 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
rovnix
Newbie cheater
![]() Reputation: 0
Joined: 09 Feb 2014
Posts: 18
|
 Posted: Wed Feb 12, 2014 10:03 am Post subject: Please Help with an example source code of Trampoline Hooks |
 |
|
Good day,
I am somewhat new to hooking so i wont say i wonna learn C++, cos i have some of the basics.
What i wonna know is, how do i do hooking for message box to start with in c++ i would be happy to learn from you fellows.
|
|
| Back to top |
|
 |
Negima
I post too much
![]() Reputation: 5
Joined: 22 May 2007
Posts: 2221
|
| Posted: Wed Feb 12, 2014 11:29 pm Post subject: |
|
|
there are lots of ways, example
| Code: | #include <windows.h>
#define SIZE 6
typedef int (WINAPI *pMessageBoxW)(HWND, LPCWSTR, LPCWSTR, UINT); // Messagebox prototype
int WINAPI MyMessageBoxW(HWND, LPCWSTR, LPCWSTR, UINT); // Our detour
void BeginRedirect(LPVOID);
pMessageBoxW pOrigMBAddress = NULL; // address of original
BYTE oldBytes[SIZE] = {0}; // backup
BYTE JMP[SIZE] = {0}; // 6 byte JMP instruction
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE;
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch(Reason)
{
case DLL_PROCESS_ATTACH: // if attached
pOrigMBAddress = (pMessageBoxW)
GetProcAddress(GetModuleHandle("user32.dll"), // get address of original
"MessageBoxW");
if(pOrigMBAddress != NULL)
BeginRedirect(MyMessageBoxW); // start detouring
break;
case DLL_PROCESS_DETACH:
memcpy(pOrigMBAddress, oldBytes, SIZE); // restore backup
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
void BeginRedirect(LPVOID newFunction)
{
BYTE tempJMP[SIZE] = {0xE9, 0x90, 0x90, 0x90, 0x90, 0xC3}; // 0xE9 = JMP 0x90 = NOP oxC3 = RET
memcpy(JMP, tempJMP, SIZE); // store jmp instruction to JMP
DWORD JMPSize = ((DWORD)newFunction - (DWORD)pOrigMBAddress - 5); // calculate jump distance
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, // assign read write protection
PAGE_EXECUTE_READWRITE, &oldProtect);
memcpy(oldBytes, pOrigMBAddress, SIZE); // make backup
memcpy(&JMP[1], &JMPSize, 4); // fill the nop's with the jump distance (JMP,distance(4bytes),RET)
memcpy(pOrigMBAddress, JMP, SIZE); // set jump instruction at the beginning of the original function
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, oldProtect, NULL); // reset protection
}
int WINAPI MyMessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uiType)
{
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, myProtect, NULL); // assign read write protection
memcpy(pOrigMBAddress, oldBytes, SIZE); // restore backup
int retValue = MessageBoxW(hWnd, lpText, lpCaption, uiType); // get return value of original function
memcpy(pOrigMBAddress, JMP, SIZE); // set the jump instruction again
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, oldProtect, NULL); // reset protection
return retValue; // return original return value
}} |
|
|
| Back to top |
|
|
rovnix
Newbie cheater
![]() Reputation: 0
Joined: 09 Feb 2014
Posts: 18
|
| Posted: Fri Feb 14, 2014 6:52 am Post subject: |
|
|
Okay i tried something out on my own, dont know if i am 100% correct, tho but i will like to learn. been practising with little assrmbly and c++, possibly someone can correct me where my errors are. Am I on track?
| Code: |
#include<windows.h>
#define SIZE 6
typedef int (WINAPI *pMessageBoxW)(HWND, LPCWSTR, LPCWSTR, UINT);
int WINAPI MyMessageBoxW(HWND, LPCWSTR, LPCWSTR, UINT);
pMessageBoxW pOrigMBAddress = NULL;
BYTE oldBytes[SIZE] = {0};
BYTE JMP[SIZE] = {0};
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE;
void BeginRedirect()
{
pOrigMBAddress = (LPVOID)GetProcAddress(GetModuleHandle("user32.dll")"MessageBoxW");
//MessageBox::Show("I Hooked MessageBox",MB_OK)
BYTE tempJMP[SIZE] = {0xE9, 0x90, 0x90, 0x90, 0x90, 0xc3} ;
memcpy(JMP,tempJMP,SIZE);
DWORD JMPSIZE = ((DWORD)newFunction -(DWORD)pOrigMBAddress -5);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,PAGE_EXECUTE_READWRITE,&oldProtect);
memcpy(oldBytes,pOrigMBAddress,SIZE);
memcpy(&JMP[1],&JMPSize,4);
memcpy(pOrigMBAddress,JMP,SIZE);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,oldProtect,0);
}
int WINAPI MyMessageBox(HWND hWnd,LPCWSTR lpText,LPCWSTR lpCaption,UINT uiType)
{
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,myProtect,0);
memcpy(pOrigMBAddress,oldBytes,SIZE);
int retValue = MessageBoxW(hWnd,lpText,lpCaption,uiType);
memcpy(pOrigMBAddress,JMP,SIZE);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,oldProtect,0);
return retvalue;
}
|
--------------------------------------
can i also do something like this with little assembly
| Code: |
#include<windows.h>
#define SIZE 6
typedef int (WINAPI *pMessageBoxW)(HWND, LPCWSTR, LPCWSTR, UINT);
int WINAPI MyMessageBoxW(HWND, LPCWSTR, LPCWSTR, UINT);
pMessageBoxW pOrigMBAddress = NULL;
BYTE oldBytes[SIZE] = {0};
BYTE JMP[SIZE] = {0};
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE;
void BeginRedirect()
{
pOrigMBAddress = (LPVOID)GetProcAddress(GetModuleHandle("user32.dll")"MessageBoxW");
_asm
{
mov edl,edl
push ebp
mov ebp,esp
call[pOrigMBAddress]
}
memcpy(JMP,tempJMP,SIZE);
DWORD JMPSIZE = ((DWORD)newFunction -(DWORD)pOrigMBAddress -5);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,PAGE_EXECUTE_READWRITE,&oldProtect);
memcpy(oldBytes,pOrigMBAddress,SIZE);
memcpy(&JMP[1],&JMPSize,4);
memcpy(pOrigMBAddress,JMP,SIZE);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,oldProtect,0);
}
int WINAPI MyMessageBox(HWND hWnd,LPCWSTR lpText,LPCWSTR lpCaption,UINT uiType)
{
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,myProtect,0);
memcpy(pOrigMBAddress,oldBytes,SIZE);
int retValue = MessageBoxW(hWnd,lpText,lpCaption,uiType);
memcpy(pOrigMBAddress,JMP,SIZE);
VirtualProtect((LPVOID)pOrigMBAddress,SIZE,oldProtect,0);
return retvalue;
}
|
Not quite fluent at this.... i used call, since i am trying to call a dll function.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
