captmicro

Unknown

Nov 17th, 2010
235
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 1.58 KB | None | 0 0
  1. #include "MicroHook.h"
  2.  
  3. /*returns pointer to existing function*/
  4. BYTE *MH_VTBLHook(DWORD *pVTBL, DWORD dwIdx, BYTE *pNewFunc)
  5. {
  6.     BYTE *pOrigFunc;
  7.     DWORD dwOldProt;
  8.     VirtualProtect((void*)&pVTBL[dwIdx], 4, PAGE_EXECUTE_READWRITE, &dwOldProt);
  9.     pOrigFunc = (BYTE*)pVTBL[dwIdx];
  10.     pVTBL[dwIdx] = (DWORD)pNewFunc;
  11.     VirtualProtect((void*)&pVTBL[dwIdx], 4, dwOldProt, &dwOldProt);
  12.     return pOrigFunc;
  13. }
  14.  
  15. /*returns pointer to trampoline function*/
  16. BYTE *MH_DetourTrampoline(BYTE *pOrigFunc, BYTE *pNewFunc, BYTE *pTrampolineFunc, BYTE bSize)
  17. {
  18.     BYTE bTemp;
  19.     DWORD dwOldProt;
  20.     VirtualProtect((void*)pTrampolineFunc, bSize+5, PAGE_EXECUTE_READWRITE, &dwOldProt);
  21.     VirtualProtect((void*)pOrigFunc, bSize, PAGE_EXECUTE_READWRITE, &dwOldProt);
  22.     bTemp = bSize;
  23.     while (bTemp-- > 0) pTrampolineFunc[bTemp] = pOrigFunc[bTemp];
  24.     pTrampolineFunc += bSize;
  25.     pTrampolineFunc[0] = 0xE9;
  26.     *(DWORD*)(pTrampolineFunc+1) = (DWORD)((pOrigFunc+bSize - pTrampolineFunc) - 5);
  27.     pOrigFunc[0] = 0xE9;
  28.     *(DWORD*)(pOrigFunc+1) = (DWORD)((pNewFunc - pOrigFunc) - 5);
  29.     bTemp = 5; while (bTemp++ < bSize) pOrigFunc[bTemp] = 0x90;
  30.     VirtualProtect((void*)pOrigFunc, bSize, dwOldProt, &dwOldProt);
  31.     return (pTrampolineFunc - bSize);
  32. }
  33.  
  34. /*returns pointer to trampoline function*/
  35. BYTE *MH_UnDetourTrampoline(BYTE *pOrigFunc, BYTE *pTrampolineFunc, BYTE bSize)
  36. {
  37.     DWORD dwOldProt;
  38.     VirtualProtect((void*)pOrigFunc, bSize, PAGE_EXECUTE_READWRITE, &dwOldProt);
  39.     while (bSize-- > 0) pOrigFunc[bSize] = pTrampolineFunc[bSize];
  40.     VirtualProtect((void*)pOrigFunc, bSize, dwOldProt, &dwOldProt);
  41.     return pTrampolineFunc;
  42. }
Add Comment
Please, Sign In to add comment