////////////////////////////////////////////////////////////////////////////// // // Module: detours.lib // File: detours.h // Author: Galen Hunt // // Detours for binary functions. Version 1.2. (Build 35) // // Copyright 1995-1999, Microsoft Corporation // // http://research.microsoft.com/sn/detours // #pragma once #ifndef _DETOURS_H_ #define _DETOURS_H_ #pragma comment(lib, "detours") ////////////////////////////////////////////////////////////////////////////// // #ifndef GUID_DEFINED #define GUID_DEFINED typedef struct _GUID { DWORD Data1; WORD Data2; WORD Data3; BYTE Data4[ 8 ]; } GUID; #endif // !GUID_DEFINED #if defined(__cplusplus) #ifndef _REFGUID_DEFINED #define _REFGUID_DEFINED #define REFGUID const GUID & #endif // !_REFGUID_DEFINED #else // !__cplusplus #ifndef _REFGUID_DEFINED #define _REFGUID_DEFINED #define REFGUID const GUID * const #endif // !_REFGUID_DEFINED #endif // !__cplusplus // ////////////////////////////////////////////////////////////////////////////// #ifdef __cplusplus extern "C" { #endif // __cplusplus /////////////////////////////////////////////////////////// Trampoline Macros. // // DETOUR_TRAMPOLINE(trampoline_prototype, target_name) // // The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes. // enum { DETOUR_TRAMPOLINE_SIZE = 32, DETOUR_SECTION_HEADER_SIGNATURE = 0x00727444, // "Dtr\0" }; #define DETOUR_TRAMPOLINE(trampoline,target) \ static PVOID __fastcall _Detours_GetVA_##target(VOID) \ { \ return ⌖ \ } \ \ __declspec(naked) trampoline \ { \ __asm { nop };\ __asm { nop };\ __asm { call _Detours_GetVA_##target };\ __asm { jmp eax };\ __asm { ret };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ } #define DETOUR_TRAMPOLINE_WO_TARGET(trampoline) \ __declspec(naked) trampoline \ { \ __asm { nop };\ __asm { nop };\ __asm { xor eax, eax };\ __asm { mov eax, [eax] };\ __asm { ret };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ __asm { nop };\ } /////////////////////////////////////////////////// Instruction Target Macros. // #define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE)0) #define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul) /////////////////////////////////////////////////////////// Binary Structures. // #pragma pack(push, 8) typedef struct _DETOUR_SECTION_HEADER { DWORD cbHeaderSize; DWORD nSignature; DWORD nDataOffset; DWORD cbDataSize; DWORD nOriginalImportVirtualAddress; DWORD nOriginalImportSize; DWORD nOriginalBoundImportVirtualAddress; DWORD nOriginalBoundImportSize; DWORD nOriginalIatVirtualAddress; DWORD nOriginalIatSize; DWORD nOriginalSizeOfImage; DWORD nReserve; } DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER; typedef struct _DETOUR_SECTION_RECORD { DWORD cbBytes; DWORD nReserved; GUID guid; } DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD; #pragma pack(pop) #define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \ { \ sizeof(DETOUR_SECTION_HEADER),\ DETOUR_SECTION_HEADER_SIGNATURE,\ sizeof(DETOUR_SECTION_HEADER),\ (cbSectionSize),\ \ 0,\ 0,\ 0,\ 0,\ \ 0,\ 0,\ 0,\ 0,\ } ///////////////////////////////////////////////////////////// Binary Typedefs. // typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext, PCHAR pszFile, PCHAR *ppszOutFile); typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext, PCHAR pszOrigFile, PCHAR pszFile, PCHAR *ppszOutFile); typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext, DWORD nOrdinal, PCHAR pszOrigSymbol, PCHAR pszSymbol, PCHAR *ppszOutSymbol); typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FINAL_CALLBACK)(PVOID pContext); typedef BOOL (CALLBACK *PF_DETOUR_BINARY_EXPORT_CALLBACK)(PVOID pContext, DWORD nOrdinal, PCHAR pszName, PBYTE pbCode); typedef VOID * PDETOUR_BINARY; typedef VOID * PDETOUR_LOADED_BINARY; //////////////////////////////////////////////////////// Trampoline Functions. // PBYTE WINAPI DetourFunction(PBYTE pbTargetFunction, PBYTE pbDetourFunction); BOOL WINAPI DetourFunctionWithEmptyTrampoline(PBYTE pbTrampoline, PBYTE pbTarget, PBYTE pbDetour); BOOL WINAPI DetourFunctionWithEmptyTrampolineEx(PBYTE pbTrampoline, PBYTE pbTarget, PBYTE pbDetour, PBYTE *ppbRealTrampoline, PBYTE *ppbRealTarget, PBYTE *ppbRealDetour); BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline, PBYTE pbDetour); BOOL WINAPI DetourFunctionWithTrampolineEx(PBYTE pbTrampoline, PBYTE pbDetour, PBYTE *ppbRealTrampoline, PBYTE *ppbRealTarget); BOOL WINAPI DetourRemoveWithTrampoline(PBYTE pbTrampoline, PBYTE pbDetour); PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction); PBYTE WINAPI DetourFindFinalCode(PBYTE pbCode); PBYTE WINAPI DetourCopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget); PBYTE WINAPI DetourCopyInstructionEx(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget, LONG *plExtra); ///////////////////////////////////////////////////// Loaded Binary Functions. // HINSTANCE WINAPI DetourEnumerateInstances(HINSTANCE hinstLast); PBYTE WINAPI DetourFindEntryPointForInstance(HINSTANCE hInst); BOOL WINAPI DetourEnumerateExportsForInstance(HINSTANCE hInst, PVOID pContext, PF_DETOUR_BINARY_EXPORT_CALLBACK pfExport); PDETOUR_LOADED_BINARY WINAPI DetourBinaryFromInstance(HINSTANCE hInst); PBYTE WINAPI DetourFindPayloadInBinary(PDETOUR_LOADED_BINARY pBinary, REFGUID rguid, DWORD *pcbData); DWORD WINAPI DetourGetSizeOfBinary(PDETOUR_LOADED_BINARY pBinary); ///////////////////////////////////////////////// Persistent Binary Functions. // BOOL WINAPI DetourBinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath); BOOL WINAPI DetourBinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath); #ifdef UNICODE #define DetourBinaryBind DetourBinaryBindW #else #define DetourBinaryBind DetourBinaryBindA #endif // !UNICODE PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile); PBYTE WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary, GUID *pGuid, DWORD *pcbData, DWORD *pnIterator); PBYTE WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary, REFGUID rguid, DWORD *pcbData); PBYTE WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary, REFGUID rguid, PBYTE pbData, DWORD cbData); BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid); BOOL WINAPI DetourBinaryPurgePayload(PDETOUR_BINARY pBinary); BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary); BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary, PVOID pContext, PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway, PF_DETOUR_BINARY_FILE_CALLBACK pfFile, PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol, PF_DETOUR_BINARY_FINAL_CALLBACK pfFinal); BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile); BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary); ///////////////////////////////////////// Symbolic Debug Information Creation. // enum { DETOUR_SYNTH_HEADERSIZE = 512, }; typedef VOID * PDETOUR_SYNTH; PDETOUR_SYNTH WINAPI DetourSynthCreate(); PDETOUR_SYNTH WINAPI DetourSynthCreatePseudoFile(PCHAR pszBinPath, PVOID pvBase); BOOL WINAPI DetourSynthAddSymbol(PDETOUR_SYNTH pSynth, PVOID pvSymbol, PCSTR pszSymbol); BOOL WINAPI DetourSynthAddSource(PDETOUR_SYNTH pSynth, PVOID pvSource, DWORD cbSource, PCSTR pszFile, DWORD nLine); BOOL WINAPI DetourSynthAddOpcode(PDETOUR_SYNTH pSynth, PVOID pvCode, DWORD cbCode); BOOL WINAPI DetourSynthWriteToFile(PDETOUR_SYNTH pSynth, HANDLE hFile, WORD Machine, WORD Characteristics, DWORD TimeDateStamp, DWORD CheckSum, DWORD ImageBase, DWORD SizeOfImage, DWORD SectionAlignment, PIMAGE_SECTION_HEADER pSections, DWORD nSections); DWORD WINAPI DetourSynthAppendToFile(PDETOUR_SYNTH pBinary, HANDLE hFile, DWORD ImageBase, PIMAGE_SECTION_HEADER pSections, DWORD nSections, PIMAGE_DEBUG_DIRECTORY pDir); BOOL WINAPI DetourSynthFlushPseudoFile(PDETOUR_SYNTH pSynth); BOOL WINAPI DetourSynthClose(PDETOUR_SYNTH pSynth); DWORD WINAPI DetourSynthLoadMissingSymbols(VOID); VOID WINAPI DetourSynthNotifyDebuggerOfLoad(PBYTE pbData, PCSTR pszDllPath); /////////////////////////////////////////////// First Chance Exception Filter. // LPTOP_LEVEL_EXCEPTION_FILTER WINAPI DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter); ///////////////////////////////////////////////// Create Process & Inject Dll. // typedef BOOL (WINAPI *PCREATE_PROCESS_ROUTINEA) (LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); typedef BOOL (WINAPI *PCREATE_PROCESS_ROUTINEW) (LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation, LPCSTR lpDllName, PCREATE_PROCESS_ROUTINEA pfCreateProcessA); BOOL WINAPI CreateProcessWithDllW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation, LPCWSTR lpDllName, PCREATE_PROCESS_ROUTINEW pfCreateProcessW); #ifdef UNICODE #define CreateProcessWithDll CreateProcessWithDllW #define PCREATE_PROCESS_ROUTINE PCREATE_PROCESS_ROUTINEW #else #define CreateProcessWithDll CreateProcessWithDllA #define PCREATE_PROCESS_ROUTINE PCREATE_PROCESS_ROUTINEA #endif // !UNICODE BOOL WINAPI ContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName); BOOL WINAPI ContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName); #ifdef UNICODE #define ContinueProcessWithDll ContinueProcessWithDllW #else #define ContinueProcessWithDll ContinueProcessWithDllA #endif // !UNICODE // ////////////////////////////////////////////////////////////////////////////// #ifdef __cplusplus } #endif // __cplusplus #endif // _DETOURS_H_ //////////////////////////////////////////////////////////////// End of File.