A few minor changes:
- Expose detour_is_imported via a new public function DetourIsFunctionImported
- Make certain runtime checks happy by masking pbTarget before casting to smaller type
- Enable user to compile with a different number of supported section headers (leaves default at 32)
warning C6553: The annotation for function 'PF_SymLoadModule64' on
_Param_(6) does not apply to a value type.
Flagged By: VS 17.1.0 (CL.exe 14.31.31103)
The github windows-2016 runner is being deprecated in the middle of
March. So lets pre-emptively move off of that and on to the next version
of the runner so we are still testing all the versions of windows we
have available.
Delete the payload after finish associated task, and need change the `DETOUR_EXE_RESTORE_GUID`'s value for compatibility with these dlls that compiled by old version Detours.
For example:
- Create a pair of dlls named `dll_createwith_mysocks_32/64.dll`, their function is hooked `CreateProcess` to create any new process with it.
- Create a 32bit exe(named exe_socks) use dll_createwith_mysocks_32.dll by PE import table. So it starts any process will with dll_createwith_mysocks_32/64.dll.
- Now it starts a 32bit exe (named exe_vs), but exe_vs will load a dll (named dll_createwith_myluainject_32/64.dll) that build with detours and their function is hooked `CreateProcess` to create any new process with it.
So if `exe_vs` starts a 64bit exe, `DetourCreateProcessXXX` API will only restore the first IAT which was modified by `dll_createwith_mysocks_32/64.dll`, and `dll_createwith_myluainject_32/64.dll` modified IAT will not restore.
Because they create payload with the same GUID `DETOUR_EXE_RESTORE_GUID`, Detours will do restore with the first founded payload twice. To fix this we need to delete the payload after the associated task finishes, immediately. If we do this then the payload with GUID `DETOUR_EXE_RESTORE_GUID` can be used by the next dll that complied by Detours.
And for compatible with these dlls that compiled by old version Detours which we don`t have source code to recompile these. So we need change `DETOUR_EXE_RESTORE_GUID`'s value to a new value, so even these dlls can not delete the payload, because we only search the new `DETOUR_EXE_RESTORE_GUID`'s value's payload, the old playload things will not executed by us.
Other improvements:
- Makes the pcbData parameter in DetourFindPayload and DetourFindPayloadEx optional, so that if an application only needs to search for the presence of a payload, they can ignore the size by passing nullptr.
- Makes the pvData parameter in DetourCopyPayloadToProcess const, so that a pointer to a const C++ object can be passed instead of the object needing to be const_casted or being non-const.
- Adds DetourCopyPayloadToProcessEx, which has the same interface than DetourCopyPayloadToProcess, but it returns the address of the payload in the remote module, if the program later wants to write to it.
- Add payload example and extra unit tests covering new APIs.
Fixes#79
Co-authored-by: Charles Milette <me@charlesmilette.net>
When injecting a DLL into a process, it is possible that the process memory has been corrupted. The values in the import table for the process could be incorrect, which could cause an integer overflow when calculating the size of the new import table. Add code to protect against this to UPDATE_IMPORTS_XX.
Spotted with MinGW32 g++
* `uimports.cpp`: `IMAGE_DATA_DIRECTORY.VirtualAddress` is a `DWORD`
type, not a pointer type, so compare against a scalar type.
* `creatwth.cpp`: `LoadNtHeaderFromProcess` returns a `BOOL`, so compare
with falsey check.
```sh
i686-w64-mingw32-g++ -c -Wall -Wextra -Wpedantic ./creatwth.cpp
# In file included from ./creatwth.cpp:329:
# ./uimports.cpp: In function 'BOOL UpdateImports32(HANDLE, HMODULE, const CHAR**, DWORD)':
# ./uimports.cpp:109:48: warning: NULL used in arithmetic [-Wpointer-arith]
# 109 | if (inh.IMPORT_DIRECTORY.VirtualAddress != NULL && inh.IMPORT_DIRECTORY.Size == 0) {
# | ^~~~
# ./creatwth.cpp: In function 'BOOL DetourUpdateProcessWithDllEx(HANDLE, HMODULE, BOOL, const CHAR**, DWORD)':
# ./creatwth.cpp:624:80: warning: NULL used in arithmetic [-Wpointer-arith]
# 624 | if (hModule == NULL || LoadNtHeaderFromProcess(hProcess, hModule, &inh) == NULL) {
# | ^~~~
```
The CI builds now report this warning:
```
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary.
Please remove this step as Code Scanning recommends analyzing the merge commit for best results
```
This step was recommended, but is now unnecessary apparently.
Fix can not use createwith api to start some unnormal exe, like chinese online, commercial, protected game dnf.exe https://dnf.qq.com/, but this exe can start run by explorer.
- Import the Catch2 self-contained C++ test framework.
It's used by many Microsoft OSS projects:
- https://github.com/microsoft/cppwinrt/tree/master/test
- https://github.com/microsoft/wil/tree/master/tests
As well as many OSS projects in general.
When the CMake PR is merged, we can remove this as
a checked in development dependency, and can instead
download it using CMake.
- Start basic set of unit tests to validate failure modes of
- Hook the execution into the existing NMake build system.
- Hook test execution into CI pipeline
Currently we can not use createwith API to start exes which path contain special characters or unicode languages like Chinese.
This change fixes that by formatting the string path correctly.
microsoft-github-policy-service[bot]
fishjam
JohnMcPMS
msftbot[bot]
dependabot[bot]
Brian Gianforcaro
Rene Nyffenegger
Mathias Berchtold
Jay Krell
Brian Gianforcaro
sonyps5201314
R. Elliott Childre
Charles Milette
David Tarditi
Rene Nyffenegger
Reinier Torenbeek
Dustin Spicuzza
number201724
Yogesh B
Jay Krell