Page 1 of 5 123 ... LastLast
Results 1 to 15 of 62
  1. #1
    Clarkie's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    28
    Reputation
    20
    Thanks
    14
    My Mood
    Shocked

    Clarkie Detours.

    Well you guys have a lot of detour problems so i made a detour for you guys. I know dont post this and that.

    I was using topblast's revival Base and i notice the Tjmp structure, which is exactly what you need to make a Jump function. So I edited it and used it to make a detour.


    Credit
    Clarkie making it
    Topblast (only for the little structure)

    [highlight=c++]#pragma pack(push)
    #pragma pack(1)

    typedef struct {
    unsigned char bNop;
    unsigned char bPush;
    unsigned long dwAddress;
    unsigned char bRet;
    } TestJmp;


    typedef struct {
    unsigned char bOPS[7];
    unsigned char bNop;
    unsigned char bJmp;
    unsigned long dwAddress;
    } Tjmp;
    #pragma pack(pop)

    bool Detour::Hook(PBYTE pTargetAddr, PBYTE pNewAddr, VOID** pCallOrigAddress)
    {
    TestJmp recJump;
    Tjmp RetJump;
    DWORD dwProtect;
    *pCallOrigAddress = VirtualAlloc(0, sizeof(Tjmp), (MEM_COMMIT | MEM_RESERVE), PAGE_EXECUTE_READWRITE);
    if( pCallOrigAddress != NULL)
    {
    WriteNOP(&RetJump, sizeof(Tjmp));

    for( int i = 0; i < (sizeof(TestJmp)+1); i++)
    RetJump.bOPS[i] = pTargetAddr[i];
    RetJump.bNop = 0x90;
    RetJump.bJmp = 0xE9;
    RetJump.dwAddress = (DWORD(pTargetAddr) + (sizeof(TestJmp)+1))-DWORD(*pCallOrigAddress)-(((sizeof(TestJmp)*2)));
    memcpy(*pCallOrigAddress, &RetJump, sizeof(Tjmp));

    if( WriteNOP(pTargetAddr, (sizeof(TestJmp))) == true &&
    VirtualProtect(pTargetAddr, sizeof(TestJmp), PAGE_EXECUTE_READWRITE, &dwProtect) == TRUE)
    {
    WriteNOP(&recJump, sizeof(TestJmp));
    recJump.bNop = 0x90;
    recJump.bPush = 0x68;
    recJump.dwAddress = DWORD(pNewAddr);
    recJump.bRet = 0xC3;
    memcpy(pTargetAddr, &recJump, sizeof(TestJmp));
    VirtualProtect(pTargetAddr, sizeof(TestJmp), dwProtect, &dwProtect);
    return true;
    }
    }
    return false;
    }
    [/highlight]
    Last edited by Clarkie; 05-30-2011 at 07:41 PM.
    New Coder here to Rock your world.

    Email : Mr_clarkie@live.com


  2. The Following 11 Users Say Thank You to Clarkie For This Useful Post:

    'Batata! (06-25-2011),baraozin (07-26-2011),CAFlames (05-30-2011),dllbaseII (07-26-2011),Ghost8631 (05-31-2011),HurleyppL (06-26-2011),markoj (05-31-2011),qwerty01 (08-30-2011),street_21 (09-27-2011),ViniciusD7 (07-26-2011),_Fk127_ (05-30-2011)

  3. #2
    whit's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Posts
    7,170
    Reputation
    490
    Thanks
    2,252
    Nice . Good job

  4. The Following User Says Thank You to whit For This Useful Post:

    Clarkie (05-30-2011)

  5. #3
    Clarkie's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    28
    Reputation
    20
    Thanks
    14
    My Mood
    Shocked
    Just copy it into Revival Base and it will work
    New Coder here to Rock your world.

    Email : Mr_clarkie@live.com


  6. #4
    CAFlames's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    Where ever my imagination takes me
    Posts
    3,014
    Reputation
    202
    Thanks
    2,934
    My Mood
    Twisted
    Thanks Clarkie. And these actually are yours (nudges whit)

    Current Works:
    ---Horror Game






    Special thanks to drgnforce9 for my sig picture

    Quote Originally Posted by m_t_h View Post

    CAflames is one epic coder.

    Rep and thanks him.. or you're perma banned.

  7. #5
    whit's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Posts
    7,170
    Reputation
    490
    Thanks
    2,252
    Quote Originally Posted by CAFlames View Post
    Thanks Clarkie. And these actually are yours (nudges whit)
    Why am i being nudged

  8. #6
    Clarkie's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    28
    Reputation
    20
    Thanks
    14
    My Mood
    Shocked
    Because i made mine, and you didnt make yours i guess,
    New Coder here to Rock your world.

    Email : Mr_clarkie@live.com


  9. #7
    whit's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Posts
    7,170
    Reputation
    490
    Thanks
    2,252
    Quote Originally Posted by Clarkie View Post
    Because i made mine, and you didnt make yours i guess,
    I never claimed those detours as mine

  10. #8
    CodeDemon's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    vagina
    Posts
    1,074
    Reputation
    50
    Thanks
    936
    My Mood
    Fine
    Cool, nice work.

  11. The Following User Says Thank You to CodeDemon For This Useful Post:

    Clarkie (05-30-2011)

  12. #9
    whit's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Posts
    7,170
    Reputation
    490
    Thanks
    2,252
    Quote Originally Posted by CodeDemon View Post
    Cool, nice work.
    Welcome back from the dead

  13. #10
    CodeDemon's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    vagina
    Posts
    1,074
    Reputation
    50
    Thanks
    936
    My Mood
    Fine
    Quote Originally Posted by whit View Post
    Welcome back from the dead
    I have 41 notifications lol

  14. #11
    topblast's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Location
    Far from around you Programmer: C++ | VB | C# | JAVA
    Posts
    3,607
    Reputation
    149
    Thanks
    4,922
    My Mood
    Cool
    Nice work clarkie..... OMG noooooo No my base.... ohh well I was credited










    Quote Originally Posted by CodeDemon View Post
    Cool, nice work.
    OMG, YOUR A LIVE!!!!!!!!!!!!!!!!!!!!! *faint*


    Quote Originally Posted by CodeDemon View Post
    I have 41 notifications lol
    Thats what you get for ditching us.
    Last edited by topblast; 05-30-2011 at 08:02 PM.
    I just like programming, that is all.

    Current Stuff:

    • GPU Programmer (Cuda)
    • Client/Server (Cloud Server)
    • Mobile App Development

  15. The Following User Says Thank You to topblast For This Useful Post:

    Clarkie (05-30-2011)

  16. #12
    CAFlames's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    Where ever my imagination takes me
    Posts
    3,014
    Reputation
    202
    Thanks
    2,934
    My Mood
    Twisted
    Quote Originally Posted by whit View Post
    I never claimed those detours as mine
    You never gave credz either :P

    Im just bustin your balls. You did help out a lot of people by making them public on MPGH.

    Current Works:
    ---Horror Game






    Special thanks to drgnforce9 for my sig picture

    Quote Originally Posted by m_t_h View Post

    CAflames is one epic coder.

    Rep and thanks him.. or you're perma banned.

  17. #13
    Clarkie's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    28
    Reputation
    20
    Thanks
    14
    My Mood
    Shocked
    Quote Originally Posted by CAFlames View Post


    You never gave credz either :P

    Im just bustin your balls. You did help out a lot of people by making them public on MPGH.
    lol,

    Select Me ;D ---> and getting them detected by doing that
    New Coder here to Rock your world.

    Email : Mr_clarkie@live.com


  18. #14
    _Fk127_'s Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    724
    Reputation
    16
    Thanks
    208
    My Mood
    Bitchy
    Quote Originally Posted by Clarkie View Post
    Well you guys have a lot of detour problems so i made a detour for you guys. I know dont post this and that.

    I was using topblast's revival Base and i notice the Tjmp structure, which is exactly what you need to make a Jump function. So I edited it and used it to make a detour.


    Credit
    Clarkie making it
    Topblast (only for the little structure)

    [highlight=c++]#pragma pack(push)
    #pragma pack(1)

    typedef struct {
    unsigned char bNop;
    unsigned char bPush;
    unsigned long dwAddress;
    unsigned char bRet;
    } TestJmp;


    typedef struct {
    unsigned char bOPS[7];
    unsigned char bNop;
    unsigned char bJmp;
    unsigned long dwAddress;
    } Tjmp;
    #pragma pack(pop)

    bool Detour::Hook(PBYTE pTargetAddr, PBYTE pNewAddr, VOID** pCallOrigAddress)
    {
    TestJmp recJump;
    Tjmp RetJump;
    DWORD dwProtect;
    *pCallOrigAddress = VirtualAlloc(0, sizeof(Tjmp), (MEM_COMMIT | MEM_RESERVE), PAGE_EXECUTE_READWRITE);
    if( pCallOrigAddress != NULL)
    {
    WriteNOP(&RetJump, sizeof(Tjmp));

    for( int i = 0; i < (sizeof(TestJmp)+1); i++)
    RetJump.bOPS[i] = pTargetAddr[i];
    RetJump.bNop = 0x90;
    RetJump.bJmp = 0xE9;
    RetJump.dwAddress = (DWORD(pTargetAddr) + (sizeof(TestJmp)+1))-DWORD(*pCallOrigAddress)-(((sizeof(TestJmp)*2)));
    memcpy(*pCallOrigAddress, &RetJump, sizeof(Tjmp));

    if( WriteNOP(pTargetAddr, (sizeof(TestJmp))) == true &&
    VirtualProtect(pTargetAddr, sizeof(TestJmp), PAGE_EXECUTE_READWRITE, &dwProtect) == TRUE)
    {
    WriteNOP(&recJump, sizeof(TestJmp));
    recJump.bNop = 0x90;
    recJump.bPush = 0x68;
    recJump.dwAddress = DWORD(pNewAddr);
    recJump.bRet = 0xC3;
    memcpy(pTargetAddr, &recJump, sizeof(TestJmp));
    VirtualProtect(pTargetAddr, sizeof(TestJmp), dwProtect, &dwProtect);
    return true;
    }
    }
    return false;
    }
    [/highlight]
    Great job! Its awesome to see someone who actually knows what they're doing join up :P



    Put this image in your signature if you support HTML5 development!

  19. The Following User Says Thank You to _Fk127_ For This Useful Post:

    Clarkie (05-30-2011)

  20. #15
    Clarkie's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    28
    Reputation
    20
    Thanks
    14
    My Mood
    Shocked
    Quote Originally Posted by _Fk127_ View Post
    Great job! Its awesome to see someone who actually knows what they're doing join up :P
    Lol i try :P
    New Coder here to Rock your world.

    Email : Mr_clarkie@live.com


Page 1 of 5 123 ... LastLast