Vivid Abstractions Where Programming Becomes An Abstraction

19May/1013

Video Tutorial – Function Hooking

This is my video tutorial on function hooking.

Click here for the tutorial!

The hooking function:

 void WriteJMP(byte* location, byte* newFunction)
{
DWORD dwOldProtection;
VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, dwOldProtection);
location[0] = 0xE9;
 *((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);
} 

Complete Source:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
typedef unsigned char byte;
typedef unsigned short word;
typedef unsigned int dword;
byte countSwitch = 0;
DWORD UpdateTimeCall = 0x01001D6C; //This call calls the UpdateTime function
DWORD UpdateTimeRetn = 0x01001D71; //This is the place where we will return     0x01001D6C + 0x05
DWORD UpdateTimeFunc = 0x01002FE0; //This is the updateTime function
void WriteJMP(byte* location, byte* newFunction){
	DWORD dwOldProtection;
	VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, &dwOldProtection);
		location[0] = 0xE9;
		*((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
	VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);
}
void _declspec(naked) hTimeFunc(){
	if(countSwitch == 0)
	{
		countSwitch = 1;
		_asm
		{
			JMP UpdateTimeRetn
		}
	}
	else
	{
		countSwitch = 0;
		_asm
		{
			CALL UpdateTimeFunc
			JMP UpdateTimeRetn
		}
	}
}
void initHooks(){
	WriteJMP((byte*)UpdateTimeCall,(byte*)hTimeFunc); //Writes a jump from the original call to our custom function
}
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		initHooks();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

Enjoy.

Comments (13) Trackbacks (0)
  1. This tutorials are awesome!!!! They have helped me a lot. I look forward to your next one.

  2. I’ve been interested in learning how to make a trainer in C++, similiar to how you make one in C#.

  3. Oh, and a few other ideas.

    How to freeze an address the way cheat engine does

    How to use CreateRemoteThread to inject a dll

    How to Instead of writing a separate DLL, coping your code to the remote process directly with WriteProcessMemory, and execute it with CreateRemoteThread

  4. Well I can make a tut on how to make a DLL Trainer in C++ with injection and how to freeze an address the way Cheat Engine does and a more elegant way.

  5. That would be great too.

  6. Could you also post your source code for the win mine tut dll?

  7. What tool did u used in this video :D ?


Leave a comment

No trackbacks yet.

SEO Powered by Platinum SEO from Techblissonline

Page optimized by WP Minify WordPress Plugin