Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // TODO: bounds checking on for loops
- void _api::ReDirectFunction(char* strDllName, char* strFunctionName, unsigned long funcaddr)
- {
- DWORD dwBackup,dwIndex,dwOffset;
- PDWORD pdwIAT,pdwINT;
- HMODULE hmHL; // Stores Half-Life module handle.
- PIMAGE_DATA_DIRECTORY pDataDirectory; // Stores Import Function Table address.
- PIMAGE_DOS_HEADER pDosHeader; // Holds DOS Header.
- PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor; // Holds dll information.
- PIMAGE_IMPORT_BY_NAME pImportName; // Holds the function name info.
- PIMAGE_OPTIONAL_HEADER pOptionalHeader; // Holds the Optional Header part of PE Header.
- PIMAGE_NT_HEADERS pPeHeader; // Holds the PE Header.
- PSTR strCurrent; // Buffer used when looking for GetProcAddress.
- hmHL = ::GetModuleHandle(NULL); // Get the base address of Half-Life’s program.
- pDosHeader = PIMAGE_DOS_HEADER(hmHL); // Fill the IMAGE_DOS_HEADER structure.
- dwOffset = pDosHeader->e_lfanew; // Get the offset of the PE header.
- pPeHeader = PIMAGE_NT_HEADERS(LONG(hmHL) + dwOffset);
- pOptionalHeader = &pPeHeader->OptionalHeader; // Fill the IMAGE_OPTION_HEADER structure.
- pDataDirectory = pOptionalHeader->DataDirectory; // Fill the IMAGE_DATA_DIRECTORY structure.
- dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress; // Get the offset to the Import Function Table.
- pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(LONG(hmHL) + dwOffset); // Fill the IMAGE_IMPORT_DESCRIPTOR structure.
- for(dwIndex = 0; true; dwIndex++){ // Set up a never ending loop.
- dwOffset = pImportDescriptor[dwIndex].Name; // Get the offset to the dll name.
- strCurrent = PSTR(LONG(hmHL) + dwOffset);
- //logit("IMPORT: %s",strCurrent);
- if(_stricmp(strCurrent, strDllName) == 0)
- break; // If its kernel32.dll break, otherwise loop to
- } // the next structure.
- dwOffset = pImportDescriptor[dwIndex].FirstThunk; // Get the offset to the Import Address Table.
- pdwIAT = PDWORD(LONG(hmHL) + dwOffset);
- dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk; // Get the offset to the Import Name Table.
- pdwINT = PDWORD(LONG(hmHL) + dwOffset);
- for(dwIndex = 0; true; dwIndex++){ // Set up a never ending loop.
- dwOffset = pdwINT[dwIndex]; // Get the offset to the function name.
- pImportName = PIMAGE_IMPORT_BY_NAME(LONG(hmHL) + dwOffset);
- strCurrent = PSTR(pImportName->Name); // Get the current function name.
- //logit("IMPORT: dll->%s",strCurrent);
- if(_stricmp(strCurrent, strFunctionName) == 0)
- break; // If the name is strFunctionName break,
- } // otherwise loop to the next dword.
- VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), PAGE_READWRITE, &dwBackup); // Make sure we have write access.
- pdwIAT[dwIndex] = funcaddr;//PtrToUlong(); // Replace the address of GetProcAddress.
- VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), dwBackup, &dwOffset); // Instill the original access protection.
- }
Add Comment
Please, Sign In to add comment