#include <windows.h> 
#include <detours.h> 
#include <stdio.h> 


NTSTATUS ( WINAPI * Real_RtlOemStringToUnicodeString)(HDC a0, 
UNICODE_STRING*   a1, 
OEM_STRING*   a2, 
BOOLEAN   a3) 
=  RtlOemStringToUnicodeString; 

NTSTATUS WINAPI Mine_RtlOemStringToUnicodeString(HDC a0, 
UNICODE_STRING*   a1, 
OEM_STRING*   a2, 
BOOLEAN   a3) 
{ 
FILE *file; 
file = fopen("C:\\a.txt","a+"); 
fprintf(file, "RtlOemStringToUnicodeString(%p,%p,%p,%ls,%p)\n", a0, a1, a2, a3); 

NTSTATUS rv; 
__try { 
rv = Real_RtlOemStringToUnicodeString2(a0, a1, a2, a3); 
} __finally { 
fprintf(file, "RtlOemStringToUnicodeString(,,,,) -> %p\n", rv); 
}; 
fclose(file); 
return rv; 
} 

VOID NullExport() 
{ 
} 

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 
{ 
if (dwReason == DLL_PROCESS_ATTACH) { 
printf("simple.dll: Starting.\n"); 
DetourTransactionBegin(); 
DetourUpdateThread(GetCurrentThread()); 
DetourAttach(&(PVOID&)Real_RtlOemStringToUnicodeString, Mine_RtlOemStringToUnicodeString); 
DetourTransactionCommit(); 
} 
else if (dwReason == DLL_PROCESS_DETACH) { 
DetourTransactionBegin(); 
DetourUpdateThread(GetCurrentThread()); 
DetourDetach(&(PVOID&)Real_RtlOemStringToUnicodeString, Mine_RtlOemStringToUnicodeString); 
DetourTransactionCommit(); 
} 
return TRUE; 
}