CAPIOverride Class
Since version 6.1.0, source code and static library WinApiOverride.lib are no more provided.


This class allows you to control the whole hooking, overriding and remote call actions.

A static library WinApiOverride.lib project and small application example is available in sources since 5.1.3 (located in WinAPIOverride32\_lib directory),
for developpers who want to use WinApiOverride core components.

  1. //-----------------------------------------------------------------------------
  2. // Name: LoadMonitoringFile
  3. // Object: start monitoring API hooked by the file (multiple files can be hooked at the same time)
  4. // Parameters :
  5. // in : TCHAR* pszFileName: api monitoring file
  6. // Return : TRUE if file is partially loaded (even if some non fatal errors occurs)
  7. // and so needs a call to UnloadMonitoringFile to restore all hooked func,
  8. // FALSE if file not loaded at all
  9. //-----------------------------------------------------------------------------
  10. BOOL LoadMonitoringFile(TCHAR* pszFileName);
  11.  
  12. //-----------------------------------------------------------------------------
  13. // Name: UnloadMonitoringFile
  14. // Object: stop monitoring API hooked by the file
  15. // Parameters :
  16. // in : TCHAR* pszFileName: api monitoring file
  17. // Return : FALSE on error, TRUE if success
  18. //-----------------------------------------------------------------------------
  19. BOOL UnloadMonitoringFile(TCHAR* pszFileName);
  20.  
  21. //-----------------------------------------------------------------------------
  22. // Name: LoadFakeAPI
  23. // Object: load dll and start faking api/func specified in the specified in the dll
  24. // (see the Fake API sample for more infos on specifying API in dll)
  25. // multiple fake library can be hooked at the same time
  26. // Parameters :
  27. // in : TCHAR* pszFileName: fake api dll name
  28. // Return : TRUE if library is loaded (even if some non fatal errors occurs)
  29. // and so needs a call to UnloadFakeAPI to restore all hooked func,
  30. // FALSE if library not loaded
  31. //-----------------------------------------------------------------------------
  32. BOOL LoadFakeAPI(TCHAR* pszFileName);
  33.  
  34. //-----------------------------------------------------------------------------
  35. // Name: UnloadFakeAPI
  36. // Object: stop faking api/func hooked by the dll before unloading this dll
  37. // Parameters :
  38. // in : TCHAR* pszFileName: fake api dll name
  39. // Return : FALSE on error, TRUE if success
  40. //-----------------------------------------------------------------------------
  41. BOOL UnloadFakeAPI(TCHAR* pszFileName);
  42.  
  43. //-----------------------------------------------------------------------------
  44. // Name: StartMonitoring
  45. // Object: restore monitoring until the next StopMonitoring
  46. // API Override dll do monitoring by default (at start up)
  47. // So you only need to call this function after a StopMonitoring call
  48. // Parameters :
  49. // in :
  50. // Return : TRUE on Success
  51. //-----------------------------------------------------------------------------
  52. BOOL StartMonitoring();
  53.  
  54. //-----------------------------------------------------------------------------
  55. // Name: StopMonitoring
  56. // Object: Temporary stop monitoring until the next StartMonitoring call
  57. // Parameters :
  58. // in :
  59. // Return : TRUE on Success
  60. //-----------------------------------------------------------------------------
  61. BOOL StopMonitoring();
  62.  
  63. //-----------------------------------------------------------------------------
  64. // Name: StartFaking
  65. // Object: restore faking until the next StopFaking
  66. // API Override dll do faking by default (at start up)
  67. // So you only need to call this function after a StopFaking call
  68. // Parameters :
  69. // in :
  70. // Return : TRUE on Success
  71. //-----------------------------------------------------------------------------
  72. BOOL StartFaking();
  73.  
  74. //-----------------------------------------------------------------------------
  75. // Name: StopFaking
  76. // Object: Temporary stop faking until the next StartFaking call
  77. // Parameters :
  78. // in :
  79. // Return : TRUE on Success
  80. //-----------------------------------------------------------------------------
  81. BOOL StopFaking();
  82.  
  83. //-----------------------------------------------------------------------------
  84. // Name: LogOnlyBaseModule
  85. // Object: Allow to log only base module or all modules
  86. // Parameters :
  87. // in : BOOL bOnlyBaseModule : TRUE to log only base module
  88. // Return :
  89. //-----------------------------------------------------------------------------
  90. BOOL LogOnlyBaseModule(BOOL bOnlyBaseModule);
  91.  
  92. //-----------------------------------------------------------------------------
  93. // Name: SetModuleFilteringWay
  94. // Object: Set modules filtering way (inclusion or exclusion)
  95. // Parameters :
  96. // in :
  97. // tagFilteringWay FilteringWay : FILTERING_WAY_ONLY_SPECIFIED_MODULES
  98. // or FILTERING_WAY_NOT_SPECIFIED_MODULES
  99. //-----------------------------------------------------------------------------
  100. BOOL SetModuleFilteringWay(tagFilteringWay FilteringWay);
  101.  
  102. //-----------------------------------------------------------------------------
  103. // Name: SetModuleLogState
  104. // Object: Allow to log or stop logging calls done by modules
  105. // Parameters :
  106. // in : TCHAR* pszModuleFullPath : full path of the module
  107. // BOOL bLog : TRUE to log the specified module
  108. // FALSE to stop logging the specified module
  109. //-----------------------------------------------------------------------------
  110. BOOL SetModuleLogState(TCHAR* pszModuleFullPath,BOOL bLog);
  111.  
  112. //-----------------------------------------------------------------------------
  113. // Name: AddToFiltersModuleList
  114. // Object: add all modules of a Module List file to filtering modules list
  115. // use it both for only hooked filters or not hooked
  116. // Parameters :
  117. // in : TCHAR* FileName : Module List file
  118. // Return : TRUE on success, FALSE on error
  119. //-----------------------------------------------------------------------------
  120. BOOL AddToFiltersModuleList(TCHAR* pszFileName);
  121.  
  122. //-----------------------------------------------------------------------------
  123. // Name: RemoveFromFiltersModuleList
  124. // Object: remove all modules of a Module List file, from filtering modules list.
  125. // use it both for only hooked filters or not hooked
  126. // Parameters :
  127. // in : TCHAR* FileName : Module List file
  128. // Return : TRUE on success, FALSE on error
  129. //-----------------------------------------------------------------------------
  130. BOOL RemoveFromFiltersModuleList(TCHAR* pszFileName);
  131.  
  132. //-----------------------------------------------------------------------------
  133. // Name: ClearFiltersModuleList
  134. // Object: clear the not logged modules list --> all modules will be logged
  135. // Parameters :
  136. // in :
  137. // Return : TRUE on success, FALSE on error
  138. //-----------------------------------------------------------------------------
  139. BOOL ClearFiltersModuleList();
  140.  
  141. //-----------------------------------------------------------------------------
  142. // Name: GetNotLoggedModuleList
  143. // Object: Allow to retrieve a list of not loaded modules
  144. // Parameters :
  145. // out : TCHAR*** pArrayNotLoggedModulesNames : pointer filled by a TCHAR[*pdwArrayNotLoggedModulesNamesSize][MAX_PATH]
  146. // MUST BE FREE if *pdwArrayNotLoggedModulesNamesSize>0 by delete[] *pArrayNotLoggedModulesNames;
  147. // sample of use
  148. // TCHAR** pNotLoggedArray=NULL;
  149. // DWORD dwNbNotLoggedModules=0;
  150. // GetNotLoggedModuleList(&pNotLoggedArray,&dwNbNotLoggedModules);
  151. // if (pNotLoggedArray) // in case of dwNbNotLoggedModules==0
  152. // delete[] pNotLoggedArray;
  153. // DWORD* pdwArrayNotLoggedModulesNamesSize : number of module names
  154. // Return : FALSE on error, TRUE on success
  155. //-----------------------------------------------------------------------------
  156. BOOL GetNotLoggedModuleList(TCHAR*** pArrayNotLoggedModulesNames,DWORD* pdwArrayNotLoggedModulesNamesSize);
  157.  
  158. //-----------------------------------------------------------------------------
  159. // Name: SetMonitoringModuleFiltersState
  160. // Object: enable or disable filters for monitoring
  161. // Parameters :
  162. // in : BOOL bEnable : TRUE to enable filters, FALSE to disable them
  163. // Return :
  164. //-----------------------------------------------------------------------------
  165. BOOL SetMonitoringModuleFiltersState(BOOL bEnable);
  166.  
  167. //-----------------------------------------------------------------------------
  168. // Name: SetFakingModuleFiltersState
  169. // Object: enable or disable filters for faking
  170. // Parameters :
  171. // in : BOOL bEnable : TRUE to enable filters, FALSE to disable them
  172. // Return :
  173. //-----------------------------------------------------------------------------
  174. BOOL SetFakingModuleFiltersState(BOOL bEnable);
  175.  
  176. //-----------------------------------------------------------------------------
  177. // Name: SetAutoAnalysis
  178. // Object: set auto analysis mode
  179. // Parameters :
  180. // in : tagFirstBytesAutoAnalysis AutoAnalysis : new first bytes auto analysis
  181. // out:
  182. // Return :
  183. //-----------------------------------------------------------------------------
  184. BOOL SetAutoAnalysis(tagFirstBytesAutoAnalysis AutoAnalysis);
  185.  
  186. //-----------------------------------------------------------------------------
  187. // Name: EnableCOMAutoHooking
  188. // Object: enable or disable com hooking
  189. // Parameters :
  190. // in : BOOL bEnable : TRUE to start COM hooking, FALSE to stop it
  191. // out:
  192. // Return : FALSE on error
  193. //-----------------------------------------------------------------------------
  194. BOOL EnableCOMAutoHooking(BOOL bEnable);
  195.  
  196. //-----------------------------------------------------------------------------
  197. // Name: SetCOMOptions
  198. // Object: set COM options
  199. // Parameters :
  200. // in :
  201. // out:
  202. // Return :
  203. //-----------------------------------------------------------------------------
  204. BOOL SetCOMOptions(HOOK_COM_OPTIONS* pComOptions);
  205.  
  206. //-----------------------------------------------------------------------------
  207. // Name: ShowCOMInteractionDialog
  208. // Object: display COM Interaction dialog
  209. // Parameters :
  210. // out:
  211. // Return : FALSE on error
  212. //-----------------------------------------------------------------------------
  213. BOOL ShowCOMInteractionDialog();
  214.  
  215. //-----------------------------------------------------------------------------
  216. // Name: EnableNETProfiling
  217. // Object: enable or disable .NET profiling
  218. // Parameters :
  219. // in : BOOL bEnable : TRUE to start COM hooking, FALSE to stop it
  220. // out:
  221. // Return : FALSE on error
  222. //-----------------------------------------------------------------------------
  223. BOOL CApiOverride::EnableNETProfiling(BOOL bEnable)
  224.  
  225. //-----------------------------------------------------------------------------
  226. // Name: EnableNetAutoHooking
  227. // Object: enable or disable Net auto hooking (in case an application was ".Net profiled")
  228. // Remarks : YOU SHOULD CALL SetNetOptions BEFORE CALLING THIS FUNCTION
  229. // Parameters :
  230. // in : BOOL bEnable : TRUE to start COM hooking, FALSE to stop it
  231. // out:
  232. // Return : FALSE on error
  233. //-----------------------------------------------------------------------------
  234. BOOL CApiOverride::EnableNetAutoHooking(BOOL bEnable)
  235.  
  236. //-----------------------------------------------------------------------------
  237. // Name: SetNetOptions
  238. // Object: set .Net monitoring options
  239. // Parameters :
  240. // in : HOOK_NET_OPTIONS* pNetOptions : struct containing new options to apply
  241. // out:
  242. // Return : FALSE on error
  243. //-----------------------------------------------------------------------------
  244. BOOL CApiOverride::SetNetOptions(HOOK_NET_OPTIONS* pNetOptions)
  245.  
  246. //-----------------------------------------------------------------------------
  247. // Name: ShowNetInteractionDialog
  248. // Object: display .NET Interaction dialog
  249. // Parameters :
  250. // out:
  251. // Return : FALSE on error
  252. //-----------------------------------------------------------------------------
  253. BOOL CApiOverride::ShowNetInteractionDialog()
  254.  
  255. //-----------------------------------------------------------------------------
  256. // Name: SetCallSackRetrieval
  257. // Object: set if call stack must be log , and the size of stack (in bytes)
  258. // that should be logged for each call
  259. // Parameters :
  260. // in : BOOL bLogCallStack : TRUE to log call stack
  261. // DWORD CallStackParametersRetrievalSize : size of stack (in bytes) logged for each call
  262. // meaningful only if bLogCallStack is TRUE
  263. // out:
  264. // Return :
  265. //-----------------------------------------------------------------------------
  266. BOOL SetCallSackRetrieval(BOOL bLogCallStack,DWORD CallStackParametersRetrievalSize);
  267.  
  268. //-----------------------------------------------------------------------------
  269. // Name: BreakDialogDontBreakApioverrideThreads
  270. // Object: Allow to specify if Break dialog will allow execution of ApiOverride dll threads
  271. // Parameters :
  272. // in : BOOL bDontBreak : TRUE to avoid breaking ApiOverride threads
  273. // FALSE break ApiOverride threads
  274. // out:
  275. // Return :
  276. //-----------------------------------------------------------------------------
  277. BOOL BreakDialogDontBreakApioverrideThreads(BOOL bDontBreak);
  278.  
  279. //-----------------------------------------------------------------------------
  280. // Name: SetMonitoringFileDebugMode
  281. // Object: put APIOverride in monitoring file debug mode or not
  282. // When put in monitoring file debug mode, all logged are configured in InOut direction
  283. // and sent regardless filters
  284. // Parameters :
  285. // in : BOOL bActiveMode : TRUE to go in monitoring file debug mode
  286. // FALSE to go out of monitoring file debug mode
  287. // out:
  288. // Return :
  289. //-----------------------------------------------------------------------------
  290. BOOL SetMonitoringFileDebugMode(BOOL bActiveMode);
  291.  
  292. //-----------------------------------------------------------------------------
  293. // Name: Dump
  294. // Object: query the dump interface of the hooked process
  295. // Parameters :
  296. // in :
  297. // Return :
  298. //-----------------------------------------------------------------------------
  299. BOOL Dump();
  300.  
  301. //-----------------------------------------------------------------------------
  302. // Name: SetReportMessagesCallBack
  303. // Object: Set call back for report messages
  304. // Parameters :
  305. // in : - FARPROC pCallBackFunc : callback function
  306. // - LPVOID pUserParam : parameter for the callback
  307. // Return :
  308. //-----------------------------------------------------------------------------
  309. void SetReportMessagesCallBack(tagCallBackReportMessages pCallBackFunc,LPVOID pUserParam);
  310.  
  311. //-----------------------------------------------------------------------------
  312. // Name: SetUnexpectedUnloadCallBack
  313. // Object: Set call back for unexpected unload
  314. // This call back will be call if host process unload the dll without we ask it to do
  315. // It is call when host process close
  316. // Parameters :
  317. // in : - FARPROC pCallBackFunc : callback function
  318. // - LPVOID pUserParam : parameter for the callback
  319. // Return :
  320. //-----------------------------------------------------------------------------
  321. void SetUnexpectedUnloadCallBack(tagCallBackUnexpectedUnload pCallBackFunc,LPVOID pUserParam);
  322.  
  323. //-----------------------------------------------------------------------------
  324. // Name: SetMonitoringCallback
  325. // Object: Let you manage yourself logging event
  326. // Parameters :
  327. // in : - tagCallBackLogFunc pCallBackLogFunc : monitoring callback
  328. // warning we use mail slot so callback can be called few seconds after real function call
  329. // for real time function hooking just use a dll (see fake API dll sample)
  330. // if you want to stop callback call, just call SetMonitoringCallback with a NULL parameter
  331. // - LPVOID pUserParam : parameter for the callback
  332. // - BOOL bManualFreeLogEntry : TRUE if you want to keep log in memory after callback has been called
  333. // else data of log structure will be free as soon as callback returns
  334. // To manually free memory of a log entry, call FreeLogEntry with the specified log entry
  335. // Return :
  336. //-----------------------------------------------------------------------------
  337. void SetMonitoringCallback(tagCallBackLogFunc pCallBackLogFunc,LPVOID pUserParam,BOOL bManualFreeLogEntry);
  338.  
  339. //-----------------------------------------------------------------------------
  340. // Name: FreeLogEntry
  341. // Object: Free a log entry (use it only if you've specified
  342. // a manual free in SetMonitoringCallback call
  343. // Parameters :
  344. // in: LOG_ENTRY* pLog : Log entry to free
  345. // Return :
  346. //-----------------------------------------------------------------------------
  347. static void FreeLogEntry(LOG_ENTRY* pLog);
  348.  
  349. //-----------------------------------------------------------------------------
  350. // Name: FreeLogEntry
  351. // Object: Free a log entry (use it only if you've specified
  352. // a manual free in SetMonitoringCallback call
  353. // Parameters :
  354. // in: LOG_ENTRY* pLog : Log entry to free
  355. // HANDLE Heap : heap specified by SetMonitoringLogHeap.
  356. // if you don't call SetMonitoringLogHeap, use CApiOverride::FreeLogEntry(LOG_ENTRY* pLog)
  357. // Return :
  358. //-----------------------------------------------------------------------------
  359. static void FreeLogEntry(LOG_ENTRY* pLog,HANDLE Heap);
  360.  
  361. //-----------------------------------------------------------------------------
  362. // Name: SetMonitoringListview
  363. // Object: Listview will be configured automatically, and it will be field by monitoring events
  364. // you don't need to manage yourself logging events
  365. // Parameters :
  366. // in : HWND hListView: Handle to a list view
  367. // Return :
  368. //-----------------------------------------------------------------------------
  369. void SetMonitoringListview(HWND hListView);
  370.  
  371. //-----------------------------------------------------------------------------
  372. // Name: SetMonitoringListview
  373. // Object: Listview will be field by monitoring events
  374. // you don't need to manage yourself logging events
  375. // Parameters :
  376. // in : CListview pListView: CListview object (warning it's not the MFC one)
  377. // Return :
  378. //-----------------------------------------------------------------------------
  379. void SetMonitoringListview(CListview* pListView);
  380.  
  381. //-----------------------------------------------------------------------------
  382. // Name: InitializeMonitoringListview
  383. // Object: initialize monitoring listview if set
  384. // Return :
  385. //-----------------------------------------------------------------------------
  386. void InitializeMonitoringListview();
  387.  
  388. //-----------------------------------------------------------------------------
  389. // Name: AddLogEntry
  390. // Object: add a log entry to listview
  391. // Parameters :
  392. // in: LOG_LIST_ENTRY* pLogEntry : new Log entry
  393. // BOOL bStorePointerInListViewItemUserData : TRUE to store pLogEntry
  394. // in listview item user data (and allow a speed way to get log entry data from a listview item)
  395. // Return :
  396. //-----------------------------------------------------------------------------
  397. void AddLogEntry(LOG_LIST_ENTRY* pLogEntry,BOOL bStorePointerInListViewItemUserData);
  398.  
  399. //-----------------------------------------------------------------------------
  400. // Name: AddLogEntry
  401. // Object: add a log entry to listview
  402. // Parameters :
  403. // in: LOG_LIST_ENTRY* pLogEntry : new Log entry
  404. // BOOL bStorePointerInListViewItemUserData : TRUE to store pLogEntry
  405. // in listview item user data (and allow a speed way to get log entry data from a listview item)
  406. // int Increment : number or INCREMENT_STRING put before api name and parameters
  407. // Return :
  408. //-----------------------------------------------------------------------------
  409. void AddLogEntry(LOG_LIST_ENTRY* pLogEntry,BOOL bStorePointerInListViewItemUserData,int Increment);
  410.  
  411. //-----------------------------------------------------------------------------
  412. // Name: Stop
  413. // Object: stop monitoring and faking and eject all dll of the current used process
  414. // Parameters :
  415. // in :
  416. // Return : FALSE on error, TRUE if success
  417. //-----------------------------------------------------------------------------
  418. BOOL Stop();
  419.  
  420. //-----------------------------------------------------------------------------
  421. // Name: Start
  422. // Object: inject API Override dll in selected process ID to allow monitoring and faking
  423. // Parameters :
  424. // in : DWORD dwPID : PID of process fully loaded. If Nt loader don't have finished to load process
  425. // this func will probably failed
  426. // Return : FALSE on error, TRUE if success
  427. //-----------------------------------------------------------------------------
  428. BOOL Start(DWORD dwPID);
  429.  
  430. //-----------------------------------------------------------------------------
  431. // Name: Start
  432. // Object: start the software specified by pszFileName, inject API Override dll at start up
  433. // Parameters :
  434. // in : TCHAR* pszFileName : path of software to start
  435. // Return : FALSE on error, TRUE if success
  436. //-----------------------------------------------------------------------------
  437. BOOL Start(TCHAR* pszFileName);
  438.  
  439. //-----------------------------------------------------------------------------
  440. // Name: Start
  441. // Object: start the software specified by pszFileName, inject API Override dll at start up,
  442. // call pCallBackFunc function to allow to configure monitoring and faking
  443. // resume process when callback function returns
  444. // Parameters :
  445. // in : TCHAR* pszFileName : path of software to start
  446. // FARPROC pCallBackFunc : instruction to do after pszFileName loading and before we resume the process
  447. // let us load monitoring file and fake api dll before software startup
  448. // LPVOID pUserParam : parameter for the callback
  449. // Return : FALSE on error, TRUE if success
  450. //-----------------------------------------------------------------------------
  451. BOOL Start(TCHAR* pszFileName,tagpCallBackBeforeAppResume pCallBackFunc,LPVOID pUserParam);
  452.  
  453. //-----------------------------------------------------------------------------
  454. // Name: Start
  455. // Object: start the software specified by pszFileName, inject API Override dll at start up,
  456. // call pCallBackFunc function to allow to configure monitoring and faking
  457. // resume process when callback function returns
  458. // Parameters :
  459. // in : TCHAR* pszFileName : path of software to start
  460. // TCHAR* pszCmdLine : command line
  461. // FARPROC pCallBackFunc : instruction to do after pszFileName loading and before we resume the process
  462. // let us load monitoring file and fake api dll before software startup
  463. // LPVOID pUserParam : parameter for the callback
  464. // Return : FALSE on error, TRUE if success
  465. //-----------------------------------------------------------------------------
  466. BOOL Start(TCHAR* pszFileName,TCHAR* pszCmdLine,tagpCallBackBeforeAppResume pCallBackFunc,LPVOID pUserParam);
  467.  
  468. //-----------------------------------------------------------------------------
  469. // Name: Start
  470. // Object: start the software specified by pszFileName, inject API Override dll at start up,
  471. // call pCallBackFunc function to allow to configure monitoring and faking
  472. // Process is resume at Startup during dwResumeTimeAtStartup ms
  473. // resume process when callback function returns
  474. // Parameters :
  475. // in : TCHAR* pszFileName : path of software to start
  476. // TCHAR* pszCmdLine : command line
  477. // FARPROC pCallBackFunc : instruction to do after pszFileName loading and before we resume the process
  478. // let us load monitoring file and fake api dll before software startup
  479. // LPVOID pUserParam : parameter for the callback
  480. // StartWays StartMethod : Suspended, Sleep
  481. // DWORD dwResumeTimeAtStartup : Time in ms during which process will be resumed at startup
  482. // Return : FALSE on error, TRUE if success
  483. //-----------------------------------------------------------------------------
  484. BOOL Start(TCHAR* pszFileName,TCHAR* pszCmdLine,tagpCallBackBeforeAppResume pCallBackFunc,LPVOID pUserParam,StartWays StartMethod,DWORD dwResumeTimeAtStartup);
  485.  
  486. //-----------------------------------------------------------------------------
  487. // Name: ProcessInternalCall
  488. // Object: call specified function with parameters specified in pParams in the remote process
  489. // and store function return (eax) in pRet
  490. // Parameters :
  491. // in: LPTSTR LibName : function address
  492. // LPTSTR FuncName
  493. // DWORD NbParams : nb params in pParams
  494. // PSTRUCT_FUNC_PARAM pParams : array of STRUCT_FUNC_PARAM. Can be null if no params
  495. // out : PBYTE* pReturnValue : returned value
  496. // Return :
  497. //-----------------------------------------------------------------------------
  498. BOOL ProcessInternalCall(LPTSTR LibName,LPTSTR FuncName,DWORD NbParams,PSTRUCT_FUNC_PARAM pParams,PBYTE* pReturnValue);
  499.  
  500. //-----------------------------------------------------------------------------
  501. // Name: ProcessInternalCall
  502. // Object: call specified function with parameters specified in pParams in the remote process
  503. // and store function return (eax) in pRet
  504. // Parameters :
  505. // in: LPTSTR LibName : function address
  506. // LPTSTR FuncName
  507. // DWORD NbParams : nb params in pParams
  508. // PSTRUCT_FUNC_PARAM pParams : array of STRUCT_FUNC_PARAM. Can be null if no params
  509. // DWORD dwTimeOutMs : max time in ms to wait for function reply (0xFFFFFFFF for INFINITE)
  510. // out : PBYTE* pReturnValue : returned value
  511. // Return :
  512. //-----------------------------------------------------------------------------
  513. BOOL ProcessInternalCall(LPTSTR LibName,LPTSTR FuncName,DWORD NbParams,PSTRUCT_FUNC_PARAM pParams,PBYTE* pReturnValue,DWORD dwTimeOutMs);
  514.  
  515. //-----------------------------------------------------------------------------
  516. // Name: ProcessInternalCall
  517. // Object: call specified function with parameters specified in pParams in the remote process
  518. // and store function return (eax) in pRet
  519. // Parameters :
  520. // in: LPTSTR LibName : function address
  521. // LPTSTR FuncName
  522. // DWORD NbParams : nb params in pParams
  523. // PSTRUCT_FUNC_PARAM pParams : array of STRUCT_FUNC_PARAM. Can be null if no params
  524. // DWORD dwTimeOutMs : max time in ms to wait for function reply (0xFFFFFFFF for INFINITE)
  525. // in out : REGISTERS* pRegisters : in : register before call, out : registers after call
  526. // out : PBYTE* ReturnValue : returned value
  527. // Return :
  528. //-----------------------------------------------------------------------------
  529. BOOL ProcessInternalCall(LPTSTR LibName,LPTSTR FuncName,DWORD NbParams,PSTRUCT_FUNC_PARAM pParams,REGISTERS* pRegisters,PBYTE* pReturnValue,DWORD dwTimeOutMs);
  530.  
  531. //-----------------------------------------------------------------------------
  532. // Name: ProcessInternalCall
  533. // Object: call specified function with parameters specified in pParams in the remote process
  534. // and store function return (eax) in pRet
  535. // Parameters :
  536. // in: LPTSTR LibName : function address
  537. // LPTSTR FuncName
  538. // DWORD NbParams : number of parameters in pParams
  539. // PSTRUCT_FUNC_PARAM pParams : array of STRUCT_FUNC_PARAM. Can be null if no params
  540. // DWORD dwTimeOutMs : max time in ms to wait for function reply (0xFFFFFFFF for INFINITE)
  541. // DWORD ThreadID : thread id into which call must be done, 0 if no thread preference
  542. // in out : REGISTERS* pRegisters : in : register before call, out : registers after call
  543. // out : PBYTE* ReturnValue : returned value
  544. // double* FloatingReturn : floating result
  545. // Return :
  546. //-----------------------------------------------------------------------------
  547. BOOL ProcessInternalCall(LPTSTR LibName,LPTSTR FuncName,DWORD NbParams,PSTRUCT_FUNC_PARAM pParams,REGISTERS* pRegisters,PBYTE* pReturnValue,double* FloatingReturn,DWORD dwTimeOutMs,DWORD ThreadId);
  548.  
  549. //-----------------------------------------------------------------------------
  550. // Name: GetProcessID
  551. // Object: return the process ID with which CApioverride is working or has worked at last
  552. // Parameters :
  553. // Return : PID if CAPIOverride
  554. //-----------------------------------------------------------------------------
  555. DWORD GetProcessID();
  556.  
  557. //-----------------------------------------------------------------------------
  558. // Name: GetProcessName
  559. // Object: return the process name with which CApioverride is working or has worked at last
  560. // Parameters :
  561. // in : int ProcessNameMaxSize : max size of ProcessName in tchar
  562. // out: TCHAR* ProcessName : process name
  563. // Return : TRUE on success
  564. //-----------------------------------------------------------------------------
  565. BOOL GetProcessName(TCHAR* ProcessName,int ProcessNameMaxSize);
  566.  
  567. //-----------------------------------------------------------------------------
  568. // Name: SetMonitoringLogHeap
  569. // Object: allow to specify heap used for monitoring logs memory allocation
  570. // Parameters :
  571. // in: HANDLE Heap : new heap
  572. // Return :
  573. //-----------------------------------------------------------------------------
  574. void SetMonitoringLogHeap(HANDLE Heap);