// Edit a single module's import table so that wherever it would have called the // imported function pointer 'oldfunc', it now calls 'newfunc'. (When a module calls // a function in another module, it uses an indirect JMP instruction that looks up // the target address in the calling module's import table. Modifying an entry in // the import table changes the target address. For a good description of the data // structures involved, see "Peering Inside the PE" by Matt Pietrek on MSDN.) static BOOL HookFunction(HMODULE module, void* oldfunc, void* newfunc) { // Make sure we can read the module header. if (IsBadReadPtr(module, sizeof(PIMAGE_NT_HEADERS))) return FALSE; // Navigate to the module's import table. GETPOINTER(IMAGE_DOS_HEADER, dosheader, module, 0); if (dosheader->e_magic != IMAGE_DOS_SIGNATURE) return FALSE; GETPOINTER(IMAGE_NT_HEADERS, ntheader, module, dosheader->e_lfanew); if (ntheader->Signature != IMAGE_NT_SIGNATURE) return FALSE; IMAGE_DATA_DIRECTORY* directory = ntheader->OptionalHeader.DataDirectory; DWORD offset = directory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress; GETPOINTER(IMAGE_IMPORT_DESCRIPTOR, importdesc, module, offset); if (importdesc == (IMAGE_IMPORT_DESCRIPTOR*) ntheader) return FALSE; // Scan the import table and replace all occurrences of the given function pointer. // The table contains a list of import descriptors, one for each imported module, // and each descriptor points to a list of thunks, one for each imported function. BOOL success = FALSE; for (; importdesc->Name; importdesc++) { GETPOINTER(char, name, module, importdesc->Name); GETPOINTER(IMAGE_THUNK_DATA, thunk, module, importdesc->FirstThunk); for (; thunk->u1.Function; thunk++) { void** funcptr = (void**) &thunk->u1.Function; if (*funcptr == oldfunc) { success |= WritePointer(funcptr, newfunc); } } } return success; }
VOID UpdateMana() { while(TRUE) { if ((int) ReadPointer(alertBase, mpAlert) < 20) { WritePointer(alertBase, mpAlert, 20); } mana = (int) ReadPointer(guiBase, guiMana); Sleep(100); } }
VOID UpdateHealth() { while(TRUE) { if ((int) ReadPointer(alertBase, hpAlert) < 20) { WritePointer(alertBase, hpAlert, 20); } health = (int) ReadPointer(guiBase, guiHealth); Sleep(100); } }
void TeleXY( bool s , int x, int y) { WritePointer(PeopleBase,PeopleTeleX,x); WritePointer(PeopleBase,PeopleTeleY,y); WritePointer(PeopleBase,PeopleTeleSW,s); }
void WriteFuncObjRef(const FuncObjRef& fFuncObjRef) { WritePointer(fFuncObjRef.objRef); WriteInt(fFuncObjRef.objIndx); WriteLine(); }
void WriteFuncObj(const FuncObjC* fFuncObj) { WritePointer(fFuncObj); WriteLine(); }