|
Thread |
Forum |
Last Post |
Posts |
Views |
 |
[Source] 64bit Detour Methode
Posted on: Mon 14. Mar 2016, 13:19
vedel
 Preview
Go To Post
CPP Code: void *DetourFunction(BYTE *pSource, BYTE *pHook, int nLength) { // mov rax address jmp rax BYTE jmp_opcode[JMPSIZE] = { 0x48, 0xB8, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xFF, 0xE0 }; //Allocate memory BYTE *trampolin = new BYTE[nLength + JMPSIZE]; //Replace Protection DWORD dwOldProtection; VirtualProtect(trampolin, nLength + JMPSIZE, PAGE_EXECUTE_READWRITE, &dwOldProtection); VirtualProtect(pSource, nLength, PAGE_EXECUTE_READWRITE, &dwOldProtection); //Copy Original Code into trampolin memcpy(trampolin, pSource, nLength); //Set jmp to Original memcpy(jmp_opcode + 2, &pSource, 8); memcpy(trampolin + nLength, jmp_opcode, JMPSIZE); //Fill Original with NOPs memset(pSource, 0x90, nLength); //Set jmp to Hook memcpy(jmp_opcode + 2, &pHook, 8); memcpy(pSource, jmp_opcode, JMPSIZE); VirtualProtect(pSource, nLength, dwOldProtection, NULL); //Return Pointer to Original Code return trampolin; }
Beispiel anhand von NtQueryDirectoryFile: CPP Code: HMODULE hModntdll = GetModuleHandle("ntdll.dll"); FARPROC dwAddress = GetProcAddress(hModntdll, "NtQueryDirectoryFile"); oldNtQueryDirectoryFile = (tNtQueryDirectoryFile)(DetourFunction((PBYTE)dwAddress, (PBYTE)hkNtQueryDirectoryFile, 21));
Getestet unter Windows 10 Pro 64bit.
|
VB, C/C++, Delphi, etc |
Mon 14. Mar 2016, 13:19
by vedel
|
0 |
505 |
 |
Overwatch bypass
Posted on: Thu 25. Dec 2014, 17:38
Sh0n3
Preview
Go To Post
Ich würde mich dafür interessiere. Ich bin immer offen für neue Ideen! Nimmst du auch Bitcoin/Paypal? Gruß vedel
|
Mülleimer |
Fri 26. Dec 2014, 16:20
by Vercan36
|
18 |
1146 |
 |
Fallen Earth simple external hack
Posted on: Sun 19. Oct 2014, 21:24
ranarrr
Preview
Go To Post
Normally I use "PROCESS_ALL_ACCESS" instead of "PROCESS_VM_READ". I don't think thats the problem because "VM_READ" should be enough. I'll try it at home and check the code again. - vedel Edit: I forgot to ask you what the problem is, did you get the wrong value or did you get nothing?
|
VB, C/C++, Delphi, etc |
Thu 13. Nov 2014, 11:16
by kentpachi
|
10 |
1883 |
|
Fallen Earth simple external hack
Posted on: Sun 19. Oct 2014, 21:24
ranarrr
Preview
Go To Post
Hello ranarrr, ich have trouble downloading the code. Can you Post the snippet here? - vedel
|
VB, C/C++, Delphi, etc |
Thu 13. Nov 2014, 11:16
by kentpachi
|
10 |
1883 |
|
[Help] D3D Hook - D3DXCreateFont & DrawFont
Posted on: Thu 3. Apr 2014, 23:03
OrkSchamane
Preview
Go To Post
Guten Morgen, Quote Das Argument vom Typ ""const char *"" ist mit dem Parameter vom Typ ""LPCWSTR"" inkompatibel. Du verwendest Visual Studio oder? Falls ja: Klick auf Projekt > "DEIN PROJEKT" Eigenschaften  Und Setze "Zeichensatz" auf MultiByte. Gruß vedel
|
VB, C/C++, Delphi, etc |
Thu 21. Aug 2014, 10:23
by vedel
|
4 |
1824 |
Deutsch