-
Notifications
You must be signed in to change notification settings - Fork 11
/
gominhook.go
245 lines (227 loc) · 11.3 KB
/
gominhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
package gominhook
import (
"errors"
"syscall"
"unsafe"
)
/*
#cgo CFLAGS: -I${SRCDIR}/MinHook_133_bin/include
#cgo amd64 LDFLAGS: -L${SRCDIR}/MinHook_133_bin/bin -lMinHook.x64
#cgo 386 LDFLAGS: -L${SRCDIR}/MinHook_133_bin/bin -lMinHook.gcc.x86
#include "MinHook.h"
*/
import "C"
// Status for MH_STATUS
// MinHook Error Codes.
type _Status int
// const for enum STAUS
// MinHook Error Codes.
const (
_Unknown _Status = C.MH_UNKNOWN // -1 // Unknown error. Should not be returned.
_OK _Status = C.MH_OK // 0 // Successful.
_ErrorAlreadyInitialized _Status = C.MH_ERROR_ALREADY_INITIALIZED // 1 // MinHook is already initialized.
_ErrorNotInitialized _Status = C.MH_ERROR_NOT_INITIALIZED // 2 // MinHook is not initialized yet, or already uninitialized.
_ErrorAlreadyCreated _Status = C.MH_ERROR_ALREADY_CREATED // 3 // The hook for the specified target function is already created.
_ErrorNotCreated _Status = C.MH_ERROR_NOT_CREATED // 4 // The hook for the specified target function is not created yet.
_ErrorEnabled _Status = C.MH_ERROR_ENABLED // 5 // The hook for the specified target function is already enabled.
_ErrorDisabled _Status = C.MH_ERROR_DISABLED // 6 // The hook for the specified target function is not enabled yet, or already disabled.
_ErrorNotExecutable _Status = C.MH_ERROR_NOT_EXECUTABLE // 7 // The specified pointer is invalid. It points the address of non-allocated and/or non-executable region.
_ErrorUnsupportedFunction _Status = C.MH_ERROR_UNSUPPORTED_FUNCTION // 8 // The specified target function cannot be hooked.
_ErrorMemoryAlloc _Status = C.MH_ERROR_MEMORY_ALLOC // 9 // Failed to allocate memory.
_ErrorMemoryProtect _Status = C.MH_ERROR_MEMORY_PROTECT // 10 // Failed to change the memory protection.
_ErrorModuleNotFound _Status = C.MH_ERROR_MODULE_NOT_FOUND // 11 // The specified module is not loaded.
_ErrorFunctionNotFound _Status = C.MH_ERROR_FUNCTION_NOT_FOUND // 12 // The specified function is not found.
)
// ToError () for const char * WINAPI MH_StatusToString(MH_STATUS status);
// MH_StatusToString() - Translates the MH_STATUS to its name as a string.
// ------------------------------------------------------------------------
// _Status#ToError() - Converts 'MinHook Error Codes' to 'Golang error'.
func (minhookStatus _Status) ToError() error {
var errMsg string
switch minhookStatus {
case _Unknown:
errMsg = "MH_UNKNOWN"
case _OK:
return nil
case _ErrorAlreadyInitialized:
errMsg = "MH_ERROR_ALREADY_INITIALIZED"
case _ErrorNotInitialized:
errMsg = "MH_ERROR_NOT_INITIALIZED"
case _ErrorAlreadyCreated:
errMsg = "MH_ERROR_ALREADY_CREATED"
case _ErrorNotCreated:
errMsg = "MH_ERROR_NOT_CREATED"
case _ErrorEnabled:
errMsg = "MH_ERROR_ENABLED"
case _ErrorDisabled:
errMsg = "MH_ERROR_DISABLED"
case _ErrorNotExecutable:
errMsg = "MH_ERROR_NOT_EXECUTABLE"
case _ErrorUnsupportedFunction:
errMsg = "MH_ERROR_UNSUPPORTED_FUNCTION"
case _ErrorMemoryAlloc:
errMsg = "MH_ERROR_MEMORY_ALLOC"
case _ErrorMemoryProtect:
errMsg = "MH_ERROR_MEMORY_PROTECT"
case _ErrorModuleNotFound:
errMsg = "MH_ERROR_MODULE_NOT_FOUND"
case _ErrorFunctionNotFound:
errMsg = "MH_ERROR_FUNCTION_NOT_FOUND"
}
return errors.New(errMsg)
}
// AllHooks for #define MH_ALL_HOOKS NULL
// Can be passed as a parameter to MH_EnableHook, MH_DisableHook, MH_QueueEnableHook or MH_QueueDisableHook.
const AllHooks = NULL
// NULL = 0x00000000
const NULL = 0
// Initialize () for MH_STATUS WINAPI MH_Initialize(VOID)
// Initialize the MinHook library. You must call this function EXACTLY ONCE at the beginning of your program.
func Initialize() (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_Initialize), 0, 0, 0, 0)
return _Status(ret).ToError()
}
// Uninitialize () for MH_STATUS WINAPI MH_Uninitialize(VOID)
// Uninitialize the MinHook library. You must call this function EXACTLY ONCE at the end of your program.
func Uninitialize() (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_Uninitialize), 0, 0, 0, 0)
return _Status(ret).ToError()
}
// CreateHook () for MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
// Creates a Hook for the specified target function, in disabled state.
// Parameters:
// pTarget [in] A pointer to the target function, which will be
// overridden by the detour function.
// pDetour [in] A pointer to the detour function, which will override
// the target function.
// ppOriginal [out] A pointer to the trampoline function, which will be
// used to call the original target function.
// This parameter can be NULL.
func CreateHook(pTarget, pDetour, ppOriginal uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_CreateHook), 3, pTarget, pDetour, ppOriginal)
return _Status(ret).ToError()
}
// CreateHookAPI () for MH_STATUS WINAPI MH_CreateHookApi(LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
// Creates a Hook for the specified API function, in disabled state.
// Parameters:
// pszModule [in] A pointer to the loaded module name which contains the
// target function.
// pszTarget [in] A pointer to the target function name, which will be
// overridden by the detour function.
// pDetour [in] A pointer to the detour function, which will override
// the target function.
// ppOriginal [out] A pointer to the trampoline function, which will be
// used to call the original target function.
// This parameter can be NULL.
// ------------------------------------------------------------------------
// strModule: Module name in Go's string. Replace of pszModule.
// strProcName: Procedure (target function) name in Go's string. Replace of pszTarget.
func CreateHookAPI(strModule, strProcName string, pDetour, ppOriginal uintptr) (err error) {
ret, _, _ := syscall.Syscall6(
uintptr(C.MH_CreateHookApi),
4,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(strModule))),
uintptr(unsafe.Pointer(C.CString(strProcName))),
pDetour,
ppOriginal,
0, 0,
)
return _Status(ret).ToError()
}
// CreateHookAPIEx () for MH_STATUS WINAPI MH_CreateHookApiEx(LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
// Creates a Hook for the specified API function, in disabled state.
// Parameters:
// pszModule [in] A pointer to the loaded module name which contains the
// target function.
// pszTarget [in] A pointer to the target function name, which will be
// overridden by the detour function.
// pDetour [in] A pointer to the detour function, which will override
// the target function.
// ppOriginal [out] A pointer to the trampoline function, which will be
// used to call the original target function.
// This parameter can be NULL.
// ppTarget [out] A pointer to the target function, which will be used
// with other functions.
// This parameter can be NULL.
// ------------------------------------------------------------------------
// strModule: Module name in Go's string. Replace of pszModule.
// strProcName: Procedure (target function) name in Go's string. Replace of pszTarget.
func CreateHookAPIEx(strModule, strProcName string, pDetour, ppOriginal, ppTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall6(
uintptr(C.MH_CreateHookApiEx),
5,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(strModule))),
uintptr(unsafe.Pointer(C.CString(strProcName))),
pDetour,
ppOriginal,
ppTarget,
0,
)
return _Status(ret).ToError()
}
// RemoveHook () for MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
// Removes an already created hook.
// Parameters:
// pTarget [in] A pointer to the target function.
func RemoveHook(pTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_RemoveHook), 1, pTarget, 0, 0)
return _Status(ret).ToError()
}
// EnableHook () for MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
// Enables an already created hook.
// Parameters:
// pTarget [in] A pointer to the target function.
// If this parameter is MH_ALL_HOOKS, all created hooks are
// enabled in one go.
// ------------------------------------------------------------------------
// gominhook.AllHooks is equivalent to MH_ALL_HOOKS.
// gominhook.AllHooks can be used as an argument to this function to enable all created hooks.
func EnableHook(pTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_EnableHook), 1, pTarget, 0, 0)
return _Status(ret).ToError()
}
// DisableHook () for MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
// Disables an already created hook.
// Parameters:
// pTarget [in] A pointer to the target function.
// If this parameter is MH_ALL_HOOKS, all created hooks are
// disabled in one go.
// ------------------------------------------------------------------------
// gominhook.AllHooks is equivalent to MH_ALL_HOOKS.
// gominhook.AllHooks can be used as an argument to this function to disable all created hooks.
func DisableHook(pTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_DisableHook), 1, pTarget, 0, 0)
return _Status(ret).ToError()
}
// QueueEnableHook () for MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
// Queues to enable an already created hook.
// Parameters:
// pTarget [in] A pointer to the target function.
// If this parameter is MH_ALL_HOOKS, all created hooks are
// queued to be enabled.
// ------------------------------------------------------------------------
// gominhook.AllHooks is equivalent to MH_ALL_HOOKS.
// gominhook.AllHooks can be used as an argument to this function to queue all created hooks to be enabled.
func QueueEnableHook(pTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_QueueEnableHook), 1, pTarget, 0, 0)
return _Status(ret).ToError()
}
// QueueDisableHook () for MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
// Queues to disable an already created hook.
// Parameters:
// pTarget [in] A pointer to the target function.
// If this parameter is MH_ALL_HOOKS, all created hooks are
// queued to be disabled.
// ------------------------------------------------------------------------
// gominhook.AllHooks is equivalent to MH_ALL_HOOKS.
// gominhook.AllHooks can be used as an argument to this function to queue all created hooks to be disabled.
func QueueDisableHook(pTarget uintptr) (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_QueueDisableHook), 1, pTarget, 0, 0)
return _Status(ret).ToError()
}
// ApplyQueued () for MH_STATUS WINAPI MH_ApplyQueued(VOID);
// Applies all queued changes in one go.
func ApplyQueued() (err error) {
ret, _, _ := syscall.Syscall(uintptr(C.MH_ApplyQueued), 0, 0, 0, 0)
return _Status(ret).ToError()
}