Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

426 lines
12 KiB

  1. //////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Module: detours.lib
  4. // File: detours.h
  5. // Author: Galen Hunt
  6. //
  7. // Detours for binary functions. Version 1.2. (Build 35)
  8. //
  9. // Copyright 1995-1999, Microsoft Corporation
  10. //
  11. // http://research.microsoft.com/sn/detours
  12. //
  13. #pragma once
  14. #ifndef _DETOURS_H_
  15. #define _DETOURS_H_
  16. #pragma comment(lib, "detours")
  17. //////////////////////////////////////////////////////////////////////////////
  18. //
  19. #ifndef GUID_DEFINED
  20. #define GUID_DEFINED
  21. typedef struct _GUID
  22. {
  23. DWORD Data1;
  24. WORD Data2;
  25. WORD Data3;
  26. BYTE Data4[ 8 ];
  27. } GUID;
  28. #endif // !GUID_DEFINED
  29. #if defined(__cplusplus)
  30. #ifndef _REFGUID_DEFINED
  31. #define _REFGUID_DEFINED
  32. #define REFGUID const GUID &
  33. #endif // !_REFGUID_DEFINED
  34. #else // !__cplusplus
  35. #ifndef _REFGUID_DEFINED
  36. #define _REFGUID_DEFINED
  37. #define REFGUID const GUID * const
  38. #endif // !_REFGUID_DEFINED
  39. #endif // !__cplusplus
  40. //
  41. //////////////////////////////////////////////////////////////////////////////
  42. #ifdef __cplusplus
  43. extern "C" {
  44. #endif // __cplusplus
  45. /////////////////////////////////////////////////////////// Trampoline Macros.
  46. //
  47. // DETOUR_TRAMPOLINE(trampoline_prototype, target_name)
  48. //
  49. // The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes.
  50. //
  51. enum {
  52. DETOUR_TRAMPOLINE_SIZE = 32,
  53. DETOUR_SECTION_HEADER_SIGNATURE = 0x00727444, // "Dtr\0"
  54. };
  55. #define DETOUR_TRAMPOLINE(trampoline,target) \
  56. static PVOID __fastcall _Detours_GetVA_##target(VOID) \
  57. { \
  58. return ⌖ \
  59. } \
  60. \
  61. __declspec(naked) trampoline \
  62. { \
  63. __asm { nop };\
  64. __asm { nop };\
  65. __asm { call _Detours_GetVA_##target };\
  66. __asm { jmp eax };\
  67. __asm { ret };\
  68. __asm { nop };\
  69. __asm { nop };\
  70. __asm { nop };\
  71. __asm { nop };\
  72. __asm { nop };\
  73. __asm { nop };\
  74. __asm { nop };\
  75. __asm { nop };\
  76. __asm { nop };\
  77. __asm { nop };\
  78. __asm { nop };\
  79. __asm { nop };\
  80. __asm { nop };\
  81. __asm { nop };\
  82. __asm { nop };\
  83. __asm { nop };\
  84. __asm { nop };\
  85. __asm { nop };\
  86. __asm { nop };\
  87. __asm { nop };\
  88. __asm { nop };\
  89. __asm { nop };\
  90. }
  91. #define DETOUR_TRAMPOLINE_WO_TARGET(trampoline) \
  92. __declspec(naked) trampoline \
  93. { \
  94. __asm { nop };\
  95. __asm { nop };\
  96. __asm { xor eax, eax };\
  97. __asm { mov eax, [eax] };\
  98. __asm { ret };\
  99. __asm { nop };\
  100. __asm { nop };\
  101. __asm { nop };\
  102. __asm { nop };\
  103. __asm { nop };\
  104. __asm { nop };\
  105. __asm { nop };\
  106. __asm { nop };\
  107. __asm { nop };\
  108. __asm { nop };\
  109. __asm { nop };\
  110. __asm { nop };\
  111. __asm { nop };\
  112. __asm { nop };\
  113. __asm { nop };\
  114. __asm { nop };\
  115. __asm { nop };\
  116. __asm { nop };\
  117. __asm { nop };\
  118. __asm { nop };\
  119. __asm { nop };\
  120. __asm { nop };\
  121. __asm { nop };\
  122. __asm { nop };\
  123. __asm { nop };\
  124. }
  125. /////////////////////////////////////////////////// Instruction Target Macros.
  126. //
  127. #define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE)0)
  128. #define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul)
  129. /////////////////////////////////////////////////////////// Binary Structures.
  130. //
  131. #pragma pack(push, 8)
  132. typedef struct _DETOUR_SECTION_HEADER
  133. {
  134. DWORD cbHeaderSize;
  135. DWORD nSignature;
  136. DWORD nDataOffset;
  137. DWORD cbDataSize;
  138. DWORD nOriginalImportVirtualAddress;
  139. DWORD nOriginalImportSize;
  140. DWORD nOriginalBoundImportVirtualAddress;
  141. DWORD nOriginalBoundImportSize;
  142. DWORD nOriginalIatVirtualAddress;
  143. DWORD nOriginalIatSize;
  144. DWORD nOriginalSizeOfImage;
  145. DWORD nReserve;
  146. } DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;
  147. typedef struct _DETOUR_SECTION_RECORD
  148. {
  149. DWORD cbBytes;
  150. DWORD nReserved;
  151. GUID guid;
  152. } DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;
  153. #pragma pack(pop)
  154. #define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \
  155. { \
  156. sizeof(DETOUR_SECTION_HEADER),\
  157. DETOUR_SECTION_HEADER_SIGNATURE,\
  158. sizeof(DETOUR_SECTION_HEADER),\
  159. (cbSectionSize),\
  160. \
  161. 0,\
  162. 0,\
  163. 0,\
  164. 0,\
  165. \
  166. 0,\
  167. 0,\
  168. 0,\
  169. 0,\
  170. }
  171. ///////////////////////////////////////////////////////////// Binary Typedefs.
  172. //
  173. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext,
  174. PCHAR pszFile,
  175. PCHAR *ppszOutFile);
  176. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext,
  177. PCHAR pszOrigFile,
  178. PCHAR pszFile,
  179. PCHAR *ppszOutFile);
  180. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
  181. DWORD nOrdinal,
  182. PCHAR pszOrigSymbol,
  183. PCHAR pszSymbol,
  184. PCHAR *ppszOutSymbol);
  185. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FINAL_CALLBACK)(PVOID pContext);
  186. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_EXPORT_CALLBACK)(PVOID pContext,
  187. DWORD nOrdinal,
  188. PCHAR pszName,
  189. PBYTE pbCode);
  190. typedef VOID * PDETOUR_BINARY;
  191. typedef VOID * PDETOUR_LOADED_BINARY;
  192. //////////////////////////////////////////////////////// Trampoline Functions.
  193. //
  194. PBYTE WINAPI DetourFunction(PBYTE pbTargetFunction,
  195. PBYTE pbDetourFunction);
  196. BOOL WINAPI DetourFunctionWithEmptyTrampoline(PBYTE pbTrampoline,
  197. PBYTE pbTarget,
  198. PBYTE pbDetour);
  199. BOOL WINAPI DetourFunctionWithEmptyTrampolineEx(PBYTE pbTrampoline,
  200. PBYTE pbTarget,
  201. PBYTE pbDetour,
  202. PBYTE *ppbRealTrampoline,
  203. PBYTE *ppbRealTarget,
  204. PBYTE *ppbRealDetour);
  205. BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline,
  206. PBYTE pbDetour);
  207. BOOL WINAPI DetourFunctionWithTrampolineEx(PBYTE pbTrampoline,
  208. PBYTE pbDetour,
  209. PBYTE *ppbRealTrampoline,
  210. PBYTE *ppbRealTarget);
  211. BOOL WINAPI DetourRemoveWithTrampoline(PBYTE pbTrampoline,
  212. PBYTE pbDetour);
  213. PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction);
  214. PBYTE WINAPI DetourFindFinalCode(PBYTE pbCode);
  215. PBYTE WINAPI DetourCopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget);
  216. PBYTE WINAPI DetourCopyInstructionEx(PBYTE pbDst,
  217. PBYTE pbSrc,
  218. PBYTE *ppbTarget,
  219. LONG *plExtra);
  220. ///////////////////////////////////////////////////// Loaded Binary Functions.
  221. //
  222. HINSTANCE WINAPI DetourEnumerateInstances(HINSTANCE hinstLast);
  223. PBYTE WINAPI DetourFindEntryPointForInstance(HINSTANCE hInst);
  224. BOOL WINAPI DetourEnumerateExportsForInstance(HINSTANCE hInst,
  225. PVOID pContext,
  226. PF_DETOUR_BINARY_EXPORT_CALLBACK pfExport);
  227. PDETOUR_LOADED_BINARY WINAPI DetourBinaryFromInstance(HINSTANCE hInst);
  228. PBYTE WINAPI DetourFindPayloadInBinary(PDETOUR_LOADED_BINARY pBinary,
  229. REFGUID rguid,
  230. DWORD *pcbData);
  231. DWORD WINAPI DetourGetSizeOfBinary(PDETOUR_LOADED_BINARY pBinary);
  232. ///////////////////////////////////////////////// Persistent Binary Functions.
  233. //
  234. BOOL WINAPI DetourBinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath);
  235. BOOL WINAPI DetourBinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath);
  236. #ifdef UNICODE
  237. #define DetourBinaryBind DetourBinaryBindW
  238. #else
  239. #define DetourBinaryBind DetourBinaryBindA
  240. #endif // !UNICODE
  241. PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile);
  242. PBYTE WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
  243. GUID *pGuid,
  244. DWORD *pcbData,
  245. DWORD *pnIterator);
  246. PBYTE WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary,
  247. REFGUID rguid,
  248. DWORD *pcbData);
  249. PBYTE WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary,
  250. REFGUID rguid,
  251. PBYTE pbData,
  252. DWORD cbData);
  253. BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
  254. BOOL WINAPI DetourBinaryPurgePayload(PDETOUR_BINARY pBinary);
  255. BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary);
  256. BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary,
  257. PVOID pContext,
  258. PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,
  259. PF_DETOUR_BINARY_FILE_CALLBACK pfFile,
  260. PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,
  261. PF_DETOUR_BINARY_FINAL_CALLBACK pfFinal);
  262. BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
  263. BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary);
  264. ///////////////////////////////////////// Symbolic Debug Information Creation.
  265. //
  266. enum {
  267. DETOUR_SYNTH_HEADERSIZE = 512,
  268. };
  269. typedef VOID * PDETOUR_SYNTH;
  270. PDETOUR_SYNTH WINAPI DetourSynthCreate();
  271. PDETOUR_SYNTH WINAPI DetourSynthCreatePseudoFile(PCHAR pszBinPath,
  272. PVOID pvBase);
  273. BOOL WINAPI DetourSynthAddSymbol(PDETOUR_SYNTH pSynth,
  274. PVOID pvSymbol,
  275. PCSTR pszSymbol);
  276. BOOL WINAPI DetourSynthAddSource(PDETOUR_SYNTH pSynth,
  277. PVOID pvSource,
  278. DWORD cbSource,
  279. PCSTR pszFile,
  280. DWORD nLine);
  281. BOOL WINAPI DetourSynthAddOpcode(PDETOUR_SYNTH pSynth,
  282. PVOID pvCode,
  283. DWORD cbCode);
  284. BOOL WINAPI DetourSynthWriteToFile(PDETOUR_SYNTH pSynth,
  285. HANDLE hFile,
  286. WORD Machine,
  287. WORD Characteristics,
  288. DWORD TimeDateStamp,
  289. DWORD CheckSum,
  290. DWORD ImageBase,
  291. DWORD SizeOfImage,
  292. DWORD SectionAlignment,
  293. PIMAGE_SECTION_HEADER pSections,
  294. DWORD nSections);
  295. DWORD WINAPI DetourSynthAppendToFile(PDETOUR_SYNTH pBinary,
  296. HANDLE hFile,
  297. DWORD ImageBase,
  298. PIMAGE_SECTION_HEADER pSections,
  299. DWORD nSections,
  300. PIMAGE_DEBUG_DIRECTORY pDir);
  301. BOOL WINAPI DetourSynthFlushPseudoFile(PDETOUR_SYNTH pSynth);
  302. BOOL WINAPI DetourSynthClose(PDETOUR_SYNTH pSynth);
  303. DWORD WINAPI DetourSynthLoadMissingSymbols(VOID);
  304. VOID WINAPI DetourSynthNotifyDebuggerOfLoad(PBYTE pbData, PCSTR pszDllPath);
  305. /////////////////////////////////////////////// First Chance Exception Filter.
  306. //
  307. LPTOP_LEVEL_EXCEPTION_FILTER WINAPI
  308. DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter);
  309. ///////////////////////////////////////////////// Create Process & Inject Dll.
  310. //
  311. typedef BOOL (WINAPI *PCREATE_PROCESS_ROUTINEA)
  312. (LPCSTR lpApplicationName,
  313. LPSTR lpCommandLine,
  314. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  315. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  316. BOOL bInheritHandles,
  317. DWORD dwCreationFlags,
  318. LPVOID lpEnvironment,
  319. LPCSTR lpCurrentDirectory,
  320. LPSTARTUPINFOA lpStartupInfo,
  321. LPPROCESS_INFORMATION lpProcessInformation);
  322. typedef BOOL (WINAPI *PCREATE_PROCESS_ROUTINEW)
  323. (LPCWSTR lpApplicationName,
  324. LPWSTR lpCommandLine,
  325. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  326. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  327. BOOL bInheritHandles,
  328. DWORD dwCreationFlags,
  329. LPVOID lpEnvironment,
  330. LPCWSTR lpCurrentDirectory,
  331. LPSTARTUPINFOW lpStartupInfo,
  332. LPPROCESS_INFORMATION lpProcessInformation);
  333. BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
  334. LPSTR lpCommandLine,
  335. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  336. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  337. BOOL bInheritHandles,
  338. DWORD dwCreationFlags,
  339. LPVOID lpEnvironment,
  340. LPCSTR lpCurrentDirectory,
  341. LPSTARTUPINFOA lpStartupInfo,
  342. LPPROCESS_INFORMATION lpProcessInformation,
  343. LPCSTR lpDllName,
  344. PCREATE_PROCESS_ROUTINEA pfCreateProcessA);
  345. BOOL WINAPI CreateProcessWithDllW(LPCWSTR lpApplicationName,
  346. LPWSTR lpCommandLine,
  347. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  348. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  349. BOOL bInheritHandles,
  350. DWORD dwCreationFlags,
  351. LPVOID lpEnvironment,
  352. LPCWSTR lpCurrentDirectory,
  353. LPSTARTUPINFOW lpStartupInfo,
  354. LPPROCESS_INFORMATION lpProcessInformation,
  355. LPCWSTR lpDllName,
  356. PCREATE_PROCESS_ROUTINEW pfCreateProcessW);
  357. #ifdef UNICODE
  358. #define CreateProcessWithDll CreateProcessWithDllW
  359. #define PCREATE_PROCESS_ROUTINE PCREATE_PROCESS_ROUTINEW
  360. #else
  361. #define CreateProcessWithDll CreateProcessWithDllA
  362. #define PCREATE_PROCESS_ROUTINE PCREATE_PROCESS_ROUTINEA
  363. #endif // !UNICODE
  364. BOOL WINAPI ContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
  365. BOOL WINAPI ContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
  366. #ifdef UNICODE
  367. #define ContinueProcessWithDll ContinueProcessWithDllW
  368. #else
  369. #define ContinueProcessWithDll ContinueProcessWithDllA
  370. #endif // !UNICODE
  371. //
  372. //////////////////////////////////////////////////////////////////////////////
  373. #ifdef __cplusplus
  374. }
  375. #endif // __cplusplus
  376. #endif // _DETOURS_H_
  377. //////////////////////////////////////////////////////////////// End of File.