forked from mosamosa/GSD
-
Notifications
You must be signed in to change notification settings - Fork 0
/
apihook.cpp
96 lines (67 loc) · 2.56 KB
/
apihook.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*
* Author: mosa Ÿe5bW6vDOJ. <[email protected]>
*
* This code is hereby placed in the public domain.
*/
#include "apihook.h"
#include "tools.h"
//-----------------------------------------------------------------------------
const unsigned char startCode[5] = {0x8b, 0xff, 0x55, 0x8b, 0xec};
const unsigned char startCodeSingle5[3] = {0x68, 0xb8, 0xe9};
const unsigned char startCodeJT[6] = {0x64, 0xa1, 0x18, 0x00, 0x00, 0x00};
const unsigned char startCode2000[6] = {0x55, 0x8b, 0xec, 0x83, 0xec, 0x10};
//-----------------------------------------------------------------------------
bool make_entrycode(void *addr, void *fn, int len) // coded by nya
{
DWORD old1, old2;
unsigned char *entrycode = (unsigned char *)addr;
unsigned char *code = (unsigned char *)fn;
if(!VirtualProtect(addr, ENTRYCODE_LEN, PAGE_READWRITE, &old1))
return false;
memset(entrycode, 0x90, ENTRYCODE_LEN);
memcpy(entrycode, code, len);
entrycode[ENTRYCODE_LEN-5] = 0xe9; // longjump
*(DWORD*)(entrycode+ENTRYCODE_LEN-4) = (DWORD)fn - ((DWORD)addr + ENTRYCODE_LEN) + len;
VirtualProtect(addr, ENTRYCODE_LEN, old1, &old2);
return true;
}
//-----------------------------------------------------------------------------
bool make_jmpredir(void *addr, void *fn)
{
const int len = 5;
DWORD old1, old2;
unsigned char *entrycode = (unsigned char *)addr;
unsigned char *code = (unsigned char *)fn;
if(!VirtualProtect(addr, ENTRYCODE_LEN, PAGE_READWRITE, &old1))
return false;
memset(entrycode, 0x90, ENTRYCODE_LEN);
entrycode[0] = 0xe9; // longjump
*(DWORD*)(entrycode+1) = *(DWORD*)(code+1) - ((DWORD)addr - (DWORD)fn);
VirtualProtect(addr, ENTRYCODE_LEN, old1, &old2);
return true;
}
//-----------------------------------------------------------------------------
bool set_jump(void *addr, void *fn, unsigned char *code)
{
DWORD old1, old2, temp;
unsigned char *target = (unsigned char *)addr;
if(!VirtualProtect(addr, JUMPCODE_LEN, PAGE_READWRITE, &old1))
return false;
memcpy(code, addr, JUMPCODE_LEN);
temp = (DWORD)fn - (DWORD)addr - JUMPCODE_LEN;
target[0] = 0xe9; // longjmp
memcpy(target+1, &temp, 4);
VirtualProtect(addr, JUMPCODE_LEN, old1, &old2);
return true;
}
//-----------------------------------------------------------------------------
bool reset_jump(void *addr, unsigned char *code)
{
DWORD old1, old2;
if(!VirtualProtect(addr, JUMPCODE_LEN, PAGE_READWRITE, &old1))
return false;
memcpy(addr, code, JUMPCODE_LEN);
VirtualProtect(addr, JUMPCODE_LEN, old1, &old2);
return true;
}
//-----------------------------------------------------------------------------