quentin/maniackplanet
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Show content passed to our function

Browse source
This commit is contained in:
Quentin 2017-10-19 21:08:33 +02:00
parent a61bd93a9d
commit 8ae6da7f18
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Observer/dllmain.cpp
View file

@ -2,6 +2,7 @@
#include "stdafx.h" #include "stdafx.h"
#include <iostream> #include <iostream>
#include <fstream> #include <fstream>
#include <string>
/* /*
Function to patch Function to patch
@ -23,8 +24,9 @@ Function to patch
.text:00403B83 C2 08 00 retn 8 .text:00403B83 C2 08 00 retn 8
*/ */
void __stdcall LogMessageWrapperHook() { void __stdcall LogMessageWrapperHook(char* message, size_t message_length) {
std::cout << "[OK] Message wrapped called :D :D :D" << std::endl; std::string content(message, message_length);
std::cout << content << std::endl;
} }
__declspec(naked) void TrampolineLogMessageWrapperHook() __declspec(naked) void TrampolineLogMessageWrapperHook()
@ -34,6 +36,9 @@ __declspec(naked) void TrampolineLogMessageWrapperHook()
// Save registers // Save registers
PUSHAD PUSHAD
PUSH [esp + 32 + 8 ] // PUSHAD + shift of 8
PUSH [esp + 32 + 4 + 4 ] // PUSHAD + prev. PUSH + shift of 4
// Call our hook // Call our hook
CALL LogMessageWrapperHook CALL LogMessageWrapperHook
@ -81,7 +86,11 @@ void initDll() {
} }
// Change the instruction by JMP Trampoline // Change the instruction by JMP Trampoline
*addressToPatch = 0xE9; // JMP INT32 --- char = 1 octet
// JMP INT32 --- char = 1 octet
*addressToPatch = 0xE9;
*(unsigned int*) (addressToPatch + 1) = (unsigned int) TrampolineLogMessageWrapperHook - ((unsigned int) addressToPatch + 5); *(unsigned int*) (addressToPatch + 1) = (unsigned int) TrampolineLogMessageWrapperHook - ((unsigned int) addressToPatch + 5);
std::cout << "[OK] Memory written." << std::endl; std::cout << "[OK] Memory written." << std::endl;