Ezio_U1 Administrator Posts : 1160 Gold : 107412 Reputasi : 1366 Join date : 26.11.10 Age : 27 Lokasi : Belakangmu..
| Subyek: Coding Wallhack Fri 01 Jul 2011, 07:58 | |
| based.h - Quote :
- //============================================================================//
//Credit Andre Malmsteen //============================================================================//
#ifndef __FAKE_H__ #define __FAKE_H__
#define C_ERROR 0xFFFFFFFF #define C_ADDR1 0x00000001 #define C_ADDR2 0x00000002 #define C_ADDR4 0x00000004 #define C_LOCK 0x00000008 #define C_67 0x00000010 #define C_66 0x00000020 #define C_REP 0x00000040 #define C_SEG 0x00000080 #define C_ANYPREFIX (C_66 C_67 C_LOCK C_REP C_SEG) #define C_DATA1 0x00000100 #define C_DATA2 0x00000200 #define C_DATA4 0x00000400 #define C_SIB 0x00000800 #define C_ADDR67 0x00001000 #define C_DATA66 0x00002000 #define C_MODRM 0x00004000 #define C_BAD 0x00008000 #define C_OPCODE2 0x00010000 #define C_REL 0x00020000 #define C_STOP 0x00040000
#pragma pack(push) #pragma pack(1)
struct disasm_struct { BYTE disasm_defaddr; // 00 BYTE disasm_defdata; // 01 DWORD disasm_len; // 02 03 04 05 DWORD disasm_flag; // 06 07 08 09 DWORD disasm_addrsize; // 0A 0B 0C 0D DWORD disasm_datasize; // 0E 0F 10 11 BYTE disasm_rep; // 12 BYTE disasm_seg; // 13 BYTE disasm_opcode; // 14 BYTE disasm_opcode2; // 15 BYTE disasm_modrm; // 16 BYTE disasm_sib; // 17
union { BYTE disasm_addr_b[8]; // 18 19 1A 1B 1C 1D 1E 1F WORD disasm_addr_w[4]; DWORD disasm_addr_d[2]; char disasm_addr_c[8]; short disasm_addr_s[4]; long disasm_addr_l[2]; };
union { BYTE disasm_data_b[8]; // 20 21 22 23 24 25 26 27 WORD disasm_data_w[4]; DWORD disasm_data_d[2]; char disasm_data_c[8]; short disasm_data_s[4]; long disasm_data_l[2]; }; };
#pragma pack(pop)
int disasm(BYTE* opcode0, disasm_struct* diza); int oplen(BYTE* opcode);
#endif /**************************************************************************************************************************************************************************************************************/ compile.h - Quote :
- #define WIN32_LEAN_AND_MEAN
#define WIN32_EXTRA_LEAN
#include
#include "based.h"
#include
#define DETOUR_LEN_AUTO 0 // Finds the detour length automatically
enum { DETOUR_TYPE_JMP, // min detour len: 5 DETOUR_TYPE_PUSH_RET, // min detour len: 6 DETOUR_TYPE_NOP_JMP, // min detour len: 6 DETOUR_TYPE_NOP_NOP_JMP, // min detour len: 7 DETOUR_TYPE_STC_JC, // min detour len: 7 DETOUR_TYPE_CLC_JNC, // min detour len: 7 };
LPVOID DetourCreate(LPVOID lpFuncOrig, LPVOID lpFuncDetour, int patchType, int detourLen=DETOUR_LEN_AUTO); LPVOID DetourCreate(LPCSTR lpModuleName, LPCSTR lpProcName, LPVOID lpFuncDetour, int patchType, int detourLen=DETOUR_LEN_AUTO); BOOL DetourRemove(LPVOID lpDetourCreatePtr);
#pragma warning(disable: 4311) #pragma warning(disable: 4312) #pragma warning(disable: 4244)
#define DETOUR_MAX_SRCH_OPLEN 64
#define JMP32_SZ 5 #define BIT32_SZ 4
// jmp32 sig #define SIG_SZ 3 #define SIG_OP_0 0xCC #define SIG_OP_1 0x90 #define SIG_OP_2 0xC3
static DWORD Silamguard;
int GetDetourLen(int patchType); int GetDetourLenAuto(PBYTE &pbFuncOrig, int minDetLen);
// Thin wrapper for APIs LPVOID DetourCreate(LPCSTR lpModuleName, LPCSTR lpProcName, LPVOID lpFuncDetour, int patchType, int detourLen) { LPVOID lpFuncOrig = NULL;
if((lpFuncOrig = GetProcAddress(GetModuleHandle(lpModuleName), lpProcName)) == NULL) return NULL;
return DetourCreate(lpFuncOrig, lpFuncDetour, patchType, detourLen); }
LPVOID DetourCreate(LPVOID lpFuncOrig, LPVOID lpFuncDetour, int patchType, int detourLen) { LPVOID lpMallocPtr = NULL; DWORD dwProt = NULL; PBYTE NewocPBrs = NULL; PBYTE pbFuncOrig = (PBYTE)lpFuncOrig; PBYTE pbFuncDetour = (PBYTE)lpFuncDetour; PBYTE pbPatchBuf = NULL; int minDetLen = 0; int detLen = 0;
// Get detour length if((minDetLen = GetDetourLen(patchType)) == 0) return NULL;
if(detourLen != DETOUR_LEN_AUTO) detLen = detourLen;
else if((detLen = GetDetourLenAuto(pbFuncOrig, minDetLen)) < minDetLen) return NULL;
// Alloc mem for the overwritten bytes if((lpMallocPtr = (LPVOID)malloc(detLen JMP32_SZ SIG_SZ)) == NULL) return NULL;
NewocPBrs = (PBYTE)lpMallocPtr;
// Enable writing to original VirtualProtect(lpFuncOrig, detLen, PAGE_READWRITE, &dwProt);
// Write overwritten bytes to the malloc memcpy(lpMallocPtr, lpFuncOrig, detLen); NewocPBrs = detLen; NewocPBrs[0] = 0xE9; *(DWORD*)(NewocPBrs 1) = (DWORD)((pbFuncOrig detLen)-NewocPBrs)-JMP32_SZ; NewocPBrs = JMP32_SZ; NewocPBrs[0] = SIG_OP_0; NewocPBrs[1] = SIG_OP_1; NewocPBrs[2] = SIG_OP_2;
// Create a buffer to prepare the detour bytes pbPatchBuf = new BYTE[detLen]; memset(pbPatchBuf, 0x90, detLen);
switch(patchType) { case DETOUR_TYPE_JMP: pbPatchBuf[0] = 0xE9; *(DWORD*)&pbPatchBuf[1] = (DWORD)(pbFuncDetour - pbFuncOrig) - 5; break;
case DETOUR_TYPE_PUSH_RET: pbPatchBuf[0] = 0x68; *(DWORD*)&pbPatchBuf[1] = (DWORD)pbFuncDetour; pbPatchBuf[5] = 0xC3; break;
case DETOUR_TYPE_NOP_JMP: pbPatchBuf[0] = 0x90; pbPatchBuf[1] = 0xE9; *(DWORD*)&pbPatchBuf[2] = (DWORD)(pbFuncDetour - pbFuncOrig) - 6; break;
case DETOUR_TYPE_NOP_NOP_JMP: pbPatchBuf[0] = 0x90; pbPatchBuf[1] = 0x90; pbPatchBuf[2] = 0xE9; *(DWORD*)&pbPatchBuf[3] = (DWORD)(pbFuncDetour - pbFuncOrig) - 7; break;
case DETOUR_TYPE_STC_JC: pbPatchBuf[0] = 0xF9; pbPatchBuf[1] = 0x0F; pbPatchBuf[2] = 0x82; *(DWORD*)&pbPatchBuf[3] = (DWORD)(pbFuncDetour - pbFuncOrig) - 7; break;
case DETOUR_TYPE_CLC_JNC: pbPatchBuf[0] = 0xF8; pbPatchBuf[1] = 0x0F; pbPatchBuf[2] = 0x83; *(DWORD*)&pbPatchBuf[3] = (DWORD)(pbFuncDetour - pbFuncOrig) - 7; break;
default: return NULL; }
// Write the detour for(int i=0; ipbFuncOrig[i] = pbPatchBuf[i];
delete [] pbPatchBuf;
// Reset original mem flags VirtualProtect(lpFuncOrig, detLen, dwProt, &Silamguard);
return lpMallocPtr; }
BOOL DetourRemove(LPVOID lpDetourCreatePtr) { PBYTE NewocPBrs = NULL; DWORD NewOrig = NULL; DWORD NewProt = NULL; int i=0;
if((NewocPBrs = (PBYTE)lpDetourCreatePtr) == NULL) return FALSE;
// Find the orig jmp32 opcode sig for(i=0; i<=DETOUR_MAX_SRCH_OPLEN; i ) { if(NewocPBrs[i] == SIG_OP_0 && NewocPBrs[i 1] == SIG_OP_1 && NewocPBrs[i 2] == SIG_OP_2) break;
if(i == DETOUR_MAX_SRCH_OPLEN) return FALSE; }
// Calculate the original address NewocPBrs = (i-JMP32_SZ 1); // Inc to jmp NewOrig = *(DWORD*)NewocPBrs; // Get 32bit jmp NewocPBrs = BIT32_SZ; // Inc to end of jmp NewOrig = (DWORD)NewocPBrs; // Add this addr to 32bit jmp NewOrig -= (i-JMP32_SZ); // Dec by detour len to get to start of orig
// Write the overwritten bytes back to the original VirtualProtect((LPVOID)NewOrig, (i-JMP32_SZ), PAGE_READWRITE, &NewProt); memcpy((LPVOID)NewOrig, lpDetourCreatePtr, (i-JMP32_SZ)); VirtualProtect((LPVOID)NewOrig, (i-JMP32_SZ), NewProt, &Silamguard);
// Memory cleanup free(lpDetourCreatePtr);
return TRUE; }
int GetDetourLen(int patchType) { switch(patchType) { case DETOUR_TYPE_JMP: return 5;
case DETOUR_TYPE_PUSH_RET: case DETOUR_TYPE_NOP_JMP: return 6;
case DETOUR_TYPE_NOP_NOP_JMP: case DETOUR_TYPE_STC_JC: case DETOUR_TYPE_CLC_JNC: return 7;
default: return 0; } }
int GetDetourLenAuto(PBYTE &pbFuncOrig, int minDetLen) { int len = 0; PBYTE pbCurOp = pbFuncOrig;
while(len < minDetLen) { int i = oplen(pbCurOp);
if(i == 0 || i == -1) return 0;
if(len > DETOUR_MAX_SRCH_OPLEN) return 0;
len = i; pbCurOp = i; }
return len; }
|
|