diff --git a/.gitignore b/.gitignore index dfe38f1..868e0ad 100644 --- a/.gitignore +++ b/.gitignore @@ -35,12 +35,16 @@ # Debug/Release/x64 folder /Debug/ /Hook/Debug/ +/Hook/x64/Debug/ /Launcher/Debug/ +/Launcher/x64/Debug/ /GhidraParser/Debug/ +/GhidraParser/x64/Debug/ /Release/ /Hook/Release/ /Launcher/Release/ /GhidraParser/Release/ +/GhidraParser/x64/Release/ /x64/ # Visual Studio diff --git a/GhidraParser/GhidraParser.cpp b/GhidraParser/GhidraParser.cpp new file mode 100644 index 0000000..c6c3cea --- /dev/null +++ b/GhidraParser/GhidraParser.cpp @@ -0,0 +1,402 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "GhidraParser.hpp" + +std::string file_path; +bool dbg; +bool dbg_prnt_invld_only; +bool use_all = false; // 46 invalid parses + +FunctionInfo fi; +std::string func; +std::smatch match; +std::string lua_type; +int lua_index; +int out_index; +std::regex lua_push_regex(R"(lua_push(.+?)\()"); +std::regex usage_validity_regex(R"(Usage: .+?\((.*?)\))"); + +std::unordered_map fmap; + +std::string get_varmap_info(std::map> varmap) +{ + if (varmap.size() == 0) return "()"; + std::string str = "("; + for (auto &[key, values] : varmap) + { + for (auto &value : values) + { + str += value + "/"; + } + str = str.substr(0, str.length() - 1); + str += ", "; + } + str = str.substr(0, str.length() - 2); + str += ")"; + return str; +} + +int parse_int(std::string input) +{ + try + { + if (input.starts_with("0x")) return std::stoi(input, 0, 16); + return std::stoi(input); + } + catch (std::invalid_argument e) {} + return -1; // couldn't parse; -1 is used for dynamic return +} + +void pdbg(std::string msg) +{ + if (!dbg) return; + std::cout << msg << '\n'; +} + +void pfi(FunctionInfo& fi) +{ // print FunctionInfo + char endl = '\n'; + std::cout << std::format("{:X}", fi.address) << " " << fi.func << (fi.valid_parse ? "" : " (invalid)") << endl; + if (!fi.usg.empty()) std::cout << fi.usg << endl; + if (fi.param_in_cnt == -1) std::cout << "in: dynamic" << endl; + else std::cout << "in: " << (fi.param_in_cnt == 0 ? "0" : std::to_string(fi.param_in_cnt) + " " + get_varmap_info(fi.param_in)) << endl; + if (fi.param_out_cnt == -1) std::cout << "out: dynamic" << endl; + else std::cout << "out: " << (fi.param_out_cnt == 0 ? "0" : std::to_string(fi.param_out_cnt) + " " + get_varmap_info(fi.param_out)) << endl; + for (auto &error : fi.parse_errors) std::cout << error << endl; + std::cout << std::endl; +} + +bool process_varmap_regex(std::map> *varmap, std::string line, std::regex* regex) +{ + bool found = false; + while (std::regex_search(line, match, *regex)) + { + found = true; + lua_type = match[1]; + if (lua_type == "lstring") lua_type = "string"; // lstring is a string! + if (lua_type == "fstring") lua_type = "string"; // frsting is a string! + if (regex == &lua_push_regex) + { // push parsing uses a global index starting with 1 + //if (lua_type == "nil") return false; // skipping lua_pushnil + lua_index = out_index; + out_index++; + } + else lua_index = parse_int(match[2]); + if (lua_index == -1) + { // -1 means there wasn't a literal used for accessing the index, so i can not parse it + if (regex == &lua_push_regex) fi.param_out_cnt = -1; + else fi.param_in_cnt = -1; + return found; + } + (*varmap)[lua_index].push_back(lua_type); // always push lua type for now + //if (varmap->count(lua_index) == 0) (*varmap)[lua_index].push_back(lua_type); // new entry + //else if ((*varmap)[lua_index] != lua_type) + //{ // already got an entry, check if it has the same type + // fi.parse_errors.push_back("parameter type mismatch for index " + std::to_string(lua_index) + " - " + (*varmap)[lua_index] + " vs " + lua_type); + //} + line = match.suffix(); + } + return found; +} + +void chk_vld(FunctionInfo* fi) +{ // check validity of parsed info - default value is false, so i simply return if invalid + + bool valid = true; + if (fi->parse_errors.size() > 0) valid = false; // any parsing errors occurred + if (fi->param_out_cnt != -1 && fi->param_out_cnt != fi->param_out.size()) + { + fi->parse_errors.push_back("output param mismatch between found number of return values (" + std::to_string(fi->param_out_cnt) +") and lua_push* calls (" + std::to_string(fi->param_out.size()) + ")"); + valid = false; + } + if (fi->param_in_cnt != -1 && !fi->usg.empty()) + { // do extra check against usg string + std::string usage_params; + if (std::regex_search(fi->usg, match, usage_validity_regex)) + { + usage_params = match[1]; + if (fi->param_in_cnt == 0 && !usage_params.empty()) + { + valid = false; + fi->parse_errors.push_back("input param count does not match usage string"); + } + else + { + int comma_cnt = 0; + for (auto ch : usage_params) if (ch == ',') comma_cnt++; + if (fi->param_in_cnt != comma_cnt + 1) + { + valid = false; + fi->parse_errors.push_back("input param count does not match usage string"); + } + } + } + else fi->parse_errors.push_back("usage string malformed"); // if the usg string is malformed, do not consider it for validity + } + if (fi->param_in_cnt > 0) + { // check if input param indexes are in order + for (int i = 1; i <= fi->param_in_cnt; i++) + { // lua indexes start with 1 + if (!fi->param_in.contains(i)) + { + fi->parse_errors.push_back("input param index not in order"); + valid = false; + break; + } + } + } + fi->valid_parse = valid; +} + +void sort_prune_varmap(std::map> *varmap) +{ + for (auto &[lua_index, lua_types] : *varmap) + { + lua_types.erase(std::unique(lua_types.begin(), lua_types.end()), lua_types.end()); + std::sort(lua_types.begin(), lua_types.end()); + } +} + +__forceinline bool ln_is(std::string &ln, int idx, const char* lk_for) +{ + int len = strlen(lk_for); + return ln.length() - idx > len && ln.substr(idx, len) == lk_for; +} + +void smp_ln_proc(std::string &ln, int i) +{ + +} + +int main() +{ + /* + * PARSING RULES + * lua_is* calls can occur in if-lines + * lua_to* calls can occur in if-lines + * lua_push* calls can NOT occur in if-lines + * lua_push* calls are not called with an index as param, unlike lua_is* / lua_to* - the index is inferred by the order of calls + * lua_push* calls can occur in branch structures (if/else, switch) - they must only be considered in one of them + * wow functions return the number of outputs - 0 when they error or there are none; consider any non-0 return as the real number of outputs + * wow functions may return a dynamic number of outputs - there is no way to parse this into a single result + * skip scanning for the usg string if it already has been encountered in the function, there can only be 1 + * skip scanning for input params, if unparsable index (not into int) has been found for lua_is* or lua_to* (dynamic inputs) + * skip scanning for output params, if unparsable index (not into int) has been found for lua_push* (dynamic outputs) + * skip scanning for output params, if returns with different non-0 values have been found (or it can not be parsed as int) + */ + + if (use_all) + { + dbg = true; + dbg_prnt_invld_only = true; + file_path = R"(C:\Users\alphaomega\Documents\Wow.exe.c.txt)"; + } + else + { + dbg = true; + dbg_prnt_invld_only = false; + file_path = R"(C:\Users\alphaomega\Documents\Wow.exe.c.test.txt)"; + } + + + auto tstart = std::chrono::high_resolution_clock::now(); + + std::ifstream source_file(file_path); + if (!source_file.is_open()) + { + std::cerr << "Unable to open file " << file_path << std::endl; + return 1; + } + + //std::regex return_regex(R"(^\s+?return\s+([^;]+);$)"); + //std::regex usage_regex(R"(^.+"(Usage: [^;]+)N{0}"\){0,1};$)"); // N{0} is just a workaround, since )" in the raw string would terminate it immediately + std::regex usage_regex(R"(,"(Usage: [^;]+)N{0}"[, \)])"); // N{0} is just a workaround, since )" in the raw string would terminate it immediately + //std::regex lua_is_regex(R"(lua_is(.+?)\(L,(.+?)\))"); + //std::regex lua_to_regex(R"(lua_to(.+?)\(L,(.+?)[,\)])"); + std::regex lua_is_regex(R"(lua_is(.+?)\()"); + std::regex lua_to_regex(R"(lua_to(.+?)\()"); + + + + //bool found_return_after_push; + + std::string skp_push_utl = ""; // skip push parsing until this line has been reached + std::string lp_utl = ""; + std::map push_track; + bool in_func = false; + bool enc_usg = false; // encountered usg + uint ret_val; // return value + bool is_if_ln; + std::string ind; // indent + std::string ln; // line + while (std::getline(source_file, ln)) + { + { // check for lines which can instantly be discarded + if (ln.empty()) continue; // skip empty lines + if (ln.starts_with("/*")) continue; // skip comment lines + } + if (!in_func) + { // searching for next function + if (ln.starts_with("// ADDRESS - ")) + { // found address ln - create new FunctionInfo + fi = {}; + fi.address = parse_int(ln.substr(13)); + out_index = 0; + enc_usg = false; + skp_push_utl = ""; + lp_utl = ""; + push_track = {}; + continue; + } + if (ln.starts_with("uint lua_wow_")) + { // found ln with function signature + fi.func = ln.substr(13, ln.find_first_of("(") - 13); // get part of real function name + in_func = true; // start function parsing from now on + continue; + } + } + else + { // processing current function + if (ln == "}") + { // end of function found + in_func = false; + if (fi.param_in_cnt == -1) fi.param_in.clear(); + else fi.param_in_cnt = fi.param_in.size(); + if (fi.param_out_cnt == -1) fi.param_out.clear(); + sort_prune_varmap(&fi.param_in); + chk_vld(&fi); + fmap[fi.func] = fi; + //pdbg("# END OF " + fi.func); + continue; + } + is_if_ln = false; + int i = 0; + while (i < ln.length()) + { + if (ln[i] != ' ') + { + ind = ln.substr(0, i); + break; + } + i++; + } + switch (ln[i]) + { + case 'c': + case 'd': + if (ln_is(ln, i, "case ") || ln_is(ln, i, "default:")) + { + if (push_track[ind.length() / 2]) skp_push_utl = !skp_push_utl.empty() ? skp_push_utl : ind + "}"; + else push_track[ind.length() / 2] = false; // only execute if a previous case didn't already contain a push + break; + } + break; + case 'i': // check for if + if (ln_is(ln, i, "if ")) + { // enough characters left to be if statement + is_if_ln = true; + push_track[ind.length() / 2] = false; + break; + } + break; + case 'e': + if (ln_is(ln, i, "else ")) + { // enough characters left to be if statement + if (push_track[ind.length() / 2]) skp_push_utl = !skp_push_utl.empty() ? skp_push_utl : ln[ln.length() - 1] == '{' ? ind + "}" : "\1"; + break; + } + break; + case 'g': + if (!fi.param_out.empty() && ln_is(ln, i, "goto ")) + { + skp_push_utl = !skp_push_utl.empty() ? skp_push_utl : ln.substr(i + 5, ln.length() - i - 6) + ":"; + break; + } + break; + case 'r': // check for return + if (fi.param_out_cnt == -1) break; // this function has a dynamic number of outputs, no need for further processing + if (ln_is(ln, i, "return ")) + { // enough characters left to be the simplest return + ret_val = parse_int(ln.substr(i + 7, ln.length() - i - 8)); + // check if already encountered return value (except 0) matches; dynamic if not + if (ret_val != 0) + { // TODO probably need to check if i am currently skipping push + fi.param_out_cnt = (fi.param_out_cnt == 0 || fi.param_out_cnt == ret_val) ? ret_val : -1; + if (ret_val == fi.param_out.size()) + { // found a return statement and return value matches output param count + skp_push_utl = !skp_push_utl.empty() ? skp_push_utl : "\1skip2end"; + } + } + break; + } + break; + } + //pdbg(ln); + //pdbg(ind + "<-"); + if (!enc_usg) + { // usage string can only occur once anyway + if (std::regex_search(ln, match, usage_regex)) + { // found usg string + fi.usg = match[1]; + size_t found = -1; // so the first find uses 0 through the increment + while ((found = fi.usg.find("\\\"", found + 1)) != std::string::npos) fi.usg.replace(found, 2, "\""); + enc_usg = true; + skp_push_utl = !skp_push_utl.empty() ? skp_push_utl : "\1"; // sometimes lua_pushfstring is used before lua_error; do not consider this an output! + } + + } + if (fi.param_in_cnt != -1) + { + process_varmap_regex(&fi.param_in, ln, &lua_is_regex); + process_varmap_regex(&fi.param_in, ln, &lua_to_regex); + } + if (fi.param_out_cnt != -1 && skp_push_utl.empty()) + { + if (process_varmap_regex(&fi.param_out, ln, &lua_push_regex)) + { + int lvl = is_if_ln ? ind.length() / 2 : (ind.length() - 2) / 2; // do not subtract 1 block level, if this was a simple if line + while (lvl >= 1) + { // if a push was found, track it for this and all lower block levels + push_track[lvl] = true; + lvl--; + } + } + } + if (!skp_push_utl.empty()) + { + int i = 0; + } + + if (skp_push_utl == ln) + skp_push_utl = ""; // reset skip since line has been reached now + if (skp_push_utl == "\1") + skp_push_utl = ""; // reset temporary skip which was used for 1 line + } + + } + + auto tend = std::chrono::high_resolution_clock::now(); + auto duration = duration_cast(tend - tstart); + int cnt_invalid = 0; + int cnt_total = 0; + for(auto &[name, fi] : fmap) + { + if (dbg && (!dbg_prnt_invld_only || !fi.valid_parse)) pfi(fi); + cnt_invalid += fi.valid_parse ? 0 : 1; + cnt_total++; + } + std::cout << "GhidraParser is done..." << std::endl; + std::cout << "Functions parsed: " << std::to_string(cnt_total) << std::endl; + std::cout << "Invalid parses: " << std::to_string(cnt_invalid) << std::endl; + std::cout << "duration: " << duration.count() << " ms" << std::endl; + std::cin.ignore(); + return 0; +} diff --git a/GhidraParser/GhidraParser.hpp b/GhidraParser/GhidraParser.hpp new file mode 100644 index 0000000..91a7b8a --- /dev/null +++ b/GhidraParser/GhidraParser.hpp @@ -0,0 +1,21 @@ +#pragma once +#include +#include + +typedef unsigned int uint; // i am lazy +typedef unsigned char byte; + +//#pragma pack(push, 1) +struct FunctionInfo +{ + uint address = 0; + std::string func = ""; + std::string usg = ""; + std::map> param_in{}; + int param_in_cnt = 0; + std::map> param_out{}; + int param_out_cnt = 0; + std::vector parse_errors; + bool valid_parse = false; +}; +//#pragma pack(pop) diff --git a/GhidraParser/GhidraParser.vcxproj b/GhidraParser/GhidraParser.vcxproj new file mode 100644 index 0000000..ae18ace --- /dev/null +++ b/GhidraParser/GhidraParser.vcxproj @@ -0,0 +1,141 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 17.0 + Win32Proj + {3f05db4f-14ab-4038-b3f5-82ef2a70f42a} + GhidraParser + 10.0 + + + + Application + true + v143 + Unicode + + + Application + false + v143 + true + Unicode + + + Application + true + v143 + Unicode + + + Application + false + v143 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + Level3 + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp20 + + + Console + true + + + + + Level3 + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp20 + + + Console + true + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp20 + + + Console + true + true + true + + + + + + + + + + + + \ No newline at end of file diff --git a/GhidraParser/GhidraParser.vcxproj.filters b/GhidraParser/GhidraParser.vcxproj.filters new file mode 100644 index 0000000..7243d0e --- /dev/null +++ b/GhidraParser/GhidraParser.vcxproj.filters @@ -0,0 +1,27 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + + + Header Files + + + \ No newline at end of file diff --git a/GhidraParser/GhidraParser.vcxproj.user b/GhidraParser/GhidraParser.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/GhidraParser/GhidraParser.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Hook/Hook.cpp b/Hook/Hook.cpp new file mode 100644 index 0000000..26ce3dd --- /dev/null +++ b/Hook/Hook.cpp @@ -0,0 +1,52 @@ +#include "pch.h" +#include +#include +#include +#include +#include + +int luaCallIndex = 0; +FILE* csvFile; + +std::string handleString(char* input) +{ + if (input == 0) return ""; // return empty string if it was a nullptr + std::string replacement = input; + std::size_t found = replacement.find("\""); + while (found != std::string::npos) { // escape double quotes by doubling them + replacement.replace(found, 1, "\"\""); + found = replacement.find("\"", found + 2); + } + return replacement; +} + +void* CVar__Register = (void*)0x00817F90; +UINT32 __cdecl FrameScript_RegisterFunction__Hook(char* name, void* param_2) +{ + void* callAddress = (void*)((uintptr_t)_ReturnAddress() - 5); // subtracting the length of a CALL instruction to find out where we have been called from + fprintf_s(csvFile, R"(%s%i, "%p", "%s", "%p")", "\n", luaCallIndex, callAddress, handleString(name).c_str(), param_2); + luaCallIndex++; + return ((decltype(&FrameScript_RegisterFunction__Hook))CVar__Register)(name, param_2); +} + +BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + if (DetourIsHelperProcess()) return TRUE; + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + fopen_s(&csvFile, "FrameScript_RegisterFunction_calls_335a_12340.csv", "w"); + if (csvFile == 0) return -1; + fprintf_s(csvFile, R"("Index", "Register Address", "Name", "Function Address")"); + DetourRestoreAfterWith(); + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourAttach(&CVar__Register, FrameScript_RegisterFunction__Hook); + if (DetourTransactionCommit() != NO_ERROR) MessageBoxA(NULL, "DetourAttach failed", "error", 0); + break; + case DLL_PROCESS_DETACH: + fclose(csvFile); + break; + } + return TRUE; +} diff --git a/Hook/Hook.def b/Hook/Hook.def new file mode 100644 index 0000000..742849f --- /dev/null +++ b/Hook/Hook.def @@ -0,0 +1,3 @@ +LIBRARY Hook +EXPORTS + DllMain @1 diff --git a/Hook/Hook.vcxproj b/Hook/Hook.vcxproj new file mode 100644 index 0000000..52a4e5b --- /dev/null +++ b/Hook/Hook.vcxproj @@ -0,0 +1,175 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {597797c6-99d2-4354-ac7d-a030ec7dfaac} + Hook + 10.0 + + + + DynamicLibrary + true + v143 + Unicode + + + DynamicLibrary + false + v143 + true + Unicode + + + DynamicLibrary + true + v143 + Unicode + + + DynamicLibrary + false + v143 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + Level3 + true + WIN32;_DEBUG;HOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + stdcpp20 + + + Windows + true + false + Hook.def + detours.lib;%(AdditionalDependencies) + + + + + Level3 + true + true + true + WIN32;NDEBUG;HOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + stdcpp20 + + + Windows + true + true + true + false + Hook.def + + + + + Level3 + true + _DEBUG;HOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + false + Hook.def + + + + + Level3 + true + true + true + NDEBUG;HOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + Use + pch.h + + + Windows + true + true + true + false + Hook.def + + + + + + + + + + Create + Create + Create + Create + + + + + + + + + + + + + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. + + + + \ No newline at end of file diff --git a/Hook/Hook.vcxproj.filters b/Hook/Hook.vcxproj.filters new file mode 100644 index 0000000..3604992 --- /dev/null +++ b/Hook/Hook.vcxproj.filters @@ -0,0 +1,39 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Header Files + + + Header Files + + + + + Source Files + + + Source Files + + + + + Source Files + + + + \ No newline at end of file diff --git a/Hook/Hook.vcxproj.user b/Hook/Hook.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/Hook/Hook.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Hook/framework.h b/Hook/framework.h new file mode 100644 index 0000000..54b83e9 --- /dev/null +++ b/Hook/framework.h @@ -0,0 +1,5 @@ +#pragma once + +#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers +// Windows Header Files +#include diff --git a/Hook/packages.config b/Hook/packages.config new file mode 100644 index 0000000..31cfc2d --- /dev/null +++ b/Hook/packages.config @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Hook/pch.cpp b/Hook/pch.cpp new file mode 100644 index 0000000..64b7eef --- /dev/null +++ b/Hook/pch.cpp @@ -0,0 +1,5 @@ +// pch.cpp: source file corresponding to the pre-compiled header + +#include "pch.h" + +// When you are using pre-compiled headers, this source file is necessary for compilation to succeed. diff --git a/Hook/pch.h b/Hook/pch.h new file mode 100644 index 0000000..885d5d6 --- /dev/null +++ b/Hook/pch.h @@ -0,0 +1,13 @@ +// pch.h: This is a precompiled header file. +// Files listed below are compiled only once, improving build performance for future builds. +// This also affects IntelliSense performance, including code completion and many code browsing features. +// However, files listed here are ALL re-compiled if any one of them is updated between builds. +// Do not add files here that you will be updating frequently as this negates the performance advantage. + +#ifndef PCH_H +#define PCH_H + +// add headers that you want to pre-compile here +#include "framework.h" + +#endif //PCH_H diff --git a/Launcher/Launcher.cpp b/Launcher/Launcher.cpp new file mode 100644 index 0000000..73d2351 --- /dev/null +++ b/Launcher/Launcher.cpp @@ -0,0 +1,35 @@ +#include +#include +#include + +int main() +{ + std::string wow_directory = R"(C:\Users\alphaomega\Documents\World-of-Warcraft-3.3.5a.12340-enUS-WIN\)"; + char launcherDirectory[MAX_PATH] = { 0 }; + GetModuleFileNameA(NULL, launcherDirectory, MAX_PATH); + size_t lastBackslash = ((std::string)launcherDirectory).rfind('\\'); + std::string lpDllName = ((std::string)launcherDirectory).substr(0, lastBackslash + 1) + "Hook.dll"; + + STARTUPINFOA lpStartupInfo; + ZeroMemory(&lpStartupInfo, sizeof(lpStartupInfo)); + PROCESS_INFORMATION lpProcessInformation; + ZeroMemory(&lpProcessInformation, sizeof(lpProcessInformation)); + lpStartupInfo.cb = sizeof(lpStartupInfo); + + DetourCreateProcessWithDllA( + (wow_directory + "Wow.exe").c_str(), // lpApplicationName + NULL, // lpCommandLine, + NULL, // lpProcessAttributes, + NULL, // lpThreadAttributes, + TRUE, // bInheritHandles, + CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED, // dwCreationFlags, + NULL, // lpEnvironment, + wow_directory.c_str(), // lpCurrentDirectory, + &lpStartupInfo, // lpStartupInfo + &lpProcessInformation, // lpProcessInformation + lpDllName.c_str(), // lpDllName + NULL // pfCreateProcessA + ); + ResumeThread(lpProcessInformation.hThread); + return 0; +} diff --git a/Launcher/Launcher.vcxproj b/Launcher/Launcher.vcxproj new file mode 100644 index 0000000..8388cd2 --- /dev/null +++ b/Launcher/Launcher.vcxproj @@ -0,0 +1,148 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {ff29a740-acad-45dc-ae66-47144fa61afb} + Launcher + 10.0 + + + + Application + true + v143 + Unicode + + + Application + false + v143 + true + Unicode + + + Application + true + v143 + Unicode + + + Application + false + v143 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + Level3 + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp20 + + + Console + true + detours.lib;%(AdditionalDependencies) + + + + + Level3 + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp20 + + + Console + true + true + true + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + + + + + + + + + + + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. + + + + \ No newline at end of file diff --git a/Launcher/Launcher.vcxproj.filters b/Launcher/Launcher.vcxproj.filters new file mode 100644 index 0000000..23ff192 --- /dev/null +++ b/Launcher/Launcher.vcxproj.filters @@ -0,0 +1,25 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + + + + \ No newline at end of file diff --git a/Launcher/Launcher.vcxproj.user b/Launcher/Launcher.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/Launcher/Launcher.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Launcher/packages.config b/Launcher/packages.config new file mode 100644 index 0000000..31cfc2d --- /dev/null +++ b/Launcher/packages.config @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/LuaFunctionRegisterSpreadsheet.sln b/LuaFunctionRegisterSpreadsheet.sln new file mode 100644 index 0000000..6b338fc --- /dev/null +++ b/LuaFunctionRegisterSpreadsheet.sln @@ -0,0 +1,54 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.5.33516.290 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Launcher", "Launcher\Launcher.vcxproj", "{FF29A740-ACAD-45DC-AE66-47144FA61AFB}" + ProjectSection(ProjectDependencies) = postProject + {597797C6-99D2-4354-AC7D-A030EC7DFAAC} = {597797C6-99D2-4354-AC7D-A030EC7DFAAC} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Hook", "Hook\Hook.vcxproj", "{597797C6-99D2-4354-AC7D-A030EC7DFAAC}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GhidraParser", "GhidraParser\GhidraParser.vcxproj", "{3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Debug|x64.ActiveCfg = Debug|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Debug|x64.Build.0 = Debug|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Debug|x86.ActiveCfg = Debug|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Debug|x86.Build.0 = Debug|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Release|x64.ActiveCfg = Release|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Release|x64.Build.0 = Release|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Release|x86.ActiveCfg = Release|Win32 + {FF29A740-ACAD-45DC-AE66-47144FA61AFB}.Release|x86.Build.0 = Release|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Debug|x64.ActiveCfg = Debug|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Debug|x64.Build.0 = Debug|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Debug|x86.ActiveCfg = Debug|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Debug|x86.Build.0 = Debug|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Release|x64.ActiveCfg = Release|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Release|x64.Build.0 = Release|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Release|x86.ActiveCfg = Release|Win32 + {597797C6-99D2-4354-AC7D-A030EC7DFAAC}.Release|x86.Build.0 = Release|Win32 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Debug|x64.ActiveCfg = Debug|x64 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Debug|x64.Build.0 = Debug|x64 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Debug|x86.ActiveCfg = Debug|Win32 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Debug|x86.Build.0 = Debug|Win32 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Release|x64.ActiveCfg = Release|x64 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Release|x64.Build.0 = Release|x64 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Release|x86.ActiveCfg = Release|Win32 + {3F05DB4F-14AB-4038-B3F5-82EF2A70F42A}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {A4CD1283-F9C7-4EE8-92CF-2D35F33D1454} + EndGlobalSection +EndGlobal diff --git a/README.md b/README.md index 30fed38..e0c6233 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # LuaFunctionRegisterSpreadsheet -Projects for WoW 3.3.5.12340. - -Project: Launcher/Hook -Hooks the function FrameScript_RegisterFunction (0x00817F90) to log registered LUA functions to a CSV. - -Project: GhidraParser +Projects for WoW 3.3.5.12340. + +Project: Launcher/Hook +Hooks the function FrameScript_RegisterFunction (0x00817F90) to log registered LUA functions to a CSV. + +Project: GhidraParser After importing those logged functions into Ghidra, I exported the decompiled version and parsed the source code to retrieve even more information about those functions. \ No newline at end of file diff --git a/packages/Detours.4.0.1/.signature.p7s b/packages/Detours.4.0.1/.signature.p7s new file mode 100644 index 0000000..d01d5ef Binary files /dev/null and b/packages/Detours.4.0.1/.signature.p7s differ diff --git a/packages/Detours.4.0.1/Detours.4.0.1.nupkg b/packages/Detours.4.0.1/Detours.4.0.1.nupkg new file mode 100644 index 0000000..26f6fa3 Binary files /dev/null and b/packages/Detours.4.0.1/Detours.4.0.1.nupkg differ diff --git a/packages/Detours.4.0.1/build/native/Detours.targets b/packages/Detours.4.0.1/build/native/Detours.targets new file mode 100644 index 0000000..bba8e7c --- /dev/null +++ b/packages/Detours.4.0.1/build/native/Detours.targets @@ -0,0 +1,13 @@ + + + + + $(MSBuildThisFileDirectory)..\..\lib\native\include\;%(AdditionalIncludeDirectories) + + + $(MSBuildThisFileDirectory)..\..\lib\native\libs\x64;%(AdditionalLibraryDirectories) + $(MSBuildThisFileDirectory)..\..\lib\native\libs\x86;%(AdditionalLibraryDirectories) + detours.lib;%(AdditionalDependencies) + + + \ No newline at end of file diff --git a/packages/Detours.4.0.1/lib/native/include/detours.h b/packages/Detours.4.0.1/lib/native/include/detours.h new file mode 100644 index 0000000..adb34eb --- /dev/null +++ b/packages/Detours.4.0.1/lib/native/include/detours.h @@ -0,0 +1,1080 @@ +///////////////////////////////////////////////////////////////////////////// +// +// Core Detours Functionality (detours.h of detours.lib) +// +// Microsoft Research Detours Package, Version 4.0.1 +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#pragma once +#ifndef _DETOURS_H_ +#define _DETOURS_H_ + +#define DETOURS_VERSION 0x4c0c1 // 0xMAJORcMINORcPATCH + +////////////////////////////////////////////////////////////////////////////// +// + +#undef DETOURS_X64 +#undef DETOURS_X86 +#undef DETOURS_IA64 +#undef DETOURS_ARM +#undef DETOURS_ARM64 +#undef DETOURS_BITS +#undef DETOURS_32BIT +#undef DETOURS_64BIT + +#if defined(_X86_) +#define DETOURS_X86 +#define DETOURS_OPTION_BITS 64 + +#elif defined(_AMD64_) +#define DETOURS_X64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_IA64_) +#define DETOURS_IA64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_ARM_) +#define DETOURS_ARM + +#elif defined(_ARM64_) +#define DETOURS_ARM64 + +#else +#error Unknown architecture (x86, amd64, ia64, arm, arm64) +#endif + +#ifdef _WIN64 +#undef DETOURS_32BIT +#define DETOURS_64BIT 1 +#define DETOURS_BITS 64 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#else +#define DETOURS_32BIT 1 +#undef DETOURS_64BIT +#define DETOURS_BITS 32 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#endif + +#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) + +////////////////////////////////////////////////////////////////////////////// +// + +#if (_MSC_VER < 1299) +typedef LONG LONG_PTR; +typedef ULONG ULONG_PTR; +#endif + +///////////////////////////////////////////////// SAL 2.0 Annotations w/o SAL. +// +// These definitions are include so that Detours will build even if the +// compiler doesn't have full SAL 2.0 support. +// +#ifndef DETOURS_DONT_REMOVE_SAL_20 + +#ifdef DETOURS_TEST_REMOVE_SAL_20 +#undef _Analysis_assume_ +#undef _Benign_race_begin_ +#undef _Benign_race_end_ +#undef _Field_range_ +#undef _Field_size_ +#undef _In_ +#undef _In_bytecount_ +#undef _In_count_ +#undef _In_opt_ +#undef _In_opt_bytecount_ +#undef _In_opt_count_ +#undef _In_opt_z_ +#undef _In_range_ +#undef _In_reads_ +#undef _In_reads_bytes_ +#undef _In_reads_opt_ +#undef _In_reads_opt_bytes_ +#undef _In_reads_or_z_ +#undef _In_z_ +#undef _Inout_ +#undef _Inout_opt_ +#undef _Inout_z_count_ +#undef _Out_ +#undef _Out_opt_ +#undef _Out_writes_ +#undef _Outptr_result_maybenull_ +#undef _Readable_bytes_ +#undef _Success_ +#undef _Writable_bytes_ +#undef _Pre_notnull_ +#endif + +#if defined(_Deref_out_opt_z_) && !defined(_Outptr_result_maybenull_) +#define _Outptr_result_maybenull_ _Deref_out_opt_z_ +#endif + +#if defined(_In_count_) && !defined(_In_reads_) +#define _In_reads_(x) _In_count_(x) +#endif + +#if defined(_In_opt_count_) && !defined(_In_reads_opt_) +#define _In_reads_opt_(x) _In_opt_count_(x) +#endif + +#if defined(_In_opt_bytecount_) && !defined(_In_reads_opt_bytes_) +#define _In_reads_opt_bytes_(x) _In_opt_bytecount_(x) +#endif + +#if defined(_In_bytecount_) && !defined(_In_reads_bytes_) +#define _In_reads_bytes_(x) _In_bytecount_(x) +#endif + +#ifndef _In_ +#define _In_ +#endif + +#ifndef _In_bytecount_ +#define _In_bytecount_(x) +#endif + +#ifndef _In_count_ +#define _In_count_(x) +#endif + +#ifndef _In_opt_ +#define _In_opt_ +#endif + +#ifndef _In_opt_bytecount_ +#define _In_opt_bytecount_(x) +#endif + +#ifndef _In_opt_count_ +#define _In_opt_count_(x) +#endif + +#ifndef _In_opt_z_ +#define _In_opt_z_ +#endif + +#ifndef _In_range_ +#define _In_range_(x,y) +#endif + +#ifndef _In_reads_ +#define _In_reads_(x) +#endif + +#ifndef _In_reads_bytes_ +#define _In_reads_bytes_(x) +#endif + +#ifndef _In_reads_opt_ +#define _In_reads_opt_(x) +#endif + +#ifndef _In_reads_opt_bytes_ +#define _In_reads_opt_bytes_(x) +#endif + +#ifndef _In_reads_or_z_ +#define _In_reads_or_z_ +#endif + +#ifndef _In_z_ +#define _In_z_ +#endif + +#ifndef _Inout_ +#define _Inout_ +#endif + +#ifndef _Inout_opt_ +#define _Inout_opt_ +#endif + +#ifndef _Inout_z_count_ +#define _Inout_z_count_(x) +#endif + +#ifndef _Out_ +#define _Out_ +#endif + +#ifndef _Out_opt_ +#define _Out_opt_ +#endif + +#ifndef _Out_writes_ +#define _Out_writes_(x) +#endif + +#ifndef _Outptr_result_maybenull_ +#define _Outptr_result_maybenull_ +#endif + +#ifndef _Writable_bytes_ +#define _Writable_bytes_(x) +#endif + +#ifndef _Readable_bytes_ +#define _Readable_bytes_(x) +#endif + +#ifndef _Success_ +#define _Success_(x) +#endif + +#ifndef _Pre_notnull_ +#define _Pre_notnull_ +#endif + +#ifdef DETOURS_INTERNAL + +#pragma warning(disable:4615) // unknown warning type (suppress with older compilers) + +#ifndef _Benign_race_begin_ +#define _Benign_race_begin_ +#endif + +#ifndef _Benign_race_end_ +#define _Benign_race_end_ +#endif + +#ifndef _Field_size_ +#define _Field_size_(x) +#endif + +#ifndef _Field_range_ +#define _Field_range_(x,y) +#endif + +#ifndef _Analysis_assume_ +#define _Analysis_assume_(x) +#endif + +#endif // DETOURS_INTERNAL +#endif // DETOURS_DONT_REMOVE_SAL_20 + +////////////////////////////////////////////////////////////////////////////// +// +#ifndef GUID_DEFINED +#define GUID_DEFINED +typedef struct _GUID +{ + DWORD Data1; + WORD Data2; + WORD Data3; + BYTE Data4[ 8 ]; +} GUID; + +#ifdef INITGUID +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name \ + = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } } +#else +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name +#endif // INITGUID +#endif // !GUID_DEFINED + +#if defined(__cplusplus) +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID & +#endif // !_REFGUID_DEFINED +#else // !__cplusplus +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID * const +#endif // !_REFGUID_DEFINED +#endif // !__cplusplus + +#ifndef ARRAYSIZE +#define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0])) +#endif + +// +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +/////////////////////////////////////////////////// Instruction Target Macros. +// +#define DETOUR_INSTRUCTION_TARGET_NONE ((PVOID)0) +#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PVOID)(LONG_PTR)-1) +#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0" + +extern const GUID DETOUR_EXE_RESTORE_GUID; +extern const GUID DETOUR_EXE_HELPER_GUID; + +#define DETOUR_TRAMPOLINE_SIGNATURE 0x21727444 // Dtr! +typedef struct _DETOUR_TRAMPOLINE DETOUR_TRAMPOLINE, *PDETOUR_TRAMPOLINE; + +/////////////////////////////////////////////////////////// Binary Structures. +// +#pragma pack(push, 8) +typedef struct _DETOUR_SECTION_HEADER +{ + DWORD cbHeaderSize; + DWORD nSignature; + DWORD nDataOffset; + DWORD cbDataSize; + + DWORD nOriginalImportVirtualAddress; + DWORD nOriginalImportSize; + DWORD nOriginalBoundImportVirtualAddress; + DWORD nOriginalBoundImportSize; + + DWORD nOriginalIatVirtualAddress; + DWORD nOriginalIatSize; + DWORD nOriginalSizeOfImage; + DWORD cbPrePE; + + DWORD nOriginalClrFlags; + DWORD reserved1; + DWORD reserved2; + DWORD reserved3; + + // Followed by cbPrePE bytes of data. +} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER; + +typedef struct _DETOUR_SECTION_RECORD +{ + DWORD cbBytes; + DWORD nReserved; + GUID guid; +} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD; + +typedef struct _DETOUR_CLR_HEADER +{ + // Header versioning + ULONG cb; + USHORT MajorRuntimeVersion; + USHORT MinorRuntimeVersion; + + // Symbol table and startup information + IMAGE_DATA_DIRECTORY MetaData; + ULONG Flags; + + // Followed by the rest of the IMAGE_COR20_HEADER +} DETOUR_CLR_HEADER, *PDETOUR_CLR_HEADER; + +typedef struct _DETOUR_EXE_RESTORE +{ + DWORD cb; + DWORD cbidh; + DWORD cbinh; + DWORD cbclr; + + PBYTE pidh; + PBYTE pinh; + PBYTE pclr; + + IMAGE_DOS_HEADER idh; + union { + IMAGE_NT_HEADERS inh; // all environments have this +#ifdef IMAGE_NT_OPTIONAL_HDR32_MAGIC // some environments do not have this + IMAGE_NT_HEADERS32 inh32; +#endif +#ifdef IMAGE_NT_OPTIONAL_HDR64_MAGIC // some environments do not have this + IMAGE_NT_HEADERS64 inh64; +#endif +#ifdef IMAGE_NT_OPTIONAL_HDR64_MAGIC // some environments do not have this + BYTE raw[sizeof(IMAGE_NT_HEADERS64) + + sizeof(IMAGE_SECTION_HEADER) * 32]; +#else + BYTE raw[0x108 + sizeof(IMAGE_SECTION_HEADER) * 32]; +#endif + }; + DETOUR_CLR_HEADER clr; + +} DETOUR_EXE_RESTORE, *PDETOUR_EXE_RESTORE; + +#ifdef IMAGE_NT_OPTIONAL_HDR64_MAGIC +C_ASSERT(sizeof(IMAGE_NT_HEADERS64) == 0x108); +#endif + +// The size can change, but assert for clarity due to the muddying #ifdefs. +#ifdef _WIN64 +C_ASSERT(sizeof(DETOUR_EXE_RESTORE) == 0x688); +#else +C_ASSERT(sizeof(DETOUR_EXE_RESTORE) == 0x678); +#endif + +typedef struct _DETOUR_EXE_HELPER +{ + DWORD cb; + DWORD pid; + DWORD nDlls; + CHAR rDlls[4]; +} DETOUR_EXE_HELPER, *PDETOUR_EXE_HELPER; + +#pragma pack(pop) + +#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \ +{ \ + sizeof(DETOUR_SECTION_HEADER),\ + DETOUR_SECTION_HEADER_SIGNATURE,\ + sizeof(DETOUR_SECTION_HEADER),\ + (cbSectionSize),\ + \ + 0,\ + 0,\ + 0,\ + 0,\ + \ + 0,\ + 0,\ + 0,\ + 0,\ +} + +/////////////////////////////////////////////////////////////// Helper Macros. +// +#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) +#define DETOURS_STRINGIFY_(x) #x + +///////////////////////////////////////////////////////////// Binary Typedefs. +// +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)( + _In_opt_ PVOID pContext, + _In_opt_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR *ppszOutFile); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ LPCSTR pszOrigFile, + _In_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR *ppszOutFile); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ ULONG nOrigOrdinal, + _In_ ULONG nOrdinal, + _Out_ ULONG *pnOutOrdinal, + _In_opt_ LPCSTR pszOrigSymbol, + _In_opt_ LPCSTR pszSymbol, + _Outptr_result_maybenull_ LPCSTR *ppszOutSymbol); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_COMMIT_CALLBACK)( + _In_opt_ PVOID pContext); + +typedef BOOL (CALLBACK *PF_DETOUR_ENUMERATE_EXPORT_CALLBACK)(_In_opt_ PVOID pContext, + _In_ ULONG nOrdinal, + _In_opt_ LPCSTR pszName, + _In_opt_ PVOID pCode); + +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FILE_CALLBACK)(_In_opt_ PVOID pContext, + _In_opt_ HMODULE hModule, + _In_opt_ LPCSTR pszFile); + +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID pvFunc); + +// Same as PF_DETOUR_IMPORT_FUNC_CALLBACK but extra indirection on last parameter. +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK_EX)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID* ppvFunc); + +typedef VOID * PDETOUR_BINARY; +typedef VOID * PDETOUR_LOADED_BINARY; + +//////////////////////////////////////////////////////////// Transaction APIs. +// +LONG WINAPI DetourTransactionBegin(VOID); +LONG WINAPI DetourTransactionAbort(VOID); +LONG WINAPI DetourTransactionCommit(VOID); +LONG WINAPI DetourTransactionCommitEx(_Out_opt_ PVOID **pppFailedPointer); + +LONG WINAPI DetourUpdateThread(_In_ HANDLE hThread); + +LONG WINAPI DetourAttach(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour); + +LONG WINAPI DetourAttachEx(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour, + _Out_opt_ PDETOUR_TRAMPOLINE *ppRealTrampoline, + _Out_opt_ PVOID *ppRealTarget, + _Out_opt_ PVOID *ppRealDetour); + +LONG WINAPI DetourDetach(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour); + +BOOL WINAPI DetourSetIgnoreTooSmall(_In_ BOOL fIgnore); +BOOL WINAPI DetourSetRetainRegions(_In_ BOOL fRetain); +PVOID WINAPI DetourSetSystemRegionLowerBound(_In_ PVOID pSystemRegionLowerBound); +PVOID WINAPI DetourSetSystemRegionUpperBound(_In_ PVOID pSystemRegionUpperBound); + +////////////////////////////////////////////////////////////// Code Functions. +// +PVOID WINAPI DetourFindFunction(_In_ LPCSTR pszModule, + _In_ LPCSTR pszFunction); +PVOID WINAPI DetourCodeFromPointer(_In_ PVOID pPointer, + _Out_opt_ PVOID *ppGlobals); +PVOID WINAPI DetourCopyInstruction(_In_opt_ PVOID pDst, + _Inout_opt_ PVOID *ppDstPool, + _In_ PVOID pSrc, + _Out_opt_ PVOID *ppTarget, + _Out_opt_ LONG *plExtra); +BOOL WINAPI DetourSetCodeModule(_In_ HMODULE hModule, + _In_ BOOL fLimitReferencesToModule); +PVOID WINAPI DetourAllocateRegionWithinJumpBounds(_In_ LPCVOID pbTarget, + _Out_ PDWORD pcbAllocatedSize); + +///////////////////////////////////////////////////// Loaded Binary Functions. +// +HMODULE WINAPI DetourGetContainingModule(_In_ PVOID pvAddr); +HMODULE WINAPI DetourEnumerateModules(_In_opt_ HMODULE hModuleLast); +PVOID WINAPI DetourGetEntryPoint(_In_opt_ HMODULE hModule); +ULONG WINAPI DetourGetModuleSize(_In_opt_ HMODULE hModule); +BOOL WINAPI DetourEnumerateExports(_In_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_ PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport); +BOOL WINAPI DetourEnumerateImports(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK pfImportFunc); + +BOOL WINAPI DetourEnumerateImportsEx(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK_EX pfImportFuncEx); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourFindPayload(_In_opt_ HMODULE hModule, + _In_ REFGUID rguid, + _Out_ DWORD *pcbData); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourFindPayloadEx(_In_ REFGUID rguid, + _Out_ DWORD * pcbData); + +DWORD WINAPI DetourGetSizeOfPayloads(_In_opt_ HMODULE hModule); + +///////////////////////////////////////////////// Persistent Binary Functions. +// + +PDETOUR_BINARY WINAPI DetourBinaryOpen(_In_ HANDLE hFile); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourBinaryEnumeratePayloads(_In_ PDETOUR_BINARY pBinary, + _Out_opt_ GUID *pGuid, + _Out_ DWORD *pcbData, + _Inout_ DWORD *pnIterator); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourBinaryFindPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _Out_ DWORD *pcbData); + +PVOID WINAPI DetourBinarySetPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _In_reads_opt_(cbData) PVOID pData, + _In_ DWORD cbData); +BOOL WINAPI DetourBinaryDeletePayload(_In_ PDETOUR_BINARY pBinary, _In_ REFGUID rguid); +BOOL WINAPI DetourBinaryPurgePayloads(_In_ PDETOUR_BINARY pBinary); +BOOL WINAPI DetourBinaryResetImports(_In_ PDETOUR_BINARY pBinary); +BOOL WINAPI DetourBinaryEditImports(_In_ PDETOUR_BINARY pBinary, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway, + _In_opt_ PF_DETOUR_BINARY_FILE_CALLBACK pfFile, + _In_opt_ PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol, + _In_opt_ PF_DETOUR_BINARY_COMMIT_CALLBACK pfCommit); +BOOL WINAPI DetourBinaryWrite(_In_ PDETOUR_BINARY pBinary, _In_ HANDLE hFile); +BOOL WINAPI DetourBinaryClose(_In_ PDETOUR_BINARY pBinary); + +/////////////////////////////////////////////////// Create Process & Load Dll. +// +typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)( + _In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + +typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)( + _In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + +BOOL WINAPI DetourCreateProcessWithDllA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDll DetourCreateProcessWithDllW +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW +#else +#define DetourCreateProcessWithDll DetourCreateProcessWithDllA +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA +#endif // !UNICODE + +BOOL WINAPI DetourCreateProcessWithDllExA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllExW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExW +#else +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExA +#endif // !UNICODE + +BOOL WINAPI DetourCreateProcessWithDllsA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllsW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsW +#else +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsA +#endif // !UNICODE + +BOOL WINAPI DetourProcessViaHelperA(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourProcessViaHelperW(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelper DetourProcessViaHelperW +#else +#define DetourProcessViaHelper DetourProcessViaHelperA +#endif // !UNICODE + +BOOL WINAPI DetourProcessViaHelperDllsA(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourProcessViaHelperDllsW(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsW +#else +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsA +#endif // !UNICODE + +BOOL WINAPI DetourUpdateProcessWithDll(_In_ HANDLE hProcess, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ DWORD nDlls); + +BOOL WINAPI DetourUpdateProcessWithDllEx(_In_ HANDLE hProcess, + _In_ HMODULE hImage, + _In_ BOOL bIs32Bit, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ DWORD nDlls); + +BOOL WINAPI DetourCopyPayloadToProcess(_In_ HANDLE hProcess, + _In_ REFGUID rguid, + _In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); +BOOL WINAPI DetourRestoreAfterWith(VOID); +BOOL WINAPI DetourRestoreAfterWithEx(_In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); +BOOL WINAPI DetourIsHelperProcess(VOID); +VOID CALLBACK DetourFinishHelperProcess(_In_ HWND, + _In_ HINSTANCE, + _In_ LPSTR, + _In_ INT); + +// +////////////////////////////////////////////////////////////////////////////// +#ifdef __cplusplus +} +#endif // __cplusplus + +//////////////////////////////////////////////// Detours Internal Definitions. +// +#ifdef __cplusplus +#ifdef DETOURS_INTERNAL + +#define NOTHROW +// #define NOTHROW (nothrow) + +////////////////////////////////////////////////////////////////////////////// +// +#if (_MSC_VER < 1299) +#include +typedef IMAGEHLP_MODULE IMAGEHLP_MODULE64; +typedef PIMAGEHLP_MODULE PIMAGEHLP_MODULE64; +typedef IMAGEHLP_SYMBOL SYMBOL_INFO; +typedef PIMAGEHLP_SYMBOL PSYMBOL_INFO; + +static inline +LONG InterlockedCompareExchange(_Inout_ LONG *ptr, _In_ LONG nval, _In_ LONG oval) +{ + return (LONG)::InterlockedCompareExchange((PVOID*)ptr, (PVOID)nval, (PVOID)oval); +} +#else +#pragma warning(push) +#pragma warning(disable:4091) // empty typedef +#include +#pragma warning(pop) +#endif + +#ifdef IMAGEAPI // defined by DBGHELP.H +typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(_In_ LPAPI_VERSION AppVersion); + +typedef BOOL (NTAPI *PF_SymInitialize)(_In_ HANDLE hProcess, + _In_opt_ LPCSTR UserSearchPath, + _In_ BOOL fInvadeProcess); +typedef DWORD (NTAPI *PF_SymSetOptions)(_In_ DWORD SymOptions); +typedef DWORD (NTAPI *PF_SymGetOptions)(VOID); +typedef DWORD64 (NTAPI *PF_SymLoadModule64)(_In_ HANDLE hProcess, + _In_opt_ HANDLE hFile, + _In_ LPSTR ImageName, + _In_opt_ LPSTR ModuleName, + _In_ DWORD64 BaseOfDll, + _In_opt_ DWORD SizeOfDll); +typedef BOOL (NTAPI *PF_SymGetModuleInfo64)(_In_ HANDLE hProcess, + _In_ DWORD64 qwAddr, + _Out_ PIMAGEHLP_MODULE64 ModuleInfo); +typedef BOOL (NTAPI *PF_SymFromName)(_In_ HANDLE hProcess, + _In_ LPSTR Name, + _Out_ PSYMBOL_INFO Symbol); + +typedef struct _DETOUR_SYM_INFO +{ + HANDLE hProcess; + HMODULE hDbgHelp; + PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx; + PF_SymInitialize pfSymInitialize; + PF_SymSetOptions pfSymSetOptions; + PF_SymGetOptions pfSymGetOptions; + PF_SymLoadModule64 pfSymLoadModule64; + PF_SymGetModuleInfo64 pfSymGetModuleInfo64; + PF_SymFromName pfSymFromName; +} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO; + +PDETOUR_SYM_INFO DetourLoadImageHlp(VOID); + +#endif // IMAGEAPI + +#if defined(_INC_STDIO) && !defined(_CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS) +#error detours.h must be included before stdio.h (or at least define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS earlier) +#endif +#define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS 1 + +#ifndef DETOUR_TRACE +#if DETOUR_DEBUG +#define DETOUR_TRACE(x) printf x +#define DETOUR_BREAK() __debugbreak() +#include +#include +#else +#define DETOUR_TRACE(x) +#define DETOUR_BREAK() +#endif +#endif + +#if 1 || defined(DETOURS_IA64) + +// +// IA64 instructions are 41 bits, 3 per bundle, plus 5 bit bundle template => 128 bits per bundle. +// + +#define DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE (3) + +#define DETOUR_IA64_TEMPLATE_OFFSET (0) +#define DETOUR_IA64_TEMPLATE_SIZE (5) + +#define DETOUR_IA64_INSTRUCTION_SIZE (41) +#define DETOUR_IA64_INSTRUCTION0_OFFSET (DETOUR_IA64_TEMPLATE_SIZE) +#define DETOUR_IA64_INSTRUCTION1_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) +#define DETOUR_IA64_INSTRUCTION2_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) + +C_ASSERT(DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE * DETOUR_IA64_INSTRUCTION_SIZE == 128); + +__declspec(align(16)) struct DETOUR_IA64_BUNDLE +{ + public: + union + { + BYTE data[16]; + UINT64 wide[2]; + }; + + enum { + A_UNIT = 1u, + I_UNIT = 2u, + M_UNIT = 3u, + B_UNIT = 4u, + F_UNIT = 5u, + L_UNIT = 6u, + X_UNIT = 7u, + }; + struct DETOUR_IA64_METADATA + { + ULONG nTemplate : 8; // Instruction template. + ULONG nUnit0 : 4; // Unit for slot 0 + ULONG nUnit1 : 4; // Unit for slot 1 + ULONG nUnit2 : 4; // Unit for slot 2 + }; + + protected: + static const DETOUR_IA64_METADATA s_rceCopyTable[33]; + + UINT RelocateBundle(_Inout_ DETOUR_IA64_BUNDLE* pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + bool RelocateInstruction(_Inout_ DETOUR_IA64_BUNDLE* pDst, + _In_ BYTE slot, + _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + // 120 112 104 96 88 80 72 64 56 48 40 32 24 16 8 0 + // f. e. d. c. b. a. 9. 8. 7. 6. 5. 4. 3. 2. 1. 0. + + // 00 + // f.e. d.c. b.a. 9.8. 7.6. 5.4. 3.2. 1.0. + // 0000 0000 0000 0000 0000 0000 0000 001f : Template [4..0] + // 0000 0000 0000 0000 0000 03ff ffff ffe0 : Zero [ 41.. 5] + // 0000 0000 0000 0000 0000 3c00 0000 0000 : Zero [ 45.. 42] + // 0000 0000 0007 ffff ffff c000 0000 0000 : One [ 82.. 46] + // 0000 0000 0078 0000 0000 0000 0000 0000 : One [ 86.. 83] + // 0fff ffff ff80 0000 0000 0000 0000 0000 : Two [123.. 87] + // f000 0000 0000 0000 0000 0000 0000 0000 : Two [127..124] + BYTE GetTemplate() const; + // Get 4 bit opcodes. + BYTE GetInst0() const; + BYTE GetInst1() const; + BYTE GetInst2() const; + BYTE GetUnit(BYTE slot) const; + BYTE GetUnit0() const; + BYTE GetUnit1() const; + BYTE GetUnit2() const; + // Get 37 bit data. + UINT64 GetData0() const; + UINT64 GetData1() const; + UINT64 GetData2() const; + + // Get/set the full 41 bit instructions. + UINT64 GetInstruction(BYTE slot) const; + UINT64 GetInstruction0() const; + UINT64 GetInstruction1() const; + UINT64 GetInstruction2() const; + void SetInstruction(BYTE slot, UINT64 instruction); + void SetInstruction0(UINT64 instruction); + void SetInstruction1(UINT64 instruction); + void SetInstruction2(UINT64 instruction); + + // Get/set bitfields. + static UINT64 GetBits(UINT64 Value, UINT64 Offset, UINT64 Count); + static UINT64 SetBits(UINT64 Value, UINT64 Offset, UINT64 Count, UINT64 Field); + + // Get specific read-only fields. + static UINT64 GetOpcode(UINT64 instruction); // 4bit opcode + static UINT64 GetX(UINT64 instruction); // 1bit opcode extension + static UINT64 GetX3(UINT64 instruction); // 3bit opcode extension + static UINT64 GetX6(UINT64 instruction); // 6bit opcode extension + + // Get/set specific fields. + static UINT64 GetImm7a(UINT64 instruction); + static UINT64 SetImm7a(UINT64 instruction, UINT64 imm7a); + static UINT64 GetImm13c(UINT64 instruction); + static UINT64 SetImm13c(UINT64 instruction, UINT64 imm13c); + static UINT64 GetSignBit(UINT64 instruction); + static UINT64 SetSignBit(UINT64 instruction, UINT64 signBit); + static UINT64 GetImm20a(UINT64 instruction); + static UINT64 SetImm20a(UINT64 instruction, UINT64 imm20a); + static UINT64 GetImm20b(UINT64 instruction); + static UINT64 SetImm20b(UINT64 instruction, UINT64 imm20b); + + static UINT64 SignExtend(UINT64 Value, UINT64 Offset); + + BOOL IsMovlGp() const; + + VOID SetInst(BYTE Slot, BYTE nInst); + VOID SetInst0(BYTE nInst); + VOID SetInst1(BYTE nInst); + VOID SetInst2(BYTE nInst); + VOID SetData(BYTE Slot, UINT64 nData); + VOID SetData0(UINT64 nData); + VOID SetData1(UINT64 nData); + VOID SetData2(UINT64 nData); + BOOL SetNop(BYTE Slot); + BOOL SetNop0(); + BOOL SetNop1(); + BOOL SetNop2(); + + public: + BOOL IsBrl() const; + VOID SetBrl(); + VOID SetBrl(UINT64 target); + UINT64 GetBrlTarget() const; + VOID SetBrlTarget(UINT64 target); + VOID SetBrlImm(UINT64 imm); + UINT64 GetBrlImm() const; + + UINT64 GetMovlGp() const; + VOID SetMovlGp(UINT64 gp); + + VOID SetStop(); + + UINT Copy(_Out_ DETOUR_IA64_BUNDLE *pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra = NULL) const; +}; +#endif // DETOURS_IA64 + +#ifdef DETOURS_ARM + +#define DETOURS_PFUNC_TO_PBYTE(p) ((PBYTE)(((ULONG_PTR)(p)) & ~(ULONG_PTR)1)) +#define DETOURS_PBYTE_TO_PFUNC(p) ((PBYTE)(((ULONG_PTR)(p)) | (ULONG_PTR)1)) + +#endif // DETOURS_ARM + +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +#define DETOUR_OFFLINE_LIBRARY(x) \ +PVOID WINAPI DetourCopyInstruction##x(_In_opt_ PVOID pDst, \ + _Inout_opt_ PVOID *ppDstPool, \ + _In_ PVOID pSrc, \ + _Out_opt_ PVOID *ppTarget, \ + _Out_opt_ LONG *plExtra); \ + \ +BOOL WINAPI DetourSetCodeModule##x(_In_ HMODULE hModule, \ + _In_ BOOL fLimitReferencesToModule); \ + +DETOUR_OFFLINE_LIBRARY(X86) +DETOUR_OFFLINE_LIBRARY(X64) +DETOUR_OFFLINE_LIBRARY(ARM) +DETOUR_OFFLINE_LIBRARY(ARM64) +DETOUR_OFFLINE_LIBRARY(IA64) + +#undef DETOUR_OFFLINE_LIBRARY + +////////////////////////////////////////////////////////////////////////////// +// +// Helpers for manipulating page protection. +// + +_Success_(return != FALSE) +BOOL WINAPI DetourVirtualProtectSameExecuteEx(_In_ HANDLE hProcess, + _In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); + +_Success_(return != FALSE) +BOOL WINAPI DetourVirtualProtectSameExecute(_In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); +#ifdef __cplusplus +} +#endif // __cplusplus + +////////////////////////////////////////////////////////////////////////////// + +#define MM_ALLOCATION_GRANULARITY 0x10000 + +////////////////////////////////////////////////////////////////////////////// + +#endif // DETOURS_INTERNAL +#endif // __cplusplus + +#endif // _DETOURS_H_ +// +//////////////////////////////////////////////////////////////// End of File. diff --git a/packages/Detours.4.0.1/lib/native/include/detver.h b/packages/Detours.4.0.1/lib/native/include/detver.h new file mode 100644 index 0000000..f0aae9b --- /dev/null +++ b/packages/Detours.4.0.1/lib/native/include/detver.h @@ -0,0 +1,27 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Common version parameters. +// +// Microsoft Research Detours Package, Version 4.0.1 +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#define _USING_V110_SDK71_ 1 +#include "winver.h" +#if 0 +#include +#include +#else +#ifndef DETOURS_STRINGIFY +#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) +#define DETOURS_STRINGIFY_(x) #x +#endif + +#define VER_FILEFLAGSMASK 0x3fL +#define VER_FILEFLAGS 0x0L +#define VER_FILEOS 0x00040004L +#define VER_FILETYPE 0x00000002L +#define VER_FILESUBTYPE 0x00000000L +#endif +#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) diff --git a/packages/Detours.4.0.1/lib/native/include/syelog.h b/packages/Detours.4.0.1/lib/native/include/syelog.h new file mode 100644 index 0000000..7cfa9f3 --- /dev/null +++ b/packages/Detours.4.0.1/lib/native/include/syelog.h @@ -0,0 +1,89 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Detours Test Program (syelog.h of syelog.lib) +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +#pragma once +#ifndef _SYELOGD_H_ +#define _SYELOGD_H_ +#include + +#pragma pack(push, 1) +#pragma warning(push) +#pragma warning(disable: 4200) + +////////////////////////////////////////////////////////////////////////////// +// +// +#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog" +#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog" +#ifdef UNICODE +#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW +#else +#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA +#endif + +////////////////////////////////////////////////////////////////////////////// +// +#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff) + +typedef struct _SYELOG_MESSAGE +{ + USHORT nBytes; + BYTE nFacility; + BYTE nSeverity; + DWORD nProcessId; + FILETIME ftOccurance; + BOOL fTerminate; + CHAR szMessage[SYELOG_MAXIMUM_MESSAGE]; +} SYELOG_MESSAGE, *PSYELOG_MESSAGE; + + +// Facility Codes. +// +#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel +#define SYELOG_FACILITY_SECURITY 0x20 // OS Security +#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal +#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon +#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application +#define SYELOG_FACILITY_USER 0x60 // User self-generated. +#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined. +#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined. +#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined. +#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined. +#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined. +#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined. +#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined. +#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined. +#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined. +#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined. + +// Severity Codes. +// +#define SYELOG_SEVERITY_FATAL 0x00 // System is dead. +#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately. +#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition. +#define SYELOG_SEVERITY_ERROR 0x30 // Error +#define SYELOG_SEVERITY_WARNING 0x40 // Warning +#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition. +#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational +#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed +#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded +#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging + +// Logging Functions. +// +VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility); +VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...); +VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args); +VOID SyelogClose(BOOL fTerminate); + +#pragma warning(pop) +#pragma pack(pop) + +#endif // _SYELOGD_H_ +// +///////////////////////////////////////////////////////////////// End of File. diff --git a/packages/Detours.4.0.1/lib/native/libs/x64/detours.lib b/packages/Detours.4.0.1/lib/native/libs/x64/detours.lib new file mode 100644 index 0000000..2ca1c3a Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x64/detours.lib differ diff --git a/packages/Detours.4.0.1/lib/native/libs/x64/detours.pdb b/packages/Detours.4.0.1/lib/native/libs/x64/detours.pdb new file mode 100644 index 0000000..1d9ef83 Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x64/detours.pdb differ diff --git a/packages/Detours.4.0.1/lib/native/libs/x64/syelog.lib b/packages/Detours.4.0.1/lib/native/libs/x64/syelog.lib new file mode 100644 index 0000000..5ea748e Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x64/syelog.lib differ diff --git a/packages/Detours.4.0.1/lib/native/libs/x86/detours.lib b/packages/Detours.4.0.1/lib/native/libs/x86/detours.lib new file mode 100644 index 0000000..268f7ad Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x86/detours.lib differ diff --git a/packages/Detours.4.0.1/lib/native/libs/x86/detours.pdb b/packages/Detours.4.0.1/lib/native/libs/x86/detours.pdb new file mode 100644 index 0000000..49b5c8c Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x86/detours.pdb differ diff --git a/packages/Detours.4.0.1/lib/native/libs/x86/syelog.lib b/packages/Detours.4.0.1/lib/native/libs/x86/syelog.lib new file mode 100644 index 0000000..798bcd1 Binary files /dev/null and b/packages/Detours.4.0.1/lib/native/libs/x86/syelog.lib differ