-
Notifications
You must be signed in to change notification settings - Fork 0
/
InlineHook.cpp
49 lines (30 loc) · 1.28 KB
/
InlineHook.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#include "InlineHook.h"
DWORD InlineHook::ModifyMemoryAttributes(DWORD address, DWORD attributes) {
DWORD oldAttributes;
VirtualProtect(reinterpret_cast<void*>(address), CODE_LENGTH, attributes, &oldAttributes);
return oldAttributes;
}
InlineHook::InlineHook(DWORD originalFuncAddr, DWORD newFuncAddr) : s_originalAddress(originalFuncAddr), s_newAddress(newFuncAddr) {
// jmp
s_newBytes[0] = '\xE9';
// 计算偏移
DWORD offset = newFuncAddr - (originalFuncAddr + CODE_LENGTH);
// 构造跳转字节数组
memcpy(&s_newBytes[1], &offset, CODE_LENGTH - 1);
// 修改内存属性
DWORD oldAttributes = ModifyMemoryAttributes(originalFuncAddr);
// 保存原始函数字节
memcpy(s_originalBytes, reinterpret_cast<void*>(originalFuncAddr), CODE_LENGTH);
// 恢复内存属性
ModifyMemoryAttributes(originalFuncAddr, oldAttributes);
}
VOID InlineHook::MotifyASM() {
DWORD oldAttributes = ModifyMemoryAttributes(s_originalAddress);
memcpy(reinterpret_cast<void*>(s_originalAddress), s_newBytes, CODE_LENGTH);
ModifyMemoryAttributes(s_originalAddress, oldAttributes);
}
VOID InlineHook::ResetASM() {
DWORD oldAttributes = ModifyMemoryAttributes(s_originalAddress);
memcpy(reinterpret_cast<void*>(s_originalAddress), s_originalBytes, CODE_LENGTH);
ModifyMemoryAttributes(s_originalAddress, oldAttributes);
}