Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
@RenardDev
RenardDev committed Feb 4, 2024
1 parent 8759084 commit 118a73d
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 263 deletions.
274 changes: 39 additions & 235 deletions Detours.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,111 +232,16 @@ namespace Detours {
// List Entry APIs
// ----------------------------------------------------------------

void InitializeListHead(PLIST_ENTRY pListHead) {
if (pListHead) {
pListHead->Flink = pListHead->Blink = pListHead;
}
}

void InsertEntry(PLIST_ENTRY pPrev, PLIST_ENTRY pNext, PLIST_ENTRY pEntry) {
if (pPrev && pNext && pEntry) {
pEntry->Flink = pNext;
pEntry->Blink = pPrev;

if (pPrev->Flink) {
pPrev->Flink->Blink = pEntry;
}

if (pNext->Blink) {
pNext->Blink->Flink = pEntry;
}

pPrev->Flink = pEntry;
pNext->Blink = pEntry;
}
}

void InsertHeadList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry) {
if (pListHead && pEntry) {
InsertEntry(pListHead, pListHead->Flink, pEntry);
}
}

void InsertTailList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry) {
if (pListHead && pEntry) {
InsertEntry(pListHead->Blink, pListHead, pEntry);
}
void UnLinkEntry(PLIST_ENTRY pEntry) {
pEntry->Flink->Blink = pEntry->Blink;
pEntry->Blink->Flink = pEntry->Flink;
}

void RemoveEntryList(PLIST_ENTRY pEntry) {
if (pEntry) {
PLIST_ENTRY pPrev = pEntry->Blink;
PLIST_ENTRY pNext = pEntry->Flink;

if (pPrev->Flink) {
pPrev->Flink = pNext;
}

if (pNext->Blink) {
pNext->Blink = pPrev;
}
}
}

void RemoveHeadList(PLIST_ENTRY pListHead) {
if (pListHead && pListHead->Flink) {
RemoveEntryList(pListHead->Flink);
}
}

void RemoveTailList(PLIST_ENTRY pListHead) {
if (pListHead && pListHead->Blink) {
RemoveEntryList(pListHead->Blink);
}
}

PLIST_ENTRY GetListHeadFromEntry(PLIST_ENTRY pEntry) {
if (!pEntry) {
return nullptr;
}

PLIST_ENTRY pHead = pEntry;

while ((pHead->Blink != nullptr) && (pHead->Blink != pEntry)) {
pHead = pHead->Blink;
}

return pEntry;
}

// ----------------------------------------------------------------
// GetListHeads
// ----------------------------------------------------------------

bool GetHeadsOfLists(PLIST_ENTRY* pInLoadOrderModuleList, PLIST_ENTRY* pInMemoryOrderModuleList, PLIST_ENTRY* pInInitializationOrderModuleList) {
auto pPEB = GetPEB();
if (!pPEB) {
return false;
}

auto pLDR = pPEB->Ldr;
if (!pLDR) {
return false;
}

if (pInLoadOrderModuleList) {
*pInLoadOrderModuleList = &pLDR->InLoadOrderModuleList;
}

if (pInMemoryOrderModuleList) {
*pInMemoryOrderModuleList = &pLDR->InMemoryOrderModuleList;
}

if (pInInitializationOrderModuleList) {
*pInInitializationOrderModuleList = &pLDR->InInitializationOrderModuleList;
}

return true;
void ReLinkEntry(PLIST_ENTRY pList, PLIST_ENTRY pEntry) {
pList->Flink->Blink = pEntry;
pList->Blink->Flink = pEntry;
pEntry->Blink = pList->Blink;
pEntry->Flink = pList->Flink;
}

// ----------------------------------------------------------------
Expand All @@ -348,54 +253,26 @@ namespace Detours {
return nullptr;
}

PLIST_ENTRY pInLoadOrderModuleList = nullptr;
PLIST_ENTRY pInMemoryOrderModuleList = nullptr;
PLIST_ENTRY pInInitializationOrderModuleList = nullptr;

if (!GetHeadsOfLists(&pInLoadOrderModuleList, &pInMemoryOrderModuleList, &pInInitializationOrderModuleList)) {
auto pPEB = GetPEB();
if (!pPEB) {
return nullptr;
}

if (pInLoadOrderModuleList) {
PLIST_ENTRY pHead = pInLoadOrderModuleList;
PLIST_ENTRY pEntry = pInLoadOrderModuleList->Flink;
while (pEntry != pHead) {
auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);

if (pDTE->DllBase == pBaseAddress) {
return pEntry;
}

pEntry = pEntry->Flink;
}
auto pLDR = pPEB->Ldr;
if (!pLDR) {
return nullptr;
}

if (pInMemoryOrderModuleList) {
PLIST_ENTRY pHead = pInMemoryOrderModuleList;
PLIST_ENTRY pEntry = pInMemoryOrderModuleList->Flink;
while (pEntry != pHead) {
auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
PLIST_ENTRY pHead = &pLDR->InLoadOrderModuleList;
PLIST_ENTRY pEntry = pHead->Flink;
while (pEntry != pHead) {
auto pDTE = CONTAINING_RECORD(pEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);

if (pDTE->DllBase == pBaseAddress) {
return pEntry;
}

pEntry = pEntry->Flink;
if (pDTE->DllBase == pBaseAddress) {
return pEntry;
}
}

if (pInInitializationOrderModuleList) {
PLIST_ENTRY pHead = pInInitializationOrderModuleList;
PLIST_ENTRY pEntry = pInInitializationOrderModuleList->Flink;
while (pEntry != pHead) {
auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);

if (pDTE->DllBase == pBaseAddress) {
return pEntry;
}

pEntry = pEntry->Flink;
}
pEntry = pEntry->Flink;
}

return nullptr;
Expand Down Expand Up @@ -459,7 +336,7 @@ namespace Detours {
return nullptr;
}

return CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
return CONTAINING_RECORD(pEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
}

PLDR_DATA_TABLE_ENTRY FindModuleDataTableEntry(HMODULE hModule) {
Expand Down Expand Up @@ -517,50 +394,23 @@ namespace Detours {

memset(pLinkData, 0, sizeof(LINK_DATA));

auto pDTE = Detours::LDR::FindModuleDataTableEntry(pBaseAddress);
auto pDTE = FindModuleDataTableEntry(pBaseAddress);
if (!pDTE) {
return false;
}

PLIST_ENTRY pInLoadOrderModuleList = nullptr;
PLIST_ENTRY pInMemoryOrderModuleList = nullptr;
PLIST_ENTRY pInInitializationOrderModuleList = nullptr;
pLinkData->m_pDTE = pDTE;
pLinkData->m_pSavedInLoadOrderLinks = pDTE->InLoadOrderLinks.Blink->Flink;
pLinkData->m_pSavedInInitializationOrderLinks = pDTE->InInitializationOrderLinks.Blink->Flink;
pLinkData->m_pSavedInMemoryOrderLinks = pDTE->InMemoryOrderLinks.Blink->Flink;
pLinkData->m_pSavedHashLinks = pDTE->HashLinks.Blink->Flink;
pLinkData->m_pSavedNodeModuleLink = pDTE->NodeModuleLink.Blink->Flink;

if (!GetHeadsOfLists(&pInLoadOrderModuleList, &pInMemoryOrderModuleList, &pInInitializationOrderModuleList)) {
return false;
}

pLinkData->m_pHeadInLoadOrderLinks = pInLoadOrderModuleList;
pLinkData->m_pHeadInMemoryOrderLinks = pInMemoryOrderModuleList;
pLinkData->m_pHeadInInitializationOrderLinks = pInInitializationOrderModuleList;

pLinkData->m_pHeadHashLinks = GetListHeadFromEntry(&pDTE->HashLinks);
pLinkData->m_pHeadNodeModuleLink = GetListHeadFromEntry(&pDTE->NodeModuleLink);

if (pLinkData->m_pHeadInLoadOrderLinks) {
Detours::LDR::RemoveEntryList(&pDTE->InLoadOrderLinks);
pLinkData->m_pSavedInLoadOrderLinks = &pDTE->InLoadOrderLinks;
}

if (pLinkData->m_pHeadInMemoryOrderLinks) {
Detours::LDR::RemoveEntryList(&pDTE->InMemoryOrderLinks);
pLinkData->m_pSavedInMemoryOrderLinks = &pDTE->InMemoryOrderLinks;
}

if (pLinkData->m_pHeadInInitializationOrderLinks) {
Detours::LDR::RemoveEntryList(&pDTE->InInitializationOrderLinks);
pLinkData->m_pSavedInInitializationOrderLinks = &pDTE->InInitializationOrderLinks;
}

if (pLinkData->m_pHeadHashLinks) {
Detours::LDR::RemoveEntryList(&pDTE->HashLinks);
pLinkData->m_pSavedHashLinks = &pDTE->HashLinks;
}

if (pLinkData->m_pHeadNodeModuleLink) {
Detours::LDR::RemoveEntryList(&pDTE->NodeModuleLink);
pLinkData->m_pSavedNodeModuleLink = &pDTE->NodeModuleLink;
}
UnLinkEntry(&pDTE->InLoadOrderLinks);
UnLinkEntry(&pDTE->InInitializationOrderLinks);
UnLinkEntry(&pDTE->InMemoryOrderLinks);
UnLinkEntry(&pDTE->HashLinks);
UnLinkEntry(&pDTE->NodeModuleLink);

return true;
}
Expand Down Expand Up @@ -608,58 +458,12 @@ namespace Detours {
// ReLinkModule
// ----------------------------------------------------------------

bool ReLinkModule(LINK_DATA LinkData) {
if (LinkData.m_pSavedInLoadOrderLinks) {
if (!LinkData.m_pHeadInLoadOrderLinks) {
return false;
}
}

if (LinkData.m_pSavedInMemoryOrderLinks) {
if (!LinkData.m_pHeadInMemoryOrderLinks) {
return false;
}
}

if (LinkData.m_pSavedInInitializationOrderLinks) {
if (!LinkData.m_pHeadInInitializationOrderLinks) {
return false;
}
}

if (LinkData.m_pSavedHashLinks) {
if (!LinkData.m_pHeadHashLinks) {
return false;
}
}

if (LinkData.m_pSavedNodeModuleLink) {
if (!LinkData.m_pHeadNodeModuleLink) {
return false;
}
}

if (LinkData.m_pSavedInLoadOrderLinks) {
Detours::LDR::InsertTailList(LinkData.m_pHeadInLoadOrderLinks, LinkData.m_pSavedInLoadOrderLinks);
}

if (LinkData.m_pSavedInMemoryOrderLinks) {
Detours::LDR::InsertTailList(LinkData.m_pHeadInMemoryOrderLinks, LinkData.m_pSavedInMemoryOrderLinks);
}

if (LinkData.m_pSavedInInitializationOrderLinks) {
Detours::LDR::InsertTailList(LinkData.m_pHeadInInitializationOrderLinks, LinkData.m_pSavedInInitializationOrderLinks);
}

if (LinkData.m_pSavedHashLinks) {
Detours::LDR::InsertTailList(LinkData.m_pHeadHashLinks, LinkData.m_pSavedHashLinks);
}

if (LinkData.m_pSavedNodeModuleLink) {
Detours::LDR::InsertTailList(LinkData.m_pHeadNodeModuleLink, LinkData.m_pSavedNodeModuleLink);
}

return true;
void ReLinkModule(LINK_DATA LinkData) {
ReLinkEntry(&LinkData.m_pDTE->InLoadOrderLinks, LinkData.m_pSavedInLoadOrderLinks);
ReLinkEntry(&LinkData.m_pDTE->InInitializationOrderLinks, LinkData.m_pSavedInInitializationOrderLinks);
ReLinkEntry(&LinkData.m_pDTE->InMemoryOrderLinks, LinkData.m_pSavedInMemoryOrderLinks);
ReLinkEntry(&LinkData.m_pDTE->HashLinks, LinkData.m_pSavedHashLinks);
ReLinkEntry(&LinkData.m_pDTE->NodeModuleLink, LinkData.m_pSavedNodeModuleLink);
}
}

Expand Down
27 changes: 2 additions & 25 deletions Detours.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1392,25 +1392,6 @@ namespace Detours {

namespace LDR {

// ----------------------------------------------------------------
// List Entry APIs
// ----------------------------------------------------------------

void InitializeListHead(PLIST_ENTRY pListHead);
void InsertHeadList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry);
void InsertTailList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry);
void RemoveEntryList(PLIST_ENTRY pEntry);
void RemoveHeadList(PLIST_ENTRY pListHead);
void RemoveTailList(PLIST_ENTRY pListHead);

PLIST_ENTRY GetListHeadFromEntry(PLIST_ENTRY pEntry);

// ----------------------------------------------------------------
// GetHeadsOfLists
// ----------------------------------------------------------------

bool GetHeadsOfLists(PLIST_ENTRY* pInLoadOrderModuleList, PLIST_ENTRY* pInMemoryOrderModuleList, PLIST_ENTRY* pInInitializationOrderModuleList);

// ----------------------------------------------------------------
// FindModuleListEntry
// ----------------------------------------------------------------
Expand Down Expand Up @@ -1444,11 +1425,7 @@ namespace Detours {
// ----------------------------------------------------------------

typedef struct _LINK_DATA {
PLIST_ENTRY m_pHeadInLoadOrderLinks;
PLIST_ENTRY m_pHeadInMemoryOrderLinks;
PLIST_ENTRY m_pHeadInInitializationOrderLinks;
PLIST_ENTRY m_pHeadHashLinks;
PLIST_ENTRY m_pHeadNodeModuleLink;
PLDR_DATA_TABLE_ENTRY m_pDTE;
PLIST_ENTRY m_pSavedInLoadOrderLinks;
PLIST_ENTRY m_pSavedInMemoryOrderLinks;
PLIST_ENTRY m_pSavedInInitializationOrderLinks;
Expand All @@ -1474,7 +1451,7 @@ namespace Detours {
// ReLinkModule
// ----------------------------------------------------------------

bool ReLinkModule(LINK_DATA LinkData);
void ReLinkModule(LINK_DATA LinkData);
}

// ----------------------------------------------------------------
Expand Down
6 changes: 3 additions & 3 deletions main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1690,9 +1690,9 @@ int _tmain(int nArguments, PTCHAR* pArguments) {
_tprintf_s(_T("kernel32.dll = 0x%08X\n"), reinterpret_cast<size_t>(GetModuleHandle(_T("kernel32.dll"))));
#endif

if (Detours::LDR::ReLinkModule(ld)) {
_tprintf_s(_T("ReLinked\n"));
}
Detours::LDR::ReLinkModule(ld);

_tprintf_s(_T("ReLinked\n"));

#ifdef _M_X64
_tprintf_s(_T("kernel32.dll = 0x%016llX\n"), reinterpret_cast<size_t>(GetModuleHandle(_T("kernel32.dll"))));
Expand Down

0 comments on commit 118a73d

Please sign in to comment.