forked from efidemon69/Voyager
-
Notifications
You must be signed in to change notification settings - Fork 2
/
InlineHook.c
35 lines (28 loc) · 838 Bytes
/
InlineHook.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#include "InlineHook.h"
// x64-86 Compatible
VOID MakeInlineHook(PINLINE_HOOK_T Hook, VOID* HookFrom, VOID* HookTo, BOOLEAN Install)
{
unsigned char JmpCode[14] =
{
0xff, 0x25, 0x0, 0x0, 0x0, 0x0, // jmp QWORD PTR[rip + 0x0]
// jmp address...
0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0
};
// save original bytes, and hook related addresses....
Hook->Address = HookFrom;
Hook->HookAddress = HookTo;
MemCopy(Hook->Code, HookFrom, sizeof Hook->Code);
// setup hook...
MemCopy(JmpCode + 6, &HookTo, sizeof HookTo);
MemCopy(Hook->JmpCode, JmpCode, sizeof JmpCode);
if (Install) EnableInlineHook(Hook);
}
VOID EnableInlineHook(PINLINE_HOOK_T Hook)
{
MemCopy(Hook->Address, Hook->JmpCode, sizeof Hook->JmpCode);
}
VOID DisableInlineHook(PINLINE_HOOK_T Hook)
{
MemCopy(Hook->Address, Hook->Code, sizeof Hook->Code);
}