How to make a simple detour for hacks [TeknoMW3]

[Kenshin13]

Ok first I gotta thank -InSaNe- for teaching me most of this stuff.
Anyways, lets continue. As I usually code in C++, this will be in C++ as well.
Now let's get started: i'll show you the detour: [I'll be using the uiShowList to hook, you can use anything though.]

Code:

typedef (__cdecl *uiShowList_t)(int a, int b, int c, int d); //Define uiShowList_t
uiShowList_t uiShowList = NULL; //Make uiShowList and assign it to NULL from uiShowList_t
DWORD uiSHOWLIST= 0x644240; //This is the offset we'll be hooking to. AKA the UIShowList offset.

Ok, now this is a general detour function:

Code:

void *DetourFunction (BYTE *src, const BYTE *dst, const int len)
	{
	BYTE *jmp = (BYTE*)malloc(len+5);
	DWORD dwBack;

	VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
	for (int i=5; i<len; i++)  
		src[i]=0x90;
	VirtualProtect(src, len, dwBack, &dwBack);
	return (jmp-len);
	}

As you can see, it takes a pointer to the source address to hook into and another pointer but to the destination and the size of the hook.

So before we use this, we'll need to create a function to replace the code @ uiShowList with:

Code:

void OverWrite(int a, int b, int c, int d)
{
   __asm PUSHAD; //Pushes all general registers to the stack before our function is called.
   __asm PUSHFD; //Pushes all EFLAGS to the stack.
   MyFunc(); //Calls the custom function written.
   __asm POPFD; //Retrieves the EFLAGS from stack
   __asm POPAD; //Retrieves all general registers from stack.
   uiShowList(a, b, c, d); //Calls uiShowList
}

Ok, now as we told uiShowList to now call MyFunc(), we now need to create a MyFunc() ::

Code:

DWORD MyFunc()
{
   return 0;
}

Now every time uiShowList is called, your function is also called. :P

Let's say you wanna use it now. Here's how: (From a dll)

Code:

DWORD APIENTRY DllMain(HANDLE hDllHandle, DWORD dwReason, LPVOID lpreserved)
{
   switch(dwReason)
   {
      case DLL_PROCESS_ATTACH:
         uiShowList = (uiShowList_t)DetourFunction((BYTE*)uiSHOWLIST, (BYTE*)&OverWrite, 5);
   }
   return 0;
}

Again, Since some people thing i'm leeching, this is NOT MINE, IT IS NOT MINE.
I didn't make if, find it, anything.
I'll give credits to the only person who taught me all this: @-InSaNe-
Regards.

[rawr im a tiger]

Saying "THIS IS NOT MINE" doesn't mean you aren't a leecher

[Kenshin13]

Saying "THIS IS NOT MINE" doesn't mean you aren't a leecher

Giving credits(As I have forgotten before, im only human) proves you aren't a leecher.
***k off. I'm just making these thing because I knew how hard it was to learn for me. This is just helping out those people.
If you can't appreciate my effort to make these tutorials, gtfo.
Be the bigger person then and say nothing if you believe i'm wrong.

[MarkHC]

No offense, but this isn't a tutorial.. It's basically just source code. That being said:

/Changed thread tag to [Source Code]

Also, you can find the Detour function tutorial here https://www.mpgh.net/forum/161-progra...ng-detour.html

[rawr im a tiger]

Giving credits(As I have forgotten before, im only human) proves you aren't a leecher.

._.

***k off.

No.

Be the bigger person then and say nothing if you believe i'm wrong.

>say nothing if you believe I'm wrong
>better
._.
I have nothing more to say.

[Kenshin13]

No offense, but this isn't a tutorial.. It's basically just source code. That being said:

/Changed thread tag to [Source Code]

Also, you can find the Detour function tutorial here https://www.mpgh.net/forum/161-progra...ng-detour.html

Why didn't I see that a month ago >.<
Thanks for that, you may close this if you want.

[MarkHC]

/Closed as requested