BOOL CDOMPlugin::UnPatch() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)StubShell->PatchAt, (PVOID)StubShell->ShellCode); DetourTransactionCommit(); return TRUE; }
BOOL CProcessMgrImpl::HookFuncEnd( PVOID *ppPointer, PVOID pDetour ) { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread( GetCurrentThread() ); DetourDetach( ppPointer, pDetour ); DWORD dwErr = DetourTransactionCommit(); return ( dwErr == NO_ERROR ); }
void CSimpleDetour::Detach() { if ( !m_bAttached ) return; DetourTransactionBegin(); DetourUpdateThread( GetCurrentThread() ); DetourDetach( m_fnOld, m_fnReplacement ); DetourTransactionCommit(); }
void CHookCenter::StartHook(){ LoadLibrary(L"Wininet.dll"); g_originConnect = (pInternetConnect)DetourFindFunction("Wininet.dll", "InternetConnectW"); DetourTransactionBegin(); DetourUpdateThread(::GetCurrentThread()); DetourAttach((PVOID*)&g_originConnect, hook_InternetConnect); DetourTransactionCommit(); HookCookieDir(); }
void FileFilter_Unload() { if(sigcheckfileext_Sig.sig_addr) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)checkext_trampoline, (PVOID)(&(PVOID&)checkext_hook)); DetourTransactionCommit(); } }
BOOL SetHook ( __in BOOL bState, __inout PVOID* ppPointer, __in PVOID pDetour ) { if ( ! DetourTransactionBegin() && ! DetourUpdateThread(GetCurrentThread()) && ! (bState ? DetourAttach : DetourDetach)(ppPointer, pDetour) && ! DetourTransactionCommit() ) return TRUE; return FALSE; }
PVOID DetourHook::hook(PVOID tgt, PVOID rep){ this->target = tgt; this->replacer = rep; PVOID detoured = tgt; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)target, replacer); DetourTransactionCommit(); return target; }
void Ndr_installHooks(HMODULE rpcrt4) { // Récupération de l'adresse courante des méthodes _NdrAsyncServerCall = (NdrAsyncServerCall_Prototype) ((DWORD) rpcrt4 + OFFSET_NdrAsyncServerCall); // On pose les hooks à partir d'ici DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((PVOID *)&_NdrAsyncServerCall, NdrAsyncServerCallHook); DetourTransactionCommit(); }
void CSimpleDetour::Attach() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(m_fnOld, m_fnReplacement); DetourTransactionCommit(); m_bAttached = true; }
void CHookCenter::HookCookieDir(){ LoadLibrary(L"shell32.dll"); g_SHGetFolderPath = (pFunc_SHGetFolderPath)DetourFindFunction("shell32.dll", "SHGetFolderPathW"); DetourTransactionBegin(); DetourUpdateThread(::GetCurrentThread()); DetourAttach((PVOID*)&g_SHGetFolderPath, Hook_SHGetFolderPathW); DetourTransactionCommit(); }
HRESULT WINAPI myCreateDevice(LPVOID *ppvOut, REFGUID rguid, LPDIRECTINPUTDEVICE * lplpDirectInputDevice, LPUNKNOWN pUnkOuter) { OutputDebugString("Hooked CreateDevice"); HRESULT retValue = oldCreateDevice(ppvOut, rguid, lplpDirectInputDevice, pUnkOuter); // get input device and pointer to GetDeviceState and hook it LPVOID ptrGetDeviceState= *(((LPVOID *)(*(LPVOID *)(*(LPVOID *)lplpDirectInputDevice)))+9); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); oldGetDeviceState = (HRESULT (WINAPI *) (LPVOID, DWORD ,LPVOID )) ptrGetDeviceState; DetourAttach(&(PVOID&)oldGetDeviceState, myGetDeviceState); DetourTransactionCommit(); return retValue; }
//004D68A3 void BeginDetour() { pCreateFontIndirectW = (fnCreateFontIndirectW)GetProcAddress(GetModuleHandle("gdi32.dll"),"CreateFontIndirectW"); DetourTransactionBegin(); DetourAttach((void**)&pCreateFontIndirectW,newCreateFontIndirectW); DetourTransactionCommit(); //write_jmp((void*)0x004D68A3,fix_width); //GetModuleHandle(""); }
void HookFunctions() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); *(DWORD*)&CGameSpyClient__JoinGroupRoom = 0x00805080; *(DWORD*)&CConnectionLib__UpdateGameSpyClient = 0x008027A0; int success = DetourAttach(&(PVOID&)CGameSpyClient__JoinGroupRoom, CGameSpyClient__JoinGroupRoom_Hook)==0 && DetourAttach(&(PVOID&)CConnectionLib__UpdateGameSpyClient, CConnectionLib__UpdateGameSpyClient_Hook)==0; fprintf(logFile, "Hooked: %d\n", success); DetourTransactionCommit(); }
void Hooker::Unhook() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)Real_TextOutA,Fake_TextOutA); DetourDetach(&(PVOID&)Real_TextOutW,Fake_TextOutW); DetourDetach(&(PVOID&)Real_ExtTextOutA,Fake_ExtTextOutA); DetourDetach(&(PVOID&)Real_ExtTextOutW,Fake_ExtTextOutW); DetourTransactionCommit(); }
int DllProcessAttach(void) { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pMessageBox, MyMessageBox); if (DetourTransactionCommit() == NO_ERROR) { OutputDebugString(TEXT("MessageBox() detoured successfully")); return -1; } return 0; }
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved) { switch(Reason) { case DLL_PROCESS_ATTACH: { s_hDll = hDLL; // Calculate addresses of the functions to detour baseAddress = GetModuleHandle(NULL); regFunc = (pRegFunc)((DWORD)baseAddress + regFuncOffset); regFunc2 = (pRegFunc2)((DWORD)baseAddress + regFunc2Offset); printInitial = (pprintInitial)((DWORD)baseAddress + printInitialOffset); printNumbers = (pprintNumbers)((DWORD)baseAddress + printNumbersOffset); DisableThreadLibraryCalls(hDLL); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)regFunc, d_regFunc); DetourAttach(&(PVOID&)regFunc2, d_regFunc2); DetourAttach(&(PVOID&)printInitial, d_printInitial); DetourAttach(&(PVOID&)printNumbers, d_printNumbers); DetourTransactionCommit(); } break; case DLL_PROCESS_DETACH: DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)regFunc, d_regFunc); DetourDetach(&(PVOID&)regFunc2, d_regFunc2); DetourDetach(&(PVOID&)printInitial, d_printInitial); DetourDetach(&(PVOID&)printNumbers, d_printNumbers); DetourTransactionCommit(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: break; } return TRUE; }
BOOL EnableSpeedControl(BOOL bEnable) { static BOOL bEnabled = FALSE; if ((bEnable && bEnabled) || (!bEnable && !bEnabled)) return FALSE; BOOL bSuccessed; if (bEnable) { InitializeCriticalSection(&g_csGetTickCount); InitializeCriticalSection(&g_csQueryPerformanceCounter); InitializeCriticalSection(&g_csTimeGetTime); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); *(PVOID *)&Real_GetTickCount = DetourCodeFromPointer((PVOID)GetTickCount, NULL); DetourAttach(&(PVOID&)Real_GetTickCount, Mine_GetTickCount); DetourAttach(&(PVOID&)Real_QueryPerformanceCounter, Mine_QueryPerformanceCounter); DetourAttach(&(PVOID&)Real_timeGetTime, Mine_timeGetTime); bSuccessed = DetourTransactionCommit() == 0; bEnabled = TRUE; } else { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)Real_GetTickCount, Mine_GetTickCount); DetourDetach(&(PVOID&)Real_QueryPerformanceCounter, Mine_QueryPerformanceCounter); DetourDetach(&(PVOID&)Real_timeGetTime, Mine_timeGetTime); bSuccessed = DetourTransactionCommit() == 0; DeleteCriticalSection(&g_csGetTickCount); DeleteCriticalSection(&g_csQueryPerformanceCounter); DeleteCriticalSection(&g_csTimeGetTime); bEnabled = FALSE; } return bSuccessed; }
bool CComManager::Finalize() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)NativeRegCreateKeyA, DetourRegCreateKeyA); DetourDetach(&(PVOID&)NativeRegCreateKeyW, DetourRegCreateKeyW); //DetourDetach(&(PVOID&)NativeCoCreateInstance, DetourCoCreateInstance); DetourDetach(&(PVOID&)NativeCoGetClassObject, DetourCoGetClassObject); ULONG error = DetourTransactionCommit(); return error == NO_ERROR; }
static void hook_term() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); #include "hooklist.h" LONG error = DetourTransactionCommit(); if (error != NOERROR) { TRACE(_T("hook_term error: %#x\n"), error); } }
INT APIENTRY DllMain(HMODULE hModule, DWORD Reason, LPVOID lpReserved) { FILE *fd = fopen("C:\\CryptoBlock32.txt", "a"); switch(Reason) { case DLL_PROCESS_ATTACH: // DetourRestoreAfterWith(); ? fprintf(fd, "Made it to process_attach\n"); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)Real_CryptEncrypt, myCryptEncrypt); DetourAttach(&(PVOID&)Real_CryptDecrypt, myCryptDecrypt); DetourAttach(&(PVOID&)Real_CryptAcquireContext, myCryptAcquireContext); DetourAttach(&(PVOID&)Real_CryptCreateHash, myCryptCreateHash); DetourAttach(&(PVOID&)Real_CryptHashData, myCryptHashData); DetourAttach(&(PVOID&)Real_CryptDeriveKey, myCryptDeriveKey); DetourTransactionCommit(); fprintf(fd, "Made it out of process_attach\n"); break; case DLL_PROCESS_DETACH: DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)Real_CryptEncrypt, myCryptEncrypt); DetourDetach(&(PVOID&)Real_CryptDecrypt, myCryptDecrypt); DetourDetach(&(PVOID&)Real_CryptAcquireContext, myCryptAcquireContext); DetourDetach(&(PVOID&)Real_CryptCreateHash, myCryptCreateHash); DetourDetach(&(PVOID&)Real_CryptHashData, myCryptHashData); DetourDetach(&(PVOID&)Real_CryptDeriveKey, myCryptDeriveKey); DetourTransactionCommit(); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } fclose(fd); return TRUE; }
STATUS HookUninstall( VOID ) { DEBUG_PRINTF(LDBG,NULL,"Uninstalling Hooks\n"); CreateProcessInternalW_ = (BOOL (WINAPI *)(HANDLE, LPCWSTR, LPWSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCWSTR, LPSTARTUPINFOW, LPPROCESS_INFORMATION, PHANDLE))GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "CreateProcessInternalW"); NtSetInformationProcess_ = (t_NtSetInformationProcess)(GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtSetInformationProcess")); LdrHotPatchRoutine_ = (t_LdrHotPatchRoutine)(GetProcAddress(GetModuleHandle("NTDLL.DLL"), "LdrHotPatchRoutine")); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); /* Unhooking functions */ DetourDetach(&(PVOID&)CreateProcessInternalW_ , HookedCreateProcessInternalW); if ( PWNYPOT_REGCONFIG.ROP.DETECT_ROP ) { DetourDetach(&(PVOID&)VirtualAlloc_ , HookedVirtualAlloc); DetourDetach(&(PVOID&)VirtualAllocEx_ , HookedVirtualAllocEx); DetourDetach(&(PVOID&)VirtualProtect_ , HookedVirtualProtect); DetourDetach(&(PVOID&)VirtualProtectEx_ , HookedVirtualProtectEx); DetourDetach(&(PVOID&)MapViewOfFile_ , HookedMapViewOfFile); DetourDetach(&(PVOID&)MapViewOfFileEx_ , HookedMapViewOfFileEx); DetourDetach(&(PVOID&)HeapCreate_ , HookedHeapCreate); DetourDetach(&(PVOID&)SetProcessDEPPolicy_ , HookedSetProcessDEPPolicy); DetourDetach(&(PVOID&)WriteProcessMemory_ , HookedWriteProcessMemory); DetourDetach(&(PVOID&)NtSetInformationProcess_ , HookedNtSetInformationProcess); DetourDetach(&(PVOID&)LdrHotPatchRoutine_ , HookedLdrHotPatchRoutine); } if ( PWNYPOT_REGCONFIG.SHELLCODE.ETA_VALIDATION ) { DetourDetach(&(PVOID&)CreateThread_ , HookedCreateThread); } if ( PWNYPOT_REGCONFIG.SHELLCODE.ANALYSIS_SHELLCODE ) { DetourDetach(&(PVOID&)CreateThread_ , HookedCreateThread); DetourDetach(&(PVOID&)URLDownloadToFileW_ , HookedURLDownloadToFileW); DetourDetach(&(PVOID&)socket_ , Hookedsocket); DetourDetach(&(PVOID&)connect_ , Hookedconnect); DetourDetach(&(PVOID&)listen_ , Hookedlisten); DetourDetach(&(PVOID&)bind_ , Hookedbind); DetourDetach(&(PVOID&)accept_ , Hookedaccept); DetourDetach(&(PVOID&)send_ , Hookedsend); DetourDetach(&(PVOID&)recv_ , Hookedrecv); } DetourTransactionCommit(); return PWNYPOT_STATUS_SUCCESS; }
BOOL CHistoryManagerXP::Finalize() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)XpNativeCreateFileW, XpDetourCreateFileW); DetourDetach(&(PVOID&)XpNativeSetFileAttributesW, XpDetourSetFileAttributesW); DetourDetach(&(PVOID&)XpNativeCreateDirectoryW, XpDetourCreateDirectoryW); DetourDetach(&(PVOID&)XpNativeCreateDirectoryExW, XpDetourCreateDirectoryExW); DetourDetach(&(PVOID&)XpNativeRegQueryValueExW, XpDetourRegQueryValueExW); DetourDetach(&(PVOID&)XpNativeRegQueryValueW, XpDetourRegQueryValueW); return NO_ERROR == DetourTransactionCommit(); }
void Hooker::Hook() { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)Real_TextOutA,Fake_TextOutA); DetourAttach(&(PVOID&)Real_TextOutW,Fake_TextOutW); DetourAttach(&(PVOID&)Real_ExtTextOutA,Fake_ExtTextOutA); DetourAttach(&(PVOID&)Real_ExtTextOutW,Fake_ExtTextOutW); DetourTransactionCommit(); }
//安装Hook BOOL APIENTRY SetHook() { //大概是 开始事务吧 DetourTransactionBegin(); //更新线程信息 DetourUpdateThread(GetCurrentThread()); //查询函数 地址 将MessageBoxA 地址保存在这个 指针里面 g_pOldMessageBoxA=DetourFindFunction("User32.dll","MessageBoxA"); //将我们的拦截函数 附加到 MessageBoxA 地址上 DetourAttach(&g_pOldMessageBoxA,ZwNewMessageBoxA); //完成hook LONG ret=DetourTransactionCommit(); return ret==NO_ERROR; }
void detachDetours( ) { DetourTransactionBegin( ); DetourUpdateThread( GetCurrentThread() ); for( auto& hook : g_hooks ) { if( *hook.m_stub ) { DetourDetach( hook.m_stub, hook.m_myDetour ); } } DetourTransactionCommit( ); }
int WINAPI MyWSAIoctl( __in SOCKET s, __in DWORD dwIoControlCode, __in LPVOID lpvInBuffer, __in DWORD cbInBuffer, __out LPVOID lpvOutBuffer, __in DWORD cbOutBuffer, __out LPDWORD lpcbBytesReturned, __in LPWSAOVERLAPPED lpOverlapped, __in LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine ) { int TReturn = pWSAIoctl( s, dwIoControlCode, lpvInBuffer, cbInBuffer, lpvOutBuffer, cbOutBuffer, lpcbBytesReturned, lpOverlapped, lpCompletionRoutine ); static GUID guidRecvMsg = WSAID_WSARECVMSG; if ( SIO_GET_EXTENSION_FUNCTION_POINTER == dwIoControlCode && sizeof(guidRecvMsg) == cbInBuffer ) { if (memcmp(&guidRecvMsg,lpvInBuffer,sizeof(guidRecvMsg)) == 0) { if( sizeof(DWORD_PTR) == cbOutBuffer ) { if( NULL == pWsaRecvMsg ) { pWsaRecvMsg = (LPFN_WSARECVMSG)(*(LPVOID *)lpvOutBuffer); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pWsaRecvMsg, (PBYTE)MY_LPFN_WSARECVMSG); DetourDetach(&(PVOID&)pWSAIoctl, (PBYTE)MyWSAIoctl); DetourTransactionCommit(); } } } } return TReturn; };
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { LONG error; (void)hinst; (void)reserved; if (dwReason == DLL_PROCESS_ATTACH) { printf("loadlib.dll: Starting.\n"); fflush(stdout); DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueLoadLibraryA, MyLoadLibraryA); DetourAttach(&(PVOID&)TrueLoadLibraryW, MyLoadLibraryW); error = DetourTransactionCommit(); if (error == NO_ERROR) { printf("loadlib.dll: Detoured LoadLibrary().\n"); } else { printf("loadlib.dll: Error detouring LoadLibrary(): %d\n", error); } } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueLoadLibraryA, MyLoadLibraryA); DetourDetach(&(PVOID&)TrueLoadLibraryW, MyLoadLibraryW); error = DetourTransactionCommit(); printf("loadlib.dll: Removed LoadLibrary()\n"); fflush(stdout); } return TRUE; }
DWORD WINAPI XpModThread(LPVOID) { BYTE UpdateCharacterExpSavedReturn[6]; // save retn here load(PATH_TO_XPMOD_XML, xpmod_params); char buf [100]; // find base address of game executable GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, ProcessName, &game_handle); // find address of character update xp function UpdateCharacterExp = (UpdateCharacterExpPtr)((uint32_t)game_handle+UPDATE_EXP_OFFSET); wsprintf (buf, "Address of UpdateCharacterExp 0x%x", UpdateCharacterExp); OutputDebugString(buf); // find address of print character xp function // find address of character update xp function PrintCharacterXpGain = (PrintCharacterXpGainPtr)((uint32_t)game_handle+PRINT_XP_FUN_OFFSET); wsprintf (buf, "Address of PrintCharacterXpGain 0x%x", PrintCharacterXpGain); OutputDebugString(buf); // hook UpdateCharacterExp return returnHook(UpdateCharacterExp, myUpdateCharacterExp, UpdateCharacterExpSavedReturn); // start detour print xp function DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)PrintCharacterXpGain, myPrintCharacterXpGain); DetourTransactionCommit(); // end detour print xp function /* // Since oldProtection is not saved by returnHook, don't restore hooks // restore exp update hook // read + write VirtualProtect(UpdateCharacterExp, 6, PAGE_EXECUTE_READWRITE, &oldProtection); memcpy((void *)UpdateCharacterExp, (void *)Before_JMP, 6); // restore protection VirtualProtect((LPVOID)UpdateCharacterExp, 6, oldProtection, NULL); // restore print xp function DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)PrintCharacterXpGain, myPrintCharacterXpGain); DetourTransactionCommit(); */ return 0; }
void proc_hook_IDXGISwapChain_Present(IDXGISwapChain *ppSwapChain) { uintptr_t *pInterfaceVTable = (uintptr_t *)*(uintptr_t *)ppSwapChain; // IDXGISwapChain pDXGISwapChainPresent = (TDXGISwapChainPresent)pInterfaceVTable[8]; // IDXGISwapChain::Present() #if 0 pRelease = (TRelease) pInterfaceVTable[2]; // IDXGISwapChain::Release() #endif DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)pDXGISwapChainPresent, hook_DXGISwapChainPresent); DetourTransactionCommit(); }
void endDetour() { //if(Settings::get().getSkipIntro()) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); //DetourDetach(&(PVOID&)TrueSleepEx, DetouredSleepEx); //DetourDetach(&(PVOID&)TrueTimeGetTime, DetouredTimeGetTime); if(Settings::get().getSkipIntro()) DetourDetach(&(PVOID&)TrueQueryPerformanceCounter, DetouredQueryPerformanceCounter); //DetourDetach(&(PVOID&)TrueD3DXCreateTexture, DetouredD3DXCreateTexture); DetourDetach(&(PVOID&)TrueD3DXCreateTextureFromFileInMemory, DetouredD3DXCreateTextureFromFileInMemory); DetourDetach(&(PVOID&)TrueD3DXCreateTextureFromFileInMemoryEx, DetouredD3DXCreateTextureFromFileInMemoryEx); DetourDetach(&(PVOID&)oDirect3DCreate9, hkDirect3DCreate9); //DetourDetach(&(PVOID&)TrueD3DXCompileShader, DetouredD3DXCompileShader); DetourTransactionCommit(); //} }