public string generate_function_code_GlobalFunction(ParsedFunc func) { string result = ""; result += "\r\n"; result += "//////////////////////////////////////////////////////////////////\r\n"; result += "// " + func.func_name + " Hooking\r\n"; result += "//////////////////////////////////////////////////////////////////\r\n"; result += "\r\n"; //split return type from function description Tokenizer t = new Tokenizer(func.return_type); string return_type = ""; string call_type = ""; string tok = null; while (true) { tok = t.NextToken(); if (null == tok) { break; } if (tok.Contains("__declspec") || tok.Contains("__stdcall")) { if (!tok.Contains("__declspec(dllimport)")) { call_type += tok + " "; } } else { return_type += tok + " "; } } //////////// // typedef //////////// result += "typedef " + return_type; result += " (" + call_type + "*" + func.func_name + "_FPTR)(\r\n"; bool bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t"; if (!bFirst) { result += ","; } result += arg.arg_type + " "; result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t);\r\n"; ////////////////////////// // orig func pointer ////////////////////////// result += func.func_name + "_FPTR g_" + func.func_name + "_ORIG = NULL;\r\n"; ///////////////////////////// // detour function ///////////////////////////// result += return_type + " " + call_type + " " + func.func_name + "_DETOUR (\r\n"; bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t"; if (!bFirst) { result += ","; } result += arg.arg_type + " "; result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t)\r\n"; result += "{\r\n"; //assert to test the orig func pointer is valid result += "\tassert(g_" + func.func_name + "_ORIG);\r\n"; //call the orig function result += "\t"; if ("void " != return_type) { result += "return "; } result += "\tg_" + func.func_name + "_ORIG(\r\n"; bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t\t"; if (!bFirst) { result += ","; } result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t\t);\r\n"; result += "}\r\n"; // show to hook code itself result += "\r\n...\r\n"; result += "void Init_" + func.func_name + "_Hook()\r\n"; result += "{\r\n"; //HMODULE hUser32 = LoadLibrary("user32.dll"); //TODO: identify module for system functions result += "\tHMODULE hmod = LoadLibraryA(\"??????.dll\")\r\n"; result += "\tassert(hmod);\r\n"; result += "\tif (hmod)\r\n"; result += "\t{\r\n"; result += "\t\tg_" + func.func_name + "_ORIG = (" + func.func_name + "_FPTR) GetProcAddress(hmod,\"" + func.func_name + "\");\r\n"; result += "\t\tassert(g_" + func.func_name + "_ORIG);\r\n"; result += "\t\tif (g_" + func.func_name + "_ORIG)\r\n"; result += "\t\t{\r\n"; //BOOL hook_res = Mhook_SetHook((PVOID*) &g_MessageBoxA_Orig, MessageBoxA_Detour); result += "\t\t\t BOOL hook_res = Mhook_SetHook((PVOID*) &g_" + func.func_name + "_ORIG, " + func.func_name + "_DETOUR);\r\n"; result += "\t\t\t assert(hook_res);\r\n"; result += "\t\t}\r\n"; result += "\t}\r\n"; result += "}\r\n"; result += "\r\n...\r\n"; return(result); }
private ParsedFunc parse_func() { ParsedFunc func = new ParsedFunc(); string tok; string prev = ""; bool arg_list_started = false; bool arg_list_ended = false; func.return_type = ""; //might not have return value - constructor/destructor int scope_depth = 0; int template_scope_depth = 0; func.args_list = new List <ParsedArgument>(); ParsedArgument arg = new ParsedArgument(); //bool first_arg = true; tok = m_MainTokenizer.NextToken(); prev = tok; //using one lookahead. while (tok != null) { tok = m_MainTokenizer.NextToken(); //note: i do not support const functions. if (";" == tok) { if (prev == "}") { return(null); } if (func.func_name == func.return_type) { //constructor/destructor func.return_type = ""; } return(func); } if ("<" == prev) { template_scope_depth++; } else if (">" == prev) { template_scope_depth--; } if ("{" == prev) { scope_depth++; } else if ("}" == prev) { scope_depth--; if (scope_depth < 0) { return(null); } } else { //if we're in deeper scope, then it's function definition which we don't care about. if (0 == scope_depth) { if ("(" == tok) { arg_list_started = true; func.func_name = prev; } else if (")" == prev) { arg_list_ended = true; } else /*if (";" == prev) * { * if (func.func_name == func.return_type) * { * //constructor/destructor * func.return_type = ""; * } * * * return func; * } * else*/ { if (!arg_list_started && !arg_list_ended) { if (prev.Contains("__declspec") || prev.Contains("__stdcall") || prev.Contains("virtual")) { if (!prev.Contains("__declspec(dllimport)") && !prev.Contains("__declspec(nothrow)") && !prev.Contains("virtual")) { if (func.call_type != "") { func.call_type += " "; } func.call_type += prev; } } else { if (func.return_type != "") { func.return_type += " "; } func.return_type += prev; } } else if (arg_list_started == true && !arg_list_ended) { if (("(" != prev && "," != prev) || 0 != template_scope_depth) { if (("," == tok || ")" == tok) && 0 == template_scope_depth) // if next is "," or ")" and we're not inside a template definition { arg.arg_name = prev; func.args_list.Add(arg); arg = new ParsedArgument(); } else { arg.arg_type += prev + " "; } } } } } } prev = tok; } Debug.Print("Error! text ended before func declaration ended.\n"); return(null); }
public string generate_function_code_GlobalFunction(ParsedFunc func) { string result = ""; result += "\r\n"; result += "//////////////////////////////////////////////////////////////////\r\n"; result += "// " + func.func_name + " Hooking\r\n"; result += "//////////////////////////////////////////////////////////////////\r\n"; result += "\r\n"; //split return type from function description Tokenizer t = new Tokenizer(func.return_type); string return_type = ""; string call_type = ""; string tok = null; while (true) { tok = t.NextToken(); if (null == tok) break; if (tok.Contains("__declspec") || tok.Contains("__stdcall")) { if (!tok.Contains("__declspec(dllimport)")) { call_type += tok + " "; } } else { return_type += tok + " "; } } //////////// // typedef //////////// result += "typedef " + return_type; result += " (" + call_type + "*" + func.func_name + "_FPTR)(\r\n"; bool bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t"; if (!bFirst) { result += ","; } result += arg.arg_type + " "; result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t);\r\n"; ////////////////////////// // orig func pointer ////////////////////////// result += func.func_name + "_FPTR g_" + func.func_name + "_ORIG = NULL;\r\n"; ///////////////////////////// // detour function ///////////////////////////// result += return_type + " " + call_type + " " + func.func_name + "_DETOUR (\r\n"; bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t"; if (!bFirst) { result += ","; } result += arg.arg_type + " "; result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t)\r\n"; result += "{\r\n"; //assert to test the orig func pointer is valid result += "\tassert(g_" + func.func_name + "_ORIG);\r\n"; //call the orig function result += "\t"; if ("void " != return_type) { result += "return "; } result += "\tg_" + func.func_name + "_ORIG(\r\n"; bFirst = true; foreach (ParsedArgument arg in func.args_list) { result += "\t\t"; if (!bFirst) { result += ","; } result += arg.arg_name + "\r\n"; bFirst = false; } result += "\t\t);\r\n"; result += "}\r\n"; // show to hook code itself result += "\r\n...\r\n"; result += "void Init_" + func.func_name + "_Hook()\r\n"; result += "{\r\n"; //HMODULE hUser32 = LoadLibrary("user32.dll"); //TODO: identify module for system functions result += "\tHMODULE hmod = LoadLibraryA(\"??????.dll\")\r\n"; result += "\tassert(hmod);\r\n"; result += "\tif (hmod)\r\n"; result += "\t{\r\n"; result += "\t\tg_" + func.func_name + "_ORIG = (" + func.func_name + "_FPTR) GetProcAddress(hmod,\"" + func.func_name + "\");\r\n"; result += "\t\tassert(g_" + func.func_name + "_ORIG);\r\n"; result += "\t\tif (g_" + func.func_name + "_ORIG)\r\n"; result += "\t\t{\r\n"; //BOOL hook_res = Mhook_SetHook((PVOID*) &g_MessageBoxA_Orig, MessageBoxA_Detour); result += "\t\t\t BOOL hook_res = Mhook_SetHook((PVOID*) &g_" + func.func_name + "_ORIG, " + func.func_name + "_DETOUR);\r\n"; result += "\t\t\t assert(hook_res);\r\n"; result += "\t\t}\r\n"; result += "\t}\r\n"; result += "}\r\n"; result += "\r\n...\r\n"; return result; }