Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
  1. #16
    kibbles18's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    US
    Posts
    860
    Reputation
    5
    Thanks
    124
    i wish i had spent my time learning asm instead of c++.

  2. #17
    -xGhost-'s Avatar
    Join Date
    Oct 2010
    Gender
    male
    Location
    C:\Sytem32
    Posts
    347
    Reputation
    9
    Thanks
    57
    My Mood
    Relaxed
    This is a good tutorial, Thanks.



  3. #18
    .::SCHiM::.'s Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    733
    Reputation
    180
    Thanks
    833
    My Mood
    Twisted
    It's nice you guys like it . I think I'm going to write part 1/2 today, or maybe tomorrow.

    I'm SCHiM

    Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.

    Polymorphic engine
    Interprocess callback class
    SIN
    Infinite-precision arithmetic
    Hooking dynamic linkage
    (sloppy)Kernel mode Disassembler!!!

    Semi debugger




  4. #19
    Sixx93's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Posts
    673
    Reputation
    21
    Thanks
    250
    My Mood
    Cool
    i tryed to UnHook, but it says me that it's a privileged instruction... that's the source(it's a little bit modifyed). the hook part works, but the unhook not:
    Code:
    #include <iostream>
    #include <windows.h>
    
    
    void __stdcall hook(DWORD Timeout){   
    
    	/*
    	since the caller (the one with the Sleep() in his code) does not know that the function is hooked
    	We have access to all the arguments that the function has. We can change and display them before passing on execution,
    	or we can even prevent the function from being executed!
    	*/
    
    	printf("No rest for the wicked! not even %d seconds!\n",(int) (Timeout/1000));  // display the timeout in milliseconds
    
    return;  // we wont execute the Sleep() function at all, No rest for the wicked!
    }
    
    DWORD *GetPointer()
    {	
    	DWORD* func;
    _asm{
    	lea eax, Sleep           // note: lea = Load Extended Address		 moving the address of the pointer to eax
    	mov func, eax			 // note: mov = Move 					     now we have the address of the pointer in Func
    	}
    
    	return func;
    
    }
    DWORD* Tfunc = GetPointer();    //i think that's the Sleep pointer
    DWORD* DoHook(DWORD* hook){
    
    /*
    Here *func (what func points to) still points to the address of sleep.
    We however, don't want it to point there, we want it to point to our hook function.
    Therefore we're going to change it, this can be done without any modifications to our virtual memory access.
    Because the pointers are kept in our .data section, and we have write permission in our .data section.
    */DWORD* func = GetPointer();
    	
    
    	*func = (DWORD) hook;      // change what *func points to, remeber that func is the same pointer as used in the call dword[addfress] instruction.                
    	return func;
    
    }
    
    void UnHook()
    {	DWORD* func = GetPointer();
    	
    	*func = (DWORD)Tfunc;
    	
    }
    
    int main(){
    
    	DWORD* Hooked;
    
    printf("Sleeping for 2 seconds!\n");
    Sleep(2000);   // sleep is in milliseconds 1/1000th second therefore 2000 = 2 seconds
    printf("Done sleeping!\n");
    
    
    
    Hooked = DoHook((DWORD*)&hook);                       // now detour Sleep()!
    
    printf("Sleeping for 3 seconds!\n");
    Sleep(3000);
    printf("Done sleeping!\n");
    
    printf("Unhooking...\n");
    UnHook();
    printf("Done...Sleeping for 3sec\n");
    Sleep(3000);
    printf("Done");
    
    std::cin.ignore();
    	return 0;
    }

  5. #20
    .::SCHiM::.'s Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    733
    Reputation
    180
    Thanks
    833
    My Mood
    Twisted
    Quote Originally Posted by Sixx93 View Post
    i tryed to UnHook, but it says me that it's a privileged instruction... that's the source(it's a little bit modifyed). the hook part works, but the unhook not:
    Code:
    #include <iostream>
    #include <windows.h>
    
    
    void __stdcall hook(DWORD Timeout){   
    
    	/*
    	since the caller (the one with the Sleep() in his code) does not know that the function is hooked
    	We have access to all the arguments that the function has. We can change and display them before passing on execution,
    	or we can even prevent the function from being executed!
    	*/
    
    	printf("No rest for the wicked! not even %d seconds!\n",(int) (Timeout/1000));  // display the timeout in milliseconds
    
    return;  // we wont execute the Sleep() function at all, No rest for the wicked!
    }
    
    DWORD *GetPointer()
    {	
    	DWORD* func;
    _asm{
    	lea eax, Sleep           // note: lea = Load Extended Address		 moving the address of the pointer to eax
    	mov func, eax			 // note: mov = Move 					     now we have the address of the pointer in Func
    	}
    
    	return func;
    
    }
    DWORD* Tfunc = GetPointer();    //i think that's the Sleep pointer
    DWORD* DoHook(DWORD* hook){
    
    /*
    Here *func (what func points to) still points to the address of sleep.
    We however, don't want it to point there, we want it to point to our hook function.
    Therefore we're going to change it, this can be done without any modifications to our virtual memory access.
    Because the pointers are kept in our .data section, and we have write permission in our .data section.
    */DWORD* func = GetPointer();
    	
    
    	*func = (DWORD) hook;      // change what *func points to, remeber that func is the same pointer as used in the call dword[addfress] instruction.                
    	return func;
    
    }
    
    void UnHook()
    {	DWORD* func = GetPointer();
    	
    	*func = (DWORD)Tfunc;
    	
    }
    
    int main(){
    
    	DWORD* Hooked;
    
    printf("Sleeping for 2 seconds!\n");
    Sleep(2000);   // sleep is in milliseconds 1/1000th second therefore 2000 = 2 seconds
    printf("Done sleeping!\n");
    
    
    
    Hooked = DoHook((DWORD*)&hook);                       // now detour Sleep()!
    
    printf("Sleeping for 3 seconds!\n");
    Sleep(3000);
    printf("Done sleeping!\n");
    
    printf("Unhooking...\n");
    UnHook();
    printf("Done...Sleeping for 3sec\n");
    Sleep(3000);
    printf("Done");
    
    std::cin.ignore();
    	return 0;
    }
    You're not saving the proper value it seems, try the example above (I gave to jason) That should work for you, and using that you should be able to puzzle out how to continue.

    I'm SCHiM

    Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.

    Polymorphic engine
    Interprocess callback class
    SIN
    Infinite-precision arithmetic
    Hooking dynamic linkage
    (sloppy)Kernel mode Disassembler!!!

    Semi debugger




  6. #21
    freedompeace's Avatar
    Join Date
    Jul 2010
    Gender
    female
    Posts
    3,035
    Reputation
    340
    Thanks
    2,784
    My Mood
    Sad
    "Part 0" - something only programmers would do :P

  7. #22
    wicho_koz's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    194
    Reputation
    12
    Thanks
    52
    My Mood
    Shocked

  8. #23
    .::SCHiM::.'s Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    733
    Reputation
    180
    Thanks
    833
    My Mood
    Twisted
    Quote Originally Posted by freedompeace View Post
    "Part 0" - something only programmers would do :P
    I can't get my head around normal notation and arrays anymore I'm never sure that when someone (eg. at a local store) names a quantity(5) of something they mean 0 to 5 or 1 to 5 or 0 to 4 of whatever :S

    Programming got me confused

    I'm SCHiM

    Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.

    Polymorphic engine
    Interprocess callback class
    SIN
    Infinite-precision arithmetic
    Hooking dynamic linkage
    (sloppy)Kernel mode Disassembler!!!

    Semi debugger




  9. #24
    d3nd3's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    3
    Reputation
    10
    Thanks
    1
    so to sum it up , in which situations would it set a pointer and in which situations would it not

    Ie. statically linked libraries ? would this use a pointer?

    dynamically linked libraries ? would this use a pointer? assuming they are linked using LoadLibrary ?

    I want to know in which situations this would be useful ... And how can we be sure that the pointer name will be that of the function name (eg. Sleep ) .. that seems a bit odd to me

Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Preview] TF2 Source Hook (AIMBOT!) Still Works ?
    By Stan Smith in forum Team Fortress 2 Hacks
    Replies: 33
    Last Post: 08-30-2011, 02:51 PM
  2. [Tutorial] [Source] The jump hook [series part 1]
    By .::SCHiM::. in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 13
    Last Post: 07-18-2011, 05:48 PM
  3. [Detected] TF2 Source Hook (AIMBOT!)
    By willow925 in forum Team Fortress 2 Hacks
    Replies: 12
    Last Post: 07-01-2011, 08:07 AM
  4. [Tutorial] The basics of Direct3D[Series][Part 1]
    By Hell_Demon in forum C++/C Programming
    Replies: 10
    Last Post: 06-26-2011, 11:23 PM
  5. [Source]Hooking via forced exception
    By Void in forum C++/C Programming
    Replies: 10
    Last Post: 10-03-2010, 09:15 AM