Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FARPROC ApplyHookEAT ( const char* ModuleName, FARPROC TargetProcedure, FARPROC HookedProcedure )
- {
- HMODULE Module = GetModuleHandleA ( ModuleName );
- if ( !Module )
- return 0;
- IMAGE_DOS_HEADER* DosHeader = (IMAGE_DOS_HEADER*)Module;
- if ( !DosHeader )
- return 0;
- if ( DosHeader->e_magic != IMAGE_DOS_SIGNATURE )
- return 0;
- IMAGE_NT_HEADERS* NtHeader = (IMAGE_NT_HEADERS*)( Module + DosHeader->e_lfanew );
- if ( !NtHeader )
- return 0;
- if ( NtHeader->Signature != IMAGE_NT_SIGNATURE )
- return 0;
- IMAGE_EXPORT_DIRECTORY* ExportList;
- FARPROC* ExportedFunctionList;
- ExportList = (IMAGE_EXPORT_DIRECTORY*) GetPointerFromRVA ( NtHeader->OptionalHeader.DataDirectory[0].VirtualAddress, NtHeader, Module, true );
- ExportedFunctionList = (FARPROC*) GetPointerFromRVA ( ExportList->AddressOfFunctions, NtHeader, Module, true );
- int i = 0;
- for ( i = 0; i < ExportList->NumberOfFunctions; i++ )
- {
- if ( (FARPROC)( (DWORD_PTR)Module + (DWORD_PTR)ExportedFunctionList[i] ) == TargetProcedure )
- break;
- }
- DWORD Protect = 0;
- FARPROC Original = 0;
- VirtualProtect ( &ExportedFunctionList[i], sizeof(DWORD_PTR), PAGE_READWRITE, &Protect );
- Original = ExportedFunctionList[i];
- ExportedFunctionList[i] = (FARPROC)( (DWORD_PTR)HookedProcedure - (DWORD_PTR)Module );
- VirtualProtect ( &ExportedFunctionList[i], sizeof(DWORD_PTR), Protect, &Protect );
- return Original;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
