Untitled

// TODO: bounds checking on for loops
void _api::ReDirectFunction(char* strDllName, char* strFunctionName, unsigned long funcaddr)
{
	DWORD dwBackup,dwIndex,dwOffset;
	PDWORD pdwIAT,pdwINT;
	HMODULE                     hmHL;                                           // Stores Half-Life module handle.
	PIMAGE_DATA_DIRECTORY       pDataDirectory;                                 // Stores Import Function Table address.
	PIMAGE_DOS_HEADER           pDosHeader;                                     // Holds DOS Header.
	PIMAGE_IMPORT_DESCRIPTOR    pImportDescriptor;                              // Holds dll information.
	PIMAGE_IMPORT_BY_NAME       pImportName;                                    // Holds the function name info.
	PIMAGE_OPTIONAL_HEADER      pOptionalHeader;                                // Holds the Optional Header part of PE Header.
	PIMAGE_NT_HEADERS           pPeHeader;                                      // Holds the PE Header.
	PSTR                        strCurrent;                                     // Buffer used when looking for GetProcAddress.

	hmHL = ::GetModuleHandle(NULL);                                               // Get the base address of Half-Life’s program.
	pDosHeader = PIMAGE_DOS_HEADER(hmHL);                                       // Fill the IMAGE_DOS_HEADER structure.
	dwOffset = pDosHeader->e_lfanew;                                            // Get the offset of the PE header.
	pPeHeader = PIMAGE_NT_HEADERS(LONG(hmHL) + dwOffset);
	pOptionalHeader = &pPeHeader->OptionalHeader;                               // Fill the IMAGE_OPTION_HEADER structure.
	pDataDirectory = pOptionalHeader->DataDirectory;                            // Fill the IMAGE_DATA_DIRECTORY structure.
	dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;     // Get the offset to the Import Function Table.
	pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(LONG(hmHL) + dwOffset);		// Fill the IMAGE_IMPORT_DESCRIPTOR structure.

	for(dwIndex = 0; true; dwIndex++){                                          // Set up a never ending loop.
		dwOffset = pImportDescriptor[dwIndex].Name;                             // Get the offset to the dll name.
		strCurrent = PSTR(LONG(hmHL) + dwOffset);
		//logit("IMPORT: %s",strCurrent);
		if(_stricmp(strCurrent, strDllName) == 0)
			break;                                                              // If its kernel32.dll break, otherwise loop to
	}                                                                           // the next structure.

	dwOffset = pImportDescriptor[dwIndex].FirstThunk;                           // Get the offset to the Import Address Table.
	pdwIAT = PDWORD(LONG(hmHL) + dwOffset);
	dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk;                   // Get the offset to the Import Name Table.
	pdwINT = PDWORD(LONG(hmHL) + dwOffset);

	for(dwIndex = 0; true; dwIndex++){                                          // Set up a never ending loop.
		dwOffset = pdwINT[dwIndex];                                             // Get the offset to the function name.
		pImportName = PIMAGE_IMPORT_BY_NAME(LONG(hmHL) + dwOffset);
		strCurrent = PSTR(pImportName->Name);                                   // Get the current function name.
		//logit("IMPORT: dll->%s",strCurrent);
		if(_stricmp(strCurrent, strFunctionName) == 0)
			break;                                                              // If the name is strFunctionName break,
	}                                                                           // otherwise loop to the next dword.

	VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), PAGE_READWRITE, &dwBackup); // Make sure we have write access.
	pdwIAT[dwIndex] = funcaddr;//PtrToUlong();                                  // Replace the address of GetProcAddress.
	VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), dwBackup, &dwOffset);       // Instill the original access protection.
}