Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1st you have tp check what dll has the GetHashFromFile Function
- HMODULE hDLL = GetModuleHandleA("xxxx.dll");
- DWORD dwGetHashFromFile = (DWORD)GetProcAddress(hDLL, "GetHashFromFile");
- DWORD dwGetHashFromFile_Ret = dwGetHashFromFile+X;
- HRESULT GetHashFromFile_Hook (
- [in] LPCSTR szFilePath,
- [in, out] unsigned int *piHashAlg,
- [out] BYTE *pbHash,
- [in] DWORD cchHash,
- [out] DWORD *pchHash
- ){
- HRESULT retval = _GetHashFromFile(szFilePath, piHashAlg, pbHash, cchHash, pchHash);
- //add the retval modification code here
- }
- void _declspec(naked) _GetHashFromFile(){
- _asm{
- //original code here
- jmp dword ptr [dwGetHashFromFile_Ret]
- }
- }
- void writehook(){
- DWORD old;
- VirtualProtect(*(DWORD *)dwGetHashFromFile, X, PAGE_EXECUTE_READWRITE, &old);
- *(BYTE *) dwGetHashFromFile = 0xE9;
- *(DWORD *)(dwGetHashFromFile+1) = (DWORD)GetHashFromFile_Hook- dwGetHashFromFile -5;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
