How to write a catch-all Windows hook recipient function? - c

I want to create a generic, catch-all Windows API (and application function) hook recipient to permit dynamic and safe hooking.
The idea is to:
create and set a hook on the target function which is determined by user at runtime,
then, once it is intercepted, pass the values to a Lua runtime so the user can safely and dynamically inspect the values, or edit
pass control to the original function.
Decoding the function arguments to meaningful values can be left to the Lua script once it has them.
Any hints, tips welcome.
P.S. I am thinking of using mhook2.3

Related

How to pass Gatling session attributes in an exec() invoking another library (generated gRPC code)?

Newbie Gatling+Scala question: I’m using George Leung's gatling-grpc library (which is modeled after the http library) and trying to pass a value from the session (generated in a feeder), into a non-DSL, non-Gatling method call, specifically calls populating the gRPC payload object.
Before I start, let me add that it seems I can’t use the sessionFunction (Expression[T]) form of exec, which would resolve my issue:
.exec{ session => { … grpc(…).rpc(…)… }}
…because, AFAICT, the grpc call must be the last thing in the block, or else it’s never evaluated ... yet it can’t be the last thing in the block because there’s no way to coerce it to return a Session object (again, AFAICT).
Therefore, I have to use the ActionBuilder form of exec (grpc(...) returns a Call so this is as designed):
.exec( grpc(…).rpc(…)... )
and this works… until I have a gRPC payload (i.e., non-Gatling) method call to which I need to pass a non-constant value (from a feeder).
In this context, I have no access to a Session object, and the Gatling Expression Language is not applied because the library defining the gRPC types I need to use (to generate the payload) has no knowledge of Gatling.
So, in this fragment:
.header(transactionIdHeader)("${tid}.SAVE")
.payload(Student.newBuilder()
.setId(GlobalId.newBuilder().setValue("${authid}_${uniqId}").build()).build())
)
…the first call evaluates ${tid} because the param in the second parens is Expression[T], and hence is evaluated as Expression Language, but the second call fails to evaluate ${authid} or ${uniqId} because the external, generated library that defines the gRPC type GlobalId has no knowledge of Gatling.
So...
Is there a way to invoke the EL outside of Gatling's DSL?
Or a way to access a Session object via an ActionBuilder?
(I see that the Gatling code magically finds a Session object when I use the sessionFunction form, but I can't see whence it comes — even looking at the bytecode is not illuminating)
Or, turning back to the Expression[T] form of exec, is there a way to have an ActionBuilder return a Session object?
Or, still in the Expression[T] form, I could trivially pass back the existing Session object, if I had a way to ensure the grpc()... expression was evaluated (i.e., imperative programming).
Gatling 3.3.1, Scala 2.12.10
The gatling-grpc library is at phiSgr/gatling-grpc; I'm using version 0.7.0 (com.github.phisgr:gatling-grpc).
(The gRPC Java code is generated from .proto files, of course.)
You need the Gatling-JavaPB integration.
To see that in action, see here.
The .payload method takes an Expression[T], which is an alias for Session => Validation[T]. In plain English, that is a function that constructs the payload from the session with a possibility of failure.
Much of your frustration is not knowing how to get hold of a Session. I hope this clears up the confusion.
In the worst case one can write a lambda to create an expression. But for string interpolation or accessing one single object, Gatling provides an implicit conversation to turn an EL String into an Expression.
The problem is you want to construct well-typed payloads and Gatling's EL cannot help with that. The builders’ setters want a T, but you only have an Expression[T] (either from EL or the $ function). The library mentioned above is created to handle that plumbing.
After importing com.github.phisgr.gatling.javapb._, you should write the following.
...
.payload(
Student.getDefaultInstance
.update(_.getIdBuilder.setValue)("${authid}_${uniqId}")
)
For the sake of completeness, see the warning in Gatling's documentation for why defining actions in .exec(sessionFunction) is not going to work.

Is it possible to use callback function in conjuction with sqlite_prepare_v2()

So I am having some problems with parameterized queries and combining them with callback functions in C.
So with sqlite3_exec(...) you can execute your SQL query and give a callback function as parameter with it. The callback function serves to print out the query output
But I want to use parameterized queries so I have to use sqlite3_prepare_v2(), one of the sqlite3_bind functions, sqlite3_step(), and sqlite3_finalize(), which don't support callback functions as parameter.
Is there another function that I can use to get best of both worlds?
(side note: the SQL statement that I try to execute is just a single line query)
Note the lead remark from the API docs for sqlite3_exec():
The sqlite3_exec() interface is a convenience wrapper around
sqlite3_prepare_v2(), sqlite3_step(), and sqlite3_finalize(), that
allows an application to run multiple statements of SQL without having
to use a lot of C code.
Things you should take away from that include:
the callback-based interface is not the main API.
it's written in terms of other accessible functions, so you could write your own, similar function that provides whatever callback interface you want.
If you really do need a callback interface that works with parameterized prepared statements, then you will indeed need to write an appropriate analogue of sqlite3_exec() yourself. If you want to stick as close as possible to sqlite3_exec() then you could use a similar signature, with a pointer to the (already prepared and filled) prepared statement in place of the first two parameters. The function would then need to execute the query via multiple calls to sqlite3_step(), each time extracting the needed data from the result row (sqlite3_column_sometype() * n), passing them to the callback function, and handling the callback's return value appropriately.
There's a lot of room for customization there, especially if you indeed have only one query to support. You might, for example, pass the parameters to the function instead of requiring them to be pre-bound. You might very well change the signature of the callback function to be better matched to the query results, and if there's only one query to be supported then it probably doesn't need to be told the column names.
If it turns out that you actually know the specific function that is supposed to be called per row, then it doesn't have to be a callback interface at all, in that you you receive a function pointer as a parameter. In that case, you could just call the function directly.

Mono embed API modifying method body at runtime

Is it possible to modify a method body at runtime using mono embed API. Is there is a way to access method's body and signature. I know it's a little bit complicated but I really need it for a school project.
I was able to do this with the .Net framework. I found out that the .Net framework resolves all the methods at the managed code and there is an external method called SetmethodIL which I had to call using refelection and It worked but mono takes a different route. Mono takes the unmanaged code choice which calls an external method called create_runtime_class that gets the job done.
Thank you for your support.
I found out by examining the reflection_methodbuilder_to_mono_method method that a MonoMethod must have a MonoMethodHeader which contains information about the method.
At the line 3014 you will see how they were able to set the code of the method by passing the array address as a guint8.
As far as I know the code contains the CIL Instructions which is an array of bytes.
By using the method called mono_method_get_header you will be able to get the header of any method and by using technique above you will be able to modify the code. But I'm not sure if this gonna work or not It may only works with dynamically generated methods.
If you call an internal call with a byte array parameter to c Maybe we could get it right.

How to use ProcessMitigationOptionsMask parameter in GetProcessMitigationPolicy() function call?

I'm trying to see if I can query all execution mitigation policies for a process in one call to GetProcessMitigationPolicy() function (or similarly set them via a call to SetProcessMitigationPolicy() function) instead of doing them individually, one-by-one.
The MSDN page suggests using ProcessMitigationOptionsMask parameter for that, but I'm not really sure how to use it, or what mask are they referring to?
Can someone show an example?

When to Use a Callback function?

When do you use a callback function? I know how they work, I have seen them in use and I have used them myself many times.
An example from the C world would be libcurl which relies on callbacks for its data retrieval.
An opposing example would be OpenSSL: Where I have used it, I use out parameters:
ret = somefunc(&target_value);
if(ret != 0)
//error case
I am wondering when to use which? Is a callback only useful for async stuff? I am currently in the processes of designing my application's API and I am wondering whether to use a callback or just an out parameter. Under the hood it will use libcurl and OpenSSL as the main libraries it builds on and the parameter "returned" is an OpenSSL data type.
I don't see any benefit of a callback over just returning. Is this only useful, if I want to process the data in any way instead of just giving it back? But then I could process the returned data. Where is the difference?
In the simplest case, the two approaches are equivalent. But if the callback can be called multiple times to process data as it arrives, then the callback approach provides greater flexibility, and this flexibility is not limited to async use cases.
libcurl is a good example: it provides an API that allows specifying a callback for all newly arrived data. The alternative, as you present it, would be to just return the data. But return it — how? If the data is collected into a memory buffer, the buffer might end up very large, and the caller might have only wanted to save it to a file, like a downloader. If the data is saved to a file whose name is returned to the caller, it might incur unnecessary IO if the caller in fact only wanted to store it in memory, like a web browser showing an image. Either approach is suboptimal if the caller wanted to process data as it streams, say to calculate a checksum, and didn't need to store it at all.
The callback approach allows the caller to decide how the individual chunks of data will be processed or assembled into a larger whole.
Callbacks are useful for asynchronous notification. When you register a callback with some API, you are expecting that callback to be run when some event occurs. Along the same vein, you can use them as an intermediate step in a data processing pipeline (similar to an 'insert' if you're familiar with the audio/recording industry).
So, to summarise, these are the two main paradigms that I have encountered and/or implemented callback schemes for:
I will tell you when data arrives or some event occurs - you use it as you see fit.
I will give you the chance to modify some data before I deal with it.
If the value can be returned immediately then yes, there is no need for a callback. As you surmised, callbacks are useful in situations wherein a value cannot be returned immediately for whatever reason (perhaps it is just a long running operation which is better performed asynchronously).
My take on this: I see it as which module has to know about which one? Let's call them Data-User and IO.
Assume you have some IO, where data comes in. The IO-Module might not even know who is interested in the data. The Data-User however knows exactly which data it needs. So the IO should provide a function like subscribe_to_incoming_data(func) and the Data-User module will subscribe to the specific data the IO-Module has. The alternative would be to change code in the IO-Module to call the Data-User. But with existing libs you definitely don't want to touch existing code that someone else has provided to you.

Resources