API tools faq
paste
Advertisement
Guest User

QTS no. 11 - Register logging detour

a guest
Jul 9th, 2010
509
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 1.95 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. -----------------------------------------
  3. * Game hacking QTS ( Quickie Tip Series )
  4. * no. 11 - Register logging detour
  5. -----------------------------------------
  6. * Author: SEGnosis  - GHAnon.net
  7. * Thanks to:
  8. * bitterbanana      - No known site
  9. * Drunken Cheetah   - No known site
  10. * fatboy88      - No known site
  11. * Geek4Ever         - No known site
  12. * learn_more        - www.uc-forum.com
  13. * Novocaine         - http://ilsken.net/blog/?page_id=64
  14. * Philly0494        - No known site
  15. * Roverturbo        - www.uc-forum.com
  16. * SilentKarma       - www.halocoders.com - offline
  17. * Strife        - www.uc-forum.com
  18. * Wieter20      - No known site
  19. */
  20.  
  21. DWORD dwRet     = 0x00000000; // return address
  22. DWORD dwJumpAddress     = 0x00000000; // address to detour
  23. //----------------------------------//
  24. __declspec(naked) void DetourFunction() // naked to avoid precompiled header and footer
  25. {
  26.     __asm
  27.     {
  28.         // Original instructions here
  29.         pushad // preserve state
  30.         pushfd
  31.        
  32.         // log registers to variables here
  33.     }
  34.    
  35.     // call functions here
  36.    
  37.     __asm
  38.     {
  39.         popfd // return states
  40.         popad
  41.         jmp [dwRet] // return flow to address indicated
  42.     }
  43. }//----------------------------------//
  44.  
  45. //----------------------------------//
  46. void DetourLogger( void )
  47. {
  48.     BYTE cHook[ 5 ] = { 0xe9, 0, 0, 0, 0 }; // jump instruction with space for offset
  49.    
  50.     DWORD dwFunction = ( DWORD )DetourFunction - dwJumpAddress - 5; // offset for jump instruction
  51.     memcpy( &cHook[ 1 ], &dwFunction, 4 ); // move offset into array
  52.    
  53.     DWORD dwOld;
  54.     VirtualProtect( ( PVOID )dwJumpAddress, 5, PAGE_EXECUTE_READWRITE, &dwOld ); // open memory for modification
  55.     memcpy( ( PVOID )dwJumpAddress, &cHook, 5 ); // move instruction
  56.     VirtualProtect( ( PVOID )dwJumpAddress, 5, dwOld, 0 ); // return permissions
  57. }
  58. //----------------------------------//
  59.  
  60. // The best way to do this would be to make the function take parameters for function to detour
  61. // Have it copy and append the original instructions before jumping to the actual detour function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!