Changeset 9617 for trunk/src/kernel32/winimagepeldr.cpp

Timestamp:

Jan 5, 2003, 1:31:26 PM (23 years ago)

Author:

sandervl

Message:

added dll load hook and function to override named or ordinal exports

File:

• trunk/src/kernel32/winimagepeldr.cpp (modified) (11 diffs)

trunk/src/kernel32/winimagepeldr.cpp

@@ -1 @@
-/* $Id: winimagepeldr.cpp,v 1.102 2002-12-20 11:39:42 sandervl Exp $ */
+/* $Id: winimagepeldr.cpp,v 1.103 2003-01-05 12:31:25 sandervl Exp $ */
 
 /*
@@ -44 +44 @@
 #include <win32api.h>
 #include <heapcode.h>
+#include <custombuild.h>
 #include "winimagebase.h"
 #include "winimagepeldr.h"
@@ -1372 +1373 @@
 }
 //******************************************************************************
+//Install a hook that gets called when the exports have been processed
+//******************************************************************************
+static ODINPROC_DLLLOAD pfnDllLoad = NULL;
+//******************************************************************************
+BOOL WIN32API ODIN_SetDllLoadCallback(ODINPROC_DLLLOAD pfnMyDllLoad)
+{
+    pfnDllLoad = pfnMyDllLoad;
+    return TRUE;
+}
+//******************************************************************************
 //******************************************************************************
 BOOL Win32PeLdrImage::processExports(char *win32file)
@@ -1437 +1448 @@
         }
     }
+  }
+
+  //Call the dll load hook; must be done here so noone has the opportunity
+  //to use this dll (get exports)
+  if(pfnDllLoad) {
+      pfnDllLoad(hinstance);
   }
 
@@ -1915 +1932 @@
 //******************************************************************************
 //******************************************************************************
-ULONG Win32PeLdrImage::getApi(char *name)
+NameExport *Win32PeLdrImage::findApi(char *name)
 {
   ULONG       apiaddr, i, apilen;
@@ -1940 +1957 @@
         {
             if(strcmp(curexport->name, apiname) == 0)
-                return(curexport->virtaddr);
+                return curexport;
         }
         curexport = (NameExport *)((ULONG)curexport->name + curexport->nlength);
     }
-    return(0);
-}
-//******************************************************************************
-//******************************************************************************
-ULONG Win32PeLdrImage::getApi(int ordinal)
+    return NULL;
+}
+//******************************************************************************
+//******************************************************************************
+ULONG Win32PeLdrImage::getApi(char *name)
+{
+    NameExport *curexport;
+
+    curexport = findApi(name);
+    if(curexport) {
+        return(curexport->virtaddr);
+    }
+    return 0;
+}
+//******************************************************************************
+//Override a name export
+//******************************************************************************
+ULONG Win32PeLdrImage::setApi(char *name, ULONG pfnNewProc)
+{
+    NameExport *curexport;
+
+    curexport = findApi(name);
+    if(curexport) {
+        ULONG pfnOldProc = curexport->virtaddr;
+
+        curexport->virtaddr = pfnNewProc;
+        return pfnOldProc;
+    }
+    return -1;
+}
+//******************************************************************************
+//******************************************************************************
+OrdExport *Win32PeLdrImage::findApi(int ordinal)
 {
  ULONG       apiaddr, i;
  OrdExport  *curexport;
- NameExport *nexport;
 
     curexport = ordexports;
@@ -1978 +2022 @@
     else
       if (iThisExport == ordinal)   // found the export?
-        return curexport[i].virtaddr;
+        return &curexport[i];
       else
         i -= min(iStep, (iThisExport-ordinal));                 // move farther up the list
@@ -2003 +2047 @@
           iThisExport = curexport[i].ordinal;
           if(iThisExport == ordinal)
-            return(curexport[i].virtaddr);
+            return &curexport[i];
           else
             if (iThisExport > ordinal)
@@ -2018 +2062 @@
           iThisExport = curexport[i].ordinal;
           if(curexport[i].ordinal == ordinal)
-            return(curexport[i].virtaddr);
+            return &curexport[i];
           else
             if (iThisExport < ordinal)
@@ -2030 +2074 @@
     }
   }
+  return NULL;
+}
+//******************************************************************************
+//******************************************************************************
+ULONG Win32PeLdrImage::getApi(int ordinal)
+{
+    OrdExport  *curexport;
+    NameExport *nexport;
+
+    curexport = findApi(ordinal);
+    if(curexport) {
+        return curexport->virtaddr;
+    }
 
     //Name exports also contain an ordinal, so check this
     nexport = nameexports;
-    for(i=0;i<nrNameExports;i++) {
+    for(int i=0;i<nrNameExports;i++) {
         if(nexport->ordinal == ordinal)
             return(nexport->virtaddr);
@@ -2040 +2097 @@
     }
     return(0);
+}
+//******************************************************************************
+//Override an ordinal export
+//******************************************************************************
+ULONG Win32PeLdrImage::setApi(int ordinal, ULONG pfnNewProc)
+{
+    OrdExport  *curexport;
+    NameExport *nexport;
+
+    curexport = findApi(ordinal);
+    if(curexport) {
+        ULONG pfnOldProc = curexport->virtaddr;
+
+        curexport->virtaddr = pfnNewProc;
+        return pfnOldProc;
+    }
+
+    //Name exports also contain an ordinal, so check this
+    nexport = nameexports;
+    for(int i=0;i<nrNameExports;i++) 
+    {
+        if(nexport->ordinal == ordinal) {
+            ULONG pfnOldProc = nexport->virtaddr;
+
+            nexport->virtaddr = pfnNewProc;
+            return pfnOldProc;
+        }
+
+        nexport = (NameExport *)((ULONG)nexport->name + nexport->nlength);
+    }
+    return -1;
 }
 //******************************************************************************