diff --git a/Detours.cpp b/Detours.cpp index 24c35e2..b746f53 100644 --- a/Detours.cpp +++ b/Detours.cpp @@ -232,111 +232,16 @@ namespace Detours { // List Entry APIs // ---------------------------------------------------------------- - void InitializeListHead(PLIST_ENTRY pListHead) { - if (pListHead) { - pListHead->Flink = pListHead->Blink = pListHead; - } - } - - void InsertEntry(PLIST_ENTRY pPrev, PLIST_ENTRY pNext, PLIST_ENTRY pEntry) { - if (pPrev && pNext && pEntry) { - pEntry->Flink = pNext; - pEntry->Blink = pPrev; - - if (pPrev->Flink) { - pPrev->Flink->Blink = pEntry; - } - - if (pNext->Blink) { - pNext->Blink->Flink = pEntry; - } - - pPrev->Flink = pEntry; - pNext->Blink = pEntry; - } - } - - void InsertHeadList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry) { - if (pListHead && pEntry) { - InsertEntry(pListHead, pListHead->Flink, pEntry); - } - } - - void InsertTailList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry) { - if (pListHead && pEntry) { - InsertEntry(pListHead->Blink, pListHead, pEntry); - } + void UnLinkEntry(PLIST_ENTRY pEntry) { + pEntry->Flink->Blink = pEntry->Blink; + pEntry->Blink->Flink = pEntry->Flink; } - void RemoveEntryList(PLIST_ENTRY pEntry) { - if (pEntry) { - PLIST_ENTRY pPrev = pEntry->Blink; - PLIST_ENTRY pNext = pEntry->Flink; - - if (pPrev->Flink) { - pPrev->Flink = pNext; - } - - if (pNext->Blink) { - pNext->Blink = pPrev; - } - } - } - - void RemoveHeadList(PLIST_ENTRY pListHead) { - if (pListHead && pListHead->Flink) { - RemoveEntryList(pListHead->Flink); - } - } - - void RemoveTailList(PLIST_ENTRY pListHead) { - if (pListHead && pListHead->Blink) { - RemoveEntryList(pListHead->Blink); - } - } - - PLIST_ENTRY GetListHeadFromEntry(PLIST_ENTRY pEntry) { - if (!pEntry) { - return nullptr; - } - - PLIST_ENTRY pHead = pEntry; - - while ((pHead->Blink != nullptr) && (pHead->Blink != pEntry)) { - pHead = pHead->Blink; - } - - return pEntry; - } - - // ---------------------------------------------------------------- - // GetListHeads - // ---------------------------------------------------------------- - - bool GetHeadsOfLists(PLIST_ENTRY* pInLoadOrderModuleList, PLIST_ENTRY* pInMemoryOrderModuleList, PLIST_ENTRY* pInInitializationOrderModuleList) { - auto pPEB = GetPEB(); - if (!pPEB) { - return false; - } - - auto pLDR = pPEB->Ldr; - if (!pLDR) { - return false; - } - - if (pInLoadOrderModuleList) { - *pInLoadOrderModuleList = &pLDR->InLoadOrderModuleList; - } - - if (pInMemoryOrderModuleList) { - *pInMemoryOrderModuleList = &pLDR->InMemoryOrderModuleList; - } - - if (pInInitializationOrderModuleList) { - *pInInitializationOrderModuleList = &pLDR->InInitializationOrderModuleList; - } - - return true; + void ReLinkEntry(PLIST_ENTRY pList, PLIST_ENTRY pEntry) { + pList->Flink->Blink = pEntry; + pList->Blink->Flink = pEntry; + pEntry->Blink = pList->Blink; + pEntry->Flink = pList->Flink; } // ---------------------------------------------------------------- @@ -348,54 +253,26 @@ namespace Detours { return nullptr; } - PLIST_ENTRY pInLoadOrderModuleList = nullptr; - PLIST_ENTRY pInMemoryOrderModuleList = nullptr; - PLIST_ENTRY pInInitializationOrderModuleList = nullptr; - - if (!GetHeadsOfLists(&pInLoadOrderModuleList, &pInMemoryOrderModuleList, &pInInitializationOrderModuleList)) { + auto pPEB = GetPEB(); + if (!pPEB) { return nullptr; } - if (pInLoadOrderModuleList) { - PLIST_ENTRY pHead = pInLoadOrderModuleList; - PLIST_ENTRY pEntry = pInLoadOrderModuleList->Flink; - while (pEntry != pHead) { - auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); - - if (pDTE->DllBase == pBaseAddress) { - return pEntry; - } - - pEntry = pEntry->Flink; - } + auto pLDR = pPEB->Ldr; + if (!pLDR) { + return nullptr; } - if (pInMemoryOrderModuleList) { - PLIST_ENTRY pHead = pInMemoryOrderModuleList; - PLIST_ENTRY pEntry = pInMemoryOrderModuleList->Flink; - while (pEntry != pHead) { - auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); + PLIST_ENTRY pHead = &pLDR->InLoadOrderModuleList; + PLIST_ENTRY pEntry = pHead->Flink; + while (pEntry != pHead) { + auto pDTE = CONTAINING_RECORD(pEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); - if (pDTE->DllBase == pBaseAddress) { - return pEntry; - } - - pEntry = pEntry->Flink; + if (pDTE->DllBase == pBaseAddress) { + return pEntry; } - } - - if (pInInitializationOrderModuleList) { - PLIST_ENTRY pHead = pInInitializationOrderModuleList; - PLIST_ENTRY pEntry = pInInitializationOrderModuleList->Flink; - while (pEntry != pHead) { - auto pDTE = CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks); - if (pDTE->DllBase == pBaseAddress) { - return pEntry; - } - - pEntry = pEntry->Flink; - } + pEntry = pEntry->Flink; } return nullptr; @@ -459,7 +336,7 @@ namespace Detours { return nullptr; } - return CONTAINING_RECORD(pEntry, Detours::LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); + return CONTAINING_RECORD(pEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); } PLDR_DATA_TABLE_ENTRY FindModuleDataTableEntry(HMODULE hModule) { @@ -517,50 +394,23 @@ namespace Detours { memset(pLinkData, 0, sizeof(LINK_DATA)); - auto pDTE = Detours::LDR::FindModuleDataTableEntry(pBaseAddress); + auto pDTE = FindModuleDataTableEntry(pBaseAddress); if (!pDTE) { return false; } - PLIST_ENTRY pInLoadOrderModuleList = nullptr; - PLIST_ENTRY pInMemoryOrderModuleList = nullptr; - PLIST_ENTRY pInInitializationOrderModuleList = nullptr; + pLinkData->m_pDTE = pDTE; + pLinkData->m_pSavedInLoadOrderLinks = pDTE->InLoadOrderLinks.Blink->Flink; + pLinkData->m_pSavedInInitializationOrderLinks = pDTE->InInitializationOrderLinks.Blink->Flink; + pLinkData->m_pSavedInMemoryOrderLinks = pDTE->InMemoryOrderLinks.Blink->Flink; + pLinkData->m_pSavedHashLinks = pDTE->HashLinks.Blink->Flink; + pLinkData->m_pSavedNodeModuleLink = pDTE->NodeModuleLink.Blink->Flink; - if (!GetHeadsOfLists(&pInLoadOrderModuleList, &pInMemoryOrderModuleList, &pInInitializationOrderModuleList)) { - return false; - } - - pLinkData->m_pHeadInLoadOrderLinks = pInLoadOrderModuleList; - pLinkData->m_pHeadInMemoryOrderLinks = pInMemoryOrderModuleList; - pLinkData->m_pHeadInInitializationOrderLinks = pInInitializationOrderModuleList; - - pLinkData->m_pHeadHashLinks = GetListHeadFromEntry(&pDTE->HashLinks); - pLinkData->m_pHeadNodeModuleLink = GetListHeadFromEntry(&pDTE->NodeModuleLink); - - if (pLinkData->m_pHeadInLoadOrderLinks) { - Detours::LDR::RemoveEntryList(&pDTE->InLoadOrderLinks); - pLinkData->m_pSavedInLoadOrderLinks = &pDTE->InLoadOrderLinks; - } - - if (pLinkData->m_pHeadInMemoryOrderLinks) { - Detours::LDR::RemoveEntryList(&pDTE->InMemoryOrderLinks); - pLinkData->m_pSavedInMemoryOrderLinks = &pDTE->InMemoryOrderLinks; - } - - if (pLinkData->m_pHeadInInitializationOrderLinks) { - Detours::LDR::RemoveEntryList(&pDTE->InInitializationOrderLinks); - pLinkData->m_pSavedInInitializationOrderLinks = &pDTE->InInitializationOrderLinks; - } - - if (pLinkData->m_pHeadHashLinks) { - Detours::LDR::RemoveEntryList(&pDTE->HashLinks); - pLinkData->m_pSavedHashLinks = &pDTE->HashLinks; - } - - if (pLinkData->m_pHeadNodeModuleLink) { - Detours::LDR::RemoveEntryList(&pDTE->NodeModuleLink); - pLinkData->m_pSavedNodeModuleLink = &pDTE->NodeModuleLink; - } + UnLinkEntry(&pDTE->InLoadOrderLinks); + UnLinkEntry(&pDTE->InInitializationOrderLinks); + UnLinkEntry(&pDTE->InMemoryOrderLinks); + UnLinkEntry(&pDTE->HashLinks); + UnLinkEntry(&pDTE->NodeModuleLink); return true; } @@ -608,58 +458,12 @@ namespace Detours { // ReLinkModule // ---------------------------------------------------------------- - bool ReLinkModule(LINK_DATA LinkData) { - if (LinkData.m_pSavedInLoadOrderLinks) { - if (!LinkData.m_pHeadInLoadOrderLinks) { - return false; - } - } - - if (LinkData.m_pSavedInMemoryOrderLinks) { - if (!LinkData.m_pHeadInMemoryOrderLinks) { - return false; - } - } - - if (LinkData.m_pSavedInInitializationOrderLinks) { - if (!LinkData.m_pHeadInInitializationOrderLinks) { - return false; - } - } - - if (LinkData.m_pSavedHashLinks) { - if (!LinkData.m_pHeadHashLinks) { - return false; - } - } - - if (LinkData.m_pSavedNodeModuleLink) { - if (!LinkData.m_pHeadNodeModuleLink) { - return false; - } - } - - if (LinkData.m_pSavedInLoadOrderLinks) { - Detours::LDR::InsertTailList(LinkData.m_pHeadInLoadOrderLinks, LinkData.m_pSavedInLoadOrderLinks); - } - - if (LinkData.m_pSavedInMemoryOrderLinks) { - Detours::LDR::InsertTailList(LinkData.m_pHeadInMemoryOrderLinks, LinkData.m_pSavedInMemoryOrderLinks); - } - - if (LinkData.m_pSavedInInitializationOrderLinks) { - Detours::LDR::InsertTailList(LinkData.m_pHeadInInitializationOrderLinks, LinkData.m_pSavedInInitializationOrderLinks); - } - - if (LinkData.m_pSavedHashLinks) { - Detours::LDR::InsertTailList(LinkData.m_pHeadHashLinks, LinkData.m_pSavedHashLinks); - } - - if (LinkData.m_pSavedNodeModuleLink) { - Detours::LDR::InsertTailList(LinkData.m_pHeadNodeModuleLink, LinkData.m_pSavedNodeModuleLink); - } - - return true; + void ReLinkModule(LINK_DATA LinkData) { + ReLinkEntry(&LinkData.m_pDTE->InLoadOrderLinks, LinkData.m_pSavedInLoadOrderLinks); + ReLinkEntry(&LinkData.m_pDTE->InInitializationOrderLinks, LinkData.m_pSavedInInitializationOrderLinks); + ReLinkEntry(&LinkData.m_pDTE->InMemoryOrderLinks, LinkData.m_pSavedInMemoryOrderLinks); + ReLinkEntry(&LinkData.m_pDTE->HashLinks, LinkData.m_pSavedHashLinks); + ReLinkEntry(&LinkData.m_pDTE->NodeModuleLink, LinkData.m_pSavedNodeModuleLink); } } diff --git a/Detours.h b/Detours.h index c02e5ea..9d1dea3 100644 --- a/Detours.h +++ b/Detours.h @@ -1392,25 +1392,6 @@ namespace Detours { namespace LDR { - // ---------------------------------------------------------------- - // List Entry APIs - // ---------------------------------------------------------------- - - void InitializeListHead(PLIST_ENTRY pListHead); - void InsertHeadList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry); - void InsertTailList(PLIST_ENTRY pListHead, PLIST_ENTRY pEntry); - void RemoveEntryList(PLIST_ENTRY pEntry); - void RemoveHeadList(PLIST_ENTRY pListHead); - void RemoveTailList(PLIST_ENTRY pListHead); - - PLIST_ENTRY GetListHeadFromEntry(PLIST_ENTRY pEntry); - - // ---------------------------------------------------------------- - // GetHeadsOfLists - // ---------------------------------------------------------------- - - bool GetHeadsOfLists(PLIST_ENTRY* pInLoadOrderModuleList, PLIST_ENTRY* pInMemoryOrderModuleList, PLIST_ENTRY* pInInitializationOrderModuleList); - // ---------------------------------------------------------------- // FindModuleListEntry // ---------------------------------------------------------------- @@ -1444,11 +1425,7 @@ namespace Detours { // ---------------------------------------------------------------- typedef struct _LINK_DATA { - PLIST_ENTRY m_pHeadInLoadOrderLinks; - PLIST_ENTRY m_pHeadInMemoryOrderLinks; - PLIST_ENTRY m_pHeadInInitializationOrderLinks; - PLIST_ENTRY m_pHeadHashLinks; - PLIST_ENTRY m_pHeadNodeModuleLink; + PLDR_DATA_TABLE_ENTRY m_pDTE; PLIST_ENTRY m_pSavedInLoadOrderLinks; PLIST_ENTRY m_pSavedInMemoryOrderLinks; PLIST_ENTRY m_pSavedInInitializationOrderLinks; @@ -1474,7 +1451,7 @@ namespace Detours { // ReLinkModule // ---------------------------------------------------------------- - bool ReLinkModule(LINK_DATA LinkData); + void ReLinkModule(LINK_DATA LinkData); } // ---------------------------------------------------------------- diff --git a/main.cpp b/main.cpp index 178a6e0..7c7fad7 100644 --- a/main.cpp +++ b/main.cpp @@ -1690,9 +1690,9 @@ int _tmain(int nArguments, PTCHAR* pArguments) { _tprintf_s(_T("kernel32.dll = 0x%08X\n"), reinterpret_cast(GetModuleHandle(_T("kernel32.dll")))); #endif - if (Detours::LDR::ReLinkModule(ld)) { - _tprintf_s(_T("ReLinked\n")); - } + Detours::LDR::ReLinkModule(ld); + + _tprintf_s(_T("ReLinked\n")); #ifdef _M_X64 _tprintf_s(_T("kernel32.dll = 0x%016llX\n"), reinterpret_cast(GetModuleHandle(_T("kernel32.dll"))));