📄 detours.h
字号:
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
BOOL WINAPI DetourCreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEA
pfCreateProcessA);
BOOL WINAPI DetourCreateProcessWithDllW(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCWSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEW
pfCreateProcessW);
#ifdef UNICODE
#define DetourCreateProcessWithDll DetourCreateProcessWithDllW
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
#else
#define DetourCreateProcessWithDll DetourCreateProcessWithDllA
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
#endif // !UNICODE
BOOL WINAPI DetourContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
BOOL WINAPI DetourContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
#ifdef UNICODE
#define DetourContinueProcessWithDll DetourContinueProcessWithDllW
#else
#define DetourContinueProcessWithDll DetourContinueProcessWithDllA
#endif // !UNICODE
//
//////////////////////////////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif // __cplusplus
/////////////////////////////////////////////////////////////////// Old Names.
//
#define ContinueProcessWithDll DetourContinueProcessWithDll
#define ContinueProcessWithDllA DetourContinueProcessWithDllA
#define ContinueProcessWithDllW DetourContinueProcessWithDllW
#define CreateProcessWithDll DetourCreateProcessWithDll
#define CreateProcessWithDllA DetourCreateProcessWithDllA
#define CreateProcessWithDllW DetourCreateProcessWithDllW
#define DETOUR_TRAMPOLINE_WO_TARGET DETOUR_TRAMPOLINE_EMPTY
#define DetourBinaryPurgePayload DetourBinaryPurgePayloads
#define DetourEnumerateExportsForInstance DetourEnumerateExports
#define DetourEnumerateInstances DetourEnumerateModules
#define DetourFindEntryPointForInstance DetourGetEntryPoint
#define DetourFindFinalCode DetourGetFinalCode
#define DetourFindPayloadInBinary DetourFindPayload
#define DetourGetSizeOfBinary DetourGetSizeOfPayloads
#define DetourRemoveWithTrampoline DetourRemove
#define PCREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINE
#define PCREATE_PROCESS_ROUTINEA PDETOUR_CREATE_PROCESS_ROUTINEA
#define PCREATE_PROCESS_ROUTINEW PDETOUR_CREATE_PROCESS_ROUTINEW
//
//////////////////////////////////////////////// Detours Internal Definitions.
//
#ifdef __cplusplus
#ifdef DETOURS_INTERNAL
//////////////////////////////////////////////////////////////////////////////
//
#ifdef IMAGEAPI // defined by IMAGEHLP.H
typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(LPAPI_VERSION AppVersion);
typedef BOOL (NTAPI *PF_SymInitialize)(IN HANDLE hProcess,
IN LPSTR UserSearchPath,
IN BOOL fInvadeProcess);
typedef DWORD (NTAPI *PF_SymSetOptions)(IN DWORD SymOptions);
typedef DWORD (NTAPI *PF_SymGetOptions)(VOID);
typedef BOOL (NTAPI *PF_SymLoadModule)(IN HANDLE hProcess,
IN HANDLE hFile,
IN PSTR ImageName,
IN PSTR ModuleName,
IN DWORD BaseOfDll,
IN DWORD SizeOfDll);
typedef BOOL (NTAPI *PF_SymGetModuleInfo)(IN HANDLE hProcess,
IN DWORD dwAddr,
OUT PIMAGEHLP_MODULE ModuleInfo);
typedef BOOL (NTAPI *PF_SymGetSymFromName)(IN HANDLE hProcess,
IN LPSTR Name,
OUT PIMAGEHLP_SYMBOL Symbol);
typedef BOOL (NTAPI *PF_BindImage)(IN LPSTR pszImageName,
IN LPSTR pszDllPath,
IN LPSTR pszSymbolPath);
typedef struct _DETOUR_SYM_INFO
{
HANDLE hProcess;
HMODULE hImageHlp;
PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;
PF_SymInitialize pfSymInitialize;
PF_SymSetOptions pfSymSetOptions;
PF_SymGetOptions pfSymGetOptions;
PF_SymLoadModule pfSymLoadModule;
PF_SymGetModuleInfo pfSymGetModuleInfo;
PF_SymGetSymFromName pfSymGetSymFromName;
PF_BindImage pfBindImage;
} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;
PDETOUR_SYM_INFO DetourLoadImageHlp(VOID);
#endif // IMAGEAPI
//////////////////////////////////////////////////////////////////////////////
//
class CDetourEnableWriteOnCodePage
{
public:
CDetourEnableWriteOnCodePage(PBYTE pbCode, LONG cbCode = DETOUR_TRAMPOLINE_SIZE)
{
m_pbCode = pbCode;
m_cbCode = cbCode;
m_dwOldPerm = 0;
m_hProcess = GetCurrentProcess();
if (m_pbCode && m_cbCode) {
if (!FlushInstructionCache(m_hProcess, pbCode, cbCode)) {
return;
}
if (!VirtualProtect(pbCode,
cbCode,
PAGE_EXECUTE_READWRITE,
&m_dwOldPerm)) {
return;
}
}
}
~CDetourEnableWriteOnCodePage()
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
DWORD dwTemp = 0;
if (!FlushInstructionCache(m_hProcess, m_pbCode, m_cbCode)) {
return;
}
if (!VirtualProtect(m_pbCode, m_cbCode, m_dwOldPerm, &dwTemp)) {
return;
}
}
}
BOOL SetPermission(DWORD dwPerms)
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
m_dwOldPerm = dwPerms;
return TRUE;
}
return FALSE;
}
BOOL IsValid(VOID)
{
return m_pbCode && m_cbCode && m_dwOldPerm;
}
private:
HANDLE m_hProcess;
PBYTE m_pbCode;
LONG m_cbCode;
DWORD m_dwOldPerm;
};
//////////////////////////////////////////////////////////////////////////////
//
inline PBYTE DetourGenMovEax(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB8;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBB;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEcx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB9;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBA;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBE;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBF;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBD;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBC;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPush(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0x68;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPushad(PBYTE pbCode)
{
*pbCode++ = 0x60;
return pbCode;
}
inline PBYTE DetourGenPopad(PBYTE pbCode)
{
*pbCode++ = 0x61;
return pbCode;
}
inline PBYTE DetourGenJmp(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE9;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenCall(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE8;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenBreak(PBYTE pbCode)
{
*pbCode++ = 0xcc;
return pbCode;
}
inline PBYTE DetourGenRet(PBYTE pbCode)
{
*pbCode++ = 0xc3;
return pbCode;
}
inline PBYTE DetourGenNop(PBYTE pbCode)
{
*pbCode++ = 0x90;
return pbCode;
}
#endif DETOURS_INTERAL
#endif // __cplusplus
#endif // _DETOURS_H_
//
//////////////////////////////////////////////////////////////// End of File.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -