archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/sdktools/profiler/hooks.c

314 lines
8.5 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include <windows.h>
  2. #include <stdlib.h>
  3. #include <psapi.h>
  4. #include <tlhelp32.h>
  5. #include <imagehlp.h>
  6. #include <stdio.h>
  7. #include "shimdb.h"
  8. #include "shim2.h"
  9. #include "hooks.h"
  10. #include "dump.h"
  11. #include "view.h"
  12. #include "filter.h"
  13. #include "except.h"
  14. #include "profiler.h"
  16. //
  17. // API hook externs
  18. //
  19. extern BOOL g_bIsWin9X;
  20. extern HANDLE g_hSnapshot;
  21. extern HANDLE g_hValidationSnapshot;
  22. extern LONG g_nShimDllCount;
  23. extern LONG g_nHookedModuleCount;
  24. extern HMODULE g_hHookedModules[MAX_MODULES];
  25. extern HMODULE g_hShimDlls[MAX_MODULES];
  26. extern PHOOKAPI g_rgpHookAPIs[MAX_MODULES];
  27. extern LONG g_rgnHookAPICount[MAX_MODULES];
  29. //
  30. // Global array of hooked functions
  31. //
  32. HOOKAPI g_rgBaseHookAPIs[SHIM_BASE_APIHOOK_COUNT];
  34. PVOID StubGetProcAddress(
  35. HMODULE hMod,
  36. char* pszProc)
  37. {
  38. char szModName[MAX_PATH];
  39. char* pszShortName;
  40. UINT ind;
  41. DWORD dwSize;
  42. PVOID pfn;
  43. LONG i,j;
  44. PHOOKAPI pTopHookAPI = NULL;
  46. PFNGETPROCADDRESS pfnOld;
  47. pfnOld = g_rgBaseHookAPIs[ hookGetProcAddress ].pfnOld;
  49. if( pfn = (*pfnOld)(hMod, pszProc) )
  50. {
  51. for (i = 0; i < g_nShimDllCount; i++)
  52. {
  53. for (j = 0; j < g_rgnHookAPICount[i]; j++)
  54. {
  55. if( g_rgpHookAPIs[i][j].pfnOld == pfn)
  56. {
  57. pTopHookAPI = ConstructChain( pfn, &dwSize );
  58. //maybe use the include exclude function here as well
  59. return pTopHookAPI->pfnNew;
  60. }
  61. }
  62. }
  63. }
  65. return pfn;
  66. } // StubGetProcAddress
  68. HMODULE StubLoadLibraryA(
  69. LPCSTR pszModule)
  70. {
  71. HMODULE hMod;
  72. PFNLOADLIBRARYA pfnOld;
  73. PIMAGE_NT_HEADERS pHeaders;
  75. pfnOld = g_rgBaseHookAPIs[ hookLoadLibraryA ].pfnOld;
  76. hMod = (*pfnOld)(pszModule);
  78. if (hMod != NULL) {
  79. RefreshFilterList();
  81. Shim2PatchNewModules();
  83. //
  84. // Rescan DLLs and add updated base information
  85. //
  86. WriteImportDLLTableInfo();
  87. }
  89. return hMod;
  90. } // StubLoadLibraryA
  92. HMODULE StubLoadLibraryW(
  93. WCHAR* pwszModule)
  94. {
  95. HMODULE hMod;
  96. CHAR szModuleName[MAX_PATH];
  97. PIMAGE_NT_HEADERS pHeaders;
  98. INT nResult;
  100. PFNLOADLIBRARYW pfnOld;
  101. pfnOld = g_rgBaseHookAPIs[ hookLoadLibraryW ].pfnOld;
  103. hMod = (*pfnOld)(pwszModule);
  105. if (hMod != NULL) {
  106. RefreshFilterList();
  108. Shim2PatchNewModules();
  111. //
  112. // Rescan DLLs and add updated base information
  113. //
  114. WriteImportDLLTableInfo();
  115. }
  117. return hMod;
  118. } // StubLoadLibraryW
  120. HMODULE StubLoadLibraryExA(
  121. LPCSTR pszModule,
  122. HANDLE hFile,
  123. DWORD dwFlags)
  124. {
  125. HMODULE hMod;
  126. PFNLOADLIBRARYEXA pfnOld;
  127. PIMAGE_NT_HEADERS pHeaders;
  129. pfnOld = g_rgBaseHookAPIs[ hookLoadLibraryExA ].pfnOld;
  130. hMod = (*pfnOld)(pszModule, hFile, dwFlags);
  132. if (hMod != NULL) {
  133. RefreshFilterList();
  135. Shim2PatchNewModules();
  137. //
  138. // Rescan DLLs and add updated base information
  139. //
  140. WriteImportDLLTableInfo();
  141. }
  143. return hMod;
  144. } // StubLoadLibraryExA
  146. HMODULE StubLoadLibraryExW(
  147. WCHAR* pwszModule,
  148. HANDLE hFile,
  149. DWORD dwFlags)
  150. {
  151. HMODULE hMod;
  152. PIMAGE_NT_HEADERS pHeaders;
  153. INT nResult;
  155. PFNLOADLIBRARYEXW pfnOld;
  156. pfnOld = g_rgBaseHookAPIs[ hookLoadLibraryExW ].pfnOld;
  158. hMod = (*pfnOld)(pwszModule, hFile, dwFlags);
  160. if (hMod != NULL) {
  161. RefreshFilterList();
  163. Shim2PatchNewModules();
  165. //
  166. // Rescan DLLs and add updated base information
  167. //
  168. WriteImportDLLTableInfo();
  169. }
  171. return hMod;
  172. } // StubLoadLibraryExW
  174. BOOL StubFreeLibrary(
  175. HMODULE hLibModule // handle to loaded library module
  176. )
  177. {
  178. BOOL bRet, bFound;
  179. PFNFREELIBRARY pfnOld;
  180. MODULEENTRY32 ModuleEntry32;
  181. long i, j;
  183. pfnOld = (PFNFREELIBRARY) g_rgBaseHookAPIs[ hookFreeLibrary ].pfnOld;
  185. bRet = (*pfnOld)(hLibModule);
  187. g_hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, 0 );
  189. ModuleEntry32.dwSize = sizeof( ModuleEntry32 );
  190. for( i = 0; i < g_nHookedModuleCount; i++ )
  191. {
  192. bFound = FALSE;
  193. bRet = Module32First( g_hSnapshot, &ModuleEntry32 );
  195. while( bRet )
  196. {
  197. if( g_hHookedModules[i] == ModuleEntry32.hModule )
  198. {
  199. bFound = TRUE;
  200. break;
  201. }
  202. bRet = Module32Next( g_hSnapshot, &ModuleEntry32 );
  203. }
  205. if( ! bFound )
  206. {
  207. // Take out of list
  208. for( j = i; j < g_nHookedModuleCount - 1; j++ )
  209. g_hHookedModules[j] = g_hHookedModules[j+1];
  211. g_hHookedModules[j] = NULL;
  212. g_nHookedModuleCount--;
  213. }
  214. }
  216. if( g_hSnapshot )
  217. {
  218. CloseHandle( g_hSnapshot );
  219. g_hSnapshot = NULL;
  220. }
  222. return bRet;
  223. }
  225. VOID StubExitProcess(UINT uExitCode)
  226. {
  227. PFNEXITPROCESS pfnOld;
  229. //
  230. // Process is terminating - flush ourselves
  231. //
  232. FlushForTermination();
  234. pfnOld = g_rgBaseHookAPIs[ hookExitProcess ].pfnOld;
  235. (*pfnOld)(uExitCode);
  236. } // StubExitProcess
  238. HANDLE StubCreateThread(
  239. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  240. DWORD dwStackSize,
  241. LPTHREAD_START_ROUTINE lpStartAddress,
  242. LPVOID lpParameter,
  243. DWORD dwCreationFlags,
  244. LPDWORD lpThreadId)
  245. {
  246. PFNCREATETHREAD pfnOld;
  247. PVIEWCHAIN pvTemp;
  249. pfnOld = g_rgBaseHookAPIs[ hookCreateThread ].pfnOld;
  251. //
  252. // Add a mapping breakpoint for the thread entrypoint
  253. //
  254. pvTemp = AddViewToMonitor((DWORD)lpStartAddress,
  255. ThreadStart);
  257. return (*pfnOld)(lpThreadAttributes,
  258. dwStackSize,
  259. lpStartAddress,
  260. lpParameter,
  261. dwCreationFlags,
  262. lpThreadId);
  263. } // StubCreateThread
  265. VOID
  266. InitializeBaseHooks(HINSTANCE hInstance)
  267. {
  268. g_hSnapshot = NULL;
  269. g_hValidationSnapshot = NULL;
  271. g_nShimDllCount = 0;
  272. g_nHookedModuleCount = 0;
  273. ZeroMemory( g_hHookedModules, sizeof( g_hHookedModules ) );
  274. ZeroMemory( g_hShimDlls, sizeof( g_hShimDlls ) );
  275. ZeroMemory( g_rgpHookAPIs, sizeof( g_rgpHookAPIs ) );
  276. ZeroMemory( g_rgnHookAPICount, sizeof( g_rgnHookAPICount ) );
  277. ZeroMemory( g_rgBaseHookAPIs, sizeof( g_rgBaseHookAPIs ) );
  279. g_rgBaseHookAPIs[ hookGetProcAddress ].pszModule = "kernel32.dll";
  280. g_rgBaseHookAPIs[ hookGetProcAddress ].pszFunctionName = "GetProcAddress";
  281. g_rgBaseHookAPIs[ hookGetProcAddress ].pfnNew = (PVOID)StubGetProcAddress;
  283. g_rgBaseHookAPIs[ hookLoadLibraryA ].pszModule = "kernel32.dll";
  284. g_rgBaseHookAPIs[ hookLoadLibraryA ].pszFunctionName = "LoadLibraryA";
  285. g_rgBaseHookAPIs[ hookLoadLibraryA ].pfnNew = (PVOID)StubLoadLibraryA;
  287. g_rgBaseHookAPIs[ hookLoadLibraryW ].pszModule = "kernel32.dll";
  288. g_rgBaseHookAPIs[ hookLoadLibraryW ].pszFunctionName = "LoadLibraryW";
  289. g_rgBaseHookAPIs[ hookLoadLibraryW ].pfnNew = (PVOID)StubLoadLibraryW;
  291. g_rgBaseHookAPIs[ hookLoadLibraryExA ].pszModule = "kernel32.dll";
  292. g_rgBaseHookAPIs[ hookLoadLibraryExA ].pszFunctionName = "LoadLibraryExA";
  293. g_rgBaseHookAPIs[ hookLoadLibraryExA ].pfnNew = (PVOID)StubLoadLibraryExA;
  295. g_rgBaseHookAPIs[ hookLoadLibraryExW ].pszModule = "kernel32.dll";
  296. g_rgBaseHookAPIs[ hookLoadLibraryExW ].pszFunctionName = "LoadLibraryExW";
  297. g_rgBaseHookAPIs[ hookLoadLibraryExW ].pfnNew = (PVOID)StubLoadLibraryExW;
  299. g_rgBaseHookAPIs[ hookFreeLibrary ].pszModule = "kernel32.dll";
  300. g_rgBaseHookAPIs[ hookFreeLibrary ].pszFunctionName = "FreeLibrary";
  301. g_rgBaseHookAPIs[ hookFreeLibrary ].pfnNew = (PVOID)StubFreeLibrary;
  303. g_rgBaseHookAPIs[ hookExitProcess ].pszModule = "kernel32.dll";
  304. g_rgBaseHookAPIs[ hookExitProcess ].pszFunctionName = "ExitProcess";
  305. g_rgBaseHookAPIs[ hookExitProcess ].pfnNew = (PVOID)StubExitProcess;
  307. g_rgBaseHookAPIs[ hookCreateThread ].pszModule = "kernel32.dll";
  308. g_rgBaseHookAPIs[ hookCreateThread ].pszFunctionName = "CreateThread";
  309. g_rgBaseHookAPIs[ hookCreateThread ].pfnNew = (PVOID)StubCreateThread;
  311. AddHookAPIs(hInstance, g_rgBaseHookAPIs, SHIM_BASE_APIHOOK_COUNT, NULL);
  313. Shim2PatchNewModules();
  314. }