pcacc
/
myvtm


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
							#ifndef __IATPACH_H__
#define __IATPACH_H__

#pragma once

#include "config.h"

#ifdef __cplusplus
extern "C" {
#endif

// note: you need to keep this one from windbg 
#include "DbgHelp.h"

// This structure allows us to build a table of APIs which should be patched
// through to replacement functions provided by VLD.
typedef struct patchentry_s
{
	LPCSTR  exportmodulename; // The name of the module exporting the patched API.
	LPCSTR  importname;       // The name (or ordinal) of the imported API being patched.
	LPSTR   modulepath;       // (Optional) module path. If the module is loaded, then VLD will fill this in at startup.
	LPCVOID replacement;      // Pointer to the function to which the imported API should be patched through to.
} patchentry_t;


// pe_is_import - Determines if the specified module imports the named import
//   from the named exporting module.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//  - importmodule (IN): Handle (base address) of the module to be searched to
//      see if it imports the specified import.
//
//  - exportmodulename (IN): ANSI string containing the name of the module that
//      exports the import to be searched for.
//
//  - importname (IN): ANSI string containing the name of the import to search
//      for. May be an integer cast to a string if the import is exported by
//      ordinal.
//
//  Return Value:
//
//    Returns TRUE if the module imports to the specified import. Otherwise
//    returns FALSE.
//
TOOLKIT_API BOOL pe_is_import_entry(HMODULE importmodule, LPCSTR exportmodulename, LPCSTR importname);

// pe_is_patch - Determines if the specified module has been patched to use the
//   specified replacement.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//  - importmodule (IN): Handle (base address) of the module to be searched to
//      see if it imports the specified replacement export.
//
//  - exportmodulename (IN): ANSI string containing the name of the module that
//      normally exports that import that would have been patched to use the
//      replacement export.
//
//  - replacement (IN): Address of the replacement, or destination, function or
//      variable to search for.
//
//  Return Value:
//
//    Returns TRUE if the module has been patched to use the specified
//    replacement export.
//
TOOLKIT_API BOOL pe_is_patch_entry(HMODULE importmodule, LPCSTR exportmodulename, LPCVOID replacement);

// pe_is_patch - Checks to see if any of the imports listed in the specified
//   patch table have been patched into the specified importmodule.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//  - importmodule (IN): Handle (base address) of the module to be queried to
//      determine if it has been patched.
//
//  - patchtable (IN): An array of patchentry_t structures specifying all of the
//      import patches to search for.
//
//  - tablesize (IN): Size, in entries, of the specified patch table.
//
//  Return Value:
//
//    Returns TRUE if at least one of the patches listed in the patch table is
//    installed in the importmodule. Otherwise returns FALSE.
//
TOOLKIT_API BOOL pe_is_patch(HMODULE importmodule, patchentry_t patchtable [], UINT tablesize);

// pe_patch_import_str - Patches all future calls to an imported function, or references
//   to an imported variable, through to a replacement function or variable.
//   Patching is done by replacing the import's address in the specified target
//   module's Import Address Table (IAT) with the address of the replacement
//   function or variable.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//  - importmodule (IN): Handle (base address) of the target module for which
//      calls or references to the import should be patched.
//
//  - exportmodulename (IN): ANSI string containing the name of the module that
//      exports the function of variable to be patched. This parameter must not
//      be NULL.
//
//  - exportmodulepath (IN): (Optional) ANSI string containing the fully
//      qualified path of the module that exports the function or variable to be
//      patched. This parameter may be NULL. However, it is recommended that
//      this parameter be provided if possible, especially for any DLLs that may
//      reside in the side-by-side cache.
//
//  - importname (IN): ANSI string containing the name of the imported function
//      or variable to be patched. May be an integer cast to a string if the
//      import is exported by ordinal.
//
//  - replacement (IN): Address of the function or variable to which future
//      calls or references should be patched through to. This function or
//      variable can be thought of as effectively replacing the original import
//      from the point of view of the module specified by "importmodule".
//
//  Return Value:
//
//    Returns TRUE if the patch was installed into the import module. If the
//    import module does not import the specified export, so nothing changed,
//    then FALSE will be returned.
//   
TOOLKIT_API BOOL pe_patch_entry(HMODULE importmodule, LPCSTR exportmodulename, LPCSTR exportmodulepath, LPCSTR importname,
				  LPCVOID replacement);

// pe_patch - Patches all imports listed in the supplied patch table, and
//   which are imported by the specified module, through to their respective
//   replacement functions.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//   Note: If the specified module does not import any of the functions listed
//     in the patch table, then nothing is changed for the specified module.
//
//  - importmodule (IN): Handle (base address) of the target module which is to
//      have its imports patched.
//
//  - patchtable (IN): An array of patchentry_t structures specifying all of the
//      imports to patch for the specified module.
//
//  - tablesize (IN): Size, in entries, of the specified patch table.
//
//  Return Value:
//
//    Returns TRUE if at least one of the patches listed in the patch table was
//    installed in the importmodule. Otherwise returns FALSE.
//
TOOLKIT_API BOOL pe_patch(HMODULE importmodule, patchentry_t patchtable [], UINT tablesize);

// pe_restore_patch_entry - Restores the IAT entry for an import previously patched via
//   a call to "patchimport" to the original address of the import.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//  - importmodule (IN): Handle (base address) of the target module for which
//      calls or references to the import should be restored.
//
//  - exportmodulename (IN): ANSI string containing the name of the module that
//      exports the function of variable to be patched. This prarameter must not
//      be NULL.
//
//  - exportmodulepath (IN): (Optional) ANSI string containing the fully
//      qualified path of the module that exports the function or variable to be
//      patched. This parameter may be NULL. However, it is recommended that
//      this parameter be provided if possible, especially for any DLLs that may
//      reside in the side-by-side cache.
//
//  - importname (IN): ANSI string containing the name of the imported function
//      or variable to be restored. May be an integer cast to a string if the
//      import is exported by ordinal.
//
//  - replacement (IN): Address of the function or variable which the import was
//      previously patched through to via a call to "patchimport".
//
//  Return Value:
//
//    None.
//  
TOOLKIT_API VOID pe_restore_patch_entry(HMODULE importmodule, LPCSTR exportmodulename, LPCSTR exportmodulepath, LPCSTR importname,
					LPCVOID replacement);

// restoremodule - Restores all imports listed in the supplied patch table, and
//   which are imported by the specified module, to their original functions.
//
//   Caution: This function is not thread-safe. It calls into the Debug Help
//     Library which is single-threaded. Therefore, calls to this function must
//     be synchronized.
//
//   Note: If the specified module does not import any of the functions listed
//     in the patch table, then nothing is changed for the specified module.
//
//  - importmodule (IN): Handle (base address) of the target module which is to
//      have its imports restored.
//
//  - patchtable (IN): Array of patchentry_t structures specifying all of the
//      imports to restore for the specified module.
//
//  - tablesize (IN): Size, in entries, of the specified patch table.
//
//  Return Value:
//
//    None.
//
TOOLKIT_API VOID pe_restore_patch(HMODULE importmodule, patchentry_t patchtable [], UINT tablesize);

#ifdef __cplusplus
} // extern "C" {
#endif

#endif //__IATPACH_H__