NCBI C++ ToolKit
Classes | Typedefs | Functions | Variables
NWinHook Namespace Reference

Classes

class  CModuleInstance
 
class  CLibHandler
 
class  CPsapiHandler
 class CPsapiHandler More...
 
class  CToolhelpHandler
 class CToolhelpHandler More...
 
class  CTaskManager
 The taskManager dynamically decides whether to use ToolHelp library or PSAPI This is a proxy class to redirect calls to a handler ... More...
 
class  CHookedFunction
 class CHookedFunction More...
 
class  CKernell32
 
class  CPEi386
 class CPEi386 More...
 
class  CExeModuleInstance
 class CExeModuleInstance More...
 
struct  API_FUNC_ID
 
class  CWinHookException
 
class  CHookedFunctions
 
class  CApiHookMgr
 class CApiHookMgr More...
 
class  COnExitProcess
 

Typedefs

typedef BOOL(WINAPI * FEnumProcesses) (DWORD *lpidProcess, DWORD cb, DWORD *cbNeeded)
 
typedef BOOL(WINAPI * FEnumProcessModules) (HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded)
 
typedef DWORD(WINAPI * FGetModuleFileNameExA) (HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize)
 
typedef HANDLE(WINAPI * FCreateToolHelp32Snapshot) (DWORD dwFlags, DWORD th32ProcessID)
 
typedef BOOL(WINAPI * FProcess32First) (HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)
 
typedef BOOL(WINAPI * FProcess32Next) (HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)
 
typedef BOOL(WINAPI * FModule32First) (HANDLE hSnapshot, LPMODULEENTRY32_A lpme)
 
typedef BOOL(WINAPI * FModule32Next) (HANDLE hSnapshot, LPMODULEENTRY32_A lpme)
 
typedef HMODULE(WINAPI * FLoadLibraryA) (LPCSTR lpLibFileName)
 
typedef HMODULE(WINAPI * FLoadLibraryW) (LPCWSTR lpLibFileName)
 
typedef HMODULE(WINAPI * FLoadLibraryExA) (LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
 
typedef HMODULE(WINAPI * FLoadLibraryExW) (LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
 
typedef FARPROC(WINAPI * FGetProcAddress) (HMODULE hModule, LPCSTR lpProcName)
 
typedef VOID(WINAPI * FExitProcess) (UINT uExitCode)
 

Functions

static BOOL IsToolHelpSupported (void)
 
static BOOL IsPsapiSupported (void)
 
static HMODULE ModuleFromAddress (PVOID pv)
 
static BOOL ExtractModuleFileName (char *pszFullFileName)
 
int my_stricmp (const char *left, const char *right)
 

Variables

static FGetProcAddress g_FGetProcAddress
 
static FLoadLibraryA g_LoadLibraryA
 
CKernell32 g_Kernell32
 
const API_FUNC_ID MANDATORY_API_FUNCS []
 
const BYTE cPushOpCode = 0x68
 
static bool s_AppExited = false
 

Typedef Documentation

◆ FCreateToolHelp32Snapshot

typedef HANDLE(WINAPI * NWinHook::FCreateToolHelp32Snapshot) (DWORD dwFlags, DWORD th32ProcessID)

Definition at line 164 of file ncbi_win_hook.cpp.

◆ FEnumProcesses

typedef BOOL(WINAPI * NWinHook::FEnumProcesses) (DWORD *lpidProcess, DWORD cb, DWORD *cbNeeded)

Definition at line 120 of file ncbi_win_hook.cpp.

◆ FEnumProcessModules

typedef BOOL(WINAPI * NWinHook::FEnumProcessModules) (HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded)

Definition at line 125 of file ncbi_win_hook.cpp.

◆ FExitProcess

typedef VOID(WINAPI * NWinHook::FExitProcess) (UINT uExitCode)

Definition at line 309 of file ncbi_win_hook.cpp.

◆ FGetModuleFileNameExA

typedef DWORD(WINAPI * NWinHook::FGetModuleFileNameExA) (HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize)

Definition at line 131 of file ncbi_win_hook.cpp.

◆ FGetProcAddress

typedef FARPROC(WINAPI * NWinHook::FGetProcAddress) (HMODULE hModule, LPCSTR lpProcName)

Definition at line 306 of file ncbi_win_hook.cpp.

◆ FLoadLibraryA

typedef HMODULE(WINAPI * NWinHook::FLoadLibraryA) (LPCSTR lpLibFileName)

Definition at line 296 of file ncbi_win_hook.cpp.

◆ FLoadLibraryExA

typedef HMODULE(WINAPI * NWinHook::FLoadLibraryExA) (LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

Definition at line 298 of file ncbi_win_hook.cpp.

◆ FLoadLibraryExW

typedef HMODULE(WINAPI * NWinHook::FLoadLibraryExW) (LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)

Definition at line 302 of file ncbi_win_hook.cpp.

◆ FLoadLibraryW

typedef HMODULE(WINAPI * NWinHook::FLoadLibraryW) (LPCWSTR lpLibFileName)

Definition at line 297 of file ncbi_win_hook.cpp.

◆ FModule32First

typedef BOOL(WINAPI * NWinHook::FModule32First) (HANDLE hSnapshot, LPMODULEENTRY32_A lpme)

Definition at line 176 of file ncbi_win_hook.cpp.

◆ FModule32Next

typedef BOOL(WINAPI * NWinHook::FModule32Next) (HANDLE hSnapshot, LPMODULEENTRY32_A lpme)

Definition at line 180 of file ncbi_win_hook.cpp.

◆ FProcess32First

typedef BOOL(WINAPI * NWinHook::FProcess32First) (HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)

Definition at line 168 of file ncbi_win_hook.cpp.

◆ FProcess32Next

typedef BOOL(WINAPI * NWinHook::FProcess32Next) (HANDLE hSnapshot, LPPROCESSENTRY32_A lppe)

Definition at line 172 of file ncbi_win_hook.cpp.

Function Documentation

◆ ExtractModuleFileName()

static BOOL NWinHook::ExtractModuleFileName ( char *  pszFullFileName)
static

Definition at line 1565 of file ncbi_win_hook.cpp.

References FALSE, NULL, and TRUE.

◆ IsPsapiSupported()

static BOOL NWinHook::IsPsapiSupported ( void  )
static

Definition at line 589 of file ncbi_win_hook.cpp.

References FALSE, g_LoadLibraryA, and NULL.

Referenced by NWinHook::CTaskManager::CTaskManager().

◆ IsToolHelpSupported()

static BOOL NWinHook::IsToolHelpSupported ( void  )
static

Definition at line 566 of file ncbi_win_hook.cpp.

References FALSE, g_LoadLibraryA, and NULL.

Referenced by NWinHook::CTaskManager::CTaskManager().

◆ ModuleFromAddress()

static HMODULE NWinHook::ModuleFromAddress ( PVOID  pv)
static

Definition at line 603 of file ncbi_win_hook.cpp.

References NULL.

Referenced by NWinHook::CHookedFunction::ReplaceInAllModules().

Variable Documentation

◆ cPushOpCode

const BYTE NWinHook::cPushOpCode = 0x68

◆ g_FGetProcAddress

FGetProcAddress NWinHook::g_FGetProcAddress
static
Initial value:
= reinterpret_cast<FGetProcAddress>
(::GetProcAddress(::GetModuleHandleA("kernel32.dll"), "GetProcAddress"))
FARPROC(WINAPI * FGetProcAddress)(HMODULE hModule, LPCSTR lpProcName)

Definition at line 313 of file ncbi_win_hook.cpp.

Referenced by NWinHook::CPsapiHandler::Initialize(), and NWinHook::CApiHookMgr::xs_GetProcAddressWindows().

◆ g_Kernell32

CKernell32 NWinHook::g_Kernell32

Definition at line 500 of file ncbi_win_hook.cpp.

◆ g_LoadLibraryA

FLoadLibraryA NWinHook::g_LoadLibraryA
static
Initial value:
= reinterpret_cast<FLoadLibraryA>
(::GetProcAddress(::GetModuleHandleA("kernel32.dll"), "LoadLibraryA"))
HMODULE(WINAPI * FLoadLibraryA)(LPCSTR lpLibFileName)

Definition at line 316 of file ncbi_win_hook.cpp.

Referenced by NWinHook::CPEi386::CPEi386(), NWinHook::CApiHookMgr::HookImport(), NWinHook::CPsapiHandler::Initialize(), NWinHook::CToolhelpHandler::Initialize(), IsPsapiSupported(), and IsToolHelpSupported().

◆ MANDATORY_API_FUNCS

const API_FUNC_ID NWinHook::MANDATORY_API_FUNCS[]
Initial value:
=
{
{"Kernel32.dll", "LoadLibraryA"},
{"Kernel32.dll", "LoadLibraryW"},
{"Kernel32.dll", "LoadLibraryExA"},
{"Kernel32.dll", "LoadLibraryExW"},
{"Kernel32.dll", "GetProcAddress"}
}

Definition at line 703 of file ncbi_win_hook.cpp.

Referenced by NWinHook::CHookedFunction::IsMandatory().

◆ s_AppExited

bool NWinHook::s_AppExited = false
static
Modified on Sun Jul 21 04:21:45 2024 by modify_doxy.py rev. 669887