Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- -----------------------------------------
- * Game hacking QTS ( Quickie Tip Series )
- * no. 11 - Register logging detour
- -----------------------------------------
- * Author: SEGnosis - GHAnon.net
- * Thanks to:
- * bitterbanana - No known site
- * Drunken Cheetah - No known site
- * fatboy88 - No known site
- * Geek4Ever - No known site
- * learn_more - www.uc-forum.com
- * Novocaine - http://ilsken.net/blog/?page_id=64
- * Philly0494 - No known site
- * Roverturbo - www.uc-forum.com
- * SilentKarma - www.halocoders.com - offline
- * Strife - www.uc-forum.com
- * Wieter20 - No known site
- */
- DWORD dwRet = 0x00000000; // return address
- DWORD dwJumpAddress = 0x00000000; // address to detour
- //----------------------------------//
- __declspec(naked) void DetourFunction() // naked to avoid precompiled header and footer
- {
- __asm
- {
- // Original instructions here
- pushad // preserve state
- pushfd
- // log registers to variables here
- }
- // call functions here
- __asm
- {
- popfd // return states
- popad
- jmp [dwRet] // return flow to address indicated
- }
- }//----------------------------------//
- //----------------------------------//
- void DetourLogger( void )
- {
- BYTE cHook[ 5 ] = { 0xe9, 0, 0, 0, 0 }; // jump instruction with space for offset
- DWORD dwFunction = ( DWORD )DetourFunction - dwJumpAddress - 5; // offset for jump instruction
- memcpy( &cHook[ 1 ], &dwFunction, 4 ); // move offset into array
- DWORD dwOld;
- VirtualProtect( ( PVOID )dwJumpAddress, 5, PAGE_EXECUTE_READWRITE, &dwOld ); // open memory for modification
- memcpy( ( PVOID )dwJumpAddress, &cHook, 5 ); // move instruction
- VirtualProtect( ( PVOID )dwJumpAddress, 5, dwOld, 0 ); // return permissions
- }
- //----------------------------------//
- // The best way to do this would be to make the function take parameters for function to detour
- // Have it copy and append the original instructions before jumping to the actual detour function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement