Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Delphi CE Plugin] Removing hooks

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Reak
I post too much
Reputation: 0

Joined: 15 May 2007
Posts: 3496
PostPosted: Sun Jan 04, 2009 9:49 am    Post subject: [Delphi CE Plugin] Removing hooks Reply with quote
Hey,

Some of you may have looked at CE's (v 5.4.5) Packet Editor (Which is a plugin, in delphi).
It's hooking recv/recvfrom/WSArecv/WSArecvfrom ... same with send.

So, when injecting the Packet Editor into a process it's hooking those functions. But since after you'd unload it all send and recv functions wouldn't work no more and the application would probably crash I wanted to remove the hooks.

I started with recv.
This is how the packet editor (Its injector) hooks it:

ce_exported.ce_generateAPIHookScript('ws2_32!recv','cepe!ws2recv','cepe!ws2recvorig',x,1024);
So:
Code:
alloc(originalcall0,2048) //2kb should be enough
label(returnhere0)

cepe!ws2recvorig:
dd originalcall0

originalcall0:
mov edi,edi
push ebp
mov ebp,esp
jmp returnhere0

ws2_32!recv:
jmp cepe!ws2recv
returnhere0:


ws2recv is the hook function of the packet editor.
So now I've been wondering how I could remove the hook and thought of the following options:
    - Copying cepe!ws2recvorig to ws2_32!recv
    - ws2_32!recv: jmp cepe!ws2recvorig (But I can't unload the dll then right?)


How would you handle this?
Back to top
View user's profile Send private message
arigity
Advanced Cheater
Reputation: 0

Joined: 03 Jul 2008
Posts: 65
Location: middle of nowhere.
PostPosted: Sun Jan 04, 2009 12:14 pm    Post subject: Reply with quote
write the original code back and free any allocated memory.
_________________
Back to top
View user's profile Send private message
Reak
I post too much
Reputation: 0

Joined: 15 May 2007
Posts: 3496
PostPosted: Sun Jan 04, 2009 1:17 pm    Post subject: Reply with quote
Ok got this to work already. Thanks anyway x]

Can be closed.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites