apihooks.inc

Cracker终结者——提供最优秀的软件保护技术

;ApiHook.inc - constants and structures for Hook libraries

; For MASM and TASM

;standard-----------------------------------------------------------------------
   HOOK_EXPORT       EQU     000000001B
   HOOK_BY_NAME      EQU     000000010B
   HOOK_BY_ADDRESS   EQU     000000100B
   HOOK_HARD         EQU     000001000B
   HOOK_LOAD_IMPORT  EQU     000010000B
   HOOK_SPECIAL      EQU     000100000B
   HOOK_NOT_NT       EQU     001000000B
   HOOK_NOT_9X       EQU     010000000B
   HOOK_OVERWRITE    EQU     100000000B
   HOOK_RAW          EQU    1000000000B
   HOOK_ALL_SAFE     EQU   10000000000B
   HOOK_LOAD_EXPORT  EQU  100000000000B

   HOOKS_END         EQU     (-1)
   HOOKS_DYNAMIC     EQU     (-2)

   MAIN_MODULE       EQU     0
   ALL_MODULES       EQU     (-1)

   ADDR_CONTENTS     STRUCT
    ReturnWhere      LPDWORD ?
    ReturnWhat       DWORD   ?
   ADDR_CONTENTS     ENDS

   PADDR_CONTENTS    TYPEDEF PTR ADDR_CONTENTS

   API_UNHOOK        STRUCT
    MaxNoAddr        DWORD   ?
    CurNoAddr        DWORD   0
    WhereWhat        PADDR_CONTENTS ?
   API_UNHOOK        ENDS

   PAPI_UNHOOK       TYPEDEF PTR API_UNHOOK


   WHOLE_AH_CHAIN    EQU   (-1)
;because TASM has "open structures", dwFlags
;would colide with WIN32.inc
;then it is changed to DwFlags
IFDEF ??version
   API_HOOK          STRUCT
    ModuleExport     LPCSTR      ?
    ApiNameOrOrd     LPCSTR      ?
    DwFlags          DWORD       ?
    ModuleImport     LPCSTR      ?
    UnhookAddresses  PAPI_UNHOOK ?
    HookAddress      LPVOID      ?
   API_HOOK          ENDS
ELSE
   API_HOOK          STRUCT
    ModuleExport     LPCSTR      ?
    ApiNameOrOrd     LPCSTR      ?
    dwFlags          DWORD       ?
    ModuleImport     LPCSTR      ?
    UnhookAddresses  PAPI_UNHOOK ?
    HookAddress      LPVOID      ?
   API_HOOK          ENDS
ENDIF

   PAPI_HOOK         TYPEDEF PTR API_HOOK

   ErrorAHMin        EQU 0E1C2F3B1H
   ErrorAHException  EQU (ErrorAHMin+0)
   ErrorAHOpen       EQU (ErrorAHMin+1)
   ErrorAHPrepare    EQU (ErrorAHMin+2)
   ErrorAHTimeOut    EQU (ErrorAHMin+3)
   ErrorAHRemote     EQU (ErrorAHMin+4)
   ErrorAHMax        EQU (ErrorAHMin+4)

   ErrorAMMin        EQU ErrorAHMin
   ErrorAMModule     EQU (ErrorAHMax+1)
   ErrorAMApi        EQU (ErrorAHMax+2)
   ErrorAMMax        EQU (ErrorAHMax+2)

   ErrorAWSuccess    EQU 0E1C2F3B0H

  
   RCINFO            STRUCT
    RCFlags          DWORD ?
    ProcFlags        DWORD ?
    RtlAllocMem      DWORD ?
    RtlFreeMem       DWORD ?
    hProcess         DWORD ?
    ProcessId        DWORD ?
    hThread          DWORD ?
    ThreadId         DWORD ?
    ThreadBody       DWORD ?
    ThreadStack      DWORD ?
   RCINFO            ENDS

   PRCINFO           TYPEDEF PTR RCINFO

;   RCFlags:
    RC_FL_OWNTIMEOUT EQU 1
    RC_FL_TERMINATE  EQU 2
    RC_FL_OWNFREE    EQU 4
    RC_FL_UNHIDE9X   EQU 8
    RC_FL_DEFSD      EQU 16

;   RC constants:
    RCBlockStart      EQU 0ACH
    RCThreadBodyAlias EQU 0E1C2F3AFH 

;   ProcFlags:
    RC_PF_DEBUGGED   EQU 1
    RC_PF_16TERM     EQU 2
    RC_PF_NOOPEN     EQU 4
    RC_PF_NATIVE     EQU 8
    RC_PF_NOTINITED  EQU 16


;   ModWorks.LoadAndCall flags:
    LAC_PASCAL       EQU 080000000H
    LAC_FASTCALL     EQU 040000000H
    LAC_COMCALL      EQU 020000000H
    LAC_DELPHI       EQU 010000000H

;   ModWorks.LoadAndCall constants:
    LACThreadBodyAlias EQU 0E1C2F3AFH 
    LACSTKPointer      EQU 0E1C2E700H 
    LACMEMPointer      EQU 0E1C2DA00H 
    LACMEMOffset       EQU 03DCH 
    LACMEMSize         EQU 0C24H
    LACMaxArgs         EQU 0309H

;useful-------------------------------------------------------------------------

   EndHooks          EQU DWORD HOOKS_END
 
   BeginHooks MACRO __nomen
           PUBLIC  __nomen
           ALIGN 4
          __nomen LABEL API_HOOK
           ENDM
 
   MkHook  MACRO  __symbol, __module_export, __procedure, __method, __module_import
           ALIGN 4

           IFNB <__symbol>
            __symbol LABEL API_HOOK
           ENDIF

           IFNB <__module_export>
            IFIDN <__module_export>, <HOOKS_DYNAMIC>
              DWORD HOOKS_DYNAMIC,0,0,0
              IFNB <__procedure>
                DWORD OFFSET __procedure
              ELSE
                DWORD 0
              ENDIF
              DWORD 0 
              EXITM
            ELSE
              IFDEF sz&__module_export
                DWORD sz&__module_export
              ELSE
                DWORD __module_export
              ENDIF
            ENDIF
           ELSE
            DWORD szKERNEL32
           ENDIF

           IFDEF  sz&__procedure
            DWORD sz&__procedure
           ELSE
;             if (((.type __procedure)) AND (1 shl 7))
;              DWORD sz&__procedure
;             else
;               IFDEF __procedure
               DWORD __procedure
;               ENDIF 
;             endif
           ENDIF

           IFNB <__method>
            DWORD __method
           ELSE
            DWORD HOOK_ALL_SAFE
           ENDIF
           IFNB <__module_import>
            IFDEF sz&__module_import
             DWORD sz&__module_import
            ELSE
             DWORD __module_import
            ENDIF
           ELSE
            DWORD Old&__procedure
           ENDIF
           IFDEF Unhook&__procedure
            DWORD Unhook&__procedure
           ELSE
            DWORD NULL
           ENDIF
           DWORD New&__procedure
           ENDM

  MkUnhook MACRO  __procedure, __maxunhooks
           LOCAL __buffer
           ALIGN 4
          __buffer LABEL ADDR_CONTENTS
           REPT  __maxunhooks*2 ;(ADDR_CONTENTS/DWORD)
           DWORD 0
           ENDM
           Unhook&__procedure LABEL API_UNHOOK
           DWORD __maxunhooks
           DWORD 0
           DWORD OFFSET __buffer
           ENDM
;-------------------------------------------------------------------------------