-
Notifications
You must be signed in to change notification settings - Fork 188
/
hooklib.cpp
56 lines (51 loc) · 1.4 KB
/
hooklib.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "hooklib.h"
static HOOK hook_internal(ULONG_PTR addr, void* newfunc)
{
//allocate structure
HOOK hook = (HOOK)RtlAllocateMemory(true, sizeof(HOOKSTRUCT));
//set hooking address
hook->addr = addr;
//set hooking opcode
#ifdef _WIN64
hook->hook.mov = 0xB848;
#else
hook->hook.mov = 0xB8;
#endif
hook->hook.addr = (ULONG_PTR)newfunc;
hook->hook.push = 0x50;
hook->hook.ret = 0xc3;
//set original data
RtlCopyMemory(&hook->orig, (const void*)addr, sizeof(HOOKOPCODES));
if(!NT_SUCCESS(RtlSuperCopyMemory((void*)addr, &hook->hook, sizeof(HOOKOPCODES))))
{
RtlFreeMemory(hook);
return 0;
}
return hook;
}
HOOK Hooklib::Hook(PVOID api, void* newfunc)
{
ULONG_PTR addr = (ULONG_PTR)api;
if(!addr)
return 0;
DPRINT("[DeugMessage] hook(0x%p, 0x%p)\r\n", addr, newfunc);
return hook_internal(addr, newfunc);
}
bool Hooklib::Hook(HOOK hook)
{
if(!hook)
return false;
return (NT_SUCCESS(RtlSuperCopyMemory((void*)hook->addr, &hook->hook, sizeof(HOOKOPCODES))));
}
bool Hooklib::Unhook(HOOK hook, bool free)
{
if(!hook || !hook->addr)
return false;
if(NT_SUCCESS(RtlSuperCopyMemory((void*)hook->addr, hook->orig, sizeof(HOOKOPCODES))))
{
if(free)
RtlFreeMemory(hook);
return true;
}
return false;
}