이현규 / interactive-text-hooker-niner

Go to a project
Toggle navigation Toggle navigation pinning
I_Jemin
84509bb2 1 parent 8558782c

Initiating

Expand all
Inline Side-by-side
Showing 308 changed files with 4763 additions and 251 deletions
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
## Ignore Mac Temp file
*.DS_Store
*.icloud
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# DNX
project.lock.json
artifacts/
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# TODO: Comment the next line if you want to checkin your web deploy settings
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/packages/*
# except build/, which is used as an MSBuild target.
!**/packages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/packages/repositories.config
# NuGet v3's project.json files produces more ignoreable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.pfx
*.publishsettings
node_modules/
orleans.codegen.cs
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
*.mdf
*.ldf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
## Ignore Previous SVN records
*.svn
\ No newline at end of file
......

Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HelloITH", "HelloITH\HelloITH.vcxproj", "{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Release|Win32 = Release|Win32
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}.Debug|Win32.ActiveCfg = Debug|Win32
{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}.Debug|Win32.Build.0 = Debug|Win32
{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}.Release|Win32.ActiveCfg = Release|Win32
{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
No preview for this file type
No preview for this file type
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{4DC93C7D-B6B3-46F8-BB98-2C01279C8075}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>HelloITH</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<IncludePath>$(SolutionDir)include;$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;</IncludePath>
<LibraryPath>$(SolutionDir)libs;$(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib</LibraryPath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(SolutionDir)include;$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;</IncludePath>
<LibraryPath>$(SolutionDir)libs;$(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib</LibraryPath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>IHF.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>ihf.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="main.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
</Project>
\ No newline at end of file
//Prevent ITH overide operator new.
#define DEFAULT_MM
#include <ITH\IHF.h>
#include <stdio.h>
static HookManager* man;
DWORD ProcessAttach(DWORD pid)
{
printf("Process %d attached.\n",pid);
return 0;
}
DWORD ProcessDetach(DWORD pid)
{
printf("Process %d detached.\n",pid);
return 0;
}
DWORD ProcessNewHook(DWORD pid)
{
printf("Process %d has new hook inserted.\n",pid);
return 0;
}
DWORD ThreadOutput(TextThread* t, BYTE* data,DWORD len, DWORD new_line, PVOID user_data)
{
printf("Thread %.4X output. len = %d, new_line = %d, user_data = %.8X\n",
t->Number(),len,new_line,user_data);
if (len <= 2)
{
//Single character.
printf("Data: %.2X",data[0]);
if (len == 2) printf(" %.2X",data[1]);
printf("\n");
}
else
{
printf("Data:\n");
for (DWORD i = 0; i < len; i++)
{
printf("%.2X ",data[i]);
if ((i & 0xF) == 0xF) printf("\n");
}
}
return len;
}
DWORD ThreadCreate(TextThread* t)
{
printf("New thread created.\n");
ThreadParameter* tp = t->GetThreadParameter();
printf("%.4x:%.4x:%.8X:%.8X:%.8X\n",t->Number(),tp->pid,tp->hook,tp->retn,tp->spl);
//Set output callback. This function is called when some text is dispatched to thread 't'.
//It's possible to set different callback for different thread.
t->RegisterOutputCallBack(ThreadOutput,0);
return 0;
}
int main(int argc, char** argv)
{
//__debugbreak();
HANDLE running = OpenMutex(MUTEX_ALL_ACCESS, FALSE, L"ITH_MAIN_RUNNING");
if (running != 0 || GetLastError() != ERROR_FILE_NOT_FOUND)
{
//There's another instance of ITH running in the system.
CloseHandle(running);
return 1;
}
if (IHF_Init())
{
IHF_GetHookManager(&man);
if (man)
{
man->RegisterProcessAttachCallback(ProcessAttach);
man->RegisterProcessDetachCallback(ProcessDetach);
man->RegisterProcessNewHookCallback(ProcessNewHook);
man->RegisterThreadCreateCallback(ThreadCreate);
IHF_Start();//IHF started functioning.
DWORD inject_pid;
printf("Enter pid to inject:\n");
scanf("%d",&inject_pid);
getchar(); //Get the last linebreak.
IHF_InjectByPID(inject_pid, 0); //Use default engine.
getchar(); //Wait till any key.
IHF_ActiveDetachProcess(inject_pid);
}
IHF_Cleanup();
}
else
{
//There's another program using IHF running in the system.
return 1;
}
//Sometimes the system create extra threads. Simply return from here doesn't shutdown the process.
//Even ExitProcess may fail. TerminateProcess is considered to be safer.
return 0;
}
\ No newline at end of file
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
class BitMap
{
public:
BitMap();
BitMap(unsigned long init_size);
~BitMap();
bool Check(unsigned long number);
void Set(unsigned long number);
void Reset();
void Clear(unsigned long number);
protected:
unsigned char* map;
unsigned long size;
};
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <windows.h>
#include <ITH\BitMap.h>
typedef void (*CustomFilterCallBack) (WORD, PVOID);
class CustomFilterUnicode : public BitMap
{
public:
CustomFilterUnicode();
~CustomFilterUnicode();
bool Check(WORD number);
void Set(WORD number);
void Clear(WORD number);
void Traverse(CustomFilterCallBack callback, PVOID param);
};
class CustomFilterMultiByte : public BitMap
{
public:
CustomFilterMultiByte();
~CustomFilterMultiByte();
bool Check(WORD number);
void Set(WORD number);
void Clear(WORD number);
void Reset();
void Traverse(CustomFilterCallBack callback, PVOID param);
private:
BYTE ascii_map[0x20];
};
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <memory.h>
#include <intrin.h>
#define HASH_SIZE_MD5 0x10
#define HASH_BLOCK_MD5 0x40
struct MD5_Context
{
union{
unsigned __int64 len;
struct {
unsigned int len_low,len_high;
};
};
unsigned int h0,h1,h2,h3;
unsigned int remain_len;
unsigned char remain[0x40];
}; //0x5C
void HashMD5Block(void* block, MD5_Context* ctx);
void HashMD5(void* msg, unsigned int len, void* hash);
void HashMD5Init(MD5_Context* ctx);
void HashMD5Update(MD5_Context* ctx, void* msg, int len);
void HashMD5Final(MD5_Context* ctx, void* hash);
#define HASH_SIZE_SHA1 0x14
#define HASH_BLOCK_SHA1 0x40
struct SHA1_Context
{
union{
unsigned __int64 len;
struct {
unsigned int len_low,len_high;
};
};
unsigned int h0,h1,h2,h3,h4;
unsigned int remain_len;
unsigned char remain[0x40];
}; //0x60
void HashSHA1Block(void* block, SHA1_Context* ctx);
void HashSHA1(void* msg, unsigned int len, void* hash);
void HashSHA1Init(SHA1_Context* ctx);
void HashSHA1Update(SHA1_Context* ctx, void* msg, int len);
void HashSHA1Final(SHA1_Context* ctx, void* hash);
#define HASH_SIZE_SHA256 32
#define HASH_BLOCK_SHA256 0x40
struct SHA256_Context
{
union{
unsigned __int64 len;
struct {
unsigned int len_low,len_high;
};
};
unsigned int h0,h1,h2,h3,h4,h5,h6,h7;
unsigned int remain_len;
unsigned char remain[0x40];
}; //0x6C
void HashSHA256Block(void* block, SHA256_Context* ctx);
void HashSHA256(void* msg, unsigned int len, void* hash);
void HashSHA256Init(SHA256_Context* ctx);
void HashSHA256Update(SHA256_Context* ctx, void* msg, int len);
void HashSHA256Final(SHA256_Context* ctx, void* hash);
#ifndef ITH_TLS_HASH_CALC
#define ITH_TLS_HASH_CALC
class HashCalculator
{
public:
HashCalculator() {}
virtual ~HashCalculator() {}
virtual void HashInit() {}
virtual void HashUpdate(void* msg, int len) {}
virtual void HashFinal(void* hash) {}
virtual int HashValueSize() const {return 0;}
virtual int HashBlockSize() const {return 0;}
};
enum HashType
{
HashTypeMD5 = 0,
HashTypeSHA1,
HashTypeSHA256
};
#endif
class MD5Calc : public HashCalculator
{
public:
MD5Calc();
virtual ~MD5Calc();
virtual void HashInit();
virtual void HashUpdate(void* msg, int len);
virtual void HashFinal(void* hash);
virtual int HashValueSize() const;
virtual int HashBlockSize() const;
private:
MD5_Context ctx;
};
class SHA1Calc : public HashCalculator
{
public:
SHA1Calc();
virtual ~SHA1Calc();
virtual void HashInit();
virtual void HashUpdate(void* msg, int len);
virtual void HashFinal(void* hash);
virtual int HashValueSize() const;
virtual int HashBlockSize() const;
private:
SHA1_Context ctx;
};
class SHA256Calc : public HashCalculator
{
public:
SHA256Calc();
virtual ~SHA256Calc();
virtual void HashInit();
virtual void HashUpdate(void* msg, int len);
virtual void HashFinal(void* hash);
virtual int HashValueSize() const;
virtual int HashBlockSize() const;
private:
SHA256_Context ctx;
};
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\TextThread.h>
#include <ITH\AVL.h>
#define MAX_REGISTER 0xF
#define MAX_PREV_REPEAT_LENGTH 0x20
struct ProcessRecord {
DWORD pid_register;
DWORD hookman_register;
DWORD module_register;
DWORD engine_register;
HANDLE process_handle;
HANDLE hookman_mutex;
HANDLE hookman_section;
LPVOID hookman_map;
};
class ThreadTable : public MyVector<TextThread*,0x40>
{
public:
virtual void SetThread(DWORD number, TextThread* ptr);
virtual TextThread* FindThread(DWORD number);
};
class TCmp
{
public:
char operator()(const ThreadParameter* t1,const ThreadParameter* t2);
};
class TCpy
{
public:
void operator()(ThreadParameter* t1,const ThreadParameter* t2);
};
class TLen
{
public:
int operator()(const ThreadParameter* t);
};
typedef DWORD (*ProcessEventCallback)(DWORD pid);
class HookManager : public AVLTree<ThreadParameter,DWORD,TCmp,TCpy,TLen>
{
public:
HookManager();
~HookManager();
virtual TextThread* FindSingle(DWORD pid, DWORD hook, DWORD retn, DWORD split);
virtual TextThread* FindSingle(DWORD number);
virtual ProcessRecord* GetProcessRecord(DWORD pid);
virtual DWORD GetProcessIDByPath(LPWSTR str);
virtual void RemoveSingleThread(DWORD number);
virtual void LockHookman();
virtual void UnlockHookman();
virtual void ResetRepeatStatus();
virtual void ClearCurrent();
virtual void AddLink(WORD from, WORD to);
virtual void UnLink(WORD from);
virtual void UnLinkAll(WORD from);
virtual void SelectCurrent(DWORD num);
virtual void DetachProcess(DWORD pid);
virtual void SetCurrent(TextThread* it);
virtual void AddConsoleOutput(LPCWSTR text);
void DispatchText(DWORD pid, BYTE* text, DWORD hook, DWORD retn, DWORD split, int len);
void ClearText(DWORD pid, DWORD hook, DWORD retn, DWORD split);
void RemoveProcessContext(DWORD pid);
void RemoveSingleHook(DWORD pid, DWORD addr);
void RegisterThread(TextThread*, DWORD);
void RegisterPipe(HANDLE text, HANDLE cmd, HANDLE thread);
void RegisterProcess(DWORD pid, DWORD hookman, DWORD module, DWORD engine);
void UnRegisterProcess(DWORD pid);
void SetName(DWORD);
DWORD GetCurrentPID();
HANDLE GetCmdHandleByPID(DWORD pid);
inline ThreadEventCallback RegisterThreadCreateCallback(ThreadEventCallback cf)
{
return (ThreadEventCallback)_InterlockedExchange((long*)&create,(long)cf);
}
inline ThreadEventCallback RegisterThreadRemoveCallback(ThreadEventCallback cf)
{
return (ThreadEventCallback)_InterlockedExchange((long*)&remove,(long)cf);
}
inline ThreadEventCallback RegisterThreadResetCallback(ThreadEventCallback cf)
{
return (ThreadEventCallback)_InterlockedExchange((long*)&reset,(long)cf);
}
inline ProcessEventCallback RegisterProcessAttachCallback(ProcessEventCallback cf)
{
return (ProcessEventCallback)_InterlockedExchange((long*)&attach,(long)cf);
}
inline ProcessEventCallback RegisterProcessDetachCallback(ProcessEventCallback cf)
{
return (ProcessEventCallback)_InterlockedExchange((long*)&detach,(long)cf);
}
inline ProcessEventCallback RegisterProcessNewHookCallback(ProcessEventCallback cf)
{
return (ProcessEventCallback)_InterlockedExchange((long*)&hook,(long)cf);
}
inline ProcessEventCallback ProcessNewHook() {return hook;}
inline TextThread* GetCurrentThread() {return current;}
inline ProcessRecord* Records() {return record;}
inline ThreadTable* Table() {return thread_table;}
/*inline DWORD& SplitTime() {return split_time;}
inline DWORD& RepeatCount() {return repeat_count;}
inline DWORD& CyclicRemove() {return cyclic_remove;}
inline DWORD& GlobalFilter() {return global_filter;}*/
private:
CRITICAL_SECTION hmcs;
TextThread *current;
ThreadEventCallback create,remove,reset;
ProcessEventCallback attach,detach,hook;
DWORD current_pid;
ThreadTable *thread_table;
HANDLE destroy_event;
ProcessRecord record[MAX_REGISTER+1];
HANDLE text_pipes[MAX_REGISTER+1];
HANDLE cmd_pipes[MAX_REGISTER+1];
HANDLE recv_threads[MAX_REGISTER+1];
WORD register_count, new_thread_number;
};
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\HookManager.h>
#define IHFAPI __stdcall
#ifdef IHF
#define IHFSERVICE __declspec(dllexport)
#else
#define IHFSERVICE __declspec(dllimport)
#endif
#define ITH_DEFAULT_ENGINE 0
extern "C" {
IHFSERVICE DWORD IHFAPI IHF_Init();
IHFSERVICE DWORD IHFAPI IHF_Start();
IHFSERVICE DWORD IHFAPI IHF_Cleanup();
IHFSERVICE DWORD IHFAPI IHF_GetPIDByName(LPWSTR pwcTarget);
IHFSERVICE DWORD IHFAPI IHF_InjectByPID(DWORD pid, LPWSTR engine);
IHFSERVICE DWORD IHFAPI IHF_ActiveDetachProcess(DWORD pid);
IHFSERVICE DWORD IHFAPI IHF_GetHookManager(HookManager** hookman);
IHFSERVICE DWORD IHFAPI IHF_GetSettingManager(SettingManager** set_man);
IHFSERVICE DWORD IHFAPI IHF_InsertHook(DWORD pid, HookParam* hp, LPWSTR name = 0);
IHFSERVICE DWORD IHFAPI IHF_ModifyHook(DWORD pid, HookParam* hp);
IHFSERVICE DWORD IHFAPI IHF_RemoveHook(DWORD pid, DWORD addr);
IHFSERVICE DWORD IHFAPI IHF_IsAdmin();
//IHFSERVICE DWORD IHFAPI IHF_GetFilters(PVOID* mb_filter, PVOID* uni_filter);
IHFSERVICE DWORD IHFAPI IHF_AddLink(DWORD from, DWORD to);
IHFSERVICE DWORD IHFAPI IHF_UnLink(DWORD from);
IHFSERVICE DWORD IHFAPI IHF_UnLinkAll(DWORD from);
}
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\common.h>
#ifdef IHF
#define IHFAPI __declspec(dllexport) __stdcall
#else
#define IHFAPI __declspec(dllimport) __stdcall
#endif
extern "C" {
DWORD IHFAPI OutputConsole(LPWSTR str);
DWORD IHFAPI OutputDWORD(DWORD d);
DWORD IHFAPI OutputRegister(DWORD *base);
DWORD IHFAPI NotifyHookInsert(DWORD addr);
DWORD IHFAPI NewHook(const HookParam& hp, LPWSTR name=0, DWORD flag=HOOK_ENGINE);
DWORD IHFAPI RemoveHook(DWORD addr);
DWORD IHFAPI RegisterEngineModule(DWORD base, DWORD idEngine, DWORD dnHook);
DWORD IHFAPI SwitchTrigger(DWORD on);
DWORD IHFAPI GetFunctionAddr(char* name, DWORD* addr, DWORD *base, DWORD* size, LPWSTR* base_name);
}
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\ntdll.h>
extern "C" {
extern WORD* NlsAnsiCodePage;
int disasm(BYTE* opcode0);
int FillRange(LPWSTR name,DWORD* lower, DWORD* upper);
int MB_WC(char* mb, wchar_t* wc);
int MB_WC_count(char* mb, int mb_length);
int WC_MB(wchar_t *wc, char* mb);
DWORD SearchPattern(DWORD base, DWORD base_length, LPVOID search, DWORD search_length); //KMP
BOOL IthInitSystemService();
void IthCloseSystemService();
DWORD IthGetMemoryRange(LPVOID mem, DWORD* base, DWORD* size);
BOOL IthCheckFile(LPWSTR file);
BOOL IthFindFile(LPWSTR file);
BOOL IthGetFileInfo(LPWSTR file, LPVOID info, DWORD size = 0x1000);
BOOL IthCheckFileFullPath(LPWSTR file);
HANDLE IthCreateFile(LPWSTR name, DWORD option, DWORD share, DWORD disposition);
HANDLE IthCreateFileInDirectory(LPWSTR name, HANDLE dir, DWORD option, DWORD share, DWORD disposition);
HANDLE IthCreateDirectory(LPWSTR name);
HANDLE IthCreateFileFullPath(LPWSTR full_path, DWORD option, DWORD share, DWORD disposition);
HANDLE IthPromptCreateFile(DWORD option, DWORD share, DWORD disposition);
HANDLE IthCreateSection(LPWSTR name, DWORD size, DWORD right);
HANDLE IthCreateEvent(LPWSTR name, DWORD auto_reset=0, DWORD init_state=0);
HANDLE IthOpenEvent(LPWSTR name);
void IthSetEvent(HANDLE hEvent);
void IthResetEvent(HANDLE hEvent);
HANDLE IthCreateMutex(LPWSTR name, BOOL InitialOwner, DWORD* exist=0);
HANDLE IthOpenMutex(LPWSTR name);
BOOL IthReleaseMutex(HANDLE hMutex);
//DWORD IthWaitForSingleObject(HANDLE hObject, DWORD dwTime);
HANDLE IthCreateThread(LPVOID start_addr, DWORD param, HANDLE hProc=(HANDLE)-1);
DWORD GetExportAddress(DWORD hModule,DWORD hash);
void IthSleep(int time);
void IthSystemTimeToLocalTime(LARGE_INTEGER* ptime);
void FreeThreadStart(HANDLE hProc);
void CheckThreadStart();
}
extern HANDLE hHeap;
extern DWORD current_process_id,debug;
extern BYTE LeadByteTable[];
extern LPVOID page;
extern BYTE launch_time[];
inline DWORD GetHash(LPSTR str)
{
DWORD hash=0;
for (;*str;str++)
{
hash=((hash>>7)|(hash<<25))+(*str);
}
return hash;
}
inline DWORD GetHash(LPWSTR str)
{
DWORD hash=0;
for (;*str;str++)
{
hash=((hash>>7)|(hash<<25))+(*str);
}
return hash;
}
inline void IthBreak()
{
if (debug) __debugbreak();
}
inline LPWSTR GetMainModulePath()
{
__asm
{
mov eax, fs:[0x30]
mov eax, [eax + 0xC]
mov eax, [eax + 0xC]
mov eax, [eax + 0x28]
}
}
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\Hash.h>
#ifdef ITH_TLS
#define ITH_TLS_SERVICE __declspec(dllexport)
#else
#define ITH_TLS_SERVICE __declspec(dllimport)
#endif
#define ITH_TLS_API __stdcall
#ifndef ITH_TLS_SOCKET
#define ITH_TLS_SOCKET
class TransportSocket
{
public:
TransportSocket() : sock(0), type(0), error_code(0), status(0) {}
virtual ~TransportSocket();
virtual int socket();
virtual int connect(char* server, int port = 0); //pass 0 to make use of default port number.
//This number is 80 for plain socket and 443 for secure socket.
virtual int close();
virtual int send(void* data, int len);
virtual int recv(void* data, int len);
inline int Type() {return type;}
protected:
int sock, type, error_code, status;
};
#endif
extern "C" {
ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Init();
ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_Cleanup();
ITH_TLS_SERVICE HashCalculator* ITH_TLS_API ITH_TLS_NewHashCalculator(HashType type);
ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroyHashCalculator(HashCalculator* hash);
ITH_TLS_SERVICE TransportSocket* ITH_TLS_API ITH_TLS_NewSocket(DWORD secure);
ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_DestroySocket(TransportSocket* socket);
ITH_TLS_SERVICE DWORD ITH_TLS_API ITH_TLS_RSAEncrypt(void* key, void* data, void* out, DWORD len_in_bytes);
};
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <intrin.h>
#define SETTING_SPLIT_TIME 0
#define SETTING_CYCLIC_REMOVE 1
#define SETTING_REPEAT_COUNT 2
#define SETTING_CLIPFLAG 3
#define SETTING_MAX_INDEX 4
class SettingManager
{
public:
SettingManager() {memset(settting_int,0,sizeof(settting_int));}
~SettingManager(){}
unsigned int SetValue(unsigned int index, unsigned int value)
{
if (index < SETTING_MAX_INDEX)
return (unsigned int)_InterlockedExchange((long*)settting_int+index,(long)value);
else return 0;
}
unsigned int GetValue(unsigned int index)
{
if (index < SETTING_MAX_INDEX)
return settting_int[index];
else return 0;
}
private:
unsigned int settting_int[SETTING_MAX_INDEX];
};
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <ITH\main_template.h>
#include <ITH\common.h>
#include <ITH\SettingManager.h>
struct RepeatCountNode
{
short repeat;
short count;
RepeatCountNode* next;
};
struct ThreadParameter
{
DWORD pid;
DWORD hook;
DWORD retn;
DWORD spl;
};
#define CURRENT_SELECT 0x1000
#define REPEAT_NUMBER_DECIDED 0x2000
#define BUFF_NEWLINE 0x4000
#define CYCLIC_REPEAT 0x8000
#define COUNT_PER_FOWARD 0x200
#define REPEAT_DETECT 0x10000
#define REPEAT_SUPPRESS 0x20000
#define REPEAT_NEWLINE 0x40000
class TextThread;
typedef DWORD (*ThreadOutputFilterCallback) (TextThread*, BYTE*,DWORD,DWORD,PVOID);
typedef DWORD (*ThreadEventCallback) (TextThread*);
//extern DWORD split_time,repeat_count,global_filter,cyclic_remove;
class TextThread : public MyVector<BYTE, 0x200>
{
public:
TextThread(DWORD pid, DWORD hook, DWORD retn, DWORD spl, WORD num);
virtual ~TextThread();
virtual void CopyLastSentence(LPWSTR str);
virtual void SetComment(LPWSTR);
virtual void ExportTextToFile(LPWSTR filename);
virtual bool CheckCycle(TextThread* start);
virtual DWORD GetThreadString(LPWSTR str, DWORD max);
virtual DWORD GetEntryString(LPWSTR str, DWORD max = 0x200);
void Reset();
void AddText(BYTE* con,int len, bool new_line=false, bool console=false);
void AddTextDirect(BYTE* con, int len);
void RemoveSingleRepeatAuto(BYTE* con, int &len);
void RemoveSingleRepeatForce(BYTE* con, int &len);
void RemoveCyclicRepeat(BYTE* &con, int &len);
void ResetRepeatStatus();
void AddLineBreak();
void ResetEditText();
void ComboSelectCurrent();
void UnLinkAll();
void CopyLastToClipboard();
//void AdjustPrevRepeat(DWORD len);
//void PrevRepeatLength(DWORD &len);
//bool AddToCombo();
bool RemoveFromCombo();
void SetNewLineFlag();
void SetNewLineTimer();
BYTE* GetStore(DWORD* len) {if (len) *len = used; return storage;}
inline DWORD LastSentenceLen() {return used - last_sentence;}
inline DWORD PID() const {return tp.pid;}
inline DWORD Addr() const {return tp.hook;}
inline DWORD& Status() {return status;}
inline WORD Number() const {return thread_number;}
inline WORD& Last() {return last;}
inline WORD& LinkNumber() {return link_number;}
inline UINT_PTR& Timer() {return timer;}
inline ThreadParameter* GetThreadParameter() {return &tp;}
inline TextThread*& Link() {return link;}
inline ThreadOutputFilterCallback RegisterOutputCallBack(ThreadOutputFilterCallback cb, PVOID data)
{
app_data = data;
return (ThreadOutputFilterCallback)_InterlockedExchange((long*)&output,(long)cb);
}
inline ThreadOutputFilterCallback RegisterFilterCallBack(ThreadOutputFilterCallback cb, PVOID data)
{
app_data = data;
return (ThreadOutputFilterCallback)_InterlockedExchange((long*)&filter,(long)cb);
}
inline void SetRepeatFlag() {status|=CYCLIC_REPEAT;}
inline void ClearNewLineFlag() {status&=~BUFF_NEWLINE;}
inline void ClearRepeatFlag() {status&=~CYCLIC_REPEAT;}
inline LPCWSTR GetComment() {return comment;}
private:
ThreadParameter tp;
WORD thread_number,link_number;
WORD last,align_space;
WORD repeat_single;
WORD repeat_single_current;
WORD repeat_single_count;
WORD repeat_detect_count;
RepeatCountNode* head;
TextThread *link;
ThreadOutputFilterCallback filter,output;
PVOID app_data;
LPWSTR comment,thread_string;
UINT_PTR timer;
DWORD status,repeat_detect_limit;
DWORD last_sentence,prev_sentence,sentence_length,repeat_index,last_time;
};
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <windows.h>
#include <ITH\string.h>
#include <ITH\mem.h>
#define IHF_COMMAND -1
#define IHF_COMMAND_NEW_HOOK 0
#define IHF_COMMAND_REMOVE_HOOK 1
#define IHF_COMMAND_MODIFY_HOOK 2
#define IHF_COMMAND_DETACH 3
#define IHF_NOTIFICATION -1
#define IHF_NOTIFICATION_TEXT 0
#define IHF_NOTIFICATION_NEWHOOK 1
#define USING_STRING 0x1
#define USING_UNICODE 0x2
#define BIG_ENDIAN 0x4
#define DATA_INDIRECT 0x8
#define USING_SPLIT 0x10
#define SPLIT_INDIRECT 0x20
#define MODULE_OFFSET 0x40
#define FUNCTION_OFFSET 0x80
#define PRINT_DWORD 0x100
#define STRING_LAST_CHAR 0x200
#define NO_CONTEXT 0x400
#define EXTERN_HOOK 0x800
#define HOOK_AUXILIARY 0x2000
#define HOOK_ENGINE 0x4000
#define HOOK_ADDITIONAL 0x8000
#define MAX_HOOK 32
struct HookParam //0x24
{
typedef void (*DataFun)(DWORD, HookParam*, DWORD*, DWORD*, DWORD*);
DWORD addr;
DWORD off,ind,split,split_ind;
DWORD module,function;
DataFun extern_fun;
DWORD type;
WORD length_offset;
BYTE hook_len,recover_len;
};
struct SendParam
{
DWORD type;
HookParam hp;
};
class Hook //0x80
{
public:
inline DWORD Address() const {return hp.addr;}
inline DWORD Type() const {return hp.type;}
inline WORD Length() const {return hp.hook_len;}
inline LPWSTR Name() const {return hook_name;}
inline int NameLength() const {return name_length;}
//protected:
HookParam hp;
LPWSTR hook_name;
int name_length;
BYTE recover[0x68-sizeof(HookParam)];
BYTE original[0x10];
};
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <windows.h>
template <typename T>
void Release(const T& p) {delete p;}
//Prevent memory release.
//Used when T is basic types and will be automatically released (on stack).
#define MK_BASIC_TYPE(T) \
template<> \
void Release<T>(const T& p) {}
template<class T>
class BinaryEqual
{
public:
bool operator ()(const T& a, const T& b, DWORD) {return a==b;}
};
template<class T, int default_size, class fComp=BinaryEqual<T> >
class MyVector
{
public:
MyVector()
{
InitializeCriticalSection(&cs_store);
size=default_size;
used=0;
storage=new T[size];
}
virtual ~MyVector()
{
if (storage) delete []storage;
DeleteCriticalSection(&cs_store);
storage=0;
}
void Reset()
{
EnterCriticalSection(&cs_store);
for (int i=0;i<used;i++)
{
Release<T>(storage[i]);
storage[i]=T();
}
used=0;
LeaveCriticalSection(&cs_store);
}
void Remove(int index)
{
if (index>=used) return;
Release<T>(storage[index]);
for (int i=index;i<used;i++)
storage[i]=storage[i+1];
used--;
}
void ClearMemory(int offset, int clear_size)
{
if (clear_size<0) return;
EnterCriticalSection(&cs_store);
if (offset+clear_size<=size)
{
memset(storage+offset,0,clear_size*sizeof(T));
}
LeaveCriticalSection(&cs_store);
//else __asm int 3
}
int AddToStore(T* con,int amount)
{
if (amount<=0||con==0) return 0;
int status=0;
EnterCriticalSection(&cs_store);
if (amount+used+2>=size)
{
while (amount+used+2>=size) size<<=1;
T* temp;
if (size*sizeof(T)<0x1000000)
{
temp=new T[size];
memcpy(temp,storage,used*sizeof(T));
}
else
{
size=default_size;
temp=new T[size];
used=0;
status=1;
}
delete []storage;
storage=temp;
}
memcpy(storage+used,con,amount*sizeof(T));
used+=amount;
LeaveCriticalSection(&cs_store);
return status;
}
int Find(const T& item, int start=0, DWORD control=0)
{
int c=-1;
for (int i=start;i<used;i++)
if (fCmp(storage[i],item,control)) {c=i;break;}
//if (storage[i]==item) {c=i;break;}
return c;
}
inline int Used() const {return used;}
inline T* Storage() const {return storage;}
inline void LockVector() {EnterCriticalSection(&cs_store);}
inline void UnlockVector() {LeaveCriticalSection(&cs_store);}
protected:
CRITICAL_SECTION cs_store;
int size, used;
T *storage;
fComp fCmp;
};
#ifndef ITH_STACK
#define ITH_STACK
template<class T, int default_size>
class MyStack
{
public:
MyStack(): index(0) {}
void push_back(const T& e)
{
if (index<default_size)
s[index++]=e;
}
void pop_back()
{
index--;
}
T& back()
{
return s[index-1];
}
T& operator[](int i) {return s[i];}
int size() {return index;}
private:
int index;
T s[default_size];
};
#endif
\ No newline at end of file
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#ifndef DEFAULT_MM
extern "C" {
__declspec(dllimport) void* __stdcall RtlAllocateHeap(void* hHeap, unsigned long flags, unsigned long size);
__declspec(dllimport) int __stdcall RtlFreeHeap(void*,unsigned long,void*);
};
extern void* hHeap;
//HEAP_ZERO_MEMORY flag is critical. All new objects are assumed with zero initialized.
inline void * __cdecl operator new(size_t lSize)
{
return RtlAllocateHeap(hHeap, 8, lSize);
}
inline void __cdecl operator delete(void *pBlock)
{
RtlFreeHeap(hHeap, 0, pBlock);
}
inline void __cdecl operator delete[](void* pBlock)
{
RtlFreeHeap(hHeap, 0, pBlock);
}
#endif
\ No newline at end of file
This diff could not be displayed because it is too large.
/* Copyright (C) 2010-2012 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#define _INC_SWPRINTF_INL_
#define CRT_IMPORT __declspec(dllimport)
extern "C" {
CRT_IMPORT int swprintf(wchar_t * _String, const wchar_t * _Format, ...);
CRT_IMPORT int sprintf(char * _String, const char * _Format, ...);
CRT_IMPORT int swscanf(const wchar_t * _Src, const wchar_t * _Format, ...);
CRT_IMPORT int sscanf(const char * _String, const char * _Format, ...);
CRT_IMPORT int wprintf(const wchar_t* _Format, ...);
CRT_IMPORT int printf(const char* _Format, ...);
CRT_IMPORT int _wputs(const wchar_t* _String);
CRT_IMPORT int puts(const char* _String);
CRT_IMPORT int _stricmp(const char * _Str1, const char * _Str2);
CRT_IMPORT int _wcsicmp(const wchar_t * _Str1, const wchar_t * _Str2);
//CRT_IMPORT size_t strlen(const char *);
//CRT_IMPORT size_t wcslen(const wchar_t *);
//CRT_IMPORT char *strcpy(char *,const char *);
//CRT_IMPORT wchar_t *wcscpy(wchar_t *,const wchar_t *);
CRT_IMPORT void * memmove(void * _Dst, const void * _Src, size_t _Size);
CRT_IMPORT const char * strchr(const char * _Str, int _Val);
CRT_IMPORT int strncmp(const char * _Str1, const char * _Str2, size_t _MaxCount);
}
/*
www.sourceforge.net/projects/tinyxml
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any
damages arising from the use of this software.
Permission is granted to anyone to use this software for any
purpose, including commercial applications, and to alter it and
redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must
not claim that you wrote the original software. If you use this
software in a product, an acknowledgment in the product documentation
would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and
must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source
distribution.
************************************************************
Modified by kaosu, remove the stdio header and added a customized
string header. Added a memory header to reload new and delete operator
to comply with ITH memory model.
*/
#ifndef TIXML_USE_STL
#ifndef TIXML_STRING_INCLUDED
#define TIXML_STRING_INCLUDED
#include <assert.h>
#include <intrin.h>
#include <ITH\string.h>
#include <ITH\mem.h>
/* The support for explicit isn't that universal, and it isn't really
required - it is used to check that the TiXmlString class isn't incorrectly
used. Be nice to old compilers and macro it here:
*/
#if defined(_MSC_VER) && (_MSC_VER >= 1200 )
// Microsoft visual studio, version 6 and higher.
#define TIXML_EXPLICIT explicit
#elif defined(__GNUC__) && (__GNUC__ >= 3 )
// GCC version 3 and higher.s
#define TIXML_EXPLICIT explicit
#else
#define TIXML_EXPLICIT
#endif
/*
TiXmlString is an emulation of a subset of the std::string template.
Its purpose is to allow compiling TinyXML on compilers with no or poor STL support.
Only the member functions relevant to the TinyXML project have been implemented.
The buffer allocation is made by a simplistic power of 2 like mechanism : if we increase
a string and there's no more room, we allocate a buffer twice as big as we need.
*/
class TiXmlString
{
public :
// The size type used
typedef size_t size_type;
// Error value for find primitive
static const size_type npos; // = -1;
// TiXmlString empty constructor
TiXmlString () : rep_(&nullrep_)
{
}
// TiXmlString copy constructor
TiXmlString ( const TiXmlString & copy) : rep_(0)
{
init(copy.length());
memcpy(start(), copy.data(), length());
}
// TiXmlString constructor, based on a string
TIXML_EXPLICIT TiXmlString ( const char * copy) : rep_(0)
{
init( static_cast<size_type>( strlen(copy) ));
memcpy(start(), copy, length());
}
// TiXmlString constructor, based on a string
TIXML_EXPLICIT TiXmlString ( const char * str, size_type len) : rep_(0)
{
init(len);
memcpy(start(), str, len);
}
// TiXmlString destructor
~TiXmlString ()
{
quit();
}
TiXmlString& operator = (const char * copy)
{
return assign( copy, (size_type)strlen(copy));
}
TiXmlString& operator = (const TiXmlString & copy)
{
return assign(copy.start(), copy.length());
}
// += operator. Maps to append
TiXmlString& operator += (const char * suffix)
{
return append(suffix, static_cast<size_type>( strlen(suffix) ));
}
// += operator. Maps to append
TiXmlString& operator += (char single)
{
return append(&single, 1);
}
// += operator. Maps to append
TiXmlString& operator += (const TiXmlString & suffix)
{
return append(suffix.data(), suffix.length());
}
// Convert a TiXmlString into a null-terminated char *
const char * c_str () const { return rep_->str; }
// Convert a TiXmlString into a char * (need not be null terminated).
const char * data () const { return rep_->str; }
// Return the length of a TiXmlString
size_type length () const { return rep_->size; }
// Alias for length()
size_type size () const { return rep_->size; }
// Checks if a TiXmlString is empty
bool empty () const { return rep_->size == 0; }
// Return capacity of string
size_type capacity () const { return rep_->capacity; }
// single char extraction
const char& at (size_type index) const
{
assert( index < length() );
return rep_->str[ index ];
}
// [] operator
char& operator [] (size_type index) const
{
assert( index < length() );
return rep_->str[ index ];
}
// find a char in a string. Return TiXmlString::npos if not found
size_type find (char lookup) const
{
return find(lookup, 0);
}
// find a char in a string from an offset. Return TiXmlString::npos if not found
size_type find (char tofind, size_type offset) const
{
if (offset >= length()) return npos;
for (const char* p = c_str() + offset; *p != '\0'; ++p)
{
if (*p == tofind) return static_cast< size_type >( p - c_str() );
}
return npos;
}
void clear ()
{
//Lee:
//The original was just too strange, though correct:
// TiXmlString().swap(*this);
//Instead use the quit & re-init:
quit();
init(0,0);
}
/* Function to reserve a big amount of data when we know we'll need it. Be aware that this
function DOES NOT clear the content of the TiXmlString if any exists.
*/
void reserve (size_type cap);
TiXmlString& assign (const char* str, size_type len);
TiXmlString& append (const char* str, size_type len);
void swap (TiXmlString& other)
{
Rep* r = rep_;
rep_ = other.rep_;
other.rep_ = r;
}
private:
void init(size_type sz) { init(sz, sz); }
void set_size(size_type sz) { rep_->str[ rep_->size = sz ] = '\0'; }
char* start() const { return rep_->str; }
char* finish() const { return rep_->str + rep_->size; }
struct Rep
{
size_type size, capacity;
char str[1];
};
void init(size_type sz, size_type cap)
{
if (cap)
{
// Lee: the original form:
// rep_ = static_cast<Rep*>(operator new(sizeof(Rep) + cap));
// doesn't work in some cases of new being overloaded. Switching
// to the normal allocation, although use an 'int' for systems
// that are overly picky about structure alignment.
const size_type bytesNeeded = sizeof(Rep) + cap;
const size_type intsNeeded = ( bytesNeeded + sizeof(int) - 1 ) / sizeof( int );
rep_ = reinterpret_cast<Rep*>( new int[ intsNeeded ] );
rep_->str[ rep_->size = sz ] = '\0';
rep_->capacity = cap;
}
else
{
rep_ = &nullrep_;
}
}
void quit()
{
if (rep_ != &nullrep_)
{
// The rep_ is really an array of ints. (see the allocator, above).
// Cast it back before delete, so the compiler won't incorrectly call destructors.
delete [] ( reinterpret_cast<int*>( rep_ ) );
}
}
Rep * rep_;
static Rep nullrep_;
} ;
inline bool operator == (const TiXmlString & a, const TiXmlString & b)
{
return ( a.length() == b.length() ) // optimization on some platforms
&& ( strcmp(a.c_str(), b.c_str()) == 0 ); // actual compare
}
inline bool operator < (const TiXmlString & a, const TiXmlString & b)
{
return strcmp(a.c_str(), b.c_str()) < 0;
}
inline bool operator != (const TiXmlString & a, const TiXmlString & b) { return !(a == b); }
inline bool operator > (const TiXmlString & a, const TiXmlString & b) { return b < a; }
inline bool operator <= (const TiXmlString & a, const TiXmlString & b) { return !(b < a); }
inline bool operator >= (const TiXmlString & a, const TiXmlString & b) { return !(a < b); }
inline bool operator == (const TiXmlString & a, const char* b) { return strcmp(a.c_str(), b) == 0; }
inline bool operator == (const char* a, const TiXmlString & b) { return b == a; }
inline bool operator != (const TiXmlString & a, const char* b) { return !(a == b); }
inline bool operator != (const char* a, const TiXmlString & b) { return !(b == a); }
TiXmlString operator + (const TiXmlString & a, const TiXmlString & b);
TiXmlString operator + (const TiXmlString & a, const char* b);
TiXmlString operator + (const char* a, const TiXmlString & b);
/*
TiXmlOutStream is an emulation of std::ostream. It is based on TiXmlString.
Only the operators that we need for TinyXML have been developped.
*/
class TiXmlOutStream : public TiXmlString
{
public :
// TiXmlOutStream << operator.
TiXmlOutStream & operator << (const TiXmlString & in)
{
*this += in;
return *this;
}
// TiXmlOutStream << operator.
TiXmlOutStream & operator << (const char * in)
{
*this += in;
return *this;
}
} ;
#endif // TIXML_STRING_INCLUDED
#endif // TIXML_USE_STL
This diff is collapsed. Click to expand it.
const wchar_t* build_date=L"2012.05.05";
No preview for this file type
No preview for this file type

Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookMe1-FontCaching", "HookMe1-FontCaching\HookMe1-FontCaching.vcxproj", "{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Release|Win32 = Release|Win32
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}.Debug|Win32.ActiveCfg = Release|Win32
{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}.Debug|Win32.Build.0 = Release|Win32
{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}.Release|Win32.ActiveCfg = Release|Win32
{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
No preview for this file type
This diff is collapsed. Click to expand it.
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{CC13BFB3-0098-4749-BDF7-1D0DB551CF9E}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>HookMe1FontCaching</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>..\msvcrt.lib;kernel32.lib;user32.lib;gdi32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<EntryPointSymbol>main</EntryPointSymbol>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="main.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="HookMe1.rc" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="AVL.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="HookMe1.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="AVL.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
</Project>
\ No newline at end of file
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
<?xml version="1.0" encoding="shift_jis"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="EnableSEH"
ProjectGUID="{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}"
RootNamespace="EnableSEH"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
LinkIncremental="2"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
EnableIntrinsicFunctions="true"
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
RuntimeLibrary="2"
BufferSecurityCheck="false"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="0"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ntdllp.lib"
LinkIncremental="1"
GenerateManifest="false"
IgnoreAllDefaultLibraries="true"
GenerateDebugInformation="false"
SubSystem="2"
OptimizeReferences="2"
EnableCOMDATFolding="2"
EntryPointSymbol="main"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\es.cpp"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>
This diff is collapsed. Click to expand it.
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="es.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>ith.exe</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
\ No newline at end of file
#include <windows.h>
int main()
{
SetCurrentDirectory(L"..\\Release");
HANDLE hFile=INVALID_HANDLE_VALUE;
LPWSTR f=wcsrchr(GetCommandLine(),L' ')+1;
if (f==0) return 1;
for (int i=0;i<10;i++)
{
hFile=CreateFile(f,GENERIC_WRITE|GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (hFile!=INVALID_HANDLE_VALUE) break;
Sleep(100);
}
if (hFile==INVALID_HANDLE_VALUE) return 1;
DWORD size=GetFileSize(hFile,0);
DWORD d;
char* file=(char*)HeapAlloc(GetProcessHeap(),0, size);
ReadFile(hFile,file,size,&d,0);
IMAGE_DOS_HEADER *DosHdr=(IMAGE_DOS_HEADER*)file;
IMAGE_NT_HEADERS *NtHdr=(IMAGE_NT_HEADERS*)((DWORD)DosHdr+DosHdr->e_lfanew);
NtHdr->OptionalHeader.DllCharacteristics&=0xFBFF;
SetFilePointer(hFile,0,0,FILE_BEGIN);
WriteFile(hFile,file,size,&d,0);
HeapFree(GetProcessHeap(),0,file);
CloseHandle(hFile);
ExitProcess(0);
}
\ No newline at end of file

Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH", "ITH\ITH.vcxproj", "{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_DLL", "ITH_DLL\ITH_DLL.vcxproj", "{AA147E63-3B9B-4C9F-B073-06681219A8FB}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnableSEH", "EnableSEH\EnableSEH.vcxproj", "{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_engine", "ITH_engine\ITH_engine.vcxproj", "{C954BF29-65C7-4EEF-83A9-7507804B2235}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ITH_SYS", "ITH_SYS\ITH_SYS.vcxproj", "{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "version", "version\version.vcxproj", "{22F1F2CE-C54C-400E-A8CE-615A80C01589}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Debug|x64 = Debug|x64
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Debug|Win32.ActiveCfg = Debug|Win32
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Debug|Win32.Build.0 = Debug|Win32
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Debug|x64.ActiveCfg = Debug|x64
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Debug|x64.Build.0 = Debug|x64
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Release|Win32.ActiveCfg = Release|Win32
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Release|Win32.Build.0 = Release|Win32
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Release|x64.ActiveCfg = Release|x64
{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}.Release|x64.Build.0 = Release|x64
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Debug|Win32.ActiveCfg = Debug|Win32
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Debug|Win32.Build.0 = Debug|Win32
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Debug|x64.ActiveCfg = Debug|x64
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Debug|x64.Build.0 = Debug|x64
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Release|Win32.ActiveCfg = Release|Win32
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Release|Win32.Build.0 = Release|Win32
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Release|x64.ActiveCfg = Release|x64
{AA147E63-3B9B-4C9F-B073-06681219A8FB}.Release|x64.Build.0 = Release|x64
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Debug|Win32.ActiveCfg = Debug|Win32
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Debug|Win32.Build.0 = Debug|Win32
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Debug|x64.ActiveCfg = Debug|x64
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Debug|x64.Build.0 = Debug|x64
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Release|Win32.ActiveCfg = Release|Win32
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Release|Win32.Build.0 = Release|Win32
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Release|x64.ActiveCfg = Release|x64
{AA653F14-6DE6-4379-89D7-160E5D3B6BC8}.Release|x64.Build.0 = Release|x64
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Debug|Win32.ActiveCfg = Debug|Win32
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Debug|Win32.Build.0 = Debug|Win32
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Debug|x64.ActiveCfg = Debug|Win32
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Release|Win32.ActiveCfg = Release|Win32
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Release|Win32.Build.0 = Release|Win32
{C954BF29-65C7-4EEF-83A9-7507804B2235}.Release|x64.ActiveCfg = Release|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Debug|Win32.ActiveCfg = Debug|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Debug|Win32.Build.0 = Debug|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Debug|x64.ActiveCfg = Debug|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Release|Win32.ActiveCfg = Release|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Release|Win32.Build.0 = Release|Win32
{EE4B5DD7-9DC2-4425-BB12-3B9E10981A00}.Release|x64.ActiveCfg = Release|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Debug|Win32.ActiveCfg = Debug|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Debug|Win32.Build.0 = Debug|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Debug|x64.ActiveCfg = Debug|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Release|Win32.ActiveCfg = Release|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Release|Win32.Build.0 = Release|Win32
{22F1F2CE-C54C-400E-A8CE-615A80C01589}.Release|x64.ActiveCfg = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
No preview for this file type
No preview for this file type
<?xml version="1.0" encoding="shift_jis"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="ITH"
ProjectGUID="{DD6EF1C2-1ED6-4859-BEFB-5B24CAF9AE7A}"
RootNamespace="ITH"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
RuntimeTypeInfo="false"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
DisableSpecificWarnings="4996"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
LinkIncremental="2"
IgnoreAllDefaultLibraries="false"
GenerateDebugInformation="true"
SubSystem="2"
EntryPointSymbol="main"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
InlineFunctionExpansion="2"
EnableIntrinsicFunctions="true"
EnableFiberSafeOptimizations="true"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS"
ExceptionHandling="0"
RuntimeLibrary="2"
BufferSecurityCheck="false"
EnableFunctionLevelLinking="true"
RuntimeTypeInfo="false"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
DisableSpecificWarnings="4996"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ntdllp.lib"
LinkIncremental="1"
GenerateManifest="false"
IgnoreAllDefaultLibraries="true"
GenerateDebugInformation="true"
SubSystem="2"
OptimizeReferences="2"
EnableCOMDATFolding="2"
EntryPointSymbol="main"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
CommandLine=""
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\command.cpp"
>
</File>
<File
RelativePath=".\inject.cpp"
>
</File>
<File
RelativePath=".\main.cpp"
>
</File>
<File
RelativePath=".\pipe.cpp"
>
</File>
<File
RelativePath=".\utility.cpp"
>
</File>
<File
RelativePath=".\window.cpp"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath=".\main.h"
>
</File>
<File
RelativePath=".\resource.h"
>
</File>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
<File
RelativePath=".\ITH.rc"
>
</File>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>
This diff is collapsed. Click to expand it.
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="command.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="inject.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="pipe.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="utility.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="window.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="profile.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="language.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="main.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="window.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="main_template.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="text.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="hookman.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="cmdq.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="profile.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="language.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="ITH.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
<ItemGroup>
<None Include="icon1.ico">
<Filter>Resource Files</Filter>
</None>
</ItemGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerWorkingDirectory>..\release</LocalDebuggerWorkingDirectory>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerWorkingDirectory>..\release</LocalDebuggerWorkingDirectory>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerWorkingDirectory>..\release\</LocalDebuggerWorkingDirectory>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "main.h"
enum ThreadOperation
{
Suspend,
Resume,
Terminate,
OutputInformation
};
struct PipeRecord
{
HANDLE hTextPipe, hCmdPipe, hThread;
};
void CreateNewPipe();
#define QUEUE_MAX 16 //QUEUE_MAX need to be a exponent of 2;
#define QUEUE_BUFF_SIZE 0x40
#define CMD_SIZE 0x200
class CommandQueue
{
public:
CommandQueue();
~CommandQueue();
void AddRequest(const SendParam& sp,DWORD pid=0);
void SendCommand();
bool Empty();
void Register(DWORD pid, DWORD hookman, DWORD module, DWORD engine);
DWORD ProcessCommand(LPWSTR cmd, DWORD pid);
private:
CRITICAL_SECTION rw;
DWORD current;
DWORD used;
HANDLE hSemaphore,hThread;
SendParam queue[QUEUE_MAX];
DWORD pid_associate[QUEUE_MAX];
};
This diff is collapsed. Click to expand it.
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <windows.h>
#include "text.h"
#include "..\AVL.h"
class BitMap
{
public:
BitMap();
BitMap(DWORD init_size);
~BitMap();
bool Check(DWORD number);
void Set(DWORD number);
void Reset();
void Clear(DWORD number);
protected:
BYTE* map;
DWORD size;
};
typedef void (*CustomFilterCallBack) (WORD);
class CustomFilterUnicode : public BitMap
{
public:
CustomFilterUnicode();
~CustomFilterUnicode();
bool Check(WORD number);
void Set(WORD number);
void Clear(WORD number);
void Traverse(CustomFilterCallBack callback);
};
class CustomFilterMultiByte : public BitMap
{
public:
CustomFilterMultiByte();
~CustomFilterMultiByte();
bool Check(WORD number);
void Set(WORD number);
void Clear(WORD number);
void Reset();
void Traverse(CustomFilterCallBack callback);
private:
BYTE ascii_map[0x20];
};
#define MAX_REGISTER 0xF
#define MAX_PREV_REPEAT_LENGTH 0x20
struct ProcessRecord {
DWORD pid_register;
DWORD hookman_register;
DWORD module_register;
DWORD engine_register;
HANDLE process_handle;
HANDLE hookman_mutex;
HANDLE hookman_section;
LPVOID hookman_map;
};
class ThreadTable : public MyVector<TextThread*,0x40>
{
public:
void SetThread(DWORD number, TextThread* ptr);
TextThread* FindThread(DWORD number);
};
class TCmp
{
public:
char operator()(const ThreadParameter* t1,const ThreadParameter* t2);
};
class TCpy
{
public:
void operator()(ThreadParameter* t1, ThreadParameter* t2);
};
class TLen
{
public:
int operator()(ThreadParameter* t);
};
class HookManager : public AVLTree<ThreadParameter,DWORD,TCmp,TCpy,TLen>
{
public:
HookManager();
~HookManager();
TextThread* FindSingle(DWORD pid, DWORD hook, DWORD retn, DWORD split);
TextThread* FindSingle(DWORD number);
TextThread* GetCurrentThread();
void SetCurrent(TextThread* it);
void SelectCurrent(LPWSTR str);
void DispatchText(DWORD pid, BYTE* text, DWORD hook, DWORD retn, DWORD split, int len);
void AddConsoleOutput(LPCWSTR text);
void AddLink(WORD from, WORD to);
void ClearText(DWORD pid, DWORD hook, DWORD retn, DWORD split);
void ClearCurrent();
void ResetRepeatStatus();
void LockHookman();
void UnlockHookman();
void LockProcessHookman(DWORD pid);
void UnlockProcessHookman(DWORD pid);
void RemoveProcessContext(DWORD pid);
void RemoveSingleHook(DWORD pid, DWORD addr);
void RemoveSingleThread(DWORD number);
void RegisterThread(TextThread*, DWORD);
void RegisterPipe(HANDLE text, HANDLE cmd, HANDLE thread);
void RegisterProcess(DWORD pid, DWORD hookman, DWORD module, DWORD engine);
void UnRegisterProcess(DWORD pid);
void WaitForAllRecvThreads();
void SetName(DWORD);
void SetProcessEngineType(DWORD pid, DWORD type);
bool GetProcessPath(DWORD pid, LPWSTR path);
bool GetProcessName(DWORD pid, LPWSTR str);
LPVOID RemoteHook(DWORD pid);
ProcessRecord* Records() {return record;}
ThreadTable* Table() {return thread_table;}
DWORD GetCurrentPID();
DWORD GetPIDByHandle(HANDLE h);
DWORD GetHookManByPID(DWORD pid);
DWORD GetModuleByPID(DWORD pid);
DWORD GetEngineByPID(DWORD pid);
DWORD GetProcessIDByPath(LPWSTR str);
HANDLE GetTextHandleByPID(DWORD pid);
HANDLE GetCmdHandleByPID(DWORD pid);
HANDLE GetMutexByPID(DWORD pid);
HANDLE GetProcessByPID(DWORD pid);
private:
//void AddConsoleOutputNewLine();
//IthCriticalSection hmcs;
CRITICAL_SECTION hmcs; //0x18
TextThread *current;
ThreadTable *thread_table;
HANDLE destroy_event;
ProcessRecord record[MAX_REGISTER+1];
HANDLE text_pipes[MAX_REGISTER+1];
HANDLE cmd_pipes[MAX_REGISTER+1];
HANDLE recv_threads[MAX_REGISTER+1];
WORD register_count, new_thread_number;
};
No preview for this file type
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "main.h"
static WCHAR EngineName[]=L"ITH_engine.dll";
static WCHAR DllName[]=L"ITH.dll";
extern WCHAR file_path[];
extern LPWSTR current_dir;
DWORD Inject(HANDLE hProc)
{
LPVOID lpvAllocAddr = 0;
DWORD dwWrite = 0x1000;
HANDLE hTH;
if (!IthCheckFile(EngineName)) return -1;
if (!IthCheckFile(DllName)) return -1;
NtAllocateVirtualMemory(hProc, &lpvAllocAddr, 0, &dwWrite, MEM_COMMIT, PAGE_READWRITE);
if (lpvAllocAddr == 0) return -1;
wcscpy(current_dir, DllName);
CheckThreadStart();
NtWriteVirtualMemory(hProc, lpvAllocAddr, file_path + 4, 2 * MAX_PATH, &dwWrite);
hTH=IthCreateThread(LoadLibrary, (DWORD)lpvAllocAddr, hProc);
if (hTH==0||hTH == INVALID_HANDLE_VALUE)
{
ConsoleOutput(ErrorRemoteThread);
return -1;
}
NtWaitForSingleObject(hTH, 0, 0);
THREAD_BASIC_INFORMATION info;
NtQueryInformationThread(hTH, ThreadBasicInformation, &info, sizeof(info), &dwWrite);
NtClose(hTH);
wcscpy(current_dir, EngineName);
NtWriteVirtualMemory(hProc, lpvAllocAddr, file_path + 4, 2 * MAX_PATH, &dwWrite);
hTH = IthCreateThread(LoadLibrary, (DWORD)lpvAllocAddr, hProc);
if (hTH == 0 ||
hTH == INVALID_HANDLE_VALUE)
{
ConsoleOutput(ErrorRemoteThread);
return -1;
}
NtWaitForSingleObject(hTH, 0, 0);
NtClose(hTH);
dwWrite = 0;
NtFreeVirtualMemory(hProc, &lpvAllocAddr, &dwWrite, MEM_RELEASE);
return info.ExitStatus;
}
DWORD PIDByName(LPWSTR pwcTarget)
{
DWORD dwSize = 0x20000;
BYTE *pbBuffer;
SYSTEM_PROCESS_INFORMATION *spiProcessInfo;
DWORD dwPid = 0;
DWORD dwStatus;
while (1)
{
pbBuffer = new BYTE[dwSize];
dwStatus = NtQuerySystemInformation(SystemProcessInformation, pbBuffer, dwSize, 0);
if (dwStatus == 0) break;
delete pbBuffer;
if (dwStatus != STATUS_INFO_LENGTH_MISMATCH) return 0;
dwSize <<= 1;
}
for (spiProcessInfo = (SYSTEM_PROCESS_INFORMATION*)pbBuffer; spiProcessInfo->dNext;)
{
spiProcessInfo = (SYSTEM_PROCESS_INFORMATION*)
((DWORD)spiProcessInfo + spiProcessInfo->dNext);
if (_wcsicmp(pwcTarget, spiProcessInfo->usName.Buffer) == 0)
{
dwPid = spiProcessInfo->dUniqueProcessId;
break;
}
}
if (dwPid == 0)
ConsoleOutput(ErrorNoProcess);
delete pbBuffer;
return dwPid;
}
DWORD InjectByPID(DWORD pid)
{
WCHAR str[0x80];
DWORD s;
if (pid == current_process_id)
{
ConsoleOutput(SelfAttach);
return -1;
}
if (GetModuleByPID(pid))
{
ConsoleOutput(AlreadyAttach);
return -1;
}
swprintf(str, L"ITH_HOOKMAN_%.4d", pid);
NtClose(IthCreateMutex(str, 0, &s));
if (s) return -1;
CLIENT_ID id;
OBJECT_ATTRIBUTES oa = {};
HANDLE hProc;
id.UniqueProcess = pid;
id.UniqueThread = 0;
oa.uLength=sizeof(oa);
if (!NT_SUCCESS(NtOpenProcess(&hProc,
PROCESS_QUERY_INFORMATION|
PROCESS_CREATE_THREAD|
PROCESS_VM_OPERATION|
PROCESS_VM_READ|
PROCESS_VM_WRITE,
&oa, &id)))
{
ConsoleOutput(ErrorOpenProcess);
return -1;
}
DWORD module = Inject(hProc);
NtClose(hProc);
if (module == -1) return -1;
swprintf(str, FormatInject, pid, module);
ConsoleOutput(str);
return module;
}
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
const wchar_t* Warning=L"Warning!";
//command.cpp
const wchar_t* ErrorSyntax=L"Syntax error";
//inject.cpp
const wchar_t* ErrorRemoteThread=L"Can't create remote thread.";
const wchar_t* ErrorOpenProcess=L"Can't open process.";
const wchar_t* ErrorNoProcess=L"Process not found";
const wchar_t* SelfAttach=L"Please do not attach to ITH.exe";
const wchar_t* AlreadyAttach=L"Process already attached.";
const wchar_t* FormatInject=L"Inject process %d. Module base %.8X";
//main.cpp
const wchar_t* NotAdmin=L"Can't enable SeDebugPrevilege. ITH might malfunction.\r\n\
Please run ITH as administrator or turn off UAC.";
//pipe.cpp
const wchar_t* ErrorCreatePipe=L"Can't create text pipe or too many instance.";
const wchar_t* FormatDetach=L"Process %d detached.";
const wchar_t* ErrorCmdQueueFull=L"Command queue full.";
const wchar_t* ErrorNoAttach=L"No process attached.";
//profile.cpp
const wchar_t* ErrorMonitor=L"Can't monitor process.";
//utility.cpp
const wchar_t* InitMessage=L"Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)\r\n\
Source code <http://code.google.com/p/interactive-text-hooker/>\r\n\
General discussion <http://www.hongfire.com/forum/showthread.php?t=208860>\r\n";
const wchar_t* BackgroundMsg=L"If you feel tired about the pure white background,\r\n\
put your favorite picture in ITH folder and name it 'background.bmp'\r\n";
const wchar_t* ErrorLinkExist=L"Link exist.";
const wchar_t* ErrorCylicLink=L"Link failed. No cyclic link allowed.";
const wchar_t* FormatLink=L"Link from thread%.4x to thread%.4x.";
const wchar_t* ErrorLink=L"Link failed. Source or/and destination thread not found.";
const wchar_t* ErrorDeleteCombo=L"Error delete from combo.";
//window.cpp
const wchar_t* ClassName=L"ITH";
const wchar_t* ClassNameAdmin=L"ITH (Administrator)";
const wchar_t* ErrorNotSplit=L"Need to enable split first!";
const wchar_t* ErrorNotModule=L"Need to enable module first!";
//Main window buttons
const wchar_t* ButtonTitleProcess=L"Process";
const wchar_t* ButtonTitleThread=L"Thread";
const wchar_t* ButtonTitleHook=L"Hook";
const wchar_t* ButtonTitleProfile=L"Profile";
const wchar_t* ButtonTitleOption=L"Option";
const wchar_t* ButtonTitleClear=L"Clear";
const wchar_t* ButtonTitleSave=L"Save";
const wchar_t* ButtonTitleTop=L"Top";
//Hook window
const wchar_t* SpecialHook=L"Special hook, no AGTH equivalent.";
//Process window
const wchar_t* TabTitlePID=L"PID";
const wchar_t* TabTitleMemory=L"Memory";
const wchar_t* TabTitleName=L"Name";
const wchar_t* TabTitleTID=L"TID";
const wchar_t* TabTitleStart=L"Start";
const wchar_t* TabTitleModule=L"Module";
const wchar_t* TabTitleState=L"State";
const wchar_t* SuccessAttach=L"Attach ITH to process successfully.";
const wchar_t* FailAttach=L"Failed to attach ITH to process.";
const wchar_t* SuccessDetach=L"ITH detach from process.";
const wchar_t* FailDetach=L"Detach failed.";
//Profile window
const wchar_t* ProfileExist=L"Profile already exists.";
const wchar_t* SuccessAddProfile=L"Profile added.";
const wchar_t* FailAddProfile=L"Fail to add profile";
const wchar_t* TabTitleNumber=L"No.";
const wchar_t* NoFile=L"Can't find file.";
const wchar_t* PathDismatch=L"Process name dismatch, continue?";
const wchar_t* SuccessImportProfile=L"Import profile success";
//const wchar_t* SuccessAddProfile=L"Profile added.";
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
extern const wchar_t* Warning;
//command.cpp
extern const wchar_t* ErrorSyntax;
//inject.cpp
extern const wchar_t* ErrorRemoteThread;
extern const wchar_t* ErrorOpenProcess;
extern const wchar_t* ErrorNoProcess;
extern const wchar_t* SelfAttach;
extern const wchar_t* AlreadyAttach;
extern const wchar_t* FormatInject;
//main.cpp
extern const wchar_t* NotAdmin;
//pipe.cpp
extern const wchar_t* ErrorCreatePipe;
extern const wchar_t* FormatDetach;
extern const wchar_t* ErrorCmdQueueFull;
extern const wchar_t* ErrorNoAttach;
//profile.cpp
extern const wchar_t* ErrorMonitor;
//utility.cpp
extern const wchar_t* InitMessage;
extern const wchar_t* BackgroundMsg;
extern const wchar_t* ErrorLinkExist;
extern const wchar_t* ErrorCylicLink;
extern const wchar_t* FormatLink;
extern const wchar_t* ErrorLink;
extern const wchar_t* ErrorDeleteCombo;
//window.cpp
extern const wchar_t* ClassName;
extern const wchar_t* ClassNameAdmin;
extern const wchar_t* ErrorNotSplit;
extern const wchar_t* ErrorNotModule;
//Main window buttons
extern const wchar_t* ButtonTitleProcess;
extern const wchar_t* ButtonTitleThread;
extern const wchar_t* ButtonTitleHook;
extern const wchar_t* ButtonTitleProfile;
extern const wchar_t* ButtonTitleOption;
extern const wchar_t* ButtonTitleClear;
extern const wchar_t* ButtonTitleSave;
extern const wchar_t* ButtonTitleTop;
//Hook window
extern const wchar_t* SpecialHook;
//Process window
extern const wchar_t* TabTitlePID;
extern const wchar_t* TabTitleMemory;
extern const wchar_t* TabTitleName;
extern const wchar_t* TabTitleTID;
extern const wchar_t* TabTitleStart;
extern const wchar_t* TabTitleModule;
extern const wchar_t* TabTitleState;
extern const wchar_t* SuccessAttach;
extern const wchar_t* FailAttach;
extern const wchar_t* SuccessDetach;
extern const wchar_t* FailDetach;
//Profile window
extern const wchar_t* ProfileExist;
extern const wchar_t* SuccessAddProfile;
extern const wchar_t* FailAddProfile;
extern const wchar_t* TabTitleNumber;
extern const wchar_t* NoFile;
extern const wchar_t* PathDismatch;
extern const wchar_t* SuccessImportProfile;
\ No newline at end of file
This diff is collapsed. Click to expand it.
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "..\common.h"
#include "..\ntdll.h"
#include "..\sys.h"
#include "language.h"
#pragma comment(linker,"/manifestdependency:\"type='win32' "\
"name='Microsoft.Windows.Common-Controls' version='6.0.0.0' "\
"processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#define GLOBAL extern
#define SHIFT_JIS 0x3A4
class TextBuffer;
class HookManager;
class CommandQueue;
class TextHook;
class BitMap;
class CustomFilterMultiByte;
class CustomFilterUnicode;
class ProfileManager;
#define TextHook Hook
GLOBAL bool running;
GLOBAL HINSTANCE hIns;
GLOBAL BitMap *pid_map;
GLOBAL CustomFilterMultiByte *mb_filter;
GLOBAL CustomFilterUnicode *uni_filter;
GLOBAL TextBuffer *texts;
GLOBAL HookManager *man;
GLOBAL ProfileManager *pfman;
GLOBAL CommandQueue *cmdq;
GLOBAL HWND hwndCombo,hwndProc,hwndEdit,hMainWnd;
GLOBAL WCHAR pipe[];
GLOBAL WCHAR command[];
GLOBAL HANDLE hPipeExist;
GLOBAL DWORD split_time, process_time, inject_delay, insert_delay;
GLOBAL DWORD auto_inject, auto_insert;
GLOBAL DWORD cyclic_remove,clipboard_flag,global_filter;
GLOBAL CRITICAL_SECTION detach_cs;
DWORD WINAPI RecvThread(LPVOID lpThreadParameter);
DWORD WINAPI CmdThread(LPVOID lpThreadParameter);
void CopyToClipboard(void* str,bool unicode, int len);
void ConsoleOutput(LPCWSTR text);
DWORD GetCurrentPID();
DWORD GetPIDByHandle(HANDLE h);
DWORD GetHookManByPID(DWORD pid);
DWORD GetModuleByPID(DWORD pid);
DWORD GetEngineByPID(DWORD pid);
DWORD GetProcessIDByPath(LPWSTR str);
HANDLE GetTextHandleByPID(DWORD pid);
HANDLE GetCmdHandleByPID(DWORD pid);
HANDLE GetMutexByPID(DWORD pid);
HANDLE GetProcessByPID(DWORD pid);
DWORD Inject(HANDLE hProc);
DWORD InjectByPID(DWORD pid);
DWORD PIDByName(LPWSTR target);
DWORD Hash(LPWSTR module, int length=-1);
BOOL ActiveDetachProcess(DWORD pid);
BOOL CheckFile(LPWSTR file);
bool GetProcessPath(HANDLE hProc, LPWSTR path);
bool GetProcessPath(DWORD pid, LPWSTR path);
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <windows.h>
template <typename T>
void Release(const T& p) {delete p;}
#define MK_FUNDA_TYPE(T) \
template<> \
void Release<T>(const T& p) {}
template<class T>
class BinaryEqual
{
public:
bool operator ()(const T& a, const T& b, DWORD) {return a==b;}
};
template<class T, int default_size, class fComp=BinaryEqual<T> >
class MyVector
{
public:
MyVector()
{
InitializeCriticalSection(&cs_store);
size=default_size;
used=0;
storage=new T[size];
}
virtual ~MyVector()
{
if (storage) delete []storage;
DeleteCriticalSection(&cs_store);
storage=0;
}
void Reset()
{
EnterCriticalSection(&cs_store);
for (int i=0;i<used;i++)
{
Release<T>(storage[i]);
storage[i]=T();
}
used=0;
LeaveCriticalSection(&cs_store);
}
void Remove(int index)
{
if (index>=used) return;
Release<T>(storage[index]);
for (int i=index;i<used;i++)
storage[i]=storage[i+1];
used--;
}
void ClearMemory(int offset, int clear_size)
{
if (clear_size<0) return;
EnterCriticalSection(&cs_store);
if (offset+clear_size<=size)
{
memset(storage+offset,0,clear_size*sizeof(T));
}
LeaveCriticalSection(&cs_store);
//else __asm int 3
}
int AddToStore(T* con,int amount)
{
if (amount<=0||con==0) return 0;
int status=0;
EnterCriticalSection(&cs_store);
if (amount+used+2>=size)
{
while (amount+used+2>=size) size<<=1;
T* temp;
if (size*sizeof(T)<0x1000000)
{
temp=new T[size];
memcpy(temp,storage,used*sizeof(T));
}
else
{
size=default_size;
temp=new T[size];
used=0;
status=1;
}
delete []storage;
storage=temp;
}
memcpy(storage+used,con,amount*sizeof(T));
used+=amount;
LeaveCriticalSection(&cs_store);
return status;
}
int Find(const T& item, int start=0, DWORD control=0)
{
int c=-1;
for (int i=start;i<used;i++)
if (fCmp(storage[i],item,control)) {c=i;break;}
//if (storage[i]==item) {c=i;break;}
return c;
}
inline int Used() const {return used;}
inline T* Storage() const {return storage;}
protected:
CRITICAL_SECTION cs_store;
int size, used;
T *storage;
fComp fCmp;
};
#ifndef ITH_STACK
#define ITH_STACK
template<class T, int default_size>
class MyStack
{
public:
MyStack(): index(0) {}
void push_back(const T& e)
{
if (index<default_size)
s[index++]=e;
}
void pop_back()
{
index--;
}
T& back()
{
return s[index-1];
}
T& operator[](int i) {return s[i];}
int size() {return index;}
private:
int index;
T s[default_size];
};
#endif
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "main.h"
#include "hookman.h"
#include "cmdq.h"
#include "profile.h"
#define NAMED_PIPE_DISCONNECT 1
#define NAMED_PIPE_CONNECT 2
static WCHAR pipe[]=L"\\??\\pipe\\ITH_PIPE";
static WCHAR command[]=L"\\??\\pipe\\ITH_COMMAND";
static bool newline=false;
static bool detach=false;
CRITICAL_SECTION detach_cs;
HANDLE hDetachEvent;
extern HANDLE hPipeExist;
BYTE* Filter(BYTE *str, int len)
{
WORD s;
while (1)
{
s=*(WORD*)str;
if (len>=2)
{
if (s==0x4081||s==0x3000||s<=0x20) {str+=2;len-=2;}
else break;
}
else if (str[0]<=0x20) {str++;len--;}
else break;
}
return str;
}
void CreateNewPipe()
{
DWORD acl[7]={0x1C0002,1,0x140000,GENERIC_READ|GENERIC_WRITE|SYNCHRONIZE,0x101,0x1000000,0};
SECURITY_DESCRIPTOR sd={1,0,4,0,0,0,(PACL)acl};
HANDLE hTextPipe,hCmdPipe,hThread;
IO_STATUS_BLOCK ios;
UNICODE_STRING us;
RtlInitUnicodeString(&us,pipe);
OBJECT_ATTRIBUTES oa={sizeof(oa),0,&us,OBJ_CASE_INSENSITIVE,&sd,0};
LARGE_INTEGER time={-500000,-1};
if (!NT_SUCCESS(NtCreateNamedPipeFile(&hTextPipe,GENERIC_READ|SYNCHRONIZE,&oa,&ios,
FILE_SHARE_WRITE,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,1,1,0,-1,0x1000,0x1000,&time)))
{ConsoleOutput(ErrorCreatePipe);return;}
RtlInitUnicodeString(&us,command);
if (!NT_SUCCESS(NtCreateNamedPipeFile(&hCmdPipe,GENERIC_WRITE|SYNCHRONIZE,&oa,&ios,
FILE_SHARE_READ,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,1,1,0,-1,0x1000,0x1000,&time)))
{ConsoleOutput(ErrorCreatePipe);return;}
hThread=IthCreateThread(RecvThread,(DWORD)hTextPipe);
man->RegisterPipe(hTextPipe,hCmdPipe,hThread);
}
void DetachFromProcess(DWORD pid)
{
DWORD flag=0;
HANDLE hMutex,hEvent;
IO_STATUS_BLOCK ios;
//module=man->GetModuleByPID(pid);
hEvent=IthCreateEvent(0);
if (STATUS_PENDING==NtFsControlFile(man->GetCmdHandleByPID(pid),hEvent,0,0,&ios,
CTL_CODE(FILE_DEVICE_NAMED_PIPE,NAMED_PIPE_DISCONNECT,0,0),0,0,0,0))
NtWaitForSingleObject(hEvent,0,0);
NtClose(hEvent);
WCHAR mt[0x20];
swprintf(mt,L"ITH_DETACH_%d",pid);
hMutex=IthOpenMutex(mt);
if (hMutex!=INVALID_HANDLE_VALUE)
{
NtWaitForSingleObject(hMutex,0,0);
NtReleaseMutant(hMutex,0);
NtClose(hMutex);
}
NtSetEvent(hDetachEvent,0);
NtSetEvent(hPipeExist,0);
}
DWORD WINAPI UpdateWindows(LPVOID lpThreadParameter);
void OutputDWORD(DWORD d)
{
WCHAR str[0x20];
swprintf(str,L"%.8X",d);
ConsoleOutput(str);
}
DWORD WINAPI RecvThread(LPVOID lpThreadParameter)
{
HANDLE hTextPipe=(HANDLE)lpThreadParameter, hDisconnect;
IO_STATUS_BLOCK ios; NTSTATUS status;
NtFsControlFile(hTextPipe,0,0,0,&ios,CTL_CODE(FILE_DEVICE_NAMED_PIPE,NAMED_PIPE_CONNECT,0,0),0,0,0,0);
if (!running||texts==0) return 0;
DWORD pid,hookman,p,module,engine;
BYTE *buff=new BYTE[0x1000],*it;
NtReadFile(hTextPipe,0,0,0,&ios,buff,16,0,0);
pid=*(DWORD*)buff;
hookman=*(DWORD*)(buff+0x4);
module=*(DWORD*)(buff+0x8);
engine=*(DWORD*)(buff+0xC);
man->RegisterProcess(pid,hookman,module,engine);
CreateNewPipe();
DWORD RecvLen;
NtClose(IthCreateThread(UpdateWindows,0));
while (running)
{
status=NtReadFile(hTextPipe,0,0,0,&ios,buff,0x1000,0,0);
if (!NT_SUCCESS(status)) break;
RecvLen=ios.uInformation;
if (RecvLen<0xC) break;
p=pid;
DWORD hook=*(DWORD*)buff;
union{DWORD retn; DWORD cmd_type;};
union{DWORD split; DWORD new_engine_addr;};
retn=*((DWORD*)buff+1);
split=*((DWORD*)buff+2);
buff[RecvLen]=0;
buff[RecvLen+1]=0;
it=Filter(buff+0xC,RecvLen-0xC);
RecvLen=RecvLen-(it-buff);
if (RecvLen>>31) RecvLen=0;
if (hook+1==0)
{
switch (cmd_type)
{
case 2:
man->GetProcessPath(pid,(LPWSTR)(buff+0xC));
man->SetProcessEngineType(pid,*(DWORD*)(buff+0x8));
pfman->SetProfileEngine((LPWSTR)(buff+0xC),*(DWORD*)(buff+8));
break;
case 1:
man->GetProcessPath(pid,(LPWSTR)buff);
pfman->RefreshProfileAddr(pid,(LPWSTR)buff);
break;
case 0:
//entry_table->RegisterNewHook(new_engine_addr,(LPWSTR)(buff+0xC),pid);
break;
case -1:
swprintf((LPWSTR)buff,L"%.4d:",pid);
buff[0xA]=0x20;
ConsoleOutput((LPWSTR)buff);
break;
}
}
else
man->DispatchText(p, it,hook,retn,split,RecvLen);
}
EnterCriticalSection(&detach_cs);
hDisconnect=IthCreateEvent(0);
if (STATUS_PENDING==NtFsControlFile(hTextPipe,hDisconnect,0,0,&ios,
CTL_CODE(FILE_DEVICE_NAMED_PIPE,NAMED_PIPE_DISCONNECT,0,0),0,0,0,0))
NtWaitForSingleObject(hDisconnect,0,0);
NtClose(hDisconnect);
DetachFromProcess(pid);
man->UnRegisterProcess(pid);
NtClearEvent(hDetachEvent);
LeaveCriticalSection(&detach_cs);
if (running)
{
swprintf((LPWSTR)buff,FormatDetach,pid);
ConsoleOutput((LPWSTR)buff);
NtClose(IthCreateThread(UpdateWindows,0));
}
delete buff;
return 0;
}
DWORD WINAPI CmdThread(LPVOID lpThreadParameter)
{
CommandQueue* q=(CommandQueue*)lpThreadParameter;
while (running) q->SendCommand();
return 0;
}
CommandQueue::CommandQueue():used(0),current(1)
{
InitializeCriticalSection(&rw);
NtCreateSemaphore(&hSemaphore,SEMAPHORE_ALL_ACCESS,0,0,QUEUE_MAX);
hThread=IthCreateThread(CmdThread,(DWORD)this);
}
CommandQueue::~CommandQueue()
{
NtReleaseSemaphore(hSemaphore,1,0);
NtWaitForSingleObject(hThread,0,0);
NtClose(hSemaphore);
NtClose(hThread);
DeleteCriticalSection(&rw);
}
void CommandQueue::AddRequest(const SendParam& sp, DWORD pid)
{
if (current==used) ConsoleOutput(ErrorCmdQueueFull);
EnterCriticalSection(&rw);
queue[current]=sp;
if (pid) pid_associate[current++]=pid;
else
{
pid=man->GetCurrentPID();
if (pid) pid_associate[current++]=pid;
else
{
ConsoleOutput(ErrorNoAttach);
goto _request_exit;
}
}
current&=(QUEUE_MAX-1);
NtReleaseSemaphore(hSemaphore,1,0);
_request_exit:
LeaveCriticalSection(&rw);
}
void CommandQueue::SendCommand()
{
NtWaitForSingleObject(hSemaphore,0,0);
if (!running) return;
EnterCriticalSection(&rw);
SendParam sp;
DWORD pid;
HANDLE pipe;
used=(used+1)&(QUEUE_MAX-1);
sp=queue[used];
pid=pid_associate[used];
pipe=man->GetCmdHandleByPID(pid);
if (pipe)
{
IO_STATUS_BLOCK ios;
NtWriteFile(pipe,0,0,0,&ios,&sp,sizeof(SendParam),0,0);
}
LeaveCriticalSection(&rw);
}
bool CommandQueue::Empty()
{
return ((used+1)&(QUEUE_MAX-1))==current;
}
void CommandQueue::Register(DWORD pid, DWORD hookman, DWORD module, DWORD engine)
{
man->RegisterProcess(pid,hookman,module,engine);
}
This diff is collapsed. Click to expand it.
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "main.h"
#include "..\AVL.h"
#define THREAD_MASK_RETN 1
#define THREAD_MASK_SPLIT 2
struct ThreadParam
{
WORD hook_index,status;
DWORD hook_addr;
DWORD retn;
DWORD split;
WORD hm_index,reserve;
};
struct LinkParam
{
WORD from_index,to_index;
};
struct CommentParam
{
WORD thread_index,status;
LPWSTR comment;
};
class Profile
{
public:
Profile();
Profile(const Profile& p);
~Profile();
void Release();
void AddHook(const HookParam& hp);
void RemoveThread(int index);
void RemoveLink(int index);
void RemoveComment(int index);
void ClearHooks();
int AddThread(ThreadParam *tp);
int AddLink(LinkParam* lp);
int AddComment(LPWSTR comment, WORD index);
Profile& operator = (Profile& pf);
HookParam hps[4];
WORD hook_count,thread_count,link_count,comment_count,select_index;
WORD engine_type,thread_allocate,link_allocate,comment_allocate,flag;
ThreadParam* threads;
LinkParam* links;
CommentParam *comments;
};
typedef TreeNode<LPWSTR,Profile> ProfileNode;
class ProfileManager
{
public:
ProfileManager();
~ProfileManager();
void AddProfile(LPWSTR path, const Profile& p);
void ClearProfile();
void LoadProfile();
void SaveProfile();
void DeleteProfile(int index);
void DeleteProfile(LPWSTR path);
void RefreshProfileAddr(DWORD pid,LPWSTR path);
void SetProfileEngine(LPWSTR path, DWORD type);
bool IsPathProfile(LPWSTR path);
ProfileNode* GetProfile(LPWSTR path);
ProfileNode* GetProfile(int index);
ProfileNode* BeginProfile();
ProfileNode* EndProfile();
private:
AVLTree<WCHAR,Profile,WCMP,WCPY,WLEN> pftree;
HANDLE hMonitorThread;
};
void GetCode(const HookParam& hp, LPWSTR buffer, DWORD pid=0);
void GetThreadString(ThreadParam* tp, LPWSTR str);
\ No newline at end of file
No preview for this file type
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "main.h"
#include "main_template.h"
class TextBuffer : public MyVector<BYTE, 0x800>
{
public:
TextBuffer();
virtual ~TextBuffer();
void AddText(BYTE* text,int len,bool);
void AddNewLIne();
void ReplaceSentence(BYTE* text, int len);
void Flush();
void ClearBuffer();
void SetUnicode(bool mode);
void SetLine();
private:
bool line;
bool unicode;
};
struct RepeatCountNode
{
short repeat;
short count;
RepeatCountNode* next;
};
struct ThreadParameter
{
DWORD pid;
DWORD hook;
DWORD retn;
DWORD spl;
/*DWORD spl;
DWORD retn;
DWORD hook;
DWORD pid;*/
};
#define COUNT_PER_FOWARD 0x200
#define REPEAT_DETECT 0x10000
#define REPEAT_SUPPRESS 0x20000
#define REPEAT_NEWLINE 0x40000
class TextThread : public MyVector<BYTE, 0x200>
{
public:
TextThread(DWORD pid, DWORD hook, DWORD retn, DWORD spl, WORD num);
virtual ~TextThread();
void Reset();
void AddToStore(BYTE* con,int len, bool new_line=false, bool console=false);
void RemoveSingleRepeatAuto(BYTE* con, int &len);
void RemoveSingleRepeatForce(BYTE* con, int &len);
void RemoveCyclicRepeat(BYTE* &con, int &len);
void ResetRepeatStatus();
void AddLineBreak();
void ResetEditText();
void ComboSelectCurrent();
void GetEntryString(LPWSTR str);
void CopyLastSentence(LPWSTR str);
void CopyLastToClipboard();
void ExportTextToFile(LPWSTR filename);
void AdjustPrevRepeat(DWORD len);
void PrevRepeatLength(DWORD &len);
void SetComment(LPWSTR);
bool AddToCombo();
bool RemoveFromCombo();
bool CheckCycle(TextThread* start);
void SetNewLineFlag();
void SetNewLineTimer();
inline DWORD PID() const {return tp.pid;}
inline DWORD Addr() const {return tp.hook;}
inline DWORD& Status() {return status;}
inline WORD Number() const {return number;}
inline WORD& Last() {return last;}
inline WORD& LinkNumber() {return link_number;}
inline UINT_PTR& Timer() {return timer;}
inline ThreadParameter* GetThreadParameter() {return &tp;}
inline TextThread*& Link() {return link;}
inline void SetRepeatFlag();
inline void ClearNewLineFlag();
inline void ClearRepeatFlag();
inline LPWSTR GetComment() {return comment;}
private:
ThreadParameter tp;
WORD number,link_number;
WORD last,align_space;
WORD repeat_single;
WORD repeat_single_current;
WORD repeat_single_count;
WORD repeat_detect_count;
RepeatCountNode* head;
TextThread *link;
LPWSTR comment,thread_string;
UINT_PTR timer;
DWORD status,repeat_detect_limit;
DWORD last_sentence,prev_sentence,sentence_length,repeat_index,last_time;
};
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "main.h"
#include "hookman.h"
#include "cmdq.h"
#include "profile.h"
BYTE* GetSystemInformation();
int GetProcessMemory(HANDLE hProc, DWORD& mem_size, DWORD& ws);
int GetHookString(LPWSTR str, DWORD pid, DWORD hook_addr, DWORD status);
SYSTEM_PROCESS_INFORMATION* GetBaseByPid(BYTE* pbBuffer,DWORD dwPid);
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam);
LPWSTR StateString[StateUnknown+1]={
L"Initialized",L"Ready",L"Running",L"Standby",
L"Terminated",L"Wait",L"Transition",L"Unknown"
};
LPWSTR WaitReasonString[MaximumWaitReason]={
L"Executive",L"FreePage",L"PageIn",L"PoolAllocation",
L"DelayExecution",L"Suspended",L"UserRequest",L"Executive",
L"FreePage",L"PageIn",L"PoolAllocation",L"DelayExecution",
L"Suspended",L"UserRequest",L"EventPair",L"Queue",
L"LpcReceive",L"LpcReply",L"VirtualMemory",L"PageOut",
L"Rendezvous",L"Spare2",L"Spare3",L"Spare4",
L"Spare5",L"Spare6",L"Kernel"
};
#define IDC_CHECK_BIGENDIAN IDC_CHECK1
#define IDC_CHECK_UNICODE IDC_CHECK2
#define IDC_CHECK_STRING IDC_CHECK3
#define IDC_CHECK_DATA_IND IDC_CHECK4
#define IDC_CHECK_SPLIT IDC_CHECK5
#define IDC_CHECK_SPLIT_IND IDC_CHECK6
#define IDC_CHECK_MODULE IDC_CHECK7
#define IDC_CHECK_FUNCTION IDC_CHECK8
#define IDC_CHECK_HEX IDC_CHECK9
#define IDC_CHECK_LASTCHAR IDC_CHECK10
#define IDC_CHECK_NOCONTEXT IDC_CHECK11
class ProcessWindow
{
public:
ProcessWindow(HWND hDialog);
void InitProcessDlg();
void RefreshProcess();
void AttachProcess();
void DetachProcess();
void OperateThread();
void AddCurrentToProfile();
void RefreshThread(int index);
void RefreshThreadColumns(DWORD pid);
bool PerformThread(DWORD pid, DWORD tid, ThreadOperation op=OutputInformation, DWORD addr=0);
DWORD GetSelectPID();
private:
HWND hDlg;
HWND hlProcess,hlThread;
HWND hbRefresh,hbAttach,hbDetach,hbExecute,hbAddProfile;
HWND heAddr,heOutput;
HWND hrSuspend,hrResume,hrTerminate;
};
class ThreadWindow
{
public:
ThreadWindow(HWND hDialog);
void InitWindow();
void InitThread(int index);
void SetThreadInfo(int index);
void RemoveLink(int index);
void SetThread();
void SetLastSentence(DWORD select);
void ExportAllThreadText();
void ExportSingleThreadText();
private:
HWND hDlg;
HWND hcCurrentThread,hcLinkThread;
HWND hlFromThread;
HWND heInfo,heSentence,heComment;
};
class HookWindow
{
public:
HookWindow(HWND hDialog);
inline bool IsBigEndian();
inline bool IsUnicode();
inline bool IsString();
inline bool IsDataInd();
inline bool IsSplit();
inline bool IsSplitInd();
inline bool IsModule();
inline bool IsFunction();
inline bool IsHex();
inline bool IsLastChar();
inline bool IsNoContext();
void GenerateCode();
void GenerateHash(int ID);
void RemoveHook();
void ModifyHook();
void ResetDialog(const HookParam& hp);
void ResetDialog(int index);
void GetHookParam(HookParam& hp);
void InitDlg();
void ResetDlgHooks(DWORD pid, HookParam& hp);
private:
void PrintSignDWORD(LPWSTR str, DWORD d);
HWND hDlg,hCombo,hText;
HWND hcBigEndian, hcUnicode, hcString, hcDataInd,
hcSplit, hcSplitInd, hcModule, hcFunction,
hcHex, hcLastChar, hcNoContext;
HWND heAddr, heData, heDataInd, heSplit,
heSplitInd, heModule, heFunction, heHash;
HWND hbModify, hbRemove, hbModule, hbFunction, hbCode;
};
class ProfileWindow
{
public:
ProfileWindow(HWND hDialog);
void RefreshProfileList();
void StartProfileProcess();
void ResetProfile(int index);
void ResetProfileWindow(int index=-1);
void SetCurrentProfile(Profile* pf);
void SaveCurrentProfile();
void DeleteCurrentProfile();
void ExportCurrentProfile();
void ExportAllProfile();
void ImportCurrentProfile();
void DeleteItem(int last_select);
void CheckHook(int index, bool check);
bool IsHook(int index);
Profile* GetCurrentProfile();
DWORD GetCurrentSelect();
HWND hDlg,hlProfileList,hlThread,hlComment,hlLink;
HWND hePath,heHook1,heHook2,heHook3,heHook4;
HWND hcHook1,hcHook2,hcHook3,hcHook4;
HWND hbStart, hbDelete, hbSave;
HWND hcbSelect;
};
void ExportSingleProfile(ProfileNode* pfn, MyVector<WCHAR,0x1000,WCMP> &export_text);
class FilterWindow
{
public:
FilterWindow(HWND hDialog);
~FilterWindow();
void Init();
void SetCurrentChar();
void SelectCurrentChar(DWORD index);
void InitWithChar(WCHAR);
void DeleteCurrentChar();
void AddNewChar();
void DrawGlyph(WCHAR);
void ClearGlyphArea();
void SetUniChar(WCHAR);
void SetMBChar(WORD);
void SetCommitFlag();
UINT IsSJISCheck();
UINT IsUnicodeCheck();
private:
TEXTMETRIC tm;
RECT rc;
HWND hDlg;
HWND hList;
HWND hGlyph;
HDC hGlyphDC;
HBRUSH white;
HFONT hGlyphFont;
HWND hSJIS,hUnicode,hChar;
DWORD init_x,init_y;
BYTE modify,remove,commit;
};
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "common.h"
#ifdef ITHMAIN
#define ITHAPI __declspec(dllexport) __stdcall
#else
#define ITHAPI __declspec(dllimport) __stdcall
#endif
extern "C" {
void ITHAPI OutputConsole(LPWSTR str);
void ITHAPI OutputDWORD(DWORD d);
void ITHAPI OutputRegister(DWORD *base);
void ITHAPI NewHook(const HookParam& hp, LPWSTR name=0, DWORD flag=HOOK_ENGINE);
void ITHAPI RemoveHook(DWORD addr);
void ITHAPI RegisterEngineType(DWORD type);
void ITHAPI RegisterHookName(LPWSTR str, DWORD addr);
void ITHAPI SwitchTrigger(bool on=true);
DWORD ITHAPI GetFunctionAddr(char* name, DWORD* addr, DWORD *base, DWORD* size, LPWSTR* base_name);
}
\ No newline at end of file
<?xml version="1.0" encoding="shift_jis"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="ITH_DLL"
ProjectGUID="{AA147E63-3B9B-4C9F-B073-06681219A8FB}"
RootNamespace="ITH_DLL"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="2"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;ITH_DLL_EXPORTS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
LinkIncremental="2"
GenerateDebugInformation="true"
SubSystem="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="2"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
InlineFunctionExpansion="2"
EnableIntrinsicFunctions="true"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;ITH_DLL_EXPORTS"
ExceptionHandling="0"
RuntimeLibrary="2"
BufferSecurityCheck="false"
EnableFunctionLevelLinking="true"
RuntimeTypeInfo="false"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="0"
DisableSpecificWarnings="4996;4733"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ntdllp.lib"
OutputFile="$(OutDir)\ITH.dll"
LinkIncremental="1"
GenerateManifest="false"
IgnoreAllDefaultLibraries="true"
GenerateDebugInformation="false"
SubSystem="2"
TerminalServerAware="0"
OptimizeReferences="2"
EnableCOMDATFolding="2"
EntryPointSymbol="DllMain"
BaseAddress=""
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
CommandLine="..\release\EnableSEH"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\disasm.cpp"
>
</File>
<File
RelativePath=".\main.cpp"
>
</File>
<File
RelativePath=".\range.cpp"
>
</File>
<File
RelativePath=".\texthook.cpp"
>
</File>
<File
RelativePath=".\utility.cpp"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath=".\utility.h"
>
</File>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>
This diff is collapsed. Click to expand it.
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="texthook.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="pipe.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="utility.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
</Project>
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <intrin.h>
#include "utility.h"
//#include "md5.h"
#include "..\AVL.h"
#define HOOK_BUFFER_SIZE (MAX_HOOK*sizeof(TextHook))
//#define MAX_HOOK (HOOK_BUFFER_SIZE/sizeof(TextHook))
WCHAR dll_mutex[0x100];
WCHAR dll_name[0x100];
WCHAR hm_mutex[0x100];
WCHAR hm_section[0x100];
HINSTANCE hDLL;
HANDLE hSection;
bool running,live=false;
int current_hook=0,user_hook_count=0,trigger=0;
HANDLE hSendThread,hCmdThread,hFile,hMutex,hmMutex;
DWORD hook_buff_len=HOOK_BUFFER_SIZE;
//DWORD current_process_id;
extern DWORD enter_count;
extern LPWSTR current_dir;
extern DWORD engine_type;
AVLTree<char, FunctionInfo, SCMP, SCPY, SLEN> *tree;
void AddModule(DWORD hModule, DWORD size, LPWSTR name)
{
IMAGE_DOS_HEADER *DosHdr;
IMAGE_NT_HEADERS *NtHdr;
IMAGE_EXPORT_DIRECTORY *ExtDir;
UINT uj;
FunctionInfo info={0,hModule,size,name};
char* pcFuncPtr,*pcBuffer;
DWORD dwReadAddr,dwFuncName,dwExportAddr;
WORD wOrd;
DosHdr=(IMAGE_DOS_HEADER*)hModule;
if (IMAGE_DOS_SIGNATURE==DosHdr->e_magic)
{
dwReadAddr=hModule+DosHdr->e_lfanew;
NtHdr=(IMAGE_NT_HEADERS*)dwReadAddr;
if (IMAGE_NT_SIGNATURE==NtHdr->Signature)
{
dwExportAddr=NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if (dwExportAddr==0) return;
dwExportAddr+=hModule;
ExtDir=(IMAGE_EXPORT_DIRECTORY*)dwExportAddr;
dwExportAddr=hModule+ExtDir->AddressOfNames;
for (uj=0;uj<ExtDir->NumberOfNames;uj++)
{
dwFuncName=*(DWORD*)dwExportAddr;
pcBuffer=(char*)(hModule+dwFuncName);
pcFuncPtr=(char*)(hModule+(DWORD)ExtDir->AddressOfNameOrdinals+(uj*sizeof(WORD)));
wOrd=*(WORD*)pcFuncPtr;
pcFuncPtr=(char*)(hModule+(DWORD)ExtDir->AddressOfFunctions+(wOrd*sizeof(DWORD)));
info.addr=hModule+*(DWORD*)pcFuncPtr;
tree->Insert(pcBuffer,info);
dwExportAddr+=sizeof(DWORD);
}
}
}
}
void GetFunctionNames()
{
tree=new AVLTree<char, FunctionInfo, SCMP,SCPY,SLEN>;
PPEB ppeb;
__asm
{
mov eax,fs:[0x30]
mov ppeb,eax
}
DWORD temp=*(DWORD*)(&ppeb->Ldr->InLoadOrderModuleList);
PLDR_DATA_TABLE_ENTRY it=(PLDR_DATA_TABLE_ENTRY) temp;
while (it->SizeOfImage)
{
AddModule((DWORD)it->DllBase,it->SizeOfImage,it->BaseDllName.Buffer);
it=(PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
if (*(DWORD*)it==temp) break;
}
}
DWORD ITHAPI GetFunctionAddr(char* name, DWORD* addr, DWORD* base, DWORD* size, LPWSTR* base_name)
{
TreeNode<char*,FunctionInfo>* node=tree->Search(name);
if (node)
{
if (addr) *addr=node->data.addr;
if (base) *base=node->data.module;
if (size) *size=node->data.size;
if (base_name) *base_name=node->data.name;
return 1;
}
else return 0;
}
void RequestRefreshProfile()
{
if (live)
{
BYTE buffer[0x80];
*(DWORD*)buffer=-1;
*(DWORD*)(buffer+4)=1;
*(DWORD*)(buffer+8)=0;
IO_STATUS_BLOCK ios;
NtWriteFile(hPipe,0,0,0,&ios,buffer,HEADER_SIZE,0,0);
}
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
{
LdrDisableThreadCalloutsForDll(hinstDLL);
IthInitSystemService();
DWORD s;
swprintf(hm_section,L"ITH_SECTION_%d",current_process_id);
hSection=IthCreateSection(hm_section,0x2000,PAGE_EXECUTE_READWRITE);
NtMapViewOfSection(hSection,NtCurrentProcess(),(PVOID*)&hookman,0,
hook_buff_len,0,&hook_buff_len,ViewUnmap,0,PAGE_EXECUTE_READWRITE);
wcscpy(dll_name,current_dir);
//swprintf(dll_mutex,L"ITH_%.4d_%s",current_process_id,current_dir);
swprintf(dll_mutex,L"ITH_%d",current_process_id);
swprintf(hm_mutex,L"ITH_HOOKMAN_%.4d",current_process_id);
hmMutex=IthCreateMutex(hm_mutex,0);
hMutex=IthCreateMutex(dll_mutex,1,&s);
if (s) return FALSE;
hDLL=hinstDLL; running=true;
current_available=hookman;
GetFunctionNames();
InitFilterTable();
InitDefaultHook();
hSendThread=IthCreateThread(WaitForPipe,0);
hCmdThread=IthCreateThread(CommandPipe,0);
}
break;
case DLL_PROCESS_DETACH:
{
running=false;
live=false;
NtWaitForSingleObject(hSendThread,0,0);
NtWaitForSingleObject(hCmdThread,0,0);
NtClose(hCmdThread);
NtClose(hSendThread);
for (TextHook* man=hookman;man->RemoveHook();man++);
LARGE_INTEGER lint={-10000,-1};
while (enter_count) NtDelayExecution(0,&lint);
for (TextHook* man=hookman;man<hookman+MAX_HOOK;man++) man->ClearHook();
NtUnmapViewOfSection(NtCurrentProcess(),hookman);
NtClose(hSection);
NtClose(hMutex);
delete tree;
IthCloseSystemService();
NtClose(hmMutex);
break;
}
default:
break;
}
return TRUE;
}
extern "C" {
void ITHAPI RegisterEngineType(DWORD type)
{
if (live)
{
engine_type=type;
BYTE buffer[0x80];
*(DWORD*)buffer=-1;
*(DWORD*)(buffer+4)=2;
*(DWORD*)(buffer+8)=type;
IO_STATUS_BLOCK ios;
NtWriteFile(hPipe,0,0,0,&ios,buffer,HEADER_SIZE,0,0);
}
}
void ITHAPI RegisterHookName(LPWSTR str, DWORD addr)
{
if (live)
if (str)
{
int len=(wcslen(str))<<1;
BYTE buffer[0x80];
BYTE *buff=buffer;
if (len+HEADER_SIZE>=0x80)
buff=new BYTE[len+HEADER_SIZE];
*(DWORD*)buffer=-1;
*(DWORD*)(buffer+4)=0;
*(DWORD*)(buffer+8)=addr;
wcscpy(LPWSTR(buff+HEADER_SIZE),str);
IO_STATUS_BLOCK ios;
NtWriteFile(hPipe,0,0,0,&ios,buff,len+HEADER_SIZE,0,0);
if (buff!=buffer) delete buff;
}
}
void ITHAPI NewHook(const HookParam& hp, LPWSTR name, DWORD flag)
{
int current; WCHAR str[0x80];
current=current_available-hookman;
if (current>=MAX_HOOK) OutputConsole(L"Too many hooks.");
else {
if (name==0)
{
name=str;
swprintf(name,L"UserHook%d",user_hook_count++);
}
hookman[current].InitHook(hp,name,HOOK_ADDITIONAL|(flag&0xFFFF));
if (hookman[current].InsertHook()==0)
{
OutputConsole(L"Additional hook inserted.");
swprintf(str,L"Insert address 0x%.8X.",hookman[current].Address());
OutputConsole(str);
RequestRefreshProfile();
}
else OutputConsole(L"Unable to insert hook.");
}
}
void ITHAPI RemoveHook(DWORD addr)
{
for (int i=0;i<MAX_HOOK;i++)
{
if (hookman[i].Address()==addr)
{
hookman[i].ClearHook();
return;
}
}
}
void ITHAPI SwitchTrigger(bool t) {trigger=t;}
}
static int filter_count;
static DWORD recv_esp, recv_addr;
static CONTEXT recover_context;
static __declspec(naked) void MySEH()
{
__asm{
mov eax, [esp+0xC]
mov edi,eax
mov ecx,0xB3
mov esi, offset recover_context
rep movs
mov ecx, [recv_esp]
mov [eax+0xC4],ecx
mov edx, [recv_addr]
mov [eax+0xB8],edx
xor eax,eax
retn
}
}
EXCEPTION_DISPOSITION ExceptHandler(
EXCEPTION_RECORD *ExceptionRecord,
void * EstablisherFrame,
CONTEXT *ContextRecord,
void * DispatcherContext )
{
ContextRecord->Esp=recv_esp;
ContextRecord->Eip=recv_addr;
return ExceptionContinueExecution;
}
int GuardRange(LPWSTR module, DWORD* a, DWORD* b)
{
int flag=0;
__asm
{
mov eax,seh_recover
mov recv_addr,eax
push ExceptHandler
push fs:[0]
mov recv_esp,esp
mov fs:[0],esp
}
flag=FillRange(module,a,b);
__asm
{
seh_recover:
mov eax,[esp]
mov fs:[0],eax
add esp,8
}
return flag;
}
void AddRange(LPWSTR dll)
{
if (GuardRange(dll,&filter[filter_count].lower,&filter[filter_count].upper))
filter_count++;
}
void InitFilterTable()
{
filter_count=0;
AddRange(L"uxtheme.dll");
AddRange(L"usp10.dll");
AddRange(L"msctf.dll");
AddRange(L"gdiplus.dll");
AddRange(L"lpk.dll");
AddRange(L"psapi.dll");
AddRange(L"user32.dll");
}
\ No newline at end of file
/* Copyright (C) 2010-2011 kaosu (qiupf2000@gmail.com)
* This file is part of the Interactive Text Hooker.
* Interactive Text Hooker is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "utility.h"
#include "..\AVL.h"
WCHAR mutex[]=L"ITH_GRANT_PIPE";
WCHAR exist[]=L"ITH_PIPE_EXIST";
WCHAR lose_event[0x20];
WCHAR detach_mutex[0x20];
WCHAR write_event[0x20];
WCHAR engine_event[0x20];
WCHAR pipe[]=L"\\??\\pipe\\ITH_PIPE";
WCHAR command[]=L"\\??\\pipe\\ITH_COMMAND";
LARGE_INTEGER wait_time={-100*10000,-1};
LARGE_INTEGER sleep_time={-20*10000,-1};
DWORD engine_type;
HANDLE hPipe,hCommand,hDetach,hLose;
IdentifyEngineFun IdentifyEngine;
InsertDynamicHookFun InsertDynamicHook;
static DWORD base;
bool hook_inserted=0;
inline DWORD GetModuleBase(LPWSTR name)
{
__asm
{
mov eax,fs:[0x30]
mov eax,[eax+0xC]
mov esi,[eax+0x14]
mov edi,_wcsicmp
_listfind:
mov edx,[esi+0x28]
test edx,edx
jz _notfound
push edx
push name
call edi
pop edx
pop edx
test eax,eax
jz _found
mov esi,[esi]
jmp _listfind
_notfound:
xor eax,eax
jmp _termin
_found:
mov eax,[esi+0x10]
_termin:
}
}
HANDLE IthOpenPipe(LPWSTR name, ACCESS_MASK direction)
{
UNICODE_STRING us;
RtlInitUnicodeString(&us,name);
SECURITY_DESCRIPTOR sd={1};
OBJECT_ATTRIBUTES oa={sizeof(oa),0,&us,OBJ_CASE_INSENSITIVE,&sd,0};
HANDLE hFile;
IO_STATUS_BLOCK isb;
if (NT_SUCCESS(NtCreateFile(&hFile,direction,&oa,&isb,0,0,FILE_SHARE_READ,FILE_OPEN,0,0,0)))
return hFile;
else return INVALID_HANDLE_VALUE;
}
BOOL LoadEngine()
{
base=GetModuleBase(L"ITH_engine.dll");
IdentifyEngine=(IdentifyEngineFun)GetExportAddress(base,GetHash("IdentifyEngine"));
InsertDynamicHook=(InsertDynamicHookFun)GetExportAddress(base,GetHash("InsertDynamicHook"));
if (IdentifyEngine==0) return FALSE;
}
DWORD WINAPI WaitForPipe(LPVOID lpThreadParameter) //Dynamic detect ITH main module status.
{
int i;
TextHook *man;
struct
{
DWORD pid;
TextHook *man;
DWORD module;
DWORD engine;
} u;
HANDLE hMutex,hPipeExist,hEngine;
swprintf(engine_event,L"ITH_ENGINE_%d",current_process_id);
swprintf(detach_mutex,L"ITH_DETACH_%d",current_process_id);
swprintf(lose_event,L"ITH_LOSEPIPE_%d",current_process_id);
hEngine=IthCreateEvent(engine_event);
NtWaitForSingleObject(hEngine,0,0);
NtClose(hEngine);
LoadEngine();
u.module=GetModuleBase(L"ITH.dll");
u.pid=current_process_id;
u.man=hookman;
u.engine=base;
hPipeExist=IthOpenEvent(exist);
IO_STATUS_BLOCK ios;
hLose=IthCreateEvent(lose_event,0,0);
if (hPipeExist!=INVALID_HANDLE_VALUE)
while (running)
{
hPipe=INVALID_HANDLE_VALUE;
hCommand=INVALID_HANDLE_VALUE;
while (NtWaitForSingleObject(hPipeExist,0,&wait_time)==WAIT_TIMEOUT)
if (!running) goto _release;
hMutex=IthCreateMutex(mutex,0);
NtWaitForSingleObject(hMutex,0,0);
while (hPipe==INVALID_HANDLE_VALUE||
hCommand==INVALID_HANDLE_VALUE) {
NtDelayExecution(0,&sleep_time);
if (hPipe==INVALID_HANDLE_VALUE)
hPipe=IthOpenPipe(pipe,GENERIC_WRITE);
if (hCommand==INVALID_HANDLE_VALUE)
hCommand=IthOpenPipe(command,GENERIC_READ);
}
NtClearEvent(hLose);
NtWriteFile(hPipe,0,0,0,&ios,&u,16,0,0);
live=true;
for (man=hookman,i=0;i<current_hook;man++)
if (man->RecoverHook()) i++;
OutputConsole(dll_name);
OutputConsole(L"Pipe connected.");
OutputDWORD(tree->Count());
NtReleaseMutant(hMutex,0);
NtClose(hMutex);
if (!hook_inserted) {hook_inserted=true;IdentifyEngine();}
hDetach=IthCreateMutex(detach_mutex,1);
while (running&&NtWaitForSingleObject(hPipeExist,0,&sleep_time)==WAIT_OBJECT_0)
NtDelayExecution(0,&sleep_time);
live=false;
for (man=hookman,i=0;i<current_hook;man++)
if (man->RemoveHook()) i++;
if (!running)
{
NtWriteFile(hPipe,0,0,0,&ios,man,4,0,0);
IthReleaseMutex(hDetach);
}
NtClose(hDetach);
NtClose(hPipe);
}
_release:
NtClose(hLose);
NtClose(hPipeExist);
return 0;
}
void OutputModuleInformation()
{
WCHAR str[0x100];
PPEB ppeb;
__asm
{
mov eax,fs:[0x30]
mov ppeb,eax
}
DWORD temp=*(DWORD*)(&ppeb->Ldr->InLoadOrderModuleList);
PLDR_DATA_TABLE_ENTRY it=(PLDR_DATA_TABLE_ENTRY) temp;
while (*(DWORD*)it!=temp)
{
swprintf(str,L"0x%08X 0x%08X %s",it->DllBase,it->SizeOfImage,it->BaseDllName.Buffer);
OutputConsole(str);
it=(PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
}
}
DWORD WINAPI CommandPipe(LPVOID lpThreadParameter)
{
DWORD command;
BYTE buff[0x200]={0};
HANDLE hPipeExist;
hPipeExist=IthOpenEvent(exist);
IO_STATUS_BLOCK ios={0};
NTSTATUS status;
if (hPipeExist!=INVALID_HANDLE_VALUE)
while (running)
{
while (!live)
{
if (!running) goto _detach;
NtDelayExecution(0,&sleep_time);
}
status=NtReadFile(hCommand,0,0,0,&ios,buff,0x200,0,0);
if (status==STATUS_PIPE_BROKEN||
status==STATUS_PIPE_DISCONNECTED)
{
NtClearEvent(hPipeExist);
continue;
}
if (status==STATUS_PENDING)
{
NtWaitForSingleObject(hCommand,0,0);
switch (ios.Status)
{
case 0:
break;
case STATUS_PIPE_BROKEN:
case STATUS_PIPE_DISCONNECTED:
NtClearEvent(hPipeExist);
continue;
break;
default:
if (NtWaitForSingleObject(hDetach,0,&wait_time)==WAIT_OBJECT_0)
goto _detach;
}
}
if (ios.uInformation)
if (live)
{
command=*(DWORD*)buff;
switch(command)
{
case 0:
NewHook(*(HookParam*)(buff+4),0,0);
break;
case 1:
OutputModuleInformation();
break;
case 2:
{
DWORD rm_addr=*(DWORD*)(buff+4);
HANDLE hRemoved=IthOpenEvent(L"ITH_REMOVE_HOOK");
TextHook* in=hookman;
int i;
for (i=0;i<current_hook;in++)
{
if (in->Address()) i++;
if (in->Address()==rm_addr) break;
}
if (in->Address())
in->ClearHook();
IthSetEvent(hRemoved);
NtClose(hRemoved);
break;
}
case 3:
{
DWORD rm_addr=*(DWORD*)(buff+4);
HANDLE hModify=IthOpenEvent(L"ITH_MODIFY_HOOK");
TextHook* in=hookman;
int i;
for (i=0;i<current_hook;in++)
{
if (in->Address()) i++;
if (in->Address()==rm_addr) break;
}
if (in->Address())
in->ModifyHook(*(HookParam*)(buff+4));
IthSetEvent(hModify);
NtClose(hModify);
break;
}
break;
case 4:
running=false;
live=false;
goto _detach;
case 5:
break;
default:
break;
}
}
}
_detach:
NtClose(hPipeExist);
NtClose(hCommand);
return 0;
}
extern "C" {
void ITHAPI OutputConsole(LPWSTR str)
{
if (live)
if (str)
{
int len=(wcslen(str)+1)<<1;
BYTE buffer[0x80];
BYTE *buff=buffer;
if (len+HEADER_SIZE>=0x80)
buff=new BYTE[len+HEADER_SIZE];
memset(buff,0xFF,HEADER_SIZE);
wcscpy(LPWSTR(buff+HEADER_SIZE),str);
IO_STATUS_BLOCK ios;
NtWriteFile(hPipe,0,0,0,&ios,buff,len+HEADER_SIZE,0,0);
if (buff!=buffer) delete buff;
}
}
void ITHAPI OutputDWORD(DWORD d)
{
WCHAR str[0x10];
swprintf(str,L"%.8X",d);
OutputConsole(str);
}
void ITHAPI OutputRegister(DWORD *base)
{
WCHAR str[0x40];
swprintf(str,L"EAX:%.8X",base[0]);
OutputConsole(str);
swprintf(str,L"ECX:%.8X",base[-1]);
OutputConsole(str);
swprintf(str,L"EDX:%.8X",base[-2]);
OutputConsole(str);
swprintf(str,L"EBX:%.8X",base[-3]);
OutputConsole(str);
swprintf(str,L"ESP:%.8X",base[-4]);
OutputConsole(str);
swprintf(str,L"EBP:%.8X",base[-5]);
OutputConsole(str);
swprintf(str,L"ESI:%.8X",base[-6]);
OutputConsole(str);
swprintf(str,L"EDI:%.8X",base[-7]);
OutputConsole(str);
}
}
\ No newline at end of file
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff could not be displayed because it is too large.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
No preview for this file type
This diff could not be displayed because it is too large.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff could not be displayed because it is too large.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.