Merge commit 'dabc40cb19' as 'ext/detours'

ext/detours/samples/traceapi/Makefile

@@ -0,0 +1,153 @@
+##############################################################################
+##
+##  Utility to trace Win32 APIs.
+##
+##  Microsoft Research Detours Package
+##
+##  Copyright (c) Microsoft Corporation.  All rights reserved.
+##
+
+!include ..\common.mak
+
+LIBS=$(LIBS) kernel32.lib gdi32.lib user32.lib shell32.lib advapi32.lib ole32.lib ws2_32.lib
+
+##############################################################################
+
+all: dirs \
+    $(BIND)\trcapi$(DETOURS_BITS).dll \
+    $(BIND)\testapi.exe \
+!IF $(DETOURS_SOURCE_BROWSING)==1
+    $(OBJD)\trcapi$(DETOURS_BITS).bsc \
+    $(OBJD)\testapi.bsc \
+!ENDIF
+    option
+
+##############################################################################
+
+clean:
+    -del *~ test.txt 2>nul
+    -del $(BIND)\trcapi*.* $(BIND)\testapi.* 2>nul
+    -rmdir /q /s $(OBJD) 2>nul
+
+realclean: clean
+    -rmdir /q /s $(OBJDS) 2>nul
+
+dirs:
+    @if not exist $(BIND) mkdir $(BIND) && echo.   Created $(BIND)
+    @if not exist $(OBJD) mkdir $(OBJD) && echo.   Created $(OBJD)
+
+$(OBJD)\trcapi.obj : trcapi.cpp _win32.cpp
+
+$(OBJD)\trcapi.res : trcapi.rc
+
+$(BIND)\trcapi$(DETOURS_BITS).dll: $(OBJD)\trcapi.obj $(OBJD)\trcapi.res $(DEPS)
+    cl /LD $(CFLAGS) /Fe$@ /Fd$(@R).pdb \
+        $(OBJD)\trcapi.obj $(OBJD)\trcapi.res \
+        /link $(LINKFLAGS) /release /subsystem:console \
+        /export:DetourFinishHelperProcess,@1,NONAME \
+        $(LIBS)
+
+$(OBJD)\trcapi$(DETOURS_BITS).bsc : $(OBJD)\trcapi.obj
+    bscmake /v /n /o $@ $(OBJD)\trcapi.sbr
+
+$(OBJD)\testapi.obj : testapi.cpp trcapi.cpp _win32.cpp
+
+$(BIND)\testapi.exe : $(OBJD)\testapi.obj $(DEPS)
+    cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\testapi.obj \
+        /link $(LINKFLAGS) $(LIBS) \
+        /subsystem:console /fixed:no
+
+$(OBJD)\testapi.bsc : $(OBJD)\testapi.obj
+    bscmake /v /n /o $@ $(OBJD)\testapi.sbr
+
+############################################### Install non-bit-size binaries.
+
+!IF "$(DETOURS_OPTION_PROCESSOR)" != ""
+
+$(OPTD)\trcapi$(DETOURS_OPTION_BITS).dll:
+$(OPTD)\trcapi$(DETOURS_OPTION_BITS).pdb:
+
+$(BIND)\trcapi$(DETOURS_OPTION_BITS).dll : $(OPTD)\trcapi$(DETOURS_OPTION_BITS).dll
+    @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR).
+$(BIND)\trcapi$(DETOURS_OPTION_BITS).pdb : $(OPTD)\trcapi$(DETOURS_OPTION_BITS).pdb
+    @if exist $? copy /y $? $(BIND) >nul && echo $@ copied from $(DETOURS_OPTION_PROCESSOR).
+
+option: \
+    $(BIND)\trcapi$(DETOURS_OPTION_BITS).dll \
+    $(BIND)\trcapi$(DETOURS_OPTION_BITS).pdb \
+
+!ELSE
+
+option:
+
+!ENDIF
+
+##############################################################################
+
+test: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(BIND)\sleepold.exe
+    @echo -------- Log from syelog -------------
+    type test.txt
+
+debug: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    windbg -o -g -G $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(BIND)\sleepold.exe
+    @echo -------- Log from syelog -------------
+    type test.txt
+
+calc: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /q /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(SYSTEMROOT)\System32\calc.exe
+    @echo -------- Log from syelog -------------
+    wc test.txt
+
+explorer: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /q /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(SYSTEMROOT)\explorer.exe
+    @echo -------- Log from syelog -------------
+    wc test.txt
+
+wordpad: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /q /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(PROGRAMFILES)\Windows NT\Accessories\wordpad.exe
+    @echo -------- Log from syelog -------------
+    wc test.txt
+
+notepad: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /q /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(SYSTEMROOT)\notepad.exe
+    @echo -------- Log from syelog -------------
+    wc test.txt
+
+ie: all
+    @echo -------- Logging output to test.txt ------------
+    start $(BIND)\syelogd.exe /q /o test.txt
+    $(BIND)\sleep5.exe 1
+    @echo -------- Should load trcapi$(DETOURS_BITS).dll dynamically using withdll.exe ------------
+    windbg -g -G -o $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll "$(PROGRAMFILES)\Internet Explorer\iexplore.exe"
+    @echo -------- Log from syelog -------------
+    wc test.txt
+
+ws: all
+    $(BIND)\withdll -d:$(BIND)\trcapi$(DETOURS_BITS).dll $(BIND)\WebServiceTester.exe
+
+################################################################# End of File.

ext/detours/samples/traceapi/testapi.cpp

@@ -0,0 +1,94 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Detours Test Program (testapi.cpp of testapi.exe)
+//
+//  Microsoft Research Detours Package
+//
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//
+#include "trcapi.cpp"
+
+#if (_MSC_VER < 1299)
+typedef ULONG * PULONG_PTR;
+typedef ULONG ULONG_PTR;
+typedef LONG * PLONG_PTR;
+typedef LONG LONG_PTR;
+#endif
+
+VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility)
+{
+    (void)pszIdentifier;
+    (void)nFacility;
+}
+
+VOID SyelogExV(BOOL fTerminate, BYTE nSeverity, PCSTR pszMsgf, va_list args)
+{
+    (void)fTerminate;
+
+    CHAR szBuffer[1024];
+    PCHAR psz = szBuffer;
+    BOOL fLf = FALSE;
+
+    StringCchPrintfA(psz, szBuffer + sizeof(szBuffer) - psz, "--.%02x: ", nSeverity);
+    while (*psz) {
+        psz++;
+    }
+
+    StringCchVPrintfA(psz, szBuffer + sizeof(szBuffer) - psz, pszMsgf, args);
+    for (psz = szBuffer; *psz; psz++) {
+        if (*psz == '\n') {
+            if (fLf) {
+                *psz = '\0';
+                break;
+            }
+            fLf = TRUE;
+        }
+    }
+    if (!fLf) {
+        *psz++ = '\n';
+        *psz = '\0';
+    }
+    printf("%s", szBuffer);
+    Real_OutputDebugStringA(szBuffer);
+}
+
+VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args)
+{
+    SyelogExV(FALSE, nSeverity, pszMsgf, args);
+}
+
+VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...)
+{
+    va_list args;
+    va_start(args, pszMsgf);
+    SyelogExV(FALSE, nSeverity, pszMsgf, args);
+    va_end(args);
+}
+
+VOID SyelogEx(BOOL fTerminate, BYTE nSeverity, PCSTR pszMsgf, ...)
+{
+    va_list args;
+    va_start(args, pszMsgf);
+    SyelogExV(fTerminate, nSeverity, pszMsgf, args);
+    va_end(args);
+}
+
+VOID SyelogClose(BOOL fTerminate)
+{
+    (void)fTerminate;
+}
+
+DWORD main(int argc, char **argv)
+{
+    (void)argc;
+    (void)argv;
+
+    printf("testapi: Starting\n");
+    ProcessAttach(NULL);
+    Sleep(100);
+    ProcessDetach(NULL);
+
+    return 0;
+}
+//
+//////////////////////////////////////////////////////////////////////////////

ext/detours/samples/traceapi/trcapi.cpp

@@ -0,0 +1,473 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Detours Test Program (trcapi.cpp of trcapi.dll)
+//
+//  Microsoft Research Detours Package
+//
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//
+#undef WIN32_LEAN_AND_MEAN
+#define _WIN32_WINNT        0x400
+#define WIN32
+#define NT
+#define _WINSOCK_DEPRECATED_NO_WARNINGS
+
+#define DBG_TRACE   0
+
+#if _MSC_VER >= 1300
+#include <winsock2.h>
+#endif
+#include <windows.h>
+#include <stdio.h>
+#pragma warning(push)
+#if _MSC_VER > 1400
+#pragma warning(disable:6102 6103) // /analyze warnings
+#endif
+#include <strsafe.h>
+#pragma warning(pop)
+#include "detours.h"
+#include "syelog.h"
+
+#if (_MSC_VER < 1299)
+#define LONG_PTR    LONG
+#define ULONG_PTR   ULONG
+#define PLONG_PTR   PLONG
+#define PULONG_PTR  PULONG
+#define INT_PTR     INT
+#define UINT_PTR    UINT
+#define PINT_PTR    PINT
+#define PUINT_PTR   PUINT
+#define DWORD_PTR   DWORD
+#define PDWORD_PTR  PDWORD
+#endif
+
+#pragma warning(disable:4996)   // We don't care about deprecated APIs.
+
+//////////////////////////////////////////////////////////////////////////////
+#pragma warning(disable:4127)   // Many of our asserts are constants.
+
+#define ASSERT_ALWAYS(x)   \
+    do {                                                        \
+    if (!(x)) {                                                 \
+            AssertMessage(#x, __FILE__, __LINE__);              \
+            DebugBreak();                                       \
+    }                                                           \
+    } while (0)
+
+#ifndef NDEBUG
+#define ASSERT(x)           ASSERT_ALWAYS(x)
+#else
+#define ASSERT(x)
+#endif
+
+#define UNUSED(c)    (c) = (c)
+
+//////////////////////////////////////////////////////////////////////////////
+static HMODULE s_hInst = NULL;
+static WCHAR s_wzDllPath[MAX_PATH];
+static CHAR s_szDllPath[MAX_PATH];
+
+BOOL ProcessEnumerate();
+BOOL InstanceEnumerate(HINSTANCE hInst);
+
+VOID _PrintEnter(const CHAR *psz, ...);
+VOID _PrintExit(const CHAR *psz, ...);
+VOID _Print(const CHAR *psz, ...);
+VOID _VPrint(PCSTR msg, va_list args, PCHAR pszBuf, LONG cbBuf);
+
+VOID AssertMessage(CONST PCHAR pszMsg, CONST PCHAR pszFile, ULONG nLine);
+
+//////////////////////////////////////////////////////////////////////////////
+//
+// Trampolines
+//
+extern "C" {
+    //  Trampolines for SYELOG library.
+    //
+    extern HANDLE (WINAPI *Real_CreateFileW)(LPCWSTR a0, DWORD a1, DWORD a2,
+                                             LPSECURITY_ATTRIBUTES a3, DWORD a4, DWORD a5,
+                                             HANDLE a6);
+    extern BOOL (WINAPI *Real_WriteFile)(HANDLE hFile,
+                                         LPCVOID lpBuffer,
+                                         DWORD nNumberOfBytesToWrite,
+                                         LPDWORD lpNumberOfBytesWritten,
+                                         LPOVERLAPPED lpOverlapped);
+    extern BOOL (WINAPI *Real_FlushFileBuffers)(HANDLE hFile);
+    extern BOOL (WINAPI *Real_CloseHandle)(HANDLE hObject);
+    extern BOOL (WINAPI *Real_WaitNamedPipeW)(LPCWSTR lpNamedPipeName, DWORD nTimeOut);
+    extern BOOL (WINAPI *Real_SetNamedPipeHandleState)(HANDLE hNamedPipe,
+                                                       LPDWORD lpMode,
+                                                       LPDWORD lpMaxCollectionCount,
+                                                       LPDWORD lpCollectDataTimeout);
+    extern DWORD (WINAPI *Real_GetCurrentProcessId)(VOID);
+    extern VOID (WINAPI *Real_GetSystemTimeAsFileTime)(LPFILETIME lpSystemTimeAsFileTime);
+
+    VOID ( WINAPI * Real_InitializeCriticalSection)(LPCRITICAL_SECTION lpSection)
+        = InitializeCriticalSection;
+    VOID ( WINAPI * Real_EnterCriticalSection)(LPCRITICAL_SECTION lpSection)
+        = EnterCriticalSection;
+    VOID ( WINAPI * Real_LeaveCriticalSection)(LPCRITICAL_SECTION lpSection)
+        = LeaveCriticalSection;
+}
+
+#include "_win32.cpp"
+
+////////////////////////////////////////////////////////////// Logging System.
+//
+static BOOL s_bLog = FALSE;
+static LONG s_nTlsIndent = -1;
+static LONG s_nTlsThread = -1;
+static LONG s_nThreadCnt = 0;
+
+VOID _PrintEnter(const CHAR *psz, ...)
+{
+    DWORD dwErr = GetLastError();
+
+    LONG nIndent = 0;
+    LONG nThread = 0;
+    if (s_nTlsIndent >= 0) {
+        nIndent = (LONG)(LONG_PTR)TlsGetValue(s_nTlsIndent);
+        TlsSetValue(s_nTlsIndent, (PVOID)(LONG_PTR)(nIndent + 1));
+    }
+    if (s_nTlsThread >= 0) {
+        nThread = (LONG)(LONG_PTR)TlsGetValue(s_nTlsThread);
+    }
+
+    if (s_bLog && psz) {
+        CHAR szBuf[1024];
+        PCHAR pszBuf = szBuf;
+        PCHAR pszEnd = szBuf + ARRAYSIZE(szBuf) - 1;
+        LONG nLen = (nIndent > 0) ? (nIndent < 35 ? nIndent * 2 : 70) : 0;
+        *pszBuf++ = (CHAR)('0' + ((nThread / 100) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 10) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 1) % 10));
+        *pszBuf++ = ' ';
+        while (nLen-- > 0) {
+            *pszBuf++ = ' ';
+        }
+        *pszBuf++ = '+';
+        *pszBuf = '\0';
+
+        va_list  args;
+        va_start(args, psz);
+
+        while ((*pszBuf++ = *psz++) != 0 && pszBuf < pszEnd) {
+            // Copy characters.
+        }
+        *pszEnd = '\0';
+        SyelogV(SYELOG_SEVERITY_INFORMATION, szBuf, args);
+
+        va_end(args);
+    }
+    SetLastError(dwErr);
+}
+
+VOID _PrintExit(const CHAR *psz, ...)
+{
+    DWORD dwErr = GetLastError();
+
+    LONG nIndent = 0;
+    LONG nThread = 0;
+    if (s_nTlsIndent >= 0) {
+        nIndent = (LONG)(LONG_PTR)TlsGetValue(s_nTlsIndent) - 1;
+        ASSERT_ALWAYS(nIndent >= 0);
+        TlsSetValue(s_nTlsIndent, (PVOID)(LONG_PTR)nIndent);
+    }
+    if (s_nTlsThread >= 0) {
+        nThread = (LONG)(LONG_PTR)TlsGetValue(s_nTlsThread);
+    }
+
+    if (s_bLog && psz) {
+        CHAR szBuf[1024];
+        PCHAR pszEnd = szBuf + ARRAYSIZE(szBuf) - 1;
+        PCHAR pszBuf = szBuf;
+        LONG nLen = (nIndent > 0) ? (nIndent < 35 ? nIndent * 2 : 70) : 0;
+        *pszBuf++ = (CHAR)('0' + ((nThread / 100) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 10) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 1) % 10));
+        *pszBuf++ = ' ';
+        while (nLen-- > 0) {
+            *pszBuf++ = ' ';
+        }
+        *pszBuf++ = '-';
+        *pszBuf = '\0';
+
+        va_list  args;
+        va_start(args, psz);
+
+        while ((*pszBuf++ = *psz++) != 0 && pszBuf < pszEnd) {
+            // Copy characters.
+        }
+        *pszEnd = '\0';
+        SyelogV(SYELOG_SEVERITY_INFORMATION, szBuf, args);
+
+        va_end(args);
+    }
+    SetLastError(dwErr);
+}
+
+VOID _Print(const CHAR *psz, ...)
+{
+    DWORD dwErr = GetLastError();
+
+    LONG nIndent = 0;
+    LONG nThread = 0;
+    if (s_nTlsIndent >= 0) {
+        nIndent = (LONG)(LONG_PTR)TlsGetValue(s_nTlsIndent);
+    }
+    if (s_nTlsThread >= 0) {
+        nThread = (LONG)(LONG_PTR)TlsGetValue(s_nTlsThread);
+    }
+
+    if (s_bLog && psz) {
+        CHAR szBuf[1024];
+        PCHAR pszEnd = szBuf + ARRAYSIZE(szBuf) - 1;
+        PCHAR pszBuf = szBuf;
+        LONG nLen = (nIndent > 0) ? (nIndent < 35 ? nIndent * 2 : 70) : 0;
+        *pszBuf++ = (CHAR)('0' + ((nThread / 100) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 10) % 10));
+        *pszBuf++ = (CHAR)('0' + ((nThread / 1) % 10));
+        *pszBuf++ = ' ';
+        while (nLen-- > 0) {
+            *pszBuf++ = ' ';
+        }
+        *pszBuf = '\0';
+
+        va_list  args;
+        va_start(args, psz);
+
+        while ((*pszBuf++ = *psz++) != 0 && pszBuf < pszEnd) {
+            // Copy characters.
+        }
+        *pszEnd = '\0';
+        SyelogV(SYELOG_SEVERITY_INFORMATION, szBuf, args);
+
+        va_end(args);
+    }
+    SetLastError(dwErr);
+}
+
+VOID AssertMessage(CONST PCHAR pszMsg, CONST PCHAR pszFile, ULONG nLine)
+{
+    Syelog(SYELOG_SEVERITY_FATAL,
+           "ASSERT(%s) failed in %s, line %d.\n", pszMsg, pszFile, nLine);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//
+PIMAGE_NT_HEADERS NtHeadersForInstance(HINSTANCE hInst)
+{
+    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hInst;
+    __try {
+        if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
+            SetLastError(ERROR_BAD_EXE_FORMAT);
+            return NULL;
+        }
+
+        PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader +
+                                                          pDosHeader->e_lfanew);
+        if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) {
+            SetLastError(ERROR_INVALID_EXE_SIGNATURE);
+            return NULL;
+        }
+        if (pNtHeader->FileHeader.SizeOfOptionalHeader == 0) {
+            SetLastError(ERROR_EXE_MARKED_INVALID);
+            return NULL;
+        }
+        return pNtHeader;
+    } __except(EXCEPTION_EXECUTE_HANDLER) {
+    }
+    SetLastError(ERROR_EXE_MARKED_INVALID);
+
+    return NULL;
+}
+
+BOOL InstanceEnumerate(HINSTANCE hInst)
+{
+    WCHAR wzDllName[MAX_PATH];
+
+    PIMAGE_NT_HEADERS pinh = NtHeadersForInstance(hInst);
+    if (pinh && Real_GetModuleFileNameW(hInst, wzDllName, ARRAYSIZE(wzDllName))) {
+        Syelog(SYELOG_SEVERITY_INFORMATION, "### %p: %ls\n", hInst, wzDllName);
+        return TRUE;
+    }
+    return FALSE;
+}
+
+BOOL ProcessEnumerate()
+{
+    Syelog(SYELOG_SEVERITY_INFORMATION,
+           "######################################################### Binaries\n");
+
+    PBYTE pbNext;
+    for (PBYTE pbRegion = (PBYTE)0x10000;; pbRegion = pbNext) {
+        MEMORY_BASIC_INFORMATION mbi;
+        ZeroMemory(&mbi, sizeof(mbi));
+
+        if (VirtualQuery((PVOID)pbRegion, &mbi, sizeof(mbi)) <= 0) {
+            break;
+        }
+        pbNext = (PBYTE)mbi.BaseAddress + mbi.RegionSize;
+
+        // Skip free regions, reserver regions, and guard pages.
+        //
+        if (mbi.State == MEM_FREE || mbi.State == MEM_RESERVE) {
+            continue;
+        }
+        if (mbi.Protect & PAGE_GUARD || mbi.Protect & PAGE_NOCACHE) {
+            continue;
+        }
+        if (mbi.Protect == PAGE_NOACCESS) {
+            continue;
+        }
+
+        // Skip over regions from the same allocation...
+        {
+            MEMORY_BASIC_INFORMATION mbiStep;
+
+            while (VirtualQuery((PVOID)pbNext, &mbiStep, sizeof(mbiStep)) > 0) {
+                if ((PBYTE)mbiStep.AllocationBase != pbRegion) {
+                    break;
+                }
+                pbNext = (PBYTE)mbiStep.BaseAddress + mbiStep.RegionSize;
+                mbi.Protect |= mbiStep.Protect;
+            }
+        }
+
+        WCHAR wzDllName[MAX_PATH];
+        PIMAGE_NT_HEADERS pinh = NtHeadersForInstance((HINSTANCE)pbRegion);
+
+        if (pinh &&
+            Real_GetModuleFileNameW((HINSTANCE)pbRegion,wzDllName,ARRAYSIZE(wzDllName))) {
+
+            Syelog(SYELOG_SEVERITY_INFORMATION,
+                   "### %p..%p: %ls\n", pbRegion, pbNext, wzDllName);
+        }
+        else {
+            Syelog(SYELOG_SEVERITY_INFORMATION,
+                   "### %p..%p: State=%04x, Protect=%08x\n",
+                   pbRegion, pbNext, mbi.State, mbi.Protect);
+        }
+    }
+    Syelog(SYELOG_SEVERITY_INFORMATION, "###\n");
+
+    LPVOID lpvEnv = Real_GetEnvironmentStrings();
+    Syelog(SYELOG_SEVERITY_INFORMATION, "### Env= %08x [%08x %08x]\n",
+           lpvEnv, ((PVOID*)lpvEnv)[0], ((PVOID*)lpvEnv)[1]);
+
+    return TRUE;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//
+// DLL module information
+//
+BOOL ThreadAttach(HMODULE hDll)
+{
+    (void)hDll;
+
+    if (s_nTlsIndent >= 0) {
+        TlsSetValue(s_nTlsIndent, (PVOID)0);
+    }
+    if (s_nTlsThread >= 0) {
+        LONG nThread = InterlockedIncrement(&s_nThreadCnt);
+        TlsSetValue(s_nTlsThread, (PVOID)(LONG_PTR)nThread);
+    }
+    return TRUE;
+}
+
+BOOL ThreadDetach(HMODULE hDll)
+{
+    (void)hDll;
+
+    if (s_nTlsIndent >= 0) {
+        TlsSetValue(s_nTlsIndent, (PVOID)0);
+    }
+    if (s_nTlsThread >= 0) {
+        TlsSetValue(s_nTlsThread, (PVOID)0);
+    }
+    return TRUE;
+}
+
+BOOL ProcessAttach(HMODULE hDll)
+{
+    s_bLog = FALSE;
+    s_nTlsIndent = TlsAlloc();
+    s_nTlsThread = TlsAlloc();
+    ThreadAttach(hDll);
+
+    WCHAR wzExeName[MAX_PATH];
+
+    s_hInst = hDll;
+    Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYSIZE(s_wzDllPath));
+    Real_GetModuleFileNameW(NULL, wzExeName, ARRAYSIZE(wzExeName));
+    StringCchPrintfA(s_szDllPath, ARRAYSIZE(s_szDllPath), "%ls", s_wzDllPath);
+
+    SyelogOpen("trcapi" DETOURS_STRINGIFY(DETOURS_BITS), SYELOG_FACILITY_APPLICATION);
+    ProcessEnumerate();
+
+    LONG error = AttachDetours();
+    if (error != NO_ERROR) {
+        Syelog(SYELOG_SEVERITY_FATAL, "### Error attaching detours: %d\n", error);
+    }
+
+    s_bLog = TRUE;
+    return TRUE;
+}
+
+BOOL ProcessDetach(HMODULE hDll)
+{
+    ThreadDetach(hDll);
+    s_bLog = FALSE;
+
+    LONG error = DetachDetours();
+    if (error != NO_ERROR) {
+        Syelog(SYELOG_SEVERITY_FATAL, "### Error detaching detours: %d\n", error);
+    }
+
+    Syelog(SYELOG_SEVERITY_NOTICE, "### Closing.\n");
+    SyelogClose(FALSE);
+
+    if (s_nTlsIndent >= 0) {
+        TlsFree(s_nTlsIndent);
+    }
+    if (s_nTlsThread >= 0) {
+        TlsFree(s_nTlsThread);
+    }
+    return TRUE;
+}
+
+BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved)
+{
+    (void)hModule;
+    (void)lpReserved;
+    BOOL ret;
+
+    if (DetourIsHelperProcess()) {
+        return TRUE;
+    }
+
+    switch (dwReason) {
+      case DLL_PROCESS_ATTACH:
+        DetourRestoreAfterWith();
+        OutputDebugStringA("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
+                           " DllMain DLL_PROCESS_ATTACH\n");
+        return ProcessAttach(hModule);
+      case DLL_PROCESS_DETACH:
+        ret = ProcessDetach(hModule);
+        OutputDebugStringA("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
+                           " DllMain DLL_PROCESS_DETACH\n");
+        return ret;
+      case DLL_THREAD_ATTACH:
+        OutputDebugStringA("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
+                           " DllMain DLL_THREAD_ATTACH\n");
+        return ThreadAttach(hModule);
+      case DLL_THREAD_DETACH:
+        OutputDebugStringA("trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
+                           " DllMain DLL_THREAD_DETACH\n");
+        return ThreadDetach(hModule);
+    }
+    return TRUE;
+}
+//
+///////////////////////////////////////////////////////////////// End of File.

ext/detours/samples/traceapi/trcapi.rc

@@ -0,0 +1,17 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Version information for trcapi.rc.
+//
+//  Microsoft Research Detours Package
+//
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//
+
+#include "detver.h"
+
+#define VER_INTERNALNAME_STR        "trcapi" DETOURS_STRINGIFY(DETOURS_BITS)
+#define VER_ORIGINALFILENAME_STR    "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll"
+#define VER_FILEDESCRIPTION_STR     "Detours Win32 API Tracing Module"
+#define VER_COMPANYNAME_STR         "Microsoft Corporation"
+
+#include "common.ver"