Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define makeptr(cast, address, offset) (cast)( (DWORD_PTR)address + (DWORD_PTR)offset )
- #define makedelta(cast, address, offset) (cast)( (DWORD_PTR)address - (DWORD_PTR)offset )
- IMAGE_SECTION_HEADER* GetEnclosingSectionHeader ( uintptr_t rva, IMAGE_NT_HEADERS* ntHdr )
- {
- IMAGE_SECTION_HEADER* pSection;
- uintptr_t i, dwSize;
- // go through all the sections in this module
- pSection = IMAGE_FIRST_SECTION( ntHdr );
- for ( i = 0; i < ntHdr->FileHeader.NumberOfSections; i++, pSection++ ) {
- // size of this section
- dwSize = pSection->Misc.VirtualSize ? pSection->Misc.VirtualSize : pSection->SizeOfRawData;
- // is this the section containing our address?
- if ( (rva >= pSection->VirtualAddress) && (rva < (pSection->VirtualAddress + dwSize)) )
- return pSection;
- }
- return 0;
- }
- //=========================================================
- uintptr_t GetMappedSectionOffset ( IMAGE_NT_HEADERS* ntHdr, IMAGE_SECTION_HEADER* pSectionHeader, void* pBase )
- {
- IMAGE_SECTION_HEADER* pSection;
- uintptr_t dwOffset;
- unsigned short i;
- // get the first section of this module
- pSection = IMAGE_FIRST_SECTION( ntHdr );
- // just in case our section isn't here...
- dwOffset = makedelta(uintptr_t, pSection, pBase);
- // go through all the sections in this module
- for ( i = 0; i < ntHdr->FileHeader.NumberOfSections; i++, pSection++ ) {
- // is this the section we specified?
- if ( pSection->Name == pSectionHeader->Name ) {
- // offset from imagebase + rva
- dwOffset = makedelta(uintptr_t, pSection->VirtualAddress, pSection->PointerToRawData);
- break;
- }
- }
- return dwOffset;
- }
- //=========================================================
- uintptr_t GetPtrFromRVA ( uintptr_t rva, IMAGE_NT_HEADERS* ntHdr, unsigned char* lpImage, bool bMapped )
- {
- IMAGE_SECTION_HEADER* pSectionHeader;
- uintptr_t dwResult = 0, dwOffset = 0;
- // section of this pointer
- pSectionHeader = GetEnclosingSectionHeader ( rva, ntHdr );
- // relative offset for this section
- if ( bMapped )
- dwOffset = GetMappedSectionOffset ( ntHdr, pSectionHeader, lpImage );
- // did we find our ptr in this PE?
- if ( pSectionHeader ) {
- // get address of RVA in this image
- dwResult = makeptr(uintptr_t, lpImage, rva);
- // start at the base of this section
- dwResult -= makedelta(int, pSectionHeader->VirtualAddress, pSectionHeader->PointerToRawData);
- // now add the offset to this section to get our ptr
- dwResult += dwOffset;
- }
- return dwResult;
- }
- void ApplyHook ( HMODULE Module, FARPROC TargetProcedure, FARPROC HookedProcedure )
- {
- IMAGE_DOS_HEADER* DosHeader = (IMAGE_DOS_HEADER*)Module;
- if ( DosHeader->e_magic != IMAGE_DOS_SIGNATURE )
- {
- printf ( "shit module!\n" );
- return;
- }
- IMAGE_NT_HEADERS* NtHeader = (IMAGE_NT_HEADERS*)( (DWORD_PTR)DosHeader + DosHeader->e_lfanew );
- if ( NtHeader->Signature != IMAGE_NT_SIGNATURE )
- {
- printf ( "shit module #2!\n" );
- return;
- }
- IMAGE_EXPORT_DIRECTORY* ExportDir = (IMAGE_EXPORT_DIRECTORY*) GetPtrFromRVA ( NtHeader->OptionalHeader.DataDirectory[0].VirtualAddress, NtHeader, (unsigned char*)Module, true );
- if ( !ExportDir )
- {
- printf ( "export dir fucked up!\n" );
- return;
- }
- FARPROC* ExportedFunctionList = (FARPROC*) GetPtrFromRVA ( ExportDir->AddressOfFunctions, NtHeader, (unsigned char*)Module, true );
- if ( !ExportedFunctionList )
- {
- printf ( "exported func list fucked up!\n" );
- return;
- }
- int i = 0;
- for ( i = 0; i < ExportDir->NumberOfFunctions; i++ )
- {
- if ( (FARPROC)( Module + (DWORD_PTR)ExportedFunctionList[i] ) == TargetProcedure )
- break;
- }
- DWORD Protect;
- VirtualProtect ( &ExportedFunctionList[i], sizeof(DWORD_PTR), PAGE_READWRITE, &Protect );
- ExportedFunctionList[i] = (FARPROC)( (DWORD_PTR)HookedProcedure - (DWORD_PTR)Module );
- VirtualProtect ( &ExportedFunctionList[i], sizeof(DWORD_PTR), Protect, &Protect );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
