quentin/maniackplanet
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Failed to patch with call + no new line on hook

Browse source
This commit is contained in:
Quentin 2017-10-20 09:56:24 +02:00
parent 8ae6da7f18
commit 7e20d3bbee
1 changed files with 51 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
Observer/dllmain.cpp
View file

@ -26,10 +26,10 @@ Function to patch
void __stdcall LogMessageWrapperHook(char* message, size_t message_length) {
std::string content(message, message_length);
std::cout << content << std::endl;
std::cout << content;
}
__declspec(naked) void TrampolineLogMessageWrapperHook()
__declspec(naked) void TrampolineLogJump()
{
__asm
{
@ -55,6 +55,53 @@ __declspec(naked) void TrampolineLogMessageWrapperHook()
}
}
__declspec(naked) void TrampolineLogCall()
{
__asm
{
// Save registers
PUSHAD
PUSH[esp + 4 + 32 + 8] // Ret address + PUSHAD + shift of 8
PUSH[esp + 4 + 32 + 4 + 4] // Ret address + PUSHAD + prev. PUSH + shift of 4
// Call our hook
CALL LogMessageWrapperHook
// Restore registers
POPAD
// Overwrited instructions by the patch
PUSH esi
PUSH[esp + 0xC] // push [esp + 4 + messageLength]
// Jump back to the function (8 as 4 + 4 for the 2 previous PUSH)
RET
}
}
void patchJump(unsigned char* addressToPatch) {
// JMP INT32 --- char = 1 octet
*addressToPatch = 0xE9;
*(unsigned int*)(addressToPatch + 1) = (unsigned int)TrampolineLogJump - ((unsigned int)addressToPatch + 5);
std::cout << "[OK] Jump patch written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogJump) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
}
// DOES NOT WORK CURRENTLY
void patchCall(unsigned char* addressToPatch) {
*addressToPatch = 0xE8;
*(unsigned int*)(addressToPatch + 1) = (unsigned int)TrampolineLogCall - ((unsigned int)addressToPatch + 5);
std::cout << "[OK] Call patch written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogCall) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
}
void initDll() {
AllocConsole();
SetConsoleTitleA("Maniaplanet Observer");
@ -75,7 +122,7 @@ void initDll() {
else {
std::cout << "[OK] Found the searched opcodes 0x56 0xff" << std::endl;
}
// Enable writing in memory
if (!VirtualProtect(addressToPatch, 5, PAGE_EXECUTE_READWRITE, &oldProtection)) {
std::cout << "[ERR] Failed to change VirtualProtect BEFORE writing memory" << std::endl;
@ -87,16 +134,7 @@ void initDll() {
// Change the instruction by JMP Trampoline
// JMP INT32 --- char = 1 octet
*addressToPatch = 0xE9;
*(unsigned int*) (addressToPatch + 1) = (unsigned int) TrampolineLogMessageWrapperHook - ((unsigned int) addressToPatch + 5);
std::cout << "[OK] Memory written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogMessageWrapperHook) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
patchJump(addressToPatch);
// Reprotect memory
if (!VirtualProtect(addressToPatch, 5, oldProtection, &oldProtection)) {