From df52dd869a40141ec3b14da52c2928e4a5c95459 Mon Sep 17 00:00:00 2001
From: FunkyFr3sh <cc.red.alert.1@googlemail.com>
Date: Mon, 23 Oct 2023 12:16:44 +0200
Subject: [PATCH] improve IAT hook performance

---
 inc/hook.h | 10 +++++++++-
 src/hook.c | 17 ++++++++++++-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/inc/hook.h b/inc/hook.h
index ed453fc..6ebb33b 100644
--- a/inc/hook.h
+++ b/inc/hook.h
@@ -8,7 +8,15 @@
 #define HOOK_SKIP_2 0x00000001l
 #define HOOK_LOCAL_ONLY 0x00000002l
 
-typedef struct HOOKLISTDATA { char function_name[32]; PROC new_function; PROC* function; DWORD flags; } HOOKLISTDATA;
+typedef struct HOOKLISTDATA { 
+    char function_name[32]; 
+    PROC new_function; 
+    PROC* function; 
+    DWORD flags; 
+    PROC org_function; 
+    HMODULE mod;
+} HOOKLISTDATA;
+
 typedef struct HOOKLIST { char module_name[32]; HOOKLISTDATA data[30]; } HOOKLIST;
 
 typedef BOOL(WINAPI* GETCURSORPOSPROC)(LPPOINT);
diff --git a/src/hook.c b/src/hook.c
index b6a7a6a..5b2500b 100644
--- a/src/hook.c
+++ b/src/hook.c
@@ -209,10 +209,17 @@ void hook_patch_obfuscated_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks,
                     {
                         for (int x = 0; hooks[i].data[x].function_name[0]; x++)
                         {
-                            DWORD org_function =
-                                (DWORD)real_GetProcAddress(
-                                    cur_mod,
-                                    hooks[i].data[x].function_name);
+                            /* GetProcAddress is slow, save the pointer and reuse it for better performance */
+                            DWORD org_function = (DWORD)InterlockedExchangeAdd((LONG*)&hooks[i].data[x].org_function, 0);
+
+                            if (!org_function || cur_mod != hooks[i].data[x].mod)
+                            {
+                                hooks[i].data[x].mod = cur_mod;
+
+                                org_function = (DWORD)real_GetProcAddress(cur_mod, hooks[i].data[x].function_name);
+
+                                InterlockedExchange((LONG*)&hooks[i].data[x].org_function, (LONG)org_function);
+                            }
 
                             if (!hooks[i].data[x].new_function || !org_function)
                                 continue;
@@ -357,7 +364,7 @@ void hook_patch_iat_list(HMODULE hmod, BOOL unhook, HOOKLIST* hooks, BOOL is_loc
                                         {
                                             DWORD org =
                                                 (DWORD)real_GetProcAddress(
-                                                    GetModuleHandle(hooks[i].module_name),
+                                                    GetModuleHandleA(hooks[i].module_name),
                                                     hooks[i].data[x].function_name);
 
                                             if (org && first_thunk->u1.Function != org)