Initial MSVC 2008 projects workspace
This commit is contained in:
81
l2detect/net_hook_cmn.cpp
Normal file
81
l2detect/net_hook_cmn.cpp
Normal file
@@ -0,0 +1,81 @@
|
||||
#include "stdafx.h"
|
||||
#include "net_hook.h"
|
||||
#include "Logger.h"
|
||||
|
||||
/** Validates istructure alignment. returns true on OK **/
|
||||
bool Hook_ValidateAlign()
|
||||
{
|
||||
size_t ss = sizeof(struct jmp_push_ret);
|
||||
if( ss != 6 ) /* FatalAppExit( 0, TEXT("Structure alignment error!") ); */
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
DebugBreak();
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
ss = sizeof(jmp_jmp);
|
||||
if( ss != 5 ) /* FatalAppExit( 0, TEXT("Structure alignment error!") ); */
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
DebugBreak();
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
#ifdef _DEBUG
|
||||
log_error( LOG_DEBUG, "Hook_ValidateAlign(): returning true (sizeof(jmp_push_ret) = %u)\n",
|
||||
(unsigned int)sizeof(jmp_push_ret) );
|
||||
ErrorLogger_FlushLogFile();
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> JMP-<2D><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
//
|
||||
// old_ptr - <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
// new_ptr - <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
// jmp_ptr - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
//
|
||||
void Hook_InterceptCall( DWORD old_ptr, DWORD new_ptr, DWORD *jmp_ptr )
|
||||
{
|
||||
jmp_jmp jump;
|
||||
jump.instr_jmp = 0xE9;
|
||||
jump.jmp_arg = new_ptr - old_ptr - 5;
|
||||
|
||||
DWORD oldProtect, prot;
|
||||
|
||||
GetCurrentProcess();
|
||||
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
prot = PAGE_EXECUTE_WRITECOPY; // PAGE_READWRITE;
|
||||
BOOL vp_res = VirtualProtectEx( (HANDLE)-1, (LPVOID)old_ptr, 5, prot, &oldProtect );
|
||||
if( !vp_res )
|
||||
{
|
||||
DWORD le = GetLastError();
|
||||
ErrorLogger_LogLastError( "Hook_InterceptCall(): VirtualProtectEx() failed", le );
|
||||
ErrorLogger_FlushLogFile();
|
||||
return;
|
||||
}
|
||||
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
||||
//WriteProcessMemory(hprocess, (LPVOID)old_ptr, (void*)(&jump), 5, &written);
|
||||
unsigned char *po = (unsigned char *)old_ptr;
|
||||
unsigned char *pj = (unsigned char *)&jump;
|
||||
po[0] = pj[0];
|
||||
po[1] = pj[1];
|
||||
po[2] = pj[2];
|
||||
po[3] = pj[3];
|
||||
po[4] = pj[4];
|
||||
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
prot = oldProtect;
|
||||
VirtualProtectEx( (HANDLE)-1, (LPVOID)old_ptr, 5, prot, &oldProtect );
|
||||
|
||||
(*jmp_ptr) = old_ptr + 5;
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user