gistfile1.txt

#ifdef _X86_
#pragma warning(disable: 4483) // Allow use of __identifier
#define __imp_OpenEventW __identifier("_imp__OpenEventW")
#define __imp_OpenMutexW __identifier("_imp__OpenMutexW")
#endif

struct funcRef {
	PCSTR funcName;
	LONG numCalls;
};

funcRef funcStats[];

void FUNC_CALLED(PCSTR funcName, ULONG index)
{
	funcStats[index].funcName = funcName;
	InterlockedIncrementNoFence(&funcStats[index].numCalls);
}

///////////////////////////////////////////////////////////////////////////////////////////////////////
// OpenEventW

EXTERN_C extern PVOID __imp_OpenEventW;

HANDLE WINAPI hook_OpenEventW(_In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ PCWSTR lpName)
{
	FUNC_CALLED(__FUNCTION__, __COUNTER__);

	return OpenEventW(dwDesiredAccess, bInheritHandle, lpName);
}

///////////////////////////////////////////////////////////////////////////////////////////////////////
// OpenMutexW

EXTERN_C extern PVOID __imp_OpenMutexW;

HANDLE WINAPI hook_OpenMutexW(_In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ PCWSTR lpName)
{
	FUNC_CALLED(__FUNCTION__, __COUNTER__);

	return OpenMutexW(dwDesiredAccess, bInheritHandle, lpName);
}

const ULONG NUM_DETOURS = __COUNTER__;

funcRef funcStats[NUM_DETOURS];

#define hook(fn) DetourAttach(&__imp_##fn, hook_##fn)

NTSTATUS TrInit(PVOID ImageBase = &__ImageBase)
{
	ULONG op, size;
	if (PVOID pIAT = RtlImageDirectoryEntryToData(ImageBase, TRUE, IMAGE_DIRECTORY_ENTRY_IAT, &size))
	{
		SIZE_T ProtectSize = size;

		return ZwProtectVirtualMemory(NtCurrentProcess(), &pIAT, &ProtectSize, PAGE_READWRITE, &op);
	}

	return STATUS_NOT_FOUND;
}

void  ep()
{	
	if (0 <= TrInit())
	{
		DetourTransactionBegin();
		hook(OpenMutexW);
		hook(OpenEventW);
		DetourTransactionCommit();
	}

	OpenEventA(0,0,"");
	OpenMutexA(0,0,"");
	OpenEventA(0,0,"");

	ULONG index = NUM_DETOURS;
	do 
	{
		if (PCSTR funcName = funcStats[--index].funcName)
		{
			DbgPrint("%x %s\n", funcStats[index].numCalls, funcName);
		}
	} while (index);
}