Home › Forum › MultiPlayer Game Hacks & Cheats › CrossFire Hacks & Cheats › CrossFire Hack Coding / Programming / Source Code › A simple Hooking class
A simple Hooking class
A simple Hooking class
So lately many people have been asking how to hook and Fallen is going to write a tutorial soon, but i just wanted to release a part of my hooking class. It's very simple and contains only the most basic type of hook which is the jmp hook and i threw in a function to NOP addies as well. Again it's very simple, but i made it to give you guys that want to learn how to hook a simple idea of how the idea works.
Here is the class:
To implement it you simply declare a variable of type Hook and then use the functions like so:
Note that in order to use the JMP method you need to do it in a spot with atleast 5 bytes because the JMP is 0xE9 (1-byte) then the address of your function which is 4 bytes.
This isn't really a tutorial it's just some source code for you guys to study and learn from. Again it's very simple but you can combine it with other methods and it's very useful. Hope you learned something.
Here is the class:
Code:
class Hook
{
public:
void NOP(DWORD* dwaddress, DWORD dwlen);
void JMP(DWORD* dwaddress, DWORD* dwyouraddress, DWORD dwlen);
};
void Hook::NOP(DWORD* dwaddress, DWORD dwlen)
{
DWORD dwOldProtect;
VirtualProtect((void*)dwaddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
BYTE *pAddie = (BYTE*)dwaddress;
*pAddie = 0x90;
for(DWORD i = 0x1; i < dwlen; i++)
*(pAddie + i) = 0x90;
VirtualProtect((void*)dwaddress, dwlen, dwOldProtect, NULL);
}
void Hook::JMP(DWORD* dwaddress, DWORD* dwyouraddress, DWORD dwlen)
{
DWORD dwOldProtect;
DWORD dwRealAddie = (DWORD)dwyouraddress - (DWORD)dwaddress - 5;
VirtualProtect((void*)dwaddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
BYTE* pAddie = (BYTE*)dwaddress;
*pAddie = 0xE9;
pAddie++;
dwaddress = (DWORD*)pAddie;
*dwaddress = dwRealAddie;
for(DWORD i = 0x4; i < dwlen; i++)
*(pAddie + i) = 0x90;
VirtualProtect((void*)dwaddress, dwlen, dwOldProtect, NULL);
}
Code:
Hook hook; hook.NOP((DWORD*)(address), (how_many_bytes_to_nop)); hook.JMP((DWORD*)(address), (DWORD*)(your function), (how many bytes));
This isn't really a tutorial it's just some source code for you guys to study and learn from. Again it's very simple but you can combine it with other methods and it's very useful. Hope you learned something.
Originally Posted by 258456
So lately many people have been asking how to hook and Fallen is going to write a tutorial soon, but i just wanted to release a part of my hooking class. It's very simple and contains only the most basic type of hook which is the jmp hook and i threw in a function to NOP addies as well. Again it's very simple, but i made it to give you guys that want to learn how to hook a simple idea of how the idea works.
Here is the class:
To implement it you simply declare a variable of type Hook and then use the functions like so:
Note that in order to use the JMP method you need to do it in a spot with atleast 5 bytes because the JMP is 0xE9 (1-byte) then the address of your function which is 4 bytes.
This isn't really a tutorial it's just some source code for you guys to study and learn from. Again it's very simple but you can combine it with other methods and it's very useful. Hope you learned something.
Here is the class:
Code:
class Hook
{
public:
void NOP(DWORD* dwaddress, DWORD dwlen);
void JMP(DWORD* dwaddress, DWORD* dwyouraddress, DWORD dwlen);
};
void Hook::NOP(DWORD* dwaddress, DWORD dwlen)
{
DWORD dwOldProtect;
VirtualProtect((void*)dwaddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
BYTE *pAddie = (BYTE*)dwaddress;
*pAddie = 0x90;
for(DWORD i = 0x1; i < dwlen; i++)
*(pAddie + i) = 0x90;
VirtualProtect((void*)dwaddress, dwlen, dwOldProtect, NULL);
}
void Hook::JMP(DWORD* dwaddress, DWORD* dwyouraddress, DWORD dwlen)
{
DWORD dwOldProtect;
DWORD dwRealAddie = (DWORD)dwyouraddress - (DWORD)dwaddress - 5;
VirtualProtect((void*)dwaddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
BYTE* pAddie = (BYTE*)dwaddress;
*pAddie = 0xE9;
pAddie++;
dwaddress = (DWORD*)pAddie;
*dwaddress = dwRealAddie;
for(DWORD i = 0x4; i < dwlen; i++)
*(pAddie + i) = 0x90;
VirtualProtect((void*)dwaddress, dwlen, dwOldProtect, NULL);
}
Code:
Hook hook; hook.NOP((DWORD*)(address), (how_many_bytes_to_nop)); hook.JMP((DWORD*)(address), (DWORD*)(your function), (how many bytes));
This isn't really a tutorial it's just some source code for you guys to study and learn from. Again it's very simple but you can combine it with other methods and it's very useful. Hope you learned something.
when you do the class instead of Hook hook; do Hook* hook = new Hook( ); Hook->Function( );
Second I would suggest saving the opcodes you overwrite and executing them before you execute your code ( just because then you don't need to rewrite them yourself ) other than that, It's a pretty good tutorial for your first time. Looking forward to seeing more of your work.
Originally Posted by ~FALLEN~
Good job man, I'll pm you my msn if you want to chat ( idk if you're on it yet or not lolz ) and heres a few tips btw
when you do the class instead of Hook hook; do Hook* hook = new Hook( ); Hook->Function( );
Second I would suggest saving the opcodes you overwrite and executing them before you execute your code ( just because then you don't need to rewrite them yourself ) other than that, It's a pretty good tutorial for your first time. Looking forward to seeing more of your work.
when you do the class instead of Hook hook; do Hook* hook = new Hook( ); Hook->Function( );
Second I would suggest saving the opcodes you overwrite and executing them before you execute your code ( just because then you don't need to rewrite them yourself ) other than that, It's a pretty good tutorial for your first time. Looking forward to seeing more of your work.
Code:
Hook *hook = new Hook; (*hook).NOP();
wont it get patched why did you relese it ?
nice work @258456 
Originally Posted by kmanev073
because it is patched 
Originally Posted by kmanev073
wont it get patched why did you relese it ?
Nice!
Good job
Good job
Originally Posted by ~FALLEN~
Good job man, I'll pm you my msn if you want to chat ( idk if you're on it yet or not lolz ) and heres a few tips btw
when you do the class instead of Hook hook; do Hook* hook = new Hook( ); Hook->Function( );
Second I would suggest saving the opcodes you overwrite and executing them before you execute your code ( just because then you don't need to rewrite them yourself ) other than that, It's a pretty good tutorial for your first time. Looking forward to seeing more of your work.
when you do the class instead of Hook hook; do Hook* hook = new Hook( ); Hook->Function( );
Second I would suggest saving the opcodes you overwrite and executing them before you execute your code ( just because then you don't need to rewrite them yourself ) other than that, It's a pretty good tutorial for your first time. Looking forward to seeing more of your work.
i´m working with PUSHAD & POPAD stuff.. more effective than this (why the hell nop's? > makes game laggy)
Originally Posted by Syn0tix
sory @~FALLEN~ , but why is this "good job" ?
i´m working with PUSHAD & POPAD stuff.. more effective than this (why the hell nop's? > makes game laggy)
i´m working with PUSHAD & POPAD stuff.. more effective than this (why the hell nop's? > makes game laggy)
1. calling convention (32 bit conventions) ex. __thiscall __stdcall __cdecl __fastcall
now i'm sure the people actually reading this are asking, well whats the difference?
well one of the main differences is how they operate. ex. (calling wise) and two, how the arguments are used ( left to right vs right to left )
__stdcall:
push arguments
call function
( automatic cleanup from "callee" )
__cdecl:
push arguments
call function
add esp, arguments * 4 ( pops function arguments off the stack ) ( clean up from "caller" )
__thiscall:
mov ecx, this pointer*
push arguments*
call function
__fastcall: pretty much the same as __thiscall but with edx too.
these are just short descriptions of the calling conventions, theres much more behind them.
note* this can interchange
the reason he nops ( no operation ) is so he doesn't corrupt the stack. ( A BIG NO NO ) because if you don't nop you get a bunch of unintended commands in the function -> corrupt reason why? tried to preform an unsupported operation. this is why you replace the original operations in your function ( or save them and jump to them before you jump to your code ) pushad / popfd is so you dont interfere with the registers while you execute your code.. same with pushfd and popfd ( for the eflags ) try subfunction hooking and you would probably understand it better. anyways you're wrong, and once again learn wtf you're talking about before you try to correct / claim someone elses work. especially if they're better than you. bye now
by the way nopping doesn't make a game laggy, that's just you're p.o.s code.
Originally Posted by ~FALLEN~
LOL okay... Let me explain this in dumb terms so even the noobs can laugh at you. pushad preserves the general registers on the stack popad pops the general registers pushfd pushes the eflags register onto the stack and popfd will pop the registers into eflags again. So now that I have introduced that, here is a few tips.
1. calling convention (32 bit conventions) ex. __thiscall __stdcall __cdecl __fastcall
now i'm sure the people actually reading this are asking, well whats the difference?
well one of the main differences is how they operate. ex. (calling wise) and two, how the arguments are used ( left to right vs right to left )
__stdcall:
push arguments
call function
( automatic cleanup from "callee" )
__cdecl:
push arguments
call function
add esp, arguments * 4 ( pops function arguments off the stack ) ( clean up from "caller" )
__thiscall:
mov ecx, this pointer*
push arguments*
call function
__fastcall: pretty much the same as __thiscall but with edx too.
these are just short descriptions of the calling conventions, theres much more behind them.
note* this can interchange
the reason he nops ( no operation ) is so he doesn't corrupt the stack. ( A BIG NO NO ) because if you don't nop you get a bunch of unintended commands in the function -> corrupt reason why? tried to preform an unsupported operation. this is why you replace the original operations in your function ( or save them and jump to them before you jump to your code ) pushad / popfd is so you dont interfere with the registers while you execute your code.. same with pushfd and popfd ( for the eflags ) try subfunction hooking and you would probably understand it better. anyways you're wrong, and once again learn wtf you're talking about before you try to correct / claim someone elses work. especially if they're better than you. bye now
by the way nopping doesn't make a game laggy, that's just you're p.o.s code.
1. calling convention (32 bit conventions) ex. __thiscall __stdcall __cdecl __fastcall
now i'm sure the people actually reading this are asking, well whats the difference?
well one of the main differences is how they operate. ex. (calling wise) and two, how the arguments are used ( left to right vs right to left )
__stdcall:
push arguments
call function
( automatic cleanup from "callee" )
__cdecl:
push arguments
call function
add esp, arguments * 4 ( pops function arguments off the stack ) ( clean up from "caller" )
__thiscall:
mov ecx, this pointer*
push arguments*
call function
__fastcall: pretty much the same as __thiscall but with edx too.
these are just short descriptions of the calling conventions, theres much more behind them.
note* this can interchange
the reason he nops ( no operation ) is so he doesn't corrupt the stack. ( A BIG NO NO ) because if you don't nop you get a bunch of unintended commands in the function -> corrupt reason why? tried to preform an unsupported operation. this is why you replace the original operations in your function ( or save them and jump to them before you jump to your code ) pushad / popfd is so you dont interfere with the registers while you execute your code.. same with pushfd and popfd ( for the eflags ) try subfunction hooking and you would probably understand it better. anyways you're wrong, and once again learn wtf you're talking about before you try to correct / claim someone elses work. especially if they're better than you. bye now
by the way nopping doesn't make a game laggy, that's just you're p.o.s code.
Thanks for saving me the time to reply to Syntoix. He always hatin cuz he jelly that he can't make a d3d menu. He has to use vb lol.
i agree with @~FALLEN~
naked function and pushad , pushfd etc is not the best idea
in my opinion, the best idea for mid hook (for example) is to make a function that (sry bad english):
1- allocates some memory
2- adds code that fixes the stack
3- jumps to the modified function
4- writes an alternate header to the real function instead of the modified one
5- jumps back to next executable line of the real function
and the function would return a pointer to the alternate header ofc
i have made a function which makes all of this.. really easy and i can access all function parameters
and easily can declare local variables inside the function itself, not global variables outside it
another advantage : i can make chams easily, while you have to work hard to get it working using your method..
and i see nops could be useless in one case:
if you jump back AFTER them, while if you jump back after the modified bytes , they are needed
but i prefer them because they make the function more readable while debugging
@258456
you made a mistake
do you mean 0x5?
naked function and pushad , pushfd etc is not the best idea
in my opinion, the best idea for mid hook (for example) is to make a function that (sry bad english):
1- allocates some memory
2- adds code that fixes the stack
3- jumps to the modified function
4- writes an alternate header to the real function instead of the modified one
5- jumps back to next executable line of the real function
and the function would return a pointer to the alternate header ofc
i have made a function which makes all of this.. really easy and i can access all function parameters
and easily can declare local variables inside the function itself, not global variables outside it
another advantage : i can make chams easily, while you have to work hard to get it working using your method..
and i see nops could be useless in one case:
if you jump back AFTER them, while if you jump back after the modified bytes , they are needed
but i prefer them because they make the function more readable while debugging
@258456
you made a mistake
Code:
for(DWORD i = 0x4; i < dwlen; i++)
Originally Posted by giniyat101
i agree with @~FALLEN~
naked function and pushad , pushfd etc is not the best idea
in my opinion, the best idea for mid hook (for example) is to make a function that (sry bad english):
1- allocates some memory
2- adds code that fixes the stack
3- jumps to the modified function
4- writes an alternate header to the real function instead of the modified one
5- jumps back to next executable line of the real function
and the function would return a pointer to the alternate header ofc
i have made a function which makes all of this.. really easy and i can access all function parameters
and easily can declare local variables inside the function itself, not global variables outside it
another advantage : i can make chams easily, while you have to work hard to get it working using your method..
and i see nops could be useless in one case:
if you jump back AFTER them, while if you jump back after the modified bytes , they are needed
but i prefer them because they make the function more readable while debugging
@258456
you made a mistake
do you mean 0x5?
naked function and pushad , pushfd etc is not the best idea
in my opinion, the best idea for mid hook (for example) is to make a function that (sry bad english):
1- allocates some memory
2- adds code that fixes the stack
3- jumps to the modified function
4- writes an alternate header to the real function instead of the modified one
5- jumps back to next executable line of the real function
and the function would return a pointer to the alternate header ofc
i have made a function which makes all of this.. really easy and i can access all function parameters
and easily can declare local variables inside the function itself, not global variables outside it
another advantage : i can make chams easily, while you have to work hard to get it working using your method..
and i see nops could be useless in one case:
if you jump back AFTER them, while if you jump back after the modified bytes , they are needed
but i prefer them because they make the function more readable while debugging
@258456
you made a mistake
Code:
for(DWORD i = 0x4; i < dwlen; i++)
Originally Posted by 258456
Well, i made it with 0x5 and it would nop the wrong bytes so i made it 0x4 and it worked.
i checked again and i see u increased the pointer by 1.. so the first nop is pointer + 4
good job
If you want to make your hook generic, you have to use some kind of length disassembler to avoid some opcodes to get corrupted
Originally Posted by giniyat101
my bad..
i checked again and i see u increased the pointer by 1.. so the first nop is pointer + 4
good job
i checked again and i see u increased the pointer by 1.. so the first nop is pointer + 4
good job
Similar Threads
- 17Last post
- 44Last post
- 21Last post
- 9Last post
- 8Last post