Message wrapper called but crash ManiaPlanet
This commit is contained in:
parent
2b747cf568
commit
2ad9977ff9
1 changed files with 34 additions and 12 deletions
|
@ -2,9 +2,9 @@
|
||||||
#include "stdafx.h"
|
#include "stdafx.h"
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
/*
|
|
||||||
void __stdcall LogMessageWrapperHook() {
|
void __stdcall LogMessageWrapperHook() {
|
||||||
std::cout << "Message wrapped called" << std::endl;
|
std::cout << "[OK] Message wrapped called :D :D :D" << std::endl;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(naked) void TrampolineLogMessageWrapperHook()
|
__declspec(naked) void TrampolineLogMessageWrapperHook()
|
||||||
|
@ -27,7 +27,7 @@ __declspec(naked) void TrampolineLogMessageWrapperHook()
|
||||||
// Not really sure...
|
// Not really sure...
|
||||||
RET
|
RET
|
||||||
}
|
}
|
||||||
}*/
|
}
|
||||||
|
|
||||||
void initDll() {
|
void initDll() {
|
||||||
AllocConsole();
|
AllocConsole();
|
||||||
|
@ -37,23 +37,45 @@ void initDll() {
|
||||||
freopen_s(&console, "CONOUT$", "w", stdout);
|
freopen_s(&console, "CONOUT$", "w", stdout);
|
||||||
freopen_s(&console, "CONOUT$", "w", stderr);
|
freopen_s(&console, "CONOUT$", "w", stderr);
|
||||||
|
|
||||||
std::cout << "Observer.dll was successfully injected, time to patch now..." << std::endl;
|
std::cout << "[OK] Observer.dll was successfully injected, time to patch now..." << std::endl;
|
||||||
|
|
||||||
return;
|
unsigned char* addressToPatch = (unsigned char *)0x403b70;
|
||||||
/*
|
|
||||||
unsigned int* addressToPatch = (unsigned int*)0x403b70;
|
|
||||||
DWORD oldProtection = 0;
|
DWORD oldProtection = 0;
|
||||||
|
|
||||||
|
if (*addressToPatch != 0x56 || *(addressToPatch + 1) != 0xff) {
|
||||||
|
std::cout << "[ERR] Did not found 0x56 0xff which are the searched opcodes..." << std::endl;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
std::cout << "[OK] Found the searched opcodes 0x56 0xff" << std::endl;
|
||||||
|
}
|
||||||
|
|
||||||
// Enable writing in memory
|
// Enable writing in memory
|
||||||
if (!VirtualProtect(addressToPatch, 5, PAGE_EXECUTE_READWRITE, &oldProtection)) {
|
if (!VirtualProtect(addressToPatch, 5, PAGE_EXECUTE_READWRITE, &oldProtection)) {
|
||||||
std::cout << "Failed to change VirtualProtect status while attempting to patch your binary" << std::endl;
|
std::cout << "[ERR] Failed to change VirtualProtect BEFORE writing memory" << std::endl;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
std::cout << "[OK] Successfully changed VirtualProtect BEFORE writing memory" << std::endl;
|
||||||
|
}
|
||||||
|
|
||||||
// Change the instruction by JMP Trampoline
|
// Change the instruction by JMP Trampoline
|
||||||
*addressToPatch = 0xE9; // JMP INT32
|
*addressToPatch = 0xE9; // JMP INT32 --- char = 1 octet
|
||||||
*(addressToPatch + 1) = (unsigned int)TrampolineLogMessageWrapperHook - ((unsigned int)addressToPatch + 5);
|
*(unsigned int*) (addressToPatch + 1) = (unsigned int) TrampolineLogMessageWrapperHook - ((unsigned int) addressToPatch + 5);
|
||||||
*/
|
std::cout << "[OK] Memory written." << std::endl;
|
||||||
|
|
||||||
|
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
|
||||||
|
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogMessageWrapperHook) << std::endl;
|
||||||
|
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
|
||||||
|
|
||||||
|
// Reprotect memory
|
||||||
|
if (!VirtualProtect(addressToPatch, 5, oldProtection, &oldProtection)) {
|
||||||
|
std::cout << "[ERR] Failed to change VirtualProtect AFTER writing memory" << std::endl;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
std::cout << "[OK] Successfully changed VirtualProtect AFTER writing memory" << std::endl;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue