Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // dllmain.cpp : Defines the entry point for the DLL application.
- #define _CRT_SECURE_NO_DEPRECATE
- #include "stdafx.h"
- #include "xorkey.h"
- #include <stdio.h>
- HMODULE myModule = NULL;
- const char* a = XorString("aaa");
- int myptr = 0;
- DWORD dwOld;
- void unloadself()
- {
- FreeLibraryAndExitThread(myModule, 0);
- }
- int TrampolinePtr = 0;
- void _fastcall myHook() {
- _asm {
- nop //Restore skipped opcode
- JMP TrampolinePtr
- }
- }
- extern "C" {
- __declspec(dllexport) void MyCFunc(int ptr);
- }
- void MyCFunc(int ptr) {
- myptr = ptr;
- }
- unsigned long MyHandler(EXCEPTION_POINTERS *e)
- {
- DWORD dwOld;
- if (e->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) {
- if (e->ContextRecord->Eip == myptr) // Here we check to see if the instruction pointer is at the place where we want to hook.
- {
- /*
- void* ptr2 = (void*)(e->ContextRecord->Eip + 1);
- memcpy(&TrampolinePtr, ptr2, 4);
- TrampolinePtr += e->ContextRecord->Eip + 5;
- e->ContextRecord->Eip = (DWORD)myHook + 3; //Point EIP to hook handle.
- */
- TrampolinePtr = e->ContextRecord->Eip + 1;
- e->ContextRecord->Eip = (DWORD)myHook + 3; //Point EIP to hook handle.
- }
- e->ContextRecord->EFlags |= 0x100; //Set single step flag, causing only one line of code to be executed and then throwing the STATUS_SINGLE_STEP exception.
- return EXCEPTION_CONTINUE_EXECUTION; // When we return to the page, it will no longer be PAGE_GUARD'ed, so we rely on single stepping to re-apply it. (If we re-applied it here, we'd never move forward.)
- }
- else if (e->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP) // This is now going to return true on the next line of execution within our page, where we re-apply PAGE_GUARD and repeat.
- {
- VirtualProtect((void*)myptr, 1, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
- return EXCEPTION_CONTINUE_EXECUTION;
- }
- return EXCEPTION_CONTINUE_SEARCH;
- }
- void hackthread() {
- AddVectoredExceptionHandler(1, (PVECTORED_EXCEPTION_HANDLER)MyHandler);
- int setE = 0;
- do {
- if (myptr != 0 && !setE) {
- setE = 1;
- VirtualProtect((void*)myptr, 1, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
- }
- Sleep(1);
- } while (1);
- }
- BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
- {
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- if (myModule == NULL) {
- wchar_t lpFilename[256];
- GetModuleFileName(NULL, lpFilename, 256);
- myModule = hModule;
- //MessageBox(NULL, lpFilename, lpFilename, MB_OK);
- if (wcsstr(lpFilename, L"ConsoleApplication5") != NULL)
- {
- // MessageBox(NULL, lpFilename, L"Loading HOTS Module", MB_OK);
- CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)hackthread, NULL, NULL, NULL);
- // CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&orbwalker, NULL, NULL,
- // NULL);
- }
- else
- {
- CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&unloadself, NULL, NULL, NULL);
- }
- }
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- case DLL_PROCESS_DETACH:
- break;
- }
- return TRUE;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement