This mechanism relies on a unique method of hooking using vectored-exception handling (VEH), which allows you to detour functions without having to preserve registers (e.g. Which is usually done through using pushad/popad), or worry about other potential issues, such as corrupting the stack.
The concept of how it works is displayed below:
Attached is the project.
Fetching parameters can be done by accessing the ESP context pointer (That's for x86; if you're building for x64, access the RSP pointer), like so:
Esp + 4 is the location of the first parameter; Esp holds the return address.
I also added a macro that makes editing flags rather easy, like so:
The above sets the sign flag bit to 1; you just hand off the PCONTEXT pointer as the first argument to EFLAGS, and use the available flags.
Many thanks to everyone here on GameDeception for all the help in '09!
http://www.ziddu.com/download/11505981/GDetour.zip.html
0 comentarios:
Publicar un comentario