void * CPatcher::InstallDetourPatchInternal(DWORD dwAddress, DWORD dwDetourAddress, BYTE byteType, int iSize)
{
// Allocate the trampoline memory
BYTE * pbyteTrampoline = (BYTE *)malloc(iSize + 5);
// Unprotect the trampoline memory
Unprotect((DWORD)pbyteTrampoline, (iSize + 5));
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddress, (iSize + 5));
// Copy the overwritten address memory to the trampoline memory
memcpy(pbyteTrampoline, (void *)dwAddress, iSize);
// Write the type to the trampoline memory
DWORD dwTrampoline = (DWORD)(pbyteTrampoline + iSize);
*(BYTE *)dwTrampoline = byteType;
*(DWORD *)(dwTrampoline + 1) = ((dwAddress + iSize) - dwTrampoline - 5);
// Write the type to the address memory
*(BYTE *)dwAddress = byteType;
*(DWORD *)(dwAddress + 1) = (dwDetourAddress - dwAddress - 5);
// Re-protect the address memory
Reprotect(protectionInfo);
return pbyteTrampoline;
}
BYTE CPatcher::InstallDetourPatchWithData(char * szLibrary, unsigned int uOrdinal, DWORD dwFunctionAddress)
{
DWORD dwAddress = GetFunctionAddress(szLibrary, uOrdinal);
DWORD dwDetourAddress = dwFunctionAddress;
BYTE byteType = X86_JMP;
int iSize = 5;
// Allocate the trampoline memory
BYTE * pbyteTrampoline = (BYTE *)malloc(iSize + 5);
// Unprotect the trampoline memory
Unprotect((DWORD)pbyteTrampoline, (iSize + 5));
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddress, (iSize + 5));
// Copy the overwritten address memory to the trampoline memory
memcpy(pbyteTrampoline, (void *)dwAddress, iSize);
// Write the type to the trampoline memory
DWORD dwTrampoline = (DWORD)(pbyteTrampoline + iSize);
*(BYTE *)dwTrampoline = byteType;
*(DWORD *)(dwTrampoline + 1) = ((dwAddress + iSize) - dwTrampoline - 5);
// Write the type to the address memory
*(BYTE *)dwAddress = byteType;
*(DWORD *)(dwAddress + 1) = (dwDetourAddress - dwAddress - 5);
// Re-protect the address memory
Reprotect(protectionInfo);
return (pbyteTrampoline != NULL);
}
void CPatcher::InstallPushPatch(DWORD dwAddress, DWORD dwFunc)
{
ProtectionInfo protectionInfo = Unprotect(dwAddress, 5);
*(BYTE*)(dwAddress) = 0x68;
*(DWORD*)(dwAddress+1) = dwFunc;
Reprotect(protectionInfo);
}
void CPatcher::InstallNopPatch(DWORD dwAddress, int iSize)
{
DWORD dwAddr = dwAddress;
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddr, iSize);
// Write the no operation to the address memory
memset((void *)dwAddr, X86_NOP, iSize);
// Re-protect the address memory
Reprotect(protectionInfo);
}
void CPatcher::InstallMethodPatch(DWORD dwHookAddress, DWORD dwFunctionAddress)
{
DWORD dwHookAddr = dwHookAddress;
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwHookAddr, 4);
// Write the function to the address memory
*(DWORD *)dwHookAddr = (DWORD)dwFunctionAddress;
// Re-protect the address memory
Reprotect(protectionInfo);
}
void CPatcher::InstallStringPatch(DWORD dwAddress, char * szString, int iSize)
{
DWORD dwAddr = dwAddress;
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddr, iSize);
// Write the string to the address memory
memcpy((void *)dwAddr, szString, iSize);
// Re-protect the address memory
Reprotect(protectionInfo);
}
void CPatcher::InstallRetnPatch(DWORD dwAddress)
{
DWORD dwAddr = dwAddress;
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddr, 1);
// Write the return to the address memory
*(BYTE *)dwAddr = X86_RETN;
// Re-protect the address memory
Reprotect(protectionInfo);
}
// TODO: A method to just use the trampoline and jmp function
void CPatcher::UninstallDetourPatchInternal(DWORD dwAddress, void * pTrampoline, int iSize)
{
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwAddress, iSize);
// Copy the trampoline to the address
memcpy((void *)dwAddress, pTrampoline, iSize);
// Re-protect the address memory
Reprotect(protectionInfo);
// Free trampoline
free(pTrampoline);
}
void CPatcher::UninstallDetourPatch(void * pTrampoline, DWORD dwFunctionAddress)
{
// Unprotect the address memory
ProtectionInfo protectionInfo = Unprotect(dwFunctionAddress, 5);
// Copy the trampoline to the address
memcpy((void *)dwFunctionAddress, pTrampoline, 5);
// Re-protect the address memory
Reprotect(protectionInfo);
// Free trampoline
free(pTrampoline);
}
