Failed to patch with call + no new line on hook

This commit is contained in:
Quentin 2017-10-20 09:56:24 +02:00
parent 8ae6da7f18
commit 7e20d3bbee

View file

@ -26,10 +26,10 @@ Function to patch
void __stdcall LogMessageWrapperHook(char* message, size_t message_length) { void __stdcall LogMessageWrapperHook(char* message, size_t message_length) {
std::string content(message, message_length); std::string content(message, message_length);
std::cout << content << std::endl; std::cout << content;
} }
__declspec(naked) void TrampolineLogMessageWrapperHook() __declspec(naked) void TrampolineLogJump()
{ {
__asm __asm
{ {
@ -55,6 +55,53 @@ __declspec(naked) void TrampolineLogMessageWrapperHook()
} }
} }
__declspec(naked) void TrampolineLogCall()
{
__asm
{
// Save registers
PUSHAD
PUSH[esp + 4 + 32 + 8] // Ret address + PUSHAD + shift of 8
PUSH[esp + 4 + 32 + 4 + 4] // Ret address + PUSHAD + prev. PUSH + shift of 4
// Call our hook
CALL LogMessageWrapperHook
// Restore registers
POPAD
// Overwrited instructions by the patch
PUSH esi
PUSH[esp + 0xC] // push [esp + 4 + messageLength]
// Jump back to the function (8 as 4 + 4 for the 2 previous PUSH)
RET
}
}
void patchJump(unsigned char* addressToPatch) {
// JMP INT32 --- char = 1 octet
*addressToPatch = 0xE9;
*(unsigned int*)(addressToPatch + 1) = (unsigned int)TrampolineLogJump - ((unsigned int)addressToPatch + 5);
std::cout << "[OK] Jump patch written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogJump) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
}
// DOES NOT WORK CURRENTLY
void patchCall(unsigned char* addressToPatch) {
*addressToPatch = 0xE8;
*(unsigned int*)(addressToPatch + 1) = (unsigned int)TrampolineLogCall - ((unsigned int)addressToPatch + 5);
std::cout << "[OK] Call patch written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogCall) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
}
void initDll() { void initDll() {
AllocConsole(); AllocConsole();
SetConsoleTitleA("Maniaplanet Observer"); SetConsoleTitleA("Maniaplanet Observer");
@ -87,16 +134,7 @@ void initDll() {
// Change the instruction by JMP Trampoline // Change the instruction by JMP Trampoline
// JMP INT32 --- char = 1 octet patchJump(addressToPatch);
*addressToPatch = 0xE9;
*(unsigned int*) (addressToPatch + 1) = (unsigned int) TrampolineLogMessageWrapperHook - ((unsigned int) addressToPatch + 5);
std::cout << "[OK] Memory written." << std::endl;
std::cout << "[INF] Patched function: 0x" << std::hex << (int)addressToPatch << std::endl;
std::cout << "[INF] Trampoline function: 0x" << std::hex << ((int)TrampolineLogMessageWrapperHook) << std::endl;
std::cout << "[INF] Relative jump: 0x" << std::hex << *(unsigned int*)(addressToPatch + 1) << std::endl;
// Reprotect memory // Reprotect memory
if (!VirtualProtect(addressToPatch, 5, oldProtection, &oldProtection)) { if (!VirtualProtect(addressToPatch, 5, oldProtection, &oldProtection)) {