/*
Copyright (C) 2014-2019 de4dot@gmail.com
This file is part of dnSpy
dnSpy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
dnSpy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with dnSpy. If not, see .
*/
using System;
using System.ComponentModel.Composition;
namespace dnSpy.Contracts.Debugger.AntiAntiDebug {
///
/// Hooks native functions when the debugged process starts.
/// Use to export an instance.
///
public interface IDbgNativeFunctionHook {
///
/// Returns true if it's enabled
///
/// Context
///
bool IsEnabled(DbgNativeFunctionHookContext context);
///
/// Hooks the function
///
/// Context
/// Updated with an error message if it failed or null if it was successful
void Hook(DbgNativeFunctionHookContext context, out string? errorMessage);
}
/// Metadata
public interface IDbgNativeFunctionHookMetadata {
/// See
string Dll { get; }
/// See
string Function { get; }
/// See
DbgArchitecture[] Architectures { get; }
/// See
DbgOperatingSystem[] OperatingSystems { get; }
/// See
double Order { get; }
}
///
/// Exports a instance
///
[MetadataAttribute, AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public sealed class ExportDbgNativeFunctionHookAttribute : ExportAttribute, IDbgNativeFunctionHookMetadata {
///
/// Constructor
///
/// DLL name including dll extension, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
/// Function name, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
/// Supported architecture
/// Supported operating system
/// Order
public ExportDbgNativeFunctionHookAttribute(string dll, string function, DbgArchitecture architecture, DbgOperatingSystem operatingSystem, double order = double.MaxValue)
: this(dll, function, new[] { architecture }, new[] { operatingSystem }, order) {
}
///
/// Constructor
///
/// DLL name including dll extension, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
/// Function name, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
/// Supported architectures or empty to support all available architectures
/// Supported operating systems or empty to support all operating systems
/// Order
public ExportDbgNativeFunctionHookAttribute(string dll, string function, DbgArchitecture[] architectures, DbgOperatingSystem[] operatingSystems, double order = double.MaxValue)
: base(typeof(IDbgNativeFunctionHook)) {
Dll = dll ?? throw new ArgumentNullException(nameof(dll));
Function = function ?? throw new ArgumentNullException(nameof(function));
Architectures = architectures ?? throw new ArgumentNullException(nameof(architectures));
OperatingSystems = operatingSystems ?? throw new ArgumentNullException(nameof(operatingSystems));
Order = order;
}
///
/// DLL name including dll extension, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
///
public string Dll { get; }
///
/// Function name, case sensitive. It can be any name, it's only used to make sure only one handler patches a function.
///
public string Function { get; }
///
/// Supported architectures or empty to support all available architectures
///
public DbgArchitecture[] Architectures { get; }
///
/// Supported operating systems or empty to support all operating systems
///
public DbgOperatingSystem[] OperatingSystems { get; }
///
/// Gets the order
///
public double Order { get; }
}
}