Results 1 to 8 of 8
  1. #1
    gnm's Avatar
    Join Date
    Jul 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Mood
    Cynical

    Post Simple Assembly Hooking

    Hey guys, first post, just releasing my personal code for assembly hooking, hope you guys put it to good use.

    Source:
    Code:
    typedef struct
    {
    	BOOL hooked;
    	INT_PTR origAddress;
    	INT_PTR hookAddress;
    	BYTE origAsm[6];
    	BYTE hookedAsm[6];
    } HOOK;
    
    BOOL HookFunction( HOOK* hook )
    {
    	if( hook->hooked )
    		return TRUE;
    
    	DWORD oldProtection;
    	DWORD numBytes;
    
    	if( *(INT_PTR*)(hook->hookedAsm + 1) == 0 )
    	{
    		hook->hookedAsm[0] = 0xe9; // jmp
    		hook->hookedAsm[5] = 0xc3; // retn
    
    		INT_PTR relativeAddress = hook->hookAddress - hook->origAddress - 5;
    		*(INT_PTR*)(hook->hookedAsm + 1) = relativeAddress;
    	}
    
    	VirtualProtect( (LPVOID)hook->origAddress, 6, PAGE_READWRITE, &oldProtection );
    
    	if( !ReadProcessMemory( GetCurrentProcess(), (LPVOID)hook->origAddress, hook->origAsm, 6, &numBytes ) || numBytes != 6 )
    		return FALSE;
    
    	numBytes = 0;
    
    	if( !WriteProcessMemory( GetCurrentProcess(), (LPVOID)hook->origAddress, hook->hookedAsm, 6, &numBytes ) || numBytes != 6 )
    		return FALSE;
    
    	VirtualProtect( (LPVOID)hook->origAddress, 6, oldProtection, NULL );
    
    	hook->hooked = TRUE;
    
    	return TRUE;
    }
    
    BOOL UnhookFunction( HOOK* hook )
    {
    	if( !hook->hooked )
    		return TRUE;
    
    	DWORD oldProtection;
    	DWORD numBytes;
    
    	VirtualProtect( (LPVOID)hook->origAddress, 6, PAGE_READWRITE, &oldProtection );
    
    	if( !WriteProcessMemory( GetCurrentProcess(), (LPVOID)hook->origAddress, hook->origAsm, 6, &numBytes ) || numBytes != 6 )
    		return FALSE;
    
    	VirtualProtect( (LPVOID)hook->origAddress, 6, oldProtection, NULL );
    
    	hook->hooked = FALSE;
    
    	return TRUE;
    }
    Example usage:
    Code:
    static HOOK hkLoadLibraryA;
    
    extern "C" HMODULE WINAPI LoadLibraryAHook( LPCSTR lpLibFileName )
    {
    	UnhookFunction( &hkLoadLibraryA );
    	HMODULE returned = LoadLibraryA( lpLibFileName );
    	HookFunction( &hkLoadLibraryA );
    
    	// Own code goes here
    
    	return returned;
    }
    
    void Hook()
    {
    	hkLoadLibraryA.origAddress = (INT_PTR)LoadLibraryA;
    	hkLoadLibraryA.hookAddress = (INT_PTR)LoadLibraryAHook;
    	HookFunction( &hkLoadLibraryA );
    }
    Last edited by gnm; 07-16-2011 at 03:39 AM.

  2. #2
    c0ke187's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Posts
    13
    Reputation
    10
    Thanks
    6
    IM PRETTY SURE...

    That HackShield Blocks RPM and WPM so you may have to change that to memcpy()

  3. #3
    gnm's Avatar
    Join Date
    Jul 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Mood
    Cynical
    Do you know if they've disabled ntdll functions? These?

  4. #4
    .::SCHiM::.'s Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    733
    Reputation
    180
    Thanks
    833
    My Mood
    Twisted
    Quote Originally Posted by gnm View Post
    Do you know if they've disabled ntdll functions? These?
    yes, hackshield hooks zwOpenProcess(), zwReadProcessMemory(), zwWriteProcessMemory(), zwVirtualAllocEx(), psCreateSystemThread(), psCreateThread(), zwImpersonateThread().

    I'm sure about those, there are probably more. The result is that you can't use their userland versions either, since they are actually these functions but exported through ntdll.dll and ntoskrnl.exe.

    I'm SCHiM

    Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.

    Polymorphic engine
    Interprocess callback class
    SIN
    Infinite-precision arithmetic
    Hooking dynamic linkage
    (sloppy)Kernel mode Disassembler!!!

    Semi debugger




  5. #5
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Yah, they hook those, switch em over to memcpy()

  6. #6
    speedforyou's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    741
    Reputation
    -59
    Thanks
    108
    My Mood
    Happy
    hmmm this just gave me a idea

    steel o-o's sig =
    = Done , = Not Done

    Leecher 0 =
    Newbie 25 =
    Member 50 =
    Advanced Member 100 =
    H4X0R Member 150 =
    Dual-Keyboard Member 250 =
    Expert Member 500 =
    's Trainer 750 =
    MPGH Expert 1000 =
    Synthetic Hacker 1250 =
    Blackhat Hacker 1500 =
    Whitehat Hacker 2000 =
    's Guardian 2500 =
    Upcoming MPGHiean 3000 =
    MPGH Addict 3500 =
    MPGHiean 4000 =
    MPGH Knight 4500 =
    MPGH Lord 5000 =
    MPGH Champion 5500 =
    MPGH King 6000 =
    MPGH Legend 6500 =
    MPGH God 7000 =
    MPGH God II 7500 =
    MPGH God III 8000 =
    MPGH God IV 8500 =
    MPGH God V 9000 =
    Arun's Slave 9500 =
    Dave's Slave 10000 =

  7. #7
    gnm's Avatar
    Join Date
    Jul 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Mood
    Cynical
    So that pretty much means no threads. Which means I'll have to hook IDirect3DDevice9::EndScene, do all my calculations and rendering, then call the real IDirect3DDevice9::EndScene.
    Last edited by gnm; 07-16-2011 at 08:47 PM.

  8. #8
    kibbles18's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    US
    Posts
    860
    Reputation
    5
    Thanks
    124
    @gnm
    can you help me with my code for a hook?

Similar Threads

  1. Hooking in assembly.
    By Void in forum Assembly
    Replies: 12
    Last Post: 09-15-2012, 04:21 PM
  2. [Request] Most simple d3d hook
    By Lyoto Machida in forum C++/C Programming
    Replies: 4
    Last Post: 07-09-2011, 09:07 PM
  3. [Release] Simple Hook V1
    By MugNuf in forum Combat Arms Hacks & Cheats
    Replies: 17
    Last Post: 07-03-2010, 09:18 PM
  4. [Release] Simple Combat Arms Public Hook
    By [NIG]Ady[GA] in forum Combat Arms Hacks & Cheats
    Replies: 8
    Last Post: 05-29-2010, 10:04 AM
  5. CF:Simple D3d Hook
    By Hungry in forum CrossFire Hacks & Cheats
    Replies: 9
    Last Post: 02-17-2010, 08:23 AM