Closed sonyps5201314 closed 3 years ago
Could this perhaps be factored out into a public DetoursFreePayload method?
Could this perhaps be factored out into a public DetoursFreePayload method?
Yes, the official people have rights to append a new api. we do this only for solve problems as soon as possible, and have no time to wait the official people's decision.
@bgianfo, I have rebased to only include this commit, and add a API named 'DetourFreePayload' to follow @sylveon's advice in the next commit.
Since this PR adds special behavior with the _DEBUG macro, we might want to have Debug build configs set the _DEBUG
macro now
Delete the payload after finish associated task, and need change the DETOUR_EXE_RESTORE_GUID's value for compatible with these dlls that compiled by old version Detours
for example, create a pair of dlls named dll_createwith_mysocks_32/64.dll, their function is hooked CreateProcess to create any new process with it. a 32bit exe(named exe_socks) use dll_createwith_mysocks_32.dll by PE import table. so it start any process will with dll_createwith_mysocks_32/64.dll. now it start a 32bit exe (named exe_vs), but exe_vs will load a dll (named dll_createwith_myluainject_32/64.dll) that build with detours and their function is hooked CreateProcess to create any new process with it. so if exe_vs start a 64bit exe, DetourCreateProcessXXX api will only restore the first IAT which modifed by dll_createwith_mysocks_32/64.dll, and dll_createwith_myluainject_32/64.dll modified IAT will not restore. because they create payload with the same GUID DETOUR_EXE_RESTORE_GUID. and Detour will do restore with the first founded payload twice. so make dll_createwith_mysocks_32/64.dll can not work ok. so we need delete the payload after the associated task finish immediately. if do like this, the payload with GUID DETOUR_EXE_RESTORE_GUID can be used by the next dll that complied by Detours.
And for compatible with these dlls that compiled by old version Detours which we don`t have source code to recompile these. so we need change DETOUR_EXE_RESTORE_GUID's value to a new value, so even these dlls can not delete the payload, because we only search the new DETOUR_EXE_RESTORE_GUID's value's payload. so the old playload things will not executed by us.