19May/1013
Video Tutorial – Function Hooking
This is my video tutorial on function hooking.
The hooking function:
void WriteJMP(byte* location, byte* newFunction)
{
DWORD dwOldProtection;
VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, dwOldProtection);
location[0] = 0xE9;
*((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);
} Complete Source:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
typedef unsigned char byte;
typedef unsigned short word;
typedef unsigned int dword;
byte countSwitch = 0;
DWORD UpdateTimeCall = 0x01001D6C; //This call calls the UpdateTime function
DWORD UpdateTimeRetn = 0x01001D71; //This is the place where we will return 0x01001D6C + 0x05
DWORD UpdateTimeFunc = 0x01002FE0; //This is the updateTime function
void WriteJMP(byte* location, byte* newFunction){
DWORD dwOldProtection;
VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, &dwOldProtection);
location[0] = 0xE9;
*((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
VirtualProtect(location, 5, dwOldProtection, &dwOldProtection);
}
void _declspec(naked) hTimeFunc(){
if(countSwitch == 0)
{
countSwitch = 1;
_asm
{
JMP UpdateTimeRetn
}
}
else
{
countSwitch = 0;
_asm
{
CALL UpdateTimeFunc
JMP UpdateTimeRetn
}
}
}
void initHooks(){
WriteJMP((byte*)UpdateTimeCall,(byte*)hTimeFunc); //Writes a jump from the original call to our custom function
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
initHooks();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
Enjoy.
SEO Powered by Platinum SEO from Techblissonline
November 16th, 2010 - 19:10
This tutorials are awesome!!!! They have helped me a lot. I look forward to your next one.
November 16th, 2010 - 21:00
Thanks a lot for your comment! If you have any suggestions for future tutorials, post here.
November 17th, 2010 - 03:51
I’ve been interested in learning how to make a trainer in C++, similiar to how you make one in C#.
November 17th, 2010 - 10:42
Oh, and a few other ideas.
How to freeze an address the way cheat engine does
How to use CreateRemoteThread to inject a dll
How to Instead of writing a separate DLL, coping your code to the remote process directly with WriteProcessMemory, and execute it with CreateRemoteThread
November 17th, 2010 - 15:02
Well I can make a tut on how to make a DLL Trainer in C++ with injection and how to freeze an address the way Cheat Engine does and a more elegant way.
November 17th, 2010 - 21:24
That would be great too.
November 23rd, 2010 - 00:32
Could you also post your source code for the win mine tut dll?
November 23rd, 2010 - 01:49
Done.
November 23rd, 2010 - 03:28
Thanks
January 7th, 2013 - 02:44
What tool did u used in this video
?
January 7th, 2013 - 08:54
Olly Debugger?
January 7th, 2013 - 18:18
is there a 64 bit version ? cause i could only find 32 …
January 9th, 2013 - 01:26
You need the 32-bit version and I believe Olly Phantom Plugin so it runs on 64-bit machines. It cannot debug 64-bit apps though.