API tools faq
paste
Advertisement
captmicro

hooking messageboxw

captmicro
Nov 10th, 2012
349
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.64 KB | None | 0 0
raw download clone embed print report diff
  1. #define WIN32_LEAN_AND_MEAN
  2. #include <windows.h>
  3.  
  4. #define MH_DEFTRAMPOLINE(pFuncName) \
  5.     BYTE *orig_##pFuncName; BYTE *tramp_##pFuncName
  6. #define MH_ALLOCTRAMPOLINE(pTrampolinePtr, bSize) \
  7.     pTrampolinePtr = (BYTE*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, bSize+5)
  8. #define MH_FREETRAMOLINE(pTrampolinePtr) \
  9.     HeapFree(GetProcessHeap(), 0, pTrampolinePtr)
  10.  
  11. /*returns pointer to trampoline function*/
  12. BYTE *MH_TrampolineAdd(BYTE *pOrigFunc, BYTE *pNewFunc, BYTE *pTrampolineFunc, BYTE bSize)
  13. {
  14.     BYTE bTemp;
  15.     DWORD dwOldProt;
  16.     VirtualProtect((void*)pTrampolineFunc, bSize+5, PAGE_EXECUTE_READWRITE, &dwOldProt);
  17.     VirtualProtect((void*)pOrigFunc, bSize, PAGE_EXECUTE_READWRITE, &dwOldProt);
  18.     bTemp = bSize;
  19.     while (bTemp-- > 0) pTrampolineFunc[bTemp] = pOrigFunc[bTemp];
  20.     pTrampolineFunc += bSize;
  21.     pTrampolineFunc[0] = 0xE9; //JMP [rel16/32]
  22.     *(DWORD*)(pTrampolineFunc+1) = (DWORD)((pOrigFunc+bSize - pTrampolineFunc) - 5);
  23.     pOrigFunc[0] = 0xE9; //JMP [rel16/32]
  24.     *(DWORD*)(pOrigFunc+1) = (DWORD)((pNewFunc - pOrigFunc) - 5);
  25.     bTemp = 5; while (bTemp++ < bSize) pOrigFunc[bTemp] = 0x90;
  26.     VirtualProtect((void*)pOrigFunc, bSize, dwOldProt, &dwOldProt);
  27.     return (pTrampolineFunc - bSize);
  28. }
  29.  
  30. /*returns pointer to trampoline function*/
  31. BYTE *MH_TrampolineRemove(BYTE *pOrigFunc, BYTE *pTrampolineFunc, BYTE bSize)
  32. {
  33.     DWORD dwOldProt;
  34.     VirtualProtect((void*)pOrigFunc, bSize, PAGE_EXECUTE_READWRITE, &dwOldProt);
  35.     while (bSize-- > 0) pOrigFunc[bSize] = pTrampolineFunc[bSize];
  36.     VirtualProtect((void*)pOrigFunc, bSize, dwOldProt, &dwOldProt);
  37.     return pTrampolineFunc;
  38. }
  39.  
  40. MH_DEFTRAMPOLINE(MessageBoxW);
  41. typedef int (WINAPI *_MessageBoxW)(HWND, LPCTSTR, LPCTSTR, UINT);
  42. _MessageBoxW o
  43. int WINAPI new_MessageBoxW(HWND hwnd, LPCTSTR text, LPCTSTR title, UINT utype)
  44. {
  45.     char *newTitle = NULL;
  46.     newTitle = (char*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, lstrlenW(title) + 15);
  47.     lstrcpyW(newTitle, L"=|MicroHook|= "); if (title != NULL) lstrcatW(newTitle, title);
  48.     int ret = ((_MessageBoxW)(tramp_MessageBoxW))(hwnd, text, newTitle, utype);
  49.     MessageBoxW(0, L"WTF HOOKED", 0, 0);
  50.     HeapFree(GetProcessHeap(), 0, newTitle);
  51.     return ret;
  52. }
  53.  
  54. BOOL WINAPI DllMain(HINSTANCE hInst, DWORD dwReason, LPVOID lpvReserved)
  55. {
  56.     if (dwReason == DLL_PROCESS_ATTACH)
  57.     {
  58.         orig_MessageBoxW = (BYTE*)GetProcAddress(LoadLibraryA("user32.dll"), "MessageBoxW");
  59.         MH_ALLOCTRAMPOLINE(tramp_MessageBoxW, 5);
  60.         MH_TrampolineAdd(orig_MessageBoxW, (BYTE*)&new_MessageBoxW, tramp_MessageBoxW, 5);
  61.     }
  62.     else if (dwReason == DLL_PROCESS_DETACH)
  63.     {
  64.         MH_TrampolineRemove(orig_MessageBoxW, tramp_MessageBoxW, 5);
  65.         MH_FREETRAMOLINE(tramp_MessageBoxW);
  66.     }
  67.     return (BOOL)1;
  68. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!