├── .appveyor.yml ├── .gitignore ├── CMakeLists.txt ├── CREDITS.TXT ├── LICENSE ├── Makefile ├── README.md ├── build.cmd ├── dll ├── Makefile ├── common.mak └── corehook │ ├── Makefile │ ├── corehook.cpp │ ├── corehook.def │ └── corehook.rc ├── msvc ├── corehook-test │ ├── DetoursTest.cpp │ ├── DetoursTest.h │ ├── corehook-test.vcxproj │ ├── corehook.h │ ├── detours_test.cpp │ ├── packages.config │ ├── pch.cpp │ └── pch.h ├── corehook.sln └── corehook │ ├── corehook.vcxproj │ ├── corehook.vcxproj.filters │ ├── detours.vcxproj │ └── detours.vcxproj.filters ├── samples ├── Makefile ├── README.TXT ├── comeasy │ ├── Makefile │ ├── comeasy.cpp │ ├── wrotei.cpp │ └── wrotei.rc ├── commem │ ├── Makefile │ └── commem.cpp ├── common.mak ├── cping │ ├── Makefile │ ├── ReadMe.Txt │ ├── cping.cpp │ ├── cping.dat │ └── iping.idl ├── disas │ ├── Makefile │ ├── arm.asm │ ├── disas.cpp │ ├── ia64.asm │ ├── unk.cpp │ ├── x64.asm │ └── x86.cpp ├── dtest │ ├── Makefile │ ├── NORMAL_IA64.TXT │ ├── NORMAL_X64.TXT │ ├── NORMAL_X86.TXT │ ├── dtarge.cpp │ ├── dtarge.h │ ├── dtarge.rc │ └── dtest.cpp ├── dumpe │ ├── Makefile │ └── dumpe.cpp ├── dumpi │ ├── Makefile │ └── dumpi.cpp ├── echo │ ├── Makefile │ ├── echofx.cpp │ ├── echofx.rc │ ├── echonul.cpp │ └── main.cpp ├── einst │ ├── Makefile │ ├── edll1x.cpp │ ├── edll2x.cpp │ ├── edll3x.cpp │ └── einst.cpp ├── excep │ ├── Makefile │ ├── excep.cpp │ ├── firstexc.cpp │ └── firstexc.h ├── findfunc │ ├── Makefile │ ├── extend.cpp │ ├── extend.rc │ ├── findfunc.cpp │ ├── symtest.cpp │ ├── target.cpp │ ├── target.h │ └── target.rc ├── impmunge │ ├── Makefile │ └── impmunge.cpp ├── member │ ├── Makefile │ └── member.cpp ├── opengl │ ├── Makefile │ ├── ogldet.cpp │ ├── ogldet.rc │ └── testogl.cpp ├── region │ ├── Makefile │ └── region.cpp ├── setdll │ ├── Makefile │ └── setdll.cpp ├── simple │ ├── Makefile │ ├── simple.cpp │ ├── simple.rc │ └── sleep5.cpp ├── slept │ ├── Makefile │ ├── NORMAL_IA64.TXT │ ├── NORMAL_X64.TXT │ ├── NORMAL_X86.TXT │ ├── dslept.cpp │ ├── dslept.rc │ ├── sleepbed.cpp │ ├── sleepnew.cpp │ ├── sleepold.cpp │ ├── slept.cpp │ ├── slept.h │ ├── slept.rc │ └── verify.cpp ├── syelog │ ├── Makefile │ ├── sltest.cpp │ ├── sltestp.cpp │ ├── syelog.cpp │ ├── syelog.h │ └── syelogd.cpp ├── talloc │ ├── Makefile │ ├── NORMAL_IA64.TXT │ ├── NORMAL_X64.TXT │ ├── talloc.cpp │ ├── tdll1x.cpp │ ├── tdll2x.cpp │ ├── tdll3x.cpp │ ├── tdll4x.cpp │ ├── tdll5x.cpp │ ├── tdll6x.cpp │ ├── tdll7x.cpp │ ├── tdll8x.cpp │ └── tdll9x.cpp ├── traceapi │ ├── Makefile │ ├── _win32.cpp │ ├── testapi.cpp │ ├── trcapi.cpp │ └── trcapi.rc ├── tracebld │ ├── Makefile │ ├── tracebld.cpp │ ├── tracebld.h │ ├── trcbld.cpp │ └── trcbld.rc ├── tracelnk │ ├── Makefile │ ├── trclnk.cpp │ └── trclnk.rc ├── tracemem │ ├── Makefile │ ├── trcmem.cpp │ └── trcmem.rc ├── tracereg │ ├── Makefile │ ├── trcreg.cpp │ └── trcreg.rc ├── traceser │ ├── Makefile │ ├── trcser.cpp │ └── trcser.rc ├── tracessl │ ├── Makefile │ ├── trcssl.cpp │ └── trcssl.rc ├── tracetcp │ ├── Makefile │ ├── trctcp.cpp │ └── trctcp.rc ├── tryman │ ├── Makefile │ ├── managed.cs │ ├── size.cpp │ ├── tryman.cpp │ ├── tstman.cpp │ └── tstman.rc └── withdll │ ├── Makefile │ └── withdll.cpp ├── src ├── Makefile ├── barrier.cpp ├── barrier.h ├── creatwth.cpp ├── detours.cpp ├── detours.h ├── detver.h ├── disasm.cpp ├── disolarm.cpp ├── disolarm64.cpp ├── disolia64.cpp ├── disolx64.cpp ├── disolx86.cpp ├── image.cpp ├── modules.cpp ├── trampolinearm.asm ├── trampolinearm64.asm ├── trampolinex64.asm ├── trampolinex86.asm └── uimports.cpp └── system.mak /.appveyor.yml: -------------------------------------------------------------------------------- 1 | version: 1.0.{build} 2 | 3 | image: Visual Studio 2017 4 | 5 | platform: 6 | - x86 7 | - x64 8 | - ARM 9 | - ARM64 10 | 11 | configuration: 12 | - Debug 13 | - Release 14 | 15 | before_build: 16 | - nuget restore msvc\corehook.sln 17 | 18 | build: 19 | project: msvc\corehook.sln 20 | verbosity: detailed 21 | 22 | skip_commits: 23 | files: 24 | - '**/*.md' 25 | 26 | after_build: 27 | 7z a corehook-%CONFIGURATION%-%PLATFORM%.zip %APPVEYOR_BUILD_FOLDER%\bin\%PLATFORM%\%CONFIGURATION%\corehook*.dll 28 | 29 | artifacts: 30 | - path: corehook-%CONFIGURATION%-%PLATFORM%.zip 31 | name: Releases 32 | 33 | deploy: 34 | provider: GitHub 35 | description: "corehook detour module" 36 | auth_token: 37 | secure: 99ssBJ/lNK6AL1FNajtOhloP5bXeUAm8m+cI0us6pW1hVw84MTKxwYzfurYMuaOQ 38 | draft: false 39 | prerelease: false 40 | tag: $(APPVEYOR_REPO_TAG_NAME) 41 | on: 42 | appveyor_repo_tag: true -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.2) 2 | 3 | set(CMAKE_INSTALL_PREFIX ${PROJECT_SOURCE_DIR}) 4 | set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} /MT") 5 | set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} /MTd") 6 | 7 | set(COREHOOK_INSTALL_INCLUDE_DIR ${PROJECT_SOURCE_DIR}) 8 | set(COREHOOK_INSTALL_BIN_DIR ${CMAKE_CURRENT_BINARY_DIR}/bin) 9 | set(COREHOOK_INSTALL_LIB_DIR ${CMAKE_CURRENT_BINARY_DIR}/lib) 10 | 11 | include_directories(${COREHOOK_INSTALL_INCLUDE_DIR}) 12 | 13 | project(corehook) 14 | set(TARGET detours) 15 | 16 | set(SOURCE_FILES 17 | src/barrier.cpp 18 | src/creatwth.cpp 19 | src/detours.cpp 20 | src/disasm.cpp 21 | src/disolarm.cpp 22 | src/disolarm64.cpp 23 | src/disolia64.cpp 24 | src/disolx64.cpp 25 | src/disolx86.cpp 26 | src/image.cpp 27 | src/modules.cpp 28 | ) 29 | 30 | set(COREHOOK_SOURCES 31 | dll/corehook/corehook.cpp 32 | dll/corehook/corehook.def 33 | ) 34 | 35 | include_directories( 36 | ${CMAKE_CURRENT_SOURCE_DIR} 37 | src 38 | ) 39 | 40 | add_library(corehook SHARED ${COREHOOK_SOURCES}) 41 | 42 | enable_language(ASM_MASM) 43 | if("${CMAKE_VS_PLATFORM_NAME}" STREQUAL "Win32") 44 | set_target_properties(corehook PROPERTIES OUTPUT_NAME corehook32) 45 | set_target_properties(corehook PROPERTIES LINK_FLAGS "/SAFESEH:NO") 46 | set(SOURCE_ASM 47 | src/trampolinex86.asm 48 | ) 49 | elseif("${CMAKE_VS_PLATFORM_NAME}" STREQUAL "x64") 50 | set_target_properties(corehook PROPERTIES OUTPUT_NAME corehook64) 51 | set(SOURCE_ASM 52 | src/trampolinex64.asm 53 | ) 54 | elseif("${CMAKE_VS_PLATFORM_NAME}" STREQUAL "ARM") 55 | set_target_properties(corehook PROPERTIES OUTPUT_NAME corehook32) 56 | set(SOURCE_ASM 57 | src/trampolinearm.asm 58 | ) 59 | elseif("${CMAKE_VS_PLATFORM_NAME}" STREQUAL "ARM64") 60 | set_target_properties(corehook PROPERTIES OUTPUT_NAME corehook64) 61 | set(SOURCE_ASM 62 | src/trampolinearm64.asm 63 | ) 64 | endif() 65 | 66 | add_library(detours STATIC ${SOURCE_FILES} ${SOURCE_ASM}) 67 | 68 | target_link_libraries(corehook detours aux_ulib) 69 | 70 | install(TARGETS detours DESTINATION ${COREHOOK_INSTALL_BIN_DIR}) 71 | 72 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Thierry Bizimungu 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for CoreHook Detours. 4 | ## 5 | ## 6 | 7 | ROOT = . 8 | !include "$(ROOT)\system.mak" 9 | 10 | all: 11 | cd "$(MAKEDIR)" 12 | @if exist "$(MAKEDIR)\core\makefile" cd "$(MAKEDIR)\core" && $(MAKE) /NOLOGO /$(MAKEFLAGS) 13 | cd "$(MAKEDIR)\src" 14 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) 15 | cd "$(MAKEDIR)\dll" 16 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) 17 | @if exist "$(MAKEDIR)\bugs\makefile" cd "$(MAKEDIR)\bugs" && $(MAKE) /NOLOGO /$(MAKEFLAGS) 18 | cd "$(MAKEDIR)" 19 | 20 | clean: 21 | cd "$(MAKEDIR)" 22 | @if exist "$(MAKEDIR)\core\makefile" cd "$(MAKEDIR)\core" && $(MAKE) /NOLOGO /$(MAKEFLAGS) clean 23 | cd "$(MAKEDIR)\src" 24 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) clean 25 | cd "$(MAKEDIR)\dll" 26 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) clean 27 | @if exist "$(MAKEDIR)\bugs\makefile" cd "$(MAKEDIR)\bugs" && $(MAKE) /NOLOGO /$(MAKEFLAGS) clean 28 | cd "$(MAKEDIR)" 29 | 30 | realclean: clean 31 | cd "$(MAKEDIR)" 32 | @if exist "$(MAKEDIR)\core\makefile" cd "$(MAKEDIR)\core" && $(MAKE) /NOLOGO /$(MAKEFLAGS) realclean 33 | cd "$(MAKEDIR)\src" 34 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) realclean 35 | cd "$(MAKEDIR)\dll" 36 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) realclean 37 | @if exist "$(MAKEDIR)\bugs\makefile" cd "$(MAKEDIR)\bugs" && $(MAKE) /NOLOGO /$(MAKEFLAGS) realclean 38 | cd "$(MAKEDIR)" 39 | -rmdir /q /s $(INCDS) 2> nul 40 | -rmdir /q /s $(LIBDS) 2> nul 41 | -rmdir /q /s $(BINDS) 2> nul 42 | -rmdir /q /s dist 2> nul 43 | -del docsrc\detours.chm 2> nul 44 | -del /q *.msi 2>nul 45 | -del /q /f /s *~ 2>nul 46 | 47 | test: 48 | cd "$(MAKEDIR)\dll" 49 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) test 50 | cd "$(MAKEDIR)" 51 | 52 | ################################################################# End of File. 53 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CoreHook Windows Hooking Module 2 | 3 | [![License](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/unknownv2/CoreHook.Hooking/blob/master/LICENSE) 4 | [![Releases](https://img.shields.io/github/release/unknownv2/CoreHook.Hooking.svg?colorB=33b2e0)](https://github.com/unknownv2/CoreHook.Hooking/releases) 5 | [![Build status](https://ci.appveyor.com/api/projects/status/872ts255gwk9hyjp/branch/master?svg=true)](https://ci.appveyor.com/project/unknownv2/corehook-hooking/branch/master) 6 | 7 | 8 | For [CoreHook](https://github.com/unknownv2/CoreHook), the [Microsoft Detours](https://github.com/Microsoft/Detours) package serves as a good binary hooking module since it supports x86, x86_64, ARM, and ARM64, while [EasyHook](https://github.com/EasyHook/EasyHook) only supports x86 and x86_64. Since .NET Core supports the two ARM architectures, we can implement the necessary changes to support those architectures for CoreHook. 9 | 10 | # Supported Platforms 11 | 12 | `X86, X64, and ARM`. If you have a *Windows on ARM* device to test `ARM64` with, pull requests and contributions are all welcome! 13 | 14 | # Binary Releases 15 | You can download the pre-built Windows binaries [here](https://github.com/unknownv2/CoreHook.Hooking/releases). 16 | 17 | For `x86, x64`, extract the zip corresponding to your target architecture, then place the `corehook32.dll` and/or `corehook64.dll` in the build output directory of your program. 18 | 19 | For `ARM, ARM64`, extract the zip corresponding to your target architecture, then place the `corehook32.dll` and/or `corehook64.dll` in the output directory of your published program, created either from using the [Publishing Script](https://github.com/unknownv2/CoreHook#publishing-script) or the `dotnet publish` command. 20 | 21 | # Building 22 | 23 | Building the DLL requires Visual Studio and that can be accomplished by using `cmake` or the tools that come with `Visual Studio`. This can be the `Visual Studio IDE` or `msbuild` within the `Developer Command Prompt`. 24 | 25 | ## CMake 26 | 27 | You can build the library using CMake by running [`build.cmd`](build.cmd), which builds the library for the `x86` and `x64` architectures. This also gives you the option to generate and build the library with an older version of `Visual Studio` such as `VS 2015` or `VS 2013`. 28 | 29 | ## Visual Studio 30 | 31 | You can find the Visual Studio solution inside [the msvc folder](/msvc). You can choose a configuration (**Debug|Release**) and a platform (**X86|X64|ARM|ARM64**) and build. 32 | 33 | An example for building the X64 `corehook64.dll` in the Release configuration: 34 | 35 | ``` 36 | msbuild msvc/corehook/detours.vcxproj /p:Configuration=Release /p:Platform=x64 37 | msbuild msvc/corehook/corehook.vcxproj /p:Configuration=Release /p:Platform=x64 38 | ``` 39 | 40 | To build the entire solution (which also builds the library tests), you can run: 41 | 42 | ``` 43 | nuget restore msvc/corehook.sln 44 | msbuild msvc/corehook.sln /p:Configuration=Release /p:Platform=x64 45 | ``` 46 | 47 | 48 | # Usage 49 | 50 | * For X86, the output directory is `bin/x86` and the output file is `corehook32.dll`. 51 | * For X64, the output directory is `bin/x64` and the output file is `corehook64.dll`. 52 | * For ARM, the output directory is `bin/ARM` and the output file is `corehook32.dll`. 53 | * For ARM64, the output directory is `bin/ARM64` and the output file is `corehook64.dll`. 54 | 55 | Copy the desired file for your target architecture to the output directory of the program that uses [CoreHook](https://github.com/unknownv2/CoreHook/). 56 | 57 | 58 | # Credits 59 | 60 | The hooking module is mostly based on the [EasyHook](https://github.com/EasyHook/EasyHook/blob/master/LICENSE) native module and the [Microsoft Detours](https://github.com/Microsoft/Detours/blob/master/LICENSE.md) library and this library wouldn't be possible without them. They are both MIT-licensed. 61 | 62 | -------------------------------------------------------------------------------- /build.cmd: -------------------------------------------------------------------------------- 1 | mkdir build32-vs2017 2 | mkdir build64-vs2017 3 | cd build32-vs2017 4 | cmake -G "Visual Studio 15 2017" ../ 5 | cd ../ 6 | cd build64-vs2017 7 | cmake -G "Visual Studio 15 2017 Win64" ../ 8 | cd ../ 9 | cmake --build build32-vs2017 --config Debug 10 | cmake --build build32-vs2017 --config Release 11 | cmake --build build64-vs2017 --config Debug 12 | cmake --build build64-vs2017 --config Release -------------------------------------------------------------------------------- /dll/Makefile: -------------------------------------------------------------------------------- 1 | ROOT=.. 2 | !include .\common.mak 3 | 4 | ############################################################################## 5 | 6 | all: 7 | cd "$(MAKEDIR)\corehook" 8 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) 9 | 10 | clean: 11 | cd "$(MAKEDIR)\corehook" 12 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) clean 13 | cd "$(MAKEDIR)" 14 | -rmdir lib32 2>nul 15 | -rmdir lib64 2>nul 16 | -rmdir include 2>nul 17 | 18 | realclean: 19 | cd "$(MAKEDIR)\corehook" 20 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) realclean 21 | cd "$(MAKEDIR)" 22 | -rmdir lib32 2>nul 23 | -rmdir lib64 2>nul 24 | -rmdir include 2>nul 25 | 26 | test: 27 | cd "$(MAKEDIR)\corehook" 28 | @$(MAKE) /NOLOGO /$(MAKEFLAGS) test 29 | 30 | cd "$(MAKEDIR)" 31 | 32 | ## 33 | ################################################################# End of File. 34 | -------------------------------------------------------------------------------- /dll/common.mak: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Common makefile for corehook DLL. 4 | ## 5 | 6 | !IF "$(ROOT)" == "" 7 | ROOT = ..\.. 8 | !ENDIF 9 | !include "$(ROOT)\system.mak" 10 | 11 | !IF "$(DETOURS_SOURCE_BROWSING)" == "" 12 | DETOURS_SOURCE_BROWSING=0 13 | !ENDIF 14 | 15 | ############################################################################## 16 | 17 | !IFNDEF CLIB 18 | CLIB=/MT 19 | !ENDIF 20 | 21 | AFLAGS=/nologo /Zi /c /Fl 22 | CFLAGS=/nologo /Zi $(CLIB) /Gm- /W4 /WX /Od 23 | 24 | !IF $(DETOURS_SOURCE_BROWSING)==1 25 | CFLAGS=$(CFLAGS) /FR 26 | !ELSE 27 | CFLAGS=$(CFLAGS) /I$(INCD) 28 | !ENDIF 29 | 30 | LIBFLAGS=/nologo 31 | LINKFLAGS=/release /incremental:no /profile /nodefaultlib:oldnames.lib 32 | 33 | !if defined(DETOURS_WIN_7) && defined(DETOURS_CL_17_OR_NEWER) 34 | CFLAGS=$(CFLAGS) /D_USING_V110_SDK71_ 35 | !endif 36 | 37 | !IF "$(DETOURS_TARGET_PROCESSOR)" == "X86" 38 | 39 | ASM=ml 40 | 41 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "X64" 42 | 43 | ASM=ml64 44 | 45 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "IA64" 46 | 47 | ASM=ias 48 | AFLAGS=-F COFF32_PLUS 49 | CFLAGS=$(CFLAGS) /wd4163 # intrinsic rdtebex not available; using newer Windows headers with older compiler 50 | #CFLAGS=$(CFLAGS) /wd4996 /wd4068 51 | 52 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "ARM" 53 | 54 | ASM=armasm 55 | AFLAGS=-coff_thumb2_only 56 | CFLAGS=$(CFLAGS) /D_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE 57 | 58 | CFLAGS=$(CFLAGS) /D_$(DETOURS_TARGET_PROCESSOR:X64=AMD64)_ # redundant with windows.h except for midl proxies 59 | 60 | !ENDIF 61 | 62 | DEPS = $(LIBD)\detours.lib 63 | LIBS = $(DEPS) aux_ulib.lib 64 | 65 | ############################################################################## 66 | ## 67 | 68 | .SUFFIXES: .cpp .h .obj .rc .res 69 | 70 | !ifdef DETOURS_ANALYZE 71 | .cpp{$(OBJD)}.obj: 72 | $(CC) $(CFLAGS) /Fd$(OBJD)\vc.pdb /Fo$(OBJD)\ /c $< 73 | !else 74 | .cpp{$(OBJD)}.obj:: 75 | $(CC) $(CFLAGS) /Fd$(OBJD)\vc.pdb /Fo$(OBJD)\ /c $< 76 | !endif 77 | 78 | .rc{$(OBJD)}.res: 79 | rc /DDETOURS_BITS=$(DETOURS_BITS) /fo$(@) /i$(INCD) $(*B).rc 80 | 81 | ## 82 | ################################################################# End of File. 83 | -------------------------------------------------------------------------------- /dll/corehook/Makefile: -------------------------------------------------------------------------------- 1 | !include ..\common.mak 2 | 3 | CFLAGS = $(CFLAGS:/Od=/O2) 4 | 5 | LIBS=$(LIBS) kernel32.lib aux_ulib.lib 6 | 7 | ############################################################################## 8 | 9 | all: dirs \ 10 | $(BIND)\corehook$(DETOURS_BITS).dll \ 11 | \ 12 | !IF $(DETOURS_SOURCE_BROWSING)==1 13 | $(OBJD)\corehook$(DETOURS_BITS).bsc \ 14 | !ENDIF 15 | option 16 | 17 | ############################################################################## 18 | 19 | dirs: 20 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 21 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 22 | 23 | 24 | $(OBJD)\corehook.obj : corehook.cpp 25 | 26 | $(OBJD)\corehook.res : corehook.rc 27 | 28 | $(BIND)\corehook$(DETOURS_BITS).dll $(BIND)\corehook$(DETOURS_BITS).lib: \ 29 | $(OBJD)\corehook.obj $(OBJD)\corehook.res $(DEPS) 30 | cl /LD $(CFLAGS) /Fe$(@R).dll /Fd$(@R).pdb \ 31 | $(OBJD)\corehook.obj $(OBJD)\corehook.res \ 32 | /link $(LINKFLAGS) /subsystem:console \ 33 | /export:DetourFinishHelperProcess,@1,NONAME \ 34 | /export:DetourAttach \ 35 | /export:DetourTransactionBegin \ 36 | /export:DetourTransactionAbort \ 37 | /export:DetourCreateProcessWithDllsW \ 38 | /export:DetourCreateProcessWithDllsA \ 39 | /export:DetourCreateProcessWithDllExW \ 40 | /export:DetourCreateProcessWithDllExA \ 41 | /export:DetourCopyPayloadToProcess \ 42 | /export:DetourUpdateThread \ 43 | /export:DetourTransactionCommit \ 44 | /export:DetourGetHookHandleForFunction \ 45 | /export:DetourSetCallbackForLocalHook \ 46 | /export:DetourDetach \ 47 | /export:DetourEnumerateExports \ 48 | /export:DetourEnumerateModules \ 49 | /export:DetourEnumerateImports \ 50 | /export:DetourFindFunction \ 51 | /export:DetourIsHelperProcess \ 52 | /export:DetourRestoreAfterWith \ 53 | /export:DetourGetEntryPoint \ 54 | /export:DetourCriticalInitialize \ 55 | /export:DetourInstallHook \ 56 | /export:DetourUninstallHook \ 57 | /export:DetourBarrierGetCallback \ 58 | /export:DetourSetExclusiveACL \ 59 | /export:DetourSetInclusiveACL \ 60 | /export:DetourSetGlobalExclusiveACL \ 61 | /export:DetourSetGlobalInclusiveACL \ 62 | /export:DetourIsThreadIntercepted \ 63 | /export:DetourBarrierProcessAttach \ 64 | /export:DetourGetHookBypassAddress \ 65 | /export:DetourBarrierGetReturnAddress \ 66 | /export:DetourBarrierGetAddressOfReturnAddress \ 67 | /export:DetourBarrierBeginStackTrace \ 68 | /export:DetourBarrierEndStackTrace \ 69 | /export:DetourBarrierCallStackTrace \ 70 | $(LIBS) 71 | 72 | $(OBJD)\corehook$(DETOURS_BITS).bsc : $(OBJD)\corehook.obj 73 | bscmake /v /n /o $@ $(OBJD)\corehook.sbr 74 | 75 | ############################################################################## 76 | 77 | clean: 78 | -del *~ 2>nul 79 | -del $(BIND)\corehook*.* 2>nul 80 | -rmdir /q /s $(OBJD) 2>nul 81 | 82 | realclean: clean 83 | -rmdir /q /s $(OBJDS) 2>nul 84 | 85 | ############################################### Install non-bit-size binaries. 86 | 87 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 88 | 89 | $(OPTD)\corehook$(DETOURS_OPTION_BITS).dll: 90 | $(OPTD)\corehook$(DETOURS_OPTION_BITS).pdb: 91 | 92 | $(BIND)\corehook$(DETOURS_OPTION_BITS).dll: $(OPTD)\corehook$(DETOURS_OPTION_BITS).dll 93 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 94 | $(BIND)\corehook$(DETOURS_OPTION_BITS).pdb: $(OPTD)\corehook$(DETOURS_OPTION_BITS).pdb 95 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 96 | 97 | option: \ 98 | $(BIND)\corehook$(DETOURS_OPTION_BITS).dll \ 99 | $(BIND)\corehook$(DETOURS_OPTION_BITS).pdb \ 100 | 101 | !ELSE 102 | 103 | option: 104 | 105 | !ENDIF 106 | 107 | ############################################################################## 108 | 109 | test: all 110 | @echo -------- Test completed. ------------------------------------------------ 111 | 112 | ################################################################# End of File. 113 | -------------------------------------------------------------------------------- /dll/corehook/corehook.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "detours.h" 3 | 4 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 5 | { 6 | (void)hinst; 7 | (void)reserved; 8 | 9 | if (DetourIsHelperProcess()) { 10 | return TRUE; 11 | } 12 | 13 | if (dwReason == DLL_PROCESS_ATTACH) { 14 | DetourRestoreAfterWith(); 15 | 16 | DetourBarrierProcessAttach(); 17 | 18 | DetourCriticalInitialize(); 19 | } 20 | else if (dwReason == DLL_THREAD_DETACH) { 21 | DetourBarrierThreadDetach(); 22 | } 23 | else if (dwReason == DLL_PROCESS_DETACH) { 24 | DetourCriticalFinalize(); 25 | 26 | DetourBarrierProcessDetach(); 27 | } 28 | return TRUE; 29 | } -------------------------------------------------------------------------------- /dll/corehook/corehook.def: -------------------------------------------------------------------------------- 1 | 2 | EXPORTS 3 | DetourFinishHelperProcess @1 NONAME 4 | DetourAttach 5 | DetourTransactionBegin 6 | DetourTransactionAbort 7 | DetourCreateProcessWithDllsW 8 | DetourCreateProcessWithDllsA 9 | DetourCreateProcessWithDllExW 10 | DetourCreateProcessWithDllExA 11 | DetourCopyPayloadToProcess 12 | DetourUpdateThread 13 | DetourTransactionCommit 14 | DetourGetHookHandleForFunction 15 | DetourSetCallbackForLocalHook 16 | DetourDetach 17 | DetourEnumerateExports 18 | DetourEnumerateModules 19 | DetourEnumerateImports 20 | DetourFindFunction 21 | DetourIsHelperProcess 22 | DetourRestoreAfterWith 23 | DetourGetEntryPoint 24 | DetourCriticalInitialize 25 | DetourInstallHook 26 | DetourUninstallHook 27 | DetourBarrierGetCallback 28 | DetourSetExclusiveACL 29 | DetourSetInclusiveACL 30 | DetourSetGlobalExclusiveACL 31 | DetourSetGlobalInclusiveACL 32 | DetourIsThreadIntercepted 33 | DetourBarrierProcessAttach 34 | DetourGetHookBypassAddress 35 | DetourBarrierGetReturnAddress 36 | DetourBarrierGetAddressOfReturnAddress 37 | DetourBarrierBeginStackTrace 38 | DetourBarrierEndStackTrace 39 | DetourBarrierCallStackTrace -------------------------------------------------------------------------------- /dll/corehook/corehook.rc: -------------------------------------------------------------------------------- 1 | #include "detver.h" 2 | 3 | #define VER_INTERNALNAME_STR "corehook" DETOURS_STRINGIFY(DETOURS_BITS) 4 | #define VER_ORIGINALFILENAME_STR "corehook" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 5 | #define VER_FILEDESCRIPTION_STR "CoreHook Detours Module" 6 | #define VER_COMPANYNAME_STR "Unknown Corporation" 7 | #define VER_LEGALCOPYRIGHT_STR "Copyright (c) Unknown Corporation. No rights reserved." 8 | #define VER_PRODUCTNAME_STR "Microsoft (R) Windows (R) Operating System" 9 | #include "common.ver" 10 | -------------------------------------------------------------------------------- /msvc/corehook-test/DetoursTest.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "corehook.h" 3 | 4 | class Detours { 5 | 6 | public: 7 | bool DetourUserFunction(); 8 | LONG DetourExportedFunction(LPCWSTR file, LPCWSTR *outFile); 9 | int ShouldBypassDetourFunction(); 10 | PVOID FindFunction(_In_ LPCSTR pszModule, _In_ LPCSTR pszFunction); 11 | LONG DetourMoveFileWithUserFunction(); 12 | LONG DetourInstallDetourFunction(); 13 | }; 14 | 15 | class DetoursTest : public testing::Test { 16 | 17 | protected: 18 | void SetUp() override 19 | { 20 | DetourBarrierProcessAttach(); 21 | DetourCriticalInitialize(); 22 | } 23 | 24 | void TearDown() override 25 | { 26 | DetourBarrierProcessDetach(); 27 | DetourCriticalFinalize(); 28 | } 29 | 30 | Detours _dt; 31 | }; 32 | -------------------------------------------------------------------------------- /msvc/corehook-test/corehook.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef COREHOOK_TEST_H_ 4 | #define COREHOOK_TEST_H_ 5 | #include "detours.h" 6 | #include 7 | 8 | #endif // COREHOOK_TEST_H_ 9 | 10 | -------------------------------------------------------------------------------- /msvc/corehook-test/detours_test.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include "DetoursTest.h" 3 | 4 | // Detour a user-created function by setting a boolean value from false to true in our _Detour method 5 | TEST_F(DetoursTest, SimpleDetoursUserFunctionTest) { 6 | EXPECT_EQ(true, _dt.DetourUserFunction()); 7 | } 8 | 9 | // Detour CreateFileW with a non-existent file name 10 | TEST_F(DetoursTest, SimpleDetoursExportedFunctionTest) { 11 | const auto fileName = L"File.txt"; 12 | LPCWSTR fileNamePtr = nullptr; 13 | 14 | EXPECT_EQ(NO_ERROR, _dt.DetourExportedFunction(fileName, &fileNamePtr)); 15 | 16 | EXPECT_EQ(fileName, fileNamePtr); 17 | } 18 | 19 | // Call the original function directly, skipping the detour function we set 20 | TEST_F(DetoursTest, ShouldBypassDetourFunctionTest) { 21 | EXPECT_EQ(0x12345678, _dt.ShouldBypassDetourFunction()); 22 | } 23 | 24 | // Attempt to find a non existent function as part of an existing module 25 | TEST_F(DetoursTest, ShouldFailToFindFunctionTest) { 26 | EXPECT_EQ(nullptr, _dt.FindFunction("kernel32.dll", "AFunctionThatDoesNotExist??")); 27 | } 28 | 29 | // Attempt to find a non existent function as part of an non existing module 30 | TEST_F(DetoursTest, ShouldFailToFindModuleAndFunctionTest) { 31 | EXPECT_EQ(nullptr, _dt.FindFunction("kernelmoduledoesnotexist.dll", "AFunctionThatDoesNotExist??")); 32 | } 33 | 34 | // Attempt to find a public API exported function as part of an existing module, 35 | // so the result should not be a NULL pointer 36 | TEST_F(DetoursTest, ShouldFindFunctionTest) { 37 | EXPECT_NE(nullptr, _dt.FindFunction("kernel32.dll", "SleepEx")); 38 | } 39 | 40 | // FindFunction should return NULL if one of parameters is incorrect 41 | TEST_F(DetoursTest, FindFunctionNullTest) { 42 | EXPECT_EQ(nullptr, _dt.FindFunction("kernel32.dll", nullptr)); 43 | EXPECT_EQ(nullptr, _dt.FindFunction(nullptr, "SleepEx")); 44 | EXPECT_EQ(nullptr, _dt.FindFunction(nullptr, nullptr)); 45 | } 46 | 47 | TEST_F(DetoursTest, InstallInvalidHookParameterTest) { 48 | LONG callback = 0; 49 | HOOK_TRACE_INFO hookHandle = { nullptr }; 50 | void(*testFunction)(int) = [](int i) { (VOID)i; }; 51 | 52 | EXPECT_NE(NO_ERROR, DetourInstallHook(nullptr, nullptr, nullptr, nullptr)); 53 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, nullptr, nullptr, nullptr)); 54 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, testFunction, nullptr, nullptr)); 55 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, testFunction, &callback, nullptr)); 56 | 57 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, nullptr, &callback, nullptr)); 58 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, nullptr, &callback, &hookHandle)); 59 | 60 | EXPECT_NE(NO_ERROR, DetourInstallHook(CreateFileW, nullptr, nullptr, &hookHandle)); 61 | 62 | EXPECT_NE(NO_ERROR, DetourInstallHook(nullptr, nullptr, nullptr, &hookHandle)); 63 | } 64 | 65 | // MoveFile should return false with bad parameters but we detour it 66 | // and return a non-zero value and verify that 67 | TEST_F(DetoursTest, DetourExportedFunctionWithUserFunctionTest) { 68 | EXPECT_EQ(FALSE, MoveFile(nullptr, nullptr)); 69 | 70 | EXPECT_NE(FALSE, _dt.DetourMoveFileWithUserFunction()); 71 | } 72 | 73 | TEST_F(DetoursTest, ShouldFailWhenInstallingMaxHookCount) { 74 | LONG error = ERROR_SUCCESS; 75 | const auto maxHookCount = 1024; 76 | for (int x = 0; x < maxHookCount + 1; x++) { 77 | error = _dt.DetourInstallDetourFunction(); 78 | if (error != ERROR_SUCCESS) { 79 | EXPECT_EQ(x, maxHookCount); 80 | } 81 | } 82 | } 83 | TEST_F(DetoursTest, GetHookBypassAddressShouldReturnInvalidHandleWithBadHookHandle) { 84 | PVOID *ppHookBypassAddress = nullptr; 85 | EXPECT_EQ(ERROR_INVALID_HANDLE, DetourGetHookBypassAddress(nullptr, &ppHookBypassAddress)); 86 | } 87 | TEST_F(DetoursTest, GetHookBypassAddressShouldReturnInvalidHandleWithBadOutputAddress) { 88 | HOOK_TRACE_INFO pHandle; 89 | EXPECT_EQ(ERROR_INVALID_PARAMETER, DetourGetHookBypassAddress(&pHandle, nullptr)); 90 | } 91 | TEST_F(DetoursTest, GetHookBypassAddressShouldReturnInvalidHandleWithBadHookHandleandOutputAddress) { 92 | EXPECT_EQ(ERROR_INVALID_HANDLE, DetourGetHookBypassAddress(nullptr, nullptr)); 93 | } -------------------------------------------------------------------------------- /msvc/corehook-test/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /msvc/corehook-test/pch.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // pch.cpp 3 | // Include the standard header and generate the precompiled header. 4 | // 5 | 6 | #include "pch.h" 7 | -------------------------------------------------------------------------------- /msvc/corehook-test/pch.h: -------------------------------------------------------------------------------- 1 | // 2 | // pch.h 3 | // Header for standard system include files. 4 | // 5 | 6 | #pragma once 7 | 8 | #include "gtest/gtest.h" 9 | #include 10 | -------------------------------------------------------------------------------- /msvc/corehook/corehook.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Resource Files 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /msvc/corehook/detours.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {1719ba20-9551-4f19-aa83-2f33a4c63db0} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | Source Files 53 | 54 | 55 | Source Files 56 | 57 | 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files 64 | 65 | 66 | Header Files 67 | 68 | 69 | 70 | 71 | Source Files\ASM 72 | 73 | 74 | Source Files\ASM 75 | 76 | 77 | Source Files\ASM 78 | 79 | 80 | Source Files\ASM 81 | 82 | 83 | -------------------------------------------------------------------------------- /samples/README.TXT: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Samples README File 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | BUILDING: 11 | ========= 12 | To build the sample applications, type "nmake" in the samples directory. 13 | Note that you must build setdll and syslog in order to use many of the 14 | other sample programs. 15 | 16 | COMMENTS: 17 | ========= 18 | Each of the sample directories has a test, which can be invoked by typing 19 | "nmake test", to demonstrate the usage of the sample. With very few 20 | exceptions, all of the executables also accept a "/?" command to display a 21 | usage message. 22 | 23 | The trace* samples log their output through the syelogd.exe daemon and hook 24 | CreateProcessW to load themselves into any child processes. For example, 25 | typing "withdll -d:traceapi.dll cmd.exe" will create a command shell under 26 | which all processes log their API calls through traceapi.dll. 27 | -------------------------------------------------------------------------------- /samples/comeasy/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## API Extension to Measure time slept. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\wrotei$(DETOURS_BITS).dll \ 18 | $(BIND)\comeasy.exe \ 19 | !IF $(DETOURS_SOURCE_BROWSING)==1 20 | $(OBJD)\wrotei$(DETOURS_BITS).bsc \ 21 | $(OBJD)\comeasy.bsc \ 22 | !ENDIF 23 | option 24 | 25 | ############################################################################## 26 | 27 | clean: 28 | -del $(BIND)\wrotei*.* 2>nul 29 | -del $(BIND)\comeasy.* 2>nul 30 | -del $(BIND)\wrotei.* *~ 2>nul 31 | -rmdir /q /s $(OBJD) 2>nul 32 | 33 | realclean: clean 34 | -rmdir /q /s $(OBJDS) 2>nul 35 | 36 | dirs: 37 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 38 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 39 | 40 | ############################################################################## 41 | 42 | $(OBJD)\wrotei.obj : wrotei.cpp 43 | 44 | $(OBJD)\wrotei.res : wrotei.rc 45 | 46 | $(BIND)\wrotei$(DETOURS_BITS).dll $(BIND)\wrotei$(DETOURS_BITS).lib: \ 47 | $(OBJD)\wrotei.obj $(OBJD)\wrotei.res $(DEPS) 48 | cl /LD $(CFLAGS) /Fe$(@R).dll /Fd$(@R).pdb \ 49 | $(OBJD)\wrotei.obj $(OBJD)\wrotei.res \ 50 | /link $(LINKFLAGS) /subsystem:console \ 51 | /export:DetourFinishHelperProcess,@1,NONAME \ 52 | $(LIBS) ole32.lib 53 | 54 | $(OBJD)\wrotei$(DETOURS_BITS).bsc : $(OBJD)\wrotei.obj 55 | bscmake /v /n /o $@ $(OBJD)\wrotei.sbr 56 | 57 | $(OBJD)\comeasy.obj : comeasy.cpp 58 | 59 | $(BIND)\comeasy.exe : $(OBJD)\comeasy.obj $(DEPS) 60 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 61 | $(OBJD)\comeasy.obj \ 62 | /link $(LINKFLAGS) $(LIBS) ole32.lib \ 63 | /subsystem:console /fixed:no 64 | 65 | $(OBJD)\comeasy.bsc : $(OBJD)\comeasy.obj 66 | bscmake /v /n /o $@ $(OBJD)\comeasy.sbr 67 | 68 | ############################################### Install non-bit-size binaries. 69 | 70 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 71 | 72 | $(OPTD)\wrotei$(DETOURS_OPTION_BITS).dll: 73 | $(OPTD)\wrotei$(DETOURS_OPTION_BITS).pdb: 74 | 75 | $(BIND)\wrotei$(DETOURS_OPTION_BITS).dll : $(OPTD)\wrotei$(DETOURS_OPTION_BITS).dll 76 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 77 | $(BIND)\wrotei$(DETOURS_OPTION_BITS).pdb : $(OPTD)\wrotei$(DETOURS_OPTION_BITS).pdb 78 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 79 | 80 | option: \ 81 | $(BIND)\wrotei$(DETOURS_OPTION_BITS).dll \ 82 | $(BIND)\wrotei$(DETOURS_OPTION_BITS).pdb \ 83 | 84 | !ELSE 85 | 86 | option: 87 | 88 | !ENDIF 89 | 90 | ############################################################################## 91 | 92 | test: all 93 | @echo -------- Reseting test binaries to initial state. ----------------------- 94 | $(BIND)\setdll.exe -r $(BIND)\comeasy.exe 95 | @echo. 96 | @echo -------- Should not load slept$(DETOURS_BITS).dll -------------------------------------- 97 | $(BIND)\comeasy.exe 98 | @echo. 99 | @echo -------- Adding wrotei$(DETOURS_BITS).dll to comeasy.exe ------------------------------ 100 | $(BIND)\setdll.exe -d:$(BIND)\wrotei$(DETOURS_BITS).dll $(BIND)\comeasy.exe 101 | @echo. 102 | @echo -------- Should load wrotei$(DETOURS_BITS).dll ---------------------------------------- 103 | $(BIND)\comeasy.exe 104 | @echo. 105 | @echo -------- Removing wrotei$(DETOURS_BITS).dll from comeasy.exe -------------------------- 106 | $(BIND)\setdll.exe -r $(BIND)\comeasy.exe 107 | @echo. 108 | @echo -------- Should not load wrotei$(DETOURS_BITS).dll ------------------------------------ 109 | $(BIND)\comeasy.exe 110 | @echo. 111 | @echo -------- Should load wrotei$(DETOURS_BITS).dll dynamically using withdll.exe ---------- 112 | $(BIND)\withdll.exe -d:$(BIND)\wrotei$(DETOURS_BITS).dll $(BIND)\comeasy.exe 113 | @echo. 114 | @echo -------- Test completed. ------------------------------------------------ 115 | 116 | ################################################################# End of File. 117 | -------------------------------------------------------------------------------- /samples/comeasy/comeasy.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (comeasy.cpp of comeasy.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | ////////////////////////////////////////////////////////////////////////////// 15 | // 16 | int __cdecl main(int argc, char **argv) 17 | { 18 | HRESULT hr; 19 | 20 | (void)argc; 21 | (void)argv; 22 | 23 | LPSTREAM pStream = NULL; 24 | ULARGE_INTEGER ul; 25 | LARGE_INTEGER li; 26 | 27 | printf("comeasy.exe: Starting (at %p).\n", main); 28 | 29 | CoInitialize(NULL); 30 | 31 | hr = CreateStreamOnHGlobal(NULL, TRUE, &pStream); 32 | 33 | ul.QuadPart = 512; 34 | hr = pStream->SetSize(ul); 35 | 36 | li.QuadPart = 0; 37 | hr = pStream->Seek(li, STREAM_SEEK_SET, NULL); 38 | 39 | printf("comeasy.exe: First write.\n"); 40 | fflush(stdout); 41 | 42 | li.QuadPart = 0; 43 | hr = pStream->Write(&ul, sizeof(ul), NULL); 44 | 45 | printf("comeasy.exe: Second write.\n"); 46 | fflush(stdout); 47 | 48 | li.QuadPart = 1; 49 | hr = pStream->Write(&li, sizeof(li), NULL); 50 | 51 | printf("comeasy.exe: Third write.\n"); 52 | fflush(stdout); 53 | 54 | li.QuadPart = 2; 55 | hr = pStream->Write(&li, sizeof(li), NULL); 56 | 57 | pStream->Release(); 58 | pStream = NULL; 59 | 60 | CoUninitialize(); 61 | 62 | printf("comeasy.exe: Exiting.\n\n"); 63 | fflush(stdout); 64 | 65 | return 0; 66 | } 67 | 68 | // 69 | ///////////////////////////////////////////////////////////////// End of File. 70 | -------------------------------------------------------------------------------- /samples/comeasy/wrotei.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for wrotei.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours COM Easy Sample" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/commem/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\commem.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\commem.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ *.obj *.sbr 2> nul 22 | -del $(BIND)\commem.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(BIND)\commem.obj : commem.cpp 33 | 34 | $(BIND)\commem.exe : $(OBJD)\commem.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\commem.obj \ 36 | /link $(LINKFLAGS) $(LIBS) ole32.lib /subsystem:console 37 | 38 | $(OBJD)\commem.bsc : $(OBJD)\commem.obj 39 | bscmake /v /n /o $@ $(OBJD)\commem.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\commem.exe 44 | @echo. 45 | $(BIND)\commem.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /samples/commem/commem.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour functions of a COM interface (commem.cpp of commem.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // 10 | // 11 | #include 12 | 13 | ////////////////////////////////////////////////////////////////////////////// 14 | // 15 | // WARNING: 16 | // 17 | // CINTERFACE must be defined so that the lpVtbl pointer is visible 18 | // on COM interfaces. However, once we've defined it, we must use 19 | // coding conventions when accessing interface members, for example: 20 | // i->lpVtbl->Write 21 | // instead of the C++ syntax: 22 | // i->Write. 23 | // We must also pass the implicit "this" parameter explicitly: 24 | // i->lpVtbl->Write(i, pb, 0, NULL) 25 | // instead of the C++ syntax: 26 | // i->Write(pb, 0, NULL) 27 | // 28 | #define CINTERFACE 29 | #include 30 | #include 31 | #include 32 | 33 | ////////////////////////////////////////////////////////////////////////////// 34 | // 35 | HRESULT (STDMETHODCALLTYPE *RealIStreamWrite)(IStream * This, 36 | const void *pv, 37 | ULONG cb, 38 | ULONG *pcbWritten) = NULL; 39 | 40 | HRESULT STDMETHODCALLTYPE MineIStreamWrite(IStream * This, 41 | const void *pv, 42 | ULONG cb, 43 | ULONG *pcbWritten) 44 | { 45 | HRESULT hr; 46 | ULONG cbWritten = 0; 47 | if (pcbWritten == NULL) { 48 | pcbWritten = &cbWritten; 49 | } 50 | 51 | printf("commem: %p->IStreamWrite(pv=%p, cb=%d)\n", This, pv, cb); 52 | hr = RealIStreamWrite(This, pv, cb, pcbWritten); 53 | printf("commem: %p->IStreamWrite -> %08x (pcbWritten=%d)\n", This, hr, *pcbWritten); 54 | 55 | return hr; 56 | } 57 | 58 | ////////////////////////////////////////////////////////////////////////////// 59 | // 60 | int main(int argc, char **argv) 61 | { 62 | HRESULT hr; 63 | 64 | (void)argc; 65 | (void)argv; 66 | 67 | LPSTREAM pStream = NULL; 68 | ULARGE_INTEGER ul; 69 | LARGE_INTEGER li; 70 | 71 | CoInitialize(NULL); 72 | 73 | hr = CreateStreamOnHGlobal(NULL, TRUE, &pStream); 74 | 75 | RealIStreamWrite = pStream->lpVtbl->Write; 76 | 77 | ul.QuadPart = 512; 78 | hr = pStream->lpVtbl->SetSize(pStream, ul); 79 | li.QuadPart = 0; 80 | hr = pStream->lpVtbl->Seek(pStream, li, STREAM_SEEK_SET, NULL); 81 | 82 | printf("commem: Calling Write w/o before attach.\n"); 83 | 84 | li.QuadPart = 0; 85 | hr = pStream->lpVtbl->Write(pStream, &ul, sizeof(ul), NULL); 86 | 87 | DetourTransactionBegin(); 88 | DetourUpdateThread(GetCurrentThread()); 89 | DetourAttach(&(PVOID&)RealIStreamWrite, MineIStreamWrite); 90 | DetourTransactionCommit(); 91 | 92 | printf("commem: Calling Write w/o after attach.\n"); 93 | 94 | li.QuadPart = 1; 95 | hr = pStream->lpVtbl->Write(pStream, &li, sizeof(li), NULL); 96 | 97 | DetourTransactionBegin(); 98 | DetourUpdateThread(GetCurrentThread()); 99 | DetourDetach(&(PVOID&)RealIStreamWrite, MineIStreamWrite); 100 | DetourTransactionCommit(); 101 | 102 | printf("commem: Calling Write w/o after detach.\n"); 103 | 104 | li.QuadPart = 2; 105 | hr = pStream->lpVtbl->Write(pStream, &li, sizeof(li), NULL); 106 | 107 | hr = pStream->lpVtbl->Release(pStream); 108 | pStream = NULL; 109 | 110 | CoUninitialize(); 111 | 112 | return 0; 113 | } 114 | 115 | -------------------------------------------------------------------------------- /samples/common.mak: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Common makefile for Detours test programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !IF "$(ROOT)" == "" 11 | ROOT = ..\.. 12 | !ENDIF 13 | !include "$(ROOT)\system.mak" 14 | 15 | !IF "$(DETOURS_SOURCE_BROWSING)" == "" 16 | DETOURS_SOURCE_BROWSING=0 17 | !ENDIF 18 | 19 | ############################################################################## 20 | 21 | !IFNDEF CLIB 22 | CLIB=/MT 23 | !ENDIF 24 | 25 | AFLAGS=/nologo /Zi /c /Fl 26 | CFLAGS=/nologo /Zi $(CLIB) /Gm- /W4 /WX /Od 27 | 28 | !IF $(DETOURS_SOURCE_BROWSING)==1 29 | CFLAGS=$(CFLAGS) /FR 30 | !ELSE 31 | CFLAGS=$(CFLAGS) /I$(INCD) 32 | !ENDIF 33 | 34 | LIBFLAGS=/nologo 35 | LINKFLAGS=/release /incremental:no /profile /nodefaultlib:oldnames.lib 36 | 37 | !if defined(DETOURS_WIN_7) && defined(DETOURS_CL_17_OR_NEWER) 38 | CFLAGS=$(CFLAGS) /D_USING_V110_SDK71_ 39 | !endif 40 | 41 | !IF "$(DETOURS_TARGET_PROCESSOR)" == "X86" 42 | 43 | ASM=ml 44 | 45 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "X64" 46 | 47 | ASM=ml64 48 | 49 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "IA64" 50 | 51 | ASM=ias 52 | AFLAGS=-F COFF32_PLUS 53 | CFLAGS=$(CFLAGS) /wd4163 # intrinsic rdtebex not available; using newer Windows headers with older compiler 54 | #CFLAGS=$(CFLAGS) /wd4996 /wd4068 55 | 56 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "ARM" 57 | 58 | ASM=armasm 59 | AFLAGS=-coff_thumb2_only 60 | CFLAGS=$(CFLAGS) /D_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE 61 | 62 | CFLAGS=$(CFLAGS) /D_$(DETOURS_TARGET_PROCESSOR:X64=AMD64)_ # redundant with windows.h except for midl proxies 63 | 64 | !ENDIF 65 | 66 | DEPS = $(LIBD)\syelog.lib $(LIBD)\detours.lib 67 | LIBS = $(DEPS) aux_ulib.lib 68 | 69 | ############################################################################## 70 | ## 71 | 72 | .SUFFIXES: .cpp .h .obj .rc .res 73 | 74 | !ifdef DETOURS_ANALYZE 75 | .cpp{$(OBJD)}.obj: 76 | $(CC) $(CFLAGS) /Fd$(OBJD)\vc.pdb /Fo$(OBJD)\ /c $< 77 | !else 78 | .cpp{$(OBJD)}.obj:: 79 | $(CC) $(CFLAGS) /Fd$(OBJD)\vc.pdb /Fo$(OBJD)\ /c $< 80 | !endif 81 | 82 | .rc{$(OBJD)}.res: 83 | rc /DDETOURS_BITS=$(DETOURS_BITS) /fo$(@) /i$(INCD) $(*B).rc 84 | 85 | ## 86 | ################################################################# End of File. 87 | -------------------------------------------------------------------------------- /samples/cping/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) \ 13 | kernel32.lib \ 14 | user32.lib \ 15 | shell32.lib \ 16 | uuid.lib \ 17 | ole32.lib \ 18 | rpcrt4.lib \ 19 | advapi32.lib \ 20 | wsock32.lib \ 21 | 22 | # RpcProxy.h uses #ifdef WIN32. 23 | 24 | !if "$(DETOURS_TARGET_PROCESSOR)" == "ARM" 25 | CFLAGS = $(CFLAGS) /D_WIN32_WINNT=0x0500 26 | !else 27 | CFLAGS = $(CFLAGS) /D_WIN32_WINNT=0x0400 28 | !endif 29 | 30 | CFLAGS = $(CFLAGS) /Fd$(OBJD)\vc.pdb \ 31 | /DCONST_VTABLE \ 32 | /DCOBJMACROS -DWIN32 -DNT 33 | 34 | C__FLAGS=-DENTRY_PREFIX=iping_ -DREGISTER_PROXY_DLL 35 | CPPFLAGS= 36 | 37 | ############################################################################## 38 | 39 | .SUFFIXES: .c .cpp .h .idl .obj .res .rc 40 | 41 | {$(OBJD)}.c{$(OBJD)}.obj: 42 | $(CC) $(CFLAGS:/W4=/W3) $(C__FLAGS) /I$(OBJD) /Fo$(OBJD)\ /c $< 43 | 44 | !ifdef DETOURS_ANALYZE 45 | .cpp{$(OBJD)}.obj: 46 | $(CC) $(CFLAGS) $(CPPFLAGS) /I$(OBJD) /Fo$(OBJD)\ /c $< 47 | !else 48 | .cpp{$(OBJD)}.obj:: 49 | $(CC) $(CFLAGS) $(CPPFLAGS) /I$(OBJD) /Fo$(OBJD)\ /c $< 50 | !endif 51 | 52 | .rc{$(OBJD)}.res: 53 | rc /nologo /Fo$@ .\$(*B).rc 54 | 55 | ############################################################################## 56 | ## 57 | C__FLAGS=-DENTRY_PREFIX=iping_ -DREGISTER_PROXY_DLL 58 | CPPFLAGS= 59 | 60 | 61 | MIDLFLAGS=/nologo /Oif /no_format_opt 62 | 63 | !IF "$(DETOURS_TARGET_PROCESSOR)" == "X86" 64 | MIDLFLAGS=$(MIDLFLAGS) /no_robust /win32 65 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "IA64" 66 | MIDLFLAGS=$(MIDLFLAGS) /ia64 67 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "X64" 68 | MIDLFLAGS=$(MIDLFLAGS) /x64 69 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "ARM" 70 | MIDLFLAGS=$(MIDLFLAGS) /arm32 71 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "ARM64" 72 | MIDLFLAGS=$(MIDLFLAGS) /arm64 73 | !ENDIF 74 | 75 | OBJS = \ 76 | $(OBJD)\cping.obj \ 77 | \ 78 | $(OBJD)\iping_i.obj \ 79 | $(OBJD)\iping_p.obj \ 80 | $(OBJD)\iping_d.obj \ 81 | 82 | ############################################################################## 83 | 84 | all: dirs \ 85 | $(BIND)\cping.exe \ 86 | !IF $(DETOURS_SOURCE_BROWSING)==1 87 | $(OBJD)\cping.bsc 88 | !ENDIF 89 | 90 | ############################################################################## 91 | 92 | clean: 93 | -del iping.h *.c *.obj *.sbr *~ 2>nul 94 | -del $(BIND)\cping.* 2>nul 95 | -rmdir /q /s $(OBJD) 2>nul 96 | 97 | realclean: clean 98 | -rmdir /q /s $(OBJDS) 2>nul 99 | 100 | ############################################################################## 101 | 102 | dirs: 103 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 104 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 105 | 106 | $(OBJD)\cping.bsc : $(OBJS) 107 | bscmake /v /n /o $@ $(OBJS:.obj=.sbr) 108 | 109 | $(BIND)\cping.exe : $(OBJS) $(DEPS) 110 | cl $(CFLAGS) /Fe$@ $(OBJS) /link $(LINKFLAGS) \ 111 | /subsystem:console $(LIBS) 112 | 113 | $(OBJD)\cping.obj: cping.cpp $(OBJD)\iping.h 114 | 115 | ############################################################################## 116 | ## 117 | $(OBJD)\iping.h $(OBJD)\iping_d.c $(OBJD)\iping_i.c $(OBJD)\iping_p.c : iping.idl 118 | midl $(MIDLFLAGS) /out $(OBJD) /prefix all iping_ /dlldata iping_d.c iping.idl 119 | 120 | $(OBJD)\iping_i.obj: $(OBJD)\iping_i.c 121 | $(OBJD)\iping_p.obj: $(OBJD)\iping_p.c $(OBJD)\iping.h 122 | $(OBJD)\iping_d.obj: $(OBJD)\iping_d.c 123 | 124 | ############################################################################## 125 | 126 | test: $(BIND)\cping.exe 127 | start $(BIND)\cping.exe /s 128 | $(BIND)\cping.exe /p localhost 129 | 130 | ################################################################# End of File. 131 | -------------------------------------------------------------------------------- /samples/cping/ReadMe.Txt: -------------------------------------------------------------------------------- 1 | Microsoft Research Detours Package 2 | ============================================================================== 3 | 4/2/98 4 | 5 | * Instrumentation: 6 | Read Pentium cycle counter 7 | 8 | * PC configuration: 9 | DCOM/TCP, Windows NT Server 4.0, 10 | between two 300MHz Pentium boxes, 11 | Ethernet connecction 12 | 13 | * Client test program: 14 | HRESULT get(SHORT, SHORT, LONG*) 15 | average over 1,000 calls 16 | midl /Oicf 17 | 18 | * Results: 19 | get() { 20 | <-- (1) 21 | IRpcChannelBuffer::SendReceive()) { 22 | <-- (2) 23 | I_RpcSendReceive() { 24 | <-- (3) 25 | send(soc, ) 26 | <-- (4) 27 | NtWaitForSingleObject(soc, ) 28 | <-- (5) 29 | } // end of RPC layer 30 | <-- (6) 31 | } // end of channel object 32 | <-- (7) 33 | } // end of client call 34 | Average number 35 | of Pentium cycles 36 | (1) NDR marshaling overhead (2 SHORTs) 13 K 37 | (No! of which 11K from GetBuffer, 38 | of which 6.2K from I_RpcGetBuffer()!) 39 | (2) Channel object one-way (send) overhead 1.0 K 40 | (3) RPC layer one-way (send) overhead 5.3 K 41 | (4) TCP + all server work 200 K 42 | (5) RPC layer one-way (recv) overhead 5.1 K 43 | (6) Channel object one-way (recv) overhead 2.2 K 44 | (7) NDR unmarshaling overhead (2 LONGs) 4.2 K 45 | 46 | (*) send() only 17 K 47 | TOTAL CYCLES for client get(): 230 K 48 | -------------------------------------------------------------------------------- /samples/cping/cping.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unknownv2/CoreHook.Hooking/0277ce3f13a3cbc0e2d1ebd4f487ae996cbebf77/samples/cping/cping.dat -------------------------------------------------------------------------------- /samples/cping/iping.idl: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Module: iping.idl (cping.exe - COM Ping) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | import "objidl.idl"; 10 | import "oaidl.idl"; 11 | import "oleidl.idl"; 12 | 13 | 14 | [object, uuid(decdbeef-d1ac-11d1-96bc-00aa00573fb0), pointer_default(unique)] 15 | interface IPing : IUnknown 16 | { 17 | HRESULT Ping(void); 18 | HRESULT PingToServer([in] LPSTR pszString); 19 | HRESULT PingToClient([out] LPSTR *ppszString); 20 | HRESULT PingToClientSize([in] ULONG cbOut); 21 | }; 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /samples/disas/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | # temporarily disable this test for ARM64 11 | !if "$(DETOURS_TARGET_PROCESSOR)" != "ARM64" 12 | 13 | !include ..\common.mak 14 | 15 | LIBS=$(LIBS) kernel32.lib 16 | 17 | all: dirs \ 18 | $(BIND)\disas.exe \ 19 | !IF $(DETOURS_SOURCE_BROWSING)==1 20 | $(OBJD)\disas.bsc 21 | !ENDIF 22 | 23 | clean: 24 | -del *~ *.obj *.sbr *.lst 2>nul 25 | -del $(BIND)\disas.* 2> nul 26 | -rmdir /q /s $(OBJD) 2>nul 27 | 28 | realclean: clean 29 | -rmdir /q /s $(OBJDS) 2>nul 30 | 31 | dirs: 32 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 33 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 34 | 35 | !IF "$(DETOURS_TARGET_PROCESSOR)" == "X86" 36 | $(OBJD)\disasm.obj : x86.cpp 37 | cl $(CFLAGS) /Fe$@ /FAcs /Fa$(OBJD)\x86.lst \ 38 | /Fd$(@R).pdb /Fo$(OBJD)\disasm.obj /c x86.cpp 39 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "X64" 40 | $(OBJD)\disasm.obj : x64.asm 41 | $(ASM) $(AFLAGS) /Fo$(OBJD)\disasm.obj /Fl$(OBJD)\x64.lst x64.asm 42 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "IA64" 43 | $(OBJD)\disasm.obj : ia64.asm 44 | $(ASM) $(AFLAGS) -o $(OBJD)\disasm.obj ia64.asm 45 | !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "ARM" 46 | $(OBJD)\disasm.obj : arm.asm 47 | $(ASM) $(AFLAGS) -list $(OBJD)\arm.lst -o $(OBJD)\disasm.obj arm.asm 48 | !ENDIF 49 | 50 | $(BIND)\disas.obj : disas.cpp 51 | 52 | $(BIND)\disas.exe : $(OBJD)\disas.obj $(OBJD)\disasm.obj $(DEPS) 53 | cl $(CFLAGS) /Fe$@ /FAcs /Fa$(OBJD)\disas.lst /Fd$(@R).pdb \ 54 | $(OBJD)\disas.obj $(OBJD)\disasm.obj \ 55 | /link $(LINKFLAGS) $(LIBS) /subsystem:console /entry:WinMainCRTStartup 56 | 57 | $(OBJD)\disas.bsc : $(OBJD)\disas.obj 58 | bscmake /v /n /o $@ $(OBJD)\disas.sbr 59 | 60 | ############################################################################## 61 | 62 | test: $(BIND)\disas.exe 63 | $(BIND)\disas.exe 64 | 65 | ############################################################################## 66 | 67 | !else 68 | 69 | all: 70 | test: 71 | clean: 72 | realclean: 73 | 74 | !endif 75 | 76 | ################################################################# End of File. 77 | -------------------------------------------------------------------------------- /samples/disas/unk.cpp: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (x86.asm of disas.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | static int value = 0; 11 | 12 | extern "C" void TestCodes() 13 | { 14 | value++; 15 | } 16 | -------------------------------------------------------------------------------- /samples/dtest/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\dtarge$(DETOURS_BITS).dll \ 16 | $(BIND)\dtest.exe \ 17 | !IF $(DETOURS_SOURCE_BROWSING)==1 18 | $(OBJD)\dtarge$(DETOURS_BITS).bsc \ 19 | $(OBJD)\dtest.bsc \ 20 | !ENDIF 21 | option 22 | 23 | clean: 24 | -del *~ *.obj *.sbr 2> nul 25 | -del $(BIND)\dtest.* $(BIND)\dtarge*.* 2> nul 26 | -rmdir /q /s $(OBJD) 2>nul 27 | 28 | realclean: clean 29 | -rmdir /q /s $(OBJDS) 2>nul 30 | 31 | dirs: 32 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 33 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 34 | 35 | $(OBJD)\dtarge.obj : dtarge.cpp 36 | 37 | $(OBJD)\dtarge.res : dtarge.rc 38 | 39 | $(BIND)\dtarge$(DETOURS_BITS).dll $(BIND)\dtarge$(DETOURS_BITS).lib: \ 40 | $(OBJD)\dtarge.obj $(OBJD)\dtarge.res $(DEPS) 41 | cl /LD $(CFLAGS) \ 42 | /Fe$(@R).dll \ 43 | /Fd$(@R).pdb \ 44 | $(OBJD)\dtarge.obj $(OBJD)\dtarge.res \ 45 | /link $(LINKFLAGS) /subsystem:console \ 46 | /export:Target0 \ 47 | /export:Target1 \ 48 | /export:Target2 \ 49 | /export:Target3 \ 50 | /export:Target4 \ 51 | /export:Target5 \ 52 | /export:Target6 \ 53 | /export:Target7 \ 54 | /export:Target8 \ 55 | /export:Target9 \ 56 | /export:Target10 \ 57 | /export:Target11 \ 58 | /export:Target12 \ 59 | /export:Target13 \ 60 | /export:Target14 \ 61 | /export:Target15 \ 62 | /export:Target16 \ 63 | /export:TargetV \ 64 | /export:TargetR \ 65 | $(LIBS) 66 | 67 | $(OBJD)\dtarge$(DETOURS_BITS).bsc : $(OBJD)\dtarge.obj 68 | bscmake /v /n /o $@ $(OBJD)\dtarge.sbr 69 | 70 | $(OBJD)\dtest.obj : dtest.cpp 71 | 72 | $(BIND)\dtest.exe : $(OBJD)\dtest.obj $(BIND)\dtarge$(DETOURS_BITS).lib $(DEPS) 73 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\dtest.obj \ 74 | /link $(LINKFLAGS) $(LIBS) $(BIND)\dtarge$(DETOURS_BITS).lib \ 75 | /subsystem:console /entry:WinMainCRTStartup 76 | 77 | $(OBJD)\dtest.bsc : $(OBJD)\dtest.obj 78 | bscmake /v /n /o $@ $(OBJD)\dtest.sbr 79 | 80 | ############################################### Install non-bit-size binaries. 81 | 82 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 83 | 84 | $(OPTD)\dtarge$(DETOURS_OPTION_BITS).dll: 85 | $(OPTD)\dtarge$(DETOURS_OPTION_BITS).pdb: 86 | 87 | $(BIND)\dtarge$(DETOURS_OPTION_BITS).dll : $(OPTD)\dtarge$(DETOURS_OPTION_BITS).dll 88 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 89 | $(BIND)\dtarge$(DETOURS_OPTION_BITS).pdb : $(OPTD)\dtarge$(DETOURS_OPTION_BITS).pdb 90 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 91 | 92 | option: \ 93 | $(BIND)\dtarge$(DETOURS_OPTION_BITS).dll \ 94 | $(BIND)\dtarge$(DETOURS_OPTION_BITS).pdb \ 95 | 96 | !ELSE 97 | 98 | option: 99 | 100 | !ENDIF 101 | 102 | ############################################################################## 103 | 104 | test: all 105 | $(BIND)\dtest.exe 106 | 107 | ################################################################# End of File. 108 | -------------------------------------------------------------------------------- /samples/dtest/dtarge.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (dtarge.h of dtarge.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #if (_MSC_VER < 1299) 11 | typedef DWORD DWORD_PTR; 12 | #endif 13 | 14 | DWORD_PTR WINAPI Target0(); 15 | DWORD_PTR WINAPI Target1(DWORD_PTR v1); 16 | DWORD_PTR WINAPI Target2(DWORD_PTR v1, DWORD_PTR v2); 17 | DWORD_PTR WINAPI Target3(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3); 18 | DWORD_PTR WINAPI Target4(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4); 19 | DWORD_PTR WINAPI Target5(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 20 | DWORD_PTR v5); 21 | DWORD_PTR WINAPI Target6(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 22 | DWORD_PTR v5, DWORD_PTR v6); 23 | DWORD_PTR WINAPI Target7(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 24 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7); 25 | DWORD_PTR WINAPI Target8(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 26 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8); 27 | DWORD_PTR WINAPI Target9(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 28 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 29 | DWORD_PTR v9); 30 | DWORD_PTR WINAPI Target10(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 31 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 32 | DWORD_PTR v9, DWORD_PTR v10); 33 | DWORD_PTR WINAPI Target11(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 34 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 35 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11); 36 | DWORD_PTR WINAPI Target12(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 37 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 38 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11, DWORD_PTR v12); 39 | DWORD_PTR WINAPI Target13(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 40 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 41 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11, DWORD_PTR v12, 42 | DWORD_PTR v13); 43 | DWORD_PTR WINAPI Target14(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 44 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 45 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11, DWORD_PTR v12, 46 | DWORD_PTR v13, DWORD_PTR v14); 47 | DWORD_PTR WINAPI Target15(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 48 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 49 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11, DWORD_PTR v12, 50 | DWORD_PTR v13, DWORD_PTR v14, DWORD_PTR v15); 51 | DWORD_PTR WINAPI Target16(DWORD_PTR v1, DWORD_PTR v2, DWORD_PTR v3, DWORD_PTR v4, 52 | DWORD_PTR v5, DWORD_PTR v6, DWORD_PTR v7, DWORD_PTR v8, 53 | DWORD_PTR v9, DWORD_PTR v10, DWORD_PTR v11, DWORD_PTR v12, 54 | DWORD_PTR v13, DWORD_PTR v14, DWORD_PTR v15, DWORD_PTR v16); 55 | DWORD_PTR WINAPI TargetV(DWORD_PTR v1, ...); 56 | DWORD_PTR WINAPI TargetR(DWORD_PTR v1, ...); 57 | 58 | // 59 | ///////////////////////////////////////////////////////////////// End of File. 60 | -------------------------------------------------------------------------------- /samples/dtest/dtarge.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dtarge.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/dumpe/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\dumpe.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\dumpe.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2>nul 22 | -del $(BIND)\dumpe.* 2>nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\dumpe.obj : dumpe.cpp 33 | 34 | $(BIND)\dumpe.exe : $(OBJD)\dumpe.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\dumpe.obj \ 36 | /link $(LINKFLAGS) $(LIBS) \ 37 | /subsystem:console 38 | 39 | $(OBJD)\dumpe.bsc : $(OBJD)\dumpe.obj 40 | bscmake /v /n /o $@ $(OBJD)\dumpe.sbr 41 | 42 | ############################################################################## 43 | 44 | test: $(BIND)\dumpe.exe 45 | $(BIND)\dumpe.exe $(BIND)\slept.dll 46 | 47 | testx: $(BIND)\dumpe.exe 48 | cd $(MAKEDIR)\..\..\src 49 | nmake 50 | cd $(MAKEDIR) 51 | if exist $(SYSTEMROOT)\system32\browseui.dll $(BIND)\dumpe.exe browseui.dll 52 | 53 | ################################################################# End of File. 54 | -------------------------------------------------------------------------------- /samples/dumpe/dumpe.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (dumpe.cpp of dumpe.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include "detours.h" 15 | 16 | ////////////////////////////////////////////////////////////////////////////// 17 | // 18 | #ifndef NODEBUG 19 | #undef ASSERT 20 | VOID DetourAssertMessage(CONST PCHAR szMsg, CONST PCHAR szFile, DWORD nLine); 21 | 22 | #define ASSERT(x) \ 23 | do { if (!(x)) { DetourAssertMessage(#x, __FILE__, __LINE__); DebugBreak(); }} while (0) 24 | ; 25 | #undef ASSERTX 26 | #define ASSERTX(x) \ 27 | do { if (!(x)) { DetourAssertMessage(#x, __FILE__, __LINE__); PCHAR p=(PCHAR)(x); *p = 1; }} while (0) 28 | ; 29 | #else // NODEBUG 30 | #undef ASSERT 31 | #define ASSERT(x) 32 | #undef ASSERTX 33 | #define ASSERTX(x) 34 | #endif // NODEBUG 35 | // 36 | ////////////////////////////////////////////////////////////////////////////// 37 | 38 | ////////////////////////////////////////////////////////////// Error Messages. 39 | // 40 | VOID DetourAssertMessage(CONST PCHAR szMsg, CONST PCHAR szFile, DWORD nLine) 41 | { 42 | printf("ASSERT(%s) failed in %s, line %d.", szMsg, szFile, nLine); 43 | } 44 | 45 | 46 | 47 | static BOOL CALLBACK ExportCallback(PVOID pContext, 48 | ULONG nOrdinal, 49 | LPCSTR pszSymbol, 50 | PVOID pbTarget) 51 | { 52 | (void)pContext; 53 | 54 | printf(" %7d %p %-30s\n", 55 | (ULONG)nOrdinal, 56 | pbTarget, 57 | pszSymbol ? pszSymbol : "[NONAME]"); 58 | return TRUE; 59 | } 60 | 61 | BOOL DumpFile(PCHAR pszPath) 62 | { 63 | HINSTANCE hInst = LoadLibraryA(pszPath); 64 | if (hInst == NULL) { 65 | printf("Unable to load %s: Error %d\n", pszPath, GetLastError()); 66 | return FALSE; 67 | } 68 | 69 | printf("%s @ %p\n", pszPath, hInst); 70 | 71 | PVOID pbEntry = DetourGetEntryPoint(hInst); 72 | printf(" EntryPoint: %p\n", pbEntry); 73 | 74 | printf(" Ordinal RVA Name\n"); 75 | DetourEnumerateExports(hInst, NULL, ExportCallback); 76 | 77 | return TRUE; 78 | } 79 | 80 | ////////////////////////////////////////////////////////////////////////////// 81 | // 82 | void PrintUsage(void) 83 | { 84 | printf("Usage:\n" 85 | " dumpe [.dll files]\n" 86 | "Misc. Options:\n" 87 | " /? : Help screen.\n"); 88 | } 89 | 90 | //////////////////////////////////////////////////////////////////////// main. 91 | // 92 | int CDECL main(int argc, char **argv) 93 | { 94 | BOOL fNeedHelp = FALSE; 95 | 96 | int arg = 1; 97 | for (; arg < argc; arg++) { 98 | if (argv[arg][0] == '-' || argv[arg][0] == '/') { 99 | CHAR *argn = argv[arg] + 1; 100 | CHAR *argp = argn; 101 | while (*argp && *argp != ':') 102 | argp++; 103 | if (*argp == ':') 104 | *argp++ = '\0'; 105 | 106 | switch (argn[0]) { 107 | 108 | case '?': // Help. 109 | fNeedHelp = TRUE; 110 | break; 111 | 112 | default: 113 | fNeedHelp = TRUE; 114 | printf("Bad argument: %s:%s\n", argn, argp); 115 | break; 116 | } 117 | } 118 | else { 119 | DumpFile(argv[arg]); 120 | } 121 | } 122 | if (fNeedHelp || argc == 1) { 123 | PrintUsage(); 124 | return 1; 125 | } 126 | return 0; 127 | } 128 | 129 | // End of File 130 | -------------------------------------------------------------------------------- /samples/dumpi/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs - Dump Imports 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\dumpi.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\dumpi.bsc \ 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2>nul 22 | -del $(BIND)\dumpi.* 2>nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\dumpi.obj : dumpi.cpp 33 | 34 | $(BIND)\dumpi.exe : $(OBJD)\dumpi.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\dumpi.obj \ 36 | /link $(LINKFLAGS) $(LIBS) \ 37 | /subsystem:console 38 | 39 | $(OBJD)\dumpi.bsc : $(OBJD)\dumpi.obj 40 | bscmake /v /n /o $@ $(OBJD)\dumpi.sbr 41 | 42 | ############################################################################## 43 | 44 | test: $(BIND)\dumpi.exe 45 | $(BIND)\dumpi.exe $(BIND)\slept.dll $(BIND)\sleepold.exe 46 | 47 | ################################################################# End of File. 48 | -------------------------------------------------------------------------------- /samples/echo/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Detours Test Program 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\echofx$(DETOURS_BITS).dll \ 18 | $(BIND)\echonul.exe \ 19 | \ 20 | !IF $(DETOURS_SOURCE_BROWSING)==1 21 | $(OBJD)\echofx$(DETOURS_BITS).bsc \ 22 | $(OBJD)\echonul.bsc \ 23 | !ENDIF 24 | option 25 | 26 | ############################################################################## 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\echofx.obj : echofx.cpp 33 | 34 | $(OBJD)\echofx.res : echofx.rc 35 | 36 | $(BIND)\echofx$(DETOURS_BITS).dll $(BIND)\echofx$(DETOURS_BITS).lib: \ 37 | $(OBJD)\echofx.obj $(OBJD)\echofx.res $(DEPS) $(BIND)\echonul.lib 38 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 39 | $(OBJD)\echofx.obj $(OBJD)\echofx.res \ 40 | /link $(LINKFLAGS) /subsystem:console \ 41 | /export:DetourFinishHelperProcess,@1,NONAME \ 42 | /export:Mine_Echo \ 43 | $(LIBS) $(BIND)\echonul.lib 44 | 45 | $(OBJD)\echofx$(DETOURS_BITS).bsc : $(OBJD)\echofx.obj 46 | bscmake /v /n /o $@ $(OBJD)\echofx.sbr 47 | 48 | $(OBJD)\echonul.obj : echonul.cpp 49 | $(OBJD)\main.obj : main.cpp 50 | 51 | $(BIND)\echonul.exe $(BIND)\echonul.lib: $(OBJD)\main.obj $(OBJD)\echonul.obj 52 | cl $(CFLAGS) /Zl /Fe$(BIND)\echonul.exe /Fd$(@R).pdb \ 53 | $(OBJD)\main.obj $(OBJD)\echonul.obj \ 54 | /link $(LINKFLAGS) \ 55 | /export:Echo \ 56 | /subsystem:console 57 | 58 | $(OBJD)\echonul.bsc : echonul.obj 59 | bscmake /v /n /o $@ echonul.sbr 60 | 61 | ############################################################################## 62 | 63 | clean: 64 | -del *~ 2>nul 65 | -del $(BIND)\echofx*.* 2>nul 66 | -del $(BIND)\echonul.* 2>nul 67 | -rmdir /q /s $(OBJD) 2>nul 68 | 69 | realclean: clean 70 | -rmdir /q /s $(OBJDS) 2>nul 71 | 72 | ############################################### Install non-bit-size binaries. 73 | 74 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 75 | 76 | $(OPTD)\echofx$(DETOURS_OPTION_BITS).dll: 77 | $(OPTD)\echofx$(DETOURS_OPTION_BITS).pdb: 78 | 79 | $(BIND)\echofx$(DETOURS_OPTION_BITS).dll : $(OPTD)\echofx$(DETOURS_OPTION_BITS).dll 80 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 81 | $(BIND)\echofx$(DETOURS_OPTION_BITS).pdb : $(OPTD)\echofx$(DETOURS_OPTION_BITS).pdb 82 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 83 | 84 | option: \ 85 | $(BIND)\echofx$(DETOURS_OPTION_BITS).dll \ 86 | $(BIND)\echofx$(DETOURS_OPTION_BITS).pdb \ 87 | 88 | !ELSE 89 | 90 | option: 91 | 92 | !ENDIF 93 | 94 | ############################################################################## 95 | 96 | test: all 97 | @echo -------- Should echo nothing. -------------------------------------- 98 | -$(BIND)\echonul.exe 99 | @echo -------- Should echo Hello World. ---------------------------------- 100 | -$(BIND)\withdll.exe -d:$(BIND)\echofx$(DETOURS_BITS).dll $(BIND)\echonul.exe 101 | @echo. 102 | 103 | testd: all 104 | @echo. 105 | -windbg -o -g -G $(BIND)\withdll.exe -d:$(BIND)\echofx$(DETOURS_BITS).dll $(BIND)\echonul.exe 106 | @echo. 107 | 108 | ################################################################# End of File. 109 | -------------------------------------------------------------------------------- /samples/echo/echofx.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | #include 6 | #include 7 | 8 | int WINAPI Echo(PCSTR pszMsg); 9 | 10 | static int (WINAPI * Real_Echo)(PCSTR pszMsg) = Echo; 11 | 12 | int WINAPI Mine_Echo(PCSTR pszMsg) 13 | { 14 | printf("Echo(%s)\n", pszMsg); 15 | return Real_Echo(pszMsg); 16 | } 17 | 18 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 19 | { 20 | LONG error; 21 | (void)hinst; 22 | (void)reserved; 23 | 24 | if (DetourIsHelperProcess()) { 25 | return TRUE; 26 | } 27 | 28 | if (dwReason == DLL_PROCESS_ATTACH) { 29 | DetourRestoreAfterWith(); 30 | 31 | printf("echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 32 | " Starting.\n"); 33 | fflush(stdout); 34 | 35 | DetourTransactionBegin(); 36 | DetourUpdateThread(GetCurrentThread()); 37 | DetourAttach(&(PVOID&)Real_Echo, Mine_Echo); 38 | error = DetourTransactionCommit(); 39 | 40 | if (error == NO_ERROR) { 41 | printf("echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 42 | " Detoured Echo().\n"); 43 | } 44 | else { 45 | printf("echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 46 | " Error detouring Echo(): %d\n", error); 47 | } 48 | } 49 | else if (dwReason == DLL_PROCESS_DETACH) { 50 | DetourTransactionBegin(); 51 | DetourUpdateThread(GetCurrentThread()); 52 | DetourDetach(&(PVOID&)Real_Echo, Mine_Echo); 53 | error = DetourTransactionCommit(); 54 | 55 | printf("echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 56 | " Removed Echo() (result=%d)\n", error); 57 | fflush(stdout); 58 | } 59 | return TRUE; 60 | } 61 | -------------------------------------------------------------------------------- /samples/echo/echofx.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for echofx.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Echo Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/echo/echonul.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg) 7 | { 8 | int sum = 0; 9 | while (*pszMsg) { 10 | sum = sum + *pszMsg++; 11 | } 12 | return sum; 13 | } 14 | 15 | int main() 16 | { 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /samples/echo/main.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg); 7 | 8 | extern "C" int __stdcall mainCRTStartup(HINSTANCE hInstance, 9 | HINSTANCE hPrevInstance, 10 | LPSTR lpCmdLine, 11 | int nCmdShow 12 | ) 13 | { 14 | (void)hInstance; 15 | (void)hPrevInstance; 16 | (void)lpCmdLine; 17 | (void)nCmdShow; 18 | 19 | Echo("Hello World"); 20 | Echo("Goodbye World"); 21 | 22 | return 0x99; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /samples/einst/edll1x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (edll1x.cpp of edll1x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include 12 | 13 | //////////////////////////////////////////////////////////////////// DLL Stuff 14 | // 15 | struct CPrivateStuff 16 | { 17 | DETOUR_SECTION_HEADER header; 18 | DETOUR_SECTION_RECORD record; 19 | CHAR szMessage[32]; 20 | }; 21 | 22 | #pragma data_seg(".detour") 23 | 24 | static CPrivateStuff private_stuff = { 25 | DETOUR_SECTION_HEADER_DECLARE(sizeof(CPrivateStuff)), 26 | { 27 | (sizeof(CPrivateStuff) - sizeof(DETOUR_SECTION_HEADER)), 28 | 0, 29 | { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 30 | 0xd9ab8a40, 31 | 0xf4cc, 32 | 0x11d1, 33 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 34 | } 35 | }, 36 | "The First Dll!" 37 | }; 38 | #pragma data_seg() 39 | 40 | __declspec(dllexport) VOID WINAPI EDll1Function(VOID) 41 | { 42 | return; 43 | } 44 | 45 | __declspec(dllexport) ULONG WINAPI 46 | DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved) 47 | { 48 | (void)hInstance; 49 | (void)dwReason; 50 | (void)lpReserved; 51 | 52 | return TRUE; 53 | } 54 | 55 | ///////////////////////////////////////////////////////////////// End of File. 56 | -------------------------------------------------------------------------------- /samples/einst/edll2x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (edll2x.cpp of einst.exe/edll2x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include 12 | 13 | //////////////////////////////////////////////////////////////////// DLL Stuff 14 | // 15 | struct CPrivateStuff 16 | { 17 | DETOUR_SECTION_HEADER header; 18 | DETOUR_SECTION_RECORD record; 19 | CHAR szMessage[32]; 20 | }; 21 | 22 | #pragma data_seg(".detour") 23 | 24 | static CPrivateStuff private_stuff = { 25 | DETOUR_SECTION_HEADER_DECLARE(sizeof(CPrivateStuff)), 26 | { 27 | (sizeof(CPrivateStuff) - sizeof(DETOUR_SECTION_HEADER)), 28 | 0, 29 | { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 30 | 0xd9ab8a40, 31 | 0xf4cc, 32 | 0x11d1, 33 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 34 | } 35 | }, 36 | "The Second Dll!" 37 | }; 38 | #pragma data_seg() 39 | 40 | __declspec(dllexport) VOID WINAPI EDll2Function(VOID) 41 | { 42 | return; 43 | } 44 | 45 | __declspec(dllexport) ULONG WINAPI 46 | DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved) 47 | { 48 | (void)hInstance; 49 | (void)dwReason; 50 | (void)lpReserved; 51 | 52 | return TRUE; 53 | } 54 | 55 | ///////////////////////////////////////////////////////////////// End of File. 56 | -------------------------------------------------------------------------------- /samples/einst/edll3x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (edll3x.cpp of einst.exe/edll3x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include 12 | 13 | //////////////////////////////////////////////////////////////////// DLL Stuff 14 | // 15 | struct CPrivateStuffPart1 16 | { 17 | DETOUR_SECTION_RECORD header; 18 | CHAR szMessage[48]; 19 | }; 20 | 21 | struct CPrivateStuffPart2 22 | { 23 | DETOUR_SECTION_RECORD header; 24 | CHAR szMessage[64]; 25 | }; 26 | 27 | struct CPrivateStuff 28 | { 29 | DETOUR_SECTION_HEADER header; 30 | CPrivateStuffPart1 record1; 31 | CPrivateStuffPart2 record2; 32 | }; 33 | 34 | #pragma data_seg(".detour") 35 | 36 | static CPrivateStuff private_stuff = { 37 | DETOUR_SECTION_HEADER_DECLARE(sizeof(CPrivateStuff)), 38 | { 39 | { 40 | sizeof(CPrivateStuffPart1), 41 | 0, 42 | { /* d9ab8a41-f4cc-11d1-b6d7-006097b010e3 */ 43 | 0xd9ab8a41, 44 | 0xf4cc, 45 | 0x11d1, 46 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 47 | } 48 | }, 49 | "The Third DLL Part One!" 50 | }, 51 | { 52 | { 53 | sizeof(CPrivateStuffPart2), 54 | 0, 55 | { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 56 | 0xd9ab8a40, 57 | 0xf4cc, 58 | 0x11d1, 59 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 60 | } 61 | }, 62 | "The Third DLL Part Two!" 63 | } 64 | }; 65 | #pragma data_seg() 66 | 67 | __declspec(dllexport) VOID WINAPI EDll3Function(VOID) 68 | { 69 | return; 70 | } 71 | 72 | __declspec(dllexport) ULONG WINAPI 73 | DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved) 74 | { 75 | (void)hInstance; 76 | (void)dwReason; 77 | (void)lpReserved; 78 | 79 | return TRUE; 80 | } 81 | 82 | ///////////////////////////////////////////////////////////////// End of File. 83 | -------------------------------------------------------------------------------- /samples/einst/einst.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (einst.cpp of einst.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include 12 | 13 | struct CPrivateStuff 14 | { 15 | DETOUR_SECTION_HEADER header; 16 | DETOUR_SECTION_RECORD record; 17 | CHAR szMessage[32]; 18 | }; 19 | 20 | #ifdef INCLUDE_THIS 21 | #pragma data_seg(".detour") 22 | 23 | static CPrivateStuff private_stuff = { 24 | DETOUR_SECTION_HEADER_DECLARE(sizeof(CPrivateStuff)), 25 | { 26 | (sizeof(CPrivateStuff) - sizeof(DETOUR_SECTION_HEADER)), 27 | 0, 28 | { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 29 | 0xd9ab8a40, 30 | 0xf4cc, 31 | 0x11d1, 32 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 33 | } 34 | }, 35 | "The Application!" 36 | }; 37 | #pragma data_seg() 38 | #endif 39 | 40 | GUID my_guid = 41 | { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 42 | 0xd9ab8a40, 43 | 0xf4cc, 44 | 0x11d1, 45 | {0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3} 46 | }; 47 | 48 | __declspec(dllimport) VOID WINAPI EDll1Function(VOID); 49 | __declspec(dllimport) VOID WINAPI EDll2Function(VOID); 50 | __declspec(dllimport) VOID WINAPI EDll3Function(VOID); 51 | 52 | void FindPayload(HINSTANCE hinst) 53 | { 54 | CHAR szModuleName[256]; 55 | GetModuleFileNameA(hinst, szModuleName, ARRAYSIZE(szModuleName)); 56 | printf(" %p : %s\n", hinst, szModuleName); 57 | 58 | ULONG cbData = 0; 59 | PBYTE pbData = (PBYTE)DetourFindPayload(hinst, my_guid, &cbData); 60 | 61 | if (pbData) { 62 | printf(" %08p..%08p : %50.50s\n", 63 | pbData, 64 | pbData + cbData, 65 | pbData); 66 | } 67 | } 68 | 69 | int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprev, LPSTR lpszCmdLine, int nCmdShow) 70 | { 71 | (void)hinst; 72 | (void)hprev; 73 | (void)lpszCmdLine; 74 | (void)nCmdShow; 75 | 76 | printf("Source .EXE:\n"); 77 | FindPayload(NULL); 78 | printf("\n"); 79 | 80 | printf("DLL and EXE binaries loaded:\n"); 81 | 82 | EDll1Function(); 83 | EDll2Function(); 84 | EDll3Function(); 85 | 86 | for (HINSTANCE hiter = NULL; (hiter = DetourEnumerateModules(hiter)) != NULL;) { 87 | FindPayload(hiter); 88 | } 89 | 90 | if ((PVOID)hinst == (PVOID)lpszCmdLine) { 91 | DispatchMessage(NULL); // Force load of gdi32.dll 92 | } 93 | 94 | return 0; 95 | } 96 | 97 | // 98 | ///////////////////////////////////////////////////////////////// End of File. 99 | -------------------------------------------------------------------------------- /samples/excep/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\excep.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\excep.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2>nul 22 | -del $(BIND)\excep.* 2>nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\excep.obj : excep.cpp 33 | $(OBJD)\firstexc.obj : firstexc.cpp 34 | 35 | $(BIND)\excep.exe : $(OBJD)\excep.obj $(OBJD)\firstexc.obj $(DEPS) 36 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\excep.obj $(OBJD)\firstexc.obj \ 37 | /link $(LINKFLAGS) $(LIBS) /subsystem:console /entry:WinMainCRTStartup 38 | 39 | $(OBJD)\excep.bsc : $(OBJD)\excep.obj 40 | bscmake /v /n /o $@ $(OBJD)\excep.sbr 41 | 42 | ############################################################################## 43 | 44 | test: $(BIND)\excep.exe 45 | $(BIND)\excep.exe 46 | 47 | ################################################################# End of File. 48 | -------------------------------------------------------------------------------- /samples/excep/excep.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // First Chance Exception Handling Test Program (excep.cpp of excep.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // For more information on exception handling, see "A Crash Course on the 10 | // Depths of Win32 Structured Exception Handling," by Matt Pietrek in the 11 | // January 1997 issue of Microsoft Systems Journal. 12 | // 13 | #include 14 | #include 15 | #include 16 | #include "firstexc.h" 17 | 18 | ////////////////////////////////////////////////////////////////////////////// 19 | // 20 | static LPVOID s_pvData = NULL; 21 | static DWORD s_dwDataPerm = 0; 22 | 23 | static LONG ExceptCatch(LONG nTry, DWORD dwException, LPEXCEPTION_POINTERS pinfo) 24 | { 25 | printf(" ExceptCatch(%d, %08x, %08x)\n", nTry, dwException, (ULONG)pinfo); 26 | #ifdef INCLUDE_THIS 27 | if (nTry == 0) { 28 | return EXCEPTION_CONTINUE_EXECUTION; 29 | } 30 | #endif 31 | return EXCEPTION_EXECUTE_HANDLER; 32 | } 33 | 34 | static int BadCode(int nTry) 35 | { 36 | printf(" BadCode(Try:%d)\n", nTry); 37 | printf(" BadCode -> %d\n", *(PULONG)s_pvData); 38 | ((PULONG)s_pvData)[0] = 0; 39 | printf(" BadCode -> %d\n", *(PULONG)s_pvData); 40 | ((PULONG)s_pvData)[-1] = 0; 41 | printf(" BadCode -> %d\n", *(PULONG)s_pvData); 42 | 43 | return 0; 44 | } 45 | 46 | void safe(int nTry) 47 | { 48 | __try { 49 | printf(" try(%d)\n", nTry); 50 | BadCode(nTry); 51 | printf(" good(%d)\n", nTry); 52 | } __except(ExceptCatch(nTry, 53 | GetExceptionCode(), 54 | GetExceptionInformation())) { 55 | DWORD dwExcept = GetExceptionCode(); 56 | 57 | printf(" handler(%d) : %08x\n", nTry, dwExcept); 58 | } 59 | } 60 | 61 | void raw(int nTry) 62 | { 63 | BadCode(nTry); 64 | } 65 | 66 | LONG WINAPI MyVirtualFaultFilter(PEXCEPTION_POINTERS pException) 67 | { 68 | PEXCEPTION_RECORD pExceptRec = pException->ExceptionRecord; 69 | 70 | if (pExceptRec->ExceptionCode == 0xc0000005) { 71 | printf("-- Memory access exception.\n"); 72 | if (pExceptRec->NumberParameters >= 2 && 73 | pExceptRec->ExceptionInformation[1] >= (ULONG)s_pvData && 74 | pExceptRec->ExceptionInformation[1] <= (ULONG)s_pvData + sizeof(ULONG)) { 75 | 76 | VirtualProtect(s_pvData, sizeof(ULONG), PAGE_READWRITE, &s_dwDataPerm); 77 | printf("-- Changed permissions.\n"); 78 | return EXCEPTION_CONTINUE_EXECUTION; 79 | } 80 | } 81 | return EXCEPTION_CONTINUE_SEARCH; 82 | } 83 | 84 | int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprev, LPSTR lpszCmdLine, int nCmdShow) 85 | { 86 | (void)hinst; 87 | (void)hprev; 88 | (void)lpszCmdLine; 89 | (void)nCmdShow; 90 | 91 | s_pvData = VirtualAlloc(NULL, sizeof(ULONG), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE); 92 | if (s_pvData == NULL) { 93 | printf("VirtualAlloc failed: %d\n", GetLastError()); 94 | return 0; 95 | } 96 | *(PULONG)s_pvData = 1; 97 | 98 | VirtualProtect(s_pvData, sizeof(ULONG), PAGE_READONLY, &s_dwDataPerm); 99 | 100 | DetourFirstChanceExceptionFilter(MyVirtualFaultFilter); 101 | 102 | printf("main\n"); 103 | printf("--------------------------------------------------\n"); 104 | int nTry = 0; 105 | for (; nTry < 1; nTry++) { 106 | // safe(nTry); 107 | } 108 | printf("-- safe ------------------------------------------\n"); 109 | safe(nTry); 110 | VirtualProtect(s_pvData, sizeof(ULONG), PAGE_READWRITE, &s_dwDataPerm); 111 | *(PULONG)s_pvData = 1; 112 | VirtualProtect(s_pvData, sizeof(ULONG), PAGE_READONLY, &s_dwDataPerm); 113 | 114 | printf("-- raw -------------------------------------------\n"); 115 | printf("*\n"); 116 | printf("* NB: The second attempt to write will fail because it isn't handled.\n"); 117 | printf("*\n"); 118 | raw(nTry); 119 | printf("--------------------------------------------------\n"); 120 | printf("exit\n"); 121 | 122 | return 0; 123 | } 124 | // 125 | ///////////////////////////////////////////////////////////////// End of File. 126 | -------------------------------------------------------------------------------- /samples/excep/firstexc.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (firstexc.h of firstexc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #pragma once 11 | #ifndef _FIRSTEXC_H_ 12 | #define _FIRSTEXC_H_ 13 | 14 | /////////////////////////////////////////////// First Chance Exception Filter. 15 | // 16 | LPTOP_LEVEL_EXCEPTION_FILTER WINAPI 17 | DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter); 18 | 19 | #endif // _FIRSTEXC_H_ 20 | // 21 | //////////////////////////////////////////////////////////////// End of File. 22 | -------------------------------------------------------------------------------- /samples/findfunc/extend.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for extend.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dyanmic Interception Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/findfunc/findfunc.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (findfunc.cpp of findfunc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | #include "target.h" 14 | 15 | int __cdecl main(void) 16 | { 17 | printf("findfunc.exe: Starting.\n"); 18 | fflush(stdout); 19 | 20 | printf("DLLs:\n"); 21 | for (HMODULE hModule = NULL; (hModule = DetourEnumerateModules(hModule)) != NULL;) { 22 | CHAR szName[MAX_PATH] = { 0 }; 23 | GetModuleFileNameA(hModule, szName, sizeof(szName) - 1); 24 | printf(" %p: %s\n", hModule, szName); 25 | } 26 | 27 | DWORD dwCount = 10000; 28 | for (int i = 0; i < 3; i++) { 29 | printf("findfunc.exe: Calling (%d).\n", dwCount); 30 | dwCount = Target(dwCount) + 10000; 31 | } 32 | return 0; 33 | } 34 | // 35 | ///////////////////////////////////////////////////////////////// End of File. 36 | -------------------------------------------------------------------------------- /samples/findfunc/target.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.cpp of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include "target.h" 13 | 14 | extern "C" DWORD WINAPI Hidden(DWORD dwCount) 15 | { 16 | printf("target.dll: Hidden(%d) -> %d.\n", dwCount, dwCount + 1); 17 | return dwCount + 1; 18 | } 19 | 20 | // We use this point to ensure Hidden isn't inlined. 21 | static DWORD (WINAPI * SelfHidden)(DWORD dwCount) = Hidden; 22 | 23 | DWORD WINAPI Target(DWORD dwCount) 24 | { 25 | printf("target.dll: Target (%d) -> %d.\n", dwCount, dwCount + 100); 26 | dwCount = SelfHidden(dwCount + 100); 27 | printf("target.dll: Target (.....) -> %d.\n", dwCount); 28 | return dwCount; 29 | } 30 | 31 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 32 | { 33 | (void)hinst; 34 | (void)dwReason; 35 | (void)reserved; 36 | 37 | return TRUE; 38 | } 39 | 40 | // 41 | ///////////////////////////////////////////////////////////////// End of File. 42 | -------------------------------------------------------------------------------- /samples/findfunc/target.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.h of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI Target(DWORD dwCount); 11 | 12 | // 13 | ///////////////////////////////////////////////////////////////// End of File. 14 | -------------------------------------------------------------------------------- /samples/findfunc/target.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for target.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/impmunge/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\impmunge.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\impmunge.bsc 18 | !ENDIF 19 | 20 | ############################################################################## 21 | 22 | clean: 23 | -del *~ test.exe.* 2>nul 24 | -del $(BIND)\impmunge.* 2>nul 25 | -rmdir /q /s $(OBJD) 2>nul 26 | 27 | realclean: clean 28 | -rmdir /q /s $(OBJDS) 2>nul 29 | 30 | ############################################################################## 31 | 32 | dirs: 33 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 34 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 35 | 36 | $(OBJD)\impmunge.obj : impmunge.cpp 37 | 38 | $(BIND)\impmunge.exe : $(OBJD)\impmunge.obj $(DEPS) 39 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\impmunge.obj \ 40 | /link $(LINKFLAGS) $(LIBS) imagehlp.lib /subsystem:console 41 | 42 | $(OBJD)\impmunge.bsc : $(OBJD)\impmunge.obj 43 | bscmake /v /n /o $@ $(OBJD)\impmunge.sbr 44 | 45 | ############################################################################## 46 | 47 | test: $(BIND)\impmunge.exe 48 | $(BIND)\impmunge.exe /m /o:test.exe.1 $(BIND)\impmunge.exe 49 | $(BIND)\impmunge.exe /m /l- /o:test.exe.2 test.exe.1 50 | $(BIND)\impmunge.exe /m /l- /o:test.exe.3 test.exe.2 51 | $(BIND)\impmunge.exe /m /l- /o:test.exe.4 test.exe.3 52 | $(BIND)\impmunge.exe /l test.exe.4 53 | $(BIND)\impmunge.exe /r /l- /o:test.exe.0 test.exe.4 54 | $(BIND)\impmunge.exe /l test.exe.0 55 | 56 | ################################################################# End of File. 57 | -------------------------------------------------------------------------------- /samples/member/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\member.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\member.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\member.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\member.obj : member.cpp 33 | 34 | $(BIND)\member.exe : $(OBJD)\member.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\member.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\member.bsc : $(OBJD)\member.obj 39 | bscmake /v /n /o $@ $(OBJD)\member.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\member.exe 44 | @echo. 45 | $(BIND)\member.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /samples/member/member.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Test a detour of a member function (member.cpp of member.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // By default, C++ member functions use the __thiscall calling convention. 10 | // In order to Detour a member function, both the trampoline and the detour 11 | // must have exactly the same calling convention as the target function. 12 | // Unfortunately, the VC compiler does not support a __thiscall, so the only 13 | // way to create legal detour and trampoline functions is by making them 14 | // class members of a "detour" class. 15 | // 16 | // In addition, C++ does not support converting a pointer to a member 17 | // function to an arbitrary pointer. To get a raw pointer, the address of 18 | // the member function must be moved into a temporary member-function 19 | // pointer, then passed by taking it's address, then de-referencing it. 20 | // Fortunately, the compiler will optimize the code to remove the extra 21 | // pointer operations. 22 | // 23 | // If X::Target is a virtual function, the following code will *NOT* work 24 | // because &X::Target is the address of a thunk that does a virtual call, 25 | // not the real address of the X::Target. You can get the real address 26 | // of X::Target by looking directly in the VTBL for class X, but there 27 | // is no legal way to 1) get the address of X's VTBL or 2) get the offset 28 | // of ::Target within that VTBL. You can of course, figure these out for 29 | // a particular class and function, but there is no general way to do so. 30 | // 31 | #include 32 | 33 | #include 34 | #include 35 | 36 | #include "..\slept\verify.cpp" 37 | 38 | //////////////////////////////////////////////////////////////// Target Class. 39 | // 40 | class CMember 41 | { 42 | public: 43 | void Target(void); 44 | }; 45 | 46 | void CMember::Target(void) 47 | { 48 | printf(" CMember::Target! (this:%p)\n", this); 49 | } 50 | 51 | //////////////////////////////////////////////////////////////// Detour Class. 52 | // 53 | class CDetour /* add ": public CMember" to enable access to member variables... */ 54 | { 55 | public: 56 | void Mine_Target(void); 57 | static void (CDetour::* Real_Target)(void); 58 | 59 | // Class shouldn't have any member variables or virtual functions. 60 | }; 61 | 62 | void CDetour::Mine_Target(void) 63 | { 64 | printf(" CDetour::Mine_Target! (this:%p)\n", this); 65 | (this->*Real_Target)(); 66 | } 67 | 68 | void (CDetour::* CDetour::Real_Target)(void) = (void (CDetour::*)(void))&CMember::Target; 69 | 70 | ////////////////////////////////////////////////////////////////////////////// 71 | // 72 | int main(int argc, char **argv) 73 | { 74 | (void)argc; 75 | (void)argv; 76 | 77 | ////////////////////////////////////////////////////////////////////////// 78 | // 79 | 80 | void (CMember::* pfTarget)(void) = &CMember::Target; 81 | void (CDetour::* pfMine)(void) = &CDetour::Mine_Target; 82 | 83 | Verify("CMember::Target ", *(PBYTE*)&pfTarget); 84 | Verify("*CDetour::Real_Target", *(PBYTE*)&CDetour::Real_Target); 85 | Verify("CDetour::Mine_Target ", *(PBYTE*)&pfMine); 86 | 87 | printf("\n"); 88 | 89 | DetourTransactionBegin(); 90 | DetourUpdateThread(GetCurrentThread()); 91 | 92 | DetourAttach(&(PVOID&)CDetour::Real_Target, 93 | *(PBYTE*)&pfMine); 94 | 95 | LONG l = DetourTransactionCommit(); 96 | printf("DetourTransactionCommit = %d\n", l); 97 | printf("\n"); 98 | 99 | Verify("CMember::Target ", *(PBYTE*)&pfTarget); 100 | Verify("*CDetour::Real_Target", *(&(PBYTE&)CDetour::Real_Target)); 101 | Verify("CDetour::Mine_Target ", *(PBYTE*)&pfMine); 102 | printf("\n"); 103 | 104 | ////////////////////////////////////////////////////////////////////////// 105 | // 106 | CMember target; 107 | 108 | printf("Calling CMember (w/o Detour):\n"); 109 | (((CDetour*)&target)->*CDetour::Real_Target)(); 110 | 111 | printf("Calling CMember (will be detoured):\n"); 112 | target.Target(); 113 | 114 | return 0; 115 | } 116 | 117 | -------------------------------------------------------------------------------- /samples/opengl/Makefile: -------------------------------------------------------------------------------- 1 | ###################################################################### 2 | ## 3 | ## Hook test for glFinish 4 | ## 5 | 6 | !include ..\common.mak 7 | 8 | LIBS=$(LIBS) kernel32.lib gdi32.lib 9 | 10 | ############################################################################## 11 | 12 | all: dirs \ 13 | $(BIND)\ogldet$(DETOURS_BITS).dll \ 14 | $(BIND)\testogl.exe \ 15 | \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\ogldet$(DETOURS_BITS).bsc \ 18 | $(OBJD)\testogl.bsc \ 19 | !ENDIF 20 | option 21 | 22 | ############################################################################## 23 | 24 | dirs: 25 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 26 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 27 | 28 | $(OBJD)\ogldet.obj : ogldet.cpp 29 | 30 | $(OBJD)\ogldet.res : ogldet.rc 31 | 32 | $(BIND)\ogldet$(DETOURS_BITS).dll $(BIND)\ogldet$(DETOURS_BITS).lib: \ 33 | $(OBJD)\ogldet.obj $(OBJD)\ogldet.res $(DEPS) 34 | cl /LD $(CFLAGS) /Fe$(@R).dll /Fd$(@R).pdb \ 35 | $(OBJD)\ogldet.obj $(OBJD)\ogldet.res \ 36 | /link $(LINKFLAGS) /subsystem:console \ 37 | /export:DetourFinishHelperProcess,@1,NONAME \ 38 | /export:hookedGlFinish \ 39 | $(LIBS) opengl32.lib 40 | 41 | $(OBJD)\ogldet$(DETOURS_BITS).bsc : $(OBJD)\ogldet.obj 42 | bscmake /v /n /o $@ $(OBJD)\ogldet.sbr 43 | 44 | $(OBJD)\testogl.obj : testogl.cpp 45 | 46 | $(BIND)\testogl.exe : $(OBJD)\testogl.obj $(DEPS) 47 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\testogl.obj \ 48 | /link $(LINKFLAGS) $(LIBS) opengl32.lib \ 49 | /subsystem:console 50 | 51 | $(OBJD)\testogl.bsc : $(OBJD)\testogl.obj 52 | bscmake /v /n /o $@ $(OBJD)\testogl.sbr 53 | 54 | ############################################################################## 55 | 56 | clean: 57 | -del *~ 2>nul 58 | -del $(BIND)\ogldet*.* 2>nul 59 | -del $(BIND)\testogl.* 2>nul 60 | -rmdir /q /s $(OBJD) 2>nul 61 | 62 | realclean: clean 63 | -rmdir /q /s $(OBJDS) 2>nul 64 | 65 | ############################################### Install non-bit-size binaries. 66 | 67 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 68 | 69 | $(OPTD)\olgdet$(DETOURS_OPTION_BITS).dll: 70 | $(OPTD)\olgdet$(DETOURS_OPTION_BITS).pdb: 71 | 72 | $(BIND)\olgdet$(DETOURS_OPTION_BITS).dll : $(OPTD)\olgdet$(DETOURS_OPTION_BITS).dll 73 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 74 | $(BIND)\olgdet$(DETOURS_OPTION_BITS).pdb : $(OPTD)\olgdet$(DETOURS_OPTION_BITS).pdb 75 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 76 | 77 | option: \ 78 | $(BIND)\olgdet$(DETOURS_OPTION_BITS).dll \ 79 | $(BIND)\olgdet$(DETOURS_OPTION_BITS).pdb \ 80 | 81 | !ELSE 82 | 83 | option: 84 | 85 | !ENDIF 86 | 87 | ############################################################################## 88 | 89 | test: all 90 | @echo -------- Reseting test binaries to initial state. --------------------- 91 | $(BIND)\setdll.exe -r $(BIND)\testogl.exe 92 | @echo. 93 | @echo -------- Should not load ogldet$(DETOURS_BITS).dll ----------------------------------- 94 | $(BIND)\testogl.exe 95 | @echo. 96 | @echo -------- Adding ogldet$(DETOURS_BITS).dll to testogl.exe ------------------------------ 97 | $(BIND)\setdll.exe -d:$(BIND)\ogldet$(DETOURS_BITS).dll $(BIND)\testogl.exe 98 | @echo. 99 | @echo -------- Should load ogldet$(DETOURS_BITS).dll statically ---------------------------- 100 | $(BIND)\testogl.exe 101 | @echo. 102 | @echo -------- Removing ogldet$(DETOURS_BITS).dll from testogl.exe -------------------------- 103 | $(BIND)\setdll.exe -r $(BIND)\testogl.exe 104 | @echo. 105 | @echo -------- Should not load ogldet$(DETOURS_BITS).dll ----------------------------------- 106 | $(BIND)\testogl.exe 107 | @echo. 108 | @echo -------- Should load ogldet$(DETOURS_BITS).dll dynamically using withdll.exe---------- 109 | $(BIND)\withdll.exe -d:$(BIND)\ogldet$(DETOURS_BITS).dll $(BIND)\testogl.exe 110 | @echo. 111 | 112 | ################################################################# End of File. 113 | -------------------------------------------------------------------------------- /samples/opengl/ogldet.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Module: ogldet.dll 4 | // 5 | // This DLL is based on the sample simple.dll. A detour is inserted for 6 | // the OpenGL glFinish function. 7 | // 8 | #include 9 | #include 10 | #include 11 | #include "detours.h" 12 | 13 | static void (WINAPI * trueGlFinish)(void) = glFinish; 14 | 15 | void WINAPI hookedGlFinish(void) 16 | { 17 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 18 | " hookedGlFinish Starting.\n"); 19 | fflush(stdout); 20 | 21 | trueGlFinish(); 22 | 23 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 24 | " hookedGlFinish done.\n"); 25 | fflush(stdout); 26 | } 27 | 28 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 29 | { 30 | LONG error; 31 | (void)hinst; 32 | (void)reserved; 33 | 34 | if (DetourIsHelperProcess()) { 35 | return TRUE; 36 | } 37 | 38 | if (dwReason == DLL_PROCESS_ATTACH) { 39 | DetourRestoreAfterWith(); 40 | 41 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 42 | " Starting.\n"); 43 | fflush(stdout); 44 | 45 | DetourTransactionBegin(); 46 | DetourUpdateThread(GetCurrentThread()); 47 | DetourAttach(&(PVOID&)trueGlFinish, hookedGlFinish); 48 | error = DetourTransactionCommit(); 49 | 50 | if (error == NO_ERROR) { 51 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 52 | " Detoured glFinish().\n"); 53 | } 54 | else { 55 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 56 | " Error detouring glFinish(): %d\n", error); 57 | } 58 | } 59 | else if (dwReason == DLL_PROCESS_DETACH) { 60 | DetourTransactionBegin(); 61 | DetourUpdateThread(GetCurrentThread()); 62 | DetourDetach(&(PVOID&)trueGlFinish, hookedGlFinish); 63 | error = DetourTransactionCommit(); 64 | 65 | printf("ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 66 | " Removed detour glFinish() (result=%d)\n", error); 67 | fflush(stdout); 68 | } 69 | 70 | return TRUE; 71 | } 72 | 73 | // 74 | ///////////////////////////////////////////////////////////////// End of File. 75 | -------------------------------------------------------------------------------- /samples/opengl/ogldet.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for ogldet.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Open GL Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/opengl/testogl.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // File: testogl.cpp 4 | // Module: testogl.exe (oglsimple.dll) 5 | // 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | int __cdecl main() 12 | { 13 | printf("testogl.exe: Starting\n"); 14 | fflush(stdout); 15 | 16 | glFinish(); 17 | 18 | printf("testogl.exe: done\n"); 19 | fflush(stdout); 20 | 21 | return 0; 22 | } 23 | // 24 | ///////////////////////////////////////////////////////////////// End of File. 25 | -------------------------------------------------------------------------------- /samples/region/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\region.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\region.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\region.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\region.obj : region.cpp 33 | 34 | $(BIND)\region.exe : $(OBJD)\region.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\region.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\region.bsc : $(OBJD)\region.obj 39 | bscmake /v /n /o $@ $(OBJD)\region.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\region.exe 44 | @echo. 45 | $(BIND)\region.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /samples/region/region.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Test the different system region bounds (region.cpp of region.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | 11 | #include 12 | #include 13 | 14 | ////////////////////////////////////////////////////////////////////////////// 15 | // 16 | static LONG dwSlept = 0; 17 | static DWORD (WINAPI * TrueSleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; 18 | 19 | DWORD WINAPI LoudSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 20 | { 21 | DWORD dwBeg = GetTickCount(); 22 | DWORD ret = TrueSleepEx(dwMilliseconds, bAlertable); 23 | DWORD dwEnd = GetTickCount(); 24 | 25 | printf("Slept %u ticks.\n", dwEnd - dwBeg); 26 | return ret; 27 | } 28 | 29 | ////////////////////////////////////////////////////////////////////////////// 30 | // 31 | PVOID AttachAndDetach(DWORD dwMilliseconds) 32 | { 33 | LONG error; 34 | PVOID trampoline; 35 | 36 | DetourTransactionBegin(); 37 | DetourUpdateThread(GetCurrentThread()); 38 | DetourAttach(&(PVOID&)TrueSleepEx, LoudSleepEx); 39 | error = DetourTransactionCommit(); 40 | 41 | printf("Attach: %d, Trampoline: %p\n", error, TrueSleepEx); 42 | 43 | trampoline = TrueSleepEx; 44 | 45 | printf("\n"); 46 | printf("Sleep(%u)\n", dwMilliseconds); 47 | Sleep(dwMilliseconds); 48 | printf("\n"); 49 | 50 | DetourTransactionBegin(); 51 | DetourUpdateThread(GetCurrentThread()); 52 | DetourDetach(&(PVOID&)TrueSleepEx, LoudSleepEx); 53 | error = DetourTransactionCommit(); 54 | 55 | return trampoline; 56 | } 57 | 58 | int main(int argc, char **argv) 59 | { 60 | (void)argc; 61 | (void)argv; 62 | 63 | // First, save the default system region. 64 | 65 | PVOID pDefaultLower = DetourSetSystemRegionLowerBound(NULL); 66 | PVOID pDefaultUpper = DetourSetSystemRegionUpperBound(NULL); 67 | 68 | // Now attach the detour with the default system region. 69 | 70 | DetourSetSystemRegionLowerBound(pDefaultLower); 71 | DetourSetSystemRegionUpperBound(pDefaultUpper); 72 | 73 | printf("%p..%p: ", pDefaultLower, pDefaultUpper); 74 | PVOID pTramp1 = AttachAndDetach(10); 75 | 76 | printf("%p..%p: ", pDefaultLower, pDefaultUpper); 77 | PVOID pTramp2 = AttachAndDetach(10); 78 | 79 | // Now attach the detour with a smaller system region. 80 | 81 | PVOID pSmallerLower = (PVOID)( ((ULONG_PTR)pTramp1) & ~(ULONG_PTR)0x3fffffff ); 82 | PVOID pSmallerUpper = (PVOID)( ((ULONG_PTR)pTramp1 + 0x3fffffff) & ~(ULONG_PTR)0x3fffffff ); 83 | 84 | DetourSetSystemRegionLowerBound(pSmallerLower); 85 | DetourSetSystemRegionUpperBound(pSmallerUpper); 86 | 87 | printf("%p..%p: ", pSmallerLower, pSmallerUpper); 88 | PVOID pTramp3 = AttachAndDetach(20); 89 | 90 | printf("Sleep(30)\n"); 91 | Sleep(30); 92 | printf("\n"); 93 | 94 | if (pTramp1 != pTramp2) { 95 | printf("!!!!!! Trampoling allocation is not deterministic. %p != %p\n", pTramp1, pTramp2); 96 | return 1; 97 | } 98 | else if (pTramp2 == pTramp3) { 99 | printf("!!!!!! Trampoling allocation doesn't skip region. %p == %p\n", pTramp2, pTramp3); 100 | return 2; 101 | } 102 | 103 | return 0; 104 | } 105 | 106 | -------------------------------------------------------------------------------- /samples/setdll/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\setdll.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\setdll.bsc \ 18 | !ENDIF 19 | option 20 | 21 | ############################################################################## 22 | 23 | clean: 24 | -del *~ 2>nul 25 | -del $(BIND)\setdll.* 2>nul 26 | -rmdir /q /s $(OBJD) 2>nul 27 | 28 | realclean: clean 29 | -rmdir /q /s $(OBJDS) 2>nul 30 | 31 | ############################################################################## 32 | 33 | dirs: 34 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 35 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 36 | 37 | $(OBJD)\setdll.obj : setdll.cpp 38 | 39 | $(BIND)\setdll.exe : $(OBJD)\setdll.obj $(DEPS) 40 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\setdll.obj \ 41 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 42 | 43 | $(OBJD)\setdll.bsc : $(OBJD)\setdll.obj 44 | bscmake /v /n /o $@ $(OBJD)\setdll.sbr 45 | 46 | ############################################### Install non-bit-size binaries. 47 | 48 | option: 49 | 50 | ############################################################################## 51 | 52 | test: all 53 | @echo -------- Reseting test binaries to initial state. ----------------------- 54 | $(BIND)\setdll.exe -d:$(BIND)\slept$(DETOURS_BITS).dll $(BIND)\sleepold.exe 55 | @echo -------- Should load slept$(DETOURS_BITS).dll statically ------------------------------- 56 | $(BIND)\sleepold.exe 57 | @echo -------- Reseting test binaries to initial state. ----------------------- 58 | $(BIND)\setdll.exe -r $(BIND)\sleepold.exe 59 | @echo -------- Should not load slept$(DETOURS_BITS).dll -------------------------------------- 60 | $(BIND)\sleepold.exe 61 | 62 | ################################################################# End of File. 63 | -------------------------------------------------------------------------------- /samples/simple/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## API Extention to Measure time slept. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\simple$(DETOURS_BITS).dll \ 18 | $(BIND)\sleep5.exe \ 19 | \ 20 | !IF $(DETOURS_SOURCE_BROWSING)==1 21 | $(OBJD)\simple$(DETOURS_BITS).bsc \ 22 | $(OBJD)\sleep5.bsc \ 23 | !ENDIF 24 | option 25 | 26 | ############################################################################## 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\simple.obj : simple.cpp 33 | 34 | $(OBJD)\simple.res : simple.rc 35 | 36 | $(BIND)\simple$(DETOURS_BITS).dll $(BIND)\simple$(DETOURS_BITS).lib: \ 37 | $(OBJD)\simple.obj $(OBJD)\simple.res $(DEPS) 38 | cl /LD $(CFLAGS) /Fe$(@R).dll /Fd$(@R).pdb \ 39 | $(OBJD)\simple.obj $(OBJD)\simple.res \ 40 | /link $(LINKFLAGS) /subsystem:console \ 41 | /export:DetourFinishHelperProcess,@1,NONAME \ 42 | /export:TimedSleepEx \ 43 | $(LIBS) 44 | 45 | $(OBJD)\simple$(DETOURS_BITS).bsc : $(OBJD)\simple.obj 46 | bscmake /v /n /o $@ $(OBJD)\simple.sbr 47 | 48 | $(OBJD)\sleep5.obj : sleep5.cpp 49 | 50 | $(BIND)\sleep5.exe : $(OBJD)\sleep5.obj $(DEPS) 51 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\sleep5.obj \ 52 | /link $(LINKFLAGS) $(LIBS) \ 53 | /subsystem:console 54 | 55 | $(OBJD)\sleep5.bsc : $(OBJD)\sleep5.obj 56 | bscmake /v /n /o $@ $(OBJD)\sleep5.sbr 57 | 58 | ############################################################################## 59 | 60 | clean: 61 | -del *~ 2>nul 62 | -del $(BIND)\simple*.* 2>nul 63 | -del $(BIND)\sleep5.* 2>nul 64 | -rmdir /q /s $(OBJD) 2>nul 65 | 66 | realclean: clean 67 | -rmdir /q /s $(OBJDS) 2>nul 68 | 69 | ############################################### Install non-bit-size binaries. 70 | 71 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 72 | 73 | $(OPTD)\simple$(DETOURS_OPTION_BITS).dll: 74 | $(OPTD)\simple$(DETOURS_OPTION_BITS).pdb: 75 | 76 | $(BIND)\simple$(DETOURS_OPTION_BITS).dll : $(OPTD)\simple$(DETOURS_OPTION_BITS).dll 77 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 78 | $(BIND)\simple$(DETOURS_OPTION_BITS).pdb : $(OPTD)\simple$(DETOURS_OPTION_BITS).pdb 79 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 80 | 81 | option: \ 82 | $(BIND)\simple$(DETOURS_OPTION_BITS).dll \ 83 | $(BIND)\simple$(DETOURS_OPTION_BITS).pdb \ 84 | 85 | !ELSE 86 | 87 | option: 88 | 89 | !ENDIF 90 | 91 | ############################################################################## 92 | 93 | test: all 94 | @echo -------- Reseting test binaries to initial state. --------------------- 95 | $(BIND)\setdll.exe -r $(BIND)\sleep5.exe 96 | @echo. 97 | @echo -------- Should not load simple$(DETOURS_BITS).dll ----------------------------------- 98 | $(BIND)\sleep5.exe 99 | @echo. 100 | @echo -------- Adding simple$(DETOURS_BITS).dll to sleep5.exe ------------------------------ 101 | $(BIND)\setdll.exe -d:$(BIND)\simple$(DETOURS_BITS).dll $(BIND)\sleep5.exe 102 | @echo. 103 | @echo -------- Should load simple$(DETOURS_BITS).dll statically ---------------------------- 104 | $(BIND)\sleep5.exe 105 | @echo. 106 | @echo -------- Removing simple$(DETOURS_BITS).dll from sleep5.exe -------------------------- 107 | $(BIND)\setdll.exe -r $(BIND)\sleep5.exe 108 | @echo. 109 | @echo -------- Should not load simple$(DETOURS_BITS).dll ----------------------------------- 110 | $(BIND)\sleep5.exe 111 | @echo. 112 | @echo -------- Should load simple$(DETOURS_BITS).dll dynamically using withdll.exe---------- 113 | $(BIND)\withdll.exe -d:$(BIND)\simple$(DETOURS_BITS).dll $(BIND)\sleep5.exe 114 | @echo. 115 | 116 | debug: all 117 | windbg -o $(BIND)\withdll.exe -d:$(BIND)\simple$(DETOURS_BITS).dll $(BIND)\sleep5.exe 118 | 119 | 120 | ################################################################# End of File. 121 | -------------------------------------------------------------------------------- /samples/simple/simple.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (simple.cpp of simple.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // This DLL will detour the Windows SleepEx API so that TimedSleep function 10 | // gets called instead. TimedSleepEx records the before and after times, and 11 | // calls the real SleepEx API through the TrueSleepEx function pointer. 12 | // 13 | #include 14 | #include 15 | #include "detours.h" 16 | 17 | static LONG dwSlept = 0; 18 | static DWORD (WINAPI * TrueSleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; 19 | 20 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 21 | { 22 | DWORD dwBeg = GetTickCount(); 23 | DWORD ret = TrueSleepEx(dwMilliseconds, bAlertable); 24 | DWORD dwEnd = GetTickCount(); 25 | 26 | InterlockedExchangeAdd(&dwSlept, dwEnd - dwBeg); 27 | 28 | return ret; 29 | } 30 | 31 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 32 | { 33 | LONG error; 34 | (void)hinst; 35 | (void)reserved; 36 | 37 | if (DetourIsHelperProcess()) { 38 | return TRUE; 39 | } 40 | 41 | if (dwReason == DLL_PROCESS_ATTACH) { 42 | DetourRestoreAfterWith(); 43 | 44 | printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 45 | " Starting.\n"); 46 | fflush(stdout); 47 | 48 | DetourTransactionBegin(); 49 | DetourUpdateThread(GetCurrentThread()); 50 | DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); 51 | error = DetourTransactionCommit(); 52 | 53 | if (error == NO_ERROR) { 54 | printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 55 | " Detoured SleepEx().\n"); 56 | } 57 | else { 58 | printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 59 | " Error detouring SleepEx(): %d\n", error); 60 | } 61 | } 62 | else if (dwReason == DLL_PROCESS_DETACH) { 63 | DetourTransactionBegin(); 64 | DetourUpdateThread(GetCurrentThread()); 65 | DetourDetach(&(PVOID&)TrueSleepEx, TimedSleepEx); 66 | error = DetourTransactionCommit(); 67 | 68 | printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:" 69 | " Removed SleepEx() (result=%d), slept %d ticks.\n", error, dwSlept); 70 | fflush(stdout); 71 | } 72 | return TRUE; 73 | } 74 | 75 | // 76 | ///////////////////////////////////////////////////////////////// End of File. 77 | -------------------------------------------------------------------------------- /samples/simple/simple.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for simple.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/simple/sleep5.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (sleep5.cpp of sleep5.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | if (argc == 2) { 17 | Sleep(atoi(argv[1]) * 1000); 18 | } 19 | else { 20 | printf("sleep5.exe: Starting.\n"); 21 | 22 | Sleep(5000); 23 | 24 | printf("sleep5.exe: Done sleeping.\n"); 25 | } 26 | return 0; 27 | } 28 | // 29 | ///////////////////////////////////////////////////////////////// End of File. 30 | -------------------------------------------------------------------------------- /samples/slept/dslept.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (dslept.cpp of dslept.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // An example dynamically detouring a function. 10 | // 11 | #include 12 | #include 13 | #include "detours.h" 14 | #include "slept.h" 15 | 16 | #include "verify.cpp" 17 | 18 | LONG dwSlept = 0; 19 | 20 | static DWORD (WINAPI * TrueSleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = NULL; 21 | static int (WINAPI * TrueEntryPoint)(VOID) = NULL; 22 | static int (WINAPI * RawEntryPoint)(VOID) = NULL; 23 | 24 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 25 | { 26 | if (TrueSleepEx != NULL) { 27 | return TrueSleepEx(dwMilliseconds, bAlertable); 28 | } 29 | return 0; 30 | } 31 | 32 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 33 | { 34 | DWORD dwBeg = GetTickCount(); 35 | DWORD ret = TrueSleepEx(dwMilliseconds, bAlertable); 36 | DWORD dwEnd = GetTickCount(); 37 | 38 | InterlockedExchangeAdd(&dwSlept, dwEnd - dwBeg); 39 | return ret; 40 | } 41 | 42 | DWORD WINAPI GetSleptTicks(VOID) 43 | { 44 | return dwSlept; 45 | } 46 | 47 | int WINAPI TimedEntryPoint(VOID) 48 | { 49 | // We couldn't call LoadLibrary in DllMain, 50 | // so we detour SleepEx here... 51 | LONG error; 52 | 53 | TrueSleepEx = (DWORD (WINAPI *)(DWORD, BOOL)) 54 | DetourFindFunction("kernel32.dll", "SleepEx"); 55 | 56 | DetourTransactionBegin(); 57 | DetourUpdateThread(GetCurrentThread()); 58 | DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); 59 | error = DetourTransactionCommit(); 60 | 61 | if (error == NO_ERROR) { 62 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 63 | " Detoured SleepEx().\n"); 64 | 65 | } 66 | else { 67 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 68 | " Error detouring SleepEx(): %d\n", error); 69 | } 70 | 71 | Verify("SleepEx", (PVOID)SleepEx); 72 | printf("\n"); 73 | fflush(stdout); 74 | 75 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 76 | " Calling EntryPoint\n"); 77 | fflush(stdout); 78 | 79 | return TrueEntryPoint(); 80 | } 81 | 82 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 83 | { 84 | LONG error; 85 | (void)hinst; 86 | (void)reserved; 87 | 88 | if (DetourIsHelperProcess()) { 89 | return TRUE; 90 | } 91 | 92 | if (dwReason == DLL_PROCESS_ATTACH) { 93 | DetourRestoreAfterWith(); 94 | 95 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 96 | " Starting.\n"); 97 | Verify("SleepEx", (PVOID)SleepEx); 98 | printf("\n"); 99 | fflush(stdout); 100 | 101 | // NB: DllMain can't call LoadLibrary, so we hook the app entry point. 102 | TrueEntryPoint = (int (WINAPI *)(VOID))DetourGetEntryPoint(NULL); 103 | RawEntryPoint = TrueEntryPoint; 104 | 105 | Verify("EntryPoint", RawEntryPoint); 106 | 107 | DetourTransactionBegin(); 108 | DetourUpdateThread(GetCurrentThread()); 109 | DetourAttach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); 110 | error = DetourTransactionCommit(); 111 | 112 | Verify("EntryPoint after attach", RawEntryPoint); 113 | Verify("EntryPoint trampoline", TrueEntryPoint); 114 | 115 | if (error == NO_ERROR) { 116 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 117 | " Detoured EntryPoint().\n"); 118 | } 119 | else { 120 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 121 | " Error detouring EntryPoint(): %d\n", error); 122 | } 123 | } 124 | else if (dwReason == DLL_PROCESS_DETACH) { 125 | DetourTransactionBegin(); 126 | DetourUpdateThread(GetCurrentThread()); 127 | if (TrueSleepEx != NULL) { 128 | DetourDetach(&(PVOID&)TrueSleepEx, (PVOID)TimedSleepEx); 129 | } 130 | DetourDetach(&(PVOID&)TrueEntryPoint, TimedEntryPoint); 131 | error = DetourTransactionCommit(); 132 | 133 | printf("dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 134 | " Removed Sleep() detours (%d), slept %d ticks.\n", error, dwSlept); 135 | 136 | fflush(stdout); 137 | } 138 | return TRUE; 139 | } 140 | // 141 | ///////////////////////////////////////////////////////////////// End of File. 142 | -------------------------------------------------------------------------------- /samples/slept/dslept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dslept.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/slept/sleepbed.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (sleepbed.cpp of sleepbed.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | 13 | #include "verify.cpp" 14 | 15 | static BOOL fBroke = FALSE; 16 | static LONG dwSlept = 0; 17 | static DWORD (WINAPI * TrueSleepEx)(DWORD dwMilliseconds, BOOL bAlertable) 18 | = SleepEx; 19 | 20 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 21 | { 22 | return TrueSleepEx(dwMilliseconds, bAlertable); 23 | } 24 | 25 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 26 | { 27 | DWORD dwBeg = GetTickCount(); 28 | DWORD ret = TrueSleepEx(dwMilliseconds, bAlertable); 29 | DWORD dwEnd = GetTickCount(); 30 | 31 | if (!fBroke) { 32 | fBroke = TRUE; 33 | // DebugBreak(); 34 | } 35 | 36 | InterlockedExchangeAdd(&dwSlept, dwEnd - dwBeg); 37 | return ret; 38 | } 39 | 40 | DWORD WINAPI GetSleptTicks(VOID) 41 | { 42 | return dwSlept; 43 | } 44 | 45 | // 46 | ///////////////////////////////////////////////////////////////// End of File. 47 | 48 | int __cdecl main(void) 49 | { 50 | int error = 0; 51 | 52 | printf("sleepbed.exe: Starting.\n"); 53 | PVOID pbExeEntry = DetourGetEntryPoint(NULL); 54 | printf("sleepbed.exe: ExeEntry=%p\n", pbExeEntry); 55 | 56 | Verify("SleepEx", (PVOID)SleepEx); 57 | printf("\n"); 58 | fflush(stdout); 59 | 60 | DetourTransactionBegin(); 61 | DetourUpdateThread(GetCurrentThread()); 62 | DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); 63 | error = DetourTransactionCommit(); 64 | 65 | if (error == NO_ERROR) { 66 | printf("sleepbed.exe: Detoured SleepEx().\n"); 67 | } 68 | else { 69 | printf("sleepbed.exe: Error detouring SleepEx(): %d\n", error); 70 | return error; 71 | } 72 | fflush(stdout); 73 | 74 | printf("sleepbed.exe: After detour.\n"); 75 | Verify("SleepEx", (PBYTE)SleepEx); 76 | printf("\n"); 77 | fflush(stdout); 78 | 79 | printf("sleepbed.exe: Calling Sleep for 1 second.\n"); 80 | Sleep(1000); 81 | printf("sleepbed.exe: Calling SleepEx for 1 second.\n"); 82 | SleepEx(1000, true); 83 | printf("sleepbed.exe: Calling Sleep again for 1 second.\n"); 84 | Sleep(1000); 85 | printf("sleepbed.exe: Calling TimedSleepEx for 1 second.\n"); 86 | TimedSleepEx(1000, false); 87 | printf("sleepbed.exe: Calling UntimedSleepEx for 1 second.\n"); 88 | UntimedSleepEx(1000, false); 89 | printf("sleepbed.exe: Done sleeping.\n\n"); 90 | 91 | DetourTransactionBegin(); 92 | DetourUpdateThread(GetCurrentThread()); 93 | DetourDetach(&(PVOID&)TrueSleepEx, TimedSleepEx); 94 | error = DetourTransactionCommit(); 95 | printf("sleepbed.exe: Removed SleepEx() detour (%d), slept %d ticks.\n", 96 | error, dwSlept); 97 | fflush(stdout); 98 | 99 | printf("sleepbed.exe: GetSleptTicks() = %d\n\n", GetSleptTicks()); 100 | return error; 101 | } 102 | // 103 | ///////////////////////////////////////////////////////////////// End of File. 104 | -------------------------------------------------------------------------------- /samples/slept/sleepnew.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (sleepnew.cpp of sleepnew.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include "slept.h" 13 | 14 | #include "verify.cpp" 15 | 16 | int __cdecl main(void) 17 | { 18 | printf("sleepnew.exe: Starting.\n"); 19 | Verify("SleepEx", (PBYTE)SleepEx); 20 | printf("\n"); 21 | fflush(stdout); 22 | 23 | printf("sleepnew.exe: Calling Sleep for 1 second.\n"); 24 | Sleep(1000); 25 | printf("sleepnew.exe: Calling SleepEx for 1 second.\n"); 26 | SleepEx(1000, true); 27 | printf("sleepnew.exe: Calling Sleep again for 1 second.\n"); 28 | Sleep(1000); 29 | printf("sleepnew.exe: Calling TimedSleep for 1 second.\n"); 30 | TimedSleepEx(1000, FALSE); 31 | printf("sleepnew.exe: Calling UntimedSleep for 1 second.\n"); 32 | UntimedSleepEx(1000, FALSE); 33 | printf("sleepnew.exe: Done sleeping.\n\n"); 34 | 35 | #if 0 36 | // This code enumerates the virtual address space and attempts to reserve 37 | // all unused space below 8GB. 38 | // 39 | for (PBYTE pbTry = (PBYTE)0x10000; pbTry < (PBYTE)0x200000000;) { 40 | MEMORY_BASIC_INFORMATION mbi; 41 | 42 | if (!VirtualQuery(pbTry, &mbi, sizeof(mbi))) { 43 | break; 44 | } 45 | 46 | if (mbi.State == MEM_FREE && mbi.RegionSize > 0x10000) { 47 | PBYTE pbBase = (PBYTE)((((ULONG_PTR)pbTry) + 0xffff) & 0xffffffffffff0000); 48 | SIZE_T cbTry = mbi.RegionSize & 0xffffffffffff0000; 49 | if (cbTry > 0x40000000) { 50 | cbTry = 0x40000000; 51 | } 52 | PVOID pvRegion = VirtualAlloc(pbBase, cbTry, 53 | MEM_RESERVE, 54 | PAGE_NOACCESS); 55 | if (pvRegion == NULL) { 56 | printf("---%p..%p failed.\n", pbBase, mbi.RegionSize - 0x10000); 57 | } 58 | else { 59 | continue; 60 | } 61 | } 62 | 63 | printf(" %p..%p %6x [%p]\n", 64 | mbi.BaseAddress, (PBYTE)mbi.BaseAddress + mbi.RegionSize - 1, 65 | mbi.State, 66 | pbTry); 67 | 68 | pbTry = (PBYTE)mbi.BaseAddress + mbi.RegionSize; 69 | } 70 | #endif 71 | 72 | printf("sleepnew.exe: GetSleptTicks() = %d\n\n", GetSleptTicks()); 73 | return 0; 74 | } 75 | // 76 | ///////////////////////////////////////////////////////////////// End of File. 77 | -------------------------------------------------------------------------------- /samples/slept/sleepold.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (sleepold.cpp of sleepold.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | 13 | #include "verify.cpp" 14 | 15 | int __cdecl main(int argc, char **argv) 16 | { 17 | BOOL fQuiet = FALSE; 18 | 19 | if (argc == 2 && _stricmp(argv[1], "-quiet") == 0) { 20 | fQuiet = TRUE; 21 | } 22 | 23 | // 24 | // Verify what the code looks like. 25 | // 26 | printf("sleepold.exe: Starting (at %p).\n", main); 27 | if (!fQuiet) { 28 | Verify("SleepEx", (PBYTE)SleepEx); 29 | printf("\n"); 30 | } 31 | fflush(stdout); 32 | 33 | // 34 | // See if another process wants us to wait on a shared event. 35 | // This helps in testing loading a DLL into a new process. 36 | 37 | if (argc == 2 && _stricmp(argv[1], "-wait") == 0) { 38 | HANDLE hEvent = OpenEventA(SYNCHRONIZE, FALSE, "detours_load_test_event"); 39 | if (hEvent) { 40 | printf("sleepold.exe: Waiting for detours_load_test_event to be set.\n"); 41 | fflush(stdout); 42 | WaitForSingleObject(hEvent, INFINITE); 43 | } 44 | else { 45 | printf("sleepold.exe: Couldn't open detours_load_test_event.\n"); 46 | } 47 | } 48 | 49 | // 50 | // Try out sleep (which may be detours). 51 | // 52 | printf("sleepold.exe: Calling Sleep for 1 second.\n"); 53 | Sleep(1000); 54 | 55 | printf("sleepold.exe: Calling SleepEx for 1 second.\n"); 56 | SleepEx(1000, false); 57 | 58 | printf("sleepold.exe: Calling Sleep again for 1 second.\n"); 59 | Sleep(1000); 60 | 61 | // DebugBreak(); 62 | 63 | printf("sleepold.exe: Done sleeping.\n\n"); 64 | fflush(stdout); 65 | 66 | return 0; 67 | } 68 | // 69 | ///////////////////////////////////////////////////////////////// End of File. 70 | -------------------------------------------------------------------------------- /samples/slept/slept.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (slept.cpp of slept.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include 10 | #include 11 | #include "detours.h" 12 | #include "slept.h" 13 | 14 | #include "verify.cpp" 15 | 16 | static BOOL fBroke = FALSE; 17 | static LONG dwSlept = 0; 18 | static DWORD (WINAPI * TrueSleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; 19 | 20 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 21 | { 22 | return TrueSleepEx(dwMilliseconds, bAlertable); 23 | } 24 | 25 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable) 26 | { 27 | DWORD dwBeg = GetTickCount(); 28 | DWORD ret = TrueSleepEx(dwMilliseconds, bAlertable); 29 | DWORD dwEnd = GetTickCount(); 30 | 31 | if (!fBroke) { 32 | fBroke = TRUE; 33 | // DebugBreak(); 34 | } 35 | 36 | InterlockedExchangeAdd(&dwSlept, dwEnd - dwBeg); 37 | return ret; 38 | } 39 | 40 | DWORD WINAPI GetSleptTicks(VOID) 41 | { 42 | return dwSlept; 43 | } 44 | 45 | DWORD WINAPI TestTicks(VOID) 46 | { 47 | return TestTicksEx(0); 48 | } 49 | 50 | DWORD WINAPI TestTicksEx(DWORD Add) 51 | { 52 | PDWORD pdw = new DWORD [Add + 1]; 53 | 54 | if (pdw != NULL) { 55 | pdw[0] = dwSlept; 56 | for (DWORD n = 1; n < Add + 1; n++) { 57 | pdw[n] = pdw[n-1] + 1; 58 | } 59 | 60 | for (DWORD n = 1; n < Add + 1; n++) { 61 | pdw[n-1] = pdw[n-1] - 1; 62 | } 63 | 64 | for (DWORD n = 1; n < Add + 1; n++) { 65 | pdw[n] = pdw[n-1] + 1; 66 | } 67 | 68 | Add = pdw[Add] - Add; 69 | 70 | delete [] pdw; 71 | } 72 | else { 73 | Add = dwSlept + Add; 74 | } 75 | 76 | return Add; 77 | } 78 | 79 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 80 | { 81 | LONG error; 82 | (void)hinst; 83 | (void)reserved; 84 | 85 | if (DetourIsHelperProcess()) { 86 | return TRUE; 87 | } 88 | 89 | if (dwReason == DLL_PROCESS_ATTACH) { 90 | DetourRestoreAfterWith(); 91 | 92 | printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 93 | " Starting.\n"); 94 | PVOID pbExeEntry = DetourGetEntryPoint(NULL); 95 | PVOID pbDllEntry = DetourGetEntryPoint(hinst); 96 | printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 97 | " ExeEntry=%p, DllEntry=%p\n", pbExeEntry, pbDllEntry); 98 | 99 | Verify("SleepEx", (PVOID)SleepEx); 100 | printf("\n"); 101 | fflush(stdout); 102 | 103 | DetourTransactionBegin(); 104 | DetourUpdateThread(GetCurrentThread()); 105 | DetourAttach(&(PVOID&)TrueSleepEx, TimedSleepEx); 106 | error = DetourTransactionCommit(); 107 | 108 | if (error == NO_ERROR) { 109 | printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 110 | " Detoured SleepEx() @ %p.\n", TrueSleepEx); 111 | } 112 | else { 113 | printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 114 | " Error detouring SleepEx(): %d\n", error); 115 | } 116 | } 117 | else if (dwReason == DLL_PROCESS_DETACH) { 118 | DetourTransactionBegin(); 119 | DetourUpdateThread(GetCurrentThread()); 120 | DetourDetach(&(PVOID&)TrueSleepEx, TimedSleepEx); 121 | error = DetourTransactionCommit(); 122 | printf("slept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll: " 123 | " Removed SleepEx() detour (%d), slept %d ticks.\n", error, dwSlept); 124 | fflush(stdout); 125 | } 126 | return TRUE; 127 | } 128 | 129 | // 130 | ///////////////////////////////////////////////////////////////// End of File. 131 | -------------------------------------------------------------------------------- /samples/slept/slept.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (slept.h of slept.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 11 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 12 | DWORD WINAPI GetSleptTicks(VOID); 13 | DWORD WINAPI TestTicks(VOID); 14 | DWORD WINAPI TestTicksEx(DWORD Add); 15 | 16 | // 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/slept/slept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for sleep.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/slept/verify.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (verify.cpp) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | 12 | static VOID Dump(PBYTE pbBytes, LONG nBytes, PBYTE pbTarget) 13 | { 14 | for (LONG n = 0; n < nBytes; n += 16) { 15 | printf(" %p: ", pbBytes + n); 16 | for (LONG m = n; m < n + 16; m++) { 17 | if (m >= nBytes) { 18 | printf(" "); 19 | } 20 | else { 21 | printf("%02x", pbBytes[m]); 22 | } 23 | if (m % 4 == 3) { 24 | printf(" "); 25 | } 26 | } 27 | if (n == 0 && pbTarget != DETOUR_INSTRUCTION_TARGET_NONE) { 28 | printf(" [%p]", pbTarget); 29 | } 30 | printf("\n"); 31 | } 32 | } 33 | 34 | static VOID Decode(PCSTR pszDesc, PBYTE pbCode, PBYTE pbOther, PBYTE pbPointer, LONG nInst) 35 | { 36 | if (pbCode != pbPointer) { 37 | printf(" %s = %p [%p]\n", pszDesc, pbCode, pbPointer); 38 | } 39 | else { 40 | printf(" %s = %p\n", pszDesc, pbCode); 41 | } 42 | 43 | if (pbCode == pbOther) { 44 | printf(" ... unchanged ...\n"); 45 | return; 46 | } 47 | 48 | PBYTE pbSrc = pbCode; 49 | PBYTE pbEnd; 50 | PVOID pbTarget; 51 | for (LONG n = 0; n < nInst; n++) { 52 | pbEnd = (PBYTE)DetourCopyInstruction(NULL, NULL, pbSrc, &pbTarget, NULL); 53 | Dump(pbSrc, (int)(pbEnd - pbSrc), (PBYTE)pbTarget); 54 | pbSrc = pbEnd; 55 | } 56 | } 57 | 58 | 59 | VOID WINAPI Verify(PCHAR pszFunc, PVOID pvPointer) 60 | { 61 | PVOID pvCode = DetourCodeFromPointer(pvPointer, NULL); 62 | 63 | Decode(pszFunc, (PBYTE)pvCode, NULL, (PBYTE)pvPointer, 3); 64 | } 65 | 66 | VOID WINAPI VerifyEx(PCHAR pszFunc, PVOID pvPointer, LONG nInst) 67 | { 68 | PVOID pvCode = DetourCodeFromPointer(pvPointer, NULL); 69 | 70 | Decode(pszFunc, (PBYTE)pvCode, NULL, (PBYTE)pvPointer, nInst); 71 | } 72 | 73 | // 74 | ///////////////////////////////////////////////////////////////// End of File. 75 | -------------------------------------------------------------------------------- /samples/syelog/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | ############################################################################## 10 | 11 | TARGETOS=WINNT 12 | !include ..\common.mak 13 | 14 | LIBS=$(LIBS) kernel32.lib 15 | 16 | ############################################################################## 17 | 18 | all: dirs \ 19 | $(INCD)\syelog.h \ 20 | $(LIBD)\syelog.lib \ 21 | $(BIND)\syelogd.exe \ 22 | \ 23 | $(BIND)\sltest.exe \ 24 | $(BIND)\sltestp.exe \ 25 | \ 26 | !IF $(DETOURS_SOURCE_BROWSING)==1 27 | $(OBJD)\syelogd.bsc \ 28 | $(OBJD)\sltest.bsc \ 29 | $(OBJD)\sltestp.bsc \ 30 | !ENDIF 31 | 32 | ############################################################################## 33 | ## 34 | clean: 35 | -del *~ test.txt 2> nul 36 | -del $(INCD)\syelog.* 2>nul 37 | -del $(LIBD)\syelog.* 2>nul 38 | -del $(BIND)\syelogd.* 2>nul 39 | -del $(BIND)\sltest.* 2>nul 40 | -del $(BIND)\sltestp.* 2>nul 41 | -rmdir /q /s $(OBJD) 2>nul 42 | 43 | realclean: clean 44 | -rmdir /q /s $(OBJDS) 2>nul 45 | 46 | ############################################################################## 47 | 48 | dirs: 49 | @if not exist $(INCD) mkdir $(INCD) && echo. Created $(INCD) 50 | @if not exist $(LIBD) mkdir $(LIBD) && echo. Created $(LIBD) 51 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 52 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 53 | 54 | $(OBJD)\syelog.obj : syelog.cpp syelog.h 55 | $(OBJD)\syelogd.obj: syelogd.cpp syelog.h 56 | $(OBJD)\sltest.obj: sltest.cpp syelog.h 57 | $(OBJD)\sltestp.obj: sltestp.cpp syelog.h 58 | 59 | $(INCD)\syelog.h : syelog.h 60 | copy syelog.h $@ 61 | 62 | $(LIBD)\syelog.lib : $(OBJD)\syelog.obj 63 | link /lib $(LIBFLAGS) /out:$@ $(OBJD)\syelog.obj 64 | 65 | $(BIND)\sltest.exe: $(OBJD)\sltest.obj $(OBJD)\syelog.obj $(DEPS) 66 | $(CC) $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\sltest.obj \ 67 | /link $(LINKFLAGS) $(LIBS) 68 | 69 | $(OBJD)\sltest.bsc : $(OBJD)\sltest.obj 70 | bscmake /v /n /o $@ $(OBJD)\sltest.sbr 71 | 72 | $(BIND)\sltestp.exe: $(OBJD)\sltestp.obj $(DEPS) 73 | $(CC) $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\sltestp.obj \ 74 | /link $(LINKFLAGS) $(LIBS) 75 | 76 | $(OBJD)\sltestp.bsc : $(OBJD)\sltestp.obj 77 | bscmake /v /n /o $@ $(OBJD)\sltestp.sbr 78 | 79 | $(LIBD)\detours.lib: 80 | cd $(ROOT)\src 81 | nmake /nologo 82 | cd $(MAKEDIR) 83 | 84 | $(BIND)\syelogd.exe: $(OBJD)\syelogd.obj $(DEPS) 85 | $(CC) $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\syelogd.obj \ 86 | /link $(LINKFLAGS) ws2_32.lib mswsock.lib advapi32.lib 87 | 88 | $(OBJD)\syelogd.bsc : $(OBJD)\syelogd.obj 89 | bscmake /v /n /o $@ $(OBJD)\syelogd.sbr 90 | 91 | ############################################################################## 92 | 93 | test: $(BIND)\syelogd.exe $(BIND)\sltest.exe $(BIND)\sltestp.exe 94 | @echo -------- Logging output to test.txt ------------ 95 | start $(BIND)\syelogd.exe test.txt 96 | $(BIND)\sleep5.exe 1 97 | $(BIND)\sltestp.exe 98 | $(BIND)\sltest.exe /x 99 | type test.txt 100 | 101 | ################################################################# End of File. 102 | -------------------------------------------------------------------------------- /samples/syelog/sltestp.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (sltestp.cpp of sltestp.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | // Test the named-pipe-based connection to the syelog system-event logger. 10 | // 11 | #include 12 | #include 13 | #include 14 | #include 15 | #pragma warning(push) 16 | #if _MSC_VER > 1400 17 | #pragma warning(disable:6102 6103) // /analyze warnings 18 | #endif 19 | #include 20 | #pragma warning(pop) 21 | #include "syelog.h" 22 | 23 | VOID MyErrExit(PCSTR pszMsg) 24 | { 25 | fprintf(stderr, "Error %s: %d\n", pszMsg, GetLastError()); 26 | exit(1); 27 | } 28 | 29 | DWORD main(int argc, char *argv[]) 30 | { 31 | HANDLE hPipe; 32 | SYELOG_MESSAGE Message; 33 | BOOL fSuccess; 34 | DWORD cbWritten, dwMode; 35 | 36 | // Try to open a named pipe; wait for it, if necessary. 37 | 38 | TIME_ZONE_INFORMATION tzi; 39 | GetTimeZoneInformation(&tzi); 40 | 41 | for (;;) { 42 | hPipe = CreateFileW(SYELOG_PIPE_NAMEW, // pipe name 43 | GENERIC_WRITE, // write access only 44 | 0, // no sharing 45 | NULL, // no security attributes 46 | OPEN_EXISTING, // opens existing pipe 47 | 0, // default attributes 48 | NULL); // no template file 49 | 50 | // Break if the pipe handle is valid. 51 | if (hPipe != INVALID_HANDLE_VALUE) 52 | break; 53 | 54 | // Exit if an error other than ERROR_PIPE_BUSY occurs. 55 | 56 | if (GetLastError() != ERROR_PIPE_BUSY) 57 | MyErrExit("Could not open pipe"); 58 | 59 | // All pipe instances are busy, so wait for 1 seconds. 60 | 61 | if (!WaitNamedPipeW(SYELOG_PIPE_NAMEW, 1000)) 62 | MyErrExit("Could not open pipe"); 63 | } 64 | 65 | // The pipe connected; change to message-read mode. 66 | dwMode = PIPE_READMODE_MESSAGE; 67 | fSuccess = SetNamedPipeHandleState(hPipe, // pipe handle 68 | &dwMode, // new pipe mode 69 | NULL, // don't set maximum bytes 70 | NULL); // don't set maximum time 71 | if (!fSuccess) 72 | MyErrExit("SetNamedPipeHandleState"); 73 | 74 | // Send a message to the pipe server. 75 | 76 | memset(&Message, 0, sizeof(Message)); 77 | 78 | StringCchCopyA(Message.szMessage, ARRAYSIZE(Message.szMessage), 79 | (argc > 1) ? argv[1] : "sltestp: hello world!"); 80 | 81 | Message.nFacility = SYELOG_FACILITY_APPLICATION; 82 | Message.nSeverity = SYELOG_SEVERITY_INFORMATION; 83 | Message.nProcessId = GetCurrentProcessId(); 84 | GetSystemTimeAsFileTime(&Message.ftOccurance); 85 | PCSTR pszEnd = Message.szMessage; 86 | for (; *pszEnd; pszEnd++) { 87 | // no internal contents. 88 | } 89 | Message.nBytes = (USHORT)(pszEnd - ((PCSTR)&Message) + 1); 90 | 91 | fSuccess = WriteFile(hPipe, // pipe handle 92 | &Message, // message 93 | Message.nBytes, // message length 94 | &cbWritten, // bytes written 95 | NULL); // not overlapped 96 | if (! fSuccess) 97 | MyErrExit("WriteFile"); 98 | 99 | CloseHandle(hPipe); 100 | 101 | GetTimeZoneInformation(&tzi); 102 | 103 | return 0; 104 | } 105 | -------------------------------------------------------------------------------- /samples/syelog/syelog.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (syelog.h of syelog.lib) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #pragma once 10 | #ifndef _SYELOGD_H_ 11 | #define _SYELOGD_H_ 12 | #include 13 | 14 | #pragma pack(push, 1) 15 | #pragma warning(push) 16 | #pragma warning(disable: 4200) 17 | 18 | ////////////////////////////////////////////////////////////////////////////// 19 | // 20 | // 21 | #define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog" 22 | #define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog" 23 | #ifdef UNICODE 24 | #define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW 25 | #else 26 | #define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA 27 | #endif 28 | 29 | ////////////////////////////////////////////////////////////////////////////// 30 | // 31 | #define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff) 32 | 33 | typedef struct _SYELOG_MESSAGE 34 | { 35 | USHORT nBytes; 36 | BYTE nFacility; 37 | BYTE nSeverity; 38 | DWORD nProcessId; 39 | FILETIME ftOccurance; 40 | BOOL fTerminate; 41 | CHAR szMessage[SYELOG_MAXIMUM_MESSAGE]; 42 | } SYELOG_MESSAGE, *PSYELOG_MESSAGE; 43 | 44 | 45 | // Facility Codes. 46 | // 47 | #define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel 48 | #define SYELOG_FACILITY_SECURITY 0x20 // OS Security 49 | #define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal 50 | #define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon 51 | #define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application 52 | #define SYELOG_FACILITY_USER 0x60 // User self-generated. 53 | #define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined. 54 | #define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined. 55 | #define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined. 56 | #define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined. 57 | #define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined. 58 | #define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined. 59 | #define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined. 60 | #define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined. 61 | #define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined. 62 | #define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined. 63 | 64 | // Severity Codes. 65 | // 66 | #define SYELOG_SEVERITY_FATAL 0x00 // System is dead. 67 | #define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately. 68 | #define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition. 69 | #define SYELOG_SEVERITY_ERROR 0x30 // Error 70 | #define SYELOG_SEVERITY_WARNING 0x40 // Warning 71 | #define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition. 72 | #define SYELOG_SEVERITY_INFORMATION 0x60 // Informational 73 | #define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed 74 | #define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded 75 | #define SYELOG_SEVERITY_DEBUG 0x70 // Debugging 76 | 77 | // Logging Functions. 78 | // 79 | VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility); 80 | VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...); 81 | VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args); 82 | VOID SyelogClose(BOOL fTerminate); 83 | 84 | #pragma warning(pop) 85 | #pragma pack(pop) 86 | 87 | #endif // _SYELOGD_H_ 88 | // 89 | ///////////////////////////////////////////////////////////////// End of File. 90 | -------------------------------------------------------------------------------- /samples/talloc/NORMAL_IA64.TXT: -------------------------------------------------------------------------------- 1 | talloc.exe: Detoured functions. 2 | 3 | Address Size: Typ Sta Prot Ini : Contents 4 | ------------ ------------: --- --- ---- --- : ----------------- 5 | Exe: 13f660000 6 | 100000000 3f660000: fre --- : 7 | 13f660000 2000: img com r-- rcx : TALLOC.EXE 8 | 13f6ce000 100802000: fre --- : 9 | Dll1: 280000000 10 | 200000000 3fed0000: fre --- : 11 | 23fed0000 10000: pri com r-x rwx : 12 | 23fee0000 2000: pri res --- : 13 | 23fee2000 e000: fre --- : 14 | 23fef0000 10000: pri res --- : 15 | 23ff00000 100000: pri res --- : 16 | 240000000 40000000: pri res --- : 17 | 280000000 2000: img com r-- rcx : TDLL1X64.DLL 18 | 280028000 8000: fre --- : 19 | 280030000 7ffd0000: pri res --- : 20 | Dll2: 380000000 21 | 300000000 80000000: pri res --- : 22 | 380000000 2000: img com r-- rcx : TDLL2X64.DLL 23 | 380028000 8000: fre --- : 24 | 380030000 40000000: pri res --- : 25 | 3c0030000 100000: pri res --- : 26 | 3c0130000 10000: pri res --- : 27 | 3c0140000 2000: pri res --- : 28 | 3c0142000 e000: fre --- : 29 | 3c0150000 10000: pri com r-x rwx : 30 | 3c0160000 3fea0000: fre --- : 31 | Dll3: 480000000 32 | 400000000 40000000: pri res --- : 33 | 440000000 100000: pri res --- : 34 | 440100000 10000: pri res --- : 35 | 440110000 2000: pri res --- : 36 | 440112000 e000: fre --- : 37 | 440120000 10000: pri com r-x rwx : 38 | 440130000 3fed0000: fre --- : 39 | 480000000 2000: img com r-- rcx : TDLL3X64.DLL 40 | 480028000 8000: fre --- : 41 | 480030000 7ffd0000: pri res --- : 42 | Dll4: 580000000 43 | 500000000 80000000: pri res --- : 44 | 580000000 2000: img com r-- rcx : TDLL4X64.DLL 45 | 580028000 3fea8000: fre --- : 46 | 5bfed0000 10000: pri com r-x rwx : 47 | 5bfee0000 2000: pri res --- : 48 | 5bfee2000 e000: fre --- : 49 | 5bfef0000 10000: pri res --- : 50 | 5bff00000 100000: pri res --- : 51 | 5c0000000 40000000: pri res --- : 52 | Dll5: 680000000 53 | 600000000 f0000: fre --- : 54 | 6000f0000 10000: pri com r-x rwx : 55 | 600100000 7ff00000: pri res --- : 56 | 680000000 2000: img com r-- rcx : TDLL5X64.DLL 57 | 680028000 18000: fre --- : 58 | 680040000 2000: img com r-- rcx : TDLL6X64.DLL 59 | 680068000 18000: fre --- : 60 | 680080000 2000: img com r-- rcx : TDLL7X64.DLL 61 | 6800a8000 18000: fre --- : 62 | 6800c0000 2000: img com r-- rcx : TDLL8X64.DLL 63 | 6800e8000 18000: fre --- : 64 | 680100000 2000: img com r-- rcx : TDLL9X64.DLL 65 | 680128000 8000: fre --- : 66 | 680130000 7fe00000: pri res --- : 67 | 6fff30000 10000: pri com r-x rwx : 68 | 6fff40000 6f3fbdd0000: fre --- : 69 | 70 | talloc.exe: 1 calls to Dll1Function 71 | -------------------------------------------------------------------------------- /samples/talloc/NORMAL_X64.TXT: -------------------------------------------------------------------------------- 1 | talloc.exe: Detoured functions. 2 | 3 | Address Size: Typ Sta Prot Ini : Contents 4 | ------------ ------------: --- --- ---- --- : ----------------- 5 | Exe: 13f7f0000 6 | 100000000 3f7f0000: fre --- : 7 | 13f7f0000 1000: img com r-- rcx : TALLOC.EXE 8 | 13f81e000 1006b2000: fre --- : 9 | Dll1: 280000000 10 | 200000000 3fed0000: fre --- : 11 | 23fed0000 10000: pri com r-x rwx : 12 | 23fee0000 1000: pri res --- : 13 | 23fee1000 f000: fre --- : 14 | 23fef0000 10000: pri res --- : 15 | 23ff00000 100000: pri res --- : 16 | 240000000 40000000: pri res --- : 17 | 280000000 1000: img com r-- rcx : TDLL1X64.DLL 18 | 280010000 7fff0000: pri res --- : 19 | Dll2: 380000000 20 | 300000000 80000000: pri res --- : 21 | 380000000 1000: img com r-- rcx : TDLL2X64.DLL 22 | 380010000 40000000: pri res --- : 23 | 3c0010000 100000: pri res --- : 24 | 3c0110000 10000: pri res --- : 25 | 3c0120000 1000: pri res --- : 26 | 3c0121000 f000: fre --- : 27 | 3c0130000 10000: pri com r-x rwx : 28 | 3c0140000 3fec0000: fre --- : 29 | Dll3: 480000000 30 | 400000000 40000000: pri res --- : 31 | 440000000 100000: pri res --- : 32 | 440100000 10000: pri res --- : 33 | 440110000 1000: pri res --- : 34 | 440111000 f000: fre --- : 35 | 440120000 10000: pri com r-x rwx : 36 | 440130000 3fed0000: fre --- : 37 | 480000000 1000: img com r-- rcx : TDLL3X64.DLL 38 | 480010000 7fff0000: pri res --- : 39 | Dll4: 580000000 40 | 500000000 80000000: pri res --- : 41 | 580000000 1000: img com r-- rcx : TDLL4X64.DLL 42 | 580010000 3fec0000: fre --- : 43 | 5bfed0000 10000: pri com r-x rwx : 44 | 5bfee0000 1000: pri res --- : 45 | 5bfee1000 f000: fre --- : 46 | 5bfef0000 10000: pri res --- : 47 | 5bff00000 100000: pri res --- : 48 | 5c0000000 40000000: pri res --- : 49 | Dll5: 680000000 50 | 600000000 f0000: fre --- : 51 | 6000f0000 10000: pri com r-x rwx : 52 | 600100000 7ff00000: pri res --- : 53 | 680000000 1000: img com r-- rcx : TDLL5X64.DLL 54 | 680010000 30000: fre --- : 55 | 680040000 1000: img com r-- rcx : TDLL6X64.DLL 56 | 680050000 30000: fre --- : 57 | 680080000 1000: img com r-- rcx : TDLL7X64.DLL 58 | 680090000 30000: fre --- : 59 | 6800c0000 1000: img com r-- rcx : TDLL8X64.DLL 60 | 6800d0000 30000: fre --- : 61 | 680100000 1000: img com r-- rcx : TDLL9X64.DLL 62 | 680110000 7fe00000: pri res --- : 63 | 6fff10000 10000: pri com r-x rwx : 64 | 6fff20000 7f7fdf70000: fre --- : 65 | 66 | talloc.exe: 1 calls to Dll1Function 67 | -------------------------------------------------------------------------------- /samples/talloc/tdll1x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll1x.cpp of talloc.exe/tdll1x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll1Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll2x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll2x.cpp of talloc.exe/tdll2x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll2Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll3x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll3x.cpp of talloc.exe/tdll3x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll3Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll4x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll4x.cpp of talloc.exe/tdll4x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll4Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll5x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll5x.cpp of talloc.exe/tdll5x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll5Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll6x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll6x.cpp of talloc.exe/tdll6x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll6Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll7x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll7x.cpp of talloc.exe/tdll7x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll7Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll8x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll8x.cpp of talloc.exe/tdll8x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll8Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/talloc/tdll9x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll9x.cpp of talloc.exe/tdll9x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll9Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /samples/traceapi/testapi.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (testapi.cpp of testapi.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #include "trcapi.cpp" 10 | 11 | #if (_MSC_VER < 1299) 12 | typedef ULONG * PULONG_PTR; 13 | typedef ULONG ULONG_PTR; 14 | typedef LONG * PLONG_PTR; 15 | typedef LONG LONG_PTR; 16 | #endif 17 | 18 | VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility) 19 | { 20 | (void)pszIdentifier; 21 | (void)nFacility; 22 | } 23 | 24 | VOID SyelogExV(BOOL fTerminate, BYTE nSeverity, PCSTR pszMsgf, va_list args) 25 | { 26 | (void)fTerminate; 27 | 28 | CHAR szBuffer[1024]; 29 | PCHAR psz = szBuffer; 30 | BOOL fLf = FALSE; 31 | 32 | StringCchPrintfA(psz, szBuffer + sizeof(szBuffer) - psz, "--.%02x: ", nSeverity); 33 | while (*psz) { 34 | psz++; 35 | } 36 | 37 | StringCchVPrintfA(psz, szBuffer + sizeof(szBuffer) - psz, pszMsgf, args); 38 | for (psz = szBuffer; *psz; psz++) { 39 | if (*psz == '\n') { 40 | if (fLf) { 41 | *psz = '\0'; 42 | break; 43 | } 44 | fLf = TRUE; 45 | } 46 | } 47 | if (!fLf) { 48 | *psz++ = '\n'; 49 | *psz = '\0'; 50 | } 51 | printf("%s", szBuffer); 52 | Real_OutputDebugStringA(szBuffer); 53 | } 54 | 55 | VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args) 56 | { 57 | SyelogExV(FALSE, nSeverity, pszMsgf, args); 58 | } 59 | 60 | VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...) 61 | { 62 | va_list args; 63 | va_start(args, pszMsgf); 64 | SyelogExV(FALSE, nSeverity, pszMsgf, args); 65 | va_end(args); 66 | } 67 | 68 | VOID SyelogEx(BOOL fTerminate, BYTE nSeverity, PCSTR pszMsgf, ...) 69 | { 70 | va_list args; 71 | va_start(args, pszMsgf); 72 | SyelogExV(fTerminate, nSeverity, pszMsgf, args); 73 | va_end(args); 74 | } 75 | 76 | VOID SyelogClose(BOOL fTerminate) 77 | { 78 | (void)fTerminate; 79 | } 80 | 81 | DWORD main(int argc, char **argv) 82 | { 83 | (void)argc; 84 | (void)argv; 85 | 86 | printf("testapi: Starting\n"); 87 | ProcessAttach(NULL); 88 | Sleep(100); 89 | ProcessDetach(NULL); 90 | 91 | return 0; 92 | } 93 | // 94 | ////////////////////////////////////////////////////////////////////////////// 95 | -------------------------------------------------------------------------------- /samples/traceapi/trcapi.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcapi.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Win32 API Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracebld/tracebld.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tracebld.h of tracebld.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | #pragma once 10 | #ifndef _TRACEBLD_H_ 11 | #define _TRACEBLD_H_ 12 | #include 13 | 14 | ////////////////////////////////////////////////////////////////////////////// 15 | // 16 | // 17 | #define TBLOG_PIPE_NAMEA "\\\\.\\pipe\\tracebuild" 18 | #define TBLOG_PIPE_NAMEW L"\\\\.\\pipe\\tracebuild" 19 | #ifdef UNICODE 20 | #define TBLOG_PIPE_NAME TBLOG_PIPE_NAMEW 21 | #else 22 | #define TBLOG_PIPE_NAME TBLOG_PIPE_NAMEA 23 | #endif 24 | 25 | ////////////////////////////////////////////////////////////////////////////// 26 | // 27 | typedef struct _TBLOG_MESSAGE 28 | { 29 | DWORD nBytes; 30 | CHAR szMessage[32764]; // 32768 - sizeof(nBytes) 31 | } TBLOG_MESSAGE, *PTBLOG_MESSAGE; 32 | 33 | typedef struct _TBLOG_PAYLOAD 34 | { 35 | DWORD nParentProcessId; 36 | DWORD nTraceProcessId; 37 | DWORD nGeneology; 38 | DWORD rGeneology[64]; 39 | WCHAR wzParents[256]; 40 | WCHAR wzStdin[256]; 41 | WCHAR wzStdout[256]; 42 | WCHAR wzStderr[256]; 43 | BOOL fStdoutAppend; 44 | BOOL fStderrAppend; 45 | WCHAR wzzDrop[1024]; // Like an environment: zero terminated strings with a last zero. 46 | WCHAR wzzEnvironment[32768]; 47 | } TBLOG_PAYLOAD, *PTBLOG_PAYLOAD; 48 | 49 | // Shared state payload guid. 50 | // 51 | const GUID s_guidTrace = { 52 | 0xd8e2dc69, 0x3004, 0x453e, 53 | {0x94, 0x15, 0x19, 0x0e, 0x79, 0xe8, 0x93, 0x52} 54 | }; 55 | 56 | 57 | #endif // _TRACEBLD_H_ 58 | // 59 | ///////////////////////////////////////////////////////////////// End of File. 60 | -------------------------------------------------------------------------------- /samples/tracebld/trcbld.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcbld.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Build Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracelnk/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to trace Dynamic Linking. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\trclnk$(DETOURS_BITS).dll \ 18 | !IF $(DETOURS_SOURCE_BROWSING)==1 19 | $(OBJD)\trclnk$(DETOURS_BITS).bsc \ 20 | !ENDIF 21 | option 22 | 23 | ############################################################################## 24 | 25 | clean: 26 | -del *~ test.txt 2>nul 27 | -del $(BIND)\trclnk*.* 2>nul 28 | -rmdir /q /s $(OBJD) 2>nul 29 | 30 | realclean: clean 31 | -rmdir /q /s $(OBJDS) 2>nul 32 | 33 | dirs: 34 | @if not exist $(BIND) mkdir $(BIND) && echo . Created $(BIND) 35 | @if not exist $(OBJD) mkdir $(OBJD) && echo . Created $(OBJD) 36 | 37 | ############################################################################## 38 | 39 | $(OBJD)\trclnk.obj : trclnk.cpp 40 | 41 | $(OBJD)\trclnk.res : trclnk.rc 42 | 43 | $(BIND)\trclnk$(DETOURS_BITS).dll : $(OBJD)\trclnk.obj $(OBJD)\trclnk.res $(DEPS) 44 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 45 | $(OBJD)\trclnk.obj $(OBJD)\trclnk.res \ 46 | /link $(LINKFLAGS) /subsystem:console \ 47 | /export:DetourFinishHelperProcess,@1,NONAME \ 48 | $(LIBS) 49 | 50 | $(OBJD)\trclnk$(DETOURS_BITS).bsc : $(OBJD)\trclnk.obj 51 | bscmake /v /n /o $@ $(OBJD)\trclnk.sbr 52 | 53 | ############################################### Install non-bit-size binaries. 54 | 55 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 56 | 57 | $(OPTD)\trclnk$(DETOURS_OPTION_BITS).dll: 58 | $(OPTD)\trclnk$(DETOURS_OPTION_BITS).pdb: 59 | 60 | $(BIND)\trclnk$(DETOURS_OPTION_BITS).dll : $(OPTD)\trclnk$(DETOURS_OPTION_BITS).dll 61 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 62 | $(BIND)\trclnk$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trclnk$(DETOURS_OPTION_BITS).pdb 63 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 64 | 65 | option: \ 66 | $(BIND)\trclnk$(DETOURS_OPTION_BITS).dll \ 67 | $(BIND)\trclnk$(DETOURS_OPTION_BITS).pdb \ 68 | 69 | !ELSE 70 | 71 | option: 72 | 73 | !ENDIF 74 | 75 | ############################################################################## 76 | 77 | notepad: all 78 | @echo -------- Logging output to test.txt ------------ 79 | start $(BIND)\syelogd.exe /o test.txt 80 | $(BIND)\sleep5.exe 1 81 | @echo -------- Should load trclnk$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 82 | @echo . 83 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 84 | @echo ** 85 | @echo ** Close the NotePad window to continue test. 86 | @echo ** 87 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 88 | @echo . 89 | $(BIND)\withdll -d:$(BIND)\trclnk$(DETOURS_BITS).dll $(SYSTEMROOT)\system32\notepad.exe 90 | @echo -------- Log from syelog ------------- 91 | type test.txt 92 | 93 | test: all 94 | @echo -------- Logging output to test.txt ------------ 95 | start $(BIND)\syelogd.exe /o test.txt 96 | $(BIND)\sleep5.exe 1 97 | @echo -------- Should load trclnk$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 98 | @echo . 99 | $(BIND)\withdll -d:$(BIND)\trclnk$(DETOURS_BITS).dll $(SYSTEMROOT)\system32\cmd.exe /c dir 100 | @echo -------- Log from syelog ------------- 101 | type test.txt 102 | 103 | ################################################################# End of File. 104 | -------------------------------------------------------------------------------- /samples/tracelnk/trclnk.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trclnk.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dynamic Linking Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracemem/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to trace HeapAlloc APIs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\trcmem$(DETOURS_BITS).dll \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\trcmem$(DETOURS_BITS).bsc \ 18 | !ENDIF 19 | option 20 | 21 | clean: 22 | -del *~ test.txt 2>nul 23 | -del $(BIND)\trcmem*.* 2>nul 24 | -rmdir /q /s $(OBJD) 2>nul 25 | 26 | dirs: 27 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 28 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 29 | 30 | realclean: clean 31 | -rmdir /q /s $(OBJDS) 2>nul 32 | 33 | ############################################################################## 34 | 35 | $(OBJD)\trcmem.obj : trcmem.cpp 36 | 37 | $(OBJD)\trcmem.res : trcmem.rc 38 | 39 | $(BIND)\trcmem$(DETOURS_BITS).dll : $(OBJD)\trcmem.obj $(OBJD)\trcmem.res $(DEPS) 40 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 41 | $(OBJD)\trcmem.obj $(OBJD)\trcmem.res \ 42 | /link $(LINKFLAGS) /subsystem:console \ 43 | /export:DetourFinishHelperProcess,@1,NONAME \ 44 | $(LIBS) 45 | 46 | $(OBJD)\trcmem$(DETOURS_BITS).bsc : $(OBJD)\trcmem.obj 47 | bscmake /v /n /o $@ $(OBJD)\trcmem.sbr 48 | 49 | ############################################### Install non-bit-size binaries. 50 | 51 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 52 | 53 | $(OPTD)\trcmem$(DETOURS_OPTION_BITS).dll: 54 | $(OPTD)\trcmem$(DETOURS_OPTION_BITS).pdb: 55 | 56 | $(BIND)\trcmem$(DETOURS_OPTION_BITS).dll : $(OPTD)\trcmem$(DETOURS_OPTION_BITS).dll 57 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 58 | $(BIND)\trcmem$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trcmem$(DETOURS_OPTION_BITS).pdb 59 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 60 | 61 | option: \ 62 | $(BIND)\trcmem$(DETOURS_OPTION_BITS).dll \ 63 | $(BIND)\trcmem$(DETOURS_OPTION_BITS).pdb \ 64 | 65 | !ELSE 66 | 67 | option: 68 | 69 | !ENDIF 70 | 71 | ############################################################################## 72 | 73 | test: all 74 | @echo -------- Logging output to test.txt ------------ 75 | start $(BIND)\syelogd.exe /o test.txt 76 | $(BIND)\sleep5.exe 1 77 | @echo -------- Should load trcmem$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 78 | $(BIND)\withdll -d:$(BIND)\trcmem$(DETOURS_BITS).dll $(BIND)\sleepold.exe 79 | @echo -------- Log from syelog ------------- 80 | type test.txt 81 | 82 | ################################################################# End of File. 83 | -------------------------------------------------------------------------------- /samples/tracemem/trcmem.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcmem.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Memory Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracereg/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to registry and file access APIs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib advapi32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\trcreg$(DETOURS_BITS).dll \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\trcreg$(DETOURS_BITS).bsc \ 18 | !ENDIF 19 | option 20 | 21 | dirs: 22 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 23 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 24 | 25 | clean: 26 | -del *~ test.txt 2>nul 27 | -del $(BIND)\trcreg*.* 2>nul 28 | -rmdir /q /s $(OBJD) 2>nul 29 | 30 | realclean: clean 31 | -rmdir /q /s $(OBJDS) 2>nul 32 | 33 | ############################################################################## 34 | 35 | $(OBJD)\trcreg.obj : trcreg.cpp 36 | 37 | $(OBJD)\trcreg.res : trcreg.rc 38 | 39 | $(BIND)\trcreg$(DETOURS_BITS).dll : $(OBJD)\trcreg.obj $(OBJD)\trcreg.res $(DEPS) 40 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 41 | $(OBJD)\trcreg.obj $(OBJD)\trcreg.res \ 42 | /link $(LINKFLAGS) /subsystem:console \ 43 | /export:DetourFinishHelperProcess,@1,NONAME \ 44 | $(LIBS) 45 | 46 | $(OBJD)\trcreg$(DETOURS_BITS).bsc : $(OBJD)\trcreg.obj 47 | bscmake /v /n /o $@ $(OBJD)\trcreg.sbr 48 | 49 | ############################################### Install non-bit-size binaries. 50 | 51 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 52 | 53 | $(OPTD)\trcreg$(DETOURS_OPTION_BITS).dll: 54 | $(OPTD)\trcreg$(DETOURS_OPTION_BITS).pdb: 55 | 56 | $(BIND)\trcreg$(DETOURS_OPTION_BITS).dll : $(OPTD)\trcreg$(DETOURS_OPTION_BITS).dll 57 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 58 | $(BIND)\trcreg$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trcreg$(DETOURS_OPTION_BITS).pdb 59 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 60 | 61 | option: \ 62 | $(BIND)\trcreg$(DETOURS_OPTION_BITS).dll \ 63 | $(BIND)\trcreg$(DETOURS_OPTION_BITS).pdb \ 64 | 65 | !ELSE 66 | 67 | option: 68 | 69 | !ENDIF 70 | 71 | ############################################################################## 72 | 73 | test: all 74 | @echo -------- Logging output to test.txt ------------ 75 | start $(BIND)\syelogd.exe /o test.txt 76 | $(BIND)\sleep5.exe 1 77 | @echo -------- Should load trcreg$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 78 | $(BIND)\withdll -d:$(BIND)\trcreg$(DETOURS_BITS).dll $(BIND)\sleepold.exe 79 | @echo -------- Log from syelog ------------- 80 | type test.txt 81 | 82 | ################################################################# End of File. 83 | -------------------------------------------------------------------------------- /samples/tracereg/trcreg.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcreg.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Registry Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/traceser/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to trace serial (COM1, COM2, etc.) APIs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\trcser$(DETOURS_BITS).dll \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\trcser$(DETOURS_BITS).bsc \ 18 | !ENDIF 19 | option 20 | 21 | dirs: 22 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 23 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 24 | 25 | clean: 26 | -del *~ test.txt 2>nul 27 | -del $(BIND)\trcser*.* 2>nul 28 | -rmdir /q /s $(OBJD) 2>nul 29 | 30 | realclean: clean 31 | -rmdir /q /s $(OBJDS) 2>nul 32 | 33 | ############################################################################## 34 | 35 | $(OBJD)\trcser.obj: trcser.cpp 36 | 37 | $(OBJD)\trcser.res: trcser.rc 38 | 39 | $(BIND)\trcser$(DETOURS_BITS).dll: $(OBJD)\trcser.obj $(OBJD)\trcser.res $(DEPS) 40 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 41 | $(OBJD)\trcser.obj $(OBJD)\trcser.res \ 42 | /link $(LINKFLAGS) /subsystem:console \ 43 | /export:DetourFinishHelperProcess,@1,NONAME \ 44 | $(LIBS) 45 | 46 | $(OBJD)\trcser$(DETOURS_BITS).bsc : $(OBJD)\trcser.obj 47 | bscmake /v /n /o $@ $(OBJD)\trcser.sbr 48 | 49 | ############################################### Install non-bit-size binaries. 50 | 51 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 52 | 53 | $(OPTD)\trcser$(DETOURS_OPTION_BITS).dll: 54 | $(OPTD)\trcser$(DETOURS_OPTION_BITS).pdb: 55 | 56 | $(BIND)\trcser$(DETOURS_OPTION_BITS).dll : $(OPTD)\trcser$(DETOURS_OPTION_BITS).dll 57 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 58 | $(BIND)\trcser$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trcser$(DETOURS_OPTION_BITS).pdb 59 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 60 | 61 | option: \ 62 | $(BIND)\trcser$(DETOURS_OPTION_BITS).dll \ 63 | $(BIND)\trcser$(DETOURS_OPTION_BITS).pdb \ 64 | 65 | !ELSE 66 | 67 | option: 68 | 69 | !ENDIF 70 | 71 | ############################################################################## 72 | 73 | test: all 74 | @echo -------- Logging output to test.txt ------------ 75 | start $(BIND)\syelogd.exe /o test.txt 76 | $(BIND)\sleep5.exe 1 77 | @echo -------- Should load trcser$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 78 | $(BIND)\withdll -d:$(BIND)\trcser$(DETOURS_BITS).dll $(BIND)\sleepold.exe 79 | @echo -------- Log from syelog ------------- 80 | type test.txt 81 | 82 | ################################################################# End of File. 83 | -------------------------------------------------------------------------------- /samples/traceser/trcser.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcser.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcser" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsrc" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Serial Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracessl/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to trace WinSock SSL APIs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib ws2_32.lib secur32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\trcssl$(DETOURS_BITS).dll \ 18 | !IF $(DETOURS_SOURCE_BROWSING)==1 19 | $(OBJD)\trcssl$(DETOURS_BITS).bsc \ 20 | !ENDIF 21 | option 22 | 23 | ############################################################################## 24 | 25 | dirs: 26 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 27 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 28 | 29 | $(OBJD)\trcssl.obj : trcssl.cpp 30 | 31 | $(OBJD)\trcssl.res : trcssl.rc 32 | 33 | $(BIND)\trcssl$(DETOURS_BITS).dll : $(OBJD)\trcssl.obj $(OBJD)\trcssl.res $(DEPS) 34 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 35 | $(OBJD)\trcssl.obj $(OBJD)\trcssl.res \ 36 | /link $(LINKFLAGS) /subsystem:console \ 37 | /export:DetourFinishHelperProcess,@1,NONAME \ 38 | $(LIBS) 39 | 40 | $(OBJD)\trcssl$(DETOURS_BITS).bsc : $(OBJD)\trcssl.obj 41 | bscmake /v /n /o $@ $(OBJD)\trcssl.sbr 42 | 43 | ############################################################################## 44 | 45 | clean: 46 | -del *~ test.txt 2>nul 47 | -del $(BIND)\trcssl*.* 2>nul 48 | -rmdir /q /s $(OBJD) 2>nul 49 | 50 | realclean: clean 51 | -rmdir /q /s $(OBJDS) 2>nul 52 | 53 | ############################################### Install non-bit-size binaries. 54 | 55 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 56 | 57 | $(OPTD)\trcssl$(DETOURS_OPTION_BITS).dll: 58 | $(OPTD)\trcssl$(DETOURS_OPTION_BITS).pdb: 59 | 60 | $(BIND)\trcssl$(DETOURS_OPTION_BITS).dll : $(OPTD)\trcssl$(DETOURS_OPTION_BITS).dll 61 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 62 | $(BIND)\trcssl$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trcssl$(DETOURS_OPTION_BITS).pdb 63 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 64 | 65 | option: \ 66 | $(BIND)\trcssl$(DETOURS_OPTION_BITS).dll \ 67 | $(BIND)\trcssl$(DETOURS_OPTION_BITS).pdb \ 68 | 69 | !ELSE 70 | 71 | option: 72 | 73 | !ENDIF 74 | 75 | ############################################################################## 76 | 77 | test: all 78 | @echo -------- Logging output to test.txt ------------ 79 | start $(BIND)\syelogd.exe /o test.txt 80 | $(BIND)\sleep5.exe 1 81 | @echo -------- Should load trcssl$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 82 | @echo. 83 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 84 | @echo ** 85 | @echo ** Close the Internet Explorer window to continue test. 86 | @echo ** 87 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 88 | @echo. 89 | $(BIND)\withdll -d:$(BIND)\trcssl$(DETOURS_BITS).dll \ 90 | "c:\program files\Internet Explorer\iexplore.exe" "https://www.microsoft.com" 91 | @echo -------- Log from syelog ------------- 92 | type test.txt 93 | 94 | ################################################################# End of File. 95 | -------------------------------------------------------------------------------- /samples/tracessl/trcssl.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcssl.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcssl" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsll" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours SSL Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tracetcp/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Utility to trace WinSock TCP APIs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib ws2_32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\trctcp$(DETOURS_BITS).dll \ 18 | !IF $(DETOURS_SOURCE_BROWSING)==1 19 | $(OBJD)\trctcp$(DETOURS_BITS).bsc \ 20 | !ENDIF 21 | option 22 | 23 | ############################################################################## 24 | 25 | dirs: 26 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 27 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 28 | 29 | $(OBJD)\trctcp.obj: trctcp.cpp 30 | 31 | $(OBJD)\trctcp.res: trctcp.rc 32 | 33 | $(BIND)\trctcp$(DETOURS_BITS).dll: $(OBJD)\trctcp.obj $(OBJD)\trctcp.res $(DEPS) 34 | cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \ 35 | $(OBJD)\trctcp.obj $(OBJD)\trctcp.res \ 36 | /link $(LINKFLAGS) /subsystem:console \ 37 | /export:DetourFinishHelperProcess,@1,NONAME \ 38 | $(LIBS) 39 | 40 | $(OBJD)\trctcp$(DETOURS_BITS).bsc : $(OBJD)\trctcp.obj 41 | bscmake /v /n /o $@ $(OBJD)\trctcp.sbr 42 | 43 | ############################################################################## 44 | 45 | clean: 46 | -del *~ test.txt 2>nul 47 | -del $(BIND)\trctcp*.* 2>nul 48 | -rmdir /q /s $(OBJD) 2>nul 49 | 50 | realclean: clean 51 | -rmdir /q /s $(OBJDS) 2>nul 52 | 53 | ############################################### Install non-bit-size binaries. 54 | 55 | !IF "$(DETOURS_OPTION_PROCESSOR)" != "" 56 | 57 | $(OPTD)\trctcp$(DETOURS_OPTION_BITS).dll: 58 | $(OPTD)\trctcp$(DETOURS_OPTION_BITS).pdb: 59 | 60 | $(BIND)\trctcp$(DETOURS_OPTION_BITS).dll : $(OPTD)\trctcp$(DETOURS_OPTION_BITS).dll 61 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 62 | $(BIND)\trctcp$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trctcp$(DETOURS_OPTION_BITS).pdb 63 | @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR). 64 | 65 | option: \ 66 | $(BIND)\trctcp$(DETOURS_OPTION_BITS).dll \ 67 | $(BIND)\trctcp$(DETOURS_OPTION_BITS).pdb \ 68 | 69 | !ELSE 70 | 71 | option: 72 | 73 | !ENDIF 74 | 75 | ############################################################################## 76 | 77 | test: all 78 | @echo -------- Logging output to test.txt ------------ 79 | start $(BIND)\syelogd.exe /o test.txt 80 | $(BIND)\sleep5.exe 1 81 | @echo -------- Should load trctcp$(DETOURS_BITS).dll dynamically using withdll.exe ------------ 82 | @echo. 83 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 84 | @echo ** 85 | @echo ** Close the Internet Explorer window to continue test. 86 | @echo ** 87 | @echo ** NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE ** 88 | @echo. 89 | $(BIND)\withdll -d:$(BIND)\trctcp$(DETOURS_BITS).dll \ 90 | "c:\program files\Internet Explorer\iexplore.exe" "http://www.microsoft.com" 91 | @echo -------- Log from syelog ------------- 92 | type test.txt 93 | 94 | debug: all 95 | windbg -g -G -o $(BIND)\withdll -d:$(BIND)\trctcp$(DETOURS_BITS).dll \ 96 | "c:\program files\Internet Explorer\iexplore.exe" "http://www.microsoft.com" 97 | 98 | ################################################################# End of File. 99 | -------------------------------------------------------------------------------- /samples/tracetcp/trctcp.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trctcp.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours TCP Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/tryman/managed.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Reflection; 3 | using System.Runtime.InteropServices; 4 | 5 | [assembly: AssemblyProduct("Microsoft Research Detours")] 6 | [assembly: AssemblyCompany("Microsoft Corporation")] 7 | [assembly: AssemblyVersion("1.0.0.0")] 8 | 9 | public class Test 10 | { 11 | // [DllImport("kernel32.dll", CharSet=CharSet.Auto, SetLastError=true)] 12 | // static extern IntPtr LoadLibrary([In, MarshalAs(UnmanagedType.LPStr)] string lpFileName); 13 | 14 | [DllImport("kernel32", CharSet=CharSet.Auto, SetLastError=true)] 15 | static extern IntPtr LoadLibrary(string lpFileName); 16 | 17 | public static int Main() 18 | { 19 | if (IntPtr.Size == 4) { 20 | Console.WriteLine(" *** Managed code with 32-bit runtime ({0})", 21 | Environment.Version); 22 | } 23 | else if (IntPtr.Size == 8) { 24 | Console.WriteLine(" *** Managed code with 64-bit runtime ({0})", 25 | Environment.Version); 26 | } 27 | else { 28 | Console.WriteLine(" *** Managed code of unknown IntPtr.Size: {0}", IntPtr.Size); 29 | } 30 | 31 | if (IntPtr.Size == 4) { 32 | if (LoadLibrary("tstman32.dll") == (IntPtr)0) { 33 | Console.WriteLine("--------: managed code failed to load tstman32.dll"); 34 | 35 | } 36 | } 37 | else { 38 | if (LoadLibrary("tstman64.dll") == (IntPtr)0) { 39 | Console.WriteLine("--------: managed code failed to load tstman64.dll"); 40 | 41 | } 42 | } 43 | 44 | return 0; 45 | } 46 | } 47 | 48 | 49 | -------------------------------------------------------------------------------- /samples/tryman/size.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (sleepold.cpp of sleepold.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | #pragma warning(push) 14 | #if _MSC_VER > 1400 15 | #pragma warning(disable:6102 6103) // /analyze warnings 16 | #endif 17 | #include 18 | #pragma warning(pop) 19 | #include 20 | 21 | int __cdecl main(int argc, char **argv) 22 | { 23 | STARTUPINFOA si; 24 | PROCESS_INFORMATION pi; 25 | CHAR szFullExe[MAX_PATH]; 26 | CHAR szCommand[MAX_PATH]; 27 | PCHAR pszFileExe; 28 | PCHAR pszExe; 29 | 30 | ZeroMemory(&si, sizeof(si)); 31 | ZeroMemory(&pi, sizeof(pi)); 32 | si.cb = sizeof(si); 33 | 34 | 35 | if (argc != 2) { 36 | printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" 37 | " must take a single integer argument.\n"); 38 | fflush(stdout); 39 | return 3; 40 | } 41 | 42 | int repeats = atoi(argv[1]); 43 | 44 | if (repeats <= 0) { 45 | printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" 46 | " End of the road, repeats=0.\n"); 47 | fflush(stdout); 48 | return 0; 49 | } 50 | 51 | if ((repeats % 2) == 0) { 52 | #ifdef DETOURS_OPTION_BITS 53 | pszExe = "size" DETOURS_STRINGIFY(DETOURS_OPTION_BITS) ".exe"; 54 | #else 55 | pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; 56 | #endif 57 | } 58 | else { 59 | pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; 60 | } 61 | 62 | if (!SearchPathA(NULL, pszExe, ".exe", ARRAYSIZE(szFullExe), szFullExe, &pszFileExe)) { 63 | pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; 64 | SearchPathA(NULL, pszExe, ".exe", ARRAYSIZE(szFullExe), szFullExe, &pszFileExe); 65 | } 66 | 67 | StringCchPrintfA(szCommand, sizeof(szCommand), "%s %d", pszExe, repeats - 1); 68 | 69 | printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" 70 | " [%s]\n", szCommand); 71 | fflush(stdout); 72 | 73 | SetLastError(0); 74 | if (!CreateProcessA(szFullExe[0] ? szFullExe : NULL, szCommand, 75 | NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi)) { 76 | DWORD dwError = GetLastError(); 77 | printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" 78 | " CreateProcess failed: %d\n", dwError); 79 | return 1; 80 | } 81 | 82 | WaitForSingleObject(pi.hProcess, INFINITE); 83 | 84 | DWORD dwResult = 0; 85 | if (!GetExitCodeProcess(pi.hProcess, &dwResult)) { 86 | printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" 87 | " GetExitCodeProcess failed: %d\n", GetLastError()); 88 | return 9010; 89 | } 90 | 91 | return 0; 92 | } 93 | // 94 | ///////////////////////////////////////////////////////////////// End of File. 95 | -------------------------------------------------------------------------------- /samples/tryman/tryman.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tryman.cpp of tryman.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | 12 | extern int WINAPI Test3264(int arg); 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | (void)argv; 17 | int ret = 0; 18 | 19 | ret = Test3264(argc); 20 | return ret == 0 ? ret : 0; 21 | } 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /samples/tryman/tstman.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for tstman.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours 32/64-bit Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /samples/withdll/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | ############################################################################## 15 | 16 | all: dirs \ 17 | $(BIND)\withdll.exe \ 18 | !IF $(DETOURS_SOURCE_BROWSING)==1 19 | $(OBJD)\withdll.bsc \ 20 | !ENDIF 21 | option 22 | 23 | clean: 24 | -del *~ 2>nul 25 | -del $(BIND)\withdll.* 2>nul 26 | -rmdir /q /s $(OBJD) 2>nul 27 | 28 | realclean: clean 29 | -rmdir /q /s $(OBJDS) 2>nul 30 | 31 | ############################################################################## 32 | 33 | dirs: 34 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 35 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 36 | 37 | $(OBJD)\withdll.obj : withdll.cpp 38 | 39 | $(BIND)\withdll.exe : $(OBJD)\withdll.obj $(DEPS) 40 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\withdll.obj \ 41 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 42 | 43 | $(OBJD)\withdll.bsc : $(OBJD)\withdll.obj 44 | bscmake /v /n /o $@ $(OBJD)\withdll.sbr 45 | 46 | ############################################### Install non-bit-size binaries. 47 | 48 | option: 49 | 50 | ############################################################################## 51 | 52 | test: all 53 | $(BIND)\withdll.exe -d:$(BIND)\slept$(DETOURS_BITS).dll $(BIND)\sleepold.exe 54 | $(BIND)\withdll.exe -v -d:$(BIND)\slept$(DETOURS_BITS).dll $(BIND)\sleepold.exe 55 | 56 | debug: all 57 | windbg -c ".srcfix;l+s;l+t" -o \ 58 | $(BIND)\withdll.exe -d:$(BIND)\slept$(DETOURS_BITS).dll $(BIND)\sleepold.exe 59 | 60 | ################################################################# End of File. 61 | -------------------------------------------------------------------------------- /src/detver.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Common version parameters. 4 | // 5 | // Microsoft Research Detours Package, Version 4.0.1 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #define _USING_V110_SDK71_ 1 11 | #include "winver.h" 12 | #if 0 13 | #include 14 | #include 15 | #else 16 | #ifndef DETOURS_STRINGIFY 17 | #define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) 18 | #define DETOURS_STRINGIFY_(x) #x 19 | #endif 20 | 21 | #define VER_FILEFLAGSMASK 0x3fL 22 | #define VER_FILEFLAGS 0x0L 23 | #define VER_FILEOS 0x00040004L 24 | #define VER_FILETYPE 0x00000002L 25 | #define VER_FILESUBTYPE 0x00000000L 26 | #endif 27 | #define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) 28 | -------------------------------------------------------------------------------- /src/disolarm.cpp: -------------------------------------------------------------------------------- 1 | #define DETOURS_ARM_OFFLINE_LIBRARY 2 | #include "disasm.cpp" 3 | -------------------------------------------------------------------------------- /src/disolarm64.cpp: -------------------------------------------------------------------------------- 1 | #define DETOURS_ARM64_OFFLINE_LIBRARY 2 | #include "disasm.cpp" 3 | -------------------------------------------------------------------------------- /src/disolia64.cpp: -------------------------------------------------------------------------------- 1 | #define DETOURS_IA64_OFFLINE_LIBRARY 2 | #include "disasm.cpp" 3 | -------------------------------------------------------------------------------- /src/disolx64.cpp: -------------------------------------------------------------------------------- 1 | #define DETOURS_X64_OFFLINE_LIBRARY 2 | #include "disasm.cpp" 3 | -------------------------------------------------------------------------------- /src/disolx86.cpp: -------------------------------------------------------------------------------- 1 | #define DETOURS_X86_OFFLINE_LIBRARY 2 | #include "disasm.cpp" 3 | -------------------------------------------------------------------------------- /src/trampolinearm.asm: -------------------------------------------------------------------------------- 1 | AREA .text, CODE, THUMB, READONLY 2 | 3 | Trampoline_ASM_ARM FUNCTION 4 | 5 | EXPORT Trampoline_ASM_ARM 6 | EXPORT Trampoline_ASM_ARM_DATA 7 | EXPORT Trampoline_ASM_ARM_CODE 8 | 9 | NETIntro ; .NET Barrier Intro Function 10 | dcb 0 11 | dcb 0 12 | dcb 0 13 | dcb 0 14 | OldProc ; Original Replaced Function 15 | dcb 0 16 | dcb 0 17 | dcb 0 18 | dcb 0 19 | NewProc ; Detour Function 20 | dcb 0 21 | dcb 0 22 | dcb 0 23 | dcb 0 24 | NETOutro ; .NET Barrier Outro Function 25 | dcb 0 26 | dcb 0 27 | dcb 0 28 | dcb 0 29 | IsExecutedPtr ; Count of times trampoline was executed 30 | dcb 0 31 | dcb 0 32 | dcb 0 33 | dcb 0 34 | 35 | Trampoline_ASM_ARM_CODE 36 | start 37 | push {r0, r1, r2, r3, r4, lr} 38 | push {r5-r10} 39 | vpush {d0-d7} 40 | ldr r5, IsExecutedPtr 41 | dmb ish 42 | try_inc_lock 43 | ldrex r0, [r5] 44 | add r0, r0, #1 45 | strex r1, r0, [r5] 46 | cmp r1, #0 47 | bne try_inc_lock 48 | dmb ish 49 | ldr r2, NewProc 50 | cmp r2, #0 51 | bne call_net_entry 52 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; call original method 53 | dmb ish 54 | try_dec_lock 55 | ldrex r0, [r5] 56 | add r0, r0, #-1 57 | strex r1, r0, [r5] 58 | cmp r1, #0 59 | bne try_dec_lock 60 | dmb ish 61 | 62 | ldr r5, OldProc 63 | b trampoline_exit 64 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; call hook handler or original method... 65 | call_net_entry ; call NET intro 66 | 67 | adr r0, start ; Hook handle (only a position hint) 68 | add r2, sp, #0x6C ; original sp (address of return address) 69 | ldr r1, [sp, #0x6C] ; return address (value stored in original sp) 70 | ldr r4, NETIntro 71 | blx r4 ; Hook->NETIntro(Hook, RetAddr, InitialSP); 72 | ; should call original method? 73 | cmp r0, #0 74 | bne call_hook_handler 75 | 76 | ; call original method 77 | ldr r5, IsExecutedPtr 78 | dmb ish 79 | try_dec_lock2 80 | ldrex r0, [r5] 81 | add r0, r0, #-1 82 | strex r1, r0, [r5] 83 | cmp r1, #0 84 | bne try_dec_lock2 85 | dmb ish 86 | 87 | ldr r5, OldProc 88 | b trampoline_exit 89 | 90 | call_hook_handler 91 | ldr r5, NewProc 92 | adr r4, call_net_outro ; adjust return address 93 | orr r4, r4, 1 ; set PC bit 0 (Thumb state flag) for thumb mode address 94 | str r4, [sp, #0x6C] ; store outro return to stack after hook handler is called 95 | b trampoline_exit 96 | ; this is where the handler returns... 97 | call_net_outro 98 | mov r5, #0 99 | push {r0, r1, r2, r3, r4, r5} ; save return handler 100 | add r1, sp, #5*4 101 | adr r0, start ; get address of next Hook struct pointer 102 | ; Param 2: Address of return address 103 | ldr r5, NETOutro 104 | blx r5 ; Hook->NETOutro(Hook, InAddrOfRetAddr); 105 | 106 | ldr r5, IsExecutedPtr 107 | dmb ish 108 | try_dec_lock3 109 | ldrex r0, [r5] 110 | add r0, r0, #-1 111 | strex r1, r0, [r5] 112 | cmp r1, #0 113 | bne try_dec_lock3 114 | dmb ish 115 | 116 | pop {r0, r1, r2, r3, r4, lr} ; restore return value of user handler... 117 | ; finally return to saved return address - the caller of this trampoline... 118 | bx lr 119 | 120 | trampoline_exit 121 | mov r12, r5 122 | vpop {d0-d7} 123 | pop {r5-r10} 124 | pop {r0, r1, r2, r3, r4, lr} 125 | 126 | bx r12 ; mov pc, r12 127 | 128 | ; outro signature, to automatically determine code size 129 | Trampoline_ASM_ARM_DATA 130 | dcb 0x78 131 | dcb 0x56 132 | dcb 0x34 133 | dcb 0x12 134 | 135 | ENDFUNC 136 | 137 | END 138 | -------------------------------------------------------------------------------- /src/trampolinex86.asm: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Trampoline_ASM_x86 3 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 4 | .386 5 | .model flat, c 6 | .code 7 | 8 | public Trampoline_ASM_X86@0 9 | public Trampoline_ASM_X86_DATA 10 | 11 | Trampoline_ASM_X86@0 PROC 12 | 13 | ; Handle: 1A2B3C05h 14 | ; NETEntry: 1A2B3C03h 15 | ; OldProc: 1A2B3C01h 16 | ; NewProc: 1A2B3C00h 17 | ; NETOutro: 1A2B3C06h 18 | ; IsExecuted: 1A2B3C02h 19 | ; RetAddr: 1A2B3C04h 20 | ; Ptr:NewProc: 1A2B3C07h 21 | 22 | mov eax, esp 23 | push ecx ; both are fastcall parameters, ECX is also used as "this"-pointer 24 | push edx 25 | mov ecx, eax; InitialRSP value for NETIntro()... 26 | 27 | mov eax, 1A2B3C02h 28 | db 0F0h ; interlocked increment execution counter 29 | inc dword ptr [eax] 30 | 31 | ; is a user handler available? 32 | mov eax, 1A2B3C07h 33 | cmp dword ptr[eax], 0 34 | 35 | db 3Eh ; branch usually taken 36 | jne CALL_NET_ENTRY 37 | 38 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; call original method 39 | mov eax, 1A2B3C02h 40 | db 0F0h ; interlocked decrement execution counter 41 | dec dword ptr [eax] 42 | mov eax, 1A2B3C01h 43 | jmp TRAMPOLINE_EXIT 44 | 45 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; call hook handler or original method... 46 | CALL_NET_ENTRY: 47 | 48 | ; call NET intro 49 | push ecx 50 | push dword ptr [esp + 12] ; push return address 51 | push 1A2B3C05h ; Hook handle 52 | mov eax, 1A2B3C03h 53 | call eax ; Hook->NETIntro(Hook, RetAddr); 54 | 55 | ; should call original method? 56 | test eax, eax 57 | 58 | db 3Eh ; branch usually taken 59 | jne CALL_HOOK_HANDLER 60 | 61 | ; call original method 62 | mov eax, 1A2B3C02h 63 | db 0F0h ; interlocked decrement execution counter 64 | dec dword ptr [eax] 65 | mov eax, 1A2B3C01h 66 | jmp TRAMPOLINE_EXIT 67 | 68 | CALL_HOOK_HANDLER: 69 | ; adjust return address --- ATTENTION: this offset "83h" will also change if CALL_NET_OUTRO moves due to changes... 70 | mov dword ptr [esp + 8], 1A2B3C04h 71 | 72 | ; call hook handler 73 | mov eax, 1A2B3C00h 74 | jmp TRAMPOLINE_EXIT 75 | 76 | CALL_NET_OUTRO: ; this is where the handler returns... 77 | 78 | ; call NET outro --- ATTENTION: Never change EAX/EDX from now on! 79 | push 0 ; space for return address 80 | push eax 81 | push edx 82 | 83 | lea eax, [esp + 8] 84 | push eax ; Param 2: Address of return address 85 | push 1A2B3C05h ; Param 1: Hook handle 86 | mov eax, 1A2B3C06h 87 | call eax ; Hook->NETOutro(Hook); 88 | 89 | mov eax, 1A2B3C02h 90 | db 0F0h ; interlocked decrement execution counter 91 | dec dword ptr [eax] 92 | 93 | pop edx ; restore return value of user handler... 94 | pop eax 95 | 96 | ; finally return to saved return address - the caller of this trampoline... 97 | ret 98 | 99 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; generic outro for both cases... 100 | TRAMPOLINE_EXIT: 101 | 102 | pop edx 103 | pop ecx 104 | 105 | jmp eax ; ATTENTION: In case of hook handler we will return to CALL_NET_OUTRO, otherwise to the caller... 106 | 107 | Trampoline_ASM_X86_DATA:: 108 | ; outro signature, to automatically determine code size 109 | db 78h 110 | db 56h 111 | db 34h 112 | db 12h 113 | 114 | Trampoline_ASM_x86@0 ENDP 115 | 116 | END --------------------------------------------------------------------------------