diff options
Diffstat (limited to 'samples/tryman')
-rw-r--r-- | samples/tryman/Makefile | 248 | ||||
-rw-r--r-- | samples/tryman/managed.cs | 48 | ||||
-rw-r--r-- | samples/tryman/size.cpp | 94 | ||||
-rw-r--r-- | samples/tryman/tryman.cpp | 23 | ||||
-rw-r--r-- | samples/tryman/tstman.cpp | 334 | ||||
-rw-r--r-- | samples/tryman/tstman.rc | 17 |
6 files changed, 764 insertions, 0 deletions
diff --git a/samples/tryman/Makefile b/samples/tryman/Makefile new file mode 100644 index 0000000..62d1582 --- /dev/null +++ b/samples/tryman/Makefile @@ -0,0 +1,248 @@ +############################################################################## +## +## Detours Test Program +## +## Microsoft Research Detours Package +## +## Copyright (c) Microsoft Corporation. All rights reserved. +## + +!include ..\common.mak + +BIND_X86=$(ROOT)\bin.x86 +BIND_X64=$(ROOT)\bin.x64 + +LIBS = $(LIBS) kernel32.lib + +############################################################################## + +all: dirs \ + $(BIND)\tstman$(DETOURS_BITS).dll \ + $(BIND)\tryman$(DETOURS_BITS).exe \ + $(BIND)\size$(DETOURS_BITS).exe \ + \ + $(BIND)\managed-x64.exe \ + $(BIND)\managed-ia64.exe \ + $(BIND)\managed-x86.exe \ + $(BIND)\managed-any.exe \ + $(BIND)\managed-any32.exe \ + \ +!IF $(DETOURS_SOURCE_BROWSING)==1 + $(OBJD)\tstman$(DETOURS_BITS).bsc \ + $(OBJD)\tryman$(DETOURS_BITS).bsc \ +!ENDIF + option + +############################################################################## + +dirs: + @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) + @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(BIND) + +$(OBJD)\tstman.obj : tstman.cpp + +$(OBJD)\tstman.res : tstman.rc + +$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\tstman$(DETOURS_BITS).lib: \ + $(OBJD)\tstman.obj $(OBJD)\tstman.res $(DEPS) + cl /LD $(CFLAGS) /Fe$(@R).dll /Fd$(@R).pdb \ + $(OBJD)\tstman.obj $(OBJD)\tstman.res \ + /link $(LINKFLAGS) /subsystem:console \ + /export:DetourFinishHelperProcess,@1,NONAME \ + /export:Test3264 \ + $(LIBS) + +$(OBJD)\tstman$(DETOURS_BITS).bsc : tstman.obj + bscmake /v /n /o $@ tstman.sbr + +$(OBJD)\tryman.obj : tryman.cpp + +$(BIND)\tryman$(DETOURS_BITS).exe : $(OBJD)\tryman.obj $(DEPS) $(BIND)\tstman$(DETOURS_BITS).lib + cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\tryman.obj \ + /link $(LINKFLAGS) $(LIBS) $(BIND)\tstman$(DETOURS_BITS).lib \ + /subsystem:console + +$(OBJD)\tryman$(DETOURS_BITS).bsc : $(OBJD)\tryman.obj + bscmake /v /n /o $@ $(OBJD)\tryman.sbr + +$(OBJD)\size.obj : size.cpp + +$(BIND)\size$(DETOURS_BITS).exe : $(OBJD)\size.obj $(DEPS) + cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\size.obj \ + /link $(LINKFLAGS) $(LIBS) \ + /subsystem:console /fixed:no + +$(OBJD)\size$(DETOURS_BITS).bsc : $(OBJD)\size.obj + bscmake /v /n /o $@ $(OBJD)\size.sbr + +$(BIND)\key.snk: + if not exist $(BIND)\key.snk sn -k $(BIND)\key.snk + +CSCFLAGS=/nowarn:1607 /unsafe- /optimize+ /debug+ /warnaserror + +$(BIND)\managed-x64.exe : $(BIND)\key.snk managed.cs + csc /nologo $(CSCFLAGS) /platform:x64 /keyfile:$(BIND)\key.snk \ + /out:$(BIND)\managed-x64.exe managed.cs + +$(BIND)\managed-ia64.exe : $(BIND)\key.snk managed.cs + csc /nologo $(CSCFLAGS) /platform:itanium /keyfile:$(BIND)\key.snk \ + /out:$(BIND)\managed-ia64.exe managed.cs + +$(BIND)\managed-x86.exe : $(BIND)\key.snk managed.cs + csc /nologo $(CSCFLAGS) /platform:x86 /keyfile:$(BIND)\key.snk \ + /out:$(BIND)\managed-x86.exe managed.cs + +$(BIND)\managed-any.exe : $(BIND)\key.snk managed.cs + csc /nologo $(CSCFLAGS) /platform:anycpu /keyfile:$(BIND)\key.snk \ + /out:$(BIND)\managed-any.exe managed.cs + +$(BIND)\managed-any32.exe : $(BIND)\key.snk managed.cs + -csc /nologo $(CSCFLAGS) /platform:anycpu32bitpreferred /keyfile:$(BIND)\key.snk \ + /out:$(BIND)\managed-any32.exe managed.cs + +############################################################################## + +clean: + -del *~ 2>nul + -del $(BIND)\managed-*.* 2>nul + -del $(BIND)\tstman*.* 2>nul + -del $(BIND)\tryman*.* 2>nul + -del $(BIND)\size*.* 2>nul + -rmdir /q /s $(OBJD) 2>nul + +realclean: clean + -rmdir /q /s $(OBJDS) 2>nul + +############################################### Install non-bit-size binaries. + +!IF "$(DETOURS_OPTION_PROCESSOR)" != "" + +$(OPTD)\tstman$(DETOURS_OPTION_BITS).dll: +$(OPTD)\tstman$(DETOURS_OPTION_BITS).pdb: +$(OPTD)\tryman$(DETOURS_OPTION_BITS).exe: +$(OPTD)\tryman$(DETOURS_OPTION_BITS).pdb: +$(OPTD)\size$(DETOURS_OPTION_BITS).exe: +$(OPTD)\size$(DETOURS_OPTION_BITS).pdb: + +$(BIND)\tstman$(DETOURS_OPTION_BITS).dll : $(OPTD)\tstman$(DETOURS_OPTION_BITS).dll + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. +$(BIND)\tstman$(DETOURS_OPTION_BITS).pdb : $(OPTD)\tstman$(DETOURS_OPTION_BITS).pdb + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. +$(BIND)\tryman$(DETOURS_OPTION_BITS).exe : $(OPTD)\tryman$(DETOURS_OPTION_BITS).exe + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. +$(BIND)\tryman$(DETOURS_OPTION_BITS).pdb : $(OPTD)\tryman$(DETOURS_OPTION_BITS).pdb + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. +$(BIND)\size$(DETOURS_OPTION_BITS).exe : $(OPTD)\size$(DETOURS_OPTION_BITS).exe + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. +$(BIND)\size$(DETOURS_OPTION_BITS).pdb : $(OPTD)\size$(DETOURS_OPTION_BITS).pdb + @if exist $? copy /y $? $(BIND) >nul >nul && echo. $@ copied. + +option: \ + $(BIND)\tstman$(DETOURS_OPTION_BITS).dll \ + $(BIND)\tstman$(DETOURS_OPTION_BITS).pdb \ + $(BIND)\tryman$(DETOURS_OPTION_BITS).exe \ + $(BIND)\tryman$(DETOURS_OPTION_BITS).pdb \ + $(BIND)\size$(DETOURS_OPTION_BITS).exe \ + $(BIND)\size$(DETOURS_OPTION_BITS).pdb \ + +!ELSE + +option: + +!ENDIF + +############################################################################## + +# !IF "$(DETOURS_TARGET_PROCESSOR)" == "X64" +# #!MESSAGE Building for 64-bit X64. +# DETOURS_SOURCE_BROWSING = 0 +# !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "IA64" +# #!MESSAGE Building for 64-bit IA64. +# !ELSEIF "$(DETOURS_TARGET_PROCESSOR)" == "X86" +# #!MESSAGE Building for 32-bit X86. +# !ELSE + +!if "$(DETOURS_OPTION_PROCESSOR)" != "" +test: all size32 size64 +!else +test: all +!endif + @echo ---- Trying native binary w/o test ---------------------- + $(BIND)\tryman$(DETOURS_BITS).exe + @echo. + @echo ---- Trying native binary ------------------------------- + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\tryman$(DETOURS_BITS).exe + @echo. + @echo ---- Trying anycpu managed binary ----------------------- + -$(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-any.exe + @echo. + @echo ---- Trying anycpu managed 32-bit preferrred binary ----- + -if exist $(BIND)\managed-any32.exe $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-any32.exe + @echo. + @echo ---- Trying x86 managed binary -------------------------- + -$(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-x86.exe + @echo. + @echo ---- Trying x64 managed binary -------------------------- + -$(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-x64.exe + @echo. + @echo ---- Trying ia64 managed binary ------------------------- + -$(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-ia64.exe + @echo. + +testm: all + csc managed.cs + @echo. + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-any.exe + @echo. + +size: all + @echo. + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\size$(DETOURS_BITS).exe 10 + @echo. + +size32: all + @echo. + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\size32.exe 10 + @echo. + +size64: all + @echo. + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\size64.exe 10 + @echo. + +sizedbg: all + @echo. + windbg -o $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\size$(DETOURS_BITS).exe 10 + @echo. + +tx: all + cd $(MAKEDIR)\..\..\src + nmake /nologo + cd $(MAKEDIR)\..\..\samples\withdll + nmake /nologo + cd $(MAKEDIR) + rem $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed.exe + windbg -g -o $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-any.exe + +mx: all + cd $(MAKEDIR)\..\..\src + nmake /nologo + cd $(MAKEDIR)\..\..\samples\withdll + nmake /nologo + cd $(MAKEDIR) + $(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\tryman$(DETOURS_BITS).exe + +test-managed: all + @echo ---- Trying anycpu managed binary ----------------------- + -$(BIND)\withdll.exe -d:$(BIND)\tstman$(DETOURS_BITS).dll $(BIND)\managed-any.exe + @echo. + @echo ---- Trying x86 managed binary -------------------------- + -$(BIND_X86)\withdll.exe -d:$(BIND_X86)\tstman32.dll $(BIND_X86)\managed-x86.exe + @echo. + @echo ---- Trying anycpu managed 32-bit preferrred binary ----- + -if exist $(BIND_X86)\managed-any32.exe $(BIND_X86)\withdll.exe -d:$(BIND_X86)\tstman32.dll $(BIND_X86)\managed-any32.exe + @echo. + @echo ---- Trying x64 managed binary -------------------------- + -$(BIND)\withdll.exe -d:$(BIND_X64)\tstman64.dll $(BIND)\managed-x64.exe + +################################################################# End of File. diff --git a/samples/tryman/managed.cs b/samples/tryman/managed.cs new file mode 100644 index 0000000..cf8481d --- /dev/null +++ b/samples/tryman/managed.cs @@ -0,0 +1,48 @@ +using System; +using System.Reflection; +using System.Runtime.InteropServices; + +[assembly: AssemblyProduct("Microsoft Research Detours")] +[assembly: AssemblyCompany("Microsoft Corporation")] +[assembly: AssemblyVersion("1.0.0.0")] + +public class Test +{ + // [DllImport("kernel32.dll", CharSet=CharSet.Auto, SetLastError=true)] + // static extern IntPtr LoadLibrary([In, MarshalAs(UnmanagedType.LPStr)] string lpFileName); + + [DllImport("kernel32", CharSet=CharSet.Auto, SetLastError=true)] + static extern IntPtr LoadLibrary(string lpFileName); + + public static int Main() + { + if (IntPtr.Size == 4) { + Console.WriteLine(" *** Managed code with 32-bit runtime ({0})", + Environment.Version); + } + else if (IntPtr.Size == 8) { + Console.WriteLine(" *** Managed code with 64-bit runtime ({0})", + Environment.Version); + } + else { + Console.WriteLine(" *** Managed code of unknown IntPtr.Size: {0}", IntPtr.Size); + } + + if (IntPtr.Size == 4) { + if (LoadLibrary("tstman32.dll") == (IntPtr)0) { + Console.WriteLine("--------: managed code failed to load tstman32.dll"); + + } + } + else { + if (LoadLibrary("tstman64.dll") == (IntPtr)0) { + Console.WriteLine("--------: managed code failed to load tstman64.dll"); + + } + } + + return 0; + } +} + + diff --git a/samples/tryman/size.cpp b/samples/tryman/size.cpp new file mode 100644 index 0000000..f026750 --- /dev/null +++ b/samples/tryman/size.cpp @@ -0,0 +1,94 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Detour Test Program (sleepold.cpp of sleepold.exe) +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#include <windows.h> +#include <stdio.h> +#include <stdlib.h> +#pragma warning(push) +#if _MSC_VER > 1400 +#pragma warning(disable:6102 6103) // /analyze warnings +#endif +#include <strsafe.h> +#pragma warning(pop) +#include <detours.h> + +int __cdecl main(int argc, char **argv) +{ + STARTUPINFOA si; + PROCESS_INFORMATION pi; + CHAR szFullExe[MAX_PATH]; + CHAR szCommand[MAX_PATH]; + PCHAR pszFileExe; + PCHAR pszExe; + + ZeroMemory(&si, sizeof(si)); + ZeroMemory(&pi, sizeof(pi)); + si.cb = sizeof(si); + + + if (argc != 2) { + printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" + " must take a single integer argument.\n"); + fflush(stdout); + return 3; + } + + int repeats = atoi(argv[1]); + + if (repeats <= 0) { + printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" + " End of the road, repeats=0.\n"); + fflush(stdout); + return 0; + } + + if ((repeats % 2) == 0) { +#ifdef DETOURS_OPTION_BITS + pszExe = "size" DETOURS_STRINGIFY(DETOURS_OPTION_BITS) ".exe"; +#else + pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; +#endif + } + else { + pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; + } + + if (!SearchPathA(NULL, pszExe, ".exe", ARRAYSIZE(szFullExe), szFullExe, &pszFileExe)) { + pszExe = "size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe"; + SearchPathA(NULL, pszExe, ".exe", ARRAYSIZE(szFullExe), szFullExe, &pszFileExe); + } + + StringCchPrintfA(szCommand, sizeof(szCommand), "%s %d", pszExe, repeats - 1); + + printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" + " [%s]\n", szCommand); + fflush(stdout); + + SetLastError(0); + if (!CreateProcessA(szFullExe[0] ? szFullExe : NULL, szCommand, + NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi)) { + DWORD dwError = GetLastError(); + printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" + " CreateProcess failed: %ld\n", dwError); + return 1; + } + + WaitForSingleObject(pi.hProcess, INFINITE); + + DWORD dwResult = 0; + if (!GetExitCodeProcess(pi.hProcess, &dwResult)) { + printf("size" DETOURS_STRINGIFY(DETOURS_BITS) ".exe:" + " GetExitCodeProcess failed: %ld\n", GetLastError()); + return 9010; + } + + return 0; +} +// +///////////////////////////////////////////////////////////////// End of File. diff --git a/samples/tryman/tryman.cpp b/samples/tryman/tryman.cpp new file mode 100644 index 0000000..19a159b --- /dev/null +++ b/samples/tryman/tryman.cpp @@ -0,0 +1,23 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Detours Test Program (tryman.cpp of tryman.exe) +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#include <windows.h> + +extern int WINAPI Test3264(int arg); + +int __cdecl main(int argc, char ** argv) +{ + (void)argv; + int ret = 0; + + ret = Test3264(argc); + return ret == 0 ? ret : 0; +} +// +///////////////////////////////////////////////////////////////// End of File. diff --git a/samples/tryman/tstman.cpp b/samples/tryman/tstman.cpp new file mode 100644 index 0000000..0ae169b --- /dev/null +++ b/samples/tryman/tstman.cpp @@ -0,0 +1,334 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Detours Test Program (tstman.cpp of tstman.dll) +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +// This DLL doesn't detour any APIs, but it does enumerate the modules +// loaded in a process and look at their size and processor target. +// + +#include <stdio.h> +#include <windows.h> +#pragma warning(push) +#if _MSC_VER > 1400 +#pragma warning(disable:6102 6103) // /analyze warnings +#endif +#include <strsafe.h> +#pragma warning(pop) +#include "detours.h" + +static HMODULE s_hInst = NULL; +static CHAR s_szDllPath[MAX_PATH]; + +static int (WINAPI * TrueEntryPoint)(VOID) = NULL; +static int (WINAPI * RawEntryPoint)(VOID) = NULL; + +BOOL (WINAPI * Real_CreateProcessA)(LPCSTR a0, + LPSTR a1, + LPSECURITY_ATTRIBUTES a2, + LPSECURITY_ATTRIBUTES a3, + BOOL a4, + DWORD a5, + LPVOID a6, + LPCSTR a7, + struct _STARTUPINFOA* a8, + LPPROCESS_INFORMATION a9) + = CreateProcessA; + +BOOL (WINAPI * Real_CreateProcessW)(LPCWSTR a0, + LPWSTR a1, + LPSECURITY_ATTRIBUTES a2, + LPSECURITY_ATTRIBUTES a3, + BOOL a4, + DWORD a5, + LPVOID a6, + LPCWSTR a7, + struct _STARTUPINFOW* a8, + LPPROCESS_INFORMATION a9) + = CreateProcessW; + + +BOOL WINAPI Mine_CreateProcessA(LPCSTR lpApplicationName, + LPSTR lpCommandLine, + LPSECURITY_ATTRIBUTES lpProcessAttributes, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + BOOL bInheritHandles, + DWORD dwCreationFlags, + LPVOID lpEnvironment, + LPCSTR lpCurrentDirectory, + LPSTARTUPINFOA lpStartupInfo, + LPPROCESS_INFORMATION lpProcessInformation) +{ + BOOL rv = 0; + __try { + rv = DetourCreateProcessWithDllExA(lpApplicationName, + lpCommandLine, + lpProcessAttributes, + lpThreadAttributes, + bInheritHandles, + dwCreationFlags, + lpEnvironment, + lpCurrentDirectory, + lpStartupInfo, + lpProcessInformation, + s_szDllPath, + Real_CreateProcessA); + } __finally { + }; + return rv; +} + +BOOL WINAPI Mine_CreateProcessW(LPCWSTR lpApplicationName, + LPWSTR lpCommandLine, + LPSECURITY_ATTRIBUTES lpProcessAttributes, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + BOOL bInheritHandles, + DWORD dwCreationFlags, + LPVOID lpEnvironment, + LPCWSTR lpCurrentDirectory, + LPSTARTUPINFOW lpStartupInfo, + LPPROCESS_INFORMATION lpProcessInformation) +{ + BOOL rv = 0; + __try { + rv = DetourCreateProcessWithDllExW(lpApplicationName, + lpCommandLine, + lpProcessAttributes, + lpThreadAttributes, + bInheritHandles, + dwCreationFlags, + lpEnvironment, + lpCurrentDirectory, + lpStartupInfo, + lpProcessInformation, + s_szDllPath, + Real_CreateProcessW); + } __finally { + }; + return rv; +} + +void DumpModuleInfo(HMODULE hModule) +{ + PBYTE pbModule = (PBYTE)hModule; + PIMAGE_DOS_HEADER pidh = (PIMAGE_DOS_HEADER)pbModule; + PIMAGE_NT_HEADERS pinh = (PIMAGE_NT_HEADERS)(pbModule + pidh->e_lfanew); + CHAR szFile[MAX_PATH] = ""; + + GetModuleFileNameA(hModule, szFile, sizeof(szFile)); + + CHAR szMagic[64]; + CHAR szMachine[64]; + CHAR szClr[64]; + + PIMAGE_DATA_DIRECTORY pdir + = (pinh->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) + ? ((PIMAGE_NT_HEADERS32)pinh)->OptionalHeader.DataDirectory + : ((PIMAGE_NT_HEADERS64)pinh)->OptionalHeader.DataDirectory; + + if (pdir[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != 0 && + pdir[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size != 0) { + + PDETOUR_CLR_HEADER pch + = (PDETOUR_CLR_HEADER) + (pbModule + pdir[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress); + + if ((pch->Flags & 0x3) == 0x0) { + StringCchPrintfA(szClr, ARRAYSIZE(szClr), "clr "); // 32- or 64-bit. + } + else if ((pch->Flags & 0x3) == 0x1) { + StringCchPrintfA(szClr, ARRAYSIZE(szClr), "clri "); // IL-Only, 32- or 64-bit. + } + else if ((pch->Flags & 0x3) == 0x2) { + StringCchPrintfA(szClr, ARRAYSIZE(szClr), "clr32 "); // must be 32-bit. + } + else if ((pch->Flags & 0x3) == 0x3) { + StringCchPrintfA(szClr, ARRAYSIZE(szClr), "clr32i"); // IL-Only, must be 32-bit. + } + } + else { + StringCchPrintfA(szClr, ARRAYSIZE(szClr), " "); + } + + if (pinh->OptionalHeader.Magic == 0x10b) { + StringCchPrintfA(szMagic, ARRAYSIZE(szMagic), "32"); + } + else if (pinh->OptionalHeader.Magic == 0x20b) { + StringCchPrintfA(szMagic, ARRAYSIZE(szMagic), "64"); + } + else { + StringCchPrintfA(szMagic, ARRAYSIZE(szMagic), "??"); + } + + if (pinh->FileHeader.Machine == 0x8664) { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), "x64", pinh->FileHeader.Machine); + } + else if (pinh->FileHeader.Machine == 0x014c) { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), "x86", pinh->FileHeader.Machine); + } + else if (pinh->FileHeader.Machine == 0x0200) { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), "i64", pinh->FileHeader.Machine); + } + else if (pinh->FileHeader.Machine == 0x01c0) { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), "arm", pinh->FileHeader.Machine); + } + else { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), "%04x", pinh->FileHeader.Machine); + DWORD dwSize = DetourGetSizeOfPayloads(hModule); + if (dwSize > 0) { + StringCchPrintfA(szMachine, ARRAYSIZE(szMachine), " "); + StringCchPrintfA(szFile, ARRAYSIZE(szFile), "-- %d byte payload.", dwSize); + } + } + + printf("%16I64x: %s %s %s %s\n", (ULONG64)hModule, szMagic, szMachine, szClr, szFile); +} + +void DumpMemory(PBYTE pbData, DWORD cbData) +{ + for (DWORD i = 0; i < cbData; i += 16) { + printf(" %p:", pbData + i); + for (DWORD j = 0; j < 16; j++) { + if (i + j < cbData) { + printf("%02x", pbData[i+j]); + } + else { + printf(" "); + } + } + printf(" "); + for (DWORD j = 0; j < 16; j++) { + if (i + j < cbData) { + if ( pbData[i+j] >= ' ' && pbData[i+j] < 127) { + printf("%c", pbData[i+j]); + } + else { + printf("."); + } + } + else { + printf(" "); + } + } + printf("\n"); + } +} + +int WINAPI Test3264(int arg) +{ + return arg + 1; +} + +int WINAPI TestEntryPoint(VOID) +{ +#if DETOURS_64BIT + printf("----------------: "); +#else + printf("--------: "); +#endif + + printf("Calling EntryPoint() from detour.\n"); + fflush(stdout); + + return TrueEntryPoint(); +} + +BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) +{ + (void)hinst; + (void)reserved; + + if (DetourIsHelperProcess()) { + return TRUE; + } + + if (dwReason == DLL_PROCESS_ATTACH) { + DetourRestoreAfterWith(); + + s_hInst = hinst; + GetModuleFileNameA(s_hInst, s_szDllPath, ARRAYSIZE(s_szDllPath)); + +#if DETOURS_64BIT + printf("----------------: "); +#else + printf("--------: "); +#endif + + SYSTEM_INFO si; + GetSystemInfo(&si); + + if (si.wProcessorArchitecture == 9) { + printf("x64 Processor\n"); + } + else if (si.wProcessorArchitecture == 0) { + printf("x86 Processor\n"); + } + else if (si.wProcessorArchitecture == 6) { + printf("ia64 Processor\n"); + } + else { + printf("%04x Processor\n", si.wProcessorArchitecture); + } + + HMODULE hSelf = GetModuleHandle(NULL); + HMODULE hTest = (HMODULE)DetourGetContainingModule(DetourCodeFromPointer(Test3264, NULL)); + HMODULE hKern = (HMODULE)DetourGetContainingModule(DetourCodeFromPointer(CreateProcessW, NULL)); + + DumpModuleInfo(hSelf); + DumpModuleInfo(hTest); + DumpModuleInfo(hKern); + for (HINSTANCE hInst = NULL; (hInst = DetourEnumerateModules(hInst)) != NULL;) { + if (hInst == hSelf || hInst == hTest || hInst == hKern) { + continue; + } + + DumpModuleInfo(hInst); + } + fflush(stdout); + + TrueEntryPoint = (int (WINAPI *)(VOID))DetourGetEntryPoint(NULL); + RawEntryPoint = TrueEntryPoint; + + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourAttach(&(PVOID&)TrueEntryPoint, TestEntryPoint); + DetourAttach(&(PVOID&)Real_CreateProcessA, Mine_CreateProcessA); + DetourAttach(&(PVOID&)Real_CreateProcessW, Mine_CreateProcessW); + LONG error = DetourTransactionCommit(); + +#if DETOURS_64BIT + printf("----------------: "); +#else + printf("--------: "); +#endif + + if (error == NO_ERROR) { + printf("Detoured EntryPoint().\n"); + } + else { + printf("Error detouring EntryPoint(): %ld (@ %p)\n", error, RawEntryPoint); + __debugbreak(); + } + } + else if (dwReason == DLL_PROCESS_DETACH) { + + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourDetach(&(PVOID&)TrueEntryPoint, TestEntryPoint); + DetourDetach(&(PVOID&)Real_CreateProcessA, Mine_CreateProcessA); + DetourDetach(&(PVOID&)Real_CreateProcessW, Mine_CreateProcessW); + LONG error = DetourTransactionCommit(); + + if (error != NO_ERROR) { + printf("Error detach detours failed: %ld\n", error); + } + } + + return TRUE; +} + +// +///////////////////////////////////////////////////////////////// End of File. diff --git a/samples/tryman/tstman.rc b/samples/tryman/tstman.rc new file mode 100644 index 0000000..7380844 --- /dev/null +++ b/samples/tryman/tstman.rc @@ -0,0 +1,17 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Version information for tstman.rc. +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#include "detver.h" + +#define VER_INTERNALNAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) +#define VER_ORIGINALFILENAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" +#define VER_FILEDESCRIPTION_STR "Detours 32/64-bit Test Module" +#define VER_COMPANYNAME_STR "Microsoft Corporation" + +#include "common.ver" |