API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 18th, 2021
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 1.91 KB | None | 0 0
raw download clone embed print report
  1. #include "stdafx.h"
  2. #include "detours.h"
  3. #include <stdio.h>
  4.  
  5. HMODULE g_hModule;
  6.  
  7.  
  8. FARPROC p_vSetDdrawflag;
  9. FARPROC p_AlphaBlend;
  10. FARPROC p_GradientFill;
  11. FARPROC p_TransparentBlt;
  12.  
  13. extern "C" {
  14.     __declspec(naked) void WINAPI d_vSetDdrawflag() { _asm { jmp p_vSetDdrawflag } }
  15.     __declspec(naked) void WINAPI d_AlphaBlend() { _asm { jmp p_AlphaBlend } }
  16.     __declspec(naked) void WINAPI d_GradientFill() { _asm { jmp p_GradientFill } }
  17.     __declspec(naked) void WINAPI d_TransparentBlt() { _asm { jmp p_TransparentBlt } }
  18. }
  19.  
  20. typedef int(__stdcall *origzipputfile_t)(char *a1, char *String, BYTE *a3, int a4, int a5);
  21. origzipputfile_t origzipputfile = 0;
  22.  
  23. int __stdcall zipputfile(char *a1, char *String, BYTE* a3, int a4, int a5)
  24. {
  25.     if (String[1] == 'p')
  26.     {
  27.         FILE *fp = fopen("f:/ams_dumps/dump.bin","wb");
  28.         fwrite(a3, 1, a4, fp);
  29.         fclose(fp);
  30.         if (MessageBoxA(NULL,"Abort the build?","EY",MB_OKCANCEL) != IDCANCEL)
  31.         return NULL;
  32.     }
  33.     return origzipputfile(a1, String, a3, a4, a5);
  34. }
  35.  
  36.  
  37. BOOL APIENTRY DllMain( HMODULE hModule,
  38.                        DWORD  ul_reason_for_call,
  39.                        LPVOID lpReserved
  40.                      )
  41. {
  42.     switch (ul_reason_for_call)
  43.     {
  44.     case DLL_PROCESS_ATTACH: {
  45.         char buffer[MAX_PATH];
  46.         ::GetSystemDirectoryA(buffer, MAX_PATH);
  47.         strcat(buffer, "\\msimg32.dll");
  48.  
  49.         HMODULE h_original = LoadLibraryA(buffer);
  50.         p_vSetDdrawflag = GetProcAddress(h_original, "vSetDdrawflag");
  51.         p_AlphaBlend = GetProcAddress(h_original, "AlphaBlend");
  52.         p_GradientFill = GetProcAddress(h_original, "GradientFill");
  53.         p_TransparentBlt = GetProcAddress(h_original, "TransparentBlt");
  54.  
  55.         MessageBoxA(NULL, "Hello, youre using fast dump hook. happy reversing", "Pabloko says:", MB_OK);
  56.         origzipputfile = (origzipputfile_t)DetourFunction((BYTE *)(0x5dfae0), (BYTE *)zipputfile);
  57.     }
  58.     case DLL_THREAD_ATTACH:
  59.     case DLL_THREAD_DETACH:
  60.     case DLL_PROCESS_DETACH:
  61.         break;
  62.     }
  63.     return TRUE;
  64. }
  65.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!