vc inline hook

#include<Windows.h> #include"detour.h" #define CurrentProcess ((HANDLE)-1) #ifndef HEAP_CREATE_ENABLE_EXECUTE #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 #endif #define Abs(x) ((x)<0?-(x):(x)) #define InBound(x,lb,ub) ((size_t)(x)>=(size_t)(lb))&&((size_t)(x)<=(size_t)(ub)) #pragma comment(lib,"ntdll.lib") typedef struct _ANSI_STRING { unsigned short Length,MaximumLength; char*Buffer; }ANSI_STRING,*PANSI_STRING; typedef struct _UNICODE_STRING { unsigned short Length,MaximumLength; wchar_t*Buffer; }UNICODE_STRING,*PUNICODE_STRING; typedef struct _INSTRUCTION_INFO { unsigned char Size,Opcode,PrefixSize,ASize:1,OSize:1,Alt:1; signed long Operand; }INSTRUCTION_INFO,*PINSTRUCTION_INFO; typedef enum _RELADDR_TYPE { AbsAddr=0,Call16,Call32,Jmp8,Jmp16,Jmp32,Jcxz,Jcc8,Jcc16,Jcc32 }RELADDR_TYPE,*PRELADDR_TYPE; __declspec(dllimport)long __stdcall NtQueryVirtualMemory(HANDLE ProcessHandle,void*BaseAddress,int MemoryInformationClass,void*MemoryInformation,size_t MemoryInformationLength,size_t*ReturnLength); __declspec(dllimport)long __stdcall NtProtectVirtualMemory(HANDLE ProcessHandle,void**BaseAddress,size_t*ProtectSize,ULONG NewProtect,PULONG OldProtect); __declspec(dllimport)long __stdcall NtFlushInstructionCache(HANDLE ProcessHandle,void*BaseAddress,size_t FlushSize); __declspec(dllimport)void*__stdcall RtlCreateHeap(ULONG Flags,void*HeapBase,size_t ReserveSize,size_t CommitSize,void*Lock,void*Parameter); __declspec(dllimport)void*__stdcall RtlDestroyHeap(void*HeapHandle); __declspec(dllimport)void*__stdcall RtlAllocateHeap(void*HeapHandle,ULONG Flags,size_t Size); __declspec(dllimport) int __stdcall RtlFreeHeap(void*HeapHandle,ULONG Flags,void*HeapBase); __declspec(dllimport)long __stdcall LdrGetDllHandle(wchar_t*Path,void*Reserved,PUNICODE_STRING FileName,void**ImageBase); __declspec(dllimport)long __stdcall LdrGetProcedureAddress(void*ImageBase,PANSI_STRING Name,unsigned short Ordinal,void**Address); static void*RedirectHeap=0; extern char InstructionFormat[],ToBin[][256]; void * Memcpy ( void * dst, const void * src, size_t count ) { void * ret = dst; while (count--) { *(char *)dst = *(char *)src; dst = (char *)dst + 1; src = (char *)src + 1; } return(ret); } void * Memset ( void *dst, int val, size_t count ) { void *start = dst; while (count--) { *(char *)dst = (char)val; dst = (char *)dst + 1; } return(start); } char * Strstr ( const char * str1, const char * str2 ) { char *cp = (char *) str1; char *s1, *s2; if ( !*str2 ) return((char *)str1); while (*cp) { s1 = cp; s2 = (char *) str2; while ( *s1 && *s2 && !(*s1-*s2) ) s1++, s2++; if (!*s2) return(cp); cp++; } return(NULL); } void*CreateRedirectHeap(void) { return RedirectHeap=RtlCreateHeap(HEAP_GROWABLE|HEAP_CREATE_ENABLE_EXECUTE|HEAP_NO_SERIALIZE,0,0,0,0,0); } void*DestroyRedirectHeap(void) { return RtlDestroyHeap(RedirectHeap); } int ParseInstruction(void*Address,PINSTRUCTION_INFO Info) { unsigned char*p;char*pstart,*pend,*pt,strbuf[128],strbuf2[128],strpar[128];int OSize,ASize,Alt,Found,prefix,c,d,len,len2,w,s,r; p=(unsigned char*)Address; OSize=0; ASize=0; while(*p==0xf0||*p==0xf2||*p==0xf3||*p==0x2e||*p==0x36||*p==0x3e||*p==0x26||*p==0x64||*p==0x65||*p==0x66||*p==0x67||*p==0xf) { if(!OSize)OSize=(*p==0x66); if(!ASize)ASize=(*p==0x67); ++p; } prefix=p-(unsigned char*)Address; Alt=(*p==0x0f); if(Info) { Info->Alt=Alt; Info->ASize=ASize; Info->OSize=OSize; if(Alt) { Info->Opcode=*(p+1); Info->Operand=*(long*)(p+2); }else{ Info->Opcode=*p; Info->Operand=*(long*)(p+1); } Info->PrefixSize=prefix; } Memcpy(strpar,ToBin[p[0]],8); Memcpy(strpar+8,ToBin[p[1]],8); Memcpy(strpar+16,ToBin[p[2]],8); Memcpy(strpar+24,ToBin[p[3]],8); strpar[32]=0; pend=pstart=InstructionFormat; while(*pstart!='#') { while(*pend!=13&&*pend!=10)++pend; len=0; for(c=0;c<pend-pstart;++c) if(pstart[c]!=' ') { strbuf[len++]=pstart[c]; } strbuf[len]=0; if(pt=Strstr(strbuf,"reg1")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=' '; } if(pt=Strstr(strbuf,"reg2")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=' '; } if(pt=Strstr(strbuf,"reg")) { pt[0]=pt[1]=pt[2]='?'; } if(pt=Strstr(strbuf,"ST(i)")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=' '; } if(pt=Strstr(strbuf,"r32")) { pt[0]=pt[1]=pt[2]='?'; } if(pt=Strstr(strbuf,"mmxreg1")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=pt[6]=' '; } if(pt=Strstr(strbuf,"mmxreg2")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=pt[6]=' '; } if(pt=Strstr(strbuf,"mmxreg")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=' '; } if(pt=Strstr(strbuf,"xmmreg1")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=pt[6]=' '; } if(pt=Strstr(strbuf,"xmmreg2")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=pt[6]=' '; } if(pt=Strstr(strbuf,"xmmreg")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=' '; } if(pt=Strstr(strbuf,"mmreg1")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=' '; } if(pt=Strstr(strbuf,"mmreg2")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=pt[5]=' '; } if(pt=Strstr(strbuf,"mmreg")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=' '; } if(pt=Strstr(strbuf,"m32")) { pt[0]=pt[1]=pt[2]=pt[3]=pt[4]=pt[5]='?'; pt[6]=0; } if(pt=Strstr(strbuf,"m512")) { pt[0]=pt[1]=pt[2]=pt[3]=pt[4]=pt[5]='?'; pt[6]=0; } if(pt=Strstr(strbuf,"mem")) { pt[0]=pt[1]=pt[2]='?'; if(pt[3]==0) { pt[3]=pt[4]=pt[5]='?'; pt[6]=0; } } if(pt=Strstr(strbuf,"sreg2")) { pt[0]=pt[1]='?'; pt[2]=pt[3]=pt[4]=' '; } if(pt=Strstr(strbuf,"sreg3")) { pt[0]=pt[1]=pt[2]='?'; pt[3]=pt[4]=' '; } if(pt=Strstr(strbuf,"tttn")) { pt[0]=pt[1]=pt[2]=pt[3]='?'; } if(pt=Strstr(strbuf,"immediatedata")) { *(pt++)='X'; Memset(pt,' ',12); } if(pt=Strstr(strbuf,"imm8data")) { *(pt++)='A'; Memset(pt,' ',7); } if(pt=Strstr(strbuf,"imm8")) { *(pt++)='A'; Memset(pt,' ',3); } if(pt=Strstr(strbuf,"fulldisplacement")) { *(pt++)='D'; Memset(pt,' ',15); } if(pt=Strstr(strbuf,"unsignedfulloffset")) { *(pt++)='D'; Memset(pt,' ',17); } if(pt=Strstr(strbuf,"selector")) { *(pt++)='B'; Memset(pt,' ',7); } if(pt=Strstr(strbuf,"16-bitdisplacement")) { *(pt++)='B'; Memset(pt,' ',17); } if(pt=Strstr(strbuf,"8-bitlevel(L)")) { *(pt++)='A'; Memset(pt,' ',12); } if(pt=Strstr(strbuf,"8-bitdisplacement")) { *(pt++)='A'; Memset(pt,' ',16); } if(pt=Strstr(strbuf,"type")) { *(pt++)='A'; pt[0]=pt[1]=pt[2]=' '; } if(pt=Strstr(strbuf,"portnumber")) { *(pt++)='B'; Memset(pt,' ',9); } len2=0; for(c=0;c<len;++c) if(strbuf[c]!=' ') strbuf2[len2++]=(strbuf[c]=='g'||strbuf[c]=='d'||strbuf[c]=='R')?'?':strbuf[c]; strbuf2[len2]=0; r=1; d=0; w=2; s=2; Found=1; c=0; do { if(strbuf2[c]=='?'||strbuf2[c]==' ') { ++d; ++c; continue; }else if(strbuf2[c]=='s') s=strpar[d]-'0'; else if(strbuf2[c]=='w') w=strpar[d]-'0'; else if(strbuf2[c]==':') { ++r; ++c; if(strbuf2[c]=='A'); else if(strbuf2[c]=='B')++r; else if(strbuf2[c]=='D')r+=3; else if(strbuf2[c]=='X')