67 lines
2.9 KiB
C++
67 lines
2.9 KiB
C++
#include "pch.h"
|
|
#include "Trampoline.h"
|
|
|
|
namespace InjectLibrary
|
|
{
|
|
Trampoline::Trampoline(void* hookedFunctionAddress, void* hookPayloadFunctionAddress, const BYTE oldCodeSize) :
|
|
_hookedFunctionAddress(hookedFunctionAddress), _hookPayloadFunctionAddress(hookPayloadFunctionAddress)
|
|
{
|
|
auto size = oldCodeSize;
|
|
if (size <= 0) {
|
|
size = SIZE_OF_JUMP;
|
|
}
|
|
_trampolineLayout = new TrampolineLayout(size);
|
|
// Êîä, êîòîðûé áóäåò ñãåíåðèðîâàí â áóäóùåì äîëæåí èìåòü ðàçðåøåíèå íà âûïîëíåíèå
|
|
VirtualProtect(_trampolineLayout->code, _trampolineLayout->GetFullSize(), PAGE_EXECUTE_READWRITE, &_protect);
|
|
}
|
|
|
|
Trampoline::~Trampoline()
|
|
{
|
|
VirtualProtect(_trampolineLayout->code, _trampolineLayout->GetFullSize(), _protect, &_protect);
|
|
delete _trampolineLayout;
|
|
}
|
|
|
|
const FARPROC Trampoline::Install()
|
|
{
|
|
FillLayout();
|
|
InstallHook();
|
|
return GetAddress();
|
|
}
|
|
|
|
void Trampoline::Uninstall()
|
|
{
|
|
DWORD oldProtect;
|
|
VirtualProtect(_hookedFunctionAddress, SIZE_OF_JUMP, PAGE_EXECUTE_READWRITE, &oldProtect);
|
|
// Ïðè óäàëåíèè õóêà âåðíåì íà ìåñòî çàòåðòûå èíñòðóêöèè â ïåðåõâàòûâàåìîé ôóêíöèè
|
|
CopyMemory(_hookedFunctionAddress, _trampolineLayout->code, SIZE_OF_JUMP);
|
|
VirtualProtect(_hookedFunctionAddress, SIZE_OF_JUMP, oldProtect, &oldProtect);
|
|
}
|
|
|
|
const FARPROC Trampoline::GetAddress() const
|
|
{
|
|
return (FARPROC)(void*)_trampolineLayout->code;
|
|
}
|
|
|
|
void Trampoline::FillLayout()
|
|
{
|
|
const auto oldCodeSize = _trampolineLayout->GetOldCodeSize();
|
|
// Ñêîïèðóåì ïåðâûå oldCodeSize áàéò êîäà èç ïåðåõâàòûâàåìîé ôóíêöèè â íàø òðàìïëèí
|
|
CopyMemory(_trampolineLayout->code, _hookedFunctionAddress, oldCodeSize);
|
|
// Ïîäñ÷èòàåì 32áèòíîå ñìåùåíèå àäðåñà è çàïèøåì â íàø òðàìïëèí ïîñëå êîäà ôóêíöèè, ñêîïèðîâííîãî âûøå
|
|
_trampolineLayout->jumpInstruction->rel32 = (DWORD)_hookedFunctionAddress - ((DWORD)_trampolineLayout->code + oldCodeSize);
|
|
}
|
|
|
|
void Trampoline::InstallHook() const
|
|
{
|
|
DWORD oldProtect;
|
|
// ×òî áû èçìåíèòü êîä ïåðåõâàòûâàåìîé ôóíêöèè, îáëàñòü ïàìÿòè äîëæíà èìåòü ðàçðåøåíèå íà çàïèñü
|
|
VirtualProtect(_hookedFunctionAddress, SIZE_OF_JUMP, PAGE_EXECUTE_READWRITE, &oldProtect);
|
|
RelativeJumpLayout* instr = (RelativeJumpLayout*)((BYTE*)_hookedFunctionAddress);
|
|
// Ïîäñ÷èòàåì 32áèòíîå ñìåùåíèå àäðåñà è çàïèøåì åãî âìåñòå ñ îïêîäîì èíñòðóêöèè äæàìïà â íà÷àëî ïåðåõâàòûâàåìîé ôóíêöèè
|
|
// Äæàìï áóäåò âûïîëíåí â íàøó ôóíêöèþ, ãäå âûïîëíÿåòñÿ ðåàëüíàÿ ðàáîòà ïîñëå ïåðåõâàòà è îñóùåñòâëÿåòñÿ ïåðåõîä íà èíñòðóêöèþ òðàìïëèíà
|
|
instr->opcode = 0xe9;
|
|
instr->rel32 = (DWORD)_hookPayloadFunctionAddress - ((DWORD)_hookedFunctionAddress + SIZE_OF_JUMP);
|
|
VirtualProtect(_hookedFunctionAddress, SIZE_OF_JUMP, oldProtect, &oldProtect);
|
|
}
|
|
}
|