![[WIN x64]API Hook[Code overwriting] Uyeols10](https://2img.net/r/ihimizer/img697/561/uyeols10.gif)
Giriş yap
En iyi yollayıcılar
| Hello EMO |
| |||
| EMO |
| |||
| eMoStyLe |
| |||
| BesimBICER |
| |||
| GameKinG |
| |||
| Crysis |
| |||
| ~>!.DεvιLρяιεsт.!<~ |
| |||
| MeTaL |
| |||
| TrueCrime |
| |||
| djhayal3t |
|
![[WIN x64]API Hook[Code overwriting] I_vote_lcap](https://2img.net/s/t/16/52/15/i_vote_lcap.png){kind=small}
![[WIN x64]API Hook[Code overwriting] I_voting_bar](https://2img.net/s/t/16/52/15/i_voting_bar.png){kind=small}
![[WIN x64]API Hook[Code overwriting] I_vote_rcap](https://2img.net/s/t/16/52/15/i_vote_rcap.png){kind=small}
Istatistikler
Toplam 203 kayıtlı kullanıcımız varSon kaydolan kullanıcımız: crayzboy76
Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Arama
akısı
Sosyal yer imi
Sosyal bookmarking sitesinde Emo, Emo nedir, Emo resimleri, Emo Kıyafetleri, Emo Sözleri, Emo Oyunları, EmoTurkey, Emo Nickler, Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları, Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik adresi saklayın ve paylaşın
Sosyal bookmarking sitesinde EMO Style ForumPro - Hos Geldiniz adresi saklayın ve paylaşın
Kimler hatta?
Toplam 10 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 10 Misafir :: 1 Arama motorlarıYok
Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
Reklam
[WIN x64]API Hook[Code overwriting]
1 sayfadaki 1 sayfası
![[WIN x64]API Hook[Code overwriting] Empty](https://2img.net/i/empty.gif)
[WIN x64]API Hook[Code overwriting]
tarafından Hello EMO Paz Ağus. 14, 2011 6:23 pm
[quote='eKKiM' pid='14358780' dateline='1312612948']
Hi
i'm releasing an old piece of code i used for hooking on x64 processes.
This method is a bit more advanced then IAT hooking, instead i use code overwriting which requires some assembler..
the code is BUGGY! but works in (some/most) cases.
I wrote it long time ago when i was VERY n00b xD.
so this function is far complete. i dont check if the winapi's fail etc..
However because i see a lot of people is intersted over here in DLL Injection and hooking, i decided to release it.
You should be able to find out the basics of this hooking method.
another little side note: you need a length disassembler.
You could use diStorm to disassemble it and get length from it
[php]void APIHook(DWORD64 HookFunc, DWORD64 MyFunc, DWORD64 *DetourFunc)
{
BYTE lpBackup[20];
DWORD64 dwCalc;
int iLength = 0;
SIZE_T result;
BYTE jmp[13] = { 0x49, //mov
0xBB, //r11
0x00, //address (64-bit)
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x41, //??
0xff, //jmp
0xe3 }; //r11
BYTE trampBuild[40] = { 0x90, //original data (filled with NOPs)
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // .. (15 bytes is max opcode)
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x49, //mov
0xBB, //r11
0x00, //address (64-bit)
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x41, //??
0xff, //jmp
0xe3 }; //r11
BYTE *pTramp = (BYTE *) VirtualAlloc(NULL, sizeof(trampBuild), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
while (iLength < sizeof(jmp))
iLength = iLength + LDE(HookFunc + (DWORD64) iLength, 64);
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
memcpy(&trampBuild[0], &lpBackup, iLength);
memcpy(&jmp[2], &MyFunc,
;
WriteProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, jmp, sizeof(jmp), &result);
dwCalc = (DWORD64)((HookFunc + (DWORD64) (iLength)));
memcpy(&trampBuild[29], &dwCalc,;
memcpy(&pTramp[0], &trampBuild, sizeof(trampBuild));
*DetourFunc = (DWORD64) pTramp;
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
return;
}[/php]
Now let's get the flaming started about my ugly code xD
[/quote]
Hi
i'm releasing an old piece of code i used for hooking on x64 processes.
This method is a bit more advanced then IAT hooking, instead i use code overwriting which requires some assembler..
the code is BUGGY! but works in (some/most) cases.
I wrote it long time ago when i was VERY n00b xD.
so this function is far complete. i dont check if the winapi's fail etc..
However because i see a lot of people is intersted over here in DLL Injection and hooking, i decided to release it.
You should be able to find out the basics of this hooking method.
another little side note: you need a length disassembler.
You could use diStorm to disassemble it and get length from it
[php]void APIHook(DWORD64 HookFunc, DWORD64 MyFunc, DWORD64 *DetourFunc)
{
BYTE lpBackup[20];
DWORD64 dwCalc;
int iLength = 0;
SIZE_T result;
BYTE jmp[13] = { 0x49, //mov
0xBB, //r11
0x00, //address (64-bit)
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x41, //??
0xff, //jmp
0xe3 }; //r11
BYTE trampBuild[40] = { 0x90, //original data (filled with NOPs)
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // .. (15 bytes is max opcode)
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x90, // ..
0x49, //mov
0xBB, //r11
0x00, //address (64-bit)
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x00, // ..
0x41, //??
0xff, //jmp
0xe3 }; //r11
BYTE *pTramp = (BYTE *) VirtualAlloc(NULL, sizeof(trampBuild), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
while (iLength < sizeof(jmp))
iLength = iLength + LDE(HookFunc + (DWORD64) iLength, 64);
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
memcpy(&trampBuild[0], &lpBackup, iLength);
memcpy(&jmp[2], &MyFunc,
;WriteProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, jmp, sizeof(jmp), &result);
dwCalc = (DWORD64)((HookFunc + (DWORD64) (iLength)));
memcpy(&trampBuild[29], &dwCalc,
;memcpy(&pTramp[0], &trampBuild, sizeof(trampBuild));
*DetourFunc = (DWORD64) pTramp;
ReadProcessMemory(GetCurrentProcess(), (LPVOID)HookFunc, lpBackup, iLength, 0);
return;
}[/php]
Now let's get the flaming started about my ugly code xD
[/quote]
Hello EMO- EMO Team
- Cinsiyet :
Burçlar :
Mesaj Sayısı : 935
Puan : 384393
Rep Puanı : 18
Doğum tarihi : 28/11/89
Kayıt tarihi : 21/07/09
Yaş : 34
Nerden : EMO WorlD
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO -
Similar topics» C++ -- DLL Tutorial { 2 } | Hp Mp Hook
» API’s that GameGuard hook
» Simple Keyboard Hook within a DLL
» Basic LoadLibrary hook.
» [C++] Hook ws2_32 send/recv
» API’s that GameGuard hook
» Simple Keyboard Hook within a DLL
» Basic LoadLibrary hook.
» [C++] Hook ws2_32 send/recv
1 sayfadaki 1 sayfası
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz
» goldenchase.net maden yaparak para kazanma
» etichal hacker görsel egitim seti
» KO TBL Source C#
» x86 Registers
» [Tutorial] Pegando Address, Pointers de WYD
» [Tutorial] Pegando Address, Pointers de CS Metodo²
» [Tutorial] Aprendendo basico deASM OLLYDBG
» Basic C# DLL injector