Hook Anywhere !

Publicado por luchin On domingo, 12 de septiembre de 2010 0 comentarios

Hook This !

Library for coders


Ok this is a simple, fast and modeable procedure that allows you to hook your own procedure in any part of code.

Yeah you hear well forgget about opening Ollydbg, make JMPs to other part of code for call your DLL and late restore them.

This fuction does it all, you can hook in any place of any program and without getting any error or modification of the actual code.
But what this means? lets see a example:

Code:
00401087   . 68 B80B0000        PUSH 0BB8                                                         ; |ControlID = BB8 (3000.)
0040108C   . FF75 08            PUSH DWORD PTR SS:[EBP+8]                                         ; |hWnd
0040108F   . E8 6A010000        CALL                                 ; \SetDlgItemTextA
This is a part of a "X" program, after hooking with my fuction it will look like this:

Code:
0040106B   . E8 9D41C00F        CALL IndigoGS.1000520D                                            ; |Message
00401070   . E8 83010000        CALL                                    ; \SendMessageA
Yeah a call to your own procedure, and next when you dont need anymore you can call my fuction again and will look just like the original code:

Code:
00401087   . 68 B80B0000        PUSH 0BB8                                                         ; |ControlID = BB8 (3000.)
0040108C   . FF75 08            PUSH DWORD PTR SS:[EBP+8]                                         ; |hWnd
0040108F   . E8 6A010000        CALL                                 ; \SetDlgItemTextA
This library support MASM32 and C++ compilator and its open source.

How use it:


First add into your source the Include file and the Library

Now you just need to call my library in your DLL or EXE program like this:

Code:
MASM32:
invoke HookThis, 0040106Bh, Offset MyProcedure, 1

C++:
HookThis(0040106B, MyProcedure, 1)

Resumed:

HookThis(HookOffset, MyProcedure, ID)
So in the first argument we have the addr of the part where we need to hook, the second argument we have the addr of our procedure when it needs to be called and last argument its the ID of the current hook we made, in this case 1.

Once the hooked code call your procedure you can do anything has usual, but just remember before exit your procedure call this:

Code:
MASM32:
invoke UnHookThis, 0040106B, 1

C++:
UnHookThis(0040106B, 1)

Resumed:
UnHookThis(HookedOffset, ID)
And thats all, the flow of execution will continue like nothing happen.

Limitations:


The only limitation is that you can only do 100 hooks, but i can expand to much more if you need, also its open source and you can do yourself.

Extras:


I can expand the fuction for you to choose between make a CALL to your procedure or a JUMP to a portion of code, but i will make this later in other update.

Example:


Code:
Invoke HookThis, 00401064h, Offset MyProcedure1, 1
Invoke HookThis, 00401074h, Offset MyProcedure2, 2
Invoke HookThis, 00401094h, Offset MyProcedure3, 3

MyProcedure1 Proc
 ;DO ALL YOU WANT HERE
 invok UnHookThis, 00401064, 1
MyProcedure1 Endp

MyProcedure2 Proc
 ;DO ALL YOU WANT HERE
 invok UnHookThis, 00401074, 2
MyProcedure2 Endp

MyProcedure3 Proc
 ;DO ALL YOU WANT HERE
 invok UnHookThis, 00401094, 3
MyProcedure3 Endp
Here another example how hooking your DLL with just using LoadLibrary, forget about using GetProcAddress and waist resource time:

Code:
In hooked program:

0041000: invoke LoadLibrary, "MyDLL"
0041005: Other instructions

In our DLL:

DllEntry Proc hInst:HINSTANCE, reason:DWord, reserved1:DWord
 .if (reason == DLL_PROCESS_ATTACH)
      invoke HookThis, 0041005h, Offset InitAll, 1       
 .endif
 mov eax, TRUE
 ret
DllEntry EndP
After DLL is loaded the CALL to InitAll procedure will be created down of the LoadLibrary call and we wont have to call GetProcAddress ^^.

Enjoy, source code + Library + Include file in attachment.

Credits: [INDG]FeN$x
 
 
Thanks for the guide, but I didnt quite get it, I am using Visual C++ and added the 3 files as Resource Files to my project.
how do i figure the 3 parameters for the hook? do i need to open the project in olly?

besides, Gameguard doesn't let me even run the EXE in visual c++ while it is open.
Has i explain in the guide the 3 arguments (parameters) are:

Code:
HookAddr -> The offset where you want to hook
YouProcedure -> The offset of your procedure in EXE or DLL
ID -> This ID is like a counter, if you use first time then use 1
Example:

Code:
HookThis 0041000h, Offset MyProcedure, 1
HookThis 0042000h, Offset MyProcedure2, 2
Note that GameGuard use CRC system on their games, this means you edit some byte in the game and youll get fucked up. But this hook can also be usefull agaisnt gameguard security, example:

- Do a thread and each 1 second Hook and UnHook the procedure, this will avoid the CRC since your thread has to be more fast than GameGuard CRC thread.

- If gameguard doesnt let you open your program probably you using some detected APIs or they patch your application (probably aimbot or something).

Follow this advices and tell me if you need more help, but in the thread. thanks.
 
http://www.ziddu.com/download/11646873/HookThis.rar.html 

Publicado por luchin en 19:10

0 comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More