModBase))
112 | {
113 | assert(0);
114 | return std::wstring();
115 | }
116 |
117 | if (!bPDB) //time stamp and size of the image for a executable file
118 | {
119 | IMAGE_NT_HEADERS *pNTHeaders = GetNtHeaders(pModBase);
120 | assert(pNTHeaders);
121 | if (pNTHeaders)
122 | swprintf_s(sig, L"%08X%x", pNTHeaders->FileHeader.TimeDateStamp, pNTHeaders->OptionalHeader.SizeOfImage);
123 | }
124 | else // signature and age for a pdb file.
125 | {
126 | do
127 | {
128 | PIMAGE_NT_HEADERS pNtH=NULL;
129 | PIMAGE_OPTIONAL_HEADER pOH=NULL;
130 |
131 | pNtH = GetNtHeaders(pModBase);
132 | if (!pNtH)
133 | return std::wstring();
134 | pOH = GetOptionalHeader(pModBase);
135 | if (!pOH)
136 | return std::wstring();
137 |
138 | IMAGE_DEBUG_DIRECTORY *pDebugDir = (IMAGE_DEBUG_DIRECTORY*)((BYTE*)pModBase + pOH->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress);
139 |
140 | ULONG size = pOH->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size;
141 |
142 | //assert(pDebugDir && size == sizeof(IMAGE_DEBUG_DIRECTORY));
143 | if (!pDebugDir || size == 0 || size % sizeof(IMAGE_DEBUG_DIRECTORY) != 0)
144 | break;
145 |
146 | if (IsBadReadPtr(pDebugDir, size))
147 | {
148 | assert(0);
149 | break;
150 | }
151 | if (!pDebugDir->AddressOfRawData)
152 | break;
153 |
154 | LPBYTE pDebugInfo = (LPBYTE)pModBase + pDebugDir->AddressOfRawData;
155 | ULONG ulDebugSize = pDebugDir->SizeOfData;
156 | assert(pDebugDir->Type == IMAGE_DEBUG_TYPE_CODEVIEW);
157 | if (pDebugDir->Type != IMAGE_DEBUG_TYPE_CODEVIEW)
158 | break;
159 |
160 | if (IsBadReadPtr(pDebugInfo, ulDebugSize))
161 | {
162 | assert(0);
163 | break;
164 | }
165 |
166 | DWORD CvSignature = *(DWORD*)pDebugInfo;
167 | if (CvSignature == CV_SIGNATURE_NB10)//CodeView format: NB10
168 | {
169 | // NB10 -> PDB 2.00
170 | CV_INFO_PDB20* pCvInfo = (CV_INFO_PDB20*)pDebugInfo;
171 | if (IsBadReadPtr( pDebugInfo, sizeof(CV_INFO_PDB20))
172 | || IsBadStringPtrA( (CHAR*)pCvInfo->PdbFileName, UINT_MAX))
173 | {
174 | assert(0);
175 | break;
176 | }
177 |
178 | swprintf_s(sig, L"%08X%x", pCvInfo->Signature, pCvInfo->Age);
179 | }
180 | else if( CvSignature == CV_SIGNATURE_RSDS )
181 | {
182 | // RSDS -> PDB 7.00
183 | CV_INFO_PDB70* pCvInfo = (CV_INFO_PDB70*)pDebugInfo;
184 | if (IsBadReadPtr(pDebugInfo, sizeof(CV_INFO_PDB70))
185 | || IsBadStringPtrA((CHAR*)pCvInfo->PdbFileName, UINT_MAX))
186 | {
187 | assert(0);
188 | break;
189 | }
190 |
191 | swprintf_s(sig, L"%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X%x",
192 | pCvInfo->Signature.Data1, pCvInfo->Signature.Data2, pCvInfo->Signature.Data3,
193 | pCvInfo->Signature.Data4[0], pCvInfo->Signature.Data4[1], pCvInfo->Signature.Data4[2],
194 | pCvInfo->Signature.Data4[3], pCvInfo->Signature.Data4[4], pCvInfo->Signature.Data4[5],
195 | pCvInfo->Signature.Data4[6], pCvInfo->Signature.Data4[7],
196 | pCvInfo->Age);
197 | }
198 | else
199 | {
200 | assert(0);
201 | break;
202 | }
203 |
204 | } while (0);
205 | }
206 |
207 |
208 | //assert(wcslen(sig) > 0);
209 | return std::wstring(sig);
210 | }
--------------------------------------------------------------------------------
/HSHook/detours/detver.h:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////////////
2 | //
3 | // Common version parameters.
4 | //
5 | // Microsoft Research Detours Package, Version 3.0 Build_316.
6 | //
7 | // Copyright (c) Microsoft Corporation. All rights reserved.
8 | //
9 |
10 | #ifndef DETOURS_STRINGIFY
11 | #define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
12 | #define DETOURS_STRINGIFY_(x) #x
13 | #endif
14 |
15 | #define VER_FILEFLAGSMASK 0x3fL
16 | #define VER_FILEFLAGS 0x0L
17 | #define VER_FILEOS 0x00040004L
18 | #define VER_FILETYPE 0x00000002L
19 | #define VER_FILESUBTYPE 0x00000000L
20 |
21 | #define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS)
22 |
--------------------------------------------------------------------------------
/HSHook/detours/uimports.cpp:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////////////
2 | //
3 | // Add DLLs to a module import table (uimports.cpp of detours.lib)
4 | //
5 | // Microsoft Research Detours Package, Version 3.0 Build_316.
6 | //
7 | // Copyright (c) Microsoft Corporation. All rights reserved.
8 | //
9 | // Note that this file is included into creatwth.cpp one or more times
10 | // (once for each supported module format).
11 | //
12 |
13 | // UpdateImports32 aka UpdateImports64
14 | static BOOL UPDATE_IMPORTS_XX(HANDLE hProcess,
15 | HMODULE hModule,
16 | LPCSTR *plpDlls,
17 | DWORD nDlls)
18 | {
19 | BOOL fSucceeded = FALSE;
20 | BYTE * pbNew = NULL;
21 | DWORD i;
22 |
23 | PBYTE pbModule = (PBYTE)hModule;
24 |
25 | IMAGE_DOS_HEADER idh;
26 | ZeroMemory(&idh, sizeof(idh));
27 | if (!ReadProcessMemory(hProcess, pbModule, &idh, sizeof(idh), NULL)) {
28 | DETOUR_TRACE(("ReadProcessMemory(idh@%p..%p) failed: %d\n",
29 | pbModule, pbModule + sizeof(idh), GetLastError()));
30 |
31 | finish:
32 | if (pbNew != NULL) {
33 | delete[] pbNew;
34 | pbNew = NULL;
35 | }
36 | return fSucceeded;
37 | }
38 |
39 | IMAGE_NT_HEADERS_XX inh;
40 | ZeroMemory(&inh, sizeof(inh));
41 |
42 | if (!ReadProcessMemory(hProcess, pbModule + idh.e_lfanew, &inh, sizeof(inh), NULL)) {
43 | DETOUR_TRACE(("ReadProcessMemory(inh@%p..%p) failed: %d\n",
44 | pbModule + idh.e_lfanew,
45 | pbModule + idh.e_lfanew + sizeof(inh),
46 | GetLastError()));
47 | goto finish;
48 | }
49 |
50 | if (inh.OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR_MAGIC_XX) {
51 | DETOUR_TRACE(("Wrong size image (%04x != %04x).\n",
52 | inh.OptionalHeader.Magic, IMAGE_NT_OPTIONAL_HDR_MAGIC_XX));
53 | SetLastError(ERROR_INVALID_BLOCK);
54 | goto finish;
55 | }
56 |
57 | // Zero out the bound table so loader doesn't use it instead of our new table.
58 | inh.BOUND_DIRECTORY.VirtualAddress = 0;
59 | inh.BOUND_DIRECTORY.Size = 0;
60 |
61 | // Find the size of the mapped file.
62 | DWORD dwFileSize = 0;
63 | DWORD dwSec = idh.e_lfanew +
64 | FIELD_OFFSET(IMAGE_NT_HEADERS_XX, OptionalHeader) +
65 | inh.FileHeader.SizeOfOptionalHeader;
66 |
67 | for (i = 0; i < inh.FileHeader.NumberOfSections; i++) {
68 | IMAGE_SECTION_HEADER ish;
69 | ZeroMemory(&ish, sizeof(ish));
70 |
71 | if (!ReadProcessMemory(hProcess, pbModule + dwSec + sizeof(ish) * i, &ish,
72 | sizeof(ish), NULL)) {
73 | DETOUR_TRACE(("ReadProcessMemory(ish@%p..%p) failed: %d\n",
74 | pbModule + dwSec + sizeof(ish) * i,
75 | pbModule + dwSec + sizeof(ish) * (i + 1),
76 | GetLastError()));
77 | goto finish;
78 | }
79 |
80 | DETOUR_TRACE(("ish[%d] : va=%08x sr=%d\n", i, ish.VirtualAddress, ish.SizeOfRawData));
81 |
82 | // If the file didn't have an IAT_DIRECTORY, we assign it...
83 | if (inh.IAT_DIRECTORY.VirtualAddress == 0 &&
84 | inh.IMPORT_DIRECTORY.VirtualAddress >= ish.VirtualAddress &&
85 | inh.IMPORT_DIRECTORY.VirtualAddress < ish.VirtualAddress + ish.SizeOfRawData) {
86 |
87 | inh.IAT_DIRECTORY.VirtualAddress = ish.VirtualAddress;
88 | inh.IAT_DIRECTORY.Size = ish.SizeOfRawData;
89 | }
90 |
91 | // Find the end of the file...
92 | if (dwFileSize < ish.PointerToRawData + ish.SizeOfRawData) {
93 | dwFileSize = ish.PointerToRawData + ish.SizeOfRawData;
94 | }
95 | }
96 | DETOUR_TRACE(("dwFileSize = %08x\n", dwFileSize));
97 |
98 | #if IGNORE_CHECKSUMS
99 | // Find the current checksum.
100 | WORD wBefore = ComputeChkSum(hProcess, pbModule, &inh);
101 | DETOUR_TRACE(("ChkSum: %04x + %08x => %08x\n", wBefore, dwFileSize, wBefore + dwFileSize));
102 | #endif
103 |
104 | DETOUR_TRACE((" Imports: %p..%p\n",
105 | (DWORD_PTR)pbModule + inh.IMPORT_DIRECTORY.VirtualAddress,
106 | (DWORD_PTR)pbModule + inh.IMPORT_DIRECTORY.VirtualAddress +
107 | inh.IMPORT_DIRECTORY.Size));
108 |
109 | DWORD obRem = sizeof(IMAGE_IMPORT_DESCRIPTOR) * nDlls;
110 | DWORD obTab = PadToDwordPtr(obRem +
111 | inh.IMPORT_DIRECTORY.Size +
112 | sizeof(IMAGE_IMPORT_DESCRIPTOR));
113 | DWORD obDll = obTab + sizeof(DWORD_XX) * 4 * nDlls;
114 | DWORD obStr = obDll;
115 | DWORD cbNew = obStr;
116 | DWORD n;
117 | for (n = 0; n < nDlls; n++) {
118 | cbNew += PadToDword((DWORD)strlen(plpDlls[n]) + 1);
119 | }
120 |
121 | pbNew = new BYTE [cbNew];
122 | if (pbNew == NULL) {
123 | DETOUR_TRACE(("new BYTE [cbNew] failed.\n"));
124 | goto finish;
125 | }
126 | ZeroMemory(pbNew, cbNew);
127 |
128 | PBYTE pbBase = pbModule;
129 | PBYTE pbNext = pbBase
130 | + inh.OptionalHeader.BaseOfCode
131 | + inh.OptionalHeader.SizeOfCode
132 | + inh.OptionalHeader.SizeOfInitializedData
133 | + inh.OptionalHeader.SizeOfUninitializedData;
134 | if (pbBase < pbNext) {
135 | pbBase = pbNext;
136 | }
137 | DETOUR_TRACE(("pbBase = %p\n", pbBase));
138 |
139 | PBYTE pbNewIid = FindAndAllocateNearBase(hProcess, pbBase, cbNew);
140 | if (pbNewIid == NULL) {
141 | DETOUR_TRACE(("FindAndAllocateNearBase failed.\n"));
142 | goto finish;
143 | }
144 |
145 | DWORD obBase = (DWORD)(pbNewIid - pbModule);
146 | DWORD dwProtect = 0;
147 | if (inh.IMPORT_DIRECTORY.VirtualAddress != 0) {
148 | // Read the old import directory if it exists.
149 | #if 0
150 | if (!VirtualProtectEx(hProcess,
151 | pbModule + inh.IMPORT_DIRECTORY.VirtualAddress,
152 | inh.IMPORT_DIRECTORY.Size, PAGE_EXECUTE_READWRITE, &dwProtect)) {
153 | DETOUR_TRACE(("VirtualProtectEx(import) write failed: %d\n", GetLastError()));
154 | goto finish;
155 | }
156 | #endif
157 | DETOUR_TRACE(("IMPORT_DIRECTORY perms=%x\n", dwProtect));
158 |
159 | if (!ReadProcessMemory(hProcess,
160 | pbModule + inh.IMPORT_DIRECTORY.VirtualAddress,
161 | pbNew + obRem,
162 | inh.IMPORT_DIRECTORY.Size, NULL)) {
163 | DETOUR_TRACE(("ReadProcessMemory(imports) failed: %d\n", GetLastError()));
164 | goto finish;
165 | }
166 | }
167 |
168 | PIMAGE_IMPORT_DESCRIPTOR piid = (PIMAGE_IMPORT_DESCRIPTOR)pbNew;
169 | DWORD_XX *pt;
170 |
171 | for (n = 0; n < nDlls; n++) {
172 | HRESULT hrRet = StringCchCopyA((char*)pbNew + obStr, cbNew - obStr, plpDlls[n]);
173 | if (FAILED(hrRet)) {
174 | DETOUR_TRACE(("StringCchCopyA failed: %d\n", GetLastError()));
175 | goto finish;
176 | }
177 |
178 | // After copying the string, we patch up the size "??" bits if any.
179 | hrRet = ReplaceOptionalSizeA((char*)pbNew + obStr,
180 | cbNew - obStr,
181 | DETOURS_STRINGIFY(DETOURS_BITS_XX));
182 | if (FAILED(hrRet)) {
183 | DETOUR_TRACE(("ReplaceOptionalSizeA failed: %d\n", GetLastError()));
184 | goto finish;
185 | }
186 |
187 | DWORD nOffset = obTab + (sizeof(DWORD_XX) * (4 * n));
188 | piid[n].OriginalFirstThunk = obBase + nOffset;
189 | pt = ((DWORD_XX*)(pbNew + nOffset));
190 | pt[0] = IMAGE_ORDINAL_FLAG_XX + 1;
191 | pt[1] = 0;
192 |
193 | nOffset = obTab + (sizeof(DWORD_XX) * ((4 * n) + 2));
194 | piid[n].FirstThunk = obBase + nOffset;
195 | pt = ((DWORD_XX*)(pbNew + nOffset));
196 | pt[0] = IMAGE_ORDINAL_FLAG_XX + 1;
197 | pt[1] = 0;
198 | piid[n].TimeDateStamp = 0;
199 | piid[n].ForwarderChain = 0;
200 | piid[n].Name = obBase + obStr;
201 |
202 | obStr += PadToDword((DWORD)strlen(plpDlls[n]) + 1);
203 | }
204 |
205 | for (i = 0; i < nDlls + (inh.IMPORT_DIRECTORY.Size / sizeof(*piid)); i++) {
206 | DETOUR_TRACE(("%8d. Look=%08x Time=%08x Fore=%08x Name=%08x Addr=%08x\n",
207 | i,
208 | piid[i].OriginalFirstThunk,
209 | piid[i].TimeDateStamp,
210 | piid[i].ForwarderChain,
211 | piid[i].Name,
212 | piid[i].FirstThunk));
213 | if (piid[i].OriginalFirstThunk == 0 && piid[i].FirstThunk == 0) {
214 | break;
215 | }
216 | }
217 |
218 | if (!WriteProcessMemory(hProcess, pbNewIid, pbNew, obStr, NULL)) {
219 | DETOUR_TRACE(("WriteProcessMemory(iid) failed: %d\n", GetLastError()));
220 | goto finish;
221 | }
222 |
223 | DETOUR_TRACE(("obBaseBef = %08x..%08x\n",
224 | inh.IMPORT_DIRECTORY.VirtualAddress,
225 | inh.IMPORT_DIRECTORY.VirtualAddress + inh.IMPORT_DIRECTORY.Size));
226 | DETOUR_TRACE(("obBaseAft = %08x..%08x\n", obBase, obBase + obStr));
227 |
228 | // If the file doesn't have an IAT_DIRECTORY, we create it...
229 | if (inh.IAT_DIRECTORY.VirtualAddress == 0) {
230 | inh.IAT_DIRECTORY.VirtualAddress = obBase;
231 | inh.IAT_DIRECTORY.Size = cbNew;
232 | }
233 |
234 | inh.IMPORT_DIRECTORY.VirtualAddress = obBase;
235 | inh.IMPORT_DIRECTORY.Size = cbNew;
236 |
237 | /////////////////////// Update the NT header for the new import directory.
238 | /////////////////////////////// Update the DOS header to fix the checksum.
239 | //
240 | if (!VirtualProtectEx(hProcess, pbModule, inh.OptionalHeader.SizeOfHeaders,
241 | PAGE_EXECUTE_READWRITE, &dwProtect)) {
242 | DETOUR_TRACE(("VirtualProtectEx(inh) write failed: %d\n", GetLastError()));
243 | goto finish;
244 | }
245 |
246 | #if IGNORE_CHECKSUMS
247 | idh.e_res[0] = 0;
248 | #else
249 | inh.OptionalHeader.CheckSum = 0;
250 | #endif // IGNORE_CHECKSUMS
251 |
252 | if (!WriteProcessMemory(hProcess, pbModule, &idh, sizeof(idh), NULL)) {
253 | DETOUR_TRACE(("WriteProcessMemory(idh) failed: %d\n", GetLastError()));
254 | goto finish;
255 | }
256 | DETOUR_TRACE(("WriteProcessMemory(idh:%p..%p)\n", pbModule, pbModule + sizeof(idh)));
257 |
258 | if (!WriteProcessMemory(hProcess, pbModule + idh.e_lfanew, &inh, sizeof(inh), NULL)) {
259 | DETOUR_TRACE(("WriteProcessMemory(inh) failed: %d\n", GetLastError()));
260 | goto finish;
261 | }
262 | DETOUR_TRACE(("WriteProcessMemory(inh:%p..%p)\n",
263 | pbModule + idh.e_lfanew,
264 | pbModule + idh.e_lfanew + sizeof(inh)));
265 |
266 | #if IGNORE_CHECKSUMS
267 | WORD wDuring = ComputeChkSum(hProcess, pbModule, &inh);
268 | DETOUR_TRACE(("ChkSum: %04x + %08x => %08x\n", wDuring, dwFileSize, wDuring + dwFileSize));
269 |
270 | idh.e_res[0] = detour_sum_minus(idh.e_res[0], detour_sum_minus(wDuring, wBefore));
271 |
272 | if (!WriteProcessMemory(hProcess, pbModule, &idh, sizeof(idh), NULL)) {
273 | DETOUR_TRACE(("WriteProcessMemory(idh) failed: %d\n", GetLastError()));
274 | goto finish;
275 | }
276 | #endif // IGNORE_CHECKSUMS
277 |
278 | if (!VirtualProtectEx(hProcess, pbModule, inh.OptionalHeader.SizeOfHeaders,
279 | dwProtect, &dwProtect)) {
280 | DETOUR_TRACE(("VirtualProtectEx(idh) restore failed: %d\n", GetLastError()));
281 | goto finish;
282 | }
283 |
284 | #if IGNORE_CHECKSUMS
285 | WORD wAfter = ComputeChkSum(hProcess, pbModule, &inh);
286 | DETOUR_TRACE(("ChkSum: %04x + %08x => %08x\n", wAfter, dwFileSize, wAfter + dwFileSize));
287 | DETOUR_TRACE(("Before: %08x, After: %08x\n", wBefore + dwFileSize, wAfter + dwFileSize));
288 |
289 | if (wBefore != wAfter) {
290 | DETOUR_TRACE(("Restore of checksum failed %04x != %04x.\n", wBefore, wAfter));
291 | goto finish;
292 | }
293 | #endif // IGNORE_CHECKSUMS
294 |
295 | fSucceeded = TRUE;
296 | goto finish;
297 | }
298 |
299 |
--------------------------------------------------------------------------------
/HSHook/dprintf/DPrintf.cpp:
--------------------------------------------------------------------------------
1 | #ifdef _DEBUG
2 | #include
3 | #include
4 | #include
5 |
6 | #define DEBUG_STRING_MAX_LENGTH 1024
7 |
8 | int _cdecl DPrintf(CONST TCHAR *format, ...)
9 | {
10 | va_list arglist;
11 | TCHAR tchDebugString[DEBUG_STRING_MAX_LENGTH];
12 | int nBufLen = -1;
13 |
14 | ZeroMemory(tchDebugString, DEBUG_STRING_MAX_LENGTH*sizeof(TCHAR));
15 |
16 | if (format == NULL)
17 | {
18 | OutputDebugString(_T("DebugPrintf() FAILED: Format is null pointer!\r\n"));
19 | return nBufLen;
20 | }
21 |
22 | va_start(arglist, format);
23 | nBufLen = _vstprintf_s((TCHAR *)tchDebugString, DEBUG_STRING_MAX_LENGTH, format, arglist);
24 |
25 | if (nBufLen == -1)
26 | {
27 | OutputDebugString(_T("DebugPrintf() FAILED: String is too long!\r\n"));
28 | return nBufLen;
29 | }
30 |
31 | //OutputDebugString(_T("DebugPrintf:"));
32 | OutputDebugString(tchDebugString);
33 | return nBufLen;
34 | };
35 | #else
36 | #define DPrintf __noop
37 | #endif
--------------------------------------------------------------------------------
/HSHook/dprintf/DPrintf.h:
--------------------------------------------------------------------------------
1 | #ifndef __DPRINTF_H__
2 | #define __DPRINTF_H__
3 | #ifdef _DEBUG
4 | int _cdecl DPrintf(CONST TCHAR *format, ...);
5 | #else
6 | #define DPrintf __noop
7 | #endif
8 | #endif
--------------------------------------------------------------------------------
/HSHook/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by HSHook.rc
4 |
5 | // Next default values for new objects
6 | //
7 | #ifdef APSTUDIO_INVOKED
8 | #ifndef APSTUDIO_READONLY_SYMBOLS
9 | #define _APS_NEXT_RESOURCE_VALUE 101
10 | #define _APS_NEXT_COMMAND_VALUE 40001
11 | #define _APS_NEXT_CONTROL_VALUE 1001
12 | #define _APS_NEXT_SYMED_VALUE 101
13 | #endif
14 | #endif
15 |
--------------------------------------------------------------------------------
/HSHook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HSHook.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | CWitlessCriticalSection g_csForStackDataBuffer;
8 |
9 | // TODO: reference any additional headers you need in STDAFX.H
10 | // and not in this file
11 |
--------------------------------------------------------------------------------
/HSHook/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Allow use of features specific to Windows XP or later.
11 | #define WINVER 0x0501 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later.
15 | #define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Allow use of features specific to Windows 98 or later.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Allow use of features specific to IE 6.0 or later.
23 | #define _WIN32_IE 0x0600 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
26 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
27 | // Windows Header Files:
28 | #include
29 | #include
30 |
31 | #define INJECTED_MODULE
32 |
33 | #include "WitlessCriticalSection.h"
34 | #define EnterCriticalSection(x) {x.Enter();}
35 | #define LeaveCriticalSection(x) {x.Leave();}
36 |
37 |
38 | // TODO: reference additional headers your program requires here
39 |
--------------------------------------------------------------------------------
/HandleSpy/AboutDlg.h:
--------------------------------------------------------------------------------
1 | // aboutdlg.h : interface of the CAboutDlg class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 |
7 | class CAboutDlg : public CDialogImpl
8 | {
9 | public:
10 | enum { IDD = IDD_ABOUTBOX };
11 |
12 | BEGIN_MSG_MAP(CAboutDlg)
13 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
14 | COMMAND_ID_HANDLER(IDOK, OnCloseCmd)
15 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
16 | END_MSG_MAP()
17 |
18 | // Handler prototypes (uncomment arguments if needed):
19 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
20 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
21 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
22 |
23 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
24 | {
25 | CenterWindow(GetParent());
26 | return TRUE;
27 | }
28 |
29 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
30 | {
31 | EndDialog(wID);
32 | return 0;
33 | }
34 | };
35 |
--------------------------------------------------------------------------------
/HandleSpy/Api.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/Api.cpp
--------------------------------------------------------------------------------
/HandleSpy/Api.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class CApi
4 | {
5 | public:
6 | static TCHAR* GetNameByIndex(DWORD dwIndex);
7 | private:
8 | static TCHAR* Name[];
9 |
10 | static TCHAR* invalidIndex;
11 | };
12 |
--------------------------------------------------------------------------------
/HandleSpy/ApiListView.cpp:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | #include "ApiListView.h"
3 | #include "StackDlg.h"
4 |
5 | CApiListView::CApiListView(void)
6 | {
7 |
8 | }
9 |
10 | CApiListView::~CApiListView(void)
11 | {
12 | }
13 |
14 | BOOL CApiListView::PreTranslateMessage(MSG* pMsg)
15 | {
16 | pMsg;
17 | return FALSE;
18 | }
--------------------------------------------------------------------------------
/HandleSpy/ApiListView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "CallStackTypeDefine.h"
3 | #include "atlwin.h"
4 |
5 | class CApiListView :
6 | public CWindowImpl
7 | {
8 | public:
9 | public:
10 | DECLARE_WND_SUPERCLASS(NULL, CListViewCtrl::GetWndClassName())
11 |
12 | BOOL PreTranslateMessage(MSG* pMsg);
13 |
14 | CApiListView(void);
15 | ~CApiListView(void);
16 |
17 | BEGIN_MSG_MAP(CApiListView)
18 | END_MSG_MAP()
19 |
20 |
21 | // Handler prototypes (uncomment arguments if needed):
22 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
23 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
24 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
25 | };
26 |
--------------------------------------------------------------------------------
/HandleSpy/CProgressBarDlg.cpp:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | #include "CProgressBarDlg.h"
3 |
4 |
5 | LRESULT CCProgressBarDlg::OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
6 | {
7 | CenterWindow();
8 | return TRUE;
9 | }
10 |
11 | LRESULT CCProgressBarDlg::OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
12 | {
13 | EndDialog(wID);
14 | return 0;
15 | }
--------------------------------------------------------------------------------
/HandleSpy/CProgressBarDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | class CCProgressBarDlg :
3 | public CDialogImpl
4 | {
5 | public:
6 | enum { IDD = IDD_DIALOG_PROGRESS };
7 |
8 | BEGIN_MSG_MAP(CCProgressBarDlg)
9 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
10 | COMMAND_ID_HANDLER(IDOK, OnCloseCmd)
11 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
12 | END_MSG_MAP()
13 |
14 | // Handler prototypes (uncomment arguments if needed):
15 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
16 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
17 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
18 |
19 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
20 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
21 | };
22 |
23 |
--------------------------------------------------------------------------------
/HandleSpy/ChartView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/ChartView.cpp
--------------------------------------------------------------------------------
/HandleSpy/ChartView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/ChartView.h
--------------------------------------------------------------------------------
/HandleSpy/DetectDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/DetectDlg.cpp
--------------------------------------------------------------------------------
/HandleSpy/DetectDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "atlwin.h"
3 | #include "Detector.h"
4 | #include "ChartView.h"
5 | #include "CountAndTimeTypeDefine.h"
6 |
7 | class CDetectDlg :
8 | public CDialogImpl
9 | {
10 | public:
11 | enum { IDD = IDD_DIALOG_DETECT };
12 |
13 | BEGIN_MSG_MAP(CAboutDlg)
14 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
15 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
16 | COMMAND_HANDLER(ID_STOP, BN_CLICKED, OnBnClickedStop)
17 | MESSAGE_HANDLER(WM_TIMER, OnTimer)
18 | MESSAGE_HANDLER(HSMSG_TARGETPROCESSEXIT, OnTargetProcessExit)
19 | END_MSG_MAP()
20 |
21 | CDetectDlg(void);
22 |
23 | void SetArrayPointer(std::vector* p);
24 |
25 | // Handler prototypes (uncomment arguments if needed):
26 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
27 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
28 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
29 |
30 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/);
31 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
32 | LRESULT OnTimer(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& bHandled);
33 | LRESULT OnBnClickedStop(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
34 | LRESULT OnTargetProcessExit(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& bHandled);
35 |
36 | private:
37 | CChartView m_chart;
38 | CDetector m_detector;
39 |
40 | std::vector* m_pArray;
41 | };
42 |
--------------------------------------------------------------------------------
/HandleSpy/Detector.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/Detector.cpp
--------------------------------------------------------------------------------
/HandleSpy/Detector.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | #define HSMSG_TARGETPROCESSEXIT WM_USER+0x100
5 |
6 | class CDetector
7 | {
8 | public:
9 |
10 | CDetector();
11 | ~CDetector(void);
12 |
13 | BOOL Init(DWORD pid, HWND h);
14 |
15 | BOOL Start();
16 | BOOL Stop();
17 |
18 | BOOL InjectHSHook();
19 | BOOL UnInjectHSHook();
20 |
21 | BOOL GetHandleCount(DWORD* pdwCount);
22 |
23 | private:
24 | HWND m_hWndHolder;
25 | DWORD m_dwPid;
26 | BOOL m_bIsWorking;
27 | HANDLE m_hProcess;
28 | HMODULE m_hInjectedModule;
29 | CStringA m_strDllPath;
30 | };
31 |
--------------------------------------------------------------------------------
/HandleSpy/FuncCallDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/FuncCallDlg.cpp
--------------------------------------------------------------------------------
/HandleSpy/FuncCallDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "CallStackTypeDefine.h"
4 | #include "StackDlg.h"
5 | #include "ProgressDlg.h"
6 |
7 | class CFuncCallDlg : public CDialogImpl
8 | {
9 | public:
10 | enum {IDD = IDD_DIALOG_FUNCCALL};
11 | CFuncCallDlg(DWORD dwBegin, DWORD dwEnd);
12 | ~CFuncCallDlg(void);
13 |
14 | public:
15 | BEGIN_MSG_MAP(CFuncCallDlg)
16 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
17 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
18 | NOTIFY_CODE_HANDLER(NM_DBLCLK, OnNmDbClick)
19 | COMMAND_HANDLER(IDC_BUTTON_SHOWALL, BN_CLICKED, OnBnClickedButtonShowall)
20 | COMMAND_HANDLER(IDC_BUTTON_ONLYLEAK, BN_CLICKED, OnBnClickedButtonOnlyleak)
21 | COMMAND_HANDLER(IDC_BUTTON_SMARTFILTER, BN_CLICKED, OnBnClickedButtonSmartfilter)
22 | END_MSG_MAP()
23 |
24 | void ShowAll();
25 | void ShowLeak();
26 |
27 | void ShowStackDlg(CALL_STACK* pCs, LPCTSTR lpText);
28 | void ReleaseAllStackDlg();
29 |
30 | void AdvanceFilter(std::vector& vecSrc, std::vector& vecDst);
31 | BOOL SimpleFilter(const std::vector& vecSrc, std::vector& vecDst);
32 |
33 | public:
34 | BOOL OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
35 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
36 | LRESULT OnBnClickedCancel(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
37 | LRESULT OnNmDbClick(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
38 | LRESULT OnBnClickedButtonShowall(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
39 | LRESULT OnBnClickedButtonOnlyleak(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
40 | LRESULT OnBnClickedButtonSmartfilter(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
41 |
42 | private:
43 | CListViewCtrl m_listFuncCall;
44 | DWORD m_BeginPos;
45 | DWORD m_EndPos;
46 | std::vector m_AllSrcVec;
47 | std::vector m_AdvanceFilterVec;
48 | std::vector m_SimpleFilterVec;
49 |
50 | std::map m_CallstackDlgMap;
51 |
52 | CProgressDlg m_Progress;
53 | };
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/HandleSpy.aps
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/HandleSpy.cpp
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.h:
--------------------------------------------------------------------------------
1 | // HandleSpy.h
2 |
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/HandleSpy.rc
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
14 |
15 |
16 |
17 |
18 |
26 |
29 |
32 |
35 |
38 |
50 |
62 |
65 |
71 |
74 |
83 |
86 |
89 |
92 |
95 |
98 |
101 |
104 |
105 |
113 |
116 |
119 |
122 |
125 |
137 |
148 |
151 |
157 |
160 |
169 |
172 |
175 |
178 |
181 |
184 |
187 |
190 |
191 |
199 |
202 |
205 |
208 |
211 |
223 |
234 |
237 |
243 |
246 |
255 |
258 |
261 |
264 |
267 |
270 |
273 |
276 |
277 |
285 |
288 |
291 |
294 |
297 |
309 |
321 |
324 |
330 |
333 |
342 |
345 |
348 |
351 |
354 |
357 |
360 |
363 |
364 |
365 |
366 |
367 |
368 |
372 |
375 |
376 |
379 |
380 |
383 |
384 |
387 |
388 |
391 |
392 |
395 |
396 |
399 |
400 |
403 |
404 |
407 |
408 |
411 |
412 |
415 |
416 |
419 |
420 |
423 |
424 |
427 |
428 |
431 |
432 |
435 |
436 |
439 |
440 |
443 |
444 |
447 |
448 |
451 |
452 |
455 |
456 |
459 |
460 |
463 |
464 |
465 |
468 |
471 |
472 |
475 |
476 |
479 |
480 |
483 |
484 |
485 |
489 |
492 |
493 |
496 |
497 |
500 |
501 |
502 |
505 |
508 |
511 |
516 |
517 |
520 |
525 |
526 |
529 |
534 |
535 |
538 |
543 |
544 |
545 |
548 |
549 |
550 |
553 |
554 |
557 |
558 |
561 |
562 |
565 |
566 |
569 |
570 |
573 |
574 |
577 |
580 |
584 |
585 |
588 |
592 |
593 |
596 |
600 |
601 |
604 |
608 |
609 |
610 |
613 |
614 |
617 |
618 |
621 |
622 |
623 |
624 |
628 |
629 |
630 |
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | NtLayer-Debug
10 | Win32
11 |
12 |
13 | NtLayer-Release
14 | Win32
15 |
16 |
17 | Release
18 | Win32
19 |
20 |
21 | Template
22 | Win32
23 |
24 |
25 |
26 | {FB9D7ECF-68FE-4352-9CBF-E48BC964299E}
27 | HandleSpy
28 |
29 |
30 |
31 | Application
32 | Unicode
33 | v120
34 |
35 |
36 | Application
37 | Unicode
38 | v120
39 |
40 |
41 | Application
42 | Unicode
43 | v120
44 |
45 |
46 | Application
47 | Unicode
48 | v120
49 |
50 |
51 | v120
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 | <_ProjectFileVersion>10.0.40219.1
71 | $(SolutionDir)Bin_$(Configuration)\
72 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
73 | true
74 | $(SolutionDir)Bin_$(Configuration)\
75 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
76 | false
77 | $(SolutionDir)Bin_$(Configuration)\
78 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
79 | false
80 | $(SolutionDir)Bin_$(Configuration)\
81 | $(SolutionDir)Intermediate_$(Configuration)\$(ProjectName)\
82 | true
83 |
84 |
85 |
86 | _DEBUG;%(PreprocessorDefinitions)
87 | false
88 | Win32
89 | true
90 | $(IntDir)HandleSpy.tlb
91 | HandleSpy.h
92 |
93 |
94 | HandleSpy_i.c
95 | HandleSpy_p.c
96 |
97 |
98 | Disabled
99 | $(SolutionDir)include;$(SolutionDir)Storage;$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
100 | WIN32;_WINDOWS;STRICT;_DEBUG;%(PreprocessorDefinitions)
101 | true
102 | EnableFastChecks
103 | MultiThreadedDebug
104 | Use
105 | Level3
106 | EditAndContinue
107 |
108 |
109 | _DEBUG;%(PreprocessorDefinitions)
110 | 0x0804
111 | $(IntDir);$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
112 |
113 |
114 | true
115 | Windows
116 | false
117 |
118 |
119 | MachineX86
120 |
121 |
122 |
123 |
124 | NDEBUG;%(PreprocessorDefinitions)
125 | false
126 | Win32
127 | true
128 | $(IntDir)HandleSpy.tlb
129 | HandleSpy.h
130 |
131 |
132 | HandleSpy_i.c
133 | HandleSpy_p.c
134 |
135 |
136 | Full
137 | $(SolutionDir)include;$(SolutionDir)Storage;$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
138 | WIN32;_WINDOWS;STRICT;NDEBUG;%(PreprocessorDefinitions)
139 | Sync
140 | MultiThreaded
141 | Use
142 | Level3
143 | OldStyle
144 |
145 |
146 | NDEBUG;%(PreprocessorDefinitions)
147 | 0x0409
148 | $(IntDir);$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
149 |
150 |
151 | true
152 | Windows
153 | false
154 |
155 |
156 | MachineX86
157 |
158 |
159 |
160 |
161 | NDEBUG;%(PreprocessorDefinitions)
162 | false
163 | Win32
164 | true
165 | $(IntDir)HandleSpy.tlb
166 | HandleSpy.h
167 |
168 |
169 | HandleSpy_i.c
170 | HandleSpy_p.c
171 |
172 |
173 | Full
174 | $(SolutionDir)include;$(SolutionDir)Storage;$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
175 | WIN32;_WINDOWS;STRICT;NDEBUG;NT_LAYER_FUNCTION_HOOK;%(PreprocessorDefinitions)
176 | Sync
177 | MultiThreaded
178 | Use
179 | Level3
180 | OldStyle
181 |
182 |
183 | NDEBUG;%(PreprocessorDefinitions)
184 | 0x0409
185 | $(IntDir);$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
186 |
187 |
188 | true
189 | Windows
190 | false
191 |
192 |
193 | MachineX86
194 |
195 |
196 |
197 |
198 | _DEBUG;%(PreprocessorDefinitions)
199 | false
200 | Win32
201 | true
202 | $(IntDir)HandleSpy.tlb
203 | HandleSpy.h
204 |
205 |
206 | HandleSpy_i.c
207 | HandleSpy_p.c
208 |
209 |
210 | Disabled
211 | $(SolutionDir)include;$(SolutionDir)Storage;$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
212 | WIN32;_WINDOWS;STRICT;_DEBUG;NT_LAYER_FUNCTION_HOOK;%(PreprocessorDefinitions)
213 | true
214 | EnableFastChecks
215 | MultiThreadedDebug
216 | Use
217 | Level3
218 | EditAndContinue
219 |
220 |
221 | _DEBUG;%(PreprocessorDefinitions)
222 | 0x0804
223 | $(IntDir);$(ProjectDir)wtl\include;%(AdditionalIncludeDirectories)
224 |
225 |
226 | true
227 | Windows
228 | false
229 |
230 |
231 | MachineX86
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 |
264 |
265 |
266 |
267 |
268 |
269 |
270 |
271 | $(IntDir)%(Filename)1.obj
272 | $(IntDir)%(Filename)1.xdc
273 | $(IntDir)%(Filename)1.obj
274 | $(IntDir)%(Filename)1.xdc
275 | $(IntDir)%(Filename)1.obj
276 | $(IntDir)%(Filename)1.xdc
277 | $(IntDir)%(Filename)1.obj
278 | $(IntDir)%(Filename)1.xdc
279 |
280 |
281 |
282 |
283 |
284 | Create
285 | Create
286 | Create
287 | Create
288 |
289 |
290 |
291 |
292 |
293 |
294 |
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {ada16294-a198-4a5c-9c5b-0505d9131e2f}
6 | cpp;c;cxx;def;odl;idl;hpj;bat;asm;h
7 |
8 |
9 | {4482ef28-9680-4618-b945-79c8c3546c44}
10 |
11 |
12 | {64375d14-05c5-41f6-97c7-bb9e70532608}
13 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;jpg;jpeg;jpe;manifest
14 |
15 |
16 | {60ee9a9c-9fbd-4a33-8869-2d4fd7523824}
17 |
18 |
19 | {3f76e921-e3ca-4390-8614-e96131ecd5eb}
20 |
21 |
22 |
23 |
24 | UI
25 |
26 |
27 | UI
28 |
29 |
30 | UI
31 |
32 |
33 | UI
34 |
35 |
36 | UI
37 |
38 |
39 | UI
40 |
41 |
42 | UI
43 |
44 |
45 | UI
46 |
47 |
48 | UI
49 |
50 |
51 | UI
52 |
53 |
54 | include
55 |
56 |
57 | include
58 |
59 |
60 | include
61 |
62 |
63 | include
64 |
65 |
66 | Storage
67 |
68 |
69 | UI
70 |
71 |
72 | UI
73 |
74 |
75 | UI
76 |
77 |
78 | UI
79 |
80 |
81 | UI
82 |
83 |
84 | UI
85 |
86 |
87 | Symbol
88 |
89 |
90 |
91 |
92 | UI
93 |
94 |
95 | UI
96 |
97 |
98 | UI
99 |
100 |
101 | UI
102 |
103 |
104 | UI
105 |
106 |
107 | UI
108 |
109 |
110 | UI
111 |
112 |
113 | UI
114 |
115 |
116 | UI
117 |
118 |
119 | Storage
120 |
121 |
122 | UI
123 |
124 |
125 | UI
126 |
127 |
128 | UI
129 |
130 |
131 | UI
132 |
133 |
134 | UI
135 |
136 |
137 | UI
138 |
139 |
140 | Symbol
141 |
142 |
143 |
144 |
145 | Resource Files
146 |
147 |
148 | Resource Files
149 |
150 |
151 |
152 |
153 | Resource Files
154 |
155 |
156 |
--------------------------------------------------------------------------------
/HandleSpy/HandleSpy.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/HandleSpy/Inject.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/Inject.cpp
--------------------------------------------------------------------------------
/HandleSpy/Inject.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/Inject.h
--------------------------------------------------------------------------------
/HandleSpy/LeakedFunCallDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/LeakedFunCallDlg.cpp
--------------------------------------------------------------------------------
/HandleSpy/LeakedFunCallDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "CallStackTypeDefine.h"
4 | #include "StackDlg.h"
5 | #include "ProgressDlg.h"
6 | #include "SymbolHandler.h"
7 |
8 | class CLeakedFunCallDlg : public CDialogImpl
9 | {
10 | public:
11 | enum {IDD = IDD_DIALOG_SELECTEDFUNCALL};
12 | CLeakedFunCallDlg(DWORD dwBegin, DWORD dwEnd);
13 | ~CLeakedFunCallDlg(void);
14 |
15 | void ShowLeaked();
16 | void ShowAll();
17 | void AdvanceFilter(std::vector& vecSrc, std::vector& vecDst);
18 |
19 | BEGIN_MSG_MAP(CLeakedFunCallDlg)
20 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
21 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
22 | //NOTIFY_CODE_HANDLER(NM_DBLCLK, OnNmDbClick)
23 | COMMAND_HANDLER(IDC_BUTTON_LEAKED, BN_CLICKED, OnBnClickedButtonLeaked)
24 | COMMAND_HANDLER(IDC_BUTTON_ALL, BN_CLICKED, OnBnClickedButtonAll)
25 | MESSAGE_HANDLER(WM_SIZE, OnSize)
26 | NOTIFY_CODE_HANDLER(NM_RCLICK, OnNMRclickTree)
27 | COMMAND_ID_HANDLER(ID_FUNC_COPY, OnFuncCopy)
28 | //COMMAND_ID_HANDLER(ID_FUNC_COPYSTACK, OnFuncCopystack)
29 | COMMAND_ID_HANDLER(ID_FUNC_EXPAND_ALL_STACKS, OnFuncExpandAllStacks)
30 | COMMAND_ID_HANDLER(ID_FUNC_COLLAPSE_ALL_STACKS, OnFuncCollapseAllStacks)
31 | COMMAND_ID_HANDLER(ID_FUNC_EXPAND_ALL_SOURCE, OnFuncExpandAllSource)
32 | COMMAND_ID_HANDLER(ID_FUNC_COLLAPSE_ALL_SOURCE, OnFuncCollapseAllSource)
33 | COMMAND_ID_HANDLER(ID_FUNC_EXPORT2TXT, OnFuncExport2txt)
34 | COMMAND_ID_HANDLER(ID_FUNC_COPYALLLEAKED, OnFuncCopyallleaked)
35 | END_MSG_MAP()
36 |
37 | BOOL OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
38 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
39 | LRESULT OnBnClickedButtonLeaked(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
40 | LRESULT OnBnClickedButtonAll(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
41 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
42 |
43 | LRESULT OnNMRclickTree(int /*idCtrl*/, LPNMHDR pNMHDR, BOOL& /*bHandled*/);
44 | LRESULT OnFuncCopy(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
45 | LRESULT OnFuncCopystack(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
46 | LRESULT OnFuncExpandAllStacks(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
47 | LRESULT OnFuncCollapseAllStacks(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
48 | LRESULT OnFuncExpandAllSource(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
49 | LRESULT OnFuncCollapseAllSource(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
50 | LRESULT OnFuncExport2txt(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
51 | LRESULT OnFuncCopyallleaked(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
52 |
53 | private:
54 | DWORD m_dwHeightOfButtonsPane;
55 | CSize m_sizeButton;
56 |
57 | CProgressDlg m_Progress;
58 | CTreeViewCtrl m_treeLeaked;
59 | CTreeViewCtrl m_treeAll;
60 | CButton m_btnLeaked;
61 | CButton m_btnAll;
62 | CButton m_btnQuit;
63 | DWORD m_BeginPos;
64 | DWORD m_EndPos;
65 |
66 | std::vector m_vecAllCall;
67 | std::vector m_vecLeakedCall;
68 | };
69 |
--------------------------------------------------------------------------------
/HandleSpy/MainFrm.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/MainFrm.cpp
--------------------------------------------------------------------------------
/HandleSpy/MainFrm.h:
--------------------------------------------------------------------------------
1 | // MainFrm.h : interface of the CMainFrame class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 | #include "atlctrlw.h"
7 | #include "atlsplit.h"
8 | #include "ChartView.h"
9 | #include "ProcessSelDlg.h"
10 | #include "DetectDlg.h"
11 | #include "StackStorage.h"
12 | #include "ShionChartView.h"
13 | #include "ApiListView.h"
14 | #include "ProgressDlg.h"
15 |
16 | class CMainFrame :
17 | public CFrameWindowImpl,
18 | public CUpdateUI,
19 | public CMessageFilter,
20 | public CIdleHandler
21 | {
22 | public:
23 | DECLARE_FRAME_WND_CLASS(NULL, IDR_MAINFRAME)
24 |
25 | virtual BOOL PreTranslateMessage(MSG* pMsg);
26 | virtual BOOL OnIdle();
27 |
28 | BEGIN_UPDATE_UI_MAP(CMainFrame)
29 | UPDATE_ELEMENT(ID_FILE_SAVE, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
30 | //UPDATE_ELEMENT(ID_FILE_SAVE, UPDUI_TOOLBAR)
31 |
32 | UPDATE_ELEMENT(ID_FILE_CLOSE, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
33 |
34 | UPDATE_ELEMENT(ID_VIEW_TOOLBAR, UPDUI_MENUPOPUP)
35 | UPDATE_ELEMENT(ID_EDIT_OPTIONS, UPDUI_MENUPOPUP)
36 | END_UPDATE_UI_MAP()
37 |
38 | BEGIN_MSG_MAP(CMainFrame)
39 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
40 | MESSAGE_HANDLER(WM_DESTROY, OnDestroy)
41 | COMMAND_ID_HANDLER(ID_APP_EXIT, OnFileExit)
42 | COMMAND_ID_HANDLER(ID_FILE_PROCESSLIST, OnProcessList)
43 | COMMAND_ID_HANDLER(ID_VIEW_TOOLBAR, OnViewToolBar)
44 | COMMAND_ID_HANDLER(ID_APP_ABOUT, OnAppAbout)
45 | COMMAND_ID_HANDLER(ID_FILE_SAVE, OnFileSave)
46 | COMMAND_ID_HANDLER(ID_FILE_OPEN, OnFileOpen)
47 | COMMAND_ID_HANDLER(ID_SHOW_SELECTED_FUNCS, OnShowSelectedFuncs)
48 | NOTIFY_CODE_HANDLER(NM_DBLCLK, OnNmDbClick)
49 | NOTIFY_CODE_HANDLER(NM_RCLICK, OnNmRClick)
50 | COMMAND_ID_HANDLER(ID_FILE_CLOSE, OnFileClose)
51 | MESSAGE_HANDLER(WM_CLOSE, OnClose)
52 | CHAIN_MSG_MAP(CUpdateUI)
53 | CHAIN_MSG_MAP(CFrameWindowImpl)
54 | END_MSG_MAP()
55 |
56 | void AppendCountData();
57 |
58 | void CreateChartView();
59 | void CreateStackListView();
60 |
61 | BOOL DoDetect(DWORD dwPid);
62 | void FillStackListView();
63 | void FillCountTimeArray();
64 | void FillModInfoArray();
65 |
66 | BOOL CloseConfirmation();
67 | void CleanAndClose();
68 |
69 | void SetWindowNameSuffix(LPCTSTR suffix = NULL);
70 |
71 | private:
72 | CToolBarCtrl m_ToolBar;
73 | CCommandBarCtrl m_CmdBar;
74 | CHorSplitterWindow m_splitter;
75 | CShionChartView m_ChartView;
76 | CApiListView m_ApiListView;
77 | CProgressDlg m_Progress;
78 |
79 | DWORD m_MaxCount;
80 | DWORD m_MinCount;
81 |
82 | BOOL m_bSaved;
83 | BOOL m_bOpened;
84 |
85 | std::vector m_CountArray;
86 | std::vector m_CallStackArray;
87 | std::vector m_ModInfo;
88 | CString m_strFileName;
89 | CString m_strWindowName;
90 |
91 | public:
92 |
93 | // Handler prototypes (uncomment arguments if needed):
94 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
95 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
96 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
97 |
98 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
99 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& bHandled);
100 |
101 | // Command Message Handler
102 | LRESULT OnFileExit(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
103 | LRESULT OnProcessList(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
104 | LRESULT OnViewToolBar(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
105 | LRESULT OnAppAbout(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
106 | LRESULT OnFileSave(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
107 | LRESULT OnFileOpen(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
108 | LRESULT OnShowSelectedFuncs(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
109 |
110 | LRESULT OnNmDbClick(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
111 | LRESULT OnNmRClick(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
112 | LRESULT OnFileClose(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
113 | LRESULT OnClose(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
114 | };
115 |
--------------------------------------------------------------------------------
/HandleSpy/ProcessSelDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/ProcessSelDlg.cpp
--------------------------------------------------------------------------------
/HandleSpy/ProcessSelDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class CProcessSelDlg : public CDialogImpl
4 | {
5 | public:
6 | enum {IDD = IDD_DIALOG_PROCESS};
7 | CProcessSelDlg(void);
8 | ~CProcessSelDlg(void);
9 |
10 | public:
11 | BEGIN_MSG_MAP(CProcessSelDlg)
12 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
13 | COMMAND_HANDLER(IDOK, BN_CLICKED, OnBnClickedOk)
14 | COMMAND_HANDLER(IDC_BUTTON_REFRESH, BN_CLICKED, OnBnClickedRefresh)
15 | COMMAND_HANDLER(IDCANCEL, BN_CLICKED, OnBnClickedCancel)
16 | NOTIFY_HANDLER(IDC_PROCESSLIST, NM_DBLCLK, OnNmDblClickProcesslist)
17 | NOTIFY_CODE_HANDLER(HDN_ITEMCLICK, OnHdnItemClickProcesslist)
18 | END_MSG_MAP()
19 |
20 | public:
21 | BOOL OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
22 |
23 | LRESULT OnBnClickedOk(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
24 | LRESULT OnBnClickedRefresh(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
25 | LRESULT OnBnClickedCancel(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
26 | LRESULT OnNMDblclkProcessList(int /*idCtrl*/, LPNMHDR /*pNMHDR*/, BOOL& /*bHandled*/);
27 | LRESULT OnNmDblClickProcesslist(int /*idCtrl*/, LPNMHDR pNMHDR, BOOL& /*bHandled*/);
28 | LRESULT OnHdnItemClickProcesslist(int /*idCtrl*/, LPNMHDR pNMHDR, BOOL& /*bHandled*/);
29 |
30 | protected:
31 | void ReFreshProcessList();
32 | void GetSelectedProcessID();
33 | static int CALLBACK CompareFunc(LPARAM lParam1, LPARAM lParam2, LPARAM lParamSort);
34 |
35 | private:
36 | CListViewCtrl m_listProcess;
37 | PDWORD m_pdwPidReceiver;
38 |
39 | static BOOL s_Order[2];
40 | static INT s_SortColumn;
41 | };
--------------------------------------------------------------------------------
/HandleSpy/ProgressDlg.cpp:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | #include "ProgressDlg.h"
3 |
4 | CProgressDlg::CProgressDlg(void)
5 | {
6 | m_hTread = NULL;
7 | m_OkEvent = NULL;
8 | }
9 |
10 | CProgressDlg::~CProgressDlg(void)
11 | {
12 | m_hTread = NULL;
13 | m_OkEvent = NULL;
14 | }
15 |
16 | LRESULT CProgressDlg::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/)
17 | {
18 | LPCREATESTRUCT pCreateStruct = (LPCREATESTRUCT)lParam;
19 |
20 | CRect rcClient(0, 0, pCreateStruct->cx, pCreateStruct->cy);
21 |
22 | SetWindowText(m_Text);
23 |
24 | CRect rcProgress;
25 | rcProgress.left = rcClient.left + 5;
26 | rcProgress.right = rcClient.right - 5;
27 | rcProgress.top = rcClient.top + 20;
28 | rcProgress.bottom = rcProgress.top + 40;
29 | m_Progress.Create(m_hWnd, rcProgress, NULL, WS_CHILD | WS_VISIBLE | PBS_SMOOTH);
30 |
31 | m_Progress.SetRange(0, m_Range);
32 | m_Progress.SetStep(1);
33 |
34 | return 0;
35 | }
36 |
37 | void CProgressDlg::Go(HWND hWndParent, LPCTSTR lpText, DWORD dwRange)
38 | {
39 | m_hWndParent = hWndParent;
40 | m_Text = lpText;
41 | m_Range = dwRange;
42 |
43 | ::EnableWindow(m_hWndParent, FALSE);
44 |
45 | DWORD dwTid = 0;
46 | m_OkEvent = ::CreateEvent(NULL, TRUE, FALSE, NULL);
47 | m_hTread = ::CreateThread(NULL, 0, ThreadProc, this, 0, &dwTid);
48 | ::WaitForSingleObject(m_OkEvent, INFINITE);
49 | ::CloseHandle(m_OkEvent);
50 | }
51 |
52 | void CProgressDlg::StepIt(LPCTSTR lpText)
53 | {
54 | SendMessage(PROGRESS_MSG_STEPIT, (WPARAM)lpText, 0);
55 | }
56 |
57 | void CProgressDlg::Stop()
58 | {
59 | PostMessage(PROGRESS_MSG_STOP, 0, 0);
60 | ::WaitForSingleObject(m_hTread, INFINITE);
61 | ::CloseHandle(m_hTread);
62 |
63 | ::EnableWindow(m_hWndParent, TRUE);
64 | ::SetForegroundWindow(m_hWndParent);
65 |
66 | m_hTread = NULL;
67 | m_Range = 0;
68 | m_Text = _T("");
69 | m_hWnd = NULL;
70 | m_Progress.m_hWnd = NULL;
71 | }
72 |
73 | DWORD WINAPI CProgressDlg::ThreadProc(LPVOID lpVoid)
74 | {
75 | CProgressDlg* p = (CProgressDlg*)lpVoid;
76 | CRect rc(0, 0, 500, 50);
77 | p->Create(NULL, rc, NULL, WS_POPUP|WS_VISIBLE);
78 | p->CenterWindow(p->m_hWndParent);
79 | p->ShowWindow(SW_SHOW);
80 |
81 | ::SetEvent(p->m_OkEvent);
82 |
83 | CMessageLoop msgLoop;
84 | int nRet = msgLoop.Run();
85 |
86 | return 0;
87 | }
88 |
89 | LRESULT CProgressDlg::OnStepIt(UINT /*uMsg*/, WPARAM wParam, LPARAM /*lParam*/, BOOL& /*bHandled*/)
90 | {
91 | LPCTSTR lpText = (LPCTSTR)wParam;
92 | m_Progress.StepIt();
93 | if (NULL != lpText)
94 | {
95 | SetWindowText(lpText);
96 | }
97 |
98 | return 0;
99 | }
100 |
101 | LRESULT CProgressDlg::OnClose(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
102 | {
103 | DestroyWindow();
104 | return 0;
105 | }
106 |
107 | LRESULT CProgressDlg::OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
108 | {
109 | PostQuitMessage(0);
110 | return 0;
111 | }
112 |
--------------------------------------------------------------------------------
/HandleSpy/ProgressDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "atlwin.h"
3 |
4 | #define PROGRESS_MSG_STEPIT (WM_USER+0x100)
5 | #define PROGRESS_MSG_STOP (WM_USER+0x101)
6 |
7 | class CProgressDlg :
8 | public CWindowImpl>
9 | {
10 | public:
11 | CProgressDlg(void);
12 | ~CProgressDlg(void);
13 |
14 | void Go(HWND hWndParent, LPCTSTR lpText, DWORD dwRange);
15 | void StepIt(LPCTSTR lpText = NULL);
16 | void Stop();
17 |
18 | BEGIN_MSG_MAP(CProcessSelDlg)
19 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
20 | MESSAGE_HANDLER(PROGRESS_MSG_STEPIT, OnStepIt)
21 | MESSAGE_HANDLER(PROGRESS_MSG_STOP, OnClose)
22 | MESSAGE_HANDLER(WM_CLOSE, OnClose)
23 | MESSAGE_HANDLER(WM_DESTROY, OnDestroy)
24 | END_MSG_MAP()
25 |
26 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
27 | LRESULT OnStepIt(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
28 | LRESULT OnClose(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
29 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
30 |
31 | protected:
32 | static DWORD WINAPI ThreadProc(LPVOID lpVoid);
33 |
34 | private:
35 | CProgressBarCtrl m_Progress;
36 | HANDLE m_hTread;
37 |
38 | HWND m_hWndParent;
39 | DWORD m_Range;
40 | CString m_Text;
41 |
42 | HANDLE m_OkEvent;
43 | };
44 |
--------------------------------------------------------------------------------
/HandleSpy/ShionChartView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/ShionChartView.cpp
--------------------------------------------------------------------------------
/HandleSpy/ShionChartView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/ShionChartView.h
--------------------------------------------------------------------------------
/HandleSpy/StackDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/StackDlg.cpp
--------------------------------------------------------------------------------
/HandleSpy/StackDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "atlwin.h"
3 | #include "CallStackTypeDefine.h"
4 | #include "ProgressDlg.h"
5 |
6 | class CStackDlg :
7 | public CDialogImpl
8 | {
9 | public:
10 |
11 | enum { IDD = IDD_DIALOG_STACK };
12 |
13 | BEGIN_MSG_MAP(CStackDlg)
14 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
15 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
16 | MESSAGE_HANDLER(WM_SIZE, OnSize)
17 | END_MSG_MAP()
18 |
19 | CStackDlg(void);
20 | ~CStackDlg(void);
21 |
22 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/);
23 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
24 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
25 | private:
26 | CListBox m_StackList;
27 | CProgressDlg m_Progress;
28 | };
29 |
--------------------------------------------------------------------------------
/HandleSpy/SymbolHandler.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/SymbolHandler.cpp
--------------------------------------------------------------------------------
/HandleSpy/SymbolHandler.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 |
6 | #include "CallStackTypeDefine.h"
7 |
8 | typedef std::basic_string StringT;
9 |
10 | typedef struct __MOD_SYMBOL_INFO
11 | {
12 | MOD_INFO modinfo;
13 | WCHAR wcszPdbPath[MAX_PATH];
14 | }MOD_SYMBOL_INFO, *PMOD_SYMBOL_INFO;
15 |
16 | class CSymbolHandler
17 | {
18 | public:
19 |
20 | static CSymbolHandler* GetInstance();
21 |
22 | BOOL Init(LPCTSTR lpConfigFile);
23 | void LoadSymbols(std::vector& vec);
24 | StringT FrameNameFromAddr(STACK_FRAME sf);
25 | BOOL GetSourceFileAndLineNumber(STACK_FRAME sf, StringT& strSourceFile, DWORD& dwLineNumber);
26 |
27 | void ClearAllSymbols();
28 |
29 | CSymbolHandler(void);
30 | ~CSymbolHandler(void);
31 |
32 |
33 | private:
34 | std::vector m_vecSymbolPaths;
35 | std::vector m_vecModSymbolInfo;
36 | StringT m_strSymboPaths;
37 | HANDLE m_hProcess;
38 | };
39 |
--------------------------------------------------------------------------------
/HandleSpy/lib/dbghelp.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/lib/dbghelp.lib
--------------------------------------------------------------------------------
/HandleSpy/res/HandleSpy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/res/HandleSpy.ico
--------------------------------------------------------------------------------
/HandleSpy/res/Toolbar.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/HandleSpy/a1e2e87718a7c410314d08c9c861353d94c23009/HandleSpy/res/Toolbar.bmp
--------------------------------------------------------------------------------
/HandleSpy/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by HandleSpy.rc
4 | //
5 | #define LWS_USEVISUALSTYLE 0x0008
6 | #define IDD_ABOUTBOX 100
7 | #define IDR_MAINFRAME 128
8 | #define IDD_DIALOG_PROCESS 200
9 | #define IDD_DIALOG_DETECT 201
10 | #define IDD_DIALOG_STACK 203
11 | #define IDD_DIALOG_FUNCCALL 204
12 | #define IDR_MENU_POPUP 209
13 | #define IDD_DIALOG_SELECTEDFUNCALL 211
14 | #define IDD_DIALOG1 212
15 | #define IDD_DIALOG_PROGRESS 212
16 | #define IDC_TREE_ALL 1014
17 | #define IDC_TREE_LEAKED 1015
18 | #define IDC_BUTTON_LEAKED 1016
19 | #define IDC_BUTTON_ALL 1017
20 | #define IDC_SYSLINK 1019
21 | #define IDC_PROGRESS_BAR 1020
22 | #define IDC_STATIC_TEXT 1021
23 | #define IDC_PROCESSLIST 2000
24 | #define IDC_BUTTON_REFRESH 2001
25 | #define IDC_STATIC_CHARTFRAME 2010
26 | #define ID_STOP 2011
27 | #define IDC_LIST_STACK 2030
28 | #define IDC_LIST_FUNC_CALL 2040
29 | #define IDC_BUTTON_SHOWALL 2041
30 | #define IDC_BUTTON_SMARTFILTER 2042
31 | #define IDC_BUTTON_ONLYLEAK 2043
32 | #define ID_FILE_PROCESSLIST 32779
33 | #define ID_LINE_CHART_CONTEXT 32782
34 | #define ID_LINE_CHART_CONTEXTMENU 32783
35 | #define ID_SHOW_SELECTED_FUNCS 32784
36 | #define ID_EDIT_OPTIONS 32785
37 | #define IDC_FILE_CLOSE 32786
38 | #define ID_FUNC_COPY 32789
39 | #define ID_FUNC_COPYSTACK 32790
40 | #define ID_FUNC_COLLAPSE_ALL_STACK 32796
41 | #define ID_FUNC_EXPAND_ALL_STACKS 32797
42 | #define ID_FUNC_COLLAPSE_ALL_STACKS 32798
43 | #define ID_FUNC_COLLAPSE_ALL_SOURCE 32799
44 | #define ID_FUNC_EXPAND_ALL_SOURCE 32800
45 | #define ID_FUNC_EXPORT2TXT 32801
46 | #define ID_FUNC_COPY_ALLLEAKED 32802
47 | #define ID_FUNC_COPYALLLEAKED 32803
48 |
49 | // Next default values for new objects
50 | //
51 | #ifdef APSTUDIO_INVOKED
52 | #ifndef APSTUDIO_READONLY_SYMBOLS
53 | #define _APS_NEXT_RESOURCE_VALUE 213
54 | #define _APS_NEXT_COMMAND_VALUE 32806
55 | #define _APS_NEXT_CONTROL_VALUE 1022
56 | #define _APS_NEXT_SYMED_VALUE 101
57 | #endif
58 | #endif
59 |
--------------------------------------------------------------------------------
/HandleSpy/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HandleSpy.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | #if (_ATL_VER < 0x0700)
8 | #include
9 | #endif //(_ATL_VER < 0x0700)
10 |
--------------------------------------------------------------------------------
/HandleSpy/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | // Change these values to use different versions
9 | #define WINVER 0x0500
10 | #define _WIN32_WINNT 0x0501
11 | #define _WIN32_IE 0x0501
12 | #define _RICHEDIT_VER 0x0200
13 |
14 | #define _WTL_NO_CSTRING
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 | extern CAppModule _Module;
21 |
22 | #include
23 |
24 | #include
25 | #include
26 | #include
27 | #include
28 |
29 | #include
30 | #include "resource.h"
31 |
32 | #include
33 | #pragma comment(lib, "gdiplus.lib")
34 |
35 | using namespace Gdiplus;
36 | using namespace WTL;
37 |
38 | #include
39 | #include