Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

393 lines
14 KiB

  1. //////////////////////////////////////////////////////////////////////////////
  2. //
  3. // File: detours.h
  4. // Module: detours.lib
  5. //
  6. // Detours for binary functions. Version 1.3. (Build 43)
  7. //
  8. // Copyright 1995-1999, Microsoft Corporation
  9. //
  10. // http://research.microsoft.com/sn/detours
  11. //
  12. #pragma once
  13. #ifndef _DETOURS_H_
  14. #define _DETOURS_H_
  15. #pragma comment(lib, "detours")
  16. //////////////////////////////////////////////////////////////////////////////
  17. //
  18. #ifndef GUID_DEFINED
  19. #define GUID_DEFINED
  20. typedef struct _GUID
  21. {
  22. DWORD Data1;
  23. WORD Data2;
  24. WORD Data3;
  25. BYTE Data4[ 8 ];
  26. } GUID;
  27. #endif // !GUID_DEFINED
  28. #if defined(__cplusplus)
  29. #ifndef _REFGUID_DEFINED
  30. #define _REFGUID_DEFINED
  31. #define REFGUID const GUID &
  32. #endif // !_REFGUID_DEFINED
  33. #else // !__cplusplus
  34. #ifndef _REFGUID_DEFINED
  35. #define _REFGUID_DEFINED
  36. #define REFGUID const GUID * const
  37. #endif // !_REFGUID_DEFINED
  38. #endif // !__cplusplus
  39. //
  40. //////////////////////////////////////////////////////////////////////////////
  41. #ifdef __cplusplus
  42. extern "C" {
  43. #endif // __cplusplus
  44. /////////////////////////////////////////////////// Instruction Target Macros.
  45. //
  46. #define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE)0)
  47. #define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul)
  48. /////////////////////////////////////////////////////////// Trampoline Macros.
  49. //
  50. // DETOUR_TRAMPOLINE(trampoline_prototype, target_name)
  51. //
  52. // The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes.
  53. //
  54. #define DETOUR_TRAMPOLINE_SIZE 32
  55. #define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0"
  56. #define DETOUR_TRAMPOLINE(trampoline,target) \
  57. static PVOID __fastcall _Detours_GetVA_##target(VOID) \
  58. { \
  59. return ⌖ \
  60. } \
  61. \
  62. __declspec(naked) trampoline \
  63. { \
  64. __asm { nop };\
  65. __asm { nop };\
  66. __asm { call _Detours_GetVA_##target };\
  67. __asm { jmp eax };\
  68. __asm { ret };\
  69. __asm { nop };\
  70. __asm { nop };\
  71. __asm { nop };\
  72. __asm { nop };\
  73. __asm { nop };\
  74. __asm { nop };\
  75. __asm { nop };\
  76. __asm { nop };\
  77. __asm { nop };\
  78. __asm { nop };\
  79. __asm { nop };\
  80. __asm { nop };\
  81. __asm { nop };\
  82. __asm { nop };\
  83. __asm { nop };\
  84. __asm { nop };\
  85. __asm { nop };\
  86. __asm { nop };\
  87. __asm { nop };\
  88. __asm { nop };\
  89. __asm { nop };\
  90. __asm { nop };\
  91. }
  92. #define DETOUR_TRAMPOLINE_EMPTY(trampoline) \
  93. __declspec(naked) trampoline \
  94. { \
  95. __asm { nop };\
  96. __asm { nop };\
  97. __asm { xor eax, eax };\
  98. __asm { mov eax, [eax] };\
  99. __asm { ret };\
  100. __asm { nop };\
  101. __asm { nop };\
  102. __asm { nop };\
  103. __asm { nop };\
  104. __asm { nop };\
  105. __asm { nop };\
  106. __asm { nop };\
  107. __asm { nop };\
  108. __asm { nop };\
  109. __asm { nop };\
  110. __asm { nop };\
  111. __asm { nop };\
  112. __asm { nop };\
  113. __asm { nop };\
  114. __asm { nop };\
  115. __asm { nop };\
  116. __asm { nop };\
  117. __asm { nop };\
  118. __asm { nop };\
  119. __asm { nop };\
  120. __asm { nop };\
  121. __asm { nop };\
  122. __asm { nop };\
  123. __asm { nop };\
  124. __asm { nop };\
  125. }
  126. /////////////////////////////////////////////////////////// Binary Structures.
  127. //
  128. #pragma pack(push, 8)
  129. typedef struct _DETOUR_SECTION_HEADER
  130. {
  131. DWORD cbHeaderSize;
  132. DWORD nSignature;
  133. DWORD nDataOffset;
  134. DWORD cbDataSize;
  135. DWORD nOriginalImportVirtualAddress;
  136. DWORD nOriginalImportSize;
  137. DWORD nOriginalBoundImportVirtualAddress;
  138. DWORD nOriginalBoundImportSize;
  139. DWORD nOriginalIatVirtualAddress;
  140. DWORD nOriginalIatSize;
  141. DWORD nOriginalSizeOfImage;
  142. DWORD nReserve;
  143. } DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;
  144. typedef struct _DETOUR_SECTION_RECORD
  145. {
  146. DWORD cbBytes;
  147. DWORD nReserved;
  148. GUID guid;
  149. } DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;
  150. #pragma pack(pop)
  151. #define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \
  152. { \
  153. sizeof(DETOUR_SECTION_HEADER),\
  154. DETOUR_SECTION_HEADER_SIGNATURE,\
  155. sizeof(DETOUR_SECTION_HEADER),\
  156. (cbSectionSize),\
  157. \
  158. 0,\
  159. 0,\
  160. 0,\
  161. 0,\
  162. \
  163. 0,\
  164. 0,\
  165. 0,\
  166. 0,\
  167. }
  168. ///////////////////////////////////////////////////////////// Binary Typedefs.
  169. //
  170. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext,
  171. PCHAR pszFile,
  172. PCHAR *ppszOutFile);
  173. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext,
  174. PCHAR pszOrigFile,
  175. PCHAR pszFile,
  176. PCHAR *ppszOutFile);
  177. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
  178. DWORD nOrdinal,
  179. PCHAR pszOrigSymbol,
  180. PCHAR pszSymbol,
  181. PCHAR *ppszOutSymbol);
  182. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FINAL_CALLBACK)(PVOID pContext);
  183. typedef BOOL (CALLBACK *PF_DETOUR_BINARY_EXPORT_CALLBACK)(PVOID pContext,
  184. DWORD nOrdinal,
  185. PCHAR pszName,
  186. PBYTE pbCode);
  187. typedef VOID * PDETOUR_BINARY;
  188. typedef VOID * PDETOUR_LOADED_BINARY;
  189. //////////////////////////////////////////////////////// Trampoline Functions.
  190. //
  191. PBYTE WINAPI DetourFunction(PBYTE pbTargetFunction,
  192. PBYTE pbDetourFunction);
  193. BOOL WINAPI DetourFunctionWithEmptyTrampoline(PBYTE pbTrampoline,
  194. PBYTE pbTarget,
  195. PBYTE pbDetour);
  196. BOOL WINAPI DetourFunctionWithEmptyTrampolineEx(PBYTE pbTrampoline,
  197. PBYTE pbTarget,
  198. PBYTE pbDetour,
  199. PBYTE *ppbRealTrampoline,
  200. PBYTE *ppbRealTarget,
  201. PBYTE *ppbRealDetour);
  202. BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline,
  203. PBYTE pbDetour);
  204. BOOL WINAPI DetourFunctionWithTrampolineEx(PBYTE pbTrampoline,
  205. PBYTE pbDetour,
  206. PBYTE *ppbRealTrampoline,
  207. PBYTE *ppbRealTarget);
  208. BOOL WINAPI DetourRemove(PBYTE pbTrampoline, PBYTE pbDetour);
  209. ////////////////////////////////////////////////////////////// Code Functions.
  210. //
  211. PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction);
  212. PBYTE WINAPI DetourGetFinalCode(PBYTE pbCode, BOOL fSkipJmp);
  213. PBYTE WINAPI DetourCopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget);
  214. PBYTE WINAPI DetourCopyInstructionEx(PBYTE pbDst,
  215. PBYTE pbSrc,
  216. PBYTE *ppbTarget,
  217. LONG *plExtra);
  218. ///////////////////////////////////////////////////// Loaded Binary Functions.
  219. //
  220. HMODULE WINAPI DetourEnumerateModules(HMODULE hModuleLast);
  221. PBYTE WINAPI DetourGetEntryPoint(HMODULE hModule);
  222. BOOL WINAPI DetourEnumerateExports(HMODULE hModule,
  223. PVOID pContext,
  224. PF_DETOUR_BINARY_EXPORT_CALLBACK pfExport);
  225. PBYTE WINAPI DetourFindPayload(HMODULE hModule, REFGUID rguid, DWORD *pcbData);
  226. DWORD WINAPI DetourGetSizeOfPayloads(HMODULE hModule);
  227. ///////////////////////////////////////////////// Persistent Binary Functions.
  228. //
  229. BOOL WINAPI DetourBinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath);
  230. BOOL WINAPI DetourBinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath);
  231. #ifdef UNICODE
  232. #define DetourBinaryBind DetourBinaryBindW
  233. #else
  234. #define DetourBinaryBind DetourBinaryBindA
  235. #endif // !UNICODE
  236. PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile);
  237. PBYTE WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
  238. GUID *pGuid,
  239. DWORD *pcbData,
  240. DWORD *pnIterator);
  241. PBYTE WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary,
  242. REFGUID rguid,
  243. DWORD *pcbData);
  244. PBYTE WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary,
  245. REFGUID rguid,
  246. PBYTE pbData,
  247. DWORD cbData);
  248. BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
  249. BOOL WINAPI DetourBinaryPurgePayloads(PDETOUR_BINARY pBinary);
  250. BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary);
  251. BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary,
  252. PVOID pContext,
  253. PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,
  254. PF_DETOUR_BINARY_FILE_CALLBACK pfFile,
  255. PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,
  256. PF_DETOUR_BINARY_FINAL_CALLBACK pfFinal);
  257. BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
  258. BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary);
  259. /////////////////////////////////////////////// First Chance Exception Filter.
  260. //
  261. LPTOP_LEVEL_EXCEPTION_FILTER WINAPI
  262. DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter);
  263. ///////////////////////////////////////////////// Create Process & Inject Dll.
  264. //
  265. typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)
  266. (LPCSTR lpApplicationName,
  267. LPSTR lpCommandLine,
  268. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  269. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  270. BOOL bInheritHandles,
  271. DWORD dwCreationFlags,
  272. LPVOID lpEnvironment,
  273. LPCSTR lpCurrentDirectory,
  274. LPSTARTUPINFOA lpStartupInfo,
  275. LPPROCESS_INFORMATION lpProcessInformation);
  276. typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)
  277. (LPCWSTR lpApplicationName,
  278. LPWSTR lpCommandLine,
  279. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  280. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  281. BOOL bInheritHandles,
  282. DWORD dwCreationFlags,
  283. LPVOID lpEnvironment,
  284. LPCWSTR lpCurrentDirectory,
  285. LPSTARTUPINFOW lpStartupInfo,
  286. LPPROCESS_INFORMATION lpProcessInformation);
  287. BOOL WINAPI DetourCreateProcessWithDllA(LPCSTR lpApplicationName,
  288. LPSTR lpCommandLine,
  289. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  290. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  291. BOOL bInheritHandles,
  292. DWORD dwCreationFlags,
  293. LPVOID lpEnvironment,
  294. LPCSTR lpCurrentDirectory,
  295. LPSTARTUPINFOA lpStartupInfo,
  296. LPPROCESS_INFORMATION lpProcessInformation,
  297. LPCSTR lpDllName,
  298. PDETOUR_CREATE_PROCESS_ROUTINEA
  299. pfCreateProcessA);
  300. BOOL WINAPI DetourCreateProcessWithDllW(LPCWSTR lpApplicationName,
  301. LPWSTR lpCommandLine,
  302. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  303. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  304. BOOL bInheritHandles,
  305. DWORD dwCreationFlags,
  306. LPVOID lpEnvironment,
  307. LPCWSTR lpCurrentDirectory,
  308. LPSTARTUPINFOW lpStartupInfo,
  309. LPPROCESS_INFORMATION lpProcessInformation,
  310. LPCWSTR lpDllName,
  311. PDETOUR_CREATE_PROCESS_ROUTINEW
  312. pfCreateProcessW);
  313. #ifdef UNICODE
  314. #define DetourCreateProcessWithDll DetourCreateProcessWithDllW
  315. #define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
  316. #else
  317. #define DetourCreateProcessWithDll DetourCreateProcessWithDllA
  318. #define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
  319. #endif // !UNICODE
  320. BOOL WINAPI DetourContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
  321. BOOL WINAPI DetourContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
  322. #ifdef UNICODE
  323. #define DetourContinueProcessWithDll DetourContinueProcessWithDllW
  324. #else
  325. #define DetourContinueProcessWithDll DetourContinueProcessWithDllA
  326. #endif // !UNICODE
  327. //
  328. //////////////////////////////////////////////////////////////////////////////
  329. #ifdef __cplusplus
  330. }
  331. #endif // __cplusplus
  332. /////////////////////////////////////////////////////////////////// Old Names.
  333. //
  334. #define ContinueProcessWithDll DetourContinueProcessWithDll
  335. #define ContinueProcessWithDllA DetourContinueProcessWithDllA
  336. #define ContinueProcessWithDllW DetourContinueProcessWithDllW
  337. #define CreateProcessWithDll DetourCreateProcessWithDll
  338. #define CreateProcessWithDllA DetourCreateProcessWithDllA
  339. #define CreateProcessWithDllW DetourCreateProcessWithDllW
  340. #define DETOUR_TRAMPOLINE_WO_TARGET DETOUR_TRAMPOLINE_EMPTY
  341. #define DetourBinaryPurgePayload DetourBinaryPurgePayloads
  342. #define DetourEnumerateExportsForInstance DetourEnumerateExports
  343. #define DetourEnumerateInstances DetourEnumerateModules
  344. #define DetourFindEntryPointForInstance DetourGetEntryPoint
  345. #define DetourFindFinalCode DetourGetFinalCode
  346. #define DetourFindPayloadInBinary DetourFindPayload
  347. #define DetourGetSizeOfBinary DetourGetSizeOfPayloads
  348. #define DetourRemoveWithTrampoline DetourRemove
  349. #define PCREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINE
  350. #define PCREATE_PROCESS_ROUTINEA PDETOUR_CREATE_PROCESS_ROUTINEA
  351. #define PCREATE_PROCESS_ROUTINEW PDETOUR_CREATE_PROCESS_ROUTINEW
  352. //
  353. #endif // _DETOURS_H_
  354. //////////////////////////////////////////////////////////////// End of File.