NCBI C++ ToolKit
ncbi_win_hook.hpp
Go to the documentation of this file.

Go to the SVN repository for this file.

1 #ifndef NCBI_WIN_HOOK__HPP
2 #define NCBI_WIN_HOOK__HPP
3 
4 /* $Id: ncbi_win_hook.hpp 58585 2013-06-18 15:26:09Z grichenk $
5  * ===========================================================================
6  *
7  * PUBLIC DOMAIN NOTICE
8  * National Center for Biotechnology Information
9  *
10  * This software/database is a "United States Government Work" under the
11  * terms of the United States Copyright Act. It was written as part of
12  * the author's official duties as a United States Government employee and
13  * thus cannot be copyrighted. This software/database is freely available
14  * to the public for use. The National Library of Medicine and the U.S.
15  * Government have not placed any restriction on its use or reproduction.
16  *
17  * Although all reasonable efforts have been taken to ensure the accuracy
18  * and reliability of the software and data, the NLM and the U.S.
19  * Government do not and cannot warrant the performance or results that
20  * may be obtained by using this software or data. The NLM and the U.S.
21  * Government disclaim all warranties, express or implied, including
22  * warranties of performance, merchantability or fitness for any particular
23  * purpose.
24  *
25  * Please cite the author in any work or product based on this material.
26  *
27  * ===========================================================================
28  *
29  * Author: Sergey Sikorskiy
30  *
31  * File Description: Windows DLL function hooking
32  *
33  */
34 
35 
36 /** @addtogroup WinHook
37  *
38  * @{
39  */
40 
41 #if defined(NCBI_OS_MSWIN)
42 
44 #include <process.h>
45 #include <Tlhelp32.h>
46 #include <vector>
47 
49 
50 namespace NWinHook
51 {
52 
53  ///////////////////////////////////////////////////////////////////////////////
55  {
56  public:
57  enum EErrCode {
59  eDisabled
60  };
61 
62  /// Translate from the error code value to its string representation.
63  virtual const char* GetErrCodeString(void) const;
64 
65  // Standard exception boilerplate code.
67  };
68 
69 
70  ///////////////////////////////////////////////////////////////////////////////
71  /// class CHookedFunctions
72  ///
73  class CHookedFunction;
74 
75  int my_stricmp(const char* left, const char* right);
76 
77  // !!! Not thred-safe class !!!
79  {
80  public:
81  CHookedFunctions(void);
82  ~CHookedFunctions(void);
83 
84  public:
85  /// Return the address of an CHookedFunction object
87  PCSTR pszCalleeModName,
88  PCSTR pszFuncName
89  ) const;
90 
91  /// Return the address of an CHookedFunction object
93  HMODULE hmod,
94  PCSTR pszFuncName
95  ) const;
96 
97  /// Add a new object to the container
98  BOOL AddHook(const CRef<CHookedFunction> pHook);
99  /// Remove exising object pointer from the container
101 
102  void UnHookAllFuncs(void);
103 
104  bool HaveHookedFunctions(void) const
105  {
106 // return(m_FunctionList.size() > 0);
107  size_t num = 0;
108 
110  num += it->second.size();
111  }
112 
113  return (num > 0);
114  }
115 
116  private:
117  /// Return the name of the function from EAT by its ordinal value
119  HMODULE hmodOriginal,
120  DWORD dwFuncOrdinalNum,
121  PSTR pszFuncName
122  ) const;
123  /// Return the name of the function by its ordinal value
125  PCSTR pszCalleeModName,
126  DWORD dwFuncOrdinalNum,
127  PSTR pszFuncName
128  ) const;
130  HMODULE hmodOriginal,
131  DWORD dwFuncOrdinalNum,
132  PSTR pszFuncName
133  ) const;
134 
135  private:
136  struct SNocaseCmp {
137  bool operator()(const string& x, const string& y) const {
138  return my_stricmp(x.c_str(), y.c_str()) < 0;
139  }
140  };
144 
145  // TFunctionList m_FunctionList;
148 
149  // Because of CApiHookMgr::HackModuleOnLoad
150  friend class CApiHookMgr;
151  };
152 
153 
154  ///////////////////////////////////////////////////////////////////////////////
155  /// class CApiHookMgr
156  ///
157  class CApiHookMgr {
158  private:
159  CApiHookMgr(void);
160  ~CApiHookMgr(void);
161  void operator =(const CApiHookMgr&);
162 
163  public:
164  static CApiHookMgr& GetInstance(void);
165 
166  /// Hook up an API
167  BOOL HookImport(PCSTR pszCalleeModName,
168  PCSTR pszFuncName,
169  PROC pfnHook
170  );
171 
172  /// Restore hooked up API function
173  BOOL UnHookImport(PCSTR pszCalleeModName,
174  PCSTR pszFuncName
175  );
176 
177  /// Used when a DLL is newly loaded after hooking a function
178  void WINAPI HackModuleOnLoad(HMODULE hmod,
179  DWORD dwFlags
180  );
181 
182  /// Return the address of an CHookedFunction object
183  /// Protected version.
185  PCSTR pszFuncName
186  ) const;
187 
188  /// Indicates whether there is hooked function
189  bool HaveHookedFunctions(void) const;
190 
191  private:
192  /// Hook all needed system functions in order to trap loading libraries
193  BOOL x_HookSystemFuncs(void);
194 
195  /// Unhook all functions and restore original ones
196  void x_UnHookAllFuncs(void);
197 
198  /// Used to trap events when DLLs are loaded
199  static HMODULE WINAPI MyLoadLibraryA(PCSTR pszModuleName);
200  /// Used to trap events when DLLs are loaded
201  static HMODULE WINAPI MyLoadLibraryW(PCWSTR pszModuleName);
202  /// Used to trap events when DLLs are loaded
203  static HMODULE WINAPI MyLoadLibraryExA(PCSTR pszModuleName,
204  HANDLE hFile,
205  DWORD dwFlags
206  );
207  /// Used to trap events when DLLs are loaded
208  static HMODULE WINAPI MyLoadLibraryExW(PCWSTR pszModuleName,
209  HANDLE hFile,
210  DWORD dwFlags
211  );
212  /// Returns address of replacement function if hooked function is
213  /// requested
214  static FARPROC WINAPI MyGetProcAddress(HMODULE hmod,
215  PCSTR pszProcName
216  );
217 
218  /// Returns original address of the API function
219  static FARPROC WINAPI xs_GetProcAddressWindows(
220  HMODULE hmod,
221  PCSTR pszProcName
222  );
223 
224  /// Add a newly intercepted function to the container
225  BOOL x_AddHook(PCSTR pszCalleeModName,
226  PCSTR pszFuncName,
227  PROC pfnOrig,
228  PROC pfnHook
229  );
230 
231  /// Remove intercepted function from the container
232  BOOL x_RemoveHook(PCSTR pszCalleeModName,
233  PCSTR pszFuncName
234  );
235 
237  /// Container keeps track of all hacked functions
239  /// Determines whether all system functions has been successfuly hacked
241 
242  friend class CSafeStatic_Allocator<CApiHookMgr>;
243  };
244 
245 
247  {
248  public:
249  typedef void (*TFunct) (void);
250 
251  static COnExitProcess& Instance(void);
252 
253  // Return true in case of success.
254  bool Add(TFunct funct);
255  void Remove(TFunct funct);
256  void ClearAll(void);
257 
258  private:
259  COnExitProcess(void);
260  ~COnExitProcess(void);
261 
262  // Hook function prototype
263  static void WINAPI xs_ExitProcess(UINT uExitCode);
264 
265  private:
266  typedef vector<TFunct> TRegistry;
267 
270  bool m_Hooked;
271 
273  };
274 }
275 
277 
278 #endif // NCBI_OS_MSWIN
279 
280 /* @} */
281 
282 #endif // NCBI_WIN_HOOK__HPP
CCoreException –.
Definition: ncbiexpt.hpp:1476
CFastMutex –.
Definition: ncbimtx.hpp:667
CRef –.
Definition: ncbiobj.hpp:618
Helper class for object allocation/deallocation.
class CApiHookMgr
class CHookedFunction
#define ITERATE(Type, Var, Cont)
ITERATE macro to sequence through container elements.
Definition: ncbimisc.hpp:815
EErrCode
Error types that an application can generate.
Definition: ncbiexpt.hpp:884
#define END_NCBI_SCOPE
End previously defined NCBI scope.
Definition: ncbistl.hpp:103
#define BEGIN_NCBI_SCOPE
Define ncbi namespace.
Definition: ncbistl.hpp:100
#define NCBI_DBAPIDRIVER_EXPORT
Definition: ncbi_export.h:392
BOOL UnHookImport(PCSTR pszCalleeModName, PCSTR pszFuncName)
Restore hooked up API function.
void WINAPI HackModuleOnLoad(HMODULE hmod, DWORD dwFlags)
Used when a DLL is newly loaded after hooking a function.
BOOL m_bSystemFuncsHooked
Determines whether all system functions has been successfuly hacked.
void operator=(const CApiHookMgr &)
int my_stricmp(const char *left, const char *right)
map< void *, TFunctionList > TModuleList
vector< TFunct > TRegistry
static FARPROC WINAPI xs_GetProcAddressWindows(HMODULE hmod, PCSTR pszProcName)
Returns original address of the API function.
CHookedFunctions m_pHookedFunctions
Container keeps track of all hacked functions.
void x_GetFunctionNameByOrdinal(PCSTR pszCalleeModName, DWORD dwFuncOrdinalNum, PSTR pszFuncName) const
Return the name of the function by its ordinal value.
CRef< CHookedFunction > GetHookedFunction(HMODULE hmod, PCSTR pszFuncName) const
Return the address of an CHookedFunction object Protected version.
BOOL HookImport(PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnHook)
Hook up an API.
static HMODULE WINAPI MyLoadLibraryExW(PCWSTR pszModuleName, HANDLE hFile, DWORD dwFlags)
Used to trap events when DLLs are loaded.
bool HaveHookedFunctions(void) const
Indicates whether there is hooked function.
static HMODULE WINAPI MyLoadLibraryW(PCWSTR pszModuleName)
Used to trap events when DLLs are loaded.
bool operator()(const string &x, const string &y) const
NCBI_EXCEPTION_DEFAULT(CWinHookException, CCoreException)
static FARPROC WINAPI MyGetProcAddress(HMODULE hmod, PCSTR pszProcName)
Returns address of replacement function if hooked function is requested.
void x_UnHookAllFuncs(void)
Unhook all functions and restore original ones.
map< string, TFunctionList, SNocaseCmp > TModuleNameList
TModuleNameList m_ModuleNameList
CRef< CHookedFunction > GetHookedFunction(PCSTR pszCalleeModName, PCSTR pszFuncName) const
Return the address of an CHookedFunction object.
map< string, CRef< CHookedFunction >, SNocaseCmp > TFunctionList
static HMODULE WINAPI MyLoadLibraryExA(PCSTR pszModuleName, HANDLE hFile, DWORD dwFlags)
Used to trap events when DLLs are loaded.
BOOL RemoveHook(const CRef< CHookedFunction > pHook)
Remove exising object pointer from the container.
BOOL x_RemoveHook(PCSTR pszCalleeModName, PCSTR pszFuncName)
Remove intercepted function from the container.
BOOL x_GetFunctionNameFromExportSection(HMODULE hmodOriginal, DWORD dwFuncOrdinalNum, PSTR pszFuncName) const
Return the name of the function from EAT by its ordinal value.
bool HaveHookedFunctions(void) const
BOOL x_HookSystemFuncs(void)
Hook all needed system functions in order to trap loading libraries.
static CApiHookMgr & GetInstance(void)
static HMODULE WINAPI MyLoadLibraryA(PCSTR pszModuleName)
Used to trap events when DLLs are loaded.
BOOL AddHook(const CRef< CHookedFunction > pHook)
Add a new object to the container.
BOOL x_AddHook(PCSTR pszCalleeModName, PCSTR pszFuncName, PROC pfnOrig, PROC pfnHook)
Add a newly intercepted function to the container.
#define HANDLE
An abstraction for a file handle.
Definition: mdb.c:383
Static variables safety - create on demand, destroy on application termination.
unsigned int UINT
Definition: sqltypes.h:263
unsigned int DWORD
Definition: sqltypes.h:98
int BOOL
Definition: sybdb.h:150
Modified on Fri Mar 01 10:09:17 2024 by modify_doxy.py rev. 669887