Deviare's Changelog
Changes on v2.7.5
Released in August 21, 2015
- Fixed compatibility issue with Windows 10
- Removed call to SetThreadName because causing issues when Deviare is used while debugging a C#/Xaml application
Changes on v2.7.4
Released in April 7, 2015
- Deviare is now open source under dual license GPL or Commercial.
- Fixed an api not found bug in CallCustomApi when the call succeeded.
- Fixed NktProcessMemory read when reading quad words.
Changes on v2.7.3
Released in October 16, 2014
- More documentation added.
- Fixed some api hook code generation.
- Checked Deviare against Windows 10 preview with success.
- Stack walk stops when the instruction pointer becomes invalid.
- Removed SendCustomMessage from INktHookCallInfoPlugin. Plugins should use the one from INktHookInfo.
- Removed CoInitialize(Ex) calls from all threads and switched to the implicit MTA apartment type.
Changes on v2.7.2
Released in early October 2014
- More documentation added.
- Now Deviare fully supports IE8 with or without custom plugins.
Changes on v2.7.1
Released in July 2014
- Fixed hooked process unloading hang when using C# plugins.
Known Issues
- C# plugins may not work if RegisterClass is hooked because CoInitialize(Ex) calls RegisterClass on STA and, at this
point, COM initialization in not complete yet. - Plugins may not work in IE8 unless executed with elevated privileges because of COM security model used by the app.
Changes on v2.7
Released in June 2014
- Added ApiMapSet v4 handling.
- Changed api's in hooking engine's threads suspender with ntdll counterparts.
- Fixed issue with x64 version of Microsoft Office products and installer.
- Added ntdll stubs creation from original code in order to bypass some third party hooks.
- Added 'DisableStackWalk' hook flag to disable stack info retrieval when a hooked function is called.
- Changed some opcode generator in jmp/call code relocator.
- Added CreateProcessWithToken.
Changes on v2.6.9
Released in February 2014
- Fixed some x64 opcode generator in code relocator.
- Fixed an infinite loop when agent is unloading.
- Added more compatibility patches when hooking ThinApp'ed applications.
- Added INktSpyMgr::UnloadAgent to force agent unloading in a hooked application.
- Fixed plugin detaching when unhooking a hook being in use.
- Added exception check to stack unwinding.
Changes on v2.6.7
Released in November 2013
- BREAKING CHANGE: INktSpyMgr::CreateProcess(WithLogon) will set continueEvent to NULL instead of 0 if 'suspended' parameter is FALSE or an error occurs.
- BREAKING CHANGE: OnLoadLibraryCall/OnFreeLibraryCall/OnCustomMessage events sends the direct VARIANT value instead of sending a ByRef/Variant that points to another variant. (Should not affect C# project because its 'object' handling).
- Fixed memory & handle leaks in some functions using the internal process handles manager.
- Fixed messages being sent between server/client before connection tasks were completed.
- Updated to latest SQLite version.
- Added configurable agent load timeout (default is 10 seconds).
Changes on v2.6.6
Released in September 2013
- Fixed batch hooking being splitted if a dll was loaded in the middle of the hooking process.
- Fixed loading of minimal databases with no modules associations included on them.
- Added OnCustomMessage event for handling custom messages.
- Fixed race hang when hooked process exits and a C# plugin was used.
- Fixed PDB scanning memory leak due to a mistake in DIA SDK documentation.
- Fixed custom handler loading in case function is not available in database.
- Fixed COM interface method retrieval.
- Fixed debug output reporting deadlock.
- When hooked process calls ExitProcess, agent tries to shutdown gracefully.
- Fixed module cache update when a library is loaded a datafile.
- Added more opcodes to the code relocator.
- Fixed handling when exception functions are hooked and some exception is raised inside another hooked function.
- Fixed race condition bigpacket handling and dispatch based on source thread id.
- Fixed LoadLibrary/FreeLibrary event raise that can cause deadlocks if loader lock was active.
- Added manual module/exports cache invalidation.
- Plugin threads can be ignored from global hooks.
- Added methods to INktHookCallInfo and INktHookCallInfoPlugin to store/retrieve custom data between Pre & Post calls.
- Fixed and updated trampoline's opcodes generation.
- Fixed sign-extension issue when passing pointers from 32-bit applications to 64-bit manager.
Changes on v2.6.5
Released in March 2013
- Now hooks can target only 32 or 64-bit processes if the corresponding hook flags are specified.
- Added a new interface INktPdbFunctionSymbol to retrieve function address from pdb's symbols.
- Changed INktSpyMgr::CreateHookForAddress method to mantain concistency with other hook creation methods.
- Now plugins can send a custom message to the server when processing a function call.
- Added optional GetFunctionCallbackName method to plugins in order to reroute OnFunctionCall callback to different methods.
- Fixed big packet message handling that caused overflows on certain situations.
- Fixed memory leak on COM objects not being fully released when internal counterpart object is released.
- INktParamsEnum now returns dummy params on invalid index.
- Fixed: INktParam returns TRUE in IsNullPointer if dummy param.
- Agent loader code fixed when needed api's cannot be found on target process.
- Fixed race condition in modules and exported functions enumeration from multiple threads.
- Fixed deadlock in INktSpyMgr final release while processing an event.
- Fixed agent attach into ThinApp virtualized applications.
- Fixed attached COM event handler retrieval after another handler is removed.
Changes on v2.6.4
Released in January 2013
- Minor changes in internal data when child processes are created from a hooked one.
- Added code to better handling of hooks of terminated processes.
- Added free threading marshaller to all objects to minimize thread context switches and speedup calls.
- Changed interface pointer marshalling system to avoid unusual deadlocks.
- Fixed a deadlock while adding custom parameters inside a plugin.
- Fixed a bug that causes the same C# plugin to be instatiated more than once in some situations.
Changes on v2.6.3
Released in December 2012
- Changed COM event firing implementation replacing ATL::IConnectionPointImpl to avoid rare deadlocks from appearing in STA threads.
- Fixed deadlock on connection being shutdown because of an error.
- Major change: stErrorNotEnoughMemory and stErrorNotFound redefined.
- DeviareCOM & DeviareCOM64 manifest files are now embedded into dlls.
- If LoadLibrary/FreeLibrary ared called while hooking is in progress, notifications will be sent asynchronously to avoid deadlocks.
- Fixed an issue when a library is loaded/unloaded into the hooked process while a connection is being established.
- Fixed CreateProcess injection code to allow .NET processes to be hooked upon startup.
Changes on v2.6.2
Released in November 2012
- Fixed issue while unhooking when the hooked function is being called from another thread.
- Fixed parameter value read/write in agent side.
- Added module enumerator cache to improve performance.
- Fixed hook removal state change being informed more than once in some situation.
- Improved module export cache handling and memory consumption.
- Fixed activation context not being activated in OnLoad custom plugin event.
- COM interface code redesigned to avoid circular references in internal objects.
- Fixed issue in which event callbacks attached to INktHook and INktProcess were not being fired.
- Added more functionallity INktHookCallInfoPlugin events.
- Fixed issues with INktParam's inside plugin execution.
- Plugin system redesigned to provide more information to the user.
- Added activation context management to agent module to enable RegFree COM usage in plugins.
- Fixed 32-bit -> 64-bit createprocess autohook bugs.
- Fixed other autohook bugs.
- Fixed INktHookEnum not adding/removing the AutoHook flag to each hook.
- Fixed minor issue in native custom plugins.
- Applied free thread marshalling to custom plugins to avoid invocations problems while inside
a SendMessage (RPC_E_CANTCALLOUT_ININPUTSYNCCALL). - Fixed integer parsing in C sample.
- Added GetFileNameFromHandle to the INktTools interface. Remember INktTools may throw exceptions.
- Now, in custom handlers, the "64" suffix is added/removed from the dll filename if hooks are
propagated from x64 processes to x86 and viceversa. - Also, if a relative path is specified in custom handler dll, it will use agent dll path as the base.
Changes on v2.5.0
Released in October 2012
- Improved message dispatcher (beta). Event delivery should be faster mainly in async ones.
- New hook flags. Now you can specify if a hook/custom handler is called when the loader lock is active.
- Fixed a race condition caused by GetModuleFileName returning ERROR_INVALID_HANDLE if the module is being unloaded.
- Fixed a bug on exported function enumerator causing a later access fault.
- IEnumVARIANT code rewritten.
- Code that links com objects and internal ones was rewritten to avoid some race conditions and circular references.
- INktSpy.ProcessHandle and INktProcess.Handle both returns duplicated handles that must be closed in order to mantain consistency between the two functions.
- Fixed an issue with target process' modules enumeration while the process is still initializing.
- Fixed an issue when agent is loaded while target process is initializing.
- Fixed a deadlock when SpyMgr process is shutting down.
- Added more checks in api unhooking to prevent crashes when agent is about to be unloaded.
- Added support for Windows 2000.
- Fixed other minor bugs.
Changes on v2.1.0
Released in August 2012
- Fixed process handle manager auto-referencing.
- Module enumerator now lists dll's loaded as datafile too.
- Changed product license manager.
- Fixed some param-checking bugs in Read/Write methods of ProcessMemory interface.
- Added interfaces that gives more process information.
- Added full api namespace support (BETA).
- Added multi-database merger application.
- Batch hooking and unhooking can be done with INktHooksEnumerator. This should be faster than individual hook/unhook.
- Dynamic link libraries loaded as datafile now are listed in the modules enumerator.
- Minor fixes applied.
Changes on v2.0.7
Released in August 2012
- Fixed issue when process handle is requested with a desired access of zero.
- Fixed fpu crash when a hooked function is called and fpu stack is not empty.
- Added initial namespace support to database.
- Changed internal "insertion point" algorithm.
- Added initial multi-hook-at-once support.
- Added registry key entry to optionally display debug output [HKLM\\Software\\Nektra\\Deviare2 => DebugLevelMask (REG_DWORD)].
Changes on v2.0.6
Released in June 2012
- VB demo which demonstrates Deviare events handling.
- VB and Python demo which demonstrates how to deny a process access to files through Deviare.
- Fixed COM event firing when the current thread is inside a STA apartment model.
- Fixed an issue when a function call is skipped by calling SkipCall method.
- Added "For Each" enumeration for languages like C#, VB and VBScript.
Changes on v2.0.5
Released in June 2012
- Feature: C# Console: Improved modules display method. Now UI keeps responsive while loading process modules.
- Fixed: C# Console: Selected process no longer changes when moved from one category to another after applying a hook.
- Fixed: C# Console: unhandled exception would occur when selecting a process after applying a hook.
- Fixed: C# Console: Other small fixes.
Changes on v2.0.4
Released in June 2012
- Feature: VBA and VBScript support.
- Feature: HookByAddress can now be associate to a function.
- Feature: Documentation added to the project (still beta).
- Feature: Database management code completely rewritten. Now it will load faster and consumes less memory.
- Feature: Database contains almost all functions of the Platform SDK.
- Fixed: Issues related to COM STA apartments used in vbscript.
- Fixed: an issue in routine that checks that no code is running inside agent while agent is being unloaded.
- Feature: Process' modules and threads scanning completely rewritten to avoid using the unstable toolhelp library.
- Fixed: Issue when a function is hooked more than once.
- Fixed: Message ordering transmitted between the engine and the agent.
- Feature: Added more special cases when building x64 hook trampoline.
- Fixed: Miscellaneous deadlock related issues.
- Feature: Added full support for hooking x32 processes using the x64 engine.
Changes on v2.0
Released in May 2012
- Feature: Complete new version of the Agent. It was re-coded to work on 64 bits environments.
- Feature: IPC changed to improve performance and to be able to intercept services, processes owned by other users and Internet Explorer running in Protected Mode.
- Feature: Complete x64 support.
- Feature: Use of Free COM to run without installation (and Administrative privileges).
- Feature: x32 interception from a x64 process.
- Feature: Interception of functions that are not in the database. You can intercept them but you cannot get / set parameter values.
- Feature: Return Value is in the database now.
- Feature: Deferred hook: If you want to intercept a module that is not loaded it will be hooked when it loads.
Changes on v1.1
Released in October 2011
- Fixed: Runs in W7 64 bits.
- Fixed: It doesn't require administrative privileges.
- Fixed: Lots of performance improvements.
- Fixed: DeviareCSharpExample performance improvement.
- Fixed: Lots of functions and types added to the database.
Changes on v1.0.1
Released in August 24th 2010
- Feature: ReportProcessCreation has a new option _create_process_hook_calling_process that report processes created from the calling process. Useful to debug application where you can set up the hooks and then execute a process to apply them.
- Feature: New console written in CSharp similar to C++ Console.
- Fix: When a typelib wasn't find in the registry, the DeviareDB was generating a exception.
- Fix: IStackTrace was dead-locking when a module from the attached modules was unloaded.
- Fix: When shutting down with lock attached, an assertion was triggered if the application didn't wait until all the hooks were removed.
- Fix: more basic types added to the variant map, some types like short unsigned int were treated as SAFEARRAY.
- Fix: on shutdown a dead-lock could occur when an event was in process when calling Shutdown.
- Fix: Array types were not working at all.
- Fix: Enumeration types didn't work, now they are treated as UINT.
- Fix: IMemory VirtualQueryEx size parameter was wrong and could generate a exception in the last VirtualProtectEx when restoring privileges.
- Feature: type's cache to make important speed improvements.
Changes on v0.9.4b
Released in May 2009
- Fix: Database Editor: fix improper offset set in parameters
- Fix: error handling calling convention in API Hooks
- CreateSpyMgr API no longer calls CoCreateInstance. This allows use of Deviare.dll w/o registration
Changes on v0.9.3b
Released in February 2009
- Fix: duplicated IIDs
- Fix: deadlock on process creation
- Added Python example and wrappers
Changes on v0.9.2b
Released in December 2008
- Fix: error handling WORD parameters that caused crash in functions like InternetConect, HttpOpenRequest, and others form wininet.dll.
Changes on v0.9.1b
Released in December 2008
- Added the source code of the Deviare COM Console.
- Added a sample add-in (with code) for hooking Outlook objects.
- Added a property to try & install hooks immediately.
- Deviare COM Objects are now registered as Free Apartment
Changes on 0.9.0b
Released in November 2008
- Deviare is now a proper COM Library. It must be registered, and Classes can be created by traditional Component instantiation methods such as CreateObject & CocreateInstance.
- Removed TLBs and .NET bindings. Languages like C#, VB and Python can use automated wrappers for COM Objects.
- Hooks may now be installed immediately during the call of a function, allowing the use of contextual values.
- Added method to list attached processes from any hook.
- Fix: missing reports from process creations.
- Fix: .NET deadlock due to garbage collection.
- Minor fixes and performance improved in multithreaded environments.
- IStackTrace interface lets you inspect the stack trace in a call.
- New COM support:
- Added experimental COM support. Intercept and monitor COM Components (see DeviareComConsole).
- Added Interface and Events to monitor certain process activities (IMonitor).
Changes on 0.8.3b
Released in June 2008
- New IStackTrace interface lets you inspect the stack trace in a call.
- New function IParam.CastTo lets you modify the way a parameter is interpreted.
- Fix: leaks in the GetLogonSID and other functions.
- Corrected the C++ Deviare Console project which had wrong import paths.
- The C++ Deviare Console now shows the parameters' names in the output.
- The C++ Deviare Console now identifies GUIDs from COM objects (IIDs, CLSIDs, etc.) on parameters and adds their name in the output.
Changes on 0.8.2b
Released in February 2008
- General fixes and overall performance improved.
- New IProcess->RawMemory function: Lets you read and write the memory of any process.
- New modules in database: inet functions and some ntdll functions.
- Editor included in the package: You can now add DLLs and functions to the type database, and hook any function.
Changes on 0.8.1b
Released in December 2007
- Many general and stability fixes.
- Performance greatly improved.
- Fixed: callInfo.ReturnValue function.
v0.7.0b
Released in July 2007
- Code Interception Library released.
- Deviare API allows to hook many processes from your application without having to use Inter-process communication (IPC) code.
- It can be used in COM, C++, VB and .NET.