struct
Hook
{
DWORD addr
=
NULL
;
byte
*
data
=
nullptr
;
size_t size
=
NULL
;
DWORD trampoline
=
NULL
;
size_t addBytesSize
=
NULL
;
Hook
(
const
DWORD
&
addr
,
const
DWORD
&
func
,
const
char
*
addBytes
,
const
size_t
&
addBytesSize
,
const
size_t
&
size
=
5
)
{
// addBytes для пуша аргументов функции func
this
->
data
=
new
byte
[
size
]
;
this
->
size
=
size
;
this
->
addr
=
addr
;
this
->
addBytesSize
=
addBytesSize
;
DWORD dwProt
=
PAGE_EXECUTE_READWRITE
;
VirtualProtect
(
(
void
*
)
addr
,
size
,
dwProt
,
&
dwProt
)
;
memcpy
(
data
,
(
void
*
)
addr
,
size
)
;
trampoline
=
(
DWORD
)
VirtualAlloc
(
0
,
addBytesSize
+
size
+
12
,
MEM_COMMIT
|
MEM_RESERVE
,
PAGE_EXECUTE_READWRITE
)
;
// pushad / addBytes / call func / popad / замененные байты / джамп назад
*
(
byte
*
)
trampoline
=
0x60
;
// pushad
memcpy
(
(
void
*
)
(
trampoline
+
1
)
,
addBytes
,
addBytesSize
)
;
// addBytes
*
(
byte
*
)
(
trampoline
+
addBytesSize
+
1
)
=
0xE8
;
//call
*
(
size_t
*
)
(
trampoline
+
addBytesSize
+
2
)
=
func
-
(
trampoline
+
addBytesSize
+
6
)
;
// func
*
(
byte
*
)
(
trampoline
+
addBytesSize
+
6
)
=
0x61
;
// popad
memcpy
(
(
void
*
)
(
trampoline
+
addBytesSize
+
7
)
,
data
,
size
)
;
// замененные байты
*
(
byte
*
)
(
trampoline
+
addBytesSize
+
size
+
7
)
=
0xE9
;
// jmp
*
(
size_t
*
)
(
trampoline
+
addBytesSize
+
size
+
8
)
=
addr
+
5
-
(
trampoline
+
addBytesSize
+
size
+
12
)
;
// jmp to
memset
(
(
void
*
)
(
addr
+
4
)
,
0x90
,
size
-
4
)
;
*
(
byte
*
)
(
addr
)
=
0xE9
;
// jmp
*
(
unsigned
int
*
)
(
addr
+
1
)
=
trampoline
-
(
addr
+
5
)
;
VirtualProtect
(
(
void
*
)
addr
,
size
,
dwProt
,
NULL
)
;
}
~
Hook
(
)
{
if
(
data
!=
nullptr
)
{
DWORD dwProt
=
PAGE_EXECUTE_READWRITE
;
VirtualProtect
(
(
void
*
)
addr
,
size
,
dwProt
,
&
dwProt
)
;
memcpy
(
(
void
*
)
addr
,
data
,
size
)
;
VirtualProtect
(
(
void
*
)
addr
,
size
,
dwProt
,
NULL
)
;
memset
(
(
void
*
)
trampoline
,
NULL
,
addBytesSize
+
size
+
12
)
;
VirtualFree
(
(
void
*
)
trampoline
,
addBytesSize
+
size
+
12
,
MEM_RELEASE
)
;
delete
[
]
data
;
}
}
}
;