My new detour ! :D + a surprise !

[kmanev073]

Hello guys,
Wanted to share with you my new detour function:

Code:

void PlaceJMP( BYTE *bt_DetourAddress, DWORD dw_FunctionAddress, DWORD dw_Size)
{
	DWORD dw_OldProtection, dw_Distance;
	VirtualProtect(bt_DetourAddress, dw_Size, PAGE_EXECUTE_READWRITE, &dw_OldProtection);
	dw_Distance = (DWORD)(dw_FunctionAddress - (DWORD)bt_DetourAddress) - 5;
	*bt_DetourAddress = 0xE9;
	*(DWORD*)(bt_DetourAddress + 0x1) = dw_Distance;
	for(int i = 0x5; i < dw_Size; i++) *(bt_DetourAddress + i) = 0x90;
	VirtualProtect(bt_DetourAddress, dw_Size,  dw_OldProtection, NULL);
    return;
}

it does the same as the old detour function but the code is optimized and the variables now have better names !

---

The surprise:

The simple memory hacking is still possible @giniyat101 you were right any way not even "CreateThread" function needed or hook

[Ryuesi]

Good job

[3D]

Best !!! Good work !!

[MagicWar]

Thanks For sharing
Good Jop
Thanks+Resp

[firefox800]

Same concept: but Thanks for it

void MakeJMP( BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen )
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
*pAddress = 0xE9;
*((DWORD *)(pAddress + 0x1)) = dwRelAddr;
for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
return;
}

Pls Refer this thread by Swag Post

[kmanev073]

Same concept: but Thanks for it



Pls Refer this thread by Swag Post

what do you mean ? :| they look identical ? ... maybe the function used in detours are same :|

[hanyali2012]

Good Work .. Thanx For Sharing

[giniyat101]

i can confirm you just "modified" it
no one ends a void function with "return" twice.

[kmanev073]

i can confirm you just "modified" it
no one ends a void function with "return" twice.

no i got the one from topbase... and i have one return :|

[giniyat101]

no i got the one from topbase... and i have one return :|

still a modify..

[shikororo]

Thanks Man For The Hack So Good

[hayksssss]

Thanks Bro

[~FALLEN~]

Hello guys,
Wanted to share with you my new detour function:

Code:

void PlaceJMP( BYTE *bt_DetourAddress, DWORD dw_FunctionAddress, DWORD dw_Size)
{
	DWORD dw_OldProtection, dw_Distance;
	VirtualProtect(bt_DetourAddress, dw_Size, PAGE_EXECUTE_READWRITE, &dw_OldProtection);
	dw_Distance = (DWORD)(dw_FunctionAddress - (DWORD)bt_DetourAddress) - 5;
	*bt_DetourAddress = 0xE9;
	*(DWORD*)(bt_DetourAddress + 0x1) = dw_Distance;
	for(int i = 0x5; i < dw_Size; i++) *(bt_DetourAddress + i) = 0x90;
	VirtualProtect(bt_DetourAddress, dw_Size,  dw_OldProtection, NULL);
    return;
}

it does the same as the old detour function but the code is optimized and the variables now have better names !

---

The surprise:

The simple memory hacking is still possible @giniyat101 you were right any way not even "CreateThread" function needed or hook

not optimized...

[kmanev073]

not optimized...

it is... if you compare it with the one in topbase v1.0 bcs i got it from there

[derh.acker]

it is... if you compare it with the one in topbase v1.0 bcs i got it from there

It really is optimized because VirtualProtect fails and therefore it won't take that much time.
VirtualProtect(bt_DetourAddress, dw_Size, dw_OldProtection, NULL);