feat: veh hook

Author: std-microblock

include/blook/hook.h

@@ -82,13 +82,15 @@ class InlineHook {
 
 class VEHHookManager {
 public:
-  struct VEHHookContext {};
+  struct VEHHookContext {
+    _EXCEPTION_POINTERS *exception_info;
+  };
   using BreakpointCallback = std::function<void(VEHHookContext &ctx)>;
 
   struct HardwareBreakpoint {
     void *address = nullptr;
     short dr_index = -1;
-    int size = 0;
+    int size = 1;
     HwBp::When when = HwBp::When::Executed;
   };
 
@@ -105,8 +107,7 @@ class VEHHookManager {
   struct HardwareBreakpointInformation {
     HardwareBreakpoint bp;
     BreakpointCallback callback;
-    void *trampoline_address = nullptr;
-    size_t trampoline_size = 0;
+    Trampoline trampoline;
   };
 
   static VEHHookManager &instance() {
@@ -128,11 +129,11 @@ class VEHHookManager {
   VEHHookHandler add_breakpoint(PagefaultBreakpoint bp,
                                 BreakpointCallback callback);
   void remove_breakpoint(const VEHHookHandler &handler);
-
-private:
+  
   std::array<std::optional<HardwareBreakpointInformation>, 4> hw_breakpoints;
-
   void sync_hw_breakpoints();
+private:
+
   VEHHookManager() {}
 };
 } // namespace blook

src/hook.cpp

@@ -120,9 +120,47 @@ Trampoline Trampoline::make(Pointer pCode, size_t minByteSize,
   return t;
 }
 
+static LONG blook_VectoredExceptionHandler(_EXCEPTION_POINTERS *ExceptionInfo) {
+  auto &manager = blook::VEHHookManager::instance();
+  auto code = ExceptionInfo->ExceptionRecord->ExceptionCode;
+  auto address = ExceptionInfo->ExceptionRecord->ExceptionAddress;
+  if (code == EXCEPTION_SINGLE_STEP) {
+    for (const auto &bp : manager.hw_breakpoints) {
+      if (bp.has_value() && bp->bp.address == address) {
+        if (bp->callback) {
+          size_t origRip = ExceptionInfo->ContextRecord->Rip;
+          VEHHookManager::VEHHookContext ctx(ExceptionInfo);
+          bp->callback(ctx);
+          if (ExceptionInfo->ContextRecord->Rip == origRip) {
+            // If the callback didn't change the RIP, jump to trampoline
+            ExceptionInfo->ContextRecord->Rip =
+                (size_t)bp->trampoline.pTrampoline.data();
+          }
+        }
+      }
+    }
+    return EXCEPTION_CONTINUE_EXECUTION;
+  } else if (code == EXCEPTION_BREAKPOINT) {
+    // Handle software breakpoints here if needed
+  } else if (code == EXCEPTION_ACCESS_VIOLATION) {
+    // Handle pagefault breakpoints here if needed
+  }
+
+  return EXCEPTION_CONTINUE_SEARCH;
+}
+
+void ensureVectoredExceptionHandler() {
+  static bool handler_installed = false;
+  if (!handler_installed) {
+    AddVectoredExceptionHandler(1, blook_VectoredExceptionHandler);
+    handler_installed = true;
+  }
+}
+
 VEHHookManager::VEHHookHandler
 VEHHookManager::add_breakpoint(HardwareBreakpoint bp,
                                BreakpointCallback callback) {
+  ensureVectoredExceptionHandler();
   if (bp.dr_index == -1) {
     for (int i = 0; i < 4; ++i) {
       if (!hw_breakpoints[i].has_value()) {
@@ -144,12 +182,9 @@ VEHHookManager::add_breakpoint(HardwareBreakpoint bp,
   hw_breakpoints[bp.dr_index] = {
       .bp = bp,
       .callback = callback,
-      .trampoline_address = nullptr,
-      .trampoline_size = 0,
+      .trampoline = Trampoline::make(bp.address, bp.size, true),
   };
 
-  // allocate trampoline
-
   sync_hw_breakpoints();
   return HardwareBreakpointHandler{bp.dr_index};
 }
@@ -178,17 +213,23 @@ void VEHHookManager::remove_breakpoint(const VEHHookHandler &handler) {
 void VEHHookManager::sync_hw_breakpoints() {
   auto threads = Process::self()->threads();
   for (const auto &thread : threads) {
-    for (auto &bp : hw_breakpoints) {
+    for (int i = 0; i < 4; ++i) {
+      auto &bp = hw_breakpoints[i];
       if (bp.has_value()) {
-        HwBp::Set(bp->bp.address, bp->bp.size, bp->bp.when, bp->bp.dr_index,
-                  OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
-                                 THREAD_SUSPEND_RESUME,
-                             false, thread.id));
+        if (auto res = HwBp::Set(
+                bp->bp.address, bp->bp.size, bp->bp.when, bp->bp.dr_index,
+                OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
+                               THREAD_SUSPEND_RESUME,
+                           false, thread.id));
+            res.m_error != HwBp::Result::Success) {
+          std::println(
+              "Failed to set hardware breakpoint on DR{} for thread ID {}: {}",
+              bp->bp.dr_index, thread.id, (int)res.m_error);
+        }
       } else {
-        HwBp::Remove(bp->bp.dr_index,
-                     OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
-                                    THREAD_SUSPEND_RESUME,
-                                false, thread.id));
+        HwBp::Remove(i, OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT |
+                                       THREAD_SUSPEND_RESUME,
+                                   false, thread.id));
       }
     }
   }

src/tests/test_windows.cpp

@@ -254,21 +254,128 @@ TEST(BlookModuleTests, ExportParsing) {
   EXPECT_EQ(exported_func->data<void *>(), (void *)&f_test_exports);
 }
 
-class VEHHookTest : public ::testing::Test {
-protected:
-  std::shared_ptr<blook::InlineHook> hook_AplusB;
-  std::shared_ptr<blook::InlineHook> hook_GetTickCount;
+#pragma optimize("", off)
+int veh_test_target_func(int a, int b) { return a * b + 42; }
+int veh_test_target_func2(int a, int b) { return a * b + 423; }
+int veh_test_target_func3(int a, int b) { return a * b + 412; }
+int veh_test_target_func4(int a, int b) { return a * b + 426; }
+#pragma optimize("", on)
 
-  void TearDown() override {
+TEST(VEHHookTest, HookFunction) {
+  bool called = false;
+  auto handler = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) { called = true; });
 
-    if (hook_AplusB && hook_AplusB->is_installed()) {
-      hook_AplusB->uninstall();
-    }
-    if (hook_GetTickCount && hook_GetTickCount->is_installed()) {
-      hook_GetTickCount->uninstall();
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler));
+
+  veh_test_target_func(3, 5);
+
+  ASSERT_TRUE(called);
+
+  blook::VEHHookManager::instance().remove_breakpoint(handler);
+
+  auto result = veh_test_target_func(2, 4);
+  EXPECT_EQ(result, 2 * 4 + 42);
+}
+
+TEST(VEHHookTest, HookFunctionInAnotherThread) {
+  bool called = false;
+  auto handler = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) {
+        called = true;
+        ExitThread(0);
+      });
+
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler));
+
+  std::thread t([]() {
+    while (true) {
+      veh_test_target_func(7, 8);
     }
-  }
-};
+  });
+  blook::VEHHookManager::instance().sync_hw_breakpoints();
+  t.join();
+
+  ASSERT_TRUE(called);
+
+  blook::VEHHookManager::instance().remove_breakpoint(handler);
+}
+
+TEST(VEHHookTest, HookMultipleFunctions) {
+  bool called1 = false;
+  bool called2 = false;
+  bool called3 = false;
+  bool called4 = false;
+
+  auto handler1 = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) { called1 = true; });
+
+  auto handler2 = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func2},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) { called2 = true; });
+
+  auto handler3 = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func3},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) { called3 = true; });
+
+  auto handler4 = blook::VEHHookManager::instance().add_breakpoint(
+      blook::VEHHookManager::HardwareBreakpoint{
+          .address = (void *)veh_test_target_func4},
+      [&](blook::VEHHookManager::VEHHookContext &ctx) { called4 = true; });
+
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler1));
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler2));
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler3));
+  ASSERT_TRUE(
+      std::holds_alternative<blook::VEHHookManager::HardwareBreakpointHandler>(
+          handler4));
+
+  veh_test_target_func(3, 5);
+  veh_test_target_func2(6, 7);
+  veh_test_target_func3(8, 9);
+  veh_test_target_func4(10, 11);
+
+  ASSERT_TRUE(called1);
+  ASSERT_TRUE(called2);
+  ASSERT_TRUE(called3);
+  ASSERT_TRUE(called4);
+
+  blook::VEHHookManager::instance().remove_breakpoint(handler1);
+  blook::VEHHookManager::instance().remove_breakpoint(handler2);
+  blook::VEHHookManager::instance().remove_breakpoint(handler3);
+  blook::VEHHookManager::instance().remove_breakpoint(handler4);
+  called1 = called2 = called3 = called4 = false;
+  veh_test_target_func(2, 4);
+  veh_test_target_func2(3, 5);
+  veh_test_target_func3(4, 6);
+  veh_test_target_func4(5, 7);
+  EXPECT_EQ(veh_test_target_func(2, 4), 2 * 4 + 42);
+  EXPECT_EQ(veh_test_target_func2(3, 5), 3 * 5 + 423);
+  EXPECT_EQ(veh_test_target_func3(4, 6), 4 * 6 + 412);
+  EXPECT_EQ(veh_test_target_func4(5, 7), 5 * 7 + 426);
+  ASSERT_FALSE(called1);
+  ASSERT_FALSE(called2);
+  ASSERT_FALSE(called3);
+  ASSERT_FALSE(called4);
+}
 
 int main(int argc, char **argv) {
   ::testing::InitGoogleTest(&argc, argv);

xmake.lua

@@ -12,7 +12,7 @@ add_requires("zasm 2025.03.02", "gtest")
 
 target("blook")
     set_kind("static")
-    add_files("src/*.cpp")
+    add_files("src/*.cpp", "src/**/*.cc")
     add_defines("WIN32_LEAN_AND_MEAN", "NOMINMAX")
     if is_plat("windows") then
         add_files("src/platform/windows/*.cpp")