This is my video tutorial on function hooking.
Click here for the tutorial!
The hooking function:
1 2 3 4 5 6 7 8 | void WriteJMP(byte* location, byte* newFunction){DWORD dwOldProtection;VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, dwOldProtection);location[0] = 0xE9; *((dword*)(location + 1)) = (dword)(newFunction - location) - 5;VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);} |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | // dllmain.cpp : Defines the entry point for the DLL application.#include "stdafx.h"#include typedef unsigned char byte;typedef unsigned short word;typedef unsigned int dword;byte countSwitch = 0;DWORD UpdateTimeCall = 0x01001D6C; //This call calls the UpdateTime functionDWORD UpdateTimeRetn = 0x01001D71; //This is the place where we will return 0x01001D6C + 0x05DWORD UpdateTimeFunc = 0x01002FE0; //This is the updateTime functionvoid WriteJMP(byte* location, byte* newFunction){ DWORD dwOldProtection; VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, &dwOldProtection); location[0] = 0xE9; *((dword*)(location + 1)) = (dword)(newFunction - location) - 5; VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);}void _declspec(naked) hTimeFunc(){ if(countSwitch == 0) { countSwitch = 1; _asm { JMP UpdateTimeRetn } } else { countSwitch = 0; _asm { CALL UpdateTimeFunc JMP UpdateTimeRetn } }}void initHooks(){ WriteJMP((byte*)UpdateTimeCall,(byte*)hTimeFunc); //Writes a jump from the original call to our custom function}BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){ switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: initHooks(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE;} |
0 comentarios:
Publicar un comentario