Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // UApiHook.h:
- //---------------------------------------------------------------------------
- #ifndef UApiHookH
- #define UApiHookH
- //---------------------------------------------------------------------------
- #include <windows.h>
- //---------------------------------------------------------------------------
- #pragma pack (push, 1)
- typedef struct _far_jmp{
- BYTE PushOp;
- PVOID PushArg;
- BYTE RetOp;
- } far_jmp, *pfar_jmp;
- typedef struct _OldCode{
- USHORT One;
- ULONG TWO;
- } OldCode, *POldCode;
- #pragma pack (pop)
- //---------------------------------------------------------------------------
- OldCode HookAPI(PVOID API, PVOID NewFunc);
- void UnhookAPI(OldCode OldProc, PVOID API);
- //---------------------------------------------------------------------------
- #endif
- // UApiHook.cpp:
- //---------------------------------------------------------------------------
- #pragma hdrstop
- //---------------------------------------------------------------------------
- #include "UApiHook.h"
- //---------------------------------------------------------------------------
- OldCode HookAPI(PVOID API, PVOID NewFunc)
- {
- try
- {
- if(!(API && NewFunc))
- {
- OldCode __NULLCODE;
- memset(&__NULLCODE, NULL, sizeof(OldCode));
- return __NULLCODE;
- }
- far_jmp Fnjp;
- OldCode Old;
- DWORD dwOldProtect = 0;
- SIZE_T lpNumberOfBytesWritten = 0;
- VirtualProtect(API, sizeof(far_jmp), PAGE_EXECUTE_READWRITE, &dwOldProtect);
- ReadProcessMemory(INVALID_HANDLE_VALUE, API, &Old, sizeof(OldCode), NULL);
- Fnjp.PushOp = 0x68;
- Fnjp.PushArg = NewFunc;
- Fnjp.RetOp = 0xC3;
- if(API != NULL && NewFunc != NULL) WriteProcessMemory(INVALID_HANDLE_VALUE, API, &Fnjp, sizeof(far_jmp), &lpNumberOfBytesWritten);
- return Old;
- }
- catch(...){}
- }
- //---------------------------------------------------------------------------
- void UnhookAPI(OldCode OldProc, PVOID API)
- {
- try
- {
- if(API == NULL) return;
- DWORD dwOldProtect = 0;
- VirtualProtect(API, sizeof(OldCode), PAGE_EXECUTE_READWRITE, &dwOldProtect);
- WriteProcessMemory(INVALID_HANDLE_VALUE, API, &OldProc, sizeof(OldCode), NULL);
- }
- catch(...){}
- }
- //---------------------------------------------------------------------------
- #pragma package(smart_init)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement