Ignore version within core API DLL names.

2012-01-15 15:24:01 +10:00 · 2012-01-15 15:24:01 +10:00 · b73334ae08
commit b73334ae08
parent f3c69d9d21
1 changed files with 68 additions and 38 deletions
--- a/ANSI.c
+++ b/ANSI.c
@ -880,21 +880,27 @@ ParseAndPrintString( HANDLE hDev,
 const char APIKernel[]		   = "kernel32.dll";
-const char APIConsole[] 	   = "API-MS-Win-Core-Console-L1-1-0.dll";
+const char APIConsole[] 	   = "API-MS-Win-Core-Console-";
-const char APIProcessThreads[]	   = "API-MS-Win-Core-ProcessThreads-L1-1-0.dll";
+const char APIProcessThreads[]	   = "API-MS-Win-Core-ProcessThreads-";
-const char APIProcessEnvironment[] = "API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll";
+const char APIProcessEnvironment[] = "API-MS-Win-Core-ProcessEnvironment-";
-const char APILibraryLoader[]	   = "API-MS-Win-Core-LibraryLoader-L1-1-0.dll";
+const char APILibraryLoader[]	   = "API-MS-Win-Core-LibraryLoader-";
-const char APIFile[]		   = "API-MS-Win-Core-File-L1-1-0.dll";
+const char APIFile[]		   = "API-MS-Win-Core-File-";
-PCSTR APIs[] =
+typedef struct
 {
-  APIKernel,
+  PCSTR   name;
-  APIConsole,
+  DWORD   len;
-  APIProcessThreads,
+  HMODULE base;
-  APIProcessEnvironment,
+} API_DATA, *PAPI_DATA;
-  APILibraryLoader,
+
-  APIFile,
+API_DATA APIs[] =
-  NULL
+{
  { APIConsole, 	   sizeof(APIConsole) - 1,	      NULL },
  { APIProcessThreads,	   sizeof(APIProcessThreads) - 1,     NULL },
  { APIProcessEnvironment, sizeof(APIProcessEnvironment) - 1, NULL },
  { APILibraryLoader,	   sizeof(APILibraryLoader) - 1,      NULL },
  { APIFile,		   sizeof(APIFile) - 1, 	      NULL },
  { NULL,		   0,				      NULL }
 };
@ -973,13 +979,35 @@ BOOL HookAPIOneMod(
  // for the module whose name matches the pszFunctionModule parameter.
  for (; pImportDesc->Name; pImportDesc++)
  {
-    PCSTR* lib;
+    BOOL kernel = TRUE;
    PSTR pszModName = MakeVA( PSTR, pImportDesc->Name );
-    for (lib = APIs; *lib; ++lib)
+    if (_stricmp( pszModName, APIKernel ) != 0)
-      if (_stricmp( pszModName, *lib ) == 0)
+    {
-	break;
+      PAPI_DATA lib;
-    if (*lib == NULL)
+      for (lib = APIs; lib->name; ++lib)
-      continue;
+      {
 	if (_strnicmp( pszModName, lib->name, lib->len ) == 0)
 	{
 	  if (lib->base == NULL)
 	  {
 	    lib->base = GetModuleHandleA( pszModName );
 	    for (hook = Hooks; hook->name; ++hook)
 	      if (hook->lib == lib->name)
 		hook->apifunc = GetProcAddress( lib->base, hook->name );
 	  }
 	  break;
 	}
      }
      if (lib->name == NULL)
      {
 	if (log_level & 16)
 	  DEBUGSTR( 2, L" %s %S", zIgnoring, pszModName );
 	continue;
      }
      kernel = FALSE;
    }
    if (log_level & 16)
      DEBUGSTR( 2, L" Scanning %S", pszModName );
    // Get a pointer to the found module's import address table (IAT).
    pThunk = MakeVA( PIMAGE_THUNK_DATA, pImportDesc->FirstThunk );
@ -994,7 +1022,7 @@ BOOL HookAPIOneMod(
 	if (restore)
 	{
 	  if ((PROC)pThunk->u1.Function == hook->newfunc)
-	    patch = (lib == APIs) ? hook->oldfunc : hook->apifunc;
+	    patch = (kernel) ? hook->oldfunc : hook->apifunc;
 	}
 	else if ((PROC)pThunk->u1.Function == hook->oldfunc ||
 		 (PROC)pThunk->u1.Function == hook->apifunc)
@ -1288,7 +1316,7 @@ FARPROC WINAPI MyGetProcAddress( HMODULE hModule, LPCSTR lpProcName )
 	DEBUGSTR( 3, L"GetProcAddress: %S (ignoring)", lpProcName );
 	return proc;
      }
-      for (hook = Hooks+2; hook->name; ++hook)
+      for (hook = Hooks + 2; hook->name; ++hook)
      {
 	if (proc == hook->oldfunc)
 	{
@ -1297,19 +1325,27 @@ FARPROC WINAPI MyGetProcAddress( HMODULE hModule, LPCSTR lpProcName )
 	}
      }
    }
-    else if (Hooks[0].apifunc) // assume if one is defined, all are
+    else
    {
-      if (proc == Hooks[0].apifunc || proc == Hooks[1].apifunc)
+      PAPI_DATA api;
      for (api = APIs; api->name; ++api)
      {
-	DEBUGSTR( 3, L"GetProcAddress: %S (ignoring)", lpProcName );
+	if (hModule == api->base)
 	return proc;
      }
      for (hook = Hooks+2; hook->name; ++hook)
      {
 	if (proc == hook->apifunc)
 	{
-	  DEBUGSTR( 3, L"GetProcAddress: %S", lpProcName );
+	  if (proc == Hooks[0].apifunc || proc == Hooks[1].apifunc)
-	  return hook->newfunc;
+	  {
 	    DEBUGSTR( 3, L"GetProcAddress: %S (ignoring)", lpProcName );
 	    return proc;
 	  }
 	  for (hook = Hooks + 2; hook->name; ++hook)
 	  {
 	    if (proc == hook->apifunc)
 	    {
 	      DEBUGSTR( 3, L"GetProcAddress: %S", lpProcName );
 	      return hook->newfunc;
 	    }
 	  }
 	  break;
 	}
      }
    }
@ -1556,7 +1592,7 @@ HookFn Hooks[] = {
  { APIConsole, 	   "WriteConsoleA",           (PROC)MyWriteConsoleA,           NULL, NULL },
  { APIConsole, 	   "WriteConsoleW",           (PROC)MyWriteConsoleW,           NULL, NULL },
  { APIFile,		   "WriteFile",               (PROC)MyWriteFile,               NULL, NULL },
-  { NULL, NULL, NULL, NULL }
+  { NULL, NULL, NULL, NULL, NULL }
 };
 //-----------------------------------------------------------------------------
@ -1626,7 +1662,6 @@ __declspec(dllexport) // to stop MinGW exporting everything
 BOOL WINAPI DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
 {
  BOOL	  bResult = TRUE;
  HMODULE api;
  PHookFn hook;
  TCHAR   logstr[4];
@ -1647,12 +1682,7 @@ BOOL WINAPI DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
    // Get the entry points to the original functions.
    hKernel = GetModuleHandleA( APIKernel );
    for (hook = Hooks; hook->name; ++hook)
    {
      hook->oldfunc = GetProcAddress( hKernel, hook->name );
      api = GetModuleHandleA( hook->lib );
      if (api)
 	hook->apifunc = GetProcAddress( api, hook->name );
    }
    bResult = HookAPIAllMod( Hooks, FALSE );
    OriginalAttr();