源代码

Author: zhutingxf

InfinityHookPro.sln

@@ -0,0 +1,35 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.31624.102
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "InfinityHookPro", "InfinityHookPro\InfinityHookPro.vcxproj", "{E753FDB6-774D-41ED-9E07-A09B837BE1CC}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x64.ActiveCfg = Debug|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x64.Build.0 = Debug|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x64.Deploy.0 = Debug|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x86.ActiveCfg = Debug|Win32
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x86.Build.0 = Debug|Win32
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Debug|x86.Deploy.0 = Debug|Win32
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x64.ActiveCfg = Release|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x64.Build.0 = Release|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x64.Deploy.0 = Release|x64
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x86.ActiveCfg = Release|Win32
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x86.Build.0 = Release|Win32
+		{E753FDB6-774D-41ED-9E07-A09B837BE1CC}.Release|x86.Deploy.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {8521F805-BDD3-4285-9628-2DB2EB48602B}
+	EndGlobalSection
+EndGlobal

InfinityHookPro/InfinityHookPro.vcxproj

@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E753FDB6-774D-41ED-9E07-A09B837BE1CC}</ProjectGuid>
+    <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+    <Configuration>Debug</Configuration>
+    <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+    <RootNamespace>infinity_hook_pro</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <TargetVersion>
+    </TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <TargetVersion>
+    </TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <EnableInf2cat>false</EnableInf2cat>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <ControlFlowGuard>false</ControlFlowGuard>
+      <DebugInformationFormat>None</DebugInformationFormat>
+      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
+    </ClCompile>
+    <Inf>
+      <SpecifyArchitecture>false</SpecifyArchitecture>
+    </Inf>
+    <Link>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EntryPointSymbol>DriverEntry</EntryPointSymbol>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DriverSign>
+      <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
+    </DriverSign>
+    <Link>
+      <EntryPointSymbol>DriverEntry</EntryPointSymbol>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <FilesToPackage Include="$(TargetPath)" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="hde\hde64.cpp" />
+    <ClCompile Include="hook.cpp" />
+    <ClCompile Include="main.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="defines.h" />
+    <ClInclude Include="hde\hde64.h" />
+    <ClInclude Include="hde\pstdint.h" />
+    <ClInclude Include="hde\table64.h" />
+    <ClInclude Include="headers.hpp" />
+    <ClInclude Include="hook.hpp" />
+    <ClInclude Include="imports.hpp" />
+    <ClInclude Include="utils.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

InfinityHookPro/InfinityHookPro.vcxproj.user

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <SignMode>Off</SignMode>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <SignMode>Off</SignMode>
+  </PropertyGroup>
+</Project>

InfinityHookPro/defines.h

@@ -0,0 +1,152 @@
+#pragma once
+#include "headers.hpp"
+
+/* 微软官方文档定义
+*   https://docs.microsoft.com/en-us/windows/win32/etw/wnode-header
+*/
+//typedef struct _WNODE_HEADER
+//{
+//        ULONG BufferSize;
+//        ULONG ProviderId;
+//        union {
+//                ULONG64 HistoricalContext;
+//                struct {
+//                        ULONG Version;
+//                        ULONG Linkage;
+//                };
+//        };
+//        union {
+//                HANDLE KernelHandle;
+//                LARGE_INTEGER TimeStamp;
+//        };
+//        GUID Guid;
+//        ULONG ClientContext;
+//        ULONG Flags;
+//} WNODE_HEADER, * PWNODE_HEADER;
+
+/* 微软文档定义
+*   https://docs.microsoft.com/en-us/windows/win32/api/evntrace/ns-evntrace-event_trace_properties
+*/
+typedef struct _EVENT_TRACE_PROPERTIES
+{
+        WNODE_HEADER Wnode;
+        ULONG BufferSize;
+        ULONG MinimumBuffers;
+        ULONG MaximumBuffers;
+        ULONG MaximumFileSize;
+        ULONG LogFileMode;
+        ULONG FlushTimer;
+        ULONG EnableFlags;
+        union {
+                LONG AgeLimit;
+                LONG FlushThreshold;
+        } DUMMYUNIONNAME;
+        ULONG NumberOfBuffers;
+        ULONG FreeBuffers;
+        ULONG EventsLost;
+        ULONG BuffersWritten;
+        ULONG LogBuffersLost;
+        ULONG RealTimeBuffersLost;
+        HANDLE LoggerThreadId;
+        ULONG LogFileNameOffset;
+        ULONG LoggerNameOffset;
+} EVENT_TRACE_PROPERTIES, * PEVENT_TRACE_PROPERTIES;
+
+/*
+*  这结构是大佬逆向出来的
+*/
+typedef struct _CKCL_TRACE_PROPERIES : EVENT_TRACE_PROPERTIES
+{
+        ULONG64 Unknown[3];
+        UNICODE_STRING ProviderName;
+} CKCL_TRACE_PROPERTIES, * PCKCL_TRACE_PROPERTIES;
+
+/*
+*  操作类型
+*/
+typedef enum _ETWP_TRACE_TYPE
+{
+        EtwpStartTrace = 1,
+        EtwpStopTrace = 2,
+        EtwpQueryTrace = 3,
+        EtwpUpdateTrace = 4,
+        EtwpFlushTrace = 5
+}ETWP_TRACE_TYPE;
+
+
+typedef enum _SYSTEM_INFORMATION_CLASS {
+        SystemBasicInformation = 0,
+        SystemProcessorInformation = 1,
+        SystemPerformanceInformation = 2,
+        SystemTimeOfDayInformation = 3,
+        SystemPathInformation = 4,
+        SystemProcessInformation = 5,
+        SystemCallCountInformation = 6,
+        SystemDeviceInformation = 7,
+        SystemProcessorPerformanceInformation = 8,
+        SystemFlagsInformation = 9,
+        SystemCallTimeInformation = 10,
+        SystemModuleInformation = 11,
+        SystemLocksInformation = 12,
+        SystemStackTraceInformation = 13,
+        SystemPagedPoolInformation = 14,
+        SystemNonPagedPoolInformation = 15,
+        SystemHandleInformation = 16,
+        SystemObjectInformation = 17,
+        SystemPageFileInformation = 18,
+        SystemVdmInstemulInformation = 19,
+        SystemVdmBopInformation = 20,
+        SystemFileCacheInformation = 21,
+        SystemPoolTagInformation = 22
+} SYSTEM_INFORMATION_CLASS;
+
+typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY
+{
+        HANDLE  Section;
+        PVOID  MappedBase;
+        PVOID Base;
+        ULONG Size;
+        ULONG Flags;
+        USHORT Index;
+        USHORT Unknown;
+        USHORT LoadCount;
+        USHORT ModuleNameOffset;
+        CHAR ImageName[256];
+} SYSTEM_MODULE_INFORMATION_ENTRY, * PSYSTEM_MODULE_INFORMATION_ENTRY;
+
+typedef struct _SYSTEM_MODULE_INFORMATION
+{ 
+        ULONG_PTR ulModuleCount;
+        SYSTEM_MODULE_INFORMATION_ENTRY Modules[1];
+} SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;
+
+typedef void(__fastcall* InfinityCallbackPtr)(unsigned long nCallIndex, PVOID* pCallAddress);
+typedef __int64 (*HvlGetQpcBiasPtr)();
+typedef NTSTATUS(*NtCreateFilePtr)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG);
+typedef NTSTATUS(NTAPI* NtTraceControlPtr)(ULONG, PVOID, ULONG, PVOID, ULONG, PULONG);
+
+//typedef struct _GLOBAL_INFORMATION
+//{
+//        bool DetectThreadTerminated;
+//        CLIENT_ID ClientId;
+//        InfinityCallbackPtr InfinityCallback;
+//        unsigned long BuildNumber;
+//        void* SystemCallTable;
+//        void* EtwpDebuggerData;
+//        void* CkclWmiLoggerContext;
+//        void** EtwpDebuggerDataSilo;
+//        void** GetCpuClock;
+//        PETHREAD DetectThreadObject;
+//        unsigned long long OriginalGetCpuClock;
+//        unsigned long long HvlpReferenceTscPage;
+//        unsigned long long HvlGetQpcBias;
+//        unsigned long long HvlpGetReferenceTimeUsingTscPage;
+//        unsigned long long HalpPerformanceCounter;
+//        unsigned long long HalpOriginalPerformanceCounter;
+//        unsigned long long HalpOriginalPerformanceCounterCopy;
+//        unsigned long* HalpPerformanceCounterType;
+//        unsigned char VmHalpPerformanceCounterType;
+//        unsigned long OriginalHalpPerformanceCounterType;
+//        unsigned long long OriginalHvlpGetReferenceTimeUsingTscPage;
+//        HvlGetQpcBiasPtr  OriginalHvlGetQpcBias;
+//}GLOBAL_INFORMATION;