Autor
Estoy tratando de hookear el Sleep pero no logro que sea global.Se puede hacer eso ?.
Esto es lo que estoy usando ahora:
Código:
#include <windows.h>
#include <stdio.h>
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup);
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup);
void WINAPI Sleep_hooked(DWORD ms, unsigned int call_addr);
BYTE BackUp[6];
void WINAPI Sleep_hooked(DWORD ms, unsigned int call_addr)
{
printf("Hooked :) - ms: %d\n", ms);
UnHookFunction("kernel32.dll", "Sleep", BackUp);
Sleep(ms);
HookFunction("kernel32.dll", "Sleep", (LPVOID)Sleep_hooked, BackUp);
}
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
BYTE jmp[6] = { 0xe9,
0x00, 0x00, 0x00, 0x00,
0xc3
};
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);
memcpy(&jmp[1], &dwCalc, 4);
WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);
return dwAddr;
}
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
{
return TRUE;
}
return FALSE;
}
int main(void)
{
HookFunction("kernel32.dll", "Sleep", (LPVOID)Sleep_hooked, BackUp);
Sleep(1000);
printf("test\n");
Sleep(1500);
printf("test2\n");
UnHookFunction("kernel32.dll", "Sleep", BackUp);
}
En línea
