The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Win32-Monitoring-DLLInject-0.06
River stage zero No dependents
++
/ Win32::Monitoring::DLLInject

NAME

Win32::Monitoring::DLLInject - Injects code into Win32 programs to overload functions

SYNOPSIS

  use Win32::Monitoring::DLLInject qw(new UnHook StatMailslot GetMessage);

  my $handle = new Win32::Monitoring::DLLInject($process_id, $dll_path);

  while(1){
        sleep(1);
        my $msg_cnt = $handle->StatMailSlot();

        for (my $i = 0; $i < $msg_cnt; $i++) {
           print $handle->GetMessage(), "\n";
        }

  }
  $handle->UnHook();

DESCRIPTION

The Win32::Monitoring::DLLInject module provides a mechanism allowing a Perl program to inject (self written) code into a running Windows program or a DLL. This functionality can be used for patching or instrumenting code.

Additionally, a communication channel using a Windows mailslot is set up. This channel can be used for sending information, e.g. status information or time measurements, back to the Perl application that injected the code.

As a bonus, we provide an example for a DLL implementation that allows for adding time measuring to any Win32 application without requiring further modules.

$handle = new($dll_path,$process_id)

Returns an handle to the Win32::Monitoring::DLLInject object which represents the overloaded (hooked) program.

$handle->StatMailSlot()

Returns the number of messages in the internal message store (mailslot).

$handle->GetMessage()

Returns the content of the first message in the message store.

$handle->Unhook()

Removes the injected code from the program and restores the original function.

EXAMPLE

  #! perl

  use Win32::OLE;
  use Win32::Monitoring::DLLInject;
  use Data::Dumper;

  my $WshShell = Win32::OLE->new("WScript.Shell");
  $WshShell->Run("notepad", 5);

  sleep(1);

  my %processes;

  for my $line (`tasklist /v /nh`) {
     chomp($line);
     if ( $line ne "" ) {
        my $pid = substr($line, 26, 8);  # extract PID
        $pid =~ s/^ *([0-9]+)$/$1/g;     # remove leading spaces

        my $proc = substr($line, 0, 24); # extract process
        $proc =~ s/\s\s\s*/ /g;          # change multiple spaces to single spaces
        $proc =~ s/\s$//g;               # remove trailing space
        $proc =~ s/ N\/A$//g;            # remove trailing N/A

        $processes{$proc} = $pid;
      }
  }

  my $P = Win32::Monitoring::DLLInject->new($processes{'notepad.exe'},'Y:\\perl\\Win32-Monitoring-DLLInject\\HookedFunctions.dll');

  print Dumper($P);

  while(1)
  {
       sleep(1);
       my $msg_cnt = $P->StatMailSlot();
       for (my $i = 0; $i < $msg_cnt; $i++) {
           print $P->GetMessage(), "\n";
       }
  }

SEE ALSO

Webpage: <http://oss.oetiker.ch/optools/>

COPYRIGHT

Copyright (c) 2008, 2009 by OETIKER+PARTNER AG. All rights reserved.

LICENSE

Win32::Monitoring::DLLInject is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Win32::Monitoring::DLLInject is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Win32::Monitoring::WindowPing. If not, see <http://www.gnu.org/licenses/>.

AUTHORS

Roman Plessl, Tobi Oetiker