Advertisement
ZxZ666

UApiHook

Oct 7th, 2011
92
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // UApiHook.h:
  2. //---------------------------------------------------------------------------
  3. #ifndef UApiHookH
  4. #define UApiHookH
  5. //---------------------------------------------------------------------------
  6. #include <windows.h>
  7. //---------------------------------------------------------------------------
  8. #pragma pack (push, 1)
  9. typedef struct _far_jmp{
  10.     BYTE  PushOp;
  11.     PVOID PushArg;
  12.     BYTE  RetOp;
  13. } far_jmp, *pfar_jmp;
  14. typedef struct _OldCode{
  15.     USHORT One;
  16.     ULONG  TWO;
  17. } OldCode, *POldCode;
  18. #pragma pack (pop)
  19. //---------------------------------------------------------------------------
  20. OldCode HookAPI(PVOID API, PVOID NewFunc);
  21. void UnhookAPI(OldCode OldProc, PVOID API);
  22. //---------------------------------------------------------------------------
  23. #endif
  24.  
  25.  
  26.  
  27. // UApiHook.cpp:
  28. //---------------------------------------------------------------------------
  29. #pragma hdrstop
  30. //---------------------------------------------------------------------------
  31. #include "UApiHook.h"
  32. //---------------------------------------------------------------------------
  33. OldCode HookAPI(PVOID API, PVOID NewFunc)
  34. {
  35.     try
  36.     {
  37.         if(!(API && NewFunc))
  38.         {
  39.             OldCode __NULLCODE;
  40.             memset(&__NULLCODE, NULL, sizeof(OldCode));
  41.             return __NULLCODE;
  42.         }
  43.         far_jmp Fnjp;
  44.         OldCode Old;
  45.  
  46.         DWORD dwOldProtect = 0;
  47.         SIZE_T lpNumberOfBytesWritten = 0;
  48.         VirtualProtect(API, sizeof(far_jmp), PAGE_EXECUTE_READWRITE, &dwOldProtect);
  49.         ReadProcessMemory(INVALID_HANDLE_VALUE, API, &Old, sizeof(OldCode), NULL);
  50.  
  51.         Fnjp.PushOp  = 0x68;
  52.         Fnjp.PushArg = NewFunc;
  53.         Fnjp.RetOp   = 0xC3;
  54.  
  55.         if(API != NULL && NewFunc != NULL) WriteProcessMemory(INVALID_HANDLE_VALUE, API, &Fnjp, sizeof(far_jmp), &lpNumberOfBytesWritten);
  56.         return Old;
  57.     }
  58.     catch(...){}
  59. }
  60. //---------------------------------------------------------------------------
  61. void UnhookAPI(OldCode OldProc, PVOID API)
  62. {
  63.     try
  64.     {
  65.         if(API == NULL) return;
  66.         DWORD dwOldProtect = 0;
  67.         VirtualProtect(API, sizeof(OldCode), PAGE_EXECUTE_READWRITE, &dwOldProtect);
  68.         WriteProcessMemory(INVALID_HANDLE_VALUE, API, &OldProc, sizeof(OldCode), NULL);
  69.     }
  70.     catch(...){}
  71. }
  72. //---------------------------------------------------------------------------
  73. #pragma package(smart_init)
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement