diff --git a/sifilemgr.c b/sifilemgr.c
index ebdad57..45d9bb1 100644
--- a/sifilemgr.c
+++ b/sifilemgr.c
@@ -109,7 +109,7 @@ int FindU8FlagFromLink(char* title)
{
char filename[256];
GetFilenameFromPath(cur->fileinfo.orgfile, filename);
- if(strcasecmp(filename, Trim(title)) == 0)
+ if(_stricmp(filename, Trim(title)) == 0)
{
count++;
last = cur;
diff --git a/siloaderex/loaderex.cpp b/siloaderex/loaderex.cpp
index bfbd614..d6051ef 100644
--- a/siloaderex/loaderex.cpp
+++ b/siloaderex/loaderex.cpp
@@ -14,6 +14,7 @@ CHAR szDllPath[1024];
CHAR szCommand[2048];
CHAR szPath[1024];
+#define HOOK_DLL "loaderdll.dll"
//////////////////////////////////////////////////////////////////////////////
//
static BOOL CALLBACK ListBywayCallback(PVOID pContext,
@@ -48,7 +49,7 @@ static BOOL CALLBACK AddBywayCallback(PVOID pContext,
PBOOL pbAddedDll = (PBOOL)pContext;
if (!pszFile && !*pbAddedDll) { // Add new byway.
*pbAddedDll = TRUE;
- *ppszOutFile = szDllPath;
+ *ppszOutFile = HOOK_DLL;
}
return TRUE;
}
diff --git a/siutf8.c b/siutf8.c
index f31881c..f87ca94 100644
--- a/siutf8.c
+++ b/siutf8.c
@@ -2,9 +2,13 @@
#include "winapihook.h"
#include "sifilemgr.h"
+BOOL g_isHooked = FALSE;
+
static void HookSI(void)
{
- HookWinApi();
+ if (g_isHooked) {
+ HookWinApi();
+ }
}
static void UnhookSI(void)
@@ -18,6 +22,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
+ DisableThreadLibraryCalls(hinstDLL);
HookSI();
break;
@@ -34,3 +39,10 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
return TRUE; // succesful
}
+#ifdef _WIN64
+#pragma comment(linker, "/EXPORT:VoidExport,@1,NONAME")
+#else
+#pragma comment(linker, "/EXPORT:_VoidExport,@1,NONAME")
+#endif
+
+VOID VoidExport(){}
\ No newline at end of file
diff --git a/utf8.c b/utf8.c
index a3e2fee..e9d9d03 100644
--- a/utf8.c
+++ b/utf8.c
@@ -63,7 +63,7 @@ void gbk_to_utf8(const char* gbk,char* u8,DWORD* u8size)
* @param bit [1~8位 低~高]
* @return [1 真 0 假]
*/
-static inline int CheckBit(unsigned char value, int bit)
+static int CheckBit(unsigned char value, int bit)
{
unsigned char bitvalue[8] = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80};
diff --git a/vs2013/bin/Release/loaderdll.dll b/vs2013/bin/Release/loaderdll.dll
new file mode 100644
index 0000000..7b64762
Binary files /dev/null and b/vs2013/bin/Release/loaderdll.dll differ
diff --git a/vs2013/bin/Release/siloaderex.exe b/vs2013/bin/Release/siloaderex.exe
new file mode 100644
index 0000000..0bd7afa
Binary files /dev/null and b/vs2013/bin/Release/siloaderex.exe differ
diff --git a/vs2013/hook.vcxproj b/vs2013/hook.vcxproj
new file mode 100644
index 0000000..327007e
--- /dev/null
+++ b/vs2013/hook.vcxproj
@@ -0,0 +1,115 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8}
+ Win32Proj
+ hook
+
+
+
+ DynamicLibrary
+ true
+ v120_xp
+ NotSet
+
+
+ DynamicLibrary
+ false
+ v120_xp
+ true
+ NotSet
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+ loaderdll
+ $(SolutionDir)bin\$(Configuration)\
+
+
+ false
+ loaderdll
+ $(SolutionDir)bin\$(Configuration)\
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_CRT_SECURE_NO_WARNINGS;_DEBUG;_WINDOWS;_USRDLL;HOOK_EXPORTS;%(PreprocessorDefinitions)
+ true
+ $(SolutionDir)include
+
+
+ Windows
+ true
+ $(SolutionDir)lib.X86
+ detours.lib;%(AdditionalDependencies)
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;_CRT_SECURE_NO_WARNINGS;NDEBUG;_WINDOWS;_USRDLL;HOOK_EXPORTS;%(PreprocessorDefinitions)
+ true
+ MultiThreaded
+ $(SolutionDir)include
+
+
+ Windows
+ true
+ true
+ true
+ $(SolutionDir)lib.X86
+ detours.lib;%(AdditionalDependencies)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/vs2013/hook.vcxproj.filters b/vs2013/hook.vcxproj.filters
new file mode 100644
index 0000000..30be925
--- /dev/null
+++ b/vs2013/hook.vcxproj.filters
@@ -0,0 +1,72 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+ 源文件
+
+
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+ 头文件
+
+
+
\ No newline at end of file
diff --git a/vs2013/include/detours.h b/vs2013/include/detours.h
new file mode 100644
index 0000000..2e06fe7
--- /dev/null
+++ b/vs2013/include/detours.h
@@ -0,0 +1,626 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+// Core Detours Functionality (detours.h of detours.lib)
+//
+// Microsoft Research Detours Package, Version 3.0 Build_316.
+//
+// Copyright (c) Microsoft Corporation. All rights reserved.
+//
+
+#pragma once
+#ifndef _DETOURS_H_
+#define _DETOURS_H_
+
+#define DETOURS_VERSION 30000 // 3.00.00
+
+//////////////////////////////////////////////////////////////////////////////
+//
+
+#if (_MSC_VER < 1299)
+typedef LONG LONG_PTR;
+typedef ULONG ULONG_PTR;
+#endif
+
+#ifndef __in_z
+#define __in_z
+#endif
+
+//////////////////////////////////////////////////////////////////////////////
+//
+#ifndef GUID_DEFINED
+#define GUID_DEFINED
+typedef struct _GUID
+{
+ DWORD Data1;
+ WORD Data2;
+ WORD Data3;
+ BYTE Data4[ 8 ];
+} GUID;
+
+#ifdef INITGUID
+#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
+ const GUID name \
+ = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
+#else
+#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
+ const GUID name
+#endif // INITGUID
+#endif // !GUID_DEFINED
+
+#if defined(__cplusplus)
+#ifndef _REFGUID_DEFINED
+#define _REFGUID_DEFINED
+#define REFGUID const GUID &
+#endif // !_REFGUID_DEFINED
+#else // !__cplusplus
+#ifndef _REFGUID_DEFINED
+#define _REFGUID_DEFINED
+#define REFGUID const GUID * const
+#endif // !_REFGUID_DEFINED
+#endif // !__cplusplus
+
+//
+//////////////////////////////////////////////////////////////////////////////
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+/////////////////////////////////////////////////// Instruction Target Macros.
+//
+#define DETOUR_INSTRUCTION_TARGET_NONE ((PVOID)0)
+#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PVOID)(LONG_PTR)-1)
+#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0"
+
+extern const GUID DETOUR_EXE_RESTORE_GUID;
+extern const GUID DETOUR_EXE_HELPER_GUID;
+
+#define DETOUR_TRAMPOLINE_SIGNATURE 0x21727444 // Dtr!
+typedef struct _DETOUR_TRAMPOLINE DETOUR_TRAMPOLINE, *PDETOUR_TRAMPOLINE;
+
+/////////////////////////////////////////////////////////// Binary Structures.
+//
+#pragma pack(push, 8)
+typedef struct _DETOUR_SECTION_HEADER
+{
+ DWORD cbHeaderSize;
+ DWORD nSignature;
+ DWORD nDataOffset;
+ DWORD cbDataSize;
+
+ DWORD nOriginalImportVirtualAddress;
+ DWORD nOriginalImportSize;
+ DWORD nOriginalBoundImportVirtualAddress;
+ DWORD nOriginalBoundImportSize;
+
+ DWORD nOriginalIatVirtualAddress;
+ DWORD nOriginalIatSize;
+ DWORD nOriginalSizeOfImage;
+ DWORD cbPrePE;
+
+ DWORD nOriginalClrFlags;
+ DWORD reserved1;
+ DWORD reserved2;
+ DWORD reserved3;
+
+ // Followed by cbPrePE bytes of data.
+} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;
+
+typedef struct _DETOUR_SECTION_RECORD
+{
+ DWORD cbBytes;
+ DWORD nReserved;
+ GUID guid;
+} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;
+
+typedef struct _DETOUR_CLR_HEADER
+{
+ // Header versioning
+ ULONG cb;
+ USHORT MajorRuntimeVersion;
+ USHORT MinorRuntimeVersion;
+
+ // Symbol table and startup information
+ IMAGE_DATA_DIRECTORY MetaData;
+ ULONG Flags;
+
+ // Followed by the rest of the IMAGE_COR20_HEADER
+} DETOUR_CLR_HEADER, *PDETOUR_CLR_HEADER;
+
+typedef struct _DETOUR_EXE_RESTORE
+{
+ DWORD cb;
+ DWORD cbidh;
+ DWORD cbinh;
+ DWORD cbclr;
+
+ PBYTE pidh;
+ PBYTE pinh;
+ PBYTE pclr;
+
+ IMAGE_DOS_HEADER idh;
+ union {
+ IMAGE_NT_HEADERS inh;
+ IMAGE_NT_HEADERS32 inh32;
+ IMAGE_NT_HEADERS64 inh64;
+ BYTE raw[sizeof(IMAGE_NT_HEADERS64) +
+ sizeof(IMAGE_SECTION_HEADER) * 32];
+ };
+ DETOUR_CLR_HEADER clr;
+
+} DETOUR_EXE_RESTORE, *PDETOUR_EXE_RESTORE;
+
+typedef struct _DETOUR_EXE_HELPER
+{
+ DWORD cb;
+ DWORD pid;
+ CHAR DllName[MAX_PATH];
+
+} DETOUR_EXE_HELPER, *PDETOUR_EXE_HELPER;
+
+#pragma pack(pop)
+
+#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \
+{ \
+ sizeof(DETOUR_SECTION_HEADER),\
+ DETOUR_SECTION_HEADER_SIGNATURE,\
+ sizeof(DETOUR_SECTION_HEADER),\
+ (cbSectionSize),\
+ \
+ 0,\
+ 0,\
+ 0,\
+ 0,\
+ \
+ 0,\
+ 0,\
+ 0,\
+ 0,\
+}
+
+/////////////////////////////////////////////////////////////// Helper Macros.
+//
+#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
+#define DETOURS_STRINGIFY_(x) #x
+
+///////////////////////////////////////////////////////////// Binary Typedefs.
+//
+typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext,
+ PCHAR pszFile,
+ PCHAR *ppszOutFile);
+
+typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext,
+ PCHAR pszOrigFile,
+ PCHAR pszFile,
+ PCHAR *ppszOutFile);
+
+typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
+ ULONG nOrigOrdinal,
+ ULONG nOrdinal,
+ ULONG *pnOutOrdinal,
+ PCHAR pszOrigSymbol,
+ PCHAR pszSymbol,
+ PCHAR *ppszOutSymbol);
+
+typedef BOOL (CALLBACK *PF_DETOUR_BINARY_COMMIT_CALLBACK)(PVOID pContext);
+
+typedef BOOL (CALLBACK *PF_DETOUR_ENUMERATE_EXPORT_CALLBACK)(PVOID pContext,
+ ULONG nOrdinal,
+ PCHAR pszName,
+ PVOID pCode);
+
+typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FILE_CALLBACK)(PVOID pContext,
+ HMODULE hModule,
+ PCSTR pszFile);
+
+typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK)(PVOID pContext,
+ DWORD nOrdinal,
+ PCSTR pszFunc,
+ PVOID pvFunc);
+
+typedef VOID * PDETOUR_BINARY;
+typedef VOID * PDETOUR_LOADED_BINARY;
+
+//////////////////////////////////////////////////////////// Transaction APIs.
+//
+LONG WINAPI DetourTransactionBegin(VOID);
+LONG WINAPI DetourTransactionAbort(VOID);
+LONG WINAPI DetourTransactionCommit(VOID);
+LONG WINAPI DetourTransactionCommitEx(PVOID **pppFailedPointer);
+
+LONG WINAPI DetourUpdateThread(HANDLE hThread);
+
+LONG WINAPI DetourAttach(PVOID *ppPointer,
+ PVOID pDetour);
+
+LONG WINAPI DetourAttachEx(PVOID *ppPointer,
+ PVOID pDetour,
+ PDETOUR_TRAMPOLINE *ppRealTrampoline,
+ PVOID *ppRealTarget,
+ PVOID *ppRealDetour);
+
+LONG WINAPI DetourDetach(PVOID *ppPointer,
+ PVOID pDetour);
+
+BOOL WINAPI DetourSetIgnoreTooSmall(BOOL fIgnore);
+BOOL WINAPI DetourSetRetainRegions(BOOL fRetain);
+
+////////////////////////////////////////////////////////////// Code Functions.
+//
+PVOID WINAPI DetourFindFunction(PCSTR pszModule, PCSTR pszFunction);
+PVOID WINAPI DetourCodeFromPointer(PVOID pPointer, PVOID *ppGlobals);
+PVOID WINAPI DetourCopyInstruction(PVOID pDst,
+ PVOID *pDstPool,
+ PVOID pSrc,
+ PVOID *ppTarget,
+ LONG *plExtra);
+
+///////////////////////////////////////////////////// Loaded Binary Functions.
+//
+HMODULE WINAPI DetourGetContainingModule(PVOID pvAddr);
+HMODULE WINAPI DetourEnumerateModules(HMODULE hModuleLast);
+PVOID WINAPI DetourGetEntryPoint(HMODULE hModule);
+ULONG WINAPI DetourGetModuleSize(HMODULE hModule);
+BOOL WINAPI DetourEnumerateExports(HMODULE hModule,
+ PVOID pContext,
+ PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport);
+BOOL WINAPI DetourEnumerateImports(HMODULE hModule,
+ PVOID pContext,
+ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile,
+ PF_DETOUR_IMPORT_FUNC_CALLBACK pfImportFunc);
+
+PVOID WINAPI DetourFindPayload(HMODULE hModule, REFGUID rguid, DWORD *pcbData);
+PVOID WINAPI DetourFindPayloadEx(REFGUID rguid, DWORD * pcbData);
+DWORD WINAPI DetourGetSizeOfPayloads(HMODULE hModule);
+
+///////////////////////////////////////////////// Persistent Binary Functions.
+//
+
+PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile);
+PVOID WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
+ GUID *pGuid,
+ DWORD *pcbData,
+ DWORD *pnIterator);
+PVOID WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary,
+ REFGUID rguid,
+ DWORD *pcbData);
+PVOID WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary,
+ REFGUID rguid,
+ PVOID pData,
+ DWORD cbData);
+BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
+BOOL WINAPI DetourBinaryPurgePayloads(PDETOUR_BINARY pBinary);
+BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary);
+BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary,
+ PVOID pContext,
+ PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,
+ PF_DETOUR_BINARY_FILE_CALLBACK pfFile,
+ PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,
+ PF_DETOUR_BINARY_COMMIT_CALLBACK pfCommit);
+BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
+BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary);
+
+/////////////////////////////////////////////////// Create Process & Load Dll.
+//
+typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)
+ (LPCSTR lpApplicationName,
+ LPSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCSTR lpCurrentDirectory,
+ LPSTARTUPINFOA lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation);
+
+typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)
+ (LPCWSTR lpApplicationName,
+ LPWSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCWSTR lpCurrentDirectory,
+ LPSTARTUPINFOW lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation);
+
+BOOL WINAPI DetourCreateProcessWithDllA(LPCSTR lpApplicationName,
+ __in_z LPSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCSTR lpCurrentDirectory,
+ LPSTARTUPINFOA lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEA
+ pfCreateProcessA);
+
+BOOL WINAPI DetourCreateProcessWithDllW(LPCWSTR lpApplicationName,
+ __in_z LPWSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCWSTR lpCurrentDirectory,
+ LPSTARTUPINFOW lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEW
+ pfCreateProcessW);
+
+#ifdef UNICODE
+#define DetourCreateProcessWithDll DetourCreateProcessWithDllW
+#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
+#else
+#define DetourCreateProcessWithDll DetourCreateProcessWithDllA
+#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
+#endif // !UNICODE
+
+BOOL WINAPI DetourCreateProcessWithDllExA(LPCSTR lpApplicationName,
+ __in_z LPSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCSTR lpCurrentDirectory,
+ LPSTARTUPINFOA lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEA
+ pfCreateProcessA);
+
+BOOL WINAPI DetourCreateProcessWithDllExW(LPCWSTR lpApplicationName,
+ __in_z LPWSTR lpCommandLine,
+ LPSECURITY_ATTRIBUTES lpProcessAttributes,
+ LPSECURITY_ATTRIBUTES lpThreadAttributes,
+ BOOL bInheritHandles,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCWSTR lpCurrentDirectory,
+ LPSTARTUPINFOW lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEW
+ pfCreateProcessW);
+
+#ifdef UNICODE
+#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExW
+#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
+#else
+#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExA
+#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
+#endif // !UNICODE
+
+BOOL WINAPI DetourProcessViaHelperA(DWORD dwTargetPid,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA);
+
+BOOL WINAPI DetourProcessViaHelperW(DWORD dwTargetPid,
+ LPCSTR lpDllName,
+ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW);
+
+#ifdef UNICODE
+#define DetourProcessViaHelper DetourProcessViaHelperW
+#else
+#define DetourProcessViaHelper DetourProcessViaHelperA
+#endif // !UNICODE
+
+BOOL WINAPI DetourUpdateProcessWithDll(HANDLE hProcess,
+ LPCSTR *plpDlls,
+ DWORD nDlls);
+
+BOOL WINAPI DetourCopyPayloadToProcess(HANDLE hProcess,
+ REFGUID rguid,
+ PVOID pvData,
+ DWORD cbData);
+BOOL WINAPI DetourRestoreAfterWith(VOID);
+BOOL WINAPI DetourRestoreAfterWithEx(PVOID pvData, DWORD cbData);
+BOOL WINAPI DetourIsHelperProcess(VOID);
+VOID CALLBACK DetourFinishHelperProcess(HWND, HINSTANCE, LPSTR, INT);
+
+//
+//////////////////////////////////////////////////////////////////////////////
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+//////////////////////////////////////////////// Detours Internal Definitions.
+//
+#ifdef __cplusplus
+#ifdef DETOURS_INTERNAL
+
+#ifndef __deref_out
+#define __deref_out
+#endif
+
+#ifndef __deref
+#define __deref
+#endif
+
+//////////////////////////////////////////////////////////////////////////////
+//
+#if (_MSC_VER < 1299)
+#include
+typedef IMAGEHLP_MODULE IMAGEHLP_MODULE64;
+typedef PIMAGEHLP_MODULE PIMAGEHLP_MODULE64;
+typedef IMAGEHLP_SYMBOL SYMBOL_INFO;
+typedef PIMAGEHLP_SYMBOL PSYMBOL_INFO;
+
+static inline
+LONG InterlockedCompareExchange(LONG *ptr, LONG nval, LONG oval)
+{
+ return (LONG)::InterlockedCompareExchange((PVOID*)ptr, (PVOID)nval, (PVOID)oval);
+}
+#else
+#include
+#endif
+
+#ifdef IMAGEAPI // defined by DBGHELP.H
+typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(LPAPI_VERSION AppVersion);
+
+typedef BOOL (NTAPI *PF_SymInitialize)(IN HANDLE hProcess,
+ IN LPCSTR UserSearchPath,
+ IN BOOL fInvadeProcess);
+typedef DWORD (NTAPI *PF_SymSetOptions)(IN DWORD SymOptions);
+typedef DWORD (NTAPI *PF_SymGetOptions)(VOID);
+typedef DWORD64 (NTAPI *PF_SymLoadModule64)(IN HANDLE hProcess,
+ IN HANDLE hFile,
+ IN PSTR ImageName,
+ IN PSTR ModuleName,
+ IN DWORD64 BaseOfDll,
+ IN DWORD SizeOfDll);
+typedef BOOL (NTAPI *PF_SymGetModuleInfo64)(IN HANDLE hProcess,
+ IN DWORD64 qwAddr,
+ OUT PIMAGEHLP_MODULE64 ModuleInfo);
+typedef BOOL (NTAPI *PF_SymFromName)(IN HANDLE hProcess,
+ IN LPSTR Name,
+ OUT PSYMBOL_INFO Symbol);
+
+typedef struct _DETOUR_SYM_INFO
+{
+ HANDLE hProcess;
+ HMODULE hDbgHelp;
+ PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;
+ PF_SymInitialize pfSymInitialize;
+ PF_SymSetOptions pfSymSetOptions;
+ PF_SymGetOptions pfSymGetOptions;
+ PF_SymLoadModule64 pfSymLoadModule64;
+ PF_SymGetModuleInfo64 pfSymGetModuleInfo64;
+ PF_SymFromName pfSymFromName;
+} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;
+
+PDETOUR_SYM_INFO DetourLoadDbgHelp(VOID);
+
+#endif // IMAGEAPI
+
+#ifndef DETOUR_TRACE
+#if DETOUR_DEBUG
+#define DETOUR_TRACE(x) printf x
+#define DETOUR_BREAK() __debugbreak()
+#include
+#include
+#else
+#define DETOUR_TRACE(x)
+#define DETOUR_BREAK()
+#endif
+#endif
+
+#ifdef DETOURS_IA64
+#error Feature not supported in this release.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#endif // DETOURS_IA64
+
+#ifdef DETOURS_ARM
+#error Feature not supported in this release.
+
+
+
+#endif // DETOURS_ARM
+
+//////////////////////////////////////////////////////////////////////////////
+
+#endif // DETOURS_INTERNAL
+#endif // __cplusplus
+
+#endif // _DETOURS_H_
+//
+//////////////////////////////////////////////////////////////// End of File.
diff --git a/vs2013/include/detver.h b/vs2013/include/detver.h
new file mode 100644
index 0000000..ce83895
--- /dev/null
+++ b/vs2013/include/detver.h
@@ -0,0 +1,21 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+// Common version parameters.
+//
+// Microsoft Research Detours Package, Version 3.0 Build_316.
+//
+// Copyright (c) Microsoft Corporation. All rights reserved.
+//
+
+#ifndef DETOURS_STRINGIFY
+#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
+#define DETOURS_STRINGIFY_(x) #x
+#endif
+
+#define VER_FILEFLAGSMASK 0x3fL
+#define VER_FILEFLAGS 0x0L
+#define VER_FILEOS 0x00040004L
+#define VER_FILETYPE 0x00000002L
+#define VER_FILESUBTYPE 0x00000000L
+
+#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS)
diff --git a/vs2013/lib.X86/detours.lib b/vs2013/lib.X86/detours.lib
new file mode 100644
index 0000000..1fe72ba
Binary files /dev/null and b/vs2013/lib.X86/detours.lib differ
diff --git a/vs2013/siloaderex.vcxproj b/vs2013/siloaderex.vcxproj
new file mode 100644
index 0000000..cbea53b
--- /dev/null
+++ b/vs2013/siloaderex.vcxproj
@@ -0,0 +1,95 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {1F87B45C-9832-4F7C-9E46-56A1E4312A37}
+ Win32Proj
+ siloaderex
+
+
+
+ Application
+ true
+ v120_xp
+ NotSet
+
+
+ Application
+ false
+ v120_xp
+ true
+ NotSet
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+ $(SolutionDir)bin\$(Configuration)\
+
+
+ false
+ $(SolutionDir)bin\$(Configuration)\
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)
+ true
+ $(SolutionDir)include
+
+
+ Console
+ true
+ $(SolutionDir)lib.X86
+ detours.lib;%(AdditionalDependencies)
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)
+ true
+ $(SolutionDir)include
+ MultiThreaded
+
+
+ Console
+ true
+ true
+ true
+ $(SolutionDir)lib.X86
+ detours.lib;%(AdditionalDependencies)
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/vs2013/siloaderex.vcxproj.filters b/vs2013/siloaderex.vcxproj.filters
new file mode 100644
index 0000000..f8ad5f8
--- /dev/null
+++ b/vs2013/siloaderex.vcxproj.filters
@@ -0,0 +1,22 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ 源文件
+
+
+
\ No newline at end of file
diff --git a/vs2013/siutf8.sln b/vs2013/siutf8.sln
new file mode 100644
index 0000000..a3e91a2
--- /dev/null
+++ b/vs2013/siutf8.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.31101.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hook", "hook.vcxproj", "{59E577EB-5E28-4A32-A32F-849C80DBEDB8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "siloaderex", "siloaderex.vcxproj", "{1F87B45C-9832-4F7C-9E46-56A1E4312A37}"
+ ProjectSection(ProjectDependencies) = postProject
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8} = {59E577EB-5E28-4A32-A32F-849C80DBEDB8}
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Release|Win32 = Release|Win32
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8}.Debug|Win32.Build.0 = Debug|Win32
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8}.Release|Win32.ActiveCfg = Release|Win32
+ {59E577EB-5E28-4A32-A32F-849C80DBEDB8}.Release|Win32.Build.0 = Release|Win32
+ {1F87B45C-9832-4F7C-9E46-56A1E4312A37}.Debug|Win32.ActiveCfg = Debug|Win32
+ {1F87B45C-9832-4F7C-9E46-56A1E4312A37}.Debug|Win32.Build.0 = Debug|Win32
+ {1F87B45C-9832-4F7C-9E46-56A1E4312A37}.Release|Win32.ActiveCfg = Release|Win32
+ {1F87B45C-9832-4F7C-9E46-56A1E4312A37}.Release|Win32.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/winapihook.c b/winapihook.c
index 798ea98..1419e71 100644
--- a/winapihook.c
+++ b/winapihook.c
@@ -5,6 +5,7 @@
#include "sifilemgr.h"
#include "sihandlemgr.h"
#include "md5.h"
+#include
typedef HANDLE (WINAPI *CreateFileFn)(
@@ -290,26 +291,21 @@ BOOL WINAPI HookSetEndOfFile(
BOOL HookWinApi(void)
{
- OrgCreateFile = (CreateFileFn)HookFunction("kernel32.dll","CreateFileA",(void *)HookCreateFile);
- if(OrgCreateFile == NULL)
- {
- OutputDebugString("Hook CreateFile Failed!");
- return FALSE;
- }
-
- OrgCloseHandle = (CloseHandleFn)HookFunction("kernel32.dll","CloseHandle",(void *)HookCloseHandle);
- if(OrgCloseHandle == NULL)
- {
- OutputDebugString("Hook CloseHandle Failed!");
- return FALSE;
- }
-
- OrgSetEndOfFile = (SetEndOfFileFn)HookFunction("kernel32.dll","SetEndOfFile",(void *)HookSetEndOfFile);
- if(OrgSetEndOfFile == NULL)
- {
- OutputDebugString("Hook SetEndOfFile Failed!");
- return FALSE;
- }
-
+ OrgCreateFile = CreateFileA;
+ OrgCloseHandle = CloseHandle;
+ OrgSetEndOfFile = SetEndOfFile;
+
+ DetourRestoreAfterWith();
+ DetourTransactionBegin();
+ DetourUpdateThread(GetCurrentThread());
+ DetourAttach(&OrgCreateFile, HookCreateFile);
+ DetourAttach(&OrgCloseHandle, HookCloseHandle);
+ DetourAttach(&OrgSetEndOfFile, HookSetEndOfFile);
+ LONG error = DetourTransactionCommit();
+ if (NO_ERROR != error) {
+ OutputDebugString("Hook CreateFile/CloseHandle/SetEndOfFile Failed!");
+ return FALSE;
+ }
+
return TRUE;
}