added detour binaries

src/defender-control.sln

@@ -5,6 +5,8 @@ VisualStudioVersion = 16.0.31229.75
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "defender-control", "defender-control\defender-control.vcxproj", "{7C2C0AEC-7B9D-4104-99FA-1844D609452C}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dumper", "dumper\dumper.vcxproj", "{089CA7D6-3277-4998-86AF-F6413290A442}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|x64 = Debug|x64
@@ -21,6 +23,14 @@ Global
 		{7C2C0AEC-7B9D-4104-99FA-1844D609452C}.Release|x64.Build.0 = Release|x64
 		{7C2C0AEC-7B9D-4104-99FA-1844D609452C}.Release|x86.ActiveCfg = Release|Win32
 		{7C2C0AEC-7B9D-4104-99FA-1844D609452C}.Release|x86.Build.0 = Release|Win32
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Debug|x64.ActiveCfg = Debug|x64
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Debug|x64.Build.0 = Debug|x64
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Debug|x86.ActiveCfg = Debug|Win32
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Debug|x86.Build.0 = Debug|Win32
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Release|x64.ActiveCfg = Release|x64
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Release|x64.Build.0 = Release|x64
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Release|x86.ActiveCfg = Release|Win32
+		{089CA7D6-3277-4998-86AF-F6413290A442}.Release|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

src/defender-control/defender-control.vcxproj

@@ -81,6 +81,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <IntDir>$(Platform)\$(Configuration)</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>

src/detour/include/detver.h

@@ -0,0 +1,27 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Common version parameters.
+//
+//  Microsoft Research Detours Package, Version 4.0.1
+//
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//
+
+#define _USING_V110_SDK71_ 1
+#include "winver.h"
+#if 0
+#include <windows.h>
+#include <detours.h>
+#else
+#ifndef DETOURS_STRINGIFY
+#define DETOURS_STRINGIFY_(x)    #x
+#define DETOURS_STRINGIFY(x)    DETOURS_STRINGIFY_(x)
+#endif
+
+#define VER_FILEFLAGSMASK   0x3fL
+#define VER_FILEFLAGS       0x0L
+#define VER_FILEOS          0x00040004L
+#define VER_FILETYPE        0x00000002L
+#define VER_FILESUBTYPE     0x00000000L
+#endif
+#define VER_DETOURS_BITS    DETOURS_STRINGIFY(DETOURS_BITS)

src/detour/include/syelog.h

@@ -0,0 +1,89 @@
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Detours Test Program (syelog.h of syelog.lib)
+//
+//  Microsoft Research Detours Package
+//
+//  Copyright (c) Microsoft Corporation.  All rights reserved.
+//
+#pragma once
+#ifndef _SYELOGD_H_
+#define _SYELOGD_H_
+#include <stdarg.h>
+
+#pragma pack(push, 1)
+#pragma warning(push)
+#pragma warning(disable: 4200)
+
+//////////////////////////////////////////////////////////////////////////////
+//
+//
+#define SYELOG_PIPE_NAMEA       "\\\\.\\pipe\\syelog"
+#define SYELOG_PIPE_NAMEW       L"\\\\.\\pipe\\syelog"
+#ifdef UNICODE
+#define SYELOG_PIPE_NAME        SYELOG_PIPE_NAMEW
+#else
+#define SYELOG_PIPE_NAME        SYELOG_PIPE_NAMEA
+#endif
+
+//////////////////////////////////////////////////////////////////////////////
+//
+#define SYELOG_MAXIMUM_MESSAGE  4086    // 4096 - sizeof(header stuff)
+
+typedef struct _SYELOG_MESSAGE
+{
+    USHORT      nBytes;
+    BYTE        nFacility;
+    BYTE        nSeverity;
+    DWORD       nProcessId;
+    FILETIME    ftOccurance;
+    BOOL        fTerminate;
+    CHAR        szMessage[SYELOG_MAXIMUM_MESSAGE];
+} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
+
+
+// Facility Codes.
+//
+#define SYELOG_FACILITY_KERNEL          0x10            // OS Kernel
+#define SYELOG_FACILITY_SECURITY        0x20            // OS Security
+#define SYELOG_FACILITY_LOGGING         0x30            // OS Logging-internal
+#define SYELOG_FACILITY_SERVICE         0x40            // User-mode system daemon
+#define SYELOG_FACILITY_APPLICATION     0x50            // User-mode application
+#define SYELOG_FACILITY_USER            0x60            // User self-generated.
+#define SYELOG_FACILITY_LOCAL0          0x70            // Locally defined.
+#define SYELOG_FACILITY_LOCAL1          0x71            // Locally defined.
+#define SYELOG_FACILITY_LOCAL2          0x72            // Locally defined.
+#define SYELOG_FACILITY_LOCAL3          0x73            // Locally defined.
+#define SYELOG_FACILITY_LOCAL4          0x74            // Locally defined.
+#define SYELOG_FACILITY_LOCAL5          0x75            // Locally defined.
+#define SYELOG_FACILITY_LOCAL6          0x76            // Locally defined.
+#define SYELOG_FACILITY_LOCAL7          0x77            // Locally defined.
+#define SYELOG_FACILITY_LOCAL8          0x78            // Locally defined.
+#define SYELOG_FACILITY_LOCAL9          0x79            // Locally defined.
+
+// Severity Codes.
+//
+#define SYELOG_SEVERITY_FATAL           0x00            // System is dead.
+#define SYELOG_SEVERITY_ALERT           0x10            // Take action immediately.
+#define SYELOG_SEVERITY_CRITICAL        0x20            // Critical condition.
+#define SYELOG_SEVERITY_ERROR           0x30            // Error
+#define SYELOG_SEVERITY_WARNING         0x40            // Warning
+#define SYELOG_SEVERITY_NOTICE          0x50            // Significant condition.
+#define SYELOG_SEVERITY_INFORMATION     0x60            // Informational
+#define SYELOG_SEVERITY_AUDIT_FAIL      0x66            // Audit Failed
+#define SYELOG_SEVERITY_AUDIT_PASS      0x67            // Audit Succeeeded
+#define SYELOG_SEVERITY_DEBUG           0x70            // Debugging
+
+// Logging Functions.
+//
+VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
+VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
+VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
+VOID SyelogClose(BOOL fTerminate);
+
+#pragma warning(pop)
+#pragma pack(pop)
+
+#endif //  _SYELOGD_H_
+//
+///////////////////////////////////////////////////////////////// End of File.

src/dumper/dllmain.cpp

@@ -10,19 +10,36 @@
 
 #include "pch.h"
 
-BOOL APIENTRY DllMain( HMODULE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-                     )
+void perf_hook()
 {
-    switch (ul_reason_for_call)
-    {
-    case DLL_PROCESS_ATTACH:
-    case DLL_THREAD_ATTACH:
-    case DLL_THREAD_DETACH:
-    case DLL_PROCESS_DETACH:
-        break;
-    }
-    return TRUE;
+
+}	
+
+void thread_main()
+{
+	// setup console
+	//
+	AllocConsole();
+	freopen("CONIN$", "r", stdin);
+	freopen("CONOUT$", "w", stdout);
+	freopen("CONOUT$", "w", stderr);
+	SetConsoleTitleA("Log");
+}
+
+BOOL APIENTRY DllMain(HMODULE hModule,
+	DWORD  ul_reason_for_call,
+	LPVOID lpReserved
+)
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+		CreateThread(0, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(thread_main), 0, 0, 0);
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+	case DLL_PROCESS_DETACH:
+		break;
+	}
+	return TRUE;
 }
 

src/dumper/dumper.vcxproj

@@ -81,6 +81,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <IntDir>$(Platform)\$(Configuration)</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>

src/dumper/pch.h

@@ -7,7 +7,11 @@
 #ifndef PCH_H
 #define PCH_H
 
-// add headers that you want to pre-compile here
-#include "framework.h"
+#include <iostream>
+#include <Windows.h>
+#include <Psapi.h>
+
+//#include <detours.h>
+//#pragma comment(lib, "detours.lib")
 
 #endif //PCH_H