diff --git a/hook_tests.sln b/hook_tests.sln index 8725a24..07d6e09 100644 --- a/hook_tests.sln +++ b/hook_tests.sln @@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 14 VisualStudioVersion = 14.0.25420.1 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hook_tests", "hook_tests\hook_tests.vcxproj", "{81248D42-942D-422C-B2B9-E4A94FAAEBAE}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test_cases", "test_cases\test_cases.vcxproj", "{8C444ABC-D25C-4B44-8F27-081B464D9AE4}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -13,14 +13,14 @@ Global Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Debug|x64.ActiveCfg = Debug|x64 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Debug|x64.Build.0 = Debug|x64 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Debug|x86.ActiveCfg = Debug|Win32 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Debug|x86.Build.0 = Debug|Win32 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Release|x64.ActiveCfg = Release|x64 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Release|x64.Build.0 = Release|x64 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Release|x86.ActiveCfg = Release|Win32 - {81248D42-942D-422C-B2B9-E4A94FAAEBAE}.Release|x86.Build.0 = Release|Win32 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Debug|x64.ActiveCfg = Debug|x64 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Debug|x64.Build.0 = Debug|x64 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Debug|x86.ActiveCfg = Debug|Win32 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Debug|x86.Build.0 = Debug|Win32 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Release|x64.ActiveCfg = Release|x64 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Release|x64.Build.0 = Release|x64 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Release|x86.ActiveCfg = Release|Win32 + {8C444ABC-D25C-4B44-8F27-081B464D9AE4}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/hook_tests/README.md b/test_cases/README.md similarity index 60% rename from hook_tests/README.md rename to test_cases/README.md index 8a7ea13..31bc39f 100644 --- a/hook_tests/README.md +++ b/test_cases/README.md @@ -6,8 +6,10 @@ engines (on windows) are. I'll try to write various functions, that are hard to patch and then see how each hooking engine does. I'll test: -* [EasyHook]() -* [PolyHook]() +* [EasyHook](https://easyhook.github.io/) +* [PolyHook](https://github.com/stevemk14ebr/PolyHook) +* [MinHook](https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra) +* [Mhook](http://codefromthe70s.org/mhook24.aspx) (I'd like to test detours, but I'm not willing to pay for it. So that isn't tested :( ) @@ -19,13 +21,17 @@ some self protection features (or other software on the system provides that, e.g. Trustee Rapport) Evaluating how the hooking engines stack up against that is not the goal here. -This is just about the challenges the function to be hooked itself poses. +Neither are non-functional criteria, like how fast it is or how much memory it +needs for each hook. This is just about the challenges the function to be +hooked itself poses. Namely: * Are jumps relocated? * What about RIP adressing? -* If it's a tail recurisve function, does the hooking engine handle it? +* If there's a loop at the beginning / if it's a tail recurisve function, does + the hooking engine handle it? * How good is the dissassembler, how many instructions does it know? +* Can it hook already hooked functions? Test cases ========== \ No newline at end of file diff --git a/hook_tests/advanced_instructions.asm b/test_cases/advanced_instructions.asm similarity index 100% rename from hook_tests/advanced_instructions.asm rename to test_cases/advanced_instructions.asm diff --git a/hook_tests/advanced_instructions.h b/test_cases/advanced_instructions.h similarity index 72% rename from hook_tests/advanced_instructions.h rename to test_cases/advanced_instructions.h index 0a3d10f..c4659be 100644 --- a/hook_tests/advanced_instructions.h +++ b/test_cases/advanced_instructions.h @@ -6,10 +6,10 @@ extern "C" { * @param num: the number of which the square root shall be taken * @param res: where the 4 results shall be written */ - void _AVX(float num, void* res); + void _declspec(dllexport) _AVX(float num, void* res); /** * Just a wrapper around RDRAND */ - uint32_t _RDRAND(void); + uint32_t _declspec(dllexport) _RDRAND(void); } \ No newline at end of file diff --git a/test_cases/assemble.ps1 b/test_cases/assemble.ps1 new file mode 100644 index 0000000..11142f3 --- /dev/null +++ b/test_cases/assemble.ps1 @@ -0,0 +1,7 @@ +$fasm = "U:\fasm\fasm.exe" +$files = gci -r -File | where {$_.extension -eq ".asm"} +Foreach ($i in $files) +{ + Write-Host $i.Name + & $fasm $i.Name +} \ No newline at end of file diff --git a/hook_tests/backwards.asm b/test_cases/backwards.asm similarity index 100% rename from hook_tests/backwards.asm rename to test_cases/backwards.asm diff --git a/hook_tests/backwards.h b/test_cases/backwards.h similarity index 52% rename from hook_tests/backwards.h rename to test_cases/backwards.h index 683e046..24dcc4e 100644 --- a/hook_tests/backwards.h +++ b/test_cases/backwards.h @@ -6,12 +6,12 @@ extern "C" { * @param num * @param cnt */ - uint32_t _loop(uint32_t num, uint32_t cnt); + uint32_t _declspec(dllexport) _loop(uint32_t num, uint32_t cnt); /** * Computes factorial * * @param x */ - uint32_t _tail_recursion(uint32_t x); + uint32_t _declspec(dllexport) _tail_recursion(uint32_t x); } \ No newline at end of file diff --git a/hook_tests/catch.hpp b/test_cases/catch.hpp similarity index 100% rename from hook_tests/catch.hpp rename to test_cases/catch.hpp diff --git a/hook_tests/main.cpp b/test_cases/main.cpp similarity index 76% rename from hook_tests/main.cpp rename to test_cases/main.cpp index 19fe2dc..0285fb8 100644 --- a/hook_tests/main.cpp +++ b/test_cases/main.cpp @@ -1,11 +1,19 @@ #include #include -#define CATCH_CONFIG_MAIN +#define CATCH_CONFIG_RUNNER #include "catch.hpp" -#include "simple_tests.h" -#include "advanced_instructions.h" -#include "backwards.h" +#include "test_cases.h" + +/*#pragma comment(lib, "advanced_instructions.obj") +#pragma comment(lib, "simple_tests.obj") +#pragma comment(lib, "backwards.obj")*/ + +static Catch::Session session; + +_declspec(dllexport) void SelfTest() { + session.run(); +} TEST_CASE("Simple functions work as expected, unhooked") { REQUIRE(_small() == 0); diff --git a/hook_tests/simple_tests.asm b/test_cases/simple_tests.asm similarity index 100% rename from hook_tests/simple_tests.asm rename to test_cases/simple_tests.asm diff --git a/hook_tests/simple_tests.h b/test_cases/simple_tests.h similarity index 80% rename from hook_tests/simple_tests.h rename to test_cases/simple_tests.h index c75fb92..74b0059 100644 --- a/hook_tests/simple_tests.h +++ b/test_cases/simple_tests.h @@ -3,7 +3,7 @@ extern "C" { /** * A small function, that always returns 0 */ - uint64_t _small(void); + uint64_t _declspec(dllexport) _small(void); /** * This function checks if the parameter is even or odd, and then @@ -14,7 +14,7 @@ extern "C" { * * @param Number to be checked */ - uint64_t _branch(uint64_t); + uint64_t _declspec(dllexport) _branch(uint64_t); /** * Replicates the MSVCRT rand(). @@ -27,5 +27,5 @@ extern "C" { * return( ((seed = seed * 214013L * + 2531011L) >> 16) & 0x7fff ); */ - uint64_t _rip_relative(void); + uint64_t _declspec(dllexport) _rip_relative(void); }; diff --git a/test_cases/test_cases.h b/test_cases/test_cases.h new file mode 100644 index 0000000..355ccb6 --- /dev/null +++ b/test_cases/test_cases.h @@ -0,0 +1,6 @@ +#pragma once +#include "simple_tests.h" +#include "backwards.h" +#include "advanced_instructions.h" + +_declspec(dllexport) void SelfTest(); \ No newline at end of file diff --git a/hook_tests/hook_tests.vcxproj b/test_cases/test_cases.vcxproj similarity index 82% rename from hook_tests/hook_tests.vcxproj rename to test_cases/test_cases.vcxproj index 8632e04..4d59495 100644 --- a/hook_tests/hook_tests.vcxproj +++ b/test_cases/test_cases.vcxproj @@ -19,33 +19,33 @@ - {81248D42-942D-422C-B2B9-E4A94FAAEBAE} + {8C444ABC-D25C-4B44-8F27-081B464D9AE4} Win32Proj - hook_tests + test_cases 8.1 - Application + DynamicLibrary true v140 Unicode - Application + DynamicLibrary false v140 true Unicode - Application + DynamicLibrary true v140 Unicode - Application + DynamicLibrary false v140 true @@ -87,11 +87,11 @@ Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;_DEBUG;_WINDOWS;_USRDLL;TEST_CASES_EXPORTS;%(PreprocessorDefinitions) true - Console + Windows true @@ -101,11 +101,11 @@ Level3 Disabled - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_WINDOWS;_USRDLL;TEST_CASES_EXPORTS;%(PreprocessorDefinitions) true - Console + Windows true @@ -117,11 +117,11 @@ MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;TEST_CASES_EXPORTS;%(PreprocessorDefinitions) true - Console + Windows true true true @@ -135,31 +135,40 @@ MaxSpeed true true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_WINDOWS;_USRDLL;TEST_CASES_EXPORTS;%(PreprocessorDefinitions) true - Console + Windows true true true + backwards.obj;simple_tests.obj;advanced_instructions.obj;%(AdditionalDependencies) + + $(MSBuildProjectDirectory)\assemble.ps + + + Assemble all .asm files using FASM + + + + + + + + + - - - - - - diff --git a/hook_tests/hook_tests.vcxproj.filters b/test_cases/test_cases.vcxproj.filters similarity index 90% rename from hook_tests/hook_tests.vcxproj.filters rename to test_cases/test_cases.vcxproj.filters index b8c62d6..383c137 100644 --- a/hook_tests/hook_tests.vcxproj.filters +++ b/test_cases/test_cases.vcxproj.filters @@ -15,16 +15,34 @@ - + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files - + Header Files - + Header Files - + + Header Files + + Header Files @@ -34,20 +52,8 @@ - - Source Files - - - - Source Files - - - Source Files - - - - + \ No newline at end of file