d1/d41/apitest__iathook_8h_source.html

#ifndef _APITEST_IATHOOK_H

#define _APITEST_IATHOOK_H


static PIMAGE_IMPORT_DESCRIPTOR FindImportDescriptor(PBYTE DllBase, PCSTR DllName)

{

    ULONG Size;

    PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor = RtlImageDirectoryEntryToData((HMODULE)DllBase, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size);

    while (ImportDescriptor->Name && ImportDescriptor->OriginalFirstThunk)

    {

        PCHAR Name = (PCHAR)(DllBase + ImportDescriptor->Name);

        if (!lstrcmpiA(Name, DllName))

        {

            return ImportDescriptor;

        }

        ImportDescriptor++;

    }

    return NULL;

}


static BOOL RedirectIat(HMODULE TargetDll, PCSTR DllName, PCSTR FunctionName, ULONG_PTR NewFunction, ULONG_PTR* OriginalFunction)

{

    PBYTE DllBase = (PBYTE)TargetDll;

    PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor = FindImportDescriptor(DllBase, DllName);

    if (ImportDescriptor)

    {

        // On loaded images, OriginalFirstThunk points to the name / ordinal of the function

        PIMAGE_THUNK_DATA OriginalThunk = (PIMAGE_THUNK_DATA)(DllBase + ImportDescriptor->OriginalFirstThunk);

        // FirstThunk points to the resolved address.

        PIMAGE_THUNK_DATA FirstThunk = (PIMAGE_THUNK_DATA)(DllBase + ImportDescriptor->FirstThunk);

        while (OriginalThunk->u1.AddressOfData && FirstThunk->u1.Function)

        {

            if (!IMAGE_SNAP_BY_ORDINAL32(OriginalThunk->u1.AddressOfData))

            {

                PIMAGE_IMPORT_BY_NAME ImportName = (PIMAGE_IMPORT_BY_NAME)(DllBase + OriginalThunk->u1.AddressOfData);

                if (!lstrcmpiA((PCSTR)ImportName->Name, FunctionName))

                {

                    DWORD dwOld;

                    VirtualProtect(&FirstThunk->u1.Function, sizeof(ULONG_PTR), PAGE_EXECUTE_READWRITE, &dwOld);

                    *OriginalFunction = FirstThunk->u1.Function;

                    FirstThunk->u1.Function = NewFunction;

                    VirtualProtect(&FirstThunk->u1.Function, sizeof(ULONG_PTR), dwOld, &dwOld);

                    return TRUE;

                }

            }

            OriginalThunk++;

            FirstThunk++;

        }

        skip("Unable to find the Import %s!%s\n", DllName, FunctionName);

    }

    else

    {

        skip("Unable to find the ImportDescriptor for %s\n", DllName);

    }

    return FALSE;

}


static BOOL RestoreIat(HMODULE TargetDll, PCSTR DllName, PCSTR FunctionName, ULONG_PTR OriginalFunction)

{

    ULONG_PTR old = 0;

    return RedirectIat(TargetDll, DllName, FunctionName, OriginalFunction, &old);

}


 #endif // _APITEST_IATHOOK_H


FunctionName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char * FunctionName
Definition: acpixf.h:1279

RestoreIat
static BOOL RestoreIat(HMODULE TargetDll, PCSTR DllName, PCSTR FunctionName, ULONG_PTR OriginalFunction)
Definition: apitest_iathook.h:57

FindImportDescriptor
static PIMAGE_IMPORT_DESCRIPTOR FindImportDescriptor(PBYTE DllBase, PCSTR DllName)
Definition: apitest_iathook.h:4

RedirectIat
static BOOL RedirectIat(HMODULE TargetDll, PCSTR DllName, PCSTR FunctionName, ULONG_PTR NewFunction, ULONG_PTR *OriginalFunction)
Definition: apitest_iathook.h:20

skip
#define skip(...)
Definition: atltest.h:64

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

void
Definition: nsiface.idl:2307

lstrcmpiA
int WINAPI lstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:42

PCHAR
#define PCHAR
Definition: match.c:90

PAGE_EXECUTE_READWRITE
#define PAGE_EXECUTE_READWRITE
Definition: nt_native.h:1308

IMAGE_SNAP_BY_ORDINAL32
#define IMAGE_SNAP_BY_ORDINAL32(Ordinal)
Definition: ntimage.h:524

PIMAGE_THUNK_DATA
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
Definition: ntimage.h:566

IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

PIMAGE_IMPORT_BY_NAME
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME

NameRec_
Definition: apinames.c:49

_IMAGE_IMPORT_BY_NAME
Definition: pedump.c:329

_IMAGE_IMPORT_BY_NAME::Name
BYTE Name[1]
Definition: pedump.c:331

_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572

_IMAGE_IMPORT_DESCRIPTOR::FirstThunk
ULONG FirstThunk
Definition: ntimage.h:580

_IMAGE_IMPORT_DESCRIPTOR::Name
ULONG Name
Definition: ntimage.h:579

_IMAGE_IMPORT_DESCRIPTOR::OriginalFirstThunk
ULONG OriginalFirstThunk
Definition: ntimage.h:575

_IMAGE_THUNK_DATA32
Definition: ntimage.h:510

_IMAGE_THUNK_DATA32::u1
union _IMAGE_THUNK_DATA32::@2111 u1

_IMAGE_THUNK_DATA32::Function
ULONG Function
Definition: ntimage.h:513

_IMAGE_THUNK_DATA32::AddressOfData
ULONG AddressOfData
Definition: ntimage.h:515

PCSTR
const char * PCSTR
Definition: typedefs.h:52

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

ULONG
uint32_t ULONG
Definition: typedefs.h:59

PCHAR
char * PCHAR
Definition: typedefs.h:51

Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

VirtualProtect
BOOL NTAPI VirtualProtect(IN LPVOID lpAddress, IN SIZE_T dwSize, IN DWORD flNewProtect, OUT PDWORD lpflOldProtect)
Definition: virtmem.c:135