Code:
LPVOID DetourCreateType( PBYTE pbTargetFunction, PBYTE pbDetourFunction, INT intSize, INT intType )
{
#define Detour1 1 // Undetected by BlackCipher II
#define Detour2 2 // Undetected by BlackCipher II
#define Detour3 3 // Undetected by BlackCipher II
#define Detour4 4 // Undetected by BlackCipher II
#define Detour5 5 // Undetected by BlackCipher II
DWORD dwProtect;
PBYTE pbDetour = ( PBYTE )malloc( intSize + 5 );
INT i;
VirtualProtect( pbTargetFunction, intSize, PAGE_EXECUTE_READWRITE, &dwProtect );
memcpy( pbDetour, pbTargetFunction, intSize );
pbDetour += intSize;
*( BYTE * ) ( pbDetour + 0 ) = 0xE9;
*( DWORD * )( pbDetour + 1 ) = ( DWORD )( pbTargetFunction + intSize - pbDetour ) - 5;
switch( intType )
{
case 1:
*( BYTE * ) ( pbTargetFunction + 0 ) = 0xB8;
*( DWORD * )( pbTargetFunction + 1 ) = ( DWORD )( pbDetourFunction );
*( WORD * ) ( pbTargetFunction + 5 ) = 0xE0FF;
i = 7;
break;
case 2:
*( WORD * ) ( pbTargetFunction + 0 ) = 0xC033;
*( WORD * ) ( pbTargetFunction + 2 ) = 0xC085;
*( WORD * ) ( pbTargetFunction + 4 ) = 0x840F;
*( DWORD * )( pbTargetFunction + 6 ) = ( DWORD )( pbDetourFunction - pbTargetFunction ) - 10;
i = 10;
break;
case 3:
*( WORD * ) ( pbTargetFunction + 0 ) = 0xDB33;
*( WORD * ) ( pbTargetFunction + 2 ) = 0xDB85;
*( WORD * ) ( pbTargetFunction + 4 ) = 0x840F;
*( DWORD * )( pbTargetFunction + 6 ) = ( DWORD )( pbDetourFunction - pbTargetFunction ) - 10;
i = 10;
break;
case 4:
*( WORD * ) ( pbTargetFunction + 0 ) = 0xC933;
*( WORD * ) ( pbTargetFunction + 2 ) = 0xC985;
*( WORD * ) ( pbTargetFunction + 4 ) = 0x840F;
*( DWORD * )( pbTargetFunction + 6 ) = ( DWORD )( pbDetourFunction - pbTargetFunction ) - 10;
i = 10;
break;
case 5:
*( WORD * ) ( pbTargetFunction + 0 ) = 0xD233;
*( WORD * ) ( pbTargetFunction + 2 ) = 0xD285;
*( WORD * ) ( pbTargetFunction + 4 ) = 0x840F;
*( DWORD * )( pbTargetFunction + 6 ) = ( DWORD )( pbDetourFunction - pbTargetFunction ) - 10;
i = 10;
break;
}
for( ; i < intSize; i++ )
*( BYTE * )( pbTargetFunction + i ) = 0x90;
VirtualProtect( pbTargetFunction, intSize, dwProtect, &dwProtect );
return ( pbDetour - intSize );
}
//usage
rhkReset = ( tReset ) DetourCreateType( ( PBYTE )Device[16], ( PBYTE )&hkReset, 16, Detour1 );
rhkPresent = ( tPresent ) DetourCreateType( ( PBYTE )Device[17], ( PBYTE )&hkPresent, 10, Detour1 );