Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- from pydbg import *
- from pydbg.defines import *
- import ctypes
- import struct
- class Hooker():
- def __init__(self):
- self.jump_code = bytearray('6800000000C3'.decode('hex'))
- self.Jumpback_code = bytearray('6800000000C3'.decode('hex'))
- self.Jump_code_ize = len(self.jump_code)
- self.jumpback_code_size = len(self.Jumpback_code)
- self.dbg = pydbg()
- def hook(dll, function=None, calltype=None, restype=c_ulong, **kwargs):
- def decorator(f):
- if function is None:
- function = f.__name__
- functype = {
- None: ctypes.WINFUNCTYE,
- 'C': ctypes.CFUNCTYPE,
- }[calltype]
- arg_names = f.func_code.co_varnames
- arg_types = [kwargs.get(arg_name, c_ulong) for arg_name in arg_names]
- prototype = functype(restype, *arg_types)
- fake = prototype(f)
- address = self.dbg.func_resolve_debuggee(dll, function)
- if not address:
- return False
- backup_length = 0
- while backup_length < self.Jump_code_ize:
- instruction = self.dbg.get_instruction(where)
- if instruction:
- backup_length += instruction.length
- else:
- return False
- self.jump_code[1:5] = struct.pack('I', fake)
- self.Jumpback_code[1:5] = struct.pack('I', address + backup_length)
- proxy_function_addr = self.dbg.virtual_alloc(
- NULL, backup_length + self.jumpback_code_size,
- MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)
- proxy_function = self.dbg.read(address, backup_length)
- proxy_function += self.Jumpback_code
- self.dbg.write(proxy_function_addr, proxy_function,
- len(proxy_function))
- return proxy_function_addr
- return decorator
- if __main__ == '__main__':
- hooker = Hooker()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
