Aprendiz GunZ: RoboGuard v3.7

Isto É São parágrafo programadores, Caso voce SEJA UM novato, TENTE compilação-lo e mandar Pelo XAT Que NÓS postamos não compilado AG.

Main.cpp

Código:

# Define WIN32_LEAN_AND_MEAN # define WIN32_EXTRA_LEAN # include   # Include  # Include  # Include  # Include  # Include  # Include  # Include using namespace std; # include "Detour / CDetour.h" # define ONCE (var) static bool var = false; se {var = true (var!); CompareByteArrays bool (BYTE * data1, data2 BYTE *, int len) { / / Se ambos forem nulos, eles são iguais if (data1 == null && data2 == NULL) return true; / / Se quer, mas não ambos são nulos, não são iguais if (data1 == NULL | | data2 == NULL) return false; for (int i = 0; i <len; i + +) {if (data1 [i] = data2 [i]) if (data2 [i] = 0xEE) return false;!} return true ;} DWORD m_CodeBase = 0x00400000; DWORD m_CodeLength = 0x001C5000; DWORD SigSearch (BYTE * Assinatura, SigLength int) {byte test * = NULL; for (unsigned int i = 0; i <(m_CodeLength SigLength); i + +) {if ( CompareByteArrays ((BYTE *) ((DWORD) m_CodeBase + i), Assinatura, SigLength)) {m_CodeBase retorno (DWORD) + i;}} return 0;} / ServerAnnounceSignature BYTE / ServerAnnounce [] = DWORD ServerAnnounceSignatureOffset = SigSearch (ServerAnnounceSignature, 34); OnAdminAnnounceSignature BYTE / OnAdminAnnounce / [] = DWORD OnAdminAnnounceSignatureOffset = SigSearch (OnAdminAnnounceSignature, 27); / / BYTE OnStageStart OnStageStartSignature [] = DWORD OnStageStartSignatureOffset = SigSearch (OnStageStartSignature, 27); / / BYTE OnGameKill OnGameKillSignature [] = DWORD OnGameKillSignatureOffset = SigSearch (OnGameKillSignature, 32); / / OnUserWhisper OnUserWhisperSignature BYTE [] = DWORD OnUserWhisperSignatureOffset = SigSearch (OnUserWhisperSignature, 23); / / OnChannelChatSignature BYTE OnChannelChat [] = DWORD OnChannelChatSignatureOffset = SigSearch (OnChannelChatSignature, 25); / / OnStageChatSignature BYTE OnStageChat [] = {0X53, 0X8B, 0x5C, 0x24, 0x0C, 0x55, 0X8B, 0X6C, 0x24, 0x0C, 0x56, 0x57, 0X8B, 0x7C, 0x24,} ; DWORD OnStageChatSignatureOffset = SigSearch (OnStageChatSignature, 15); / / OnClanMessage BYTE OnClanMessageSignature [] = DWORD OnClanMessageSignatureOffset = SigSearch (OnClanMessageSignature, 27); OnStageCreateSignature BYTE / OnStageCreate / [] = DWORD OnStageCreateSignatureOffset = SigSearch (OnStageCreateSignature, 22); g_hLocalModule HMODULE = NULL; DWORD g_dwUnloadRetAddr = 0; __ declspec (naked) void UnloadProc () {__ impulso asm g_hLocalModule __ asm impulso g_dwUnloadRetAddr __ asm jmp dword ptr [FreeLibrary]} struct MUID {long firstID; longo secondID;} MYUID; MUID * Char1ID = new MUID (); MUID * Char2ID = new MUID (); MUID * StageID = new MUID (); tempo n; longo uidChar; uidClanAdmin prazo; uidStage prazo; de char pszMessage [128]; / / Anúncio typedef void (__cdecl * ServerAnnounceFunc) (MUID * uidChar, char *); ServerAnnounceFunc ServerAnnounce = (ServerAnnounceFunc) ServerAnnounceSignatureOffset; / / Mega powerlevel patch DWORD OnGameKill OnGameKillSignatureOffset =; OnGameKillDet CDetour void __ stdcall OnGameKillHook (MUID * uidChar, MUID * uidChar2) {Sleep (800);} / / Admin anunciam buffer patch OnAdminAnnounce DWORD = OnAdminAnnounceSignatureOffset / / 0x00416370; OnAdminAnnounceDet CDetour void __ stdcall OnAdminAnnounceHook (MUID * uidChar, char * pszMessage, sem sinal desconhecido de comprimento) {if (strlen (pszMessage) > 128) {pszMessage = "\ 0";} if (desconhecido = 1) {desconhecido = 0;}} / / Sussurro buffer patch DWORD OnWhisper = OnUserWhisperSignatureOffset; OnWhisperDet CDetour void __ stdcall OnWhisperHook (MUID * uidChar, char * pszSenderName, char * pszTargetName, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "tentei travar você Por favor informe-me..";}} / / Canal buffer patch DWORD OnChannelChat = OnChannelChatSignatureOffset; OnChannelChatDet CDetour; void __ stdcall OnChannelChatHook (MUID * uidChar, MUID uidChannel *, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "Tentei travar o canal Por favor informe-me..";}} buffer / / Stage Patch de DWORD OnStageChat = OnStageChatSignatureOffset; OnStageChatDet CDetour void __ stdcall OnStageChatHook (MUID * uidChar, MUID uidStage *, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "Tentei travar o palco Por favor, reporte-me. . ";}} / / Clan buffer patch DWORD OnClanMsg OnClanMessageSignatureOffset =; OnClanMsgDet CDetour void __ stdcall OnClanMsgHook (MUID * uidChar, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage =" \ 0 ";}} anular Initialize () {/ / Mega OnGameKillDet.Detour patch powerlevel ((BYTE *) OnGameKill, (BYTE *) OnGameKillHook, true); OnGameKillDet.Apply () / / Admin anunciam OnAdminAnnounceDet.Detour patch ((BYTE * OnAdminAnnounce), (BYTE *) OnAdminAnnounceHook, true); OnAdminAnnounceDet.Apply (); OnWhisperDet.Detour Patch / Sussurro / Buffer (BYTE (*) OnWhisper, (BYTE *) OnWhisperHook, true); OnWhisperDet.Apply (); patch Buffer / Canal / OnChannelChatDet.Detour (BYTE (*) OnChannelChat, (BYTE *) OnChannelChatHook, true); OnChannelChatDet.Apply (); OnStageChatDet.Detour Patch / Estágio / Buffer ((BYTE *) OnStageChat, (BYTE *) OnStageChatHook, true); OnStageChatDet . Aplicar (); MessageBox (0, "! GZRoboGuard v3.7 injetado", "Codificado por OneWhoSighs", MB_ICONINFORMATION);} / ********************* ************************************************** ********* / / / remover os desvios e patches quando Shutdown vazio sem carga () {/ / Mega OnGameKillDet.Remove patch powerlevel () / / Admin anunciam patch OnAdminAnnounceDet.Remove (); buffer / Sussurro / Patch de OnWhisperDet.Remove () / / Buffer Canal patch OnChannelChatDet.Remove (); / Estágio / Buffer patch OnStageChatDet.Remove ();} / ******************* ************************************************** *********** / bool WINAPI DllMain (hModule HMODULE, DWORD dwReason, PVOID pvReserved) {if (dwReason == DLL_PROCESS_ATTACH) {ONCE (bHasLoaded) g_hLocalModule hModule =; Initialize ();}} else if (dwReason == DLL_PROCESS_DETACH) {ONCE Shutdown (bHasShutdown) ();}} return true;}

PASTA Desvio
Créditos para LanceVorgin

Detour / CDetour.h

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / # pragma once # include "CByteArray.h" typedef void * (* __cdecl CDetourOrg_Func) (...); CDetour classe {public: static int Aplicada (); static int Removido (); static void InitRand (); private: static int g_iApplied; static int g_iRemoved; static void * __ cdecl NullOrgFunc (...); NullOrg CDetourOrg_Func estático; público: CDetour (); ~ CDetour (); Detour bool (BYTE * PADDR, BYTE * pFuncToCall, bAutoReturn bool = false, bNoRegs bool = false, bool bPolymorphic = iArgsOverride, false int = -1, iBytesToOverwrite int = -1); Detour bool (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool = false, bNoRegs bool = false, bool bPolymorphic = false, int iArgsOverride = -1, iBytesToOverwrite int = -1 ); bool Aplicar (); bool Remove (); isReady bool (); bool IsApplied (); BYTE * GetAddr (); BYTE * GetFuncToCall () void SetFuncToCall (BYTE * pFuncToCall); BYTE * GetRetAddress (); BYTE * GetGateRetAddress () void SetGateRetAddress (BYTE * pGateRetAddress); BYTE * GetThisPtr () void SetThisPtr (BYTE * pThisPtr); vazio NoSetThisPtr (bool bNoSetThisPtr); vazio Ret (bool bReturnToOriginal); CDetourOrg_Func Org; privada: void Deconstruct (); FreeBuffers (void); bool Gerar (); int GetDetourSize (); GenerateDetour bool (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, int iFinalSize = -1); bool WriteToAddr (BYTE * pBuffer, int iSize); m_bReady bool; m_bAutoReturn bool;; m_bApplied bool m_bNoRegs bool; bool m_bPolymorphic; m_iArgsOverride int; m_iBytesToOverwrite int; BYTE * m_pAddr; BYTE * m_pFuncToCall; BYTE m_ubDetourType; m_iDetourSize int; BYTE * m_pOrgAfterDetour; BYTE * m_pDetourBuf; BYTE * m_pOrgBuf; BYTE * m_pGateBuf; BYTE * m_pOrgGateBuf; bool m_bDontReplaceOrgClassInstance; BYTE m_pGateStack *; BYTE * m_pGateRealRet; bool m_bReturnToOriginal; BYTE m_pAutoReturnEndStack *; BYTE * m_pRetAddress; BYTE * m_pClassInstance; BYTE * m_pOrgReturnAddress; BYTE * m_pOrgStack;}; CSimpleDetour classe {public: static int Aplicada (); estática Removido int (); private: static int g_iApplied; static int g_iRemoved; público: CSimpleDetour (); ~ CSimpleDetour (); Detour bool (BYTE * PADDR, BYTE * pFuncToCall, bool bExecuteOverwrittenOps = true, int iBytesToOverwrite = 0); bool Aplicar (); bool Remove (); isReady bool (); bool IsApplied (); BYTE * GetAddr (); BYTE * GetFuncToCall (); SetFuncToCall void (BYTE * pFuncToCall); BYTE * GetRetAddress (); Ret void (bool bReturnToOriginal) ; privada: void Deconstruct (); FreeBuffers (void); bool Gerar (); bool WriteToAddr (BYTE * pBuffer, int iSize); m_bReady bool; bool m_bApplied; m_bExecuteOverwrittenOps bool; m_iBytesToOverwrite int; BYTE * m_pAddr; BYTE * m_pFuncToCall; int m_iDetourSize; BYTE * m_pOrgAfterDetour; BYTE * m_pDetourBuf; BYTE * m_pOrgBuf; BYTE * m_pGateBuf; BYTE * m_pRetAddress;};

Detour / CDetour.cpp

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / / * Todos os créditos para CDetourDis vai para Micro $ oft GG CB para a idéia de ByteArray - imbecil: Licença P: Eu, LanceVorgin, permitem que você use essas classes em qualquer de seus projetos nas seguintes condições: * Meu nome aparece em seu readme e créditos junto com o fato de que meu CDetour foi usado * Você não toma crédito para CDetour Isso é tudo. GPL, fechado fonte , privada, é tudo de bom :): Configurações de Desvio bAutoReturn - Se for verdade, após hookfunc é chamada, a função original será chamado com os argumentos originais - a menos que Ret (false) foi chamado bNoRegs - Se desvio, é verdade não modificar qualquer registos além de esp. Use para fastcalls / funcs outros que levam params em regs (mal msvc 2k5) (geralmente, desvio vai salvar ecx e redefini-lo em Org para funcs classe) bPolymorphic - Se desvio o falso é um jmp. Se desviar o verdadeiro é randomiezed e impliments um número aleatório. Trata-se de um lote maior que 5 iArgsOverride bytes - Normalmente, o hookfunc é definido como idêntico ao da função viciado em ambos os argumentos e convenção de chamada. Com este conjunto, a pilha será modificado após a hookfunc é chamado como se um stdcall com args x foi chamado. Útil se você tem uma função stdcall com uns 10 args que não dão a mínima para (caso contrário você tem que ter 10 args lixo em seu hookfunc) iBytesToOverwrite - Substitui o reassembler automática. Todo: * Add SetProxy * Adicione Metamorfose Dimensão: substituir empurrar 8D 64 24 FC lea esp, [esp-4] C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h 83 CE 04 sub esp, 4 C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h * / # define WIN32_LEAN_AND_MEAN # define WIN32_EXTRA_LEAN # include # Include   # Include "CDetourDis.h" # include void "CDetour.h" * CDetour :: NullOrgFunc (...) {return NULL;} CDetour CDetourOrg_Func :: NullOrg = CDetour (CDetourOrg_Func) :: NullOrgFunc; CDetour int :: g_iApplied = 0; CDetour int :: g_iRemoved = 0; CDetour int :: Aplicada () {return g_iApplied;} CDetour int :: Removido () {return g_iRemoved;} CDetour vazio :: InitRand () {srand (GetTickCount ());} CDetour :: CDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL; m_bApplied = false; Deconstruct ();}; CDetour :: ~ CDetour () {Deconstruct ();}; CDetour vazio: : Deconstruct () {m_bReady = false; if (m_bApplied) Remove (); FreeBuffers (); Org = NullOrgFunc; m_bAutoReturn = false; m_bNoRegs = false; m_bPolymorphic = false; m_iArgsOverride = -1; m_iBytesToOverwrite = -1; m_pAddr = NULL ; m_pFuncToCall = NULL; m_ubDetourType = 0; m_iDetourSize = 0; m_pOrgAfterDetour = NULL; m_bDontReplaceOrgClassInstance = false; m_bReturnToOriginal = false; m_pGateStack = NULL; m_pGateRealRet = NULL; m_pAutoReturnEndStack = NULL; m_pRetAddress = NULL; m_pClassInstance = NULL; m_pOrgReturnAddress = NULL; m_pOrgStack = NULL;} CDetour vazio :: FreeBuffers () {m_bReady = false; if (m_pDetourBuf) delete [] m_pDetourBuf; if (m_pOrgBuf) delete [] m_pOrgBuf; if (m_pGateBuf) delete [] m_pGateBuf; if (m_pOrgGateBuf) delete [] m_pOrgGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL;} CDetour bool :: Detour (BYTE * PADDR, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {Deconstruct (); (! PADDR | | pFuncToCall) se return false; m_pAddr = PADDR; m_pFuncToCall = pFuncToCall; bAutoReturn m_bAutoReturn =; m_bNoRegs = bNoRegs; m_bPolymorphic = bPolymorphic; m_iArgsOverride = iArgsOverride; m_iBytesToOverwrite iBytesToOverwrite =; retornar Gerar ();} bool CDetour :: Detour (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {HMODULE hModule = LoadLibrary (lpLibraryName); (! hModule) se return false; BYTE * pTargetAddress = (BYTE *) GetProcAddress (hModule, lpProcName); (! pTargetAddress) se return false; Detour retorno (pTargetAddress, pFuncToCall, bAutoReturn, bNoRegs e bPolymorphic e iArgsOverride e iBytesToOverwrite);} CDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;! DWORD dwOldProt, dwDummy; if (VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt!)) return false; (! memcpy (m_pAddr, pBuffer, iSize) se) return false; FlushInstructionCache ( GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr, iSize, dwOldProt & dwDummy); return true;} CDetour bool :: apply () {if (m_bReady | | m_bApplied) return false;!; if (WriteToAddr (m_pDetourBuf! , m_iDetourSize)) return false; m_bApplied = true; g_iApplied + +; return true;} CDetour bool :: Remove () {if (m_bApplied) return false;! if (WriteToAddr (m_pOrgBuf, m_iDetourSize)) return false; m_bApplied = false; g_iRemoved + +; return true;} CDetour bool :: isReady () {return m_bReady;} CDetour bool :: IsApplied () {return m_bApplied; BYTE} * CDetour :: GetAddr () {return m_pAddr; BYTE} * CDetour :: GetFuncToCall ( ) {m_pFuncToCall retorno;} CDetour vazio :: SetFuncToCall (BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE * CDetour :: GetRetAddress () {return m_pRetAddress;}; CDetour vazio BYTE CDetour * :: GetGateRetAddress () {return} m_pGateRealRet :: SetGateRetAddress (BYTE * pGateRetAddress) {m_pGateRealRet = pGateRetAddress;} BYTE * CDetour :: GetThisPtr () {return m_pClassInstance;} CDetour vazio :: SetThisPtr (BYTE * pThisPtr) {m_pClassInstance = pThisPtr;} CDetour vazio :: NoSetThisPtr (bool bNoSetThisPtr) {m_bDontReplaceOrgClassInstance = bNoSetThisPtr;} CDetour vazio :: Ret (bool bReturnToOriginal) {m_bReturnToOriginal = bReturnToOriginal;} int CDetour :: GetDetourSize () {CByteArray buffer; if (GenerateDetour (buffer, 0, 0!) return) -1; voltar Buffer.Size ();} # define RAND_DETOUR_TYPES 9 CDetour bool :: GenerateDetour (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, iFinalSize int) {Buffer.Clear () if (m_ubDetourType> RAND_DETOUR_TYPES) return false; DWORD dwTmpRnd = ((m_ubDetourType = 0) (rand () | (rand () << 16)): 0?); switch (m_ubDetourType) {case 0: Buffer + = (BYTE) 0xE9; / / Buffer jmp + = ( DWORD) (pTarget - PBASE - 5); break; case 1: case 2: case 3: Buffer + = (BYTE) 0x68; Buffer / push / + = (DWORD) dwTmpRnd; buffer + = (BYTE) 0x81 / / xor dword ptr [esp] Buffer + = (BYTE) 0x34; buffer + = (BYTE) 0x24; buffer + = (DWORD) (pTarget (DWORD) ^ dwTmpRnd); break; case 4: case 5: case 6: Buffer + = (byte) 0x68; / push / buffer + = (DWORD) (((DWORD) pTarget << ((byte) dwTmpRnd e 31)) | ((DWORD) >> pTarget (32 - ((byte) dwTmpRnd e 31 )))); buffer + = (BYTE) 0xC1; / / ror dword ptr [esp], buffer + = (BYTE) 0x0C; buffer + = (BYTE) 0x24; buffer + = (BYTE) dwTmpRnd break; caso 7 : case 8: case 9: Buffer + = (BYTE) 0x68; Buffer / push / + = (DWORD) (pTarget - dwTmpRnd); buffer + = (BYTE) 0x81; / / adiciona dword ptr [esp], buffer + = (byte) 0x04; buffer + = (BYTE) 0x24; buffer + = (DWORD) dwTmpRnd; break;} switch (m_ubDetourType) {case 1: case 4: case 7: Buffer + = (BYTE) 0xc3; pausa / / ret ; case 2: case 5: case 8: Buffer + = (BYTE) 0xC2; / / Buffer retn + = (WORD) 0; break; case 3: case 6: case 9: Buffer + = (BYTE) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xC4; buffer + = (BYTE) 0x04; buffer + = (BYTE) 0xFF; / / jmp dword ptr [esp-4] Buffer + = (BYTE) 0x64; buffer + = ( BYTE) 0x24; buffer + = (BYTE) 0xFC; break;} if (iFinalSize = -1) {if (iFinalSize <(int!) Buffer.Size ()) return false; while ((int) Buffer.Size () <iFinalSize) Buffer + = (byte) OP_NOP;} return true;} CDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray / / ----------------- if (m_bPolymorphic) m_ubDetourType = (BYTE) (rand ()% RAND_DETOUR_TYPES) + 1; mais m_ubDetourType = 0; int iRawDetourSize = GetDetourSize (); if (iRawDetourSize == -1) return false; if (m_iBytesToOverwrite> 0) if ( m_iBytesToOverwrite <iRawDetourSize) {if (m_bPolymorphic) return false;! para (m_ubDetourType = 1; m_ubDetourType <= RAND_DETOUR_TYPES; m_ubDetourType + +) {iRawDetourSize = GetDetourSize () if (iRawDetourSize <= m_iBytesToOverwrite quebra);} if (m_ubDetourType> RAND_DETOUR_TYPES retorno) false;} / / ----------------- / / DWORD dwOldProt, dwDummy; (! VirtualProtect ((void *) m_dwAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / if / / return false; / / ----------------- Buffer.Clear (); se {buffer + = (BYTE) 0x89 (m_bNoRegs!) / / mov dword ptr, ecx buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance;} buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = ( BYTE) 0x83 / / sub esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (BYTE) 0x04; int iCallOrgEndOffsetIndex = -1; int iCallOrgEndOffset = -1; if (m_bAutoReturn) {/ / Buffer + = BYTE ( ) 0xCC; buffer + = (BYTE) 0xC6; / / mov byte ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (BYTE) 1; buffer + = (BYTE) 0x8F; / / pop dword buffer ptr + = (BYTE) 0x05; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x80 / / byte cmp ptr buffer + = (BYTE) 0x3D; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (BYTE) 0; buffer + = (BYTE) 0x74 / / iCallOrgEndOffsetIndex je buffer = + (BYTE) 0; if (m_iArgsOverride <= 0) buffer {+ = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pAutoReturnEndStack &;} buffer + = (BYTE) 0x8B; / / mov esp, dword buffer ptr + = (BYTE) 0x25; Tampão + = (DWORD) e m_pGateStack; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pOrgGateBuf; if (m_iArgsOverride> 0) {iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pGateStack; buffer + = (BYTE) 0xFF; / push / dword ptr Tampão + = (BYTE) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (WORD) (m_iArgsOverride * 4);} else buffer {+ = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pAutoReturnEndStack; iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateRealRet;}} else if (m_iArgsOverride> 0) {buffer + = (BYTE) 0x8F; / / pop dword buffer ptr + = (BYTE) 0x05; buffer + = (DWORD) & m_pGateRealRet; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = ( BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF ; / push / dword ptr buffer + = (BYTE) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (WORD) (m_iArgsOverride * 4);} else buffer {+ = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pFuncToCall;} = m_pGateBuf Buffer.Copy (); if (m_bAutoReturn) * (BYTE *) & m_pGateBuf [iCallOrgEndOffsetIndex] = (BYTE) iCallOrgEndOffset / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05 ; buffer + = (DWORD) e m_pOrgReturnAddress; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (BYTE) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (BYTE) 0x04; buffer + = (BYTE) 0xC7; / / mov dword ptr [esp], buffer + = (BYTE) 0x04; buffer + = BYTE ( ) 0x24; int iOrgReturnAddressIndex = Buffer + (DWORD) 0; if (m_bNoRegs) {buffer + = (BYTE) 0x80;! / / cmp byte buffer ptr + = (BYTE) 0x3D; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; Tampão + = 0x00 (BYTE); buffer + = (BYTE) 0x0F; / / cmove ecx, dword ptr buffer + = (BYTE) 0x44; buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance; buffer + = BYTE ( ) 0xC6; / / mov byte ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; buffer + = 0x00 (BYTE); / Buffer / + = (BYTE) 0x8B; / / mov ecx, dword ptr / / Buffer + = (BYTE) 0x0D; / Buffer / + = (DWORD) e m_pClassInstance;} / / ----- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; int iOverwrittenBytes = 0; CDetourDis Dis (NULL , NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; if (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc; if (* pbSrc == OP_BRK) break; BYTE * pbNew Dis.CopyInstruction = (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect ((void *) m_pAddr, m_iDetourSize, pOldProt & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew; m_iDetourSize}} = iOverwrittenBytes; m_pOrgAfterDetour = pbSrc / / ----- se | {/ / alinhar [fim da função] Buffer + = (BYTE) ((* pbLastOp == OP_BRK | * pbLastOp == OP_NOP)!) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pOrgAfterDetour &;} int iOrgReturnAddressOffset = Buffer.Peek (); buffer + = (BYTE) 0x8B; / / mov esp, dword ptr + Tampão = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pOrgReturnAddress; m_pOrgGateBuf = Buffer.Copy () / / ----- * (DWORD *) & m_pOrgGateBuf [iOrgReturnAddressIndex] = (DWORD) e m_pOrgGateBuf [iOrgReturnAddressOffset]; BYTE * pbDst = & m_pOrgGateBuf [iOverwrittenOpsIndex]; pbSrc = (BYTE *) m_pAddr; if (m_iBytesToOverwrite> 0) { memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- se retornar false (GenerateDetour (Buffer, m_pAddr, m_pGateBuf, m_iDetourSize)!); m_pDetourBuf = Buffer.Copy (); Buffer. Clear (); / / ----------------- Org = (CDetourOrg_Func) m_pOrgGateBuf / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_pAddr, m_iDetourSize, dwOldProt & dwDummy); m_bReady = true; return true;} CSimpleDetour int :: g_iApplied = 0; int CSimpleDetour :: g_iRemoved = 0; CSimpleDetour int :: Aplicada () {return g_iApplied;} CSimpleDetour int :: Removido () {return g_iRemoved;} CSimpleDetour :: CSimpleDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; Desconstruir ();}; CSimpleDetour :: ~ CSimpleDetour () {Deconstruct ();}; CSimpleDetour vazio :: Deconstruct () {m_bReady = false; if (m_bApplied) Remove (); FreeBuffers (); m_iBytesToOverwrite = 0; m_pAddr = NULL; m_pFuncToCall = NULL; m_iDetourSize = 0; m_pRetAddress = 0;} CSimpleDetour vazio :: FreeBuffers () {m_bReady = false; if (m_pDetourBuf) delete [] m_pDetourBuf; if (m_pOrgBuf) delete [] m_pOrgBuf; if (m_pGateBuf) delete [] m_pGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL;} CSimpleDetour bool :: Detour (BYTE * PADDR, BYTE * pFuncToCall, bExecuteOverwrittenOps bool, int) {iBytesToOverwrite Deconstruct ();! if (PADDR | | pFuncToCall ) return false; m_pAddr = PADDR; m_pFuncToCall = pFuncToCall; m_bExecuteOverwrittenOps = bExecuteOverwrittenOps; m_iBytesToOverwrite = iBytesToOverwrite; retornar Gerar ();} CSimpleDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;!; DWORD dwOldProt, dwDummy; (! VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt)) if return false; (! memcpy (m_pAddr, pBuffer, iSize)) if return false; FlushInstructionCache (GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr , iSize, dwOldProt & dwDummy); return true;} CSimpleDetour bool :: apply () {if (m_bReady | | m_bApplied) return false;!; if (WriteToAddr (m_pDetourBuf, m_iDetourSize!)) return false; m_bApplied = true; g_iApplied + + ; return true;} CSimpleDetour bool :: Remove () {if retornar false (m_bApplied!); (! WriteToAddr (m_pOrgBuf, m_iDetourSize)) if return false; m_bApplied = false; g_iRemoved + +; return true;} CSimpleDetour bool isReady :: ( ) {return m_bReady;} CSimpleDetour bool :: IsApplied () {return m_bApplied;} BYTE * CSimpleDetour :: GetAddr () {return m_pAddr;} BYTE * CSimpleDetour :: GetFuncToCall () {m_pFuncToCall retorno;} CSimpleDetour vazio SetFuncToCall :: ( BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE CSimpleDetour * :: GetRetAddress () {return m_pRetAddress;} CSimpleDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray / / ---------- ------- Buffer.Clear (); buffer + = (BYTE) 0xE8; / call / int iDetourOffsetIndex = Buffer + (DWORD) 0; BYTE * pRawDetourBuf = Buffer.Copy (); int iRawDetourSize = Buffer.Peek (); if (m_iBytesToOverwrite> 0) if (m_iBytesToOverwrite <iRawDetourSize) return false; VirtualProtect / / if (/ / ----------------- / / DWORD dwOldProt, dwDummy! (m_pAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / return false; / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall / / ----------------- = int iOverwrittenOpsIndex Buffer.Peek (int); iOverwrittenOps = 0; iOverwrittenBytes int = 0; CDetourDis Dis (NULL, NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; if (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc; if (* pbSrc == OP_BRK ) break; BYTE * pbNew = Dis.CopyInstruction (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect (m_pAddr, m_iDetourSize, dwOldProt & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew;}} = m_iDetourSize iOverwrittenBytes / / ----- Tampão + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pRetAddress; m_pGateBuf = Buffer.Copy () / / ------------ ----- BYTE * pbDst = & m_pGateBuf [iOverwrittenOpsIndex]; pbSrc = m_pAddr; if (m_iBytesToOverwrite> 0) {memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- * ( int *) & pRawDetourBuf [iDetourOffsetIndex] = m_pGateBuf - m_pAddr - 5; m_pDetourBuf = new byte [m_iDetourSize]; memset (m_pDetourBuf, OP_NOP, m_iDetourSize); memcpy (m_pDetourBuf, pRawDetourBuf, iRawDetourSize); delete [] pRawDetourBuf; pRawDetourBuf = NULL; / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_dwAddr, m_iDetourSize, dwOldProt, dwDummy & ); m_bReady = true; return true;}

Detour / CByteArray.h

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / / * Todos os créditos para CDetourDis vai para Micro $ oft GG CB para a idéia de ByteArray - imbecil: Licença P: Eu, LanceVorgin, permitem que você use essas classes em qualquer de seus projetos nas seguintes condições: * Meu nome aparece em seu readme e créditos junto com o fato de que meu CDetour foi usado * Você não toma crédito para CDetour Isso é tudo. GPL, fechado fonte , privada, é tudo de bom :): Configurações de Desvio bAutoReturn - Se for verdade, após hookfunc é chamada, a função original será chamado com os argumentos originais - a menos que Ret (false) foi chamado bNoRegs - Se desvio, é verdade não modificar qualquer registos além de esp. Use para fastcalls / funcs outros que levam params em regs (mal msvc 2k5) (geralmente, desvio vai salvar ecx e redefini-lo em Org para funcs classe) bPolymorphic - Se desvio o falso é um jmp. Se desviar o verdadeiro é randomiezed e impliments um número aleatório. Trata-se de um lote maior que 5 iArgsOverride bytes - Normalmente, o hookfunc é definido como idêntico ao da função viciado em ambos os argumentos e convenção de chamada. Com este conjunto, a pilha será modificado após a hookfunc é chamado como se um stdcall com args x foi chamado. Útil se você tem uma função stdcall com uns 10 args que não dão a mínima para (caso contrário você tem que ter 10 args lixo em seu hookfunc) iBytesToOverwrite - Substitui o reassembler automática. Todo: * Add SetProxy * Adicione Metamorfose Dimensão: substituir empurrar 8D 64 24 FC lea esp, [esp-4] C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h 83 CE 04 sub esp, 4 C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h * / # define WIN32_LEAN_AND_MEAN # define WIN32_EXTRA_LEAN # include # Include   # Include "CDetourDis.h" # include void "CDetour.h" * CDetour :: NullOrgFunc (...) {return NULL;} CDetour CDetourOrg_Func :: NullOrg = CDetour (CDetourOrg_Func) :: NullOrgFunc; CDetour int :: g_iApplied = 0; CDetour int :: g_iRemoved = 0; CDetour int :: Aplicada () {return g_iApplied;} CDetour int :: Removido () {return g_iRemoved;} CDetour vazio :: InitRand () {srand (GetTickCount ());} CDetour :: CDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL; m_bApplied = false; Deconstruct ();}; CDetour :: ~ CDetour () {Deconstruct ();}; CDetour vazio: : Deconstruct () {m_bReady = false; if (m_bApplied) Remove (); FreeBuffers (); Org = NullOrgFunc; m_bAutoReturn = false; m_bNoRegs = false; m_bPolymorphic = false; m_iArgsOverride = -1; m_iBytesToOverwrite = -1; m_pAddr = NULL ; m_pFuncToCall = NULL; m_ubDetourType = 0; m_iDetourSize = 0; m_pOrgAfterDetour = NULL; m_bDontReplaceOrgClassInstance = false; m_bReturnToOriginal = false; m_pGateStack = NULL; m_pGateRealRet = NULL; m_pAutoReturnEndStack = NULL; m_pRetAddress = NULL; m_pClassInstance = NULL; m_pOrgReturnAddress = NULL; m_pOrgStack = NULL;} CDetour vazio :: FreeBuffers () {m_bReady = false; if (m_pDetourBuf) delete [] m_pDetourBuf; if (m_pOrgBuf) delete [] m_pOrgBuf; if (m_pGateBuf) delete [] m_pGateBuf; if (m_pOrgGateBuf) delete [] m_pOrgGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL;} CDetour bool :: Detour (BYTE * PADDR, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {Deconstruct (); (! PADDR | | pFuncToCall) se return false; m_pAddr = PADDR; m_pFuncToCall = pFuncToCall; bAutoReturn m_bAutoReturn =; m_bNoRegs = bNoRegs; m_bPolymorphic = bPolymorphic; m_iArgsOverride = iArgsOverride; m_iBytesToOverwrite iBytesToOverwrite =; retornar Gerar ();} bool CDetour :: Detour (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {HMODULE hModule = LoadLibrary (lpLibraryName); (! hModule) se return false; BYTE * pTargetAddress = (BYTE *) GetProcAddress (hModule, lpProcName); (! pTargetAddress) se return false; Detour retorno (pTargetAddress, pFuncToCall, bAutoReturn, bNoRegs e bPolymorphic e iArgsOverride e iBytesToOverwrite);} CDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;! DWORD dwOldProt, dwDummy; if (VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt!)) return false; (! memcpy (m_pAddr, pBuffer, iSize) se) return false; FlushInstructionCache ( GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr, iSize, dwOldProt & dwDummy); return true;} CDetour bool :: apply () {if (m_bReady | | m_bApplied) return false;!; if (WriteToAddr (m_pDetourBuf! , m_iDetourSize)) return false; m_bApplied = true; g_iApplied + +; return true;} CDetour bool :: Remove () {if (m_bApplied) return false;! if (WriteToAddr (m_pOrgBuf, m_iDetourSize)) return false; m_bApplied = false; g_iRemoved + +; return true;} CDetour bool :: isReady () {return m_bReady;} CDetour bool :: IsApplied () {return m_bApplied; BYTE} * CDetour :: GetAddr () {return m_pAddr; BYTE} * CDetour :: GetFuncToCall ( ) {m_pFuncToCall retorno;} CDetour vazio :: SetFuncToCall (BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE * CDetour :: GetRetAddress () {return m_pRetAddress;}; CDetour vazio BYTE CDetour * :: GetGateRetAddress () {return} m_pGateRealRet :: SetGateRetAddress (BYTE * pGateRetAddress) {m_pGateRealRet = pGateRetAddress;} BYTE * CDetour :: GetThisPtr () {return m_pClassInstance;} CDetour vazio :: SetThisPtr (BYTE * pThisPtr) {m_pClassInstance = pThisPtr;} CDetour vazio :: NoSetThisPtr (bool bNoSetThisPtr) {m_bDontReplaceOrgClassInstance = bNoSetThisPtr;} CDetour vazio :: Ret (bool bReturnToOriginal) {m_bReturnToOriginal = bReturnToOriginal;} int CDetour :: GetDetourSize () {CByteArray buffer; if (GenerateDetour (buffer, 0, 0!) return) -1; voltar Buffer.Size ();} # define RAND_DETOUR_TYPES 9 CDetour bool :: GenerateDetour (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, iFinalSize int) {Buffer.Clear () if (m_ubDetourType> RAND_DETOUR_TYPES) return false; DWORD dwTmpRnd = ((m_ubDetourType = 0) (rand () | (rand () << 16)): 0?); switch (m_ubDetourType) {case 0: Buffer + = (BYTE) 0xE9; / / Buffer jmp + = ( DWORD) (pTarget - PBASE - 5); break; case 1: case 2: case 3: Buffer + = (BYTE) 0x68; Buffer / push / + = (DWORD) dwTmpRnd; buffer + = (BYTE) 0x81 / / xor dword ptr [esp] Buffer + = (BYTE) 0x34; buffer + = (BYTE) 0x24; buffer + = (DWORD) (pTarget (DWORD) ^ dwTmpRnd); break; case 4: case 5: case 6: Buffer + = (byte) 0x68; / push / buffer + = (DWORD) (((DWORD) pTarget << ((byte) dwTmpRnd e 31)) | ((DWORD) >> pTarget (32 - ((byte) dwTmpRnd e 31 )))); buffer + = (BYTE) 0xC1; / / ror dword ptr [esp], buffer + = (BYTE) 0x0C; buffer + = (BYTE) 0x24; buffer + = (BYTE) dwTmpRnd break; caso 7 : case 8: case 9: Buffer + = (BYTE) 0x68; Buffer / push / + = (DWORD) (pTarget - dwTmpRnd); buffer + = (BYTE) 0x81; / / adiciona dword ptr [esp], buffer + = (byte) 0x04; buffer + = (BYTE) 0x24; buffer + = (DWORD) dwTmpRnd; break;} switch (m_ubDetourType) {case 1: case 4: case 7: Buffer + = (BYTE) 0xc3; pausa / / ret ; case 2: case 5: case 8: Buffer + = (BYTE) 0xC2; / / Buffer retn + = (WORD) 0; break; case 3: case 6: case 9: Buffer + = (BYTE) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xC4; buffer + = (BYTE) 0x04; buffer + = (BYTE) 0xFF; / / jmp dword ptr [esp-4] Buffer + = (BYTE) 0x64; buffer + = ( BYTE) 0x24; buffer + = (BYTE) 0xFC; break;} if (iFinalSize = -1) {if (iFinalSize <(int!) Buffer.Size ()) return false; while ((int) Buffer.Size () <iFinalSize) Buffer + = (byte) OP_NOP;} return true;} CDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray / / ----------------- if (m_bPolymorphic) m_ubDetourType = (BYTE) (rand ()% RAND_DETOUR_TYPES) + 1; mais m_ubDetourType = 0; int iRawDetourSize = GetDetourSize (); if (iRawDetourSize == -1) return false; if (m_iBytesToOverwrite> 0) if ( m_iBytesToOverwrite <iRawDetourSize) {if (m_bPolymorphic) return false;! para (m_ubDetourType = 1; m_ubDetourType <= RAND_DETOUR_TYPES; m_ubDetourType + +) {iRawDetourSize = GetDetourSize () if (iRawDetourSize <= m_iBytesToOverwrite quebra);} if (m_ubDetourType> RAND_DETOUR_TYPES retorno) false;} / / ----------------- / / DWORD dwOldProt, dwDummy; (! VirtualProtect ((void *) m_dwAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / if / / return false; / / ----------------- Buffer.Clear (); se {buffer + = (BYTE) 0x89 (m_bNoRegs!) / / mov dword ptr, ecx buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance;} buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = ( BYTE) 0x83 / / sub esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (BYTE) 0x04; int iCallOrgEndOffsetIndex = -1; int iCallOrgEndOffset = -1; if (m_bAutoReturn) {/ / Buffer + = BYTE ( ) 0xCC; buffer + = (BYTE) 0xC6; / / mov byte ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (BYTE) 1; buffer + = (BYTE) 0x8F; / / pop dword buffer ptr + = (BYTE) 0x05; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x80 / / byte cmp ptr buffer + = (BYTE) 0x3D; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (BYTE) 0; buffer + = (BYTE) 0x74 / / iCallOrgEndOffsetIndex je buffer = + (BYTE) 0; if (m_iArgsOverride <= 0) buffer {+ = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pAutoReturnEndStack &;} buffer + = (BYTE) 0x8B; / / mov esp, dword buffer ptr + = (BYTE) 0x25; Tampão + = (DWORD) e m_pGateStack; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pOrgGateBuf; if (m_iArgsOverride> 0) {iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pGateStack; buffer + = (BYTE) 0xFF; / push / dword ptr Tampão + = (BYTE) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (WORD) (m_iArgsOverride * 4);} else buffer {+ = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pAutoReturnEndStack; iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateRealRet;}} else if (m_iArgsOverride> 0) {buffer + = (BYTE) 0x8F; / / pop dword buffer ptr + = (BYTE) 0x05; buffer + = (DWORD) & m_pGateRealRet; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = ( BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (BYTE) 0xFF ; / push / dword ptr buffer + = (BYTE) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (WORD) (m_iArgsOverride * 4);} else buffer {+ = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pFuncToCall;} = m_pGateBuf Buffer.Copy (); if (m_bAutoReturn) * (BYTE *) & m_pGateBuf [iCallOrgEndOffsetIndex] = (BYTE) iCallOrgEndOffset / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05 ; buffer + = (DWORD) e m_pOrgReturnAddress; buffer + = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (BYTE) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (BYTE) 0x04; buffer + = (BYTE) 0xC7; / / mov dword ptr [esp], buffer + = (BYTE) 0x04; buffer + = BYTE ( ) 0x24; int iOrgReturnAddressIndex = Buffer + (DWORD) 0; if (m_bNoRegs) {buffer + = (BYTE) 0x80;! / / cmp byte buffer ptr + = (BYTE) 0x3D; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; Tampão + = 0x00 (BYTE); buffer + = (BYTE) 0x0F; / / cmove ecx, dword ptr buffer + = (BYTE) 0x44; buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance; buffer + = BYTE ( ) 0xC6; / / mov byte ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; buffer + = 0x00 (BYTE); / Buffer / + = (BYTE) 0x8B; / / mov ecx, dword ptr / / Buffer + = (BYTE) 0x0D; / Buffer / + = (DWORD) e m_pClassInstance;} / / ----- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; int iOverwrittenBytes = 0; CDetourDis Dis (NULL , NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; if (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc; if (* pbSrc == OP_BRK) break; BYTE * pbNew Dis.CopyInstruction = (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect ((void *) m_pAddr, m_iDetourSize, pOldProt & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew; m_iDetourSize}} = iOverwrittenBytes; m_pOrgAfterDetour = pbSrc / / ----- se | {/ / alinhar [fim da função] Buffer + = (BYTE) ((* pbLastOp == OP_BRK | * pbLastOp == OP_NOP)!) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) m_pOrgAfterDetour &;} int iOrgReturnAddressOffset = Buffer.Peek (); buffer + = (BYTE) 0x8B; / / mov esp, dword ptr + Tampão = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pOrgReturnAddress; m_pOrgGateBuf = Buffer.Copy () / / ----- * (DWORD *) & m_pOrgGateBuf [iOrgReturnAddressIndex] = (DWORD) e m_pOrgGateBuf [iOrgReturnAddressOffset]; BYTE * pbDst = & m_pOrgGateBuf [iOverwrittenOpsIndex]; pbSrc = (BYTE *) m_pAddr; if (m_iBytesToOverwrite> 0) { memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- se retornar false (GenerateDetour (Buffer, m_pAddr, m_pGateBuf, m_iDetourSize)!); m_pDetourBuf = Buffer.Copy (); Buffer. Clear (); / / ----------------- Org = (CDetourOrg_Func) m_pOrgGateBuf / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_pAddr, m_iDetourSize, dwOldProt & dwDummy); m_bReady = true; return true;} CSimpleDetour int :: g_iApplied = 0; int CSimpleDetour :: g_iRemoved = 0; CSimpleDetour int :: Aplicada () {return g_iApplied;} CSimpleDetour int :: Removido () {return g_iRemoved;} CSimpleDetour :: CSimpleDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; Desconstruir ();}; CSimpleDetour :: ~ CSimpleDetour () {Deconstruct ();}; CSimpleDetour vazio :: Deconstruct () {m_bReady = false; if (m_bApplied) Remove (); FreeBuffers (); m_iBytesToOverwrite = 0; m_pAddr = NULL; m_pFuncToCall = NULL; m_iDetourSize = 0; m_pRetAddress = 0;} CSimpleDetour vazio :: FreeBuffers () {m_bReady = false; if (m_pDetourBuf) delete [] m_pDetourBuf; if (m_pOrgBuf) delete [] m_pOrgBuf; if (m_pGateBuf) delete [] m_pGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL;} CSimpleDetour bool :: Detour (BYTE * PADDR, BYTE * pFuncToCall, bExecuteOverwrittenOps bool, int) {iBytesToOverwrite Deconstruct ();! if (PADDR | | pFuncToCall ) return false; m_pAddr = PADDR; m_pFuncToCall = pFuncToCall; m_bExecuteOverwrittenOps = bExecuteOverwrittenOps; m_iBytesToOverwrite = iBytesToOverwrite; retornar Gerar ();} CSimpleDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;!; DWORD dwOldProt, dwDummy; (! VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt)) if return false; (! memcpy (m_pAddr, pBuffer, iSize)) if return false; FlushInstructionCache (GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr , iSize, dwOldProt & dwDummy); return true;} CSimpleDetour bool :: apply () {if (m_bReady | | m_bApplied) return false;!; if (WriteToAddr (m_pDetourBuf, m_iDetourSize!)) return false; m_bApplied = true; g_iApplied + + ; return true;} CSimpleDetour bool :: Remove () {if retornar false (m_bApplied!); (! WriteToAddr (m_pOrgBuf, m_iDetourSize)) if return false; m_bApplied = false; g_iRemoved + +; return true;} CSimpleDetour bool isReady :: ( ) {return m_bReady;} CSimpleDetour bool :: IsApplied () {return m_bApplied;} BYTE * CSimpleDetour :: GetAddr () {return m_pAddr;} BYTE * CSimpleDetour :: GetFuncToCall () {m_pFuncToCall retorno;} CSimpleDetour vazio SetFuncToCall :: ( BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE CSimpleDetour * :: GetRetAddress () {return m_pRetAddress;} CSimpleDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray / / ---------- ------- Buffer.Clear (); buffer + = (BYTE) 0xE8; / call / int iDetourOffsetIndex = Buffer + (DWORD) 0; BYTE * pRawDetourBuf = Buffer.Copy (); int iRawDetourSize = Buffer.Peek (); if (m_iBytesToOverwrite> 0) if (m_iBytesToOverwrite <iRawDetourSize) return false; VirtualProtect / / if (/ / ----------------- / / DWORD dwOldProt, dwDummy! (m_pAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / return false; / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F; / / pop dword ptr buffer + = (BYTE) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = (BYTE) 0xFF; / call / dword ptr buffer + = (BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall / / ----------------- = int iOverwrittenOpsIndex Buffer.Peek (int); iOverwrittenOps = 0; iOverwrittenBytes int = 0; CDetourDis Dis (NULL, NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; if (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc; if (* pbSrc == OP_BRK ) break; BYTE * pbNew = Dis.CopyInstruction (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect (m_pAddr, m_iDetourSize, dwOldProt & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew;}} = m_iDetourSize iOverwrittenBytes / / ----- Tampão + = (BYTE) 0xFF; / / jmp dword ptr buffer + = (BYTE) 0x25; buffer + = (DWORD) e m_pRetAddress; m_pGateBuf = Buffer.Copy () / / ------------ ----- BYTE * pbDst = & m_pGateBuf [iOverwrittenOpsIndex]; pbSrc = m_pAddr; if (m_iBytesToOverwrite> 0) {memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- * ( int *) & pRawDetourBuf [iDetourOffsetIndex] = m_pGateBuf - m_pAddr - 5; m_pDetourBuf = new byte [m_iDetourSize]; memset (m_pDetourBuf, OP_NOP, m_iDetourSize); memcpy (m_pDetourBuf, pRawDetourBuf, iRawDetourSize); delete [] pRawDetourBuf; pRawDetourBuf = NULL; / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_dwAddr, m_iDetourSize, dwOldProt, dwDummy & ); m_bReady = true; return true;}

Detour / CDetourDis.cpp

Código:

/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Módulo /: detours.lib / / Arquivo: disasm.cpp / / / / Detours para funções binárias. A versão 1.5 (Build 46) / / Inclui suporte para todos os chips x86 antes do Pentium III. / / / / Copyright 1999-2001, Microsoft Corporation / / # define WIN32_LEAN_AND_MEAN # define WIN32_EXTRA_LEAN # include / / # Include / / # Include "detours.h" / / # include "disasm.h" # include "CDetourDis.h" # undef ASSERT # define ASSERT (x) / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Função: / DetourCopyInstruction / (PBYTE pbDst, PBYTE pbSrc, PBYTE ppbTarget *) / / Objetivo: / / Copiar uma única instrução de pbSrc para pbDst. / / Argumentos: / pbDst /: / destino / endereço para a instrução. Pode ser NULL em que DetourCopyInstruction / / case é usado para medir uma instrução. / / Se não for NULL então o fonte de instrução é copiado para o ensino / destino / e quaisquer argumentos relativos são ajustados. / / / / PbSrc           Source endereço da instrução. / PpbTarget / / / Out parâmetro para qualquer endereço de instrução de destino apontado por / / instrução. Por exemplo, um galho ou um salto insruction tem / / um alvo, mas uma instrução de load ou store não. Um alvo é / / outra instrução que pode ser executado como um resultado desta instrução / /. ppbTarget pode ser NULL. / / PlExtra: / / Out parâmetro para o número de bytes extra necessários pela instrução / / para atingir o alvo. Por exemplo, lExtra = 3 se a instrução / / tinha um parente 8-bit offset, mas precisa de um 32-bit / parente / offset. / / Retorna: / / retorna o endereço da próxima instrução (seguindo a fonte) / / Instruções. Subtraindo pbSrc a partir do valor de retorno, o chamador / / pode determinte o tamanho da instrução copiado. / / Comentários: / / Seguindo o pbTarget, o chamador pode seguir alternativo / instrução / córregos. No entanto, nem sempre é possível determinar / / alvo com base na análise estática. Por exemplo, o destino de / / um salto para um registo não pode ser determinado a partir de apenas o fluxo / instrução /. O valor de saída, pbTarget, pode ter qualquer uma das saídas / / seguinte: / / DETOUR_INSTRUCTION_TARGET_NONE: / / A instrução não tem metas. / / DETOUR_INSTRUCTION_TARGET_DYNAMIC: / / A instrução tem um alvo não-determinista (dinâmico). / / (Ou seja, o salto é para um endereço mantido em um registrador.) / / Endereço: A instrução tem o destino especificado. / / / / Ao copiar instruções, DetourCopyInstruction assegura que as metas / / permanecer constante. Fá-lo, ajustando qualquer parente IP / / compensações. / / PBYTE WINAPI DetourCopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE ppbTarget *, LONG * plExtra) {CDetourDis oDetourDisasm (ppbTarget, plExtra); oDetourDisasm.CopyInstruction retorno (pbDst, pbSrc);} PBYTE DetourCopyInstruction WINAPI (PBYTE pbDst, PBYTE pbSrc, PBYTE * ppbTarget) {CDetourDis oDetourDisasm (ppbTarget, NULL); oDetourDisasm.CopyInstruction retorno (pbDst, pbSrc);} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Código Disassembler. CDetourDis :: CDetourDis (PBYTE ppbTarget *, LONG * plExtra) {Set32BitOperand (); Set32BitAddress (); ppbTarget m_ppbTarget =? ppbTarget: & m_pbScratchTarget; m_plExtra = plExtra? plExtra: & m_lScratchExtra; * m_ppbTarget = DETOUR_INSTRUCTION_TARGET_NONE; * m_plExtra = 0; m_pbDstOverride = 0; m_bAdjustZero = FALSE;} CDetourDis VOID :: Set16BitOperand () {m_b16BitOperand = TRUE;} CDetourDis VOID :: Set32BitOperand () {m_b16BitOperand = FALSE;} VOID CDetourDis :: Set16BitAddress () {m_b16BitAddress = TRUE;} VOID CDetourDis :: Set32BitAddress () {m_b16BitAddress = false;} PBYTE CDetourDis :: CopyInstruction (PBYTE pbDst, PBYTE pbSrc) {/ / Configurar áreas scratch se as áreas reais não estão disponíveis. if (NULL == pbDst) pbDst = m_rbScratchDst; if (NULL == pbSrc) {/ / Não podemos copiar uma instrução inexistente. SetLastError (ERROR_INVALID_DATA); NULL retorno;} / / Descobrir o quão grande é a instrução é, fazer a cópia for o caso, / / e descobrir o que o destino da instrução é, se houver. REFCOPYENTRY pentry = & s_rceCopyTable [pbSrc [0]]; retorno (this-> * pentry-> pfCopy) (pentry, pbDst, pbSrc);} PBYTE CDetourDis :: CopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE pbDstOverride) {m_pbDstOverride = pbDstOverride ; PBYTE pbRet = CopyInstruction (pbDst, pbSrc); m_pbDstOverride = NULL; pbRet retorno;} PBYTE CDetourDis :: CopyInstructionZero (PBYTE pbDst, PBYTE pbSrc) {m_bAdjustZero = TRUE; PBYTE pbRet = CopyInstructionEx (pbDst, pbSrc, NULL); m_bAdjustZero = FALSE; pbRet retorno;} BYTE CDetourDis :: InstructionLen (PBYTE pbSrc) {PBYTE pbDst = m_rbScratchDst; if (NULL == pbSrc) {/ / Não podemos copiar uma instrução inexistente. SetLastError (ERROR_INVALID_DATA); NULL retorno;} / / Descobrir o quão grande é a instrução é, fazer a cópia for o caso, / / e descobrir o que o destino da instrução é, se houver. REFCOPYENTRY pentry = & s_rceCopyTable [pbSrc [0]]; PBYTE pbEnd = (this-> * pentry-> pfCopy) (pentry, pbDst, pbSrc), se retornar 0; retorno (BYTE) (pbEnd - pbSrc) (pbEnd!); PBYTE} CDetourDis :: CopyBytes (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {long nBytesFixed = (pentry-> nFlagBits e endereço)? (M_b16BitAddress pentry-> nFixedSize16: pentry-> nFixedSize?): (M_b16BitOperand pentry-> nFixedSize16: pentry-> nFixedSize); nbytes LONG = nBytesFixed; bAddrOfs BYTE = 0; if (pentry-> nModOffset> 0) {bModRm BYTE = pbSrc [pentry-> nModOffset]; BYTE bFlags = s_rbModRm [bModRm]; if ((bFlags & NOENLARGE) && ((bFlags & NOTSIB) == 4)) bAddrOfs = (BYTE) pentry-> nModOffset + 1 if ( bFlags & SIB) {BYTE bSib = pbSrc [pentry-> nModOffset + 1]; if ((bSib & 0x07) == 0x05) {if ((bModRm & 0xC0) == 0x00) nbytes + = 4; else if (( bModRm & 0xC0) == 0x40) nbytes + = 1; else if ((bModRm & 0xC0) == 0x80) nbytes + = 4;}} nbytes + = bFlags & NOTSIB;} CopyMemory (pbDst, pbSrc, nbytes); se (&& m_bAdjustZero bAddrOfs) * (DWORD *) & pbDst [bAddrOfs] = 0; if (pentry-> nRelOffset) * m_ppbTarget = AdjustTarget (pbDst, pbSrc, nBytesFixed, pentry-> nRelOffset); if (pentry-> nFlagBits & NOENLARGE) * m_plExtra = - * m_plExtra; if (pentry-> nFlagBits e dinâmico) * m_ppbTarget DETOUR_INSTRUCTION_TARGET_DYNAMIC =; retorno pbSrc + nbytes;} PBYTE CDetourDis :: CopyBytesPrefix (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {CopyBytes (pentry, pbDst, pbSrc ); pentry = & s_rceCopyTable [pbSrc [1]]; retorno (this-> * pentry-> pfCopy) (pentry, pbDst + 1, pbSrc + 1);} PBYTE CDetourDis :: AdjustTarget (PBYTE pbDst, PBYTE pbSrc, cbOp LONGO , LONG cbTargetOffset) {long cbTargetSize = cbOp - cbTargetOffset; pbTarget PBYTE = NULL; PVOID pvTargetAddr = & pbDst [cbTargetOffset]; nOldOffset LONG = 0; switch (cbTargetSize) {case 1: nOldOffset = (LONG) * (PCHAR &) pvTargetAddr; * m_plExtra = 3; break; case 2: nOldOffset = (LONG) * (PSHORT &) pvTargetAddr; * m_plExtra = 2; break; case 4: nOldOffset = (LONG) * (Plong &) pvTargetAddr; * m_plExtra = 0; break; padrão: ASSERT ("cbTargetSize é inválido."!); break;} = pbTarget pbSrc + + cbOp nOldOffset; LONGO nNewOffset = nOldOffset - (((m_pbDstOverride = NULL) m_pbDstOverride:? pbDst) - pbSrc); switch (cbTargetSize) {case 1: * (PCHAR &) pvTargetAddr = nNewOffset (CHAR); break; case 2: * (PSHORT &) pvTargetAddr = (SHORT) nNewOffset; break; case 4: * (Plong &) pvTargetAddr = (LONG) nNewOffset; break;} ASSERT ( pbDst + + cbOp nNewOffset == pbTarget); pbTarget retorno;} PBYTE CDetourDis :: inválido (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {(void) pbDst; (void) pentry; ASSERT ("Instrução inválida");! retorno pbSrc + 1} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Códigos individuais Bytes. PBYTE CDetourDis :: Copy0F (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {CopyBytes (pentry, pbDst, pbSrc); pentry = & s_rceCopyTable0F [pbSrc [1]]; retorno (this-> * pentry-> pfCopy) (pentry, pbDst + 1, pbSrc + 1);} PBYTE CDetourDis :: Copy66 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / tamanho Operando-override prefixo Set16BitOperand (); retorno CopyBytesPrefix (pentry, pbDst, pbSrc);} PBYTE CDetourDis: : Copy67 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / Endereço tamanho do prefixo override Set16BitAddress (); retorno CopyBytesPrefix (pentry, pbDst, pbSrc);} PBYTE CDetourDis :: CopyF6 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) { (void) pentry; / TEST / BYTE / 0 if (0x00 == (0x38 & pbSrc [1])) {/ / reg (bits 543) de ModR / M == 0 const COPYENTRY ce = {0xf6, ENTRY_CopyBytes2Mod1}; retorno (this-> * ce.pfCopy) (& ce, pbDst, pbSrc);} / DIV / / 6 / / IDIV / 7 / / IMUL / 5 / / MUL / 4 / / NEG / 3 / / NÃO / 2 const COPYENTRY ce = {0xf6, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& ce, pbDst, pbSrc);} PBYTE CDetourDis :: CopyF7 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {pentry (void); / / TEST WORD / 0 if (0x00 == (0x38 & pbSrc [1])) {/ / reg (bits 543) de ModR / M == 0 const COPYENTRY ce = {0xf7, ENTRY_CopyBytes2ModOperand}; retorno (this-> * ce.pfCopy) (& ce, pbDst, pbSrc);} / / DIV / 6 / / IDIV / 7 / / IMUL / 5 / / MUL / 4 / / NEG / 3 / / NÃO / 2 const COPYENTRY ce = {0xf7, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& ce, pbDst, pbSrc);} PBYTE CDetourDis :: CopyFF (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / CALL / 2 / / CALL / 3 / / INC / 0 / / JMP / 4 / / JMP / 5 / / PUSH / 6 pentry (void); if (0x15 == pbSrc [1] | | 0x25 == pbSrc [1]) {/ / CALL [], JMP [] PBYTE * ppbTarget = * (PBYTE **) & pbSrc [2]; m_ppbTarget * = * ppbTarget;} else if (0x10 == (0x38 & pbSrc [1]) | | CALL / / / 2 -> reg ( bits de 543) de ModR / M == 010 == 0x18 (0x38 & pbSrc [1]) | | CALL / / / 3 -> reg (bits 543) de ModR / M == 011 == 0x20 (0x38 & pbSrc [1]) | | / / JMP / 4 -> reg (bits 543) de ModR / M == 100 == (0x28 0x38 & pbSrc [1]) / / JMP / 5 -> reg (bits 543) de 101 == ModR / M) {* = m_ppbTarget DETOUR_INSTRUCTION_TARGET_DYNAMIC;} const COPYENTRY ce = {0xff, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& ce, pbDst, pbSrc);} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Disassembler tabelas. const BYTE CDetourDis :: s_rbModRm [256] = {0,0,0,0, SIB | 1,4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / 0x 0,0,0,0, SIB | 1,4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / 1x 0,0,0,0, SIB | 1 , 4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / 2x 0,0,0,0, SIB | 1,4,0,0, 0,0, 0,0, SIB | 1,4,0,0, / / 3x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1,1,1, / / 4x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1,1,1, / / 5x 1,1,1,1, 2,1,1 , 1, 1,1,1,1, 2,1,1,1, / / 6x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1, 1,1, / / 7x 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / 8x 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / 9x 4,4,4,4, 5,4,4,4, 4,4,4,4 , 5,4,4,4, / / Ax 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / Bx 0,0 , 0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, / / Cx 0,0,0,0, 0,0,0,0, 0, 0,0,0, 0,0,0,0, / / Dx 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, / / Ex 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 / / Fx}; CDetourDis const :: COPYENTRY CDetourDis :: s_rceCopyTable [257] = {{0x00, ENTRY_CopyBytes2Mod}, / / ADD / r {0x01, ENTRY_CopyBytes2Mod}, / / ADD / r {0x02, ENTRY_CopyBytes2Mod}, / / ADD / r {0x03, ENTRY_CopyBytes2Mod}, / / ADD / r {0x04, ENTRY_CopyBytes2 }, / / ADD ib {0x05, ENTRY_CopyBytes3Or5}, / / ADD iw {0x06, ENTRY_CopyBytes1}, / PUSH / {0x07, ENTRY_CopyBytes1}, / POP / {0x08, ENTRY_CopyBytes2Mod}, / / OU / r {0x09, ENTRY_CopyBytes2Mod} , / / OU / r {0x0A, ENTRY_CopyBytes2Mod}, / / OU / r {0x0B, ENTRY_CopyBytes2Mod}, / / OU / r {0x0C, ENTRY_CopyBytes2}, / / OU ib {0x0D, ENTRY_CopyBytes3Or5}, / / OU iw {0x0E , ENTRY_CopyBytes1} e / PUSH / {0x0F, ENTRY_Copy0F} / Extensão / Ops {0x10, ENTRY_CopyBytes2Mod}, / / ADC / r {0x11, ENTRY_CopyBytes2Mod}, / / ADC / r {0x12, ENTRY_CopyBytes2Mod}, / / ADC / r {0x13, ENTRY_CopyBytes2Mod}, / / ADC / r {0x14, ENTRY_CopyBytes2}, / / ADC ib {0x15, ENTRY_CopyBytes3Or5}, / / ID ADC {0x16, ENTRY_CopyBytes1}, / / PUSH {0x17, ENTRY_CopyBytes1}, / / POP { 0x18, ENTRY_CopyBytes2Mod}, / / SBB / r {0x19, ENTRY_CopyBytes2Mod}, / / SBB / r {0x1A, ENTRY_CopyBytes2Mod}, / / SBB / r {0x1B, ENTRY_CopyBytes2Mod}, / / SBB / r {0x1C, ENTRY_CopyBytes2}, / / SBB ib {0x1D, ENTRY_CopyBytes3Or5}, / / ID SBB {0x1E, ENTRY_CopyBytes1}, / / PUSH {0x1F, ENTRY_CopyBytes1}, / / POP {0x20, ENTRY_CopyBytes2Mod}, / / e / r {0x21, ENTRY_CopyBytes2Mod}, / / E / r {0x22, ENTRY_CopyBytes2Mod}, / / e / r {0x23, ENTRY_CopyBytes2Mod}, / / e / r {0x24, ENTRY_CopyBytes2}, / / E ib {0x25, ENTRY_CopyBytes3Or5}, / / ID E {0x26, ENTRY_CopyBytesPrefix} / / prefixo ES {0x27, ENTRY_CopyBytes1}, / / DAA {0x28, ENTRY_CopyBytes2Mod}, / / SUB / r {0x29, ENTRY_CopyBytes2Mod}, / / SUB / r {0x2A, ENTRY_CopyBytes2Mod}, / / SUB / r {0x2B, ENTRY_CopyBytes2Mod}, / / SUB / r {0x2C, ENTRY_CopyBytes2}, / / SUB ib {0x2d, ENTRY_CopyBytes3Or5}, / / ID SUB {0x2E, ENTRY_CopyBytesPrefix}, / / CS prefixo {0x2F, ENTRY_CopyBytes1}, / / DAS {0x30, ENTRY_CopyBytes2Mod}, / / XOR / r {0x31, ENTRY_CopyBytes2Mod}, / / XOR / r {0x32, ENTRY_CopyBytes2Mod}, / / XOR / r {0x33, ENTRY_CopyBytes2Mod}, / / XOR / r {0x34, ENTRY_CopyBytes2}, / / XOR ib {0x35, ENTRY_CopyBytes3Or5}, / / ID XOR {0x36, ENTRY_CopyBytesPrefix}, / / SS prefixo {0x37, ENTRY_CopyBytes1}, / / AAA {0x38, ENTRY_CopyBytes2Mod}, / / CMP / r {0x39, ENTRY_CopyBytes2Mod}, / / CMP / r {0x3A, ENTRY_CopyBytes2Mod}, / / CMP / r {0x3B, ENTRY_CopyBytes2Mod}, / / CMP / r {0x3C, ENTRY_CopyBytes2}, / / CMP ib {0x3D, ENTRY_CopyBytes3Or5}, / / ID CMP {0x3e, ENTRY_CopyBytesPrefix} / / DS prefixo {0x3F, ENTRY_CopyBytes1}, / / AAS {0x40, ENTRY_CopyBytes1}, / / INC {0x41, ENTRY_CopyBytes1}, / / INC {0x42, ENTRY_CopyBytes1}, / / INC {0x43, ENTRY_CopyBytes1}, / / INC { 0x44, ENTRY_CopyBytes1}, / / INC {0x45, ENTRY_CopyBytes1}, / / INC {0x46, ENTRY_CopyBytes1}, / / INC {0x47, ENTRY_CopyBytes1}, / / INC {0x48, ENTRY_CopyBytes1}, / / DEC {0x49, ENTRY_CopyBytes1} / / DEC {0x4A, ENTRY_CopyBytes1}, / / DEC {0x4B, ENTRY_CopyBytes1}, / / DEC {0x4C, ENTRY_CopyBytes1}, / / DEC {0x4D, ENTRY_CopyBytes1}, / / DEC {0x4E, ENTRY_CopyBytes1}, / / DEC {0x4F , ENTRY_CopyBytes1}, / / DEC {0x50, ENTRY_CopyBytes1}, / PUSH / {0x51, ENTRY_CopyBytes1}, / PUSH / {0x52, ENTRY_CopyBytes1}, / PUSH / {0x53, ENTRY_CopyBytes1}, / PUSH / {0x54, ENTRY_CopyBytes1}, / / PUSH {0x55, ENTRY_CopyBytes1}, / PUSH / {0x56, ENTRY_CopyBytes1}, / PUSH / {0x57, ENTRY_CopyBytes1}, / PUSH / {0x58, ENTRY_CopyBytes1}, / POP / {0x59, ENTRY_CopyBytes1}, / POP / {0x5A, ENTRY_CopyBytes1}, / POP / {0x5B, ENTRY_CopyBytes1}, / POP / {0x5C, ENTRY_CopyBytes1}, / POP / {0x5D, ENTRY_CopyBytes1}, / POP / {0x5E, ENTRY_CopyBytes1}, / POP / {0x5F, ENTRY_CopyBytes1}, / / POP {0x60, ENTRY_CopyBytes1}, / / PUSHAD {0x61, ENTRY_CopyBytes1}, / / POPAD {0x62, ENTRY_CopyBytes2Mod}, / / BOUND / r {0x63, ENTRY_CopyBytes2Mod}, / / ARPL / r {0x64, ENTRY_CopyBytesPrefix}, / / FS prefixo {0x65, ENTRY_CopyBytesPrefix}, / / GS prefixo {0x66, ENTRY_Copy66}, / / Prefixo Operando {0x67, ENTRY_Copy67}, / endereço / prefixo {0x68, ENTRY_CopyBytes3Or5}, / PUSH / {0x69, ENTRY_CopyBytes2ModOperand} / / {0x6A , ENTRY_CopyBytes2}, / PUSH / {0x6B, ENTRY_CopyBytes2Mod1}, / / IMUL / r ib {0x6C, ENTRY_CopyBytes1}, / / INS {0x6D, ENTRY_CopyBytes1}, / / INS {0x6E, ENTRY_CopyBytes1}, / / Saídas / OUTSB {0x6F , ENTRY_CopyBytes1}, / / / OUTS OUTSW {0x70, ENTRY_CopyBytes2Jump}, / / de JO {0x71, ENTRY_CopyBytes2Jump}, / / JNO {0x72, ENTRY_CopyBytes2Jump}, / / JB / JC / JNAE {0x73, ENTRY_CopyBytes2Jump}, / / JAE / JNB / JNC {0x74, ENTRY_CopyBytes2Jump}, / / JE / JZ {0x75, ENTRY_CopyBytes2Jump}, / / JNE / JNZ {0x76, ENTRY_CopyBytes2Jump}, / / JBE / JNA {0x77, ENTRY_CopyBytes2Jump}, / / JA / JNBE {0x78, ENTRY_CopyBytes2Jump}, / / JS {0x79, ENTRY_CopyBytes2Jump}, / / JNS {0x7A, ENTRY_CopyBytes2Jump}, / / JP / JPE {0x7B, ENTRY_CopyBytes2Jump}, / / JNP / JPO {0x7C, ENTRY_CopyBytes2Jump}, / / JL / JNGE {0x7D , ENTRY_CopyBytes2Jump}, / / JGE / JNL {0x7E, ENTRY_CopyBytes2Jump}, / / JLE / JNG {0x7F, ENTRY_CopyBytes2Jump}, / / JG / JNLE {0x80, ENTRY_CopyBytes2Mod1}, / / ADC / 2 ib, etc.s {0x81, ENTRY_CopyBytes2ModOperand}, / / {0x82, ENTRY_CopyBytes2}, / / mov al, x {0x83, ENTRY_CopyBytes2Mod1}, / / ADC / 2 ib, etc {0x84, ENTRY_CopyBytes2Mod} / teste / / r {0x85, ENTRY_CopyBytes2Mod}, / / TEST / r {0x86, ENTRY_CopyBytes2Mod}, / / XCHG / r @ todo {0x87, ENTRY_CopyBytes2Mod}, / / XCHG / r @ todo {0x88, ENTRY_CopyBytes2Mod}, / / MOV / r {0x89, ENTRY_CopyBytes2Mod}, / / MOV / r {0x8A, ENTRY_CopyBytes2Mod}, / / MOV / r {0x8B, ENTRY_CopyBytes2Mod}, / / MOV / r {0x8C, ENTRY_CopyBytes2Mod}, / / MOV / r {0x8D, ENTRY_CopyBytes2Mod}, / / LEA / r {0x8E, ENTRY_CopyBytes2Mod }, / / MOV / r {0x8F, ENTRY_CopyBytes2Mod}, / POP / / 0 {0x90, ENTRY_CopyBytes1}, / / NOP {0x91, ENTRY_CopyBytes1}, / / XCHG {0x92, ENTRY_CopyBytes1}, / / XCHG {0x93, ENTRY_CopyBytes1} , / / XCHG {0x94, ENTRY_CopyBytes1}, / / XCHG {0x95, ENTRY_CopyBytes1}, / / XCHG {0x96, ENTRY_CopyBytes1}, / / XCHG {0x97, ENTRY_CopyBytes1}, / / XCHG {0x98, ENTRY_CopyBytes1}, / / CWDE { 0x99, ENTRY_CopyBytes1}, / / CDQ {0x9A, ENTRY_CopyBytes5Or7Dynamic}, / CALL / cp {0x9B, ENTRY_CopyBytes1}, / esperar / / FWAIT {0x9C, ENTRY_CopyBytes1}, / / PUSHFD {0x9D, ENTRY_CopyBytes1}, / / POPFD {0x9E, ENTRY_CopyBytes1}, / / SAHF {0x9F, ENTRY_CopyBytes1}, / / LAHF {0xA0, ENTRY_CopyBytes3Or5Address}, / / MOV {0xA1, ENTRY_CopyBytes3Or5Address}, / / MOV {0xA2, ENTRY_CopyBytes3Or5Address}, / / MOV {0xA3, ENTRY_CopyBytes3Or5Address}, / / MOV {0xA4, ENTRY_CopyBytes1}, / / MOVs {0xA5, ENTRY_CopyBytes1}, / / / MOVs MOVSD {0xA6, ENTRY_CopyBytes1}, / / / CMPS CMPSB {0xA7, ENTRY_CopyBytes1}, / / / CMPS CMPSW {0xA8, ENTRY_CopyBytes2}, / / Teste {0xA9, ENTRY_CopyBytes3Or5} / teste / {0xAA, ENTRY_CopyBytes1}, / / OCP / STOSB {0xAB, ENTRY_CopyBytes1}, / / / STOS STOSW {0xAC, ENTRY_CopyBytes1}, / / / LODS lodsb {0xAD, ENTRY_CopyBytes1} e / / LODS / LODSW {0xAE, ENTRY_CopyBytes1}, / / / SCAS SCASB {0xAF, ENTRY_CopyBytes1}, / / CPEA / SCASD {0xB0, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB1, ENTRY_CopyBytes2}, / / MOV B0 + rb {0xB2, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB3, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB4, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB5, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB6, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB7, ENTRY_CopyBytes2}, / / MOV B0 + {rb 0xB8, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xB9, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xBA, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xBB, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xBC, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xBD, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xBE, ENTRY_CopyBytes3Or5} , / / MOV B8 + {rb 0xBF, ENTRY_CopyBytes3Or5}, / / MOV B8 + {rb 0xC0, ENTRY_CopyBytes2Mod1}, / / RCL / 2 ib, etc {0xC1, ENTRY_CopyBytes2Mod1}, / / RCL / 2 ib, etc { 0xC2, ENTRY_CopyBytes3}, / / RET {0xc3, ENTRY_CopyBytes1}, / / RET {0xC4, ENTRY_CopyBytes2Mod}, / / LES {0xC5, ENTRY_CopyBytes2Mod}, / / LDS {0xC6, ENTRY_CopyBytes2Mod1}, / / MOV {0xC7, ENTRY_CopyBytes2ModOperand} / / MOV {0xC8, ENTRY_CopyBytes4}, / / {ENTER 0xC9, ENTRY_CopyBytes1}, / / DEIXE {0xCA, ENTRY_CopyBytes3Dynamic}, / / RET {0xCB, ENTRY_CopyBytes1Dynamic}, / / RET {0xCC, ENTRY_CopyBytes1Dynamic}, / INT / 3 { 0xCD, ENTRY_CopyBytes2Dynamic}, / / INT ib {0xCE, ENTRY_CopyBytes1Dynamic}, / / EM {0xCF, ENTRY_CopyBytes1Dynamic}, / / IRET {0xd0, ENTRY_CopyBytes2Mod}, / / RCL / 2, etc {0xD1, ENTRY_CopyBytes2Mod}, / / RCL / 2, etc {0xD2, ENTRY_CopyBytes2Mod}, / / RCL / 2, etc {0xD3, ENTRY_CopyBytes2Mod}, / / RCL / 2, etc {0xD4, ENTRY_CopyBytes2}, / AAM / {0xd5, ENTRY_CopyBytes2}, / / AAD {0xD6, ENTRY_Invalid} / / {0xD7, ENTRY_CopyBytes1}, / / XLAT / XLATB {0xD8, ENTRY_CopyBytes2Mod}, / / FADD, etc {0xD9, ENTRY_CopyBytes2Mod}, / / F2XM1, etc {0xDA, ENTRY_CopyBytes2Mod} / / FLADD, etc {0xDB, ENTRY_CopyBytes2Mod}, / / FCLEX, etc {0xDC, ENTRY_CopyBytes2Mod}, / FADD / / 0, etc {0xDD, ENTRY_CopyBytes2Mod}, / / FFREE, etc {0xDE, ENTRY_CopyBytes2Mod}, / / FADDP, etc {0xDF, ENTRY_CopyBytes2Mod}, / / FBLD / 4, etc {0xE0, ENTRY_CopyBytes2CantJump}, / / LOOPNE cb {0xE1, ENTRY_CopyBytes2CantJump}, / / LOOPE cb {0xE2, ENTRY_CopyBytes2CantJump}, / / LOOP cb {0xE3, ENTRY_CopyBytes2Jump}, / / JCXZ / JECXZ {0xE4, ENTRY_CopyBytes2}, / / IN ib {0xE5, ENTRY_CopyBytes2}, / / ID IN {0xE6, ENTRY_CopyBytes2}, / / OUT ib {0xE7, ENTRY_CopyBytes2}, / / OUT ib {0xE8, ENTRY_CopyBytes3Or5Target}, / CALL / cd {0xE9, ENTRY_CopyBytes3Or5Target}, / / JMP cd {0xEA, ENTRY_CopyBytes5Or7Dynamic}, / / JMP cp {0xEB, ENTRY_CopyBytes2Jump}, / / JMP cb {0xEC, ENTRY_CopyBytes1}, / / IN ib {0xED, ENTRY_CopyBytes1}, / / ID IN {0xEE, ENTRY_CopyBytes1}, / / OUT {0xEF, ENTRY_CopyBytes1}, / / OUT {0xF0, ENTRY_CopyBytesPrefix}, / LOCK / prefixo {0xF1, ENTRY_Invalid} / / {0xF2, ENTRY_CopyBytesPrefix}, / / prefixo REPNE {0xF3, ENTRY_CopyBytesPrefix}, / / prefixo REPE {0xF4, ENTRY_CopyBytes1}, / / HLT {0xF5, ENTRY_CopyBytes1}, / / CMC {0xF6, ENTRY_CopyF6} / teste / / 0 DIV, / 6 {0xF7, ENTRY_CopyF7} / teste / / 0 DIV / 6 {0xF8, ENTRY_CopyBytes1}, / / CLC {0xF9, ENTRY_CopyBytes1}, / / STC {0xFA, ENTRY_CopyBytes1}, / / CLI {0xFB, ENTRY_CopyBytes1}, / / STI {0xFC, ENTRY_CopyBytes1}, / / CLD {0xFD, ENTRY_CopyBytes1}, / / DST {0xFE, ENTRY_CopyBytes2Mod}, / / DEC / 1, INC / 0 {0xFF, ENTRY_CopyFF}, / / CALL / 2 {0, ENTRY_End} ,}; const CDetourDis :: COPYENTRY CDetourDis :: s_rceCopyTable0F [257] = {{0x00, ENTRY_CopyBytes2Mod}, / / LLDT / 2, etc {0x01, ENTRY_CopyBytes2Mod}, / / INVLPG / 7, etc {0x02, ENTRY_CopyBytes2Mod} , / / LAR / r {0x03, ENTRY_CopyBytes2Mod}, / / LSL / r {0x04, ENTRY_Invalid}, / / _04 {0x05, ENTRY_Invalid}, / / _05 {0x06, ENTRY_CopyBytes2}, / / CLTS {0x07, ENTRY_Invalid} / / _07 {0x08, ENTRY_CopyBytes2}, / / INVD {0x09, ENTRY_CopyBytes2}, / / WBINVD {0x0A, ENTRY_Invalid}, / / _0A {0x0B, ENTRY_CopyBytes2}, / / UD2 {0x0C, ENTRY_Invalid}, / / _0C {0x0D , ENTRY_Invalid}, / / _0D {0x0E, ENTRY_Invalid}, / / _0E {0x0F, ENTRY_Invalid}, / / _0F {0x10, ENTRY_Invalid}, / / _10 {0x11, ENTRY_Invalid}, / / _11 {0x12, ENTRY_Invalid}, / / _12 {0x13, ENTRY_Invalid}, / / _13 {0x14, ENTRY_Invalid}, / / _14 {0x15, ENTRY_Invalid}, / / _15 {0x16, ENTRY_Invalid}, / / _16 {0x17, ENTRY_Invalid}, / / _17 {0x18, ENTRY_Invalid}, / / _18 {0x19, ENTRY_Invalid}, / / _19 {0x1A, ENTRY_Invalid}, / / _1A {0x1B, ENTRY_Invalid}, / / _1B {0x1C, ENTRY_Invalid}, / / _1C {0x1D, ENTRY_Invalid}, / / _1D {0x1E, ENTRY_Invalid},

Detour / CDetourDis.h

Código:

/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Módulo /: detours.lib / / Arquivo: disasm.h / / / / Detours para funções binárias. A versão 1.5 (Build 46) / / Inclui suporte para todos os chips x86 antes do Pentium III. / / / / Copyright 1999-2001, Microsoft pragma Corporation / / # vez # ifndef # define _DISASM_H_ _DISASM_H_ classe CDetourDis {public: CDetourDis (PBYTE * ppbTarget, LONG * plExtra); CopyInstruction PBYTE (PBYTE pbDst, PBYTE pbSrc); PBYTE CopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE pbDstOverride); PBYTE CopyInstructionZero (PBYTE pbDst, PBYTE pbSrc); BYTE InstructionLen (PBYTE pbSrc); SanityCheckSystem BOOL estática (); público: COPYENTRY struct; COPYENTRY const typedef * REFCOPYENTRY; PBYTE typedef (CDetourDis: : * COPYFUNC) (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); enum {DYNAMIC = 0x1u, ADDRESS = 0x2u, NOENLARGE = 0x4u, SIB = 0x10u, NOTSIB = 0x0fu,}; struct COPYENTRY nOpcode {ULONG: 8; / Opcode / ULONG nFixedSize: 3; tamanho / / fixo de opcode nFixedSize16 ULONG: 3; tamanho / / fixo quando nModOffset operando de 16 bits ULONG: 3 / / Offset para byte mod / rm (0 = nenhum) nRelOffset LONG: 3; / / Offset a meta relativa. NFlagBits ULONG: 4 / / Bandeiras para DYNAMIC, etc COPYFUNC pfCopy; ponteiro / / Função. }; Protegido: # define ENTRY_CopyBytes1 1, 1, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes1Dynamic 1, 1, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes2 2, 2, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes2Jump 2 , 2, 0, 1, 0, CopyBytes # define ENTRY_CopyBytes2CantJump 2, 2, 0, 1, NOENLARGE, CopyBytes # define ENTRY_CopyBytes2Dynamic 2, 2, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes3 3, 3, 0, 0, 0 , CopyBytes # define ENTRY_CopyBytes3Dynamic 3, 3, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes3Or5 5, 3, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes3Or5Target 5, 3, 0, 1, 0, CopyBytes # define ENTRY_CopyBytes5Or7Dynamic 7, 5 , 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes3Or5Address 5, 3, 0, 0, MORADA, CopyBytes # define ENTRY_CopyBytes4 4, 4, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes5 5, 5, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes7 7, 7, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes2Mod 2, 2, 1, 0, 0, CopyBytes # define ENTRY_CopyBytes2Mod1 3, 3, 1, 0, 0, CopyBytes # define ENTRY_CopyBytes2ModOperand 6, 4, 1 , 0, 0, CopyBytes # define ENTRY_CopyBytes3Mod 3, 3, 2, 0, 0, CopyBytes # define ENTRY_CopyBytesPrefix 1, 1, 0, 0, 0, CopyBytesPrefix # define ENTRY_Copy0F 1, 1, 0, 0, 0, Copy0F # define ENTRY_Copy66 1, 1, 0, 0, 0, Copy66 # define ENTRY_Copy67 1, 1, 0, 0, 0, Copy67 # define ENTRY_CopyF6 0, 0, 0, 0, 0, CopyF6 # define ENTRY_CopyF7 0, 0, 0, 0 , 0, CopyF7 # definem ENTRY_CopyFF 0, 0, 0, 0, 0, CopyFF # definem ENTRY_Invalid 1, 1, 0, 0, 0, inválido # define ENTRY_End 0, 0, 0, 0, 0, CopyBytes NULL PBYTE (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyBytesPrefix (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE inválido (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); AdjustTarget PBYTE (PBYTE pbDst, PBYTE pbSrc, cbOp LONG, cbTargetOffset LONG) ; Set16BitOperand VOID (); Set32BitOperand VOID (); VOID Set16BitAddress (); VOID Set32BitAddress (); protegido: PBYTE Copy0F (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE Copy66 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE Copy67 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyF6 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyF7 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyFF (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) ; protegido: COPYENTRY const static s_rceCopyTable [257]; static const COPYENTRY s_rceCopyTable0F [257]; s_rbModRm BYTE static const [256]; protegido: m_b16BitOperand BOOL; BYTE; BOOL m_b16BitAddress; PBYTE m_ppbTarget *; LONGO * m_plExtra; m_lScratchExtra LONGO; m_pbScratchTarget PBYTE m_rbScratchDst [64]; BYTE * m_pbDstOverride; BOOL m_bAdjustZero;}; / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / enum {OP_PRE_ES = 0x26, OP_PRE_CS = 0x2e, OP_PRE_SS = 0x36, OP_PRE_DS = 0x3e, OP_PRE_FS = 0x64, 0x65 = OP_PRE_GS, OP_JMP_SEG = 0x25, 0x77 = OP_JA, OP_NOP = 0x90, OP_CALL = 0xe8, OP_JMP = 0xE9, OP_PREFIX = 0xff, OP_MOV_EAX = 0xA1, OP_SET_EAX = 0xb8, OP_JMP_EAX = 0xE0, OP_RET_POP = 0xC2, OP_RET = 0xc3, OP_BRK = 0xCC, SIZE_OF_JMP = 5, SIZE_OF_NOP = 1, SIZE_OF_BRK = 1, SIZE_OF_TRP_OPS = SIZE_OF_JMP / * + SIZE_OF_BRK * /,}; / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / em linha PBYTE DetourGenMovEax (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xB8; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno ;} linha PBYTE DetourGenMovEbx (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBB; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenMovEcx (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xB9; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenMovEdx (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBA; * ((UINT32 * &) pbCode) + + = nValor; voltar pbCode;} linha PBYTE DetourGenMovEsi (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBE; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenMovEdi (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBF; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenMovEbp (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBD; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenMovEsp (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0xBC; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenPush (PBYTE pbCode, UINT32 nValor) {* pbCode + + = 0x68; * ((UINT32 * &) pbCode) + + = nValor; pbCode retorno;} linha PBYTE DetourGenPushad (PBYTE pbCode) {* pbCode + + = 0x60; pbCode retorno;} linha PBYTE DetourGenPopad (PBYTE pbCode) {* pbCode + + = 0x61; pbCode retorno;} linha PBYTE DetourGenJmp (PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0) {if (pbJmpSrc == 0) pbJmpSrc = pbCode; * pbCode + + = 0xE9; * ((INT32 * &) pbCode) + + = pbJmpDst - (pbJmpSrc + 5); pbCode retorno;} linha PBYTE DetourGenCall (PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0) {if (pbJmpSrc == 0) pbJmpSrc = pbCode; * pbCode + + = 0xE8; * ((INT32 * &) pbCode) + + = pbJmpDst - (pbJmpSrc + 5); pbCode retorno;} linha DetourGenBreak PBYTE (PBYTE pbCode) {* pbCode + + = 0xCC; pbCode retorno;} linha PBYTE DetourGenRet (PBYTE pbCode) {* pbCode + + = 0xc3; voltar pbCode;} linha PBYTE DetourGenNop (PBYTE pbCode) {* pbCode + + = 0x90; pbCode retorno;} # define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE) 0) # define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE) ~ 0ul) # endif / / _DISASM_H_

--------------------------------------------------------------------------------------------------------------

Todas as funções e endereços
Usado para codificação em MatchServer

Exemplo:
sourcefiles.txt

Code:

*** SOURCE FILES  Compiland = .\Release\MatchServer.res  Compiland = .\Release\MBMatchAuth.obj     c:\teamworks\stable\matchserver\mbmatchauth.h     c:\teamworks\stable\matchserver\mbmatchauth.cpp  Compiland = .\Release\MMatchServer_Schedule.obj     c:\teamworks\stable\matchserver\mmatchserver_schedule.cpp     c:\teamworks\stable\cscommon\include\mmatchobject.h  Compiland = .\Release\MBMatchServerConfigReloader.obj     c:\teamworks\stable\matchserver\mbmatchserverconfigreloader.cpp     c:\program files\microsoft visual studio .net 2003\vc7\include\xtree     c:\teamworks\stable\cscommon\include\mmatchantihack.h     c:\teamworks\stable\matchserver\mbmatchserverconfigreloader.h     c:\program files\microsoft visual studio .net 2003\vc7\include\stdexcept     c:\teamworks\stable\cscommon\include\mmatchevent.h     c:\program files\microsoft visual studio .net 2003\vc7\include\vector  Compiland = .\Release\MBMatchServer_ServerKeeper.obj     c:\teamworks\stable\cscommon\include\muid.h     c:\teamworks\stable\cscommon\include\mcommandparameter.h     c:\teamworks\stable\cscommon\include\mmatchobject.h     c:\program files\microsoft visual studio .net 2003\vc7\include\vector     c:\teamworks\stable\cml\include\mempool.h     c:\teamworks\stable\matchserver\mbmatchserver_serverkeeper.cpp     c:\program files\microsoft visual studio .net 2003\vc7\include\xstring     c:\program files\microsoft visual studio .net 2003\vc7\include\xmemory     c:\program files\microsoft visual studio .net 2003\vc7\include\xutility     c:\program files\microsoft visual studio .net 2003\vc7\include\memory  Compiland = .\Release\MBMatchServer_OnCommand.obj     c:\teamworks\stable\matchserver\mbmatchserver_oncommand.cpp     c:\teamworks\stable\cscommon\include\mmatchobject.h

Créditos:
Blasper
[0]OneWhoSighs

Procurar Post

FaceBook

Nosso Banner

Proteçoes

Tutoriais

ITENS/UTILITÁRIOS

FERRAMENTAS

Anuncio

RoboGuard v3.7 - Source

Nenhum comentário:

Postar um comentário

Hacker

Twitter

Estatisticas

Parcerias

Video Do Mes

WEBSITES

CLIENT / SV FILES

DB / DECOMPILER