CreateConsole()

Teeb konsooli, suvalisse appi. Eriti hea on seda kasutada kui ei viitsi mingit opengl’i või directx’i printimist enda progrele leiutada lithsate variablete nägemiseks.

//Credits to unknown internet guy
printf("Lulz it works!\n");
VOID CreateConsole()
{
	int hConHandle = 0;
	HANDLE lStdHandle = 0;
	FILE *fp = 0;

	// Allocate a console
	AllocConsole();

	// redirect unbuffered STDOUT to the console
	lStdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "w");
	*stdout = *fp;
	setvbuf(stdout, NULL, _IONBF, 0);

	// redirect unbuffered STDIN to the console
	lStdHandle = GetStdHandle(STD_INPUT_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "r");
	*stdin = *fp;
	setvbuf(stdin, NULL, _IONBF, 0);

	// redirect unbuffered STDERR to the console
	lStdHandle = GetStdHandle(STD_ERROR_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "w");
	*stderr = *fp;
	setvbuf(stderr, NULL, _IONBF, 0);
}

No Comments

__declspec(naked) void Funktsioon(void)

Template funktsioonile, mis codecave funktsioonile tuleks anda.

DWORD ReturnAddress = 0;
__declspec(naked) void Funktsioon(void)
{
	__asm
	{
		pop ReturnAddress
		PUSHAD
		PUSHFD
	}
	//Cpp kood siia
	__asm
	{
		POPFD
		POPAD
		push ReturnAddress
		ret
	}
}

No Comments

Codecave(adr,func,nopcount)

Teeb CALL’i antud aadressile, mis kutsub määratud funktsiooni. Viimane argument ütleb funktsioonile, mitu baiti nopida tuleb.
Kasutab WriteBytesASM funktsiooni.

//Credits to Drew_Benton
VOID Codecave(DWORD destAddress, VOID (*func)(VOID), BYTE nopCount)
{
	// Calculate the code cave for chat interception
	DWORD offset = (PtrToUlong(func) - destAddress) - 5;

	// Buffer of NOPs, static since we limit to 'UCHAR_MAX' NOPs
	BYTE nopPatch[0xFF] = {0};

	// Construct the patch to the function call
	BYTE patch[5] = {0xE8, 0x00, 0x00, 0x00, 0x00};
	memcpy(patch + 1, &offset, sizeof(DWORD));
	WriteBytesASM(destAddress, patch, 5);

	// We are done if we do not have NOPs
	if(nopCount == 0)
		return;

	// Fill it with nops
	memset(nopPatch, 0x90, nopCount);

	// Make the patch now
	WriteBytesASM(destAddress + 5, nopPatch, nopCount);
}

No Comments

WriteBytesASM

Kirjutab opcoded antud aadressile vastava suurusega..

//Credits to Drew_Benton
VOID WriteBytesASM(DWORD destAddress, LPVOID patch, DWORD numBytes)
{
	// Store old protection of the memory page
	DWORD oldProtect = 0;

	// Store the source address
	DWORD srcAddress = PtrToUlong(patch);

	// Make sure page is writeable
	VirtualProtect((void*)(destAddress), numBytes, PAGE_EXECUTE_READWRITE, &oldProtect);

	// Do the patch (oldschool style to avoid memcpy)
	__asm
	{
		nop						// Filler
		nop						// Filler
		nop						// Filler

		mov esi, srcAddress		// Save the address
		mov edi, destAddress	// Save the destination address
		mov ecx, numBytes		// Save the size of the patch
Start:
		cmp ecx, 0				// Are we done yet?
		jz Exit					// If so, go to end of function

		mov al, [esi]			// Move the byte at the patch into AL
		mov [edi], al			// Move AL into the destination byte
		dec ecx					// 1 less byte to patch
		inc esi					// Next source byte
		inc edi					// Next destination byte
		jmp Start				// Repeat the process
Exit:
		nop						// Filler
		nop						// Filler
		nop						// Filler
	}

	// Restore old page protection
	VirtualProtect((void*)(destAddress), numBytes, oldProtect, &oldProtect);
}

No Comments