Simple Function Prolog Hook

1. /* Terminology:
2.  *
3.  * fish = function to patch
4.  * hook = patch to apply
5.  * coolbox = overwritten bytes and stack fixer
6.  * scales = memory security flags
7.  */
8.  
9. #include <stdlib.h>
10. #include <stdio.h>
11. #include <assert.h>
12. #include <stdint.h>
13. #include <string.h>
14. #include <windows.h>
15. #include "hooks.h"
16. #include "ollydisasm/disasm.h"
17. /*register int *stackp asm ("esp");
18. register int *basep  asm ("ebp");*/
19.  
20. unsigned long CleanBiteOff(const uint8_t *ptr, size_t amount); // how many bytes should i overwrite to fit a jump and not leave garbage behind
21.  
22. int attachRawHook(uintptr_t fish, uintptr_t hook)
23. {
24.  
25.     #define JMP_SIZE 5
26.     unsigned long safeSize = CleanBiteOff((uint8_t*)fish, JMP_SIZE);
27.    
28.     uint8_t *overwrite = malloc(safeSize);
29.  
30.     overwrite[0] = 0xE9;//call e8 -- jmp e9
31.     for (int i = JMP_SIZE; i < safeSize; i++)
32.         overwrite[i] = 0x90;
33.  
34.     DWORD oldScales, newScales;
35.     //__asm("int $3");
36.     uint8_t* coolbox;
37.     #define XCHG_SIZE 13
38.     #define FOOTER_SIZE 2*JMP_SIZE+XCHG_SIZE
39.     if ((coolbox = VirtualAlloc(NULL, safeSize + FOOTER_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)) == NULL)
40.         return __HOOK_VIRTUALALLOC_COOLBOX;
41.     uintptr_t relative = (uintptr_t)coolbox + safeSize - fish;
42.    
43.     memcpy(&overwrite[1], &relative, JMP_SIZE-1);
44.     memcpy(coolbox, (void*)(fish), safeSize);
45.     relative = -relative;
46.     /*
47.     push ecx
48.     mov ecx, %coolbox
49.     xchg dword [esp+4], ecx
50.     xchg dword[esp], ecx
51.  
52.      {0x51,0xB9,0,0,0,0,0x87,0x4C,0xE4,0x04,0x87,0x0C,0xE4}
53.     */
54.     #define FOUR_BYTES 0,0,0,0
55.     uint8_t coolboxfooter[FOOTER_SIZE] = {0xE9,FOUR_BYTES,0x51,0xB9,FOUR_BYTES,0x87,0x4C,0xE4,0x04,0x87,0x0C,0xE4, 0xE9/*,FOUR_BYTES*/};
56.     memcpy(&coolboxfooter[1], &relative, JMP_SIZE-1);
57.     memcpy(&coolboxfooter[JMP_SIZE+2], &coolbox, JMP_SIZE-1);
58.     relative = hook - ((uintptr_t)coolbox + safeSize + FOOTER_SIZE);
59.     memcpy(&coolboxfooter[JMP_SIZE+XCHG_SIZE+1], &relative, JMP_SIZE-1);
60.     memcpy(coolbox+safeSize, coolboxfooter, FOOTER_SIZE);
61.  
62.     if (VirtualProtect((LPVOID) fish, safeSize, PAGE_READWRITE, &oldScales) == 0)
63.         return __HOOK_PROTECTION_DISABLE;
64.  
65.     memcpy((void*)fish, overwrite, safeSize);
66.    
67.     if (VirtualProtect((LPVOID)fish, safeSize, oldScales, &newScales) == 0)
68.         return __HOOK_PROTECTION_ENABLE;
69.  
70.     return __HOOK_ALL_OK;
71.    
72. }
73. unsigned long CleanBiteOff(const uint8_t *ptr, size_t amount)
74. {
75.     static t_disasm disasm;
76.     unsigned long size = 0;
77.     do {size += Disasm(ptr+size, 16, 0x00401AAC, &disasm, DISASM_SIZE);} while(size < amount);
78.     return size;
79. }