Thread: Manual Detours

Results 1 to 7 of 7
  1. #1
    topblast's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Location
    Far from around you Programmer: C++ | VB | C# | JAVA
    Posts
    3,607
    Reputation
    149
    Thanks
    4,922
    My Mood
    Cool

    Manual Detours

    A Detour made for one Function and one Function ONLY.


    Present Function below : to modify the Present function in a special way, hmm, this sounds like a Mid Function Hook kinda, but instead of jumping Back the end of your Function executes the opcodes from the function and where you edited it.

    Code:
    4FE10EA0   8BFF                   MOV EDI,EDI
    4FE10EA2   55                     PUSH EBP
    4FE10EA3   8BEC                   MOV EBP,ESP
    4FE10EA5   51                     PUSH ECX
    4FE10EA6   53                     PUSH EBX
    4FE10EA7   8B5D 08                MOV EBX,DWORD PTR SS:[EBP+8]
    4FE10EAA   85DB                   TEST EBX,EBX
    4FE10EAC   56                     PUSH ESI
    4FE10EAD   74 08                  JE SHORT d3d9.4FE10EB7
    4FE10EAF   8D73 04                LEA ESI,DWORD PTR DS:[EBX+4]
    4FE10EB2   8975 08                MOV DWORD PTR SS:[EBP+8],ESI
    4FE10EB5   EB 0A                  JMP SHORT d3d9.4FE10EC1
    4FE10EB7   C745 08 00000000       MOV DWORD PTR SS:[EBP+8],0
    4FE10EBE   8B75 08                MOV ESI,DWORD PTR SS:[EBP+8]
    4FE10EC1   8B46 18                MOV EAX,DWORD PTR DS:[ESI+18]
    4FE10EC4   85C0                   TEST EAX,EAX
    4FE10EC6   74 07                  JE SHORT d3d9.4FE10ECF
    4FE10EC8   56                     PUSH ESI
    4FE10EC9   FF15 2811DD4F          CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
    4FE10ECF   F643 2C 02             TEST BYTE PTR DS:[EBX+2C],2
    4FE10ED3   74 1B                  JE SHORT d3d9.4FE10EF0
    4FE10ED5   8B46 18                MOV EAX,DWORD PTR DS:[ESI+18]
    4FE10ED8   85C0                   TEST EAX,EAX
    4FE10EDA   74 07                  JE SHORT d3d9.4FE10EE3
    4FE10EDC   56                     PUSH ESI
    4FE10EDD   FF15 C010DD4F          CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    4FE10EE3   5E                     POP ESI
    4FE10EE4   B8 6C087688            MOV EAX,8876086C
    4FE10EE9   5B                     POP EBX
    4FE10EEA   8BE5                   MOV ESP,EBP
    4FE10EEC   5D                     POP EBP
    4FE10EED   C2 1400                RETN 14
    4FE10EF0   8B83 F01D0000          MOV EAX,DWORD PTR DS:[EBX+1DF0]
    4FE10EF6   85C0                   TEST EAX,EAX
    4FE10EF8   57                     PUSH EDI
    4FE10EF9   8DBB F01D0000          LEA EDI,DWORD PTR DS:[EBX+1DF0]
    4FE10EFF   75 1C                  JNZ SHORT d3d9.4FE10F1D
    4FE10F01   8B46 18                MOV EAX,DWORD PTR DS:[ESI+18]
    4FE10F04   85C0                   TEST EAX,EAX
    4FE10F06   74 07                  JE SHORT d3d9.4FE10F0F
    4FE10F08   56                     PUSH ESI
    4FE10F09   FF15 C010DD4F          CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    4FE10F0F   5F                     POP EDI
    4FE10F10   5E                     POP ESI
    4FE10F11   B8 6C087688            MOV EAX,8876086C
    4FE10F16   5B                     POP EBX
    4FE10F17   8BE5                   MOV ESP,EBP
    4FE10F19   5D                     POP EBP
    4FE10F1A   C2 1400                RETN 14
    4FE10F1D   8B03                   MOV EAX,DWORD PTR DS:[EBX]
    4FE10F1F   53                     PUSH EBX
    4FE10F20   C745 FC 00000000       MOV DWORD PTR SS:[EBP-4],0
    4FE10F27   FF50 3C                CALL DWORD PTR DS:[EAX+3C]
    4FE10F2A   85C0                   TEST EAX,EAX
    4FE10F2C   76 3D                  JBE SHORT d3d9.4FE10F6B
    4FE10F2E   8BFF                   MOV EDI,EDI
    4FE10F30   8B55 18                MOV EDX,DWORD PTR SS:[EBP+18]
    4FE10F33   8B07                   MOV EAX,DWORD PTR DS:[EDI]
    4FE10F35   8B48 20                MOV ECX,DWORD PTR DS:[EAX+20]
    4FE10F38   6A 00                  PUSH 0
    4FE10F3A   52                     PUSH EDX
    4FE10F3B   8B55 14                MOV EDX,DWORD PTR SS:[EBP+14]
    4FE10F3E   52                     PUSH EDX
    4FE10F3F   8B55 10                MOV EDX,DWORD PTR SS:[EBP+10]
    4FE10F42   52                     PUSH EDX
    4FE10F43   8B55 0C                MOV EDX,DWORD PTR SS:[EBP+C]
    4FE10F46   83C0 20                ADD EAX,20
    4FE10F49   52                     PUSH EDX
    4FE10F4A   50                     PUSH EAX
    4FE10F4B   FF51 0C                CALL DWORD PTR DS:[ECX+C]
    4FE10F4E   8BF0                   MOV ESI,EAX
    4FE10F50   85F6                   TEST ESI,ESI
    4FE10F52   7C 30                  JL SHORT d3d9.4FE10F84
    4FE10F54   8B75 FC                MOV ESI,DWORD PTR SS:[EBP-4]
    4FE10F57   8B03                   MOV EAX,DWORD PTR DS:[EBX]
    4FE10F59   46                     INC ESI
    4FE10F5A   53                     PUSH EBX
    4FE10F5B   8975 FC                MOV DWORD PTR SS:[EBP-4],ESI
    4FE10F5E   83C7 04                ADD EDI,4
    4FE10F61   FF50 3C                CALL DWORD PTR DS:[EAX+3C]
    4FE10F64   3BF0                   CMP ESI,EAX
    4FE10F66  ^72 C8                  JB SHORT d3d9.4FE10F30
    4FE10F68   8B75 08                MOV ESI,DWORD PTR SS:[EBP+8]
    4FE10F6B   8B46 18                MOV EAX,DWORD PTR DS:[ESI+18]
    4FE10F6E   85C0                   TEST EAX,EAX
    4FE10F70   74 07                  JE SHORT d3d9.4FE10F79
    4FE10F72   56                     PUSH ESI
    4FE10F73   FF15 C010DD4F          CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    4FE10F79   5F                     POP EDI
    4FE10F7A   5E                     POP ESI
    4FE10F7B   33C0                   XOR EAX,EAX
    4FE10F7D   5B                     POP EBX
    4FE10F7E   8BE5                   MOV ESP,EBP
    4FE10F80   5D                     POP EBP
    4FE10F81   C2 1400                RETN 14
    4FE10F84   8B45 08                MOV EAX,DWORD PTR SS:[EBP+8]
    4FE10F87   8B48 18                MOV ECX,DWORD PTR DS:[EAX+18]
    4FE10F8A   85C9                   TEST ECX,ECX
    4FE10F8C   74 07                  JE SHORT d3d9.4FE10F95
    4FE10F8E   50                     PUSH EAX
    4FE10F8F   FF15 C010DD4F          CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    4FE10F95   5F                     POP EDI
    4FE10F96   8BC6                   MOV EAX,ESI
    4FE10F98   5E                     POP ESI
    4FE10F99   5B                     POP EBX
    4FE10F9A   8BE5                   MOV ESP,EBP
    4FE10F9C   5D                     POP EBP
    4FE10F9D   C2 1400                RETN 14
    I just like programming, that is all.

    Current Stuff:

    • GPU Programmer (Cuda)
    • Client/Server (Cloud Server)
    • Mobile App Development

  2. #2
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Interesting, but cant you just do a mid function hook, and jmp back? because it would work the same say.. -.-

  3. #3
    topblast's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Location
    Far from around you Programmer: C++ | VB | C# | JAVA
    Posts
    3,607
    Reputation
    149
    Thanks
    4,922
    My Mood
    Cool
    Quote Originally Posted by DeadLinez View Post
    Interesting, but cant you just do a mid function hook, and jmp back? because it would work the same say.. -.-
    It might, even so they are no public Present Mid Function hook to my knowledge... and those guys all use public releases
    I just like programming, that is all.

    Current Stuff:

    • GPU Programmer (Cuda)
    • Client/Server (Cloud Server)
    • Mobile App Development

  4. #4
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Mid-Func hooks are easy to find tho, all u need is the ret, and the present addy

  5. #5
    OBrozz's Avatar
    Join Date
    May 2011
    Gender
    male
    Posts
    820
    Reputation
    65
    Thanks
    813
    idk i may be speaking for everybody when i say this but.... What the Fuck? Your word choice makes you seem like a desperate smart person trying to look smart.

  6. The Following User Says Thank You to OBrozz For This Useful Post:

    SrNooB (07-10-2011)

  7. #6
    FailHacker's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    444
    Reputation
    8
    Thanks
    49
    ^ I must disagree, I don't note any "wanna-be" intelligence in his word choice.
    Legen...wait for it...dary







  8. #7
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Lmao someone try to mid-function this shit..lmao lolwut?
    Code:
    __declspec( naked ) void Present_Hook ()
    {
        _asm
        {
            			MOV EDI,EDI
    			PUSH EBP
    			MOV EBP,ESP
    			PUSH ECX
    			PUSH EBX
    			MOV EBX,DWORD PTR SS:[EBP+8]
    			TEST EBX,EBX
    			PUSH ESI
    			JE SHORT d3d9.4FE10EB7
    			LEA ESI,DWORD PTR DS:[EBX+4]
    			MOV DWORD PTR SS:[EBP+8],ESI
    			JMP SHORT d3d9.4FE10EC1
    			MOV DWORD PTR SS:[EBP+8],0
    			MOV ESI,DWORD PTR SS:[EBP+8]
    			MOV EAX,DWORD PTR DS:[ESI+18]
    			TEST EAX,EAX
    			JE SHORT d3d9.4FE10ECF
    			PUSH ESI
    			CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
    			TEST BYTE PTR DS:[EBX+2C],2
    			JE SHORT d3d9.4FE10EF0
    			MOV EAX,DWORD PTR DS:[ESI+18]
    			TEST EAX,EAX
    			JE SHORT d3d9.4FE10EE3
    			PUSH ESI
    			CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    			POP ESI
    			MOV EAX,8876086C
    			POP EBX
    			MOV ESP,EBP
    			POP EBP
    			RETN 14
    			MOV EAX,DWORD PTR DS:[EBX+1DF0]
    			TEST EAX,EAX
    			PUSH EDI
    			LEA EDI,DWORD PTR DS:[EBX+1DF0]
    			JNZ SHORT d3d9.4FE10F1D
    			MOV EAX,DWORD PTR DS:[ESI+18]
    			TEST EAX,EAX
    			JE SHORT d3d9.4FE10F0F
    			PUSH ESI
    			CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    			POP EDI
    			POP ESI
    			MOV EAX,8876086C
    			POP EBX
    			MOV ESP,EBP
    			POP EBP
    			RETN 14
    			MOV EAX,DWORD PTR DS:[EBX]
    			PUSH EBX
    			MOV DWORD PTR SS:[EBP-4],0
    			CALL DWORD PTR DS:[EAX+3C]
    			TEST EAX,EAX
    			JBE SHORT d3d9.4FE10F6B
    			MOV EDI,EDI
    			MOV EDX,DWORD PTR SS:[EBP+18]
    			MOV EAX,DWORD PTR DS:[EDI]
    			MOV ECX,DWORD PTR DS:[EAX+20]
    			PUSH 0
    			PUSH EDX
    			MOV EDX,DWORD PTR SS:[EBP+14]
    			PUSH EDX
    			MOV EDX,DWORD PTR SS:[EBP+10]
    			PUSH EDX
    			MOV EDX,DWORD PTR SS:[EBP+C]
    			ADD EAX,20
    			PUSH EDX
    			PUSH EAX
    			CALL DWORD PTR DS:[ECX+C]
    			MOV ESI,EAX
    			TEST ESI,ESI
    			JL SHORT d3d9.4FE10F84
    			MOV ESI,DWORD PTR SS:[EBP-4]
    			MOV EAX,DWORD PTR DS:[EBX]
    			INC ESI
    			PUSH EBX
    			MOV DWORD PTR SS:[EBP-4],ESI
    			ADD EDI,4
    			CALL DWORD PTR DS:[EAX+3C]
    			CMP ESI,EAX
    			JB SHORT d3d9.4FE10F30
    			MOV ESI,DWORD PTR SS:[EBP+8]
    			MOV EAX,DWORD PTR DS:[ESI+18]
    			TEST EAX,EAX
    			JE SHORT d3d9.4FE10F79
    			PUSH ESI
    			CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    			POP EDI
    			POP ESI
    			XOR EAX,EAX
    			POP EBX
    			MOV ESP,EBP
    			POP EBP
    			RETN 14
    			MOV EAX,DWORD PTR SS:[EBP+8]
    			MOV ECX,DWORD PTR DS:[EAX+18]
    			TEST ECX,ECX
    			JE SHORT d3d9.4FE10F95
    			PUSH EAX
    
            PUSHAD
        }
    
    
        //D3D SHIT HERE! 
      
        _asm
        {
            POPAD
            CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
    	POP EDI
    	MOV EAX,ESI
    	POP ESI
    	POP EBX
    	MOV ESP,EBP
    	POP EBP
    	RETN 14
        }
    }

Similar Threads

  1. Detour
    By HackingIsMyLife in forum Programming Tutorial Requests
    Replies: 0
    Last Post: 05-20-2008, 08:17 AM
  2. Manual Payments no more
    By arunforce in forum News & Announcements
    Replies: 1
    Last Post: 03-19-2008, 02:36 PM
  3. coding detour?
    By laserdude45 in forum C++/C Programming
    Replies: 3
    Last Post: 01-20-2008, 04:11 PM
  4. Changing MAC and Dynamic IP Manually
    By MagikBullet in forum WarRock - International Hacks
    Replies: 32
    Last Post: 12-27-2006, 11:33 PM
  5. Programming Manuals: which one to post?
    By Jackal in forum Programming
    Replies: 9
    Last Post: 06-07-2006, 12:15 AM