My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Untitled

By: a guest | Feb 9th, 2010 | Syntax: None | Size: 3.53 KB | Hits: 266 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1. #include <windows.h>
  2. #pragma comment(linker, "/ENTRY:main")
  3.  
  4. static const unsigned int MAX_ALLOWED_HOOKS = 0x100;
  5. typedef void(*hook_t)(PCONTEXT);
  6. typedef ULONG(WINAPI *npvm_t)(HANDLE, PVOID, PULONG, ULONG, PULONG);
  7.  
  8. npvm_t NtProtectVirtualMemory;
  9.  
  10. bool handler_initialized = false;
  11. uintptr_t functions_to_hook[MAX_ALLOWED_HOOKS] = { 0 };
  12. hook_t corresponding_hooks[MAX_ALLOWED_HOOKS] = { (hook_t) 0 };
  13. uintptr_t reset_hook_location;
  14.  
  15. unsigned long HookHandler(PEXCEPTION_POINTERS exc)
  16. {
  17.         uintptr_t instruction_pointer;
  18.         DWORD hook_length, old_access;
  19.  
  20.         #ifdef _M_IX86
  21.         instruction_pointer = exc->ContextRecord->Eip;
  22.         #else
  23.         instruction_pointer = exc->ContextRecord->Rip;
  24.         #endif
  25.  
  26.         if (exc->ExceptionRecord->ExceptionCode != STATUS_ACCESS_VIOLATION && exc->ExceptionRecord->ExceptionCode != STATUS_SINGLE_STEP)
  27.         {
  28.                 return (EXCEPTION_CONTINUE_SEARCH);
  29.         }
  30.         else if (exc->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP)
  31.         {
  32.                 hook_length = 1;
  33.                 NtProtectVirtualMemory(reinterpret_cast<HANDLE>(~0), &reset_hook_location, &hook_length, PAGE_NOACCESS, &old_access);
  34.                 return (EXCEPTION_CONTINUE_EXECUTION);
  35.         }
  36.  
  37.         for (unsigned int i = 0; i < sizeof(functions_to_hook) / sizeof(uintptr_t); i++)
  38.         {
  39.                 if (functions_to_hook[i] == instruction_pointer)
  40.                 {
  41.                         corresponding_hooks[i](exc->ContextRecord);
  42.                         break;
  43.                 }
  44.                 else if (functions_to_hook[i] == 0)
  45.                 {
  46.                         break;
  47.                 }
  48.         }
  49.  
  50.         hook_length = 1;
  51.         NtProtectVirtualMemory(reinterpret_cast<HANDLE>(~0), &instruction_pointer, &hook_length, PAGE_EXECUTE, &old_access);
  52.         exc->ContextRecord->EFlags |= 0x100;
  53.         reset_hook_location = instruction_pointer;
  54.  
  55.         return (EXCEPTION_CONTINUE_EXECUTION);
  56. }
  57.  
  58. bool AddHook(uintptr_t address, hook_t jump)
  59. {
  60.         DWORD old_access;
  61.         unsigned long hook_length;
  62.  
  63.         if (!handler_initialized)
  64.         {
  65.                 #ifdef __GNUC__
  66.                 typedef unsigned long(WINAPI *ADDVEHTYPE)(bool, PVOID);
  67.                 ADDVEHTYPE AddVectoredExceptionHandler = (ADDVEHTYPE) GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlAddVectoredExceptionHandler");
  68.                 AddVectoredExceptionHandler(true, (PVOID) HookHandler);
  69.                 #else
  70.                 AddVectoredExceptionHandler(true, (PVECTORED_EXCEPTION_HANDLER) HookHandler);
  71.                 #endif
  72.                
  73.                 NtProtectVirtualMemory = reinterpret_cast<npvm_t>(GetProcAddress(GetModuleHandle("ntdll.dll"), "NtProtectVirtualMemory"));
  74.         }
  75.  
  76.         for (unsigned int i = 0; i < sizeof(functions_to_hook) / sizeof(uintptr_t); i++)
  77.         {
  78.                 if (functions_to_hook[i] == address)
  79.                 {
  80.                         return (false);
  81.                 }
  82.                 else if (functions_to_hook[i] == 0)
  83.                 {
  84.                         functions_to_hook[i] = (uintptr_t) address;
  85.                         corresponding_hooks[i] = (hook_t) jump;
  86.  
  87.                         functions_to_hook[i + 1] = 0;
  88.                         corresponding_hooks[i + 1] = reinterpret_cast<hook_t>(0);
  89.                         break;
  90.                 }
  91.         }
  92.        
  93.         hook_length = 1;
  94.         NtProtectVirtualMemory(reinterpret_cast<HANDLE>(~0), &address, &hook_length, PAGE_NOACCESS, &old_access);
  95.         return (true);
  96. }
  97.  
  98. bool RemoveHook(uintptr_t address)
  99. {
  100.         for (unsigned int i = 0; i < sizeof(functions_to_hook) / sizeof(uintptr_t); i++)
  101.         {
  102.                 if (functions_to_hook[i] == address)
  103.                 {
  104.                         functions_to_hook[i] = 0;
  105.                         break;
  106.                 }
  107.         }
  108.         return (true);
  109. }
  110.  
  111. void myfunc(PCONTEXT ctx)
  112. {
  113.         *(uintptr_t *)(ctx->Esp + (sizeof(PVOID) << 1)) = (uintptr_t) "Working with arguments is easier than it looks";
  114.         *(uintptr_t *)(ctx->Esp + (sizeof(PVOID) * 3)) = (uintptr_t) "Hooked!";
  115. }
  116.  
  117. int main()
  118. {
  119.         AddHook((uintptr_t)MessageBoxA, myfunc);
  120.  
  121.         MessageBoxA(0, "Was I hooked?", "???", 0);
  122.         MessageBoxA(0, "Was I hooked?", "???", 0);
  123.  
  124.         RemoveHook((uintptr_t)MessageBoxA);
  125.  
  126.         MessageBoxA(0, "Was I hooked?", "???", 0);
  127.  
  128.         return (0);
  129. }
create new paste | create new version of this paste RAW Paste Data