void patch()
{
HANDLE rmalloc = LoadLibraryA("rmalloc.dll");
void *my_malloc = GetProcAddress(rmalloc, "rmalloc");
void *my_calloc = GetProcAddress(rmalloc, "rcalloc");
void *my_realloc = GetProcAddress(rmalloc, "rrealloc");
void *my_free = GetProcAddress(rmalloc, "rfree");
init = (void *)GetProcAddress(rmalloc, "init");
hProcess = GetCurrentProcess();
base = (int)GetModuleHandle(NULL) + 0xC00;
MessageBoxA(NULL, "TH145 patcher loaded successfully.", "Hello World!", 0);
init_rmalloc();
hook_jmp(0x38d34e + base, my_malloc); /* patch malloc functions */
hook_jmp(0x3961c7 + base, my_calloc);
hook_jmp(0x38bf41 + base, my_realloc);
hook_jmp(0x38a804 + base, my_free);
dummy_func(0x2579a0 + base); /* disable th145 antidebugger */
dummy_func(0x258a20 + base);
}
void init_rmalloc()
{
int old_pos = 0x38bf41;
int new_pos = 0x4189ea;
char buf[7];
int len = sizeof(buf);
/* save old realloc header */
memcpy(buf, (void *)(base + old_pos), len);
/* move old header to a new place, then glue them */
WriteProcessMemory(hProcess, (void *)(new_pos + base), buf, len, NULL);
hook_jmp(new_pos + len + base, (void *)(base + old_pos + len));
/* init rmalloc with native remalloc address*/
init(new_pos + base);
}
//------------------------------------------------------------------------------
static int apply_hook_jmp(void* self, const hook_decl_t* hook)
{
void* addr;
// Hook into a DLL's import by patching the start of the function. 'addr' is
// the trampoline to call the original. This method doesn't use the IAT.
addr = hook_jmp(hook->dll, hook->name_or_addr, hook->hook);
if (addr == NULL)
{
LOG_INFO("Unable to hook %s in %s", hook->name_or_addr, hook->dll);
return 0;
}
// Patch our own IAT with the address of a trampoline that the jmp-style
// hook creates that calls the original function (i.e. a hook bypass).
if (hook_iat(self, NULL, hook->name_or_addr, addr, 1) == 0)
{
LOG_INFO("Failed to hook own IAT for %s", hook->name_or_addr);
return 0;
}
return 1;
}
