feat: only hook.

LICENSE

@@ -0,0 +1,23 @@
+# Copyright (c) Microsoft Corporation
+
+All rights reserved.
+
+# MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ReadMe.md

@@ -0,0 +1,10 @@
+# [DetoursX](https://github.com/mirokaku/DetoursX)
+
+[![Actions Status](https://github.com/MiroKaku/DetoursX/workflows/CI/badge.svg)](https://github.com/MiroKaku/DetoursX/actions)
+[![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/MiroKaku/DetoursX/blob/master/LICENSE)
+![Windows](https://img.shields.io/badge/Windows-7+-orange.svg)
+![Visual Studio](https://img.shields.io/badge/Visual%20Studio-2019-purple.svg)
+
+* [简体中文](ReadMe.zh-cn.md)
+
+Kernel extension version of Detours. (Did not bypass PatchGuard)

ReadMe.zh-cn.md

@@ -0,0 +1,63 @@
+# [DetoursX](https://github.com/mirokaku/DetoursX)
+
+[![Actions Status](https://github.com/MiroKaku/DetoursX/workflows/CI/badge.svg)](https://github.com/MiroKaku/DetoursX/actions)
+[![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/MiroKaku/DetoursX/blob/master/LICENSE)
+![Windows](https://img.shields.io/badge/Windows-7+-orange.svg)
+![Visual Studio](https://img.shields.io/badge/Visual%20Studio-2019-purple.svg)
+
+## 1. 关于
+
+DetoursX 是基于微软 [Detours 4.0.1](https://github.com/microsoft/Detours/tree/4.0.1) 修改的内核扩展版本。可以使用 DetoursX 在内核中安全的 Hook 函数。
+（注：DetoursX 并不负责绕过 PatchGuard）
+
+### 1.1 原理
+
+* X64 模式下，在目标函数所在的区段尾部，寻找空白区存储跳板地址，同来支持更远的跳转。
+* 在 `DetourTransactionCommitEx` 中，通过 `KeGenericCallDpc` 进行处理器同步处理 `CopyMemory`，来达到安全 Hook 的目的。
+
+### 1.2 支持情况
+
+- [x] DetourTransactionBegin
+- [x] DetourTransactionAbort
+- [x] DetourTransactionCommit
+- [x] DetourTransactionCommitEx
+- [x] DetourUpdateThread
+- [x] DetourAttach
+- [x] DetourAttachEx
+- [x] DetourDetach
+- [x] DetourDetachEx
+- [ ] DetourFindFunction
+- [ ] DetourCodeFromPointer
+- [ ] DetourCopyInstruction
+- [ ] DetourSetCodeModule
+- [ ] DetourGetContainingModule
+- [ ] DetourEnumerateModules
+- [ ] DetourGetEntryPoint
+- [ ] DetourGetModuleSize
+- [ ] DetourEnumerateExports
+- [ ] DetourEnumerateImports
+- [ ] DetourEnumerateImportsEx
+- [ ] DetourFindPayload
+- [ ] DetourFindPayloadEx
+- [ ] DetourGetSizeOfPayloads
+- [ ] DetourBinaryOpen
+- [ ] DetourBinaryEnumeratePayloads
+- [ ] DetourBinaryFindPayload
+- [ ] DetourBinarySetPayload
+- [ ] DetourBinaryDeletePayload
+- [ ] DetourBinaryPurgePayloads
+- [ ] DetourBinaryResetImports
+- [ ] DetourBinaryEditImports
+- [ ] DetourBinaryWrite
+- [ ] DetourBinaryClose
+- [ ] DetourCreateProcessWithDll
+- [ ] DetourCreateProcessWithDllEx
+- [ ] DetourCreateProcessWithDlls
+- [ ] DetourProcessViaHelper
+- [ ] DetourUpdateProcessWithDll
+- [ ] DetourUpdateProcessWithDllEx
+- [ ] DetourRestoreAfterWith
+- [ ] DetourRestoreAfterWithEx
+- [ ] DetourIsHelperProcess
+- [ ] DetourFinishHelperProcess
+- [ ] ...

msvc/DetoursX.vcxproj

@@ -94,6 +94,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
+    <DriverTargetPlatform>Universal</DriverTargetPlatform>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
     <TargetVersion>Windows10</TargetVersion>

src/detours.cpp

@@ -976,9 +976,13 @@ inline void detour_find_jmp_bounds(PBYTE pbCode,
                                    PDETOUR_TRAMPOLINE *ppLower,
                                    PDETOUR_TRAMPOLINE *ppUpper)
 {
-    (void)pbCode;
-    *ppLower = (PDETOUR_TRAMPOLINE)(ULONG_PTR)0x0000000000080000;
-    *ppUpper = (PDETOUR_TRAMPOLINE)(ULONG_PTR)0xfffffffffff80000;
+    // We have to place trampolines within +/- 2GB of code.
+    ULONG_PTR lo = detour_2gb_below((ULONG_PTR)pbCode);
+    ULONG_PTR hi = detour_2gb_above((ULONG_PTR)pbCode);
+    DETOUR_TRACE(("[%p..%p..%p]\n", (PVOID)lo, pbCode, (PVOID)hi));
+
+    *ppLower = (PDETOUR_TRAMPOLINE)lo;
+    *ppUpper = (PDETOUR_TRAMPOLINE)hi;
 }
 
 
@@ -1113,6 +1117,22 @@ inline PBYTE detour_skip_jmp(PBYTE pbCode, PVOID *ppGlobals)
     return pbCode;
 }
 
+inline void detour_find_jmp_bounds(PBYTE pbCode,
+    PDETOUR_TRAMPOLINE* ppLower,
+    PDETOUR_TRAMPOLINE* ppUpper)
+{
+    // The encoding used by detour_gen_jmp_indirect actually enables a
+    // displacement of +/- 4GiB. In the future, this could be changed to
+    // reflect that. For now, just reuse the x86 logic which is plenty.
+
+    ULONG_PTR lo = detour_2gb_below((ULONG_PTR)pbCode);
+    ULONG_PTR hi = detour_2gb_above((ULONG_PTR)pbCode);
+    DETOUR_TRACE(("[%p..%p..%p]\n", (PVOID)lo, pbCode, (PVOID)hi));
+
+    *ppLower = (PDETOUR_TRAMPOLINE)lo;
+    *ppUpper = (PDETOUR_TRAMPOLINE)hi;
+}
+
 inline BOOL detour_does_code_end_function(PBYTE pbCode)
 {
     ULONG Opcode = fetch_opcode(pbCode);

xmake.lua

@@ -28,7 +28,7 @@ target("DetoursX")
 target("UnittestX")
     add_rules("wdk.driver", "wdk.env.wdm")
     add_deps("DetoursX")
-    add_files("src/unittest.cpp")
+    add_files("src/unittest.cpp", "src/unittest.inf")
 
 --
 -- If you want to known more usage about xmake, please see https://xmake.io