Can anybody help me with converting this example for x64?
-
Hello. I am trying to hook winapi for 64 bit apps. I found this example: API Hooking with MS Detours[^] And I tried to modify BeginRedirect to work with 64 bit programs but every time I inject, my target crashes. Here's my new code.
#undef UNICODE
#include
#include#define SIZE 10 //Number of bytes needed to redirect
typedef int (WINAPI *pMessageBoxW)(HWND, LPCWSTR, LPCWSTR, UINT);
int WINAPI MyMessageBoxW(HWND, LPCWSTR, LPCWSTR, UINT);void BeginRedirect(LPVOID);
pMessageBoxW pOrigMBAddress = NULL;
BYTE oldBytes[SIZE] = {0}; //This will hold the overwritten bytes
BYTE JMP[SIZE] = {0}; //This holds the JMP to our code
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE; //Protection settings on memory
char debugBuffer[128]; //Used for DbgViewINT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch(Reason)
{
case DLL_PROCESS_ATTACH:
MessageBoxW(NULL, L"Attacheds", L"Hooked MBW", MB_ICONEXCLAMATION);
pOrigMBAddress = (pMessageBoxW) //Get MessageBoxW pointer
GetProcAddress(GetModuleHandle("user32.dll"), "MessageBoxW");
if(pOrigMBAddress != NULL)
BeginRedirect(MyMessageBoxW); //Valid? Redirect
break;
case DLL_PROCESS_DETACH:
memcpy(pOrigMBAddress, oldBytes, SIZE);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}void BeginRedirect(LPVOID newFunction)
{
sprintf_s(debugBuffer, 128, "pOrigMBAddress: %x", pOrigMBAddress);
OutputDebugString(debugBuffer);
BYTE tempJMP[SIZE] = {0xE9, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xC3}; //JMP RET for now
memcpy(JMP, tempJMP, SIZE); //Copy into global for convenience later
DWORD JMPSize = ((DWORD)newFunction - (DWORD)pOrigMBAddress - 9); //Get address difference
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, PAGE_EXECUTE_READWRITE, &oldProtect);
//Change memory settings to make sure we can write the JMP in
memcpy(oldBytes, pOrigMBAddress, SIZE); //Copy old bytes before writing JMP
sprintf_s(debugBuffer, 128, "Old bytes: %x%x%x%x%x", oldBytes[0], oldBytes[1],
oldBytes[2], oldBytes[3], oldBytes[4], oldBytes[5]);
OutputDebugString(debugBuffer);
memcpy(&JMP[1], &JMPSize, 8); //Write the address to JMP to
sprintf_s(debugBuffer, 128, "JMP: %x%x%x%x%x", JMP[0], JMP[ -
Hello. I am trying to hook winapi for 64 bit apps. I found this example: API Hooking with MS Detours[^] And I tried to modify BeginRedirect to work with 64 bit programs but every time I inject, my target crashes. Here's my new code.
#undef UNICODE
#include
#include#define SIZE 10 //Number of bytes needed to redirect
typedef int (WINAPI *pMessageBoxW)(HWND, LPCWSTR, LPCWSTR, UINT);
int WINAPI MyMessageBoxW(HWND, LPCWSTR, LPCWSTR, UINT);void BeginRedirect(LPVOID);
pMessageBoxW pOrigMBAddress = NULL;
BYTE oldBytes[SIZE] = {0}; //This will hold the overwritten bytes
BYTE JMP[SIZE] = {0}; //This holds the JMP to our code
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE; //Protection settings on memory
char debugBuffer[128]; //Used for DbgViewINT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch(Reason)
{
case DLL_PROCESS_ATTACH:
MessageBoxW(NULL, L"Attacheds", L"Hooked MBW", MB_ICONEXCLAMATION);
pOrigMBAddress = (pMessageBoxW) //Get MessageBoxW pointer
GetProcAddress(GetModuleHandle("user32.dll"), "MessageBoxW");
if(pOrigMBAddress != NULL)
BeginRedirect(MyMessageBoxW); //Valid? Redirect
break;
case DLL_PROCESS_DETACH:
memcpy(pOrigMBAddress, oldBytes, SIZE);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}void BeginRedirect(LPVOID newFunction)
{
sprintf_s(debugBuffer, 128, "pOrigMBAddress: %x", pOrigMBAddress);
OutputDebugString(debugBuffer);
BYTE tempJMP[SIZE] = {0xE9, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xC3}; //JMP RET for now
memcpy(JMP, tempJMP, SIZE); //Copy into global for convenience later
DWORD JMPSize = ((DWORD)newFunction - (DWORD)pOrigMBAddress - 9); //Get address difference
VirtualProtect((LPVOID)pOrigMBAddress, SIZE, PAGE_EXECUTE_READWRITE, &oldProtect);
//Change memory settings to make sure we can write the JMP in
memcpy(oldBytes, pOrigMBAddress, SIZE); //Copy old bytes before writing JMP
sprintf_s(debugBuffer, 128, "Old bytes: %x%x%x%x%x", oldBytes[0], oldBytes[1],
oldBytes[2], oldBytes[3], oldBytes[4], oldBytes[5]);
OutputDebugString(debugBuffer);
memcpy(&JMP[1], &JMPSize, 8); //Write the address to JMP to
sprintf_s(debugBuffer, 128, "JMP: %x%x%x%x%x", JMP[0], JMP[