DllProxy/dllmain.cpp at main · wangdaye078/DllProxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Generated by  AheadLib4x64 v1.0 ----by:W1nds
// https://github.com/w1nds/AheadLib64
#include <Windows.h>
#include <tchar.h>
#include <string>

#ifdef NDEBUG
#include "export37.h"
#else
#include "export37_d.h"
#endif

//#pragma comment(linker, "/EXPORT:PyAST_Compile=python38.PyAST_Compile,@1")
//#pragma comment(linker, "/EXPORT:@2=python38.#2,@2,NONAME")
//#pragma comment(linker, "/EXPORT:@3=repatch_moudle,@3,NONAME")
#pragma comment(linker, "/EXPORT:repatch_moudle=repatch_moudle")

// 宏定义
#define EXTERNC extern "C"
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
HMODULE m_hOwnModule = NULL;	// 原始模块句柄

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//查找自己的输出表，修改跳转的函数名所在模块
EXTERNC int WINAPI repatch_moudle(PCSTR _oldDllName, PCSTR _newDllName)
{
	std::string t_oldDllName(_oldDllName);
	std::string t_newDllName(_newDllName);

	PIMAGE_DOS_HEADER t_pDosHeader = reinterpret_cast<PIMAGE_DOS_HEADER>(m_hOwnModule);
	PIMAGE_NT_HEADERS t_pNTHeader = reinterpret_cast<PIMAGE_NT_HEADERS>(reinterpret_cast<PBYTE>(t_pDosHeader) + t_pDosHeader->e_lfanew);
	if (t_pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
		return 0;
	int t_reloc = 0;
	PIMAGE_EXPORT_DIRECTORY t_exportTable = (PIMAGE_EXPORT_DIRECTORY)((PBYTE)m_hOwnModule + t_pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
	DWORD t_oldProtect, t_newProtect;
	t_newProtect = PAGE_READWRITE;
	VirtualProtect(t_exportTable, t_pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size, t_newProtect, &t_oldProtect);

	DWORD t_numberOfFunctions = t_exportTable->NumberOfFunctions;
	DWORD* t_addressOfNames = (DWORD*)((PBYTE)m_hOwnModule + t_exportTable->AddressOfNames);
	WORD* t_addressOfNameOrdinals = (WORD*)((PBYTE)m_hOwnModule + t_exportTable->AddressOfNameOrdinals);
	DWORD* t_addressOfFunctions = (DWORD*)((PBYTE)m_hOwnModule + t_exportTable->AddressOfFunctions);
	FARPROC t_funcAddress = 0;
	for (DWORD i = 0; i < t_numberOfFunctions; i++)
	{
		t_funcAddress = (FARPROC)((PBYTE)m_hOwnModule + (DWORD)t_addressOfFunctions[t_addressOfNameOrdinals[i]]);
		if (t_funcAddress > (FARPROC)t_exportTable &&
			t_funcAddress < (FARPROC)((PBYTE)t_exportTable + t_pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
		{
			std::string t_szOldFullName((char*)t_funcAddress);
			size_t t_pos = t_szOldFullName.find('.');
			std::string t_DllName = t_szOldFullName.substr(0, t_pos);
			std::string t_szProcName = t_szOldFullName.substr(t_pos + 1);
			//新DLL名比老的长的话，写进去会破坏原有结构
			if (t_DllName.length() < t_newDllName.length())
				continue;
			//只替换要替换的那部分
			if (t_DllName == t_oldDllName)
			{
				std::string t_szNewFullName = t_newDllName + "." + t_szProcName;
				memcpy(t_funcAddress, t_szNewFullName.c_str(), t_szNewFullName.length() + 1);
				t_reloc++;
			}
		}
	}
	VirtualProtect(t_exportTable, t_pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size, t_oldProtect, &t_newProtect);
	return t_reloc;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// 入口函数
BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
	if (dwReason == DLL_PROCESS_ATTACH)
	{
		m_hOwnModule = hModule;
	}
	else if (dwReason == DLL_PROCESS_DETACH)
	{
	}
	return TRUE;
}