dt.cpp

微软提供的截取Win32 API函数的开发包和例子detours-src-1.2.rar

//////////////////////////////////////////////////////////////////////////////
//
//	Module:		disas.exe - Detours Test Program
//	File:		disas.cpp
//	Author:		Galen C. Hunt
//
#include <stdio.h>
#include <windows.h>
#include <detours.h>

enum {
	OP_RET 			= 0xc3,
	OP_BRK			= 0xcc,
};


DETOUR_TRAMPOLINE(VOID WINAPI Trampoline_Sleep(DWORD dwMilliseconds),
				  Sleep);

static VOID WINAPI Detour_Sleep(DWORD dwMilliseconds)
{
	printf("  Starting to sleep for %d milliseconds.\n", dwMilliseconds);
	Trampoline_Sleep(dwMilliseconds);
	printf("  Done sleeping.\n");
}

//////////////////////////////////////////////////////////////////////////////
//

DETOUR_TRAMPOLINE(HANDLE WINAPI Real_GetCurrentProcess(VOID), GetCurrentProcess);
DETOUR_TRAMPOLINE(DWORD WINAPI Real_GetCurrentProcessId(VOID), GetCurrentProcessId);
DETOUR_TRAMPOLINE(HANDLE WINAPI Real_GetCurrentThread(VOID), GetCurrentThread);
DETOUR_TRAMPOLINE(DWORD WINAPI Real_GetCurrentThreadId(VOID), GetCurrentThreadId);

HANDLE WINAPI Mine_GetCurrentProcess(VOID)
{
	printf("GetCurrentProcess\n");
	return Real_GetCurrentProcess();
}

DWORD WINAPI Mine_GetCurrentProcessId(VOID)
{
	printf("GetCurrentProcessId\n");
	return Real_GetCurrentProcessId();
}

HANDLE WINAPI Mine_GetCurrentThread(VOID)
{
	printf("GetCurrentThread\n");
	return Real_GetCurrentThread();
}

DWORD WINAPI Mine_GetCurrentThreadId(VOID)
{
	printf("GetCurrentThreadId\n");
	return Real_GetCurrentThreadId();
}

//////////////////////////////////////////////////////////////////////////////
//

static BYTE s_rbData[16384];

void DumpMemoryFragment(PBYTE pbData, ULONG cbData)
{
	for (ULONG n = 0; n < 12; n++) {
		if (n < cbData)
			printf("%02x", pbData[n]);
		else
			printf("  ");
	}
	if (n < cbData) {
		printf("  ");
		printf("..");
	}
}

void TestDetourCopyInstruction(PBYTE pbSrcInstruction,
							   PCHAR pszFunction)
{
	ZeroMemory(s_rbData, sizeof(s_rbData));

	PBYTE pbSrc = pbSrcInstruction;
	PBYTE pbDst = s_rbData;
	PBYTE pbTarget = NULL;

	printf("-------- %s\n", pszFunction);
	for (ULONG nIns = 0; nIns < 16; nIns++) {
		PBYTE pbStep = DetourCopyInstruction(pbDst, pbSrc, &pbTarget);
		ULONG cbStep = pbStep - pbSrc;

		printf("%08lx/%02x:", pbSrc, cbStep);
		DumpMemoryFragment(pbSrc, cbStep);
		printf("%08lx:", pbDst);
		DumpMemoryFragment(pbDst, cbStep);
		printf("%08lx\n", pbTarget);
		fflush(stdout);

		if (pbSrc[0] == OP_RET || pbSrc[0] == OP_BRK) {
			break;
		}

		pbSrc += cbStep;
		pbDst += cbStep;
	}
}

#define TEST(x)  TestDetourCopyInstruction(pf##x,#x)

static BOOL CALLBACK ExportCallback(PVOID pContext,
									DWORD nOrdinal,
									PCHAR pszSymbol,
									PBYTE pbTarget)
{
	printf("        %4d %-30s %08x\n",
		   nOrdinal,
		   pszSymbol ? pszSymbol : "[NO NAME]",
		   pbTarget);
	return TRUE;
}

int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprev, LPSTR lpszCmdLine, int nCmdShow)
{
#ifdef INCLUDE_THIS	
	HINSTANCE hInst = LoadLibrary("user32.dll");
	printf("Loaded: user32.dll: %08lx\n", hInst);
	
	PBYTE pbEntry = DetourFindEntryPointForInstance(hInst);
	printf("    EntryPoint: %08lx\n", pbEntry);
	
	DetourEnumerateExportsForInstance(hInst, NULL, ExportCallback);
	ExitProcess(1);
	
	PBYTE pfSleep = DetourFindFinalCode((PBYTE)Sleep);
	PBYTE pfTrampoline_Sleep = DetourFindFinalCode((PBYTE)Trampoline_Sleep);
	PBYTE pfDetour_Sleep = DetourFindFinalCode((PBYTE)Detour_Sleep);
	PBYTE pfCreateFile = DetourFindFinalCode((PBYTE)CreateFile);
	
	TEST(Sleep);
	TEST(Trampoline_Sleep);
	TEST(Detour_Sleep);
	TEST(CreateFile);
	
	DetourFunctionWithTrampoline((PBYTE)Trampoline_Sleep, (PBYTE)Detour_Sleep);

	printf("-------------------- After Detour on Sleep --------------------\n");
	
	TEST(Sleep);
	TEST(Trampoline_Sleep);
	TEST(Detour_Sleep);
	
	printf("Starting.\n");
	Sleep(2);
	printf("Done.\n");
#endif

	DetourFunctionWithTrampoline((PBYTE)Real_GetCurrentProcess,
								 (PBYTE)Mine_GetCurrentProcess);
	DetourFunctionWithTrampoline((PBYTE)Real_GetCurrentProcessId,
								 (PBYTE)Mine_GetCurrentProcessId);
	DetourFunctionWithTrampoline((PBYTE)Real_GetCurrentThread,
								 (PBYTE)Mine_GetCurrentThread);
	DetourFunctionWithTrampoline((PBYTE)Real_GetCurrentThreadId,
								 (PBYTE)Mine_GetCurrentThreadId);

	GetCurrentProcess();
	GetCurrentProcessId();
	GetCurrentThread();
	GetCurrentThreadId();
	
	return 0;
}

//
///////////////////////////////////////////////////////////////// End of File.