📄 tracereg.cpp
字号:
//////////////////////////////////////////////////////////////////////
//
// File: tracereg.cpp
// Module: tracereg.dll
// Copyright: 1996-2001, Microsoft Corporation
//
// Microsoft Research Detours Package Version 1.5 (Build 46)
//
#define _WIN32_WINNT 0x0400
#define WIN32
#define NT
#define DBG_TRACE 0
#include <windows.h>
#include <stdio.h>
#include "detours.h"
#include "syelog.h"
#define PULONG_PTR PVOID
#define PLONG_PTR PVOID
#define ULONG_PTR PVOID
#define LONG_PTR PVOID
#define ENUMRESNAMEPROCA PVOID
#define ENUMRESNAMEPROCW PVOID
#define ENUMRESLANGPROCA PVOID
#define ENUMRESLANGPROCW PVOID
#define ENUMRESTYPEPROCA PVOID
#define ENUMRESTYPEPROCW PVOID
#define STGOPTIONS PVOID
//////////////////////////////////////////////////////////////////////
#pragma warning(disable:4127) // Many of our asserts are constants.
#ifndef _DEFINED_ASMBREAK_
#define _DEFINED_ASMBREAK_
#define ASMBREAK() __asm { int 3 }
//#define ASMBREAK() DebugBreak()
#endif // _DEFINED_ASMBREAK_
#define ASSERT_ALWAYS(x) \
do { \
if (!(x)) { \
AssertMessage(#x, __FILE__, __LINE__); \
ASMBREAK(); \
} \
} while (0)
#ifndef NDEBUG
#define ASSERT(x) ASSERT_ALWAYS(x)
#else
#define ASSERT(x)
#endif
#define UNUSED(c) (c) = (c)
#define ARRAYOF(x) (sizeof(x)/sizeof(x[0]))
//////////////////////////////////////////////////////////////////////
static HINSTANCE s_hInst;
static WCHAR s_wzDllPath[MAX_PATH];
BOOL ProcessEnumerate();
BOOL InstanceEnumerate(HINSTANCE hInst);
VOID _PrintEnter(PCSTR psz, ...);
VOID _PrintExit(PCSTR psz, ...);
VOID _Print(PCSTR psz, ...);
VOID AssertMessage(CONST PCHAR pszMsg, CONST PCHAR pszFile, ULONG nLine);
//////////////////////////////////////////////////////////////////////////////
//
#pragma warning(disable:4100) // Trampolines don't use formal parameters.
extern "C" {
DETOUR_TRAMPOLINE(HANDLE WINAPI
Real_CreateFileW(LPCWSTR a0,
DWORD a1,
DWORD a2,
LPSECURITY_ATTRIBUTES a3,
DWORD a4,
DWORD a5,
HANDLE a6),
CreateFileW);
DETOUR_TRAMPOLINE(BOOL WINAPI
Real_WriteFile(HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped),
WriteFile);
DETOUR_TRAMPOLINE(BOOL WINAPI
Real_FlushFileBuffers(HANDLE hFile),
FlushFileBuffers);
DETOUR_TRAMPOLINE(BOOL WINAPI
Real_CloseHandle(HANDLE hObject),
CloseHandle);
DETOUR_TRAMPOLINE(BOOL WINAPI
Real_WaitNamedPipeW(LPCWSTR lpNamedPipeName, DWORD nTimeOut),
WaitNamedPipeW);
DETOUR_TRAMPOLINE(BOOL WINAPI
Real_SetNamedPipeHandleState(HANDLE hNamedPipe,
LPDWORD lpMode,
LPDWORD lpMaxCollectionCount,
LPDWORD lpCollectDataTimeout),
SetNamedPipeHandleState);
DETOUR_TRAMPOLINE(DWORD WINAPI
Real_GetCurrentProcessId(VOID),
GetCurrentProcessId);
DETOUR_TRAMPOLINE(VOID WINAPI
Real_GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime),
GetSystemTimeAsFileTime);
DETOUR_TRAMPOLINE(VOID WINAPI
Real_InitializeCriticalSection(LPCRITICAL_SECTION lpSection),
InitializeCriticalSection);
DETOUR_TRAMPOLINE(VOID WINAPI
Real_EnterCriticalSection(LPCRITICAL_SECTION lpSection),
EnterCriticalSection);
DETOUR_TRAMPOLINE(VOID WINAPI
Real_LeaveCriticalSection(LPCRITICAL_SECTION lpSection),
LeaveCriticalSection);
}
//////////////////////////////////////////////////////////////////////////////
//
DETOUR_TRAMPOLINE(BOOL WINAPI Real_CopyFileExA(LPCSTR a0,
LPCSTR a1,
LPPROGRESS_ROUTINE a2,
LPVOID a3,
LPBOOL a4,
DWORD a5),
CopyFileExA);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_CopyFileExW(LPCWSTR a0,
LPCWSTR a1,
LPPROGRESS_ROUTINE a2,
LPVOID a3,
LPBOOL a4,
DWORD a5),
CopyFileExW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_CreateDirectoryExW(LPCWSTR a0,
LPCWSTR a1,
LPSECURITY_ATTRIBUTES a2),
CreateDirectoryExW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_CreateDirectoryW(LPCWSTR a0,
LPSECURITY_ATTRIBUTES a1),
CreateDirectoryW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_CreateProcessW(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation),
CreateProcessW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_DeleteFileA(LPCSTR a0),
DeleteFileA);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_DeleteFileW(LPCWSTR a0),
DeleteFileW);
DETOUR_TRAMPOLINE(HANDLE WINAPI Real_FindFirstFileExA(LPCSTR a0,
FINDEX_INFO_LEVELS a1,
LPVOID a2,
FINDEX_SEARCH_OPS a3,
LPVOID a4,
DWORD a5),
FindFirstFileExA);
DETOUR_TRAMPOLINE(HANDLE WINAPI Real_FindFirstFileExW(LPCWSTR a0,
FINDEX_INFO_LEVELS a1,
LPVOID a2,
FINDEX_SEARCH_OPS a3,
LPVOID a4,
DWORD a5),
FindFirstFileExW);
DETOUR_TRAMPOLINE(DWORD WINAPI Real_GetFileAttributesW(LPCWSTR a0),
GetFileAttributesW);
DETOUR_TRAMPOLINE(DWORD WINAPI Real_GetModuleFileNameW(HMODULE a0,
LPWSTR a1,
DWORD a2),
GetModuleFileNameW);
DETOUR_TRAMPOLINE(FARPROC WINAPI Real_GetProcAddress(struct HINSTANCE__* a0,
LPCSTR a1),
GetProcAddress);
DETOUR_TRAMPOLINE(HMODULE WINAPI Real_LoadLibraryExW(LPCWSTR a0,
HANDLE a1,
DWORD a2),
LoadLibraryExW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_MoveFileA(LPCSTR a0,
LPCSTR a1),
MoveFileA);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_MoveFileExA(LPCSTR a0,
LPCSTR a1,
DWORD a2),
MoveFileExA);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_MoveFileExW(LPCWSTR a0,
LPCWSTR a1,
DWORD a2),
MoveFileExW);
DETOUR_TRAMPOLINE(BOOL WINAPI Real_MoveFileW(LPCWSTR a0,
LPCWSTR a1),
MoveFileW);
DETOUR_TRAMPOLINE(HFILE WINAPI Real_OpenFile(LPCSTR a0,
struct _OFSTRUCT* a1,
UINT a2),
OpenFile);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegCreateKeyExA(HKEY a0,
LPCSTR a1,
DWORD a2,
LPSTR a3,
DWORD a4,
REGSAM a5,
LPSECURITY_ATTRIBUTES a6,
PHKEY a7,
LPDWORD a8),
RegCreateKeyExA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegCreateKeyExW(HKEY a0,
LPCWSTR a1,
DWORD a2,
LPWSTR a3,
DWORD a4,
REGSAM a5,
LPSECURITY_ATTRIBUTES a6,
PHKEY a7,
LPDWORD a8),
RegCreateKeyExW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegDeleteKeyA(HKEY a0,
LPCSTR a1),
RegDeleteKeyA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegDeleteKeyW(HKEY a0,
LPCWSTR a1),
RegDeleteKeyW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegDeleteValueA(HKEY a0,
LPCSTR a1),
RegDeleteValueA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegDeleteValueW(HKEY a0,
LPCWSTR a1),
RegDeleteValueW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegEnumKeyExA(HKEY a0,
DWORD a1,
LPSTR a2,
LPDWORD a3,
LPDWORD a4,
LPSTR a5,
LPDWORD a6,
struct _FILETIME* a7),
RegEnumKeyExA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegEnumKeyExW(HKEY a0,
DWORD a1,
LPWSTR a2,
LPDWORD a3,
LPDWORD a4,
LPWSTR a5,
LPDWORD a6,
struct _FILETIME* a7),
RegEnumKeyExW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegEnumValueA(HKEY a0,
DWORD a1,
LPSTR a2,
LPDWORD a3,
LPDWORD a4,
LPDWORD a5,
LPBYTE a6,
LPDWORD a7),
RegEnumValueA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegEnumValueW(HKEY a0,
DWORD a1,
LPWSTR a2,
LPDWORD a3,
LPDWORD a4,
LPDWORD a5,
LPBYTE a6,
LPDWORD a7),
RegEnumValueW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegOpenKeyExA(HKEY a0,
LPCSTR a1,
DWORD a2,
REGSAM a3,
PHKEY a4),
RegOpenKeyExA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegOpenKeyExW(HKEY a0,
LPCWSTR a1,
DWORD a2,
REGSAM a3,
PHKEY a4),
RegOpenKeyExW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegQueryInfoKeyA(HKEY a0,
LPSTR a1,
LPDWORD a2,
LPDWORD a3,
LPDWORD a4,
LPDWORD a5,
LPDWORD a6,
LPDWORD a7,
LPDWORD a8,
LPDWORD a9,
LPDWORD a10,
struct _FILETIME* a11),
RegQueryInfoKeyA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegQueryInfoKeyW(HKEY a0,
LPWSTR a1,
LPDWORD a2,
LPDWORD a3,
LPDWORD a4,
LPDWORD a5,
LPDWORD a6,
LPDWORD a7,
LPDWORD a8,
LPDWORD a9,
LPDWORD a10,
struct _FILETIME* a11),
RegQueryInfoKeyW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegQueryValueExA(HKEY a0,
LPCSTR a1,
LPDWORD a2,
LPDWORD a3,
LPBYTE a4,
LPDWORD a5),
RegQueryValueExA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegQueryValueExW(HKEY a0,
LPCWSTR a1,
LPDWORD a2,
LPDWORD a3,
LPBYTE a4,
LPDWORD a5),
RegQueryValueExW);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegSetValueExA(HKEY a0,
LPCSTR a1,
DWORD a2,
DWORD a3,
BYTE* a4,
DWORD a5),
RegSetValueExA);
DETOUR_TRAMPOLINE(LONG WINAPI Real_RegSetValueExW(HKEY a0,
LPCWSTR a1,
DWORD a2,
DWORD a3,
BYTE* a4,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -