API tools faq
paste
Advertisement
Guest User

kitsunes detour

a guest
Jul 16th, 2011
378
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.64 KB | None | 0 0
raw download clone embed print report
  1. //
  2. #ifndef GUID_DEFINED
  3. #define GUID_DEFINED
  4. typedef struct _GUID
  5. {
  6. DWORD Data1;
  7. WORD Data2;
  8. WORD Data3;
  9. BYTE Data4[ 8 ];
  10. } GUID;
  11. #endif // !GUID_DEFINED
  12.  
  13. #if defined(__cplusplus)
  14. #ifndef _REFGUID_DEFINED
  15. #define _REFGUID_DEFINED
  16. #define REFGUID const GUID &
  17. #endif // !_REFGUID_DEFINED
  18. #else // !__cplusplus
  19. #ifndef _REFGUID_DEFINED
  20. #define _REFGUID_DEFINED
  21. #define REFGUID const GUID * const
  22. #endif // !_REFGUID_DEFINED
  23. #endif // !__cplusplus
  24. //
  25. //////////////////////////////////////////////////////////////////////////////
  26.  
  27. #ifdef __cplusplus
  28. extern "C" {
  29. #endif // __cplusplus
  30.  
  31. /////////////////////////////////////////////////// Instruction Target Macros.
  32. //
  33. #define INSTRUCTION_TARGET_NONE ((PBYTE)0)
  34. #define INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul)
  35.  
  36. /////////////////////////////////////////////////////////// Trampoline Macros.
  37. //
  38. // TRAMPOLINE(trampoline_prototype, target_name)
  39. //
  40. // The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes.
  41. //
  42. #define TRAMPOLINE_SIZE 32
  43. #define SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0"
  44.  
  45. #define TRAMPOLINE(trampoline,target) \
  46. static PVOID __fastcall _Detours_GetVA_##target(VOID) \
  47. { \
  48. return ⌖ \
  49. } \
  50. \
  51. __declspec(naked) trampoline \
  52. { \
  53. __asm { nop };\
  54. __asm { nop };\
  55. __asm { call _Detours_GetVA_##target };\
  56. __asm { jmp eax };\
  57. __asm { ret };\
  58. __asm { nop };\
  59. __asm { nop };\
  60. __asm { nop };\
  61. __asm { nop };\
  62. __asm { nop };\
  63. __asm { nop };\
  64. __asm { nop };\
  65. __asm { nop };\
  66. __asm { nop };\
  67. __asm { nop };\
  68. __asm { nop };\
  69. __asm { nop };\
  70. __asm { nop };\
  71. __asm { nop };\
  72. __asm { nop };\
  73. __asm { nop };\
  74. __asm { nop };\
  75. __asm { nop };\
  76. __asm { nop };\
  77. __asm { nop };\
  78. __asm { nop };\
  79. __asm { nop };\
  80. }
  81.  
  82. #define TRAMPOLINE_EMPTY(trampoline) \
  83. __declspec(naked) trampoline \
  84. { \
  85. __asm { nop };\
  86. __asm { nop };\
  87. __asm { xor eax, eax };\
  88. __asm { mov eax, [eax] };\
  89. __asm { ret };\
  90. __asm { nop };\
  91. __asm { nop };\
  92. __asm { nop };\
  93. __asm { nop };\
  94. __asm { nop };\
  95. __asm { nop };\
  96. __asm { nop };\
  97. __asm { nop };\
  98. __asm { nop };\
  99. __asm { nop };\
  100. __asm { nop };\
  101. __asm { nop };\
  102. __asm { nop };\
  103. __asm { nop };\
  104. __asm { nop };\
  105. __asm { nop };\
  106. __asm { nop };\
  107. __asm { nop };\
  108. __asm { nop };\
  109. __asm { nop };\
  110. __asm { nop };\
  111. __asm { nop };\
  112. __asm { nop };\
  113. __asm { nop };\
  114. __asm { nop };\
  115. }
  116.  
  117. /////////////////////////////////////////////////////////// Binary Structures.
  118. //
  119. #pragma pack(push, 8)
  120. typedef struct _SECTION_HEADER
  121. {
  122. DWORD cbHeaderSize;
  123. DWORD nSignature;
  124. DWORD nDataOffset;
  125. DWORD cbDataSize;
  126.  
  127. DWORD nOriginalImportVirtualAddress;
  128. DWORD nOriginalImportSize;
  129. DWORD nOriginalBoundImportVirtualAddress;
  130. DWORD nOriginalBoundImportSize;
  131.  
  132. DWORD nOriginalIatVirtualAddress;
  133. DWORD nOriginalIatSize;
  134. DWORD nOriginalSizeOfImage;
  135. DWORD nReserve;
  136. } SECTION_HEADER, *PDETOUR_SECTION_HEADER;
  137.  
  138. typedef struct _SECTION_RECORD
  139. {
  140. DWORD cbBytes;
  141. DWORD nReserved;
  142. GUID guid;
  143. } SECTION_RECORD, *PDETOUR_SECTION_RECORD;
  144. #pragma pack(pop)
  145.  
  146. #define SECTION_HEADER_DECLARE(cbSectionSize) \
  147. { \
  148. sizeof(SECTION_HEADER),\
  149. SECTION_HEADER_SIGNATURE,\
  150. sizeof(SECTION_HEADER),\
  151. (cbSectionSize),\
  152. \
  153. 0,\
  154. 0,\
  155. 0,\
  156. 0,\
  157. \
  158. 0,\
  159. 0,\
  160. 0,\
  161. 0,\
  162. }
  163.  
  164. ///////////////////////////////////////////////////////////// Binary Typedefs.
  165. //
  166. typedef BOOL (CALLBACK *PF_BINARY_BYWAY_CALLBACK)(PVOID pContext,
  167. PCHAR pszFile,
  168. PCHAR *ppszOutFile);
  169. typedef BOOL (CALLBACK *PF_BINARY_FILE_CALLBACK)(PVOID pContext,
  170. PCHAR pszOrigFile,
  171. PCHAR pszFile,
  172. PCHAR *ppszOutFile);
  173. typedef BOOL (CALLBACK *PF_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
  174. DWORD nOrdinal,
  175. PCHAR pszOrigSymbol,
  176. PCHAR pszSymbol,
  177. PCHAR *ppszOutSymbol);
  178. typedef BOOL (CALLBACK *PF_BINARY_FINAL_CALLBACK)(PVOID pContext);
  179. typedef BOOL (CALLBACK *PF_BINARY_EXPORT_CALLBACK)(PVOID pContext,
  180. DWORD nOrdinal,
  181. PCHAR pszName,
  182. PBYTE pbCode);
  183.  
  184. typedef VOID * PDETOUR_BINARY;
  185. typedef VOID * PDETOUR_LOADED_BINARY;
  186.  
  187. //////////////////////////////////////////////////////// Trampoline Functions.
  188. //
  189. PBYTE WINAPI Function(PBYTE pbTargetFunction,
  190. PBYTE pbDetourFunction);
  191.  
  192. BOOL WINAPI FunctionWithEmptyTrampoline(PBYTE pbTrampoline,
  193. PBYTE pbTarget,
  194. PBYTE pbDetour);
  195.  
  196. BOOL WINAPI FunctionWithEmptyTrampolineEx(PBYTE pbTrampoline,
  197. PBYTE pbTarget,
  198. PBYTE pbDetour,
  199. PBYTE *ppbRealTrampoline,
  200. PBYTE *ppbRealTarget,
  201. PBYTE *ppbRealDetour);
  202.  
  203. BOOL WINAPI FunctionWithTrampoline(PBYTE pbTrampoline,
  204. PBYTE pbDetour);
  205.  
  206. BOOL WINAPI FunctionWithTrampolineEx(PBYTE pbTrampoline,
  207. PBYTE pbDetour,
  208. PBYTE *ppbRealTrampoline,
  209. PBYTE *ppbRealTarget);
  210.  
  211. BOOL WINAPI Remove(PBYTE pbTrampoline, PBYTE pbDetour);
  212.  
  213. ////////////////////////////////////////////////////////////// Code Functions.
  214. //
  215. PBYTE WINAPI FindFunction(PCHAR pszModule, PCHAR pszFunction);
  216. PBYTE WINAPI GetFinalCode(PBYTE pbCode, BOOL fSkipJmp);
  217.  
  218. PBYTE WINAPI CopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget);
  219. PBYTE WINAPI CopyInstructionEx(PBYTE pbDst,
  220. PBYTE pbSrc,
  221. PBYTE *ppbTarget,
  222. LONG *plExtra);
  223.  
  224. ///////////////////////////////////////////////////// Loaded Binary Functions.
  225. //
  226. HMODULE WINAPI EnumerateModules(HMODULE hModuleLast);
  227. PBYTE WINAPI GetEntryPoint(HMODULE hModule);
  228. BOOL WINAPI EnumerateExports(HMODULE hModule,
  229. PVOID pContext,
  230. PF_BINARY_EXPORT_CALLBACK pfExport);
  231.  
  232. PBYTE WINAPI FindPayload(HMODULE hModule, REFGUID rguid, DWORD *pcbData);
  233. DWORD WINAPI GetSizeOfPayloads(HMODULE hModule);
  234.  
  235. ///////////////////////////////////////////////// Persistent Binary Functions.
  236. //
  237. BOOL WINAPI BinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath);
  238. BOOL WINAPI BinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath);
  239. #ifdef UNICODE
  240. #define BinaryBind DetourBinaryBindW
  241. #else
  242. #define BinaryBind DetourBinaryBindA
  243. #endif // !UNICODE
  244.  
  245. PDETOUR_BINARY WINAPI BinaryOpen(HANDLE hFile);
  246. PBYTE WINAPI BinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
  247. GUID *pGuid,
  248. DWORD *pcbData,
  249. DWORD *pnIterator);
  250. PBYTE WINAPI BinaryFindPayload(PDETOUR_BINARY pBinary,
  251. REFGUID rguid,
  252. DWORD *pcbData);
  253. PBYTE WINAPI BinarySetPayload(PDETOUR_BINARY pBinary,
  254. REFGUID rguid,
  255. PBYTE pbData,
  256. DWORD cbData);
  257. BOOL WINAPI BinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
  258. BOOL WINAPI BinaryPurgePayloads(PDETOUR_BINARY pBinary);
  259. BOOL WINAPI BinaryResetImports(PDETOUR_BINARY pBinary);
  260. BOOL WINAPI BinaryEditImports(PDETOUR_BINARY pBinary,
  261. PVOID pContext,
  262. PF_BINARY_BYWAY_CALLBACK pfByway,
  263. PF_BINARY_FILE_CALLBACK pfFile,
  264. PF_BINARY_SYMBOL_CALLBACK pfSymbol,
  265. PF_DBINARY_FINAL_CALLBACK pfFinal);
  266. BOOL WINAPI BinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
  267. BOOL WINAPI BinaryClose(PDETOUR_BINARY pBinary);
  268.  
  269. /////////////////////////////////////////////// First Chance Exception Filter.
  270. //
  271. LPTOP_LEVEL_EXCEPTION_FILTER WINAPI
  272. FirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter);
  273.  
  274. ///////////////////////////////////////////////// Create Process & Inject Dll.
  275. //
  276. typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)
  277. (LPCSTR lpApplicationName,
  278. LPSTR lpCommandLine,
  279. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  280. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  281. BOOL bInheritHandles,
  282. DWORD dwCreationFlags,
  283. LPVOID lpEnvironment,
  284. LPCSTR lpCurrentDirectory,
  285. LPSTARTUPINFOA lpStartupInfo,
  286. LPPROCESS_INFORMATION lpProcessInformation);
  287.  
  288. typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)
  289. (LPCWSTR lpApplicationName,
  290. LPWSTR lpCommandLine,
  291. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  292. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  293. BOOL bInheritHandles,
  294. DWORD dwCreationFlags,
  295. LPVOID lpEnvironment,
  296. LPCWSTR lpCurrentDirectory,
  297. LPSTARTUPINFOW lpStartupInfo,
  298. LPPROCESS_INFORMATION lpProcessInformation);
  299.  
  300. BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
  301. LPSTR lpCommandLine,
  302. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  303. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  304. BOOL bInheritHandles,
  305. DWORD dwCreationFlags,
  306. LPVOID lpEnvironment,
  307. LPCSTR lpCurrentDirectory,
  308. LPSTARTUPINFOA lpStartupInfo,
  309. LPPROCESS_INFORMATION lpProcessInformation,
  310. LPCSTR lpDllName,
  311. PDETOUR_CREATE_PROCESS_ROUTINEA
  312. pfCreateProcessA);
  313.  
  314. BOOL WINAPI CreateProcessWithDllW(LPCWSTR lpApplicationName,
  315. LPWSTR lpCommandLine,
  316. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  317. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  318. BOOL bInheritHandles,
  319. DWORD dwCreationFlags,
  320. LPVOID lpEnvironment,
  321. LPCWSTR lpCurrentDirectory,
  322. LPSTARTUPINFOW lpStartupInfo,
  323. LPPROCESS_INFORMATION lpProcessInformation,
  324. LPCWSTR lpDllName,
  325. PDETOUR_CREATE_PROCESS_ROUTINEW
  326. pfCreateProcessW);
  327.  
  328. #ifdef UNICODE
  329. #define CreateProcessWithDll DetourCreateProcessWithDllW
  330. #define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
  331. #else
  332. #define CreateProcessWithDll DetourCreateProcessWithDllA
  333. #define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
  334. #endif // !UNICODE
  335.  
  336. BOOL WINAPI ContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
  337. BOOL WINAPI ContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
  338.  
  339. #ifdef UNICODE
  340. #define ContinueProcessWithDll DetourContinueProcessWithDllW
  341. #else
  342. #define ContinueProcessWithDll DetourContinueProcessWithDllA
  343. #endif // !UNICODE
  344. //
  345. //////////////////////////////////////////////////////////////////////////////
  346. #ifdef __cplusplus
  347. }
  348. #endif // __cplusplus
  349.  
  350. /////////////////////////////////////////////////////////////////// Old Names.
  351. //
  352. #define ContinueProcessWithDll ContinueProcessWithDll
  353. #define ContinueProcessWithDllA ContinueProcessWithDllA
  354. #define ContinueProcessWithDllW ContinueProcessWithDllW
  355. #define CreateProcessWithDll CreateProcessWithDll
  356. #define CreateProcessWithDllA CreateProcessWithDllA
  357. #define CreateProcessWithDllW CreateProcessWithDllW
  358. #define TRAMPOLINE_WO_TARGET TRAMPOLINE_EMPTY
  359. #define BinaryPurgePayload BinaryPurgePayloads
  360. #define EnumerateExportsForInstance EnumerateExports
  361. #define EnumerateInstances EnumerateModules
  362. #define FindEntryPointForInstance GetEntryPoint
  363. #define FindFinalCode GetFinalCode
  364. #define FindPayloadInBinary FindPayload
  365. #define GetSizeOfBinary GetSizeOfPayloads
  366. #define RemoveWithTrampoline Remove
  367. #define PCREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINE
  368. #define PCREATE_PROCESS_ROUTINEA PDETOUR_CREATE_PROCESS_ROUTINEA
  369. #define PCREATE_PROCESS_ROUTINEW PDETOUR_CREATE_PROCESS_ROUTINEW
  370. //
  371.  
  372. //////////////////////////////////////////////// Detours Internal Definitions.
  373. //
  374. #ifdef __cplusplus
  375. #ifdef INTERNAL
  376.  
  377. //////////////////////////////////////////////////////////////////////////////
  378. //
  379. #ifdef IMAGEAPI // defined by IMAGEHLP.H
  380. typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(LPAPI_VERSION AppVersion);
  381.  
  382. typedef BOOL (NTAPI *PF_SymInitialize)(IN HANDLE hProcess,
  383. IN LPSTR UserSearchPath,
  384. IN BOOL fInvadeProcess);
  385. typedef DWORD (NTAPI *PF_SymSetOptions)(IN DWORD SymOptions);
  386. typedef DWORD (NTAPI *PF_SymGetOptions)(VOID);
  387. typedef BOOL (NTAPI *PF_SymLoadModule)(IN HANDLE hProcess,
  388. IN HANDLE hFile,
  389. IN PSTR ImageName,
  390. IN PSTR ModuleName,
  391. IN DWORD BaseOfDll,
  392. IN DWORD SizeOfDll);
  393. typedef BOOL (NTAPI *PF_SymGetModuleInfo)(IN HANDLE hProcess,
  394. IN DWORD dwAddr,
  395. OUT PIMAGEHLP_MODULE ModuleInfo);
  396. typedef BOOL (NTAPI *PF_SymGetSymFromName)(IN HANDLE hProcess,
  397. IN LPSTR Name,
  398. OUT PIMAGEHLP_SYMBOL Symbol);
  399. typedef BOOL (NTAPI *PF_BindImage)(IN LPSTR pszImageName,
  400. IN LPSTR pszDllPath,
  401. IN LPSTR pszSymbolPath);
  402.  
  403. typedef struct _SYM_INFO
  404. {
  405. HANDLE hProcess;
  406. HMODULE hImageHlp;
  407. PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;
  408. PF_SymInitialize pfSymInitialize;
  409. PF_SymSetOptions pfSymSetOptions;
  410. PF_SymGetOptions pfSymGetOptions;
  411. PF_SymLoadModule pfSymLoadModule;
  412. PF_SymGetModuleInfo pfSymGetModuleInfo;
  413. PF_SymGetSymFromName pfSymGetSymFromName;
  414. PF_BindImage pfBindImage;
  415. } DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;
  416.  
  417. PDETOUR_SYM_INFO LoadImageHlp(VOID);
  418.  
  419. #endif // IMAGEAPI
  420.  
  421. //////////////////////////////////////////////////////////////////////////////
  422. //
  423. class CEnableWriteOnCodePage
  424. {
  425. public:
  426. CEnableWriteOnCodePage(PBYTE pbCode, LONG cbCode = TRAMPOLINE_SIZE)
  427. {
  428. m_pbCode = pbCode;
  429. m_cbCode = cbCode;
  430. m_dwOldPerm = 0;
  431. m_hProcess = GetCurrentProcess();
  432.  
  433. if (m_pbCode && m_cbCode) {
  434. if (!FlushInstructionCache(m_hProcess, pbCode, cbCode)) {
  435. return;
  436. }
  437. if (!VirtualProtect(pbCode,
  438. cbCode,
  439. PAGE_EXECUTE_READWRITE,
  440. &m_dwOldPerm)) {
  441. return;
  442. }
  443. }
  444. }
  445.  
  446. ~CEnableWriteOnCodePage()
  447. {
  448. if (m_dwOldPerm && m_pbCode && m_cbCode) {
  449. DWORD dwTemp = 0;
  450. if (!FlushInstructionCache(m_hProcess, m_pbCode, m_cbCode)) {
  451. return;
  452. }
  453. if (!VirtualProtect(m_pbCode, m_cbCode, m_dwOldPerm, &dwTemp)) {
  454. return;
  455. }
  456. }
  457. }
  458.  
  459. BOOL SetPermission(DWORD dwPerms)
  460. {
  461. if (m_dwOldPerm && m_pbCode && m_cbCode) {
  462. m_dwOldPerm = dwPerms;
  463. return TRUE;
  464. }
  465. return FALSE;
  466. }
  467.  
  468. BOOL IsValid(VOID)
  469. {
  470. return m_pbCode && m_cbCode && m_dwOldPerm;
  471. }
  472.  
  473. private:
  474. HANDLE m_hProcess;
  475. PBYTE m_pbCode;
  476. LONG m_cbCode;
  477. DWORD m_dwOldPerm;
  478. };
  479.  
  480. //////////////////////////////////////////////////////////////////////////////
  481. //
  482. inline PBYTE GenMovEax(PBYTE pbCode, UINT32 nValue)
  483. {
  484. *pbCode++ = 0xB8;
  485. *((UINT32*&)pbCode)++ = nValue;
  486. return pbCode;
  487. }
  488.  
  489. inline PBYTE GenMovEbx(PBYTE pbCode, UINT32 nValue)
  490. {
  491. *pbCode++ = 0xBB;
  492. *((UINT32*&)pbCode)++ = nValue;
  493. return pbCode;
  494. }
  495.  
  496. inline PBYTE GenMovEcx(PBYTE pbCode, UINT32 nValue)
  497. {
  498. *pbCode++ = 0xB9;
  499. *((UINT32*&)pbCode)++ = nValue;
  500. return pbCode;
  501. }
  502.  
  503. inline PBYTE GenMovEdx(PBYTE pbCode, UINT32 nValue)
  504. {
  505. *pbCode++ = 0xBA;
  506. *((UINT32*&)pbCode)++ = nValue;
  507. return pbCode;
  508. }
  509.  
  510. inline PBYTE GenMovEsi(PBYTE pbCode, UINT32 nValue)
  511. {
  512. *pbCode++ = 0xBE;
  513. *((UINT32*&)pbCode)++ = nValue;
  514. return pbCode;
  515. }
  516.  
  517. inline PBYTE GenMovEdi(PBYTE pbCode, UINT32 nValue)
  518. {
  519. *pbCode++ = 0xBF;
  520. *((UINT32*&)pbCode)++ = nValue;
  521. return pbCode;
  522. }
  523.  
  524. inline PBYTE GenMovEbp(PBYTE pbCode, UINT32 nValue)
  525. {
  526. *pbCode++ = 0xBD;
  527. *((UINT32*&)pbCode)++ = nValue;
  528. return pbCode;
  529. }
  530.  
  531. inline PBYTE GenMovEsp(PBYTE pbCode, UINT32 nValue)
  532. {
  533. *pbCode++ = 0xBC;
  534. *((UINT32*&)pbCode)++ = nValue;
  535. return pbCode;
  536. }
  537.  
  538. inline PBYTE GenPush(PBYTE pbCode, UINT32 nValue)
  539. {
  540. *pbCode++ = 0x68;
  541. *((UINT32*&)pbCode)++ = nValue;
  542. return pbCode;
  543. }
  544.  
  545. inline PBYTE GenPushad(PBYTE pbCode)
  546. {
  547. *pbCode++ = 0x60;
  548. return pbCode;
  549. }
  550.  
  551. inline PBYTE GenPopad(PBYTE pbCode)
  552. {
  553. *pbCode++ = 0x61;
  554. return pbCode;
  555. }
  556.  
  557. inline PBYTE GenJmp(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
  558. {
  559. if (pbJmpSrc == 0) {
  560. pbJmpSrc = pbCode;
  561. }
  562. *pbCode++ = 0xE9;
  563. *((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
  564. return pbCode;
  565. }
  566.  
  567. inline PBYTE GenCall(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
  568. {
  569. if (pbJmpSrc == 0) {
  570. pbJmpSrc = pbCode;
  571. }
  572. *pbCode++ = 0xE8;
  573. *((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
  574. return pbCode;
  575. }
  576.  
  577. inline PBYTE GenBreak(PBYTE pbCode)
  578. {
  579. *pbCode++ = 0xcc;
  580. return pbCode;
  581. }
  582.  
  583. inline PBYTE GenRet(PBYTE pbCode)
  584. {
  585. *pbCode++ = 0xc3;
  586. return pbCode;
  587. }
  588.  
  589. inline PBYTE GenNop(PBYTE pbCode)
  590. {
  591. *pbCode++ = 0x90;
  592. return pbCode;
  593. }
  594. #endif INTERAL
  595. #endif // __cplusplus
  596.  
  597. #endif //
  598. //
  599. //////////////////////////////////////////////////////////////// End of File.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!