Quote:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include <iostream>
#include <vector>
#include <Windows.h>
#include <tlhelp32.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
using namespace std;
BOOL WINAPI My_DeviceIoControl(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
);
static BOOL(WINAPI* Ori_DeviceIoControl) (
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
) = NULL;
BYTE bytes_written_1[] = { 0x33, 0xC0, 0xC2, 0x0C, 0x00, 0x90 };
BYTE bytes_written_2[] = { 0x33, 0xC0, 0xC2, 0x0C, 0x00, 0x90x 0x90 };
DWORD GetProcId(const wchar_t* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (!_wcsicmp(procEntry.szExeFile, procName))
{
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
DWORD GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
{
DWORD modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_wcsicmp(modEntry.szModule, modName))
{
modBaseAddr = (DWORD)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
}
CloseHandle(hSnap);
return modBaseAddr;
}
BOOL APIENTRY DllMain(HMODULE hDLL,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
HMODULE dll_module_1 = GetModuleHandleA("kernel32.dll");
if (!dll_module_1)
{
DWORD dw = GetLastError();
MessageBox(NULL, L"The library could not load", L"ERROR", MB_OK);
}
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DetourRestoreAfterWith();
Ori_DeviceIoControl = (BOOL(WINAPI*) (HANDLE, DWORD, LPVOID, DWORD, LPVOID, DWORD, LPDWORD, LPOVERLAPPED)) DetourFindFunction("kernel32.dll", "DeviceIoControl");
DisableThreadLibraryCalls(hDLL);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)Ori_DeviceIoControl, My_DeviceIoControl);
if (DetourTransactionCommit() != NO_ERROR)
MessageBox(NULL, L"Detour Attach Error", NULL, MB_OK);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)Ori_DeviceIoControl, My_DeviceIoControl);
DetourTransactionCommit();
break;
}
return TRUE;
}
}
BOOL WINAPI My_DeviceIoControl(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
)
{
DWORD processID = GetProcId(L"??????.exe");
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, processID);
DWORD moduleBase = GetModuleBaseAddress(processID, L"?????.exe");
if (moduleBase != 0)
{
DWORD target_adres = moduleBase + ??????;
DWORD* target_adres_ = 0;
DWORD dwLen_ = 0;
BOOL sonuc = false;
DWORD* control_1 = (DWORD*)0x0???????;
DWORD* control_2 = (DWORD*)0x0???????;
DWORD oldprotect;
if (target_adres != 0)
{
ReadProcessMemory(hProcess, (LPVOID)target_adres, (LPVOID)&target_adres_, 4, NULL);
if (target_adres_ == control_1)
{
unsigned int length_ = 6;
VirtualProtectEx(hProcess, (LPVOID)target_adres, length_, PAGE_EXECUTE_READWRITE, &oldprotect);
sonuc = WriteProcessMemory(hProcess, (LPVOID)target_adres, &bytes_written_1, length_, &dwLen_); // 1st patch (1st Layer)
VirtualProtectEx(hProcess, (LPVOID)target_adres, length_, oldprotect, &oldprotect);
...
...
if (sonuc)
{
//MessageBox(NULL, L"patched", NULL, MB_OK); // 1st layer is OK, patched
}
}
}
target_adres = moduleBase + 0x0???; // 2nd layer (if needed)
if (target_adres != 0)
{
ReadProcessMemory(hProcess, (LPVOID)target_adres, (LPVOID)&target_adres_, 4, NULL);
if (target_adres_ == control_2)
{
unsigned int length_= 7;
VirtualProtectEx(hProcess, (LPVOID)hedef_adres, uzunluk, PAGE_EXECUTE_READWRITE, &oldprotect);
sonuc = WriteProcessMemory(hProcess, (LPVOID)hedef_adres, &bytes_written_4, uzunluk, &dwLen_); // 2nd patch (2nd layer)
VirtualProtectEx(hProcess, (LPVOID)hedef_adres, uzunluk, oldprotect, &oldprotect);
...
...
DetourTransactionBegin(); // JOB is done, it is time to Detach
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)Ori_DeviceIoControl, My_DeviceIoControl);
DetourTransactionCommit();
}
}
}
BOOL fake_handle = false;
fake_handle = Ori_DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped);
return fake_handle;
}
|
how do compile this code?
|