-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcHook.cpp
43 lines (26 loc) · 971 Bytes
/
cHook.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
/*
Coded by 0xPh0enix
*/
#include "cHook.h"
DWORD cHook::HookFunction(LPCSTR pszModule, LPCSTR pszFuncName, LPVOID lpFunction, LPBYTE lpBackup){
HMODULE hModule = GetModuleHandleA(pszModule);
if (!hModule)
return 0;
DWORD dwAddr = (DWORD)GetProcAddress(hModule, pszFuncName);
BYTE bJMP[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 };
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);
memcpy(&bJMP[1], &dwCalc, 4);
WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, bJMP, 6, 0);
return dwAddr;
}
BOOL cHook::UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPBYTE lpBackup)
{
HMODULE hModule = GetModuleHandleA(lpModule);
if (!hModule)
return FALSE;
DWORD dwAddr = (DWORD)GetProcAddress(hModule, lpFuncName);
if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
return TRUE;
return FALSE;
}