Vutils

vic4key · Nov 6, 2023 · 54c7da0 · 54c7da0
1 parent 8b509d2
commit 54c7da0
Show file tree

Hide file tree

Showing 4 changed files with 139 additions and 119 deletions.
diff --git a/Test/Sample.IATHooking.h b/Test/Sample.IATHooking.h
@@ -22,14 +22,18 @@ int WINAPI HfnMessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uTy
 
 DEF_SAMPLE(IATHooking)
 {
-  VU_API_IAT_OVERRIDE(Test.exe, user32.dll, MessageBoxA);
-  VU_API_IAT_OVERRIDE(Test.exe, user32.dll, MessageBoxW);
+  vu::Process process;
+  process.attach(GetCurrentProcess());
+  auto process_name = process.name();
+
+  vu::IATHooking::instance().install(process_name, ts("user32.dll"), ts("MessageBoxA"), HfnMessageBoxA, (void**)&pfnMessageBoxA);
+  vu::IATHooking::instance().install(process_name, ts("user32.dll"), ts("MessageBoxW"), HfnMessageBoxW, (void**)&pfnMessageBoxW);
 
   MessageBoxA(vu::get_console_window(), "The first message.", "A", MB_OK);
   MessageBoxW(vu::get_console_window(), L"The first message.", L"W", MB_OK);
 
-  VU_API_IAT_RESTORE(Test.exe, user32.dll, MessageBoxA);
-  VU_API_IAT_RESTORE(Test.exe, user32.dll, MessageBoxW);
+  vu::IATHooking::instance().uninstall(process_name, ts("user32.dll"), ts("MessageBoxA"), (void**)&pfnMessageBoxA);
+  vu::IATHooking::instance().uninstall(process_name, ts("user32.dll"), ts("MessageBoxW"), (void**)&pfnMessageBoxW);
 
   MessageBoxA(vu::get_console_window(),  "The second message.",  "A", MB_OK);
   MessageBoxW(vu::get_console_window(), L"The second message.", L"W", MB_OK);

diff --git a/Test/Sample.INLHooking.h b/Test/Sample.INLHooking.h
@@ -17,16 +17,16 @@ DEF_SAMPLE(INLHooking)
 {
   vu::INLHooking inl[2];
 
-  VU_API_INL_OVERRIDE(inl[0], user32.dll, MessageBoxA);
-  VU_API_INL_OVERRIDE(inl[1], user32.dll, MessageBoxW);
+  inl[0].install(ts("user32.dll"), ts("MessageBoxA"), HfnMessageBoxA, (void**)&pfnMessageBoxA);
+  inl[1].install(ts("user32.dll"), ts("MessageBoxW"), HfnMessageBoxW, (void**)&pfnMessageBoxW);
 
   MessageBoxA(vu::get_console_window(),  "The first message.",  "A", MB_OK);
   MessageBoxW(vu::get_console_window(), L"The first message.", L"W", MB_OK);
 
-  VU_API_INL_RESTORE(inl[0], user32.dll, MessageBoxA);
-  VU_API_INL_RESTORE(inl[1], user32.dll, MessageBoxW);
+  inl[0].uninstall(ts("user32.dll"), ts("MessageBoxA"), (void**)&pfnMessageBoxA);
+  inl[1].uninstall(ts("user32.dll"), ts("MessageBoxW"), (void**)&pfnMessageBoxW);
 
-  MessageBoxA(vu::get_console_window(), "The second message.", "A", MB_OK);
+  MessageBoxA(vu::get_console_window(),  "The second message.", "A", MB_OK);
   MessageBoxW(vu::get_console_window(), L"The second message.", L"W", MB_OK);
 
   return vu::VU_OK;

diff --git a/include/Vutils.h b/include/Vutils.h
@@ -1436,18 +1436,6 @@ class AsyncSocket : public LastError
  * API Hooking - Inline
  */
 
- /**
- * @brief Hook/Unhook a function in a module by name.
- * @define The prefix of redirection function must be  : Hfn
- * @define The prefix of real function pointer must be : pfn
- * @param[in] O The INLHooking instance.
- * @param[in] M The module name.
- * @param[in] F The function name.
- * @return  true if the function succeeds. Otherwise false.
- */
-#define VU_API_INL_OVERRIDE(O, M, F) O.install(ts( # M ),  ts( # F ), (void*)&Hfn ## F, (void**)&pfn ## F)
-#define VU_API_INL_RESTORE(O, M, F) O.uninstall(ts( # M ), ts( # F ), (void**)&pfn ## F)
-
 enum class memory_address_type
 {
   MAT_NONE = 0,
@@ -1551,39 +1539,53 @@ class INLHookingW: public INLHookingX
  * API Hooking - IAT
  */
 
-#define VU_API_IAT_OVERRIDE(O, M, F)\
-  vu::IATHooking::instance().install(\
-    _T( # O ), _T( # M ), _T( # F ),\
-    (const void*)(reinterpret_cast<void*>(&Hfn ## F)),\
-    (const void**)(reinterpret_cast<void**>(&pfn ## F)))
-
-#define VU_API_IAT_RESTORE(O, M, F)\
-  vu::IATHooking::instance().uninstall(\
-    _T( # O ), _T( # M ), _T( # F ))
-
-struct IATElement;
-
 class IATHookingA : public SingletonT<IATHookingA>
 {
 public:
+  struct Entry
+  {
+    std::string target;
+    std::string module;
+    std::string function;
+    void* original;
+    void* replacement;
+
+    Entry();
+    Entry(
+      const std::string& t, const std::string& m, const std::string& f,
+      void* o = nullptr, void* r = nullptr);
+
+    Entry(const Entry& right);
+    const Entry& operator=(const Entry& right);
+    bool operator==(const Entry& right) const;
+    bool operator!=(const Entry& right) const;
+  };
+
   IATHookingA();
   virtual ~IATHookingA();
 
   VUResult install(
     const std::string& target,
     const std::string& module,
     const std::string& function,
-    const void* replacement = nullptr,
-    const void** original = nullptr
+    void* replacement = nullptr,
+    void** original = nullptr
   );
 
   VUResult uninstall(
     const std::string& target,
     const std::string& module,
     const std::string& function,
-    const void** replacement = nullptr
+    void** replacement = nullptr
   );
 
+  bool exist(
+    const std::string& target,
+    const std::string& module,
+    const std::string& function,
+    Entry* ptr_entry = nullptr);
+
+private:
   /**
    * Iterate all imported-functions in a module.
    * @param[out] module   The imported-module name.
@@ -1598,31 +1600,20 @@ class IATHookingA : public SingletonT<IATHookingA>
     PIMAGE_THUNK_DATA& ptr_iat,
     PIMAGE_THUNK_DATA& ptr_int)> fn);
 
-private:
   enum iat_action
   {
     IAT_INSTALL,
     IAT_UNINSTALL,
   };
 
-  typedef std::vector<IATElement> IATElements;
+  typedef std::vector<Entry> EntryList;
 
-  IATElements m_iat_elements;
+  EntryList m_iat_entry_list;
 
 private:
-  IATElements::iterator find(const IATElement& element);
-
-  IATElements::iterator find(
-    const std::string& target,
-    const std::string& module,
-    const std::string& function);
-
-  bool exist(
-    const std::string& target,
-    const std::string& module,
-    const std::string& function);
-
-  VUResult perform(const iat_action action, IATElement& element);
+  VUResult perform(const iat_action action, Entry& entry);
+  EntryList::iterator find(const Entry& entry);
+  EntryList::iterator find(const std::string& target, const std::string& module, const std::string& function);
 };
 
 class IATHookingW : public SingletonT<IATHookingW>
@@ -1635,15 +1626,15 @@ class IATHookingW : public SingletonT<IATHookingW>
     const std::wstring& target,
     const std::wstring& module,
     const std::wstring& function,
-    const void* replacement = nullptr,
-    const void** original = nullptr
+    void* replacement,
+    void** original
   );
 
   VUResult uninstall(
     const std::wstring& target,
     const std::wstring& module,
     const std::wstring& function,
-    const void** replacement = nullptr
+    void** replacement
   );
 };