A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from http://www.ncbi.nlm.nih.gov/IEB/ToolBox/CPP_DOC/doxyhtml/ncbi__win__hook_8cpp_source.html below:

NCBI C++ ToolKit: src/dbapi/driver/ncbi_win_hook.cpp Source File

36 #if defined(NCBI_OS_MSWIN) 44 #pragma comment(lib, "DbgHelp.lib"

)

46 #pragma warning( push ) 47 #pragma warning( disable : 4191 ) 49 #define NCBI_USE_ERRCODE_X Dbapi_DrvrWinHook 258

PCSTR pszCalleeModName,

288

PCSTR pszCalleeModName,

314

(::GetProcAddress(::GetModuleHandleA(

"kernel32.dll"

),

"GetProcAddress"

));

317

(::GetProcAddress(::GetModuleHandleA(

"kernel32.dll"

),

"LoadLibraryA"

));

351

HMODULE hmodOriginal,

524

PVOID

GetIAT

(HMODULE base,

int

section)

const

;

529

BOOLEAN MappedAsImage,

569

HMODULE hModToolHelp;

570

PROC pfnCreateToolhelp32Snapshot;

574  if

(hModToolHelp !=

NULL

) {

575

pfnCreateToolhelp32Snapshot = ::GetProcAddress(

577  "CreateToolhelp32Snapshot" 580

bResult = (pfnCreateToolhelp32Snapshot !=

NULL

);

582

::FreeLibrary(hModToolHelp);

592

HMODULE hModPSAPI =

NULL

;

595

bResult = (hModPSAPI !=

NULL

);

597

::FreeLibrary(hModPSAPI);

605

MEMORY_BASIC_INFORMATION mbi;

607  return

((::VirtualQuery(pv, &mbi,

sizeof

(mbi)) != 0)

608

? (HMODULE) mbi.AllocationBase :

NULL

);

614

HMODULE hmodOriginal,

621

PIMAGE_EXPORT_DIRECTORY pExportDir =

622  static_cast<

PIMAGE_EXPORT_DIRECTORY

> 624

IMAGE_DIRECTORY_ENTRY_EXPORT));

627  if

(pExportDir ==

NULL

) {

632

PSTR pszDllName =

reinterpret_cast<

PSTR

>

(

633  static_cast<uintptr_t>

(pExportDir->Name) +

634  reinterpret_cast<uintptr_t>

(hmodOriginal)

638  DWORD

dwFuncNumber = pExportDir->Base;

640  size_t

dwNumberOfExported = pExportDir->NumberOfFunctions;

642

PDWORD pdwFunctions =

643  reinterpret_cast<

PDWORD

>

(

644  static_cast<uintptr_t>

(pExportDir->AddressOfFunctions) +

645  reinterpret_cast<uintptr_t>

(hmodOriginal));

649  reinterpret_cast<

PWORD

>

(

650  static_cast<uintptr_t>

(pExportDir->AddressOfNameOrdinals) +

651  reinterpret_cast<uintptr_t>

(hmodOriginal));

654

PDWORD pszFuncNames =

655  reinterpret_cast<

PDWORD

>

(

656  static_cast<uintptr_t>

(pExportDir->AddressOfNames) +

657  reinterpret_cast<uintptr_t>

(hmodOriginal));

663  for

(

size_t i

= 0;

i

< dwNumberOfExported; ++

i

, ++pdwFunctions) {

664  DWORD

entryPointRVA = *pdwFunctions;

665  if

(entryPointRVA == 0) {

673  for

(

unsigned

j = 0; j < pExportDir->NumberOfNames; ++j) {

675  if

(pwOrdinals[j] ==

i

) {

676

pszExpFunName =

reinterpret_cast<

PSTR

>

(

677  static_cast<uintptr_t>

(pszFuncNames[j]) +

678  reinterpret_cast<uintptr_t>

(hmodOriginal));

682  if

((pszExpFunName !=

NULL

) &&

683

(

strcmp

(pszExpFunName, pszFuncName) == 0)

699  char

szCalleeModName[MAX_PATH];

700  char

szFuncName[MAX_PATH];

705

{

"Kernel32.dll"

,

"LoadLibraryA"

},

706

{

"Kernel32.dll"

,

"LoadLibraryW"

},

707

{

"Kernel32.dll"

,

"LoadLibraryExA"

},

708

{

"Kernel32.dll"

,

"LoadLibraryExW"

},

709

{

"Kernel32.dll"

,

"GetProcAddress"

}

713 #define NUMBER_OF_MANDATORY_API_FUNCS (sizeof(MANDATORY_API_FUNCS) / \ 714  sizeof(MANDATORY_API_FUNCS[0])) 728

m_ModuleHandle(hModule)

768  if

(pdest !=

NULL

) {

780  if

((pszName !=

NULL

) && (strlen(pszName))) {

781  m_pszName

=

new char

[strlen(pszName) + 1];

785  m_pszName

=

new char

[strlen(

"\0"

) + 1];

809

m_pLibHandler(pLibHandler),

810

m_dwProcessId(dwProcessId)

849

m_pfnEnumProcesses(

NULL

),

850

m_pfnEnumProcessModules(

NULL

),

851

m_pfnGetModuleFileNameExA(

NULL

)

914  DWORD

pidArray[1024];

920

nProcesses = cbNeeded /

sizeof

(

DWORD

);

924  for

(

DWORD i

= 0;

i

< nProcesses;

i

++) {

925

HMODULE hModuleArray[1024];

927  DWORD

pid = pidArray[

i

];

930

hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION |

939

::CloseHandle(hProcess);

947  sizeof

(hModuleArray),

949

::CloseHandle(hProcess);

954

nModules = cbNeeded /

sizeof

(hModuleArray[0]);

956  for

(

DWORD

j = 0; j < nModules; j++) {

957

HMODULE hModule = hModuleArray[j];

958  char

szModuleName[MAX_PATH];

963  sizeof

(szModuleName)

974

pProcess->

AddModule

(pDllModuleInstance);

977

::CloseHandle(hProcess);

993  BOOL

bPopulateModules)

999

HMODULE hModuleArray[1024];

1003

hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION |

1011  sizeof

(hModuleArray),

1014

::CloseHandle(hProcess);

1018

nModules = cbNeeded /

sizeof

(hModuleArray[0]);

1020  for

(

DWORD

j = 0; j < nModules; j++) {

1021

HMODULE hModule = hModuleArray[j];

1022  char

szModuleName[MAX_PATH];

1027  sizeof

(szModuleName)

1038  if

(bPopulateModules) {

1045

::CloseHandle(hProcess);

1071  if

(hInstLib !=

NULL

) {

1077

::GetProcAddress(hInstLib,

"CreateToolhelp32Snapshot"

);

1079

::GetProcAddress(hInstLib,

"Process32First"

);

1081

::GetProcAddress(hInstLib,

"Process32Next"

);

1083

::GetProcAddress(hInstLib,

"Module32First"

);

1085

::GetProcAddress(hInstLib,

"Module32Next"

);

1087

::FreeLibrary( hInstLib );

1116

pProcess->

AddModule

(pDllModuleInstance);

1127

::CloseHandle(hSnapshot);

1167  if

((dwProcessId !=

NULL

) && (dwProcessId != pe32.th32ProcessID)) {

1178  if

(bPopulateModules) {

1182  if

(dwProcessId !=

NULL

) {

1188

::CloseHandle(hSnapshot);

1199

m_pLibHandler(

NULL

)

1219  BOOL

bPopulateModules)

const 1271

m_CalleeModHandle(

NULL

),

1284

GetSystemInfo(&

si

);

1293

PVOID pv = * (PVOID*) &

pb

[1];

1355

PCSTR pszCalleeModName,

1362  if

((pfnCurrent !=

NULL

) && (pfnNew !=

NULL

)) {

1373  if

(pProcess !=

NULL

) {

1406

PCSTR pszCalleeModName,

1414  if

(bHookOrRestore ==

false

) {

1426

PIMAGE_IMPORT_DESCRIPTOR pImportDesc =

1427  static_cast<

PIMAGE_IMPORT_DESCRIPTOR

> 1429

IMAGE_DIRECTORY_ENTRY_IMPORT));

1432  if

(pImportDesc ==

NULL

) {

1441  while

(pImportDesc->Name) {

1442

PSTR pszModName = (PSTR)((PBYTE) hmodCaller + pImportDesc->Name);

1443  if

(

my_stricmp

(pszModName, pszCalleeModName) == 0) {

1450  if

(pImportDesc->Name == 0) {

1462

PIMAGE_THUNK_DATA pThunk =

1463

(PIMAGE_THUNK_DATA)( (PBYTE) hmodCaller + pImportDesc->FirstThunk );

1466  while

(pThunk->u1.Function) {

1468

PROC* ppfn = (PROC*) &pThunk->u1.Function;

1471  BOOL

bFound = (*ppfn == pfnCurrent);

1474

PBYTE pbInFunc = (PBYTE) *ppfn;

1478

ppfn = (PROC*) &pbInFunc[1];

1480

bFound = (*ppfn == pfnCurrent);

1488  if

(::VirtualProtect(ppfn,

1491

&dwOldProtect) ==

FALSE 1501

::VirtualProtect(ppfn,

1509  if

(bHookOrRestore) {

1569  if

(::IsBadReadPtr(pszFullFileName, MAX_PATH) !=

TRUE

) {

1574

pdest = strrchr(pszFullFileName, ch);

1576

strcpy(pszFullFileName, &pdest[1]);

1586

HMODULE hmodOriginal,

1587  DWORD

dwFuncOrdinalNum,

1593

strcpy(pszFuncName,

"\0"

);

1596

PIMAGE_EXPORT_DIRECTORY pExportDir =

1597  static_cast<

PIMAGE_EXPORT_DIRECTORY

> 1599

IMAGE_DIRECTORY_ENTRY_EXPORT));

1602  if

(pExportDir ==

NULL

) {

1607

PSTR pszDllName =

reinterpret_cast<

PSTR

>

(

1608  static_cast<uintptr_t>

(pExportDir->Name) +

1609  reinterpret_cast<uintptr_t>

(hmodOriginal)

1613  DWORD

dwFuncNumber = pExportDir->Base;

1615  size_t

dwNumberOfExported = pExportDir->NumberOfFunctions;

1617

PDWORD pdwFunctions =

1618  reinterpret_cast<

PDWORD

>

(

1619  static_cast<uintptr_t>

(pExportDir->AddressOfFunctions) +

1620  reinterpret_cast<uintptr_t>

(hmodOriginal));

1623  reinterpret_cast<

PWORD

>

(

1624  static_cast<uintptr_t>

(pExportDir->AddressOfNameOrdinals) +

1625  reinterpret_cast<uintptr_t>

(hmodOriginal));

1627

PDWORD pszFuncNames =

1628  reinterpret_cast<

PDWORD

>

(

1629  static_cast<uintptr_t>

(pExportDir->AddressOfNames) +

1630  reinterpret_cast<uintptr_t>

(hmodOriginal));

1636  for

(

size_t i

= 0;

i

< dwNumberOfExported; ++

i

, ++pdwFunctions) {

1637  DWORD

entryPointRVA = *pdwFunctions;

1638  if

(entryPointRVA == 0) {

1646  for

(

unsigned

j = 0; j < pExportDir->NumberOfNames; ++j) {

1648  if

(pwOrdinals[j] ==

i

) {

1649

pszExpFunName =

reinterpret_cast<

PSTR

>

(

1650  static_cast<uintptr_t>

(pszFuncNames[j]) +

1651  reinterpret_cast<uintptr_t>

(hmodOriginal));

1655  if

(dwFuncOrdinalNum == pwOrdinals[j] + 1) {

1656  if

((pszExpFunName !=

NULL

) && (strlen(pszExpFunName) > 0)) {

1657

strcpy(pszFuncName, pszExpFunName);

1671

PCSTR pszCalleeModName,

1672  DWORD

dwFuncOrdinalNum,

1676

HMODULE hmodOriginal = ::GetModuleHandleA(pszCalleeModName);

1687

HMODULE hmodOriginal,

1688  DWORD

dwFuncOrdinalNum,

1703

PCSTR pszFuncName)

const 1706  char

szFuncName[MAX_PATH];

1710  if

((pszFuncName) &&

1711

(

reinterpret_cast<uintptr_t>

(pszFuncName) > 0xFFFF) &&

1712

strlen(pszFuncName)) {

1713

strcpy(szFuncName, pszFuncName);

1720  static_cast<DWORD>

(

1721  reinterpret_cast<uintptr_t>

(pszFuncName)),

1728  if

(strlen(szFuncName) > 0) {

1738  if

(fn_it != fn_list.

end

()) {

1739

pHook = fn_it->second;

1750

PCSTR pszFuncName)

const 1753  char

szFuncName[MAX_PATH];

1757  if

((pszFuncName) &&

1758

(

reinterpret_cast<uintptr_t>

(pszFuncName) > 0xFFFF) &&

1759

strlen(pszFuncName)) {

1760

strcpy(szFuncName, pszFuncName);

1767  static_cast<DWORD>

(

1768  reinterpret_cast<uintptr_t>

(pszFuncName)),

1775  if

(strlen(szFuncName) > 0) {

1787  if

(fn_it != fn_list.

end

()) {

1788

pHook = fn_it->second;

1800  if

(pHook !=

NULL

) {

1803  m_ModuleList

[pHook->GetCalleeModHandle()][pHook->GetFuncName()] =

1815  if

(pHook !=

NULL

) {

1823

fn_list.

find

(pHook->GetFuncName());

1825  if

(fn_it != fn_list.

end

()) {

1826

fn_list.

erase

(fn_it);

1837

fn_list.

find

(pHook->GetFuncName());

1839  if

(fn_it != fn_list.

end

()) {

1841

fn_list.

erase

(fn_it);

1857

m_bSystemFuncsHooked(

FALSE

)

1861  static bool

enabled_from_registry =

true

;

1870

enabled_from_registry =

false

;

1873  "Windows API hooking is disabled from registry."

);

1876

enabled_from_registry =

true

;

1878

}

else if

(!enabled_from_registry) {

1881  "Windows API hooking is disabled from registry."

);

1905  return

(instance.

Get

());

1919  if

(bResult ==

FALSE

) {

1921

<<

"LoadLibraryA is not hooked in " 1933  if

(bResult ==

FALSE

) {

1935

<<

"LoadLibraryW is not hooked in " 1947  if

(bResult ==

FALSE

) {

1949

<<

"LoadLibraryExA is not hooked in " 1961  if

(bResult ==

FALSE

) {

1963

<<

"LoadLibraryExW is not hooked in " 1975  if

(bResult ==

FALSE

) {

1977

<<

"GetProcAddress is not hooked in" 2024

PROC pfnOrig =

NULL

;

2032

::GetModuleHandleA(pszCalleeModName),

2038  if

(pfnOrig ==

NULL

) {

2041  if

(

NULL

!= hmod) {

2043

::GetModuleHandleA(pszCalleeModName),

2049  if

(pfnOrig !=

NULL

) {

2104

<<

" is not hooked in " 2126  if

(pHook !=

NULL

) {

2127

bResult = pHook->UnHookImport();

2141  if

((hmod !=

NULL

) && ((dwFlags & LOAD_LIBRARY_AS_DATAFILE) == 0))

2161

pHook->ReplaceInOneModule(

2163

pHook->GetCalleeModName(),

2164

pHook->GetPfnOrig(),

2165

pHook->GetPfnHook(),

2175

HMODULE hmod =

NULL

;

2189

HMODULE hmod =

NULL

;

2205

HMODULE hmod =

NULL

;

2223

HMODULE hmod =

NULL

;

2240

FARPROC pfn =

NULL

;

2249  if

(pFuncHook !=

NULL

) {

2252

pfn = pFuncHook->GetPfnHook();

2275

m_ModDbghelp(

NULL

),

2276

m_ImageDirectoryEntryToData(

NULL

)

2284  "ImageDirectoryEntryToData" 2289  "Dbghelp.dll does not have " 2290  "ImageDirectoryEntryToData symbol"

);

2295  "Dbghelp.dll not found"

);

2303

::FreeLibrary(m_ModDbghelp);

2314  return

(instance.

Get

());

2349

<<

"ExitProcess is not hooked in " 2370  return

instance.

Get

();

2380

TRegistry::iterator it = find(

2401

TRegistry::iterator it = find(

2439  for

(; *left != 0 && *right != 0; ++left, ++right) {

2442  if

(cl >=

'A'

&& cl <=

'Z'

)

2444  if

(cr >=

'A'

&& cr <=

'Z'

)

2464 #pragma warning( pop )

static CNcbiApplication * Instance(void)

Singleton method.

Helper class for object allocation/deallocation.

T & Get(void)

Create the variable if not created yet, return the reference.

~CExeModuleInstance(void)

CExeModuleInstance(CLibHandler *pLibHandler, char *pszName, HMODULE hModule, DWORD dwProcessId)

size_t GetModuleCount(void) const

CModuleInstance * GetModuleByIndex(size_t dwIndex) const

DWORD GetProcessId(void) const

Returns process id.

BOOL PopulateModules(void)

CLibHandler * m_pLibHandler

PROC GetPfnHook(void) const

PROC GetPfnOrig(void) const

BOOL IsMandatory(void)

Indicates whether the hooked function is mandatory one.

HMODULE GetCalleeModHandle(void) const

set< HMODULE > TModuleSet

CHookedFunction(PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnOrig, PROC pfnHook)

char m_szCalleeModName[MAX_PATH]

PCSTR GetCalleeModName(void) const

BOOL ReplaceInOneModule(bool bHookOrRestore, PCSTR pszCalleeModName, PROC pfnCurrent, PROC pfnNew, HMODULE hmodCaller)

Replace the address of the function in the IAT of a specific module.

TModuleSet m_HookedModuleSet

Set of hoocked modules.

char m_szFuncName[MAX_PATH]

BOOL HookImport(void)

Set up a new hook function.

BOOL ReplaceInAllModules(bool bHookOrRestore, PCSTR pszCalleeModName, PROC pfnCurrent, PROC pfnNew)

Replace the address of a imported function entry in all modules.

static PVOID sm_pvMaxAppAddr

Maximum private memory address.

PCSTR GetFuncName(void) const

BOOL UnHookImport(void)

Restore the original API handler.

BOOL DoHook(bool bHookOrRestore, PROC pfnCurrent, PROC pfnNew)

Perform actual replacing of function pointers.

HMODULE m_CalleeModHandle

static HMODULE WINAPI LoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

static HMODULE WINAPI LoadLibraryA(LPCSTR lpLibFileName)

static FLoadLibraryExA sm_FLoadLibraryExA

unsigned long long m_ImageEnd

static FLoadLibraryW sm_FLoadLibraryW

static HMODULE WINAPI LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

static HMODULE WINAPI LoadLibraryW(LPCWSTR lpLibFileName)

static FLoadLibraryExW sm_FLoadLibraryExW

DWORD GetRVAFromExportSection(HMODULE hmodOriginal, PCSTR pszFuncName)

static FExitProcess sm_FExitProcess

static FARPROC WINAPI GetProcAddress(HMODULE hModule, LPCSTR lpProcName)

static FGetProcAddress sm_FGetProcAddress

static VOID WINAPI ExitProcess(UINT uExitCode)

unsigned long long m_ImageStart

PIMAGE_NT_HEADERS m_nt_header

bool IsPatched(const void *addr)

static FLoadLibraryA sm_FLoadLibraryA

unique_ptr< CExeModuleInstance > m_pProcess

virtual BOOL PopulateModules(CModuleInstance *pProcess)=0

CExeModuleInstance * GetExeModuleInstance(void) const

virtual BOOL PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules)=0

virtual ~CLibHandler(void)

char * GetBaseName(void) const

Returns only the filename of the executable file for the process or DLL.

char * GetName(void) const

Returns Full path and filename of the executable file for the process or DLL.

HMODULE GetHandle(void) const

Returns module handle.

TInternalList m_pInternalList

void SetName(char *pszName)

Sets Full path and filename of the executable file for the process or DLL.

void ReleaseModules(void)

void AddModule(CModuleInstance *pModuleInstance)

CModuleInstance(char *pszName, HMODULE hModule)

void SetHandle(HMODULE handle)

vector< CModuleInstance * > TInternalList

static CPEi386 & GetInstance(void)

PVOID(WINAPI * FImageDirectoryEntryToData)(PVOID Base, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size)

FImageDirectoryEntryToData m_ImageDirectoryEntryToData

PVOID GetIAT(HMODULE base, int section) const

virtual ~CPsapiHandler(void)

FGetModuleFileNameExA m_pfnGetModuleFileNameExA

FEnumProcesses m_pfnEnumProcesses

virtual BOOL PopulateModules(CModuleInstance *pProcess)

virtual BOOL PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules)

FEnumProcessModules m_pfnEnumProcessModules

The taskManager dynamically decides whether to use ToolHelp library or PSAPI This is a proxy class to...

CExeModuleInstance * GetProcess(void) const

CLibHandler * m_pLibHandler

BOOL PopulateProcess(DWORD dwProcessId, BOOL bPopulateModules) const

container_type::const_iterator const_iterator

container_type::iterator iterator

const_iterator end() const

const_iterator find(const key_type &key) const

iterator_bool insert(const value_type &val)

const_iterator find(const key_type &key) const

const_iterator end() const

parent_type::const_iterator const_iterator

static const char si[8][64]

struct parameters_t * pb[]

const CNcbiRegistry & GetConfig(void) const

Get the application's cached configuration parameters (read-only).

#define ITERATE(Type, Var, Cont)

ITERATE macro to sequence through container elements.

@ eRetriable_No

It makes no sense to retry the action.

#define NCBI_CURRENT_FUNCTION

Get current function name.

#define ERR_POST_X(err_subcode, message)

Error posting with default error code and given error subcode.

#define NCBI_CATCH_ALL_X(err_subcode, message)

#define NCBI_THROW(exception_class, err_code, message)

Generic macro to throw an exception, given the exception class, error code and message string.

void Warning(CExceptionArgs_Base &args)

TErrCode GetErrCode(void) const

virtual const char * GetErrCodeString(void) const

Get error code interpreted as text.

virtual bool GetBool(const string &section, const string &name, bool default_value, TFlags flags=0, EErrAction err_action=eThrow) const

Get boolean value of specified parameter name.

#define END_NCBI_SCOPE

End previously defined NCBI scope.

#define BEGIN_NCBI_SCOPE

Define ncbi namespace.

BOOL UnHookImport(PCSTR pszCalleeModName, PCSTR pszFuncName)

Restore hooked up API function.

void WINAPI HackModuleOnLoad(HMODULE hmod, DWORD dwFlags)

Used when a DLL is newly loaded after hooking a function.

BOOL m_bSystemFuncsHooked

Determines whether all system functions has been successfuly hacked.

void UnHookAllFuncs(void)

void operator=(const CApiHookMgr &)

int my_stricmp(const char *left, const char *right)

vector< TFunct > TRegistry

static FARPROC WINAPI xs_GetProcAddressWindows(HMODULE hmod, PCSTR pszProcName)

Returns original address of the API function.

CHookedFunctions m_pHookedFunctions

Container keeps track of all hacked functions.

virtual const char * GetErrCodeString(void) const

Translate from the error code value to its string representation.

void x_GetFunctionNameByOrdinal(PCSTR pszCalleeModName, DWORD dwFuncOrdinalNum, PSTR pszFuncName) const

Return the name of the function by its ordinal value.

CRef< CHookedFunction > GetHookedFunction(HMODULE hmod, PCSTR pszFuncName) const

Return the address of an CHookedFunction object Protected version.

BOOL HookImport(PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnHook)

Hook up an API.

static HMODULE WINAPI MyLoadLibraryExW(PCWSTR pszModuleName, HANDLE hFile, DWORD dwFlags)

Used to trap events when DLLs are loaded.

bool HaveHookedFunctions(void) const

Indicates whether there is hooked function.

static HMODULE WINAPI MyLoadLibraryW(PCWSTR pszModuleName)

Used to trap events when DLLs are loaded.

static COnExitProcess & Instance(void)

static FARPROC WINAPI MyGetProcAddress(HMODULE hmod, PCSTR pszProcName)

Returns address of replacement function if hooked function is requested.

void x_UnHookAllFuncs(void)

Unhook all functions and restore original ones.

void Remove(TFunct funct)

TModuleNameList m_ModuleNameList

CRef< CHookedFunction > GetHookedFunction(PCSTR pszCalleeModName, PCSTR pszFuncName) const

Return the address of an CHookedFunction object.

static HMODULE WINAPI MyLoadLibraryExA(PCSTR pszModuleName, HANDLE hFile, DWORD dwFlags)

Used to trap events when DLLs are loaded.

BOOL RemoveHook(const CRef< CHookedFunction > pHook)

Remove exising object pointer from the container.

BOOL x_RemoveHook(PCSTR pszCalleeModName, PCSTR pszFuncName)

Remove intercepted function from the container.

BOOL x_GetFunctionNameFromExportSection(HMODULE hmodOriginal, DWORD dwFuncOrdinalNum, PSTR pszFuncName) const

Return the name of the function from EAT by its ordinal value.

bool HaveHookedFunctions(void) const

BOOL x_HookSystemFuncs(void)

Hook all needed system functions in order to trap loading libraries.

static void WINAPI xs_ExitProcess(UINT uExitCode)

static CApiHookMgr & GetInstance(void)

static HMODULE WINAPI MyLoadLibraryA(PCSTR pszModuleName)

Used to trap events when DLLs are loaded.

BOOL AddHook(const CRef< CHookedFunction > pHook)

Add a new object to the container.

BOOL x_AddHook(PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnOrig, PROC pfnHook)

Add a newly intercepted function to the container.

#define INVALID_HANDLE_VALUE

A value for an invalid file handle.

#define HANDLE

An abstraction for a file handle.

Definition of all error codes used in dbapi libraries (dbapi_driver.lib and others).

static BOOL ExtractModuleFileName(char *pszFullFileName)

BOOL(WINAPI * FProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)

static HMODULE ModuleFromAddress(PVOID pv)

BOOL(WINAPI * FModule32Next)(HANDLE hSnapshot, LPMODULEENTRY32_A lpme)

HMODULE(WINAPI * FLoadLibraryExA)(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

HANDLE(WINAPI * FCreateToolHelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID)

static FLoadLibraryA g_LoadLibraryA

BOOL(WINAPI * FEnumProcessModules)(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded)

HMODULE(WINAPI * FLoadLibraryA)(LPCSTR lpLibFileName)

BOOL(WINAPI * FProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)

static FGetProcAddress g_FGetProcAddress

HMODULE(WINAPI * FLoadLibraryW)(LPCWSTR lpLibFileName)

VOID(WINAPI * FExitProcess)(UINT uExitCode)

BOOL(WINAPI * FEnumProcesses)(DWORD *lpidProcess, DWORD cb, DWORD *cbNeeded)

static BOOL IsToolHelpSupported(void)

static BOOL IsPsapiSupported(void)

DWORD(WINAPI * FGetModuleFileNameExA)(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize)

BOOL(WINAPI * FModule32First)(HANDLE hSnapshot, LPMODULEENTRY32_A lpme)

HMODULE(WINAPI * FLoadLibraryExW)(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

FARPROC(WINAPI * FGetProcAddress)(HMODULE hModule, LPCSTR lpProcName)

const API_FUNC_ID MANDATORY_API_FUNCS[]

int strcmp(const char *str1, const char *str2)

#define TH32CS_SNAPMODULE

#define TRUE

bool replacment for C indicating true.

#define FALSE

bool replacment for C indicating false.

struct tagPROCESSENTRY32 PROCESSENTRY32_A

MODULEENTRY32_A * LPMODULEENTRY32_A

PROCESSENTRY32_A * LPPROCESSENTRY32_A

#define NUMBER_OF_MANDATORY_API_FUNCS

MODULEENTRY32_A * PMODULEENTRY32_A

PROCESSENTRY32_A * PPROCESSENTRY32_A

Defines the CNcbiApplication and CAppException classes for creating NCBI applications.

char szFuncName[MAX_PATH]

char szCalleeModName[MAX_PATH]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4