http://www.compile.ro/2018/06/24/interceptarea-functiilor-din-windows/
Credits to developer !
Code:
VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header) {
//adauga permisiunea de scriere in primii 5 octeti de la inceputul functiei
DWORD op;
VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);
//salveaza cei 5 octeti originali ai functiei
CopyMemory(old_header, (LPVOID)old_func, 5);
//calculeaza distanta dintre noua si vechea functie
// folosita ca parametru de JMP
DWORD size = new_func - (old_func + 5);
//construieste instructiunea JMP
new_header[0] = 0xE9;
new_header[1] = size >> 0;
new_header[2] = size >> 8;
new_header[3] = size >> 16;
new_header[4] = size >> 24;
//scrie instuctiunea la inceputul functiei vechi
CopyMemory((LPVOID)old_func, new_header, 5);
}
BYTE OH_GetVersion[5];
BYTE NH_GetVersion[5];
...
DetourSet((DWORD)GetVersion, (DWORD)D_GetVersion, OH_GetVersion, NH_GetVersion);
DWORD WINAPI D_GetVersion()
{
//copiaza cei 5 octeti originali inapoi in GetVersion
CopyMemory((LPVOID)GetVersion, OH_GetVersion, 5);
//apeleaza GetVersion
DWORD v = GetVersion();
//coipiaza JMP-ul in GetVersion
CopyMemory((LPVOID)GetVersion, NH_GetVersion, 5);
//modifica si returneaza valoarea
return v & 0xFFFF00FF | 0x0200;
}
#include
#include
#define DETOUR_DEFINE(F) BYTE OH_##F[5]; BYTE NH_##F[5];
#define DETOUR_SET(F) DetourSet((DWORD)F, (DWORD)D_##F, OH_##F, NH_##F)
#define DETOUR_EXEC(R, F, ...) { CopyMemory((LPVOID)F, OH_##F, 5); R = F(__VA_ARGS__); CopyMemory((LPVOID)F, NH_##F, 5); }
DETOUR_DEFINE(GetVersion);
DWORD WINAPI D_GetVersion()
{
DWORD v;
DETOUR_EXEC(v, GetVersion);
return v & 0xFFFF00FF | 0x0200;
}
VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header)
{
DWORD op;
VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);
CopyMemory(old_header, (LPVOID)old_func, 5);
DWORD size = new_func - (old_func + 5);
new_header[0] = 0xE9;
new_header[1] = size >> 0;
new_header[2] = size >> 8;
new_header[3] = size >> 16;
new_header[4] = size >> 24;
CopyMemory((LPVOID)old_func, new_header, 5);
}
int main() {
DWORD v = GetVersion();
printf("Inainte de redirectionare versiunea este: %d.%d (%d)\n", LOBYTE(LOWORD(v)), HIBYTE(LOWORD(v)), HIWORD(v));
DETOUR_SET(GetVersion);
v = GetVersion();
printf("Dupa redirectionare versiunea este: %d.%d (%d)\n", LOBYTE(LOWORD(v)), HIBYTE(LOWORD(v)), HIWORD(v));
getchar();
}