Hook timeBeginPeriod in kernel32 on Windows 7+

rustyx · Mar 14, 2016 · 368c6e0 · 368c6e0
1 parent fbab133
commit 368c6e0
Show file tree

Hide file tree

Showing 6 changed files with 107 additions and 53 deletions.
diff --git a/NoBuzzDLL/main.cpp b/NoBuzzDLL/main.cpp
@@ -25,7 +25,7 @@
 #include "stdafx.h"
 #include "minhook/include/MinHook.h"
 
-int unhookLoadLibrary();
+int unhookKernel32();
 
 HANDLE hfile = INVALID_HANDLE_VALUE;
 wchar_t modname[256];
@@ -50,6 +50,13 @@ P_TIME_BEGIN_PERIOD pTimeBeginPeriod;
 P_TIME_BEGIN_PERIOD origTimeBeginPeriod;
 P_TIME_BEGIN_PERIOD pTimeEndPeriod;
 P_TIME_BEGIN_PERIOD origTimeEndPeriod;
+P_TIME_BEGIN_PERIOD pMMTimeBeginPeriod;
+P_TIME_BEGIN_PERIOD origMMTimeBeginPeriod;
+P_TIME_BEGIN_PERIOD pMMTimeEndPeriod;
+P_TIME_BEGIN_PERIOD origMMTimeEndPeriod;
+//typedef size_t(NTAPI *P_NT_SET_TIMER_RESOLUTION)(size_t DesiredResolution, size_t SetResolution, PULONG CurrentResolution);
+//P_NT_SET_TIMER_RESOLUTION pNtSetTimerResolution;
+//P_NT_SET_TIMER_RESOLUTION origNtSetTimerResolution;
 
 void openLogFile()
 {
@@ -88,15 +95,6 @@ void log(const char*fmt, ...)
     }
 }
 
-MMRESULT WINAPI hookedTimeEndPeriod(UINT uPeriod)
-{
-    if (uPeriod < 16) {
-        return TIMERR_NOERROR;
-        //return TIMERR_NOCANDO;
-    }
-    return origTimeEndPeriod(uPeriod);
-}
-
 template <typename T>
 inline bool hookApi(LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, T** ppTarget, T** ppOriginal)
 {
@@ -140,91 +138,149 @@ MMRESULT WINAPI hookedTimeBeginPeriod(UINT uPeriod)
     return origTimeBeginPeriod(uPeriod);
 }
 
-int hookWinMM(LPCSTR originA, LPWSTR originW)
+MMRESULT WINAPI hookedTimeEndPeriod(UINT uPeriod)
 {
-    if (pTimeBeginPeriod)
-        return 0;
+    if (uPeriod < 16) {
+        return TIMERR_NOERROR;
+        //return TIMERR_NOCANDO;
+    }
+    return origTimeEndPeriod(uPeriod);
+}
+
+MMRESULT WINAPI hookedMMTimeBeginPeriod(UINT uPeriod)
+{
+    if (hfile != INVALID_HANDLE_VALUE && logRecCount++ < 10) {
+        log("%ls : winmm!timeBeginPeriod(%d)", modname, uPeriod);
+    }
+    if (uPeriod < 16) {
+        return TIMERR_NOERROR;
+        //return TIMERR_NOCANDO;
+    }
+    return origMMTimeBeginPeriod(uPeriod);
+}
+
+MMRESULT WINAPI hookedMMTimeEndPeriod(UINT uPeriod)
+{
+    if (uPeriod < 16) {
+        return TIMERR_NOERROR;
+        //return TIMERR_NOCANDO;
+    }
+    return origMMTimeEndPeriod(uPeriod);
+}
+
+bool hookWinMM(LPCSTR originA, LPWSTR originW)
+{
+    if (pMMTimeBeginPeriod)
+        return false;
     hWinMM = ::GetModuleHandleW(L"winmm");
-    if (hWinMM && !pTimeBeginPeriod && ::GetProcAddress(hWinMM, "timeBeginPeriod")) {
+    if (hWinMM && !pMMTimeBeginPeriod && ::GetProcAddress(hWinMM, "timeBeginPeriod")) {
         if (originA)
             log("Attached: %ls (after %s)", modname, originA);
         else if (originW)
             log("Attached: %ls (after %ls)", modname, originW);
         else
             log("Attached: %ls", modname);
-        bool hooked = hookApi(L"winmm", "timeBeginPeriod", hookedTimeBeginPeriod, &pTimeBeginPeriod, &origTimeBeginPeriod);
-        hookApi(L"winmm", "timeEndPeriod", hookedTimeEndPeriod, &pTimeEndPeriod, &origTimeEndPeriod);
+        bool hooked = hookApi(L"winmm", "timeBeginPeriod", hookedMMTimeBeginPeriod, &pMMTimeBeginPeriod, &origMMTimeBeginPeriod);
+        hookApi(L"winmm", "timeEndPeriod", hookedMMTimeEndPeriod, &pMMTimeEndPeriod, &origMMTimeEndPeriod);
         return hooked;
     }
-    return 0;
+    return false;
 }
 
 int unhookWinMM()
 {
-    if (!pTimeBeginPeriod)
+    if (!pMMTimeBeginPeriod)
         return 0;
-    unhookApi("timeBeginPeriod", &pTimeBeginPeriod);
-    unhookApi("timeEndPeriod", &pTimeEndPeriod);
+    unhookApi("timeBeginPeriod", &pMMTimeBeginPeriod);
+    unhookApi("timeEndPeriod", &pMMTimeEndPeriod);
     return 1;
 }
 
 HMODULE WINAPI hookedLoadLibraryA(LPCSTR lpLibFileName)
 {
     HMODULE m = origLoadLibraryA(lpLibFileName);
-    if (!pTimeBeginPeriod) {
-        if (hookWinMM(lpLibFileName, NULL))
-            unhookLoadLibrary();
+    if (!pMMTimeBeginPeriod) {
+        hookWinMM(lpLibFileName, NULL);
     }
     return m;
 }
 
 HMODULE WINAPI hookedLoadLibraryW(LPWSTR lpLibFileName)
 {
     HMODULE m = origLoadLibraryW(lpLibFileName);
-    if (!pTimeBeginPeriod) {
-        if (hookWinMM(NULL, lpLibFileName))
-            unhookLoadLibrary();
+    if (!pMMTimeBeginPeriod) {
+        hookWinMM(NULL, lpLibFileName);
     }
     return m;
 }
 
 HMODULE WINAPI hookedLoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
 {
     HMODULE m = origLoadLibraryExA(lpLibFileName, hFile, dwFlags);
-    if (!pTimeBeginPeriod) {
-        if (hookWinMM(lpLibFileName, NULL))
-            unhookLoadLibrary();
+    if (!pMMTimeBeginPeriod) {
+        hookWinMM(lpLibFileName, NULL);
     }
     return m;
 }
 
 HMODULE WINAPI hookedLoadLibraryExW(LPWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
 {
     HMODULE m = origLoadLibraryExW(lpLibFileName, hFile, dwFlags);
-    if (!pTimeBeginPeriod) {
-        if (hookWinMM(NULL, lpLibFileName))
-            unhookLoadLibrary();
+    if (!pMMTimeBeginPeriod) {
+        hookWinMM(NULL, lpLibFileName);
     }
     return m;
 }
 
-int hookLoadLibrary()
+
+/*size_t NTAPI hookedNtSetTimerResolution(size_t DesiredResolution, size_t SetResolution, PULONG CurrentResolution)
 {
-    if (origLoadLibraryA || !::GetProcAddress(hKernel, "LoadLibraryA"))
+    if (hfile != INVALID_HANDLE_VALUE && logRecCount++ < 10) {
+        log("%ls : NtSetTimerResolution(%lu)", modname, (ULONG)DesiredResolution);
+    }
+    if (DesiredResolution < 156000) {
+        DesiredResolution = 156000;
+        SetResolution = 0;
+    }
+    return origNtSetTimerResolution(DesiredResolution, SetResolution, CurrentResolution);
+}*/
+
+int hookKernel32()
+{
+    if (pLoadLibraryA || pTimeBeginPeriod)
         return 0;
     openLogFile();
-    bool hooked = hookApi(L"kernel32", "LoadLibraryA", hookedLoadLibraryA, &pLoadLibraryA, &origLoadLibraryA);
-    hookApi(L"kernel32", "LoadLibraryW", hookedLoadLibraryW, &pLoadLibraryW, &origLoadLibraryW);
-    hookApi(L"kernel32", "LoadLibraryExA", hookedLoadLibraryExA, &pLoadLibraryExA, &origLoadLibraryExA);
+    bool hooked;
+    if (::GetProcAddress(hKernel, "timeBeginPeriod")) {
+        hooked = hookApi(L"kernel32", "timeBeginPeriod", hookedTimeBeginPeriod, &pTimeBeginPeriod, &origTimeBeginPeriod);
+        hookApi(L"kernel32", "timeEndPeriod", hookedTimeEndPeriod, &pTimeEndPeriod, &origTimeEndPeriod);
+        if (hooked)
+            log("Attached: %ls", modname);
+    }
+    else
+    {
+        hooked = hookWinMM(NULL, NULL);
+        if (!hooked)
+        {
+            hooked = hookApi(L"kernel32", "LoadLibraryA", hookedLoadLibraryA, &pLoadLibraryA, &origLoadLibraryA);
+            hookApi(L"kernel32", "LoadLibraryW", hookedLoadLibraryW, &pLoadLibraryW, &origLoadLibraryW);
+            hookApi(L"kernel32", "LoadLibraryExA", hookedLoadLibraryExA, &pLoadLibraryExA, &origLoadLibraryExA);
+        }
+    }
+    //hookApi(L"ntdll", "NtSetTimerResolution", hookedNtSetTimerResolution, &pNtSetTimerResolution, &origNtSetTimerResolution);
     return hooked;
 }
 
-int unhookLoadLibrary()
+int unhookKernel32()
 {
     int rc = 0;
+    //unhookApi("NtSetTimerResolution", &pNtSetTimerResolution);
     unhookApi("LoadLibraryA", &pLoadLibraryA);
     unhookApi("LoadLibraryW", &pLoadLibraryW);
     unhookApi("LoadLibraryExA", &pLoadLibraryExA);
+    unhookApi("timeBeginPeriod", &pTimeBeginPeriod);
+    unhookApi("timeEndPeriod", &pTimeEndPeriod);
+    unhookWinMM();
     return rc;
 }
 
@@ -234,15 +290,13 @@ bool init()
     if (MH_Initialize() != MH_OK) {
         return false;
     }
-    if (!hookWinMM(NULL, NULL))
-        hookLoadLibrary();
+    hookKernel32();
     return true;
 }
 
 void deinit()
 {
-    unhookLoadLibrary();
-    unhookWinMM();
+    unhookKernel32();
     if (hfile != INVALID_HANDLE_VALUE) {
         CloseHandle(hfile);
         hfile = 0;

diff --git a/NoBuzzDLL/nobuzz.vcxproj b/NoBuzzDLL/nobuzz.vcxproj
@@ -130,7 +130,7 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <GenerateDebugInformation>No</GenerateDebugInformation>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <TargetMachine>MachineX86</TargetMachine>
@@ -149,9 +149,9 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>No</GenerateDebugInformation>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

diff --git a/NoBuzzDLL/nobuzz.vcxproj.filters b/NoBuzzDLL/nobuzz.vcxproj.filters
@@ -50,12 +50,6 @@
     </ClCompile>
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="stdafx.h">
-      <Filter>Source Files</Filter>
-    </ClInclude>
-    <ClInclude Include="targetver.h">
-      <Filter>Source Files</Filter>
-    </ClInclude>
     <ClInclude Include="resource.h">
       <Filter>Header Files</Filter>
     </ClInclude>
@@ -83,6 +77,12 @@
     <ClInclude Include="minhook\src\HDE\table64.h">
       <Filter>Source Files\minhook\src\HDE</Filter>
     </ClInclude>
+    <ClInclude Include="stdafx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="nobuzz.rc">

diff --git a/Setup/Bundle.wxs b/Setup/Bundle.wxs
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:bal="http://schemas.microsoft.com/wix/BalExtension" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
-  <Bundle Name="NoBuzz (beta) v0.7" Version="0.7" Manufacturer="rustyx.org" Compressed="yes" DisableModify="yes" IconSourceFile="..\nobuzz.ico" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429663264">
+  <Bundle Name="NoBuzz (beta) v0.8" Version="0.8" Manufacturer="rustyx.org" Compressed="yes" DisableModify="yes" IconSourceFile="..\nobuzz.ico" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429663264">
     <BootstrapperApplicationRef Id="WixStandardBootstrapperApplication.RtfLicense">
       <bal:WixStandardBootstrapperApplication SuppressOptionsUI="yes" SuppressRepair="yes" LogoFile="logo.png" LicenseFile="..\license.rtf" />
     </BootstrapperApplicationRef>

diff --git a/Setup/nobuzz32.wxs b/Setup/nobuzz32.wxs
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
-	<Product Id="*" Name="nobuzz" Language="1033" Version="0.7" Manufacturer="rustyx.org" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429660032">
+	<Product Id="*" Name="nobuzz" Language="1033" Version="0.8" Manufacturer="rustyx.org" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429660032">
 		<Package InstallerVersion="200" Compressed="yes" InstallPrivileges="elevated" InstallScope="perMachine" />
 
 		<MediaTemplate EmbedCab="yes" />

diff --git a/Setup/nobuzz64.wxs b/Setup/nobuzz64.wxs
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
-	<Product Id="*" Name="nobuzz (64-bit)" Language="1033" Version="0.7" Manufacturer="rustyx.org" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429660064">
+	<Product Id="*" Name="nobuzz (64-bit)" Language="1033" Version="0.8" Manufacturer="rustyx.org" UpgradeCode="0a6f5c71-0c6d-41d6-b2e2-dd9429660064">
 		<Package InstallerVersion="200" Compressed="yes" InstallPrivileges="elevated" InstallScope="perMachine" Platform="x64" />
 
     <MediaTemplate EmbedCab="yes" />