RoboGuard v3.7 - Source

sto É São parágrafo programadores, Caso Você. SEJA UM Novato, TENTE compilação-lo e mandar Pelo XAT Que NÓS postamos não compilado AG.

main.cpp

Código:

# Define # define WIN32_LEAN_AND_MEAN WIN32_EXTRA_LEAN # include   # Include  # Include  # Include  # Include  # Include  # Include  # Include using namespace std; # include "Detour / CDetour.h" # define ONCE (var) static bool var = false; se {var = true (var!); CompareByteArrays bool (BYTE * data1, data2 BYTE *, int len) { / / Se ambos forem nulos, eles são iguais se (dados1 == null && data2 == NULL) return true; / / Se quer, mas não ambos são nulos, eles não são iguais se (dados1 == NULL | | data2 == NULL) return false; for (int i = 0; i <len; i + +) {if (data1 [i] = data2 [i]) se (data2 [i] = 0xEE) return false;!} return true ;} DWORD m_CodeBase = 0x00400000; DWORD m_CodeLength = 0x001C5000; DWORD SigSearch (BYTE * Assinatura, SigLength int) {BYTE teste * = NULL; for (unsigned int i = 0; i <(m_CodeLength SigLength); i + +) {if ( CompareByteArrays ((BYTE *) ((DWORD) m_CodeBase + i), Assinatura, SigLength)) {m_CodeBase retorno (DWORD) + i;}} return 0;} / ServerAnnounceSignature BYTE / ServerAnnounce [] = DWORD ServerAnnounceSignatureOffset = SigSearch (ServerAnnounceSignature, 34); OnAdminAnnounceSignature BYTE / OnAdminAnnounce / [] = DWORD OnAdminAnnounceSignatureOffset = SigSearch (OnAdminAnnounceSignature, 27) / / BYTE OnStageStart OnStageStartSignature [] = DWORD OnStageStartSignatureOffset = SigSearch (OnStageStartSignature, 27) / / BYTE OnGameKill OnGameKillSignature [] = DWORD OnGameKillSignatureOffset = SigSearch (OnGameKillSignature, 32) / / OnUserWhisper OnUserWhisperSignature byte [] = DWORD OnUserWhisperSignatureOffset = SigSearch (OnUserWhisperSignature, 23) / / OnChannelChatSignature BYTE OnChannelChat [] = DWORD OnChannelChatSignatureOffset = SigSearch (OnChannelChatSignature, 25); / / OnStageChatSignature BYTE OnStageChat [] = {0x53, 0X8B, 0x5C, 0x24, 0x0C, 0x55, 0X8B, 0x6C, 0x24, 0x0C, 0x56, 0x57, 0X8B, 0x7C, 0x24,} , DWORD OnStageChatSignatureOffset = SigSearch (OnStageChatSignature, 15) / / OnClanMessage BYTE OnClanMessageSignature [] = DWORD OnClanMessageSignatureOffset = SigSearch (OnClanMessageSignature, 27); OnStageCreateSignature BYTE / OnStageCreate / [] = DWORD OnStageCreateSignatureOffset = SigSearch (OnStageCreateSignature, 22); g_hLocalModule HMODULE = NULL; DWORD g_dwUnloadRetAddr = 0; __ declspec (naked) void UnloadProc () {__ impulso asm g_hLocalModule __ asm impulso g_dwUnloadRetAddr __ asm jmp dword ptr [FreeLibrary]} struct Muid {long firstID; longo secondID;} MYUID; Muid * Char1ID = new Muid (); Muid * Char2ID = new Muid (); Muid * StageID = new Muid (); longo n; longo uidChar; uidClanAdmin prazo; uidStage prazo; pszMessage de char [128]; / / Anúncio typedef void (__cdecl * ServerAnnounceFunc) (Muid * uidChar, char *); ServerAnnounceFunc ServerAnnounce = (ServerAnnounceFunc) ServerAnnounceSignatureOffset; / / Mega powerlevel patch DWORD OnGameKill OnGameKillSignatureOffset =; OnGameKillDet CDetour; void __ stdcall OnGameKillHook (Muid * uidChar, Muid * uidChar2) {Sleep (800);} / / Admin anunciam Tampão patch OnAdminAnnounce DWORD = OnAdminAnnounceSignatureOffset / / 0x00416370; OnAdminAnnounceDet CDetour; void __ stdcall OnAdminAnnounceHook (Muid * uidChar, char * pszMessage, sem assinatura desconhecida longo) {if (strlen (pszMessage) > 128) {pszMessage = "\ 0";} if (desconhecido = 1) {desconhecido = 0;}} / / Sussurro Tampão patch DWORD OnWhisper = OnUserWhisperSignatureOffset; OnWhisperDet CDetour; void __ stdcall OnWhisperHook (Muid * uidChar, char * pszSenderName, char * pszTargetName, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "Tentei travar você Por favor me denunciar..";}} / / Canal Tampão patch DWORD OnChannelChat = OnChannelChatSignatureOffset; OnChannelChatDet CDetour; void __ stdcall OnChannelChatHook (Muid * uidChar, Muid uidChannel *, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "Tentei travar o canal Por favor me denunciar..";}} Buffer / / Estágio remendo DWORD OnStageChat = OnStageChatSignatureOffset; OnStageChatDet CDetour; void __ stdcall OnStageChatHook (Muid * uidChar, Muid uidStage *, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage = "Tentei travar o estágio Por favor me denunciar. . ";}} / / Clan Tampão patch DWORD OnClanMsg OnClanMessageSignatureOffset =; OnClanMsgDet CDetour; void __ stdcall OnClanMsgHook (Muid * uidChar, char * pszMessage) {if (strlen (pszMessage)> 128) {pszMessage =" \ 0 ";}} anular Initialize () {/ / Mega OnGameKillDet.Detour patch powerlevel ((BYTE *) OnGameKill, (BYTE *) OnGameKillHook, true); OnGameKillDet.Apply () / / Admin anunciam OnAdminAnnounceDet.Detour Patch ((BYTE * OnAdminAnnounce), (BYTE *) OnAdminAnnounceHook, true); OnAdminAnnounceDet.Apply (); OnWhisperDet.Detour Patch / Sussurro / Buffer (BYTE (*) OnWhisper, (BYTE *) OnWhisperHook, true); OnWhisperDet.Apply (); patch Buffer / Canal / OnChannelChatDet.Detour (BYTE (*) OnChannelChat, (BYTE *) OnChannelChatHook, true); OnChannelChatDet.Apply (); OnStageChatDet.Detour Patch / Estágio / Buffer ((BYTE *) OnStageChat, (BYTE *) OnStageChatHook, true); OnStageChatDet . Aplicar (); MessageBox (0, "! GZRoboGuard v3.7 Injetado", "Codificado por OneWhoSighs", MB_ICONINFORMATION);} / ********************* ************************************************** ********* / / / remover os desvios / patches quando Shutdown vazio descarregado () {/ / Mega OnGameKillDet.Remove patch powerlevel () / / Admin anunciam patch OnAdminAnnounceDet.Remove (); Buffer / Sussurro / remendo OnWhisperDet.Remove () / / Buffer Canal patch OnChannelChatDet.Remove (); / Stage / Buffer patch OnStageChatDet.Remove ();} / ******************* ************************************************** *********** / bool WINAPI DllMain (hModule HMODULE, DWORD dwReason, PVOID pvReserved) {if (dwReason == DLL_PROCESS_ATTACH) {ONCE (bHasLoaded) g_hLocalModule hModule =; Initialize ();}} else if (dwReason == DLL_PROCESS_DETACH) {UMA VEZ Shutdown (bHasShutdown) ();}} return true;}

PASTA desvio 
de créditos para LanceVorgin 

Detour / CDetour.h

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / # pragma once # include "CByteArray.h" typedef void * (* __cdecl CDetourOrg_Func) (...); CDetour classe {public: static int Aplicada (); static int Removido (); static void InitRand (); privada: static int g_iApplied; static int g_iRemoved; static void * __ cdecl NullOrgFunc (...); NullOrg CDetourOrg_Func estática; público: CDetour (); ~ CDetour (); Detour bool (BYTE * paddr, BYTE * pFuncToCall, bAutoReturn bool = false, bNoRegs bool = false, bool bPolymorphic = iArgsOverride, falso int = -1, iBytesToOverwrite int = -1); Detour bool (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool = false, bNoRegs bool = false, bool bPolymorphic = false, int iArgsOverride = -1, iBytesToOverwrite int = -1 ); bool Aplicar (); bool Remove (); IsReady bool (); bool IsApplied (); BYTE * GetAddr (); BYTE * GetFuncToCall (); vazio SetFuncToCall (BYTE * pFuncToCall); BYTE * GetRetAddress (); BYTE * GetGateRetAddress (); vazio SetGateRetAddress (BYTE * pGateRetAddress); BYTE * GetThisPtr (); vazio SetThisPtr (BYTE * pThisPtr); vazio NoSetThisPtr (bool bNoSetThisPtr); vazio Ret (bool bReturnToOriginal); CDetourOrg_Func Org; privada: void Desconstruir (); FreeBuffers void (); bool Gerar (); int GetDetourSize (); GenerateDetour bool (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, int iFinalSize = -1); bool WriteToAddr (BYTE * pBuffer, int iSize); m_bReady bool; m_bAutoReturn bool;; m_bApplied bool bool m_bNoRegs; bool m_bPolymorphic; m_iArgsOverride int; m_iBytesToOverwrite int; BYTE * m_pAddr; BYTE * m_pFuncToCall; BYTE m_ubDetourType; m_iDetourSize int; BYTE * m_pOrgAfterDetour; BYTE * m_pDetourBuf; BYTE * m_pOrgBuf; BYTE * m_pGateBuf; BYTE * m_pOrgGateBuf; bool m_bDontReplaceOrgClassInstance; BYTE m_pGateStack *; BYTE * m_pGateRealRet; bool m_bReturnToOriginal; BYTE m_pAutoReturnEndStack *; BYTE * m_pRetAddress; BYTE * m_pClassInstance; BYTE * m_pOrgReturnAddress; BYTE * m_pOrgStack;}; CSimpleDetour classe {public: static int Aplicada (); estática Removido int (); privada: static int g_iApplied; static int g_iRemoved; público: CSimpleDetour (); ~ CSimpleDetour (); Detour bool (BYTE * paddr, BYTE * pFuncToCall, bool bExecuteOverwrittenOps = true, int iBytesToOverwrite = 0); bool Aplique (); bool Remove (); IsReady bool (); bool IsApplied (); BYTE * GetAddr (); BYTE * GetFuncToCall (); SetFuncToCall void (BYTE * pFuncToCall); BYTE * GetRetAddress (); Ret void (bool bReturnToOriginal) ; privada: void Desconstruir (); FreeBuffers void (); bool Gerar (); bool WriteToAddr (BYTE * pBuffer, int iSize); m_bReady bool; bool m_bApplied; m_bExecuteOverwrittenOps bool; m_iBytesToOverwrite int; BYTE * m_pAddr; BYTE * m_pFuncToCall; int m_iDetourSize; BYTE * m_pOrgAfterDetour; BYTE * m_pDetourBuf; BYTE * m_pOrgBuf; BYTE * m_pGateBuf; BYTE * m_pRetAddress;};

Desvio / CDetour.cpp

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / / * Todo o crédito para CDetourDis vai para Micro $ oft GG CB para a idéia ByteArray - idiota: Licença P: Eu, LanceVorgin, permitem que você use essas classes em qualquer de seus projetos nas seguintes condições: * Meu nome aparece em sua readme e créditos junto com o fato de que meu CDetour foi usado * Você não toma crédito para CDetour Isso é tudo. GPL, fechado fonte , privado, é tudo de bom :) Configurações Desvio: bAutoReturn - Se for verdade, depois hookfunc é chamada, a função original será chamado com os argumentos originais - a menos que Ret (falso) foi chamado bNoRegs - Se desvio, é verdade não modificar qualquer registradores além esp. Use para fastcalls / funcs outros que levam params em regs (mal msvc 2k5) (geralmente, desvio vai economizar ecx e redefini-la em Org para funcs classe) bPolymorphic - Se desvio o falso é um jmp. Se desviar o verdadeiro é randomiezed e impliments um número aleatório. Estes são alot maior do que 5 iArgsOverride bytes - Normalmente, o hookfunc é definida como idêntica à função viciado em ambos os argumentos e convenção de chamada. Com este conjunto, a pilha será modificado após a hookfunc é chamado como se um stdcall com os argumentos x foi chamado. Útil se você tem uma função stdcall com uns 10 argumentos que não dão a mínima para (você gostaria de outra forma tem que ter 10 args lixo em seu hookfunc) iBytesToOverwrite - Substitui o reassembler automática. Todo: * Adicione SetProxy * adicionar a dimensão Metamorfose: substitua empurrar 8D 64 24 FC lea esp, [esp-4] C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h 83 CE 04 sub esp, 4 C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h * / # define # define WIN32_LEAN_AND_MEAN WIN32_EXTRA_LEAN # include # Include   # Include "CDetourDis.h" # include void "CDetour.h" * CDetour :: NullOrgFunc (...) {return null;} CDetour CDetourOrg_Func :: NullOrg = CDetour (CDetourOrg_Func) :: NullOrgFunc; CDetour int :: g_iApplied = 0; CDetour int :: g_iRemoved = 0; CDetour int :: Aplicada () {return g_iApplied;} CDetour int :: Removido () {return g_iRemoved;} CDetour vazio :: InitRand () {srand (ObterContagemMarcaEscala ());} CDetour :: CDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL; m_bApplied = false; Desconstruir ();}; CDetour :: ~ CDetour () {Desconstruir ();}; CDetour vazio: : Desconstruir () {m_bReady = false; se (m_bApplied) Remove (); FreeBuffers (); Org = NullOrgFunc; m_bAutoReturn = false; m_bNoRegs = false; m_bPolymorphic = false; m_iArgsOverride = -1; m_iBytesToOverwrite = -1; m_pAddr = NULL ; m_pFuncToCall = NULL; m_ubDetourType = 0; m_iDetourSize = 0; m_pOrgAfterDetour = NULL; m_bDontReplaceOrgClassInstance = false; m_bReturnToOriginal = false; m_pGateStack = NULL; m_pGateRealRet = NULL; m_pAutoReturnEndStack = NULL; m_pRetAddress = NULL; m_pClassInstance = NULL; m_pOrgReturnAddress = NULL; m_pOrgStack = NULL;} CDetour vazio :: FreeBuffers () {m_bReady = false; se (m_pDetourBuf) delete [] m_pDetourBuf; se (m_pOrgBuf) delete [] m_pOrgBuf; se (m_pGateBuf) delete [] m_pGateBuf; se (m_pOrgGateBuf) delete [] m_pOrgGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL;} CDetour bool :: Evitar (BYTE * paddr, BYTE * pFuncToCall, bAutoReturn bool, bool, bool bNoRegs bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {Desconstruir (); (! paddr | | pFuncToCall) se return false; m_pAddr = paddr; m_pFuncToCall = pFuncToCall; bAutoReturn m_bAutoReturn =; m_bNoRegs = bNoRegs; m_bPolymorphic = bPolymorphic; m_iArgsOverride = iArgsOverride; m_iBytesToOverwrite iBytesToOverwrite =; retornar Gerar ();} bool CDetour :: Evitar (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {HMODULE hModule = LoadLibrary (lpLibraryName); (! hModule) se return false; BYTE * pTargetAddress = (BYTE *) GetProcAddress (hModule, lpProcName); (! pTargetAddress) se return false; desvio de retorno (pTargetAddress, pFuncToCall, bAutoReturn, bNoRegs, bPolymorphic, iArgsOverride, iBytesToOverwrite);} CDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;! DWORD dwOldProt, dwDummy; se (VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt!)) return false; (! memcpy (m_pAddr, pBuffer, iSize) se) return false; FlushInstructionCache ( GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr, iSize, dwOldProt, & dwDummy); return true;} CDetour bool :: Aplique () {if (m_bReady | | m_bApplied) return false;!; se (WriteToAddr (m_pDetourBuf! , m_iDetourSize)) return false; m_bApplied = true; g_iApplied + +; return true;} CDetour bool :: Remove () {if (m_bApplied) return false;! se (WriteToAddr (m_pOrgBuf, m_iDetourSize)) return false; m_bApplied = false; g_iRemoved + +; return true;} CDetour bool :: IsReady () {return m_bReady;} CDetour bool :: IsApplied () {return m_bApplied;} * BYTE CDetour :: GetAddr () {return m_pAddr;} * BYTE CDetour :: GetFuncToCall ( ) {m_pFuncToCall retorno;} CDetour vazio :: SetFuncToCall (BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE * CDetour :: GetRetAddress () {return m_pRetAddress;}; CDetour vazio BYTE CDetour * :: GetGateRetAddress () {return} m_pGateRealRet :: SetGateRetAddress (BYTE * pGateRetAddress) {m_pGateRealRet = pGateRetAddress;} BYTE * CDetour :: GetThisPtr () {return m_pClassInstance;} CDetour vazio :: SetThisPtr (BYTE * pThisPtr) {m_pClassInstance = pThisPtr;} CDetour vazio :: NoSetThisPtr (bool bNoSetThisPtr) {m_bDontReplaceOrgClassInstance = bNoSetThisPtr;} CDetour vazio :: Ret (bool bReturnToOriginal) {m_bReturnToOriginal = bReturnToOriginal;} int CDetour :: GetDetourSize () {CByteArray tampão, se (GenerateDetour (buffer, 0, 0!) return) -1; voltar Buffer.Size ();} # define RAND_DETOUR_TYPES 9 CDetour bool :: GenerateDetour (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, iFinalSize int) {Buffer.Clear (); if (m_ubDetourType> RAND_DETOUR_TYPES) ​​return false; DWORD dwTmpRnd = ((m_ubDetourType = 0) (rand () | (rand () << 16)): 0!?); switch (m_ubDetourType) {case 0: Buffer + = (BYTE) 0xE9; / / Buffer jmp + = ( DWORD) (pTarget - PBASE - 5); break; case 1: case 2: case 3: Buffer + = (byte) 0x68; Buffer / push / + = (DWORD) dwTmpRnd; buffer + = (byte) 0x81 / / xor dword ptr [esp] Buffer + = (byte) 0x34; buffer + = (byte) 0x24; buffer + = (DWORD) (pTarget (DWORD) ^ dwTmpRnd); break; case 4: case 5: case 6: Buffer + = (byte) 0x68; / empurrar / Buffer + = (DWORD) (((DWORD) pTarget << ((BYTE) dwTmpRnd e 31)) | ((DWORD) >> pTarget (32 - ((BYTE) dwTmpRnd e 31 )))); buffer + = (BYTE) 0xC1; / / ror dword ptr [esp], buffer + = (BYTE) 0x0C; buffer + = (byte) 0x24; buffer + = (BYTE) dwTmpRnd; break; caso 7 : caso 8: case 9: Buffer + = (byte) 0x68; Buffer / push / + = (DWORD) (pTarget - dwTmpRnd); buffer + = (byte) 0x81 / / adicionar dword ptr [esp], buffer + = (byte) 0x04; buffer + = (byte) 0x24; buffer + = (DWORD) dwTmpRnd; break;} switch (m_ubDetourType) {case 1: case 4: case 7: Buffer + = (BYTE) 0xC3; break / / ret ; case 2: case 5: case 8: Buffer + = (BYTE) 0xC2; / / Buffer retn + = (PALAVRA) 0; break; case 3: case 6: case 9: Buffer + = (byte) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xC4; buffer + = (byte) 0x04; buffer + = (byte) 0xFF / / jmp dword ptr [esp-4] Buffer + = (byte) 0x64; buffer + = ( BYTE) 0x24; buffer + = (BYTE) 0xFC; break;} if (iFinalSize = -1) {if (iFinalSize <(int!) Buffer.Size ()) return false; while ((int) Buffer.Size () <iFinalSize) Buffer + = (byte) OP_NOP;} return true;} CDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray; / / ----------------- if (m_bPolymorphic) m_ubDetourType = (byte) (rand ()% RAND_DETOUR_TYPES) ​​+ 1; mais m_ubDetourType = 0; int iRawDetourSize = GetDetourSize (); if (iRawDetourSize == -1) return false; se (m_iBytesToOverwrite> 0) se ( m_iBytesToOverwrite <iRawDetourSize) {if (m_bPolymorphic) return false;! para (m_ubDetourType = 1; m_ubDetourType <= RAND_DETOUR_TYPES; m_ubDetourType + +) {iRawDetourSize = GetDetourSize (); if (iRawDetourSize <= m_iBytesToOverwrite quebra);} if (m_ubDetourType> RAND_DETOUR_TYPES retorno) false;} / / ----------------- / / DWORD dwOldProt, dwDummy; (! VirtualProtect ((void *) m_dwAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / se / / return false; / / ----------------- Buffer.Clear (); se {buffer + = (byte) 0x89 (m_bNoRegs!) / / mov dword ptr, ecx tampão + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance;} buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = ( BYTE) 0x83 / / sub esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (byte) 0x04; int iCallOrgEndOffsetIndex = -1; int iCallOrgEndOffset = -1; se (m_bAutoReturn) {/ / Buffer + = BYTE ( ) 0xCC; buffer + = (BYTE) 0xC6; / / mov byte ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (byte) 1; buffer + = (BYTE) 0x8F / / pop dword Tampão ptr + = (byte) 0x05; buffer + = (DWORD) e m_pGateRealRet; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; tampão + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (byte) 0x80 / ​​/ byte cmp ptr buffer + = (BYTE) 0x3D; tampão + = (DWORD) e m_bReturnToOriginal; buffer + = (byte) 0; buffer + = (byte) 0x74 / / iCallOrgEndOffsetIndex je buffer = + (BYTE) 0; se (m_iArgsOverride <= 0) Buffer {+ = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pAutoReturnEndStack &;} buffer + = (BYTE) 0x8B / / mov esp, dword Tampão ptr + = (byte) 0x25; Tampão + = (DWORD) e m_pGateStack; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pOrgGateBuf; se (m_iArgsOverride> 0) {iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0x8B / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateStack; buffer + = (byte) 0xFF; / push / dword ptr Tampão + = (byte) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (PALAVRA) (m_iArgsOverride * 4);} else Tampão {+ = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pAutoReturnEndStack; iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateRealRet;}} else if (m_iArgsOverride> 0) {buffer + = (BYTE) 0x8F / / pop dword Tampão ptr + = (byte) 0x05; buffer + = (DWORD) & m_pGateRealRet; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = ( BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x8B / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (byte) 0xFF ; / push / dword ptr buffer + = (byte) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (PALAVRA) (m_iArgsOverride * 4);} else Tampão {+ = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pFuncToCall;} = m_pGateBuf Buffer.Copy (); if (m_bAutoReturn) * (BYTE *) & m_pGateBuf [iCallOrgEndOffsetIndex] = (BYTE) iCallOrgEndOffset / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05 ; buffer + = (DWORD) e m_pOrgReturnAddress; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (byte) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (byte) 0x04; buffer + = (BYTE) 0xC7; / / mov dword ptr [esp], buffer + = (byte) 0x04; buffer + = BYTE ( ) 0x24; int iOrgReturnAddressIndex = Buffer + (DWORD) 0; se (m_bNoRegs) {buffer + = (byte) 0x80;! / / cmp byte buffer ptr + = (BYTE) 0x3D; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; Tampão + = 0x00 (BYTE); buffer + = (BYTE) 0x0F / / cmove ecx, dword ptr buffer + = (byte) 0x44; buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance; buffer + = BYTE ( ) 0xC6; / / mov byte ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; buffer + = 0x00 (BYTE); / Buffer / + = (BYTE) 0x8B / / mov ecx, dword ptr / / Buffer + = (BYTE) 0x0D; / Buffer / + = (DWORD) e m_pClassInstance;} / / ----- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; int iOverwrittenBytes = 0; CDetourDis Dis (NULL , NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; se (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc, se (* pbSrc == OP_BRK) break; BYTE * pbNew Dis.CopyInstruction = (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == null) | | (Idelta == 0)) {/ / VirtualProtect ((void *) m_pAddr, m_iDetourSize, pOldProt, & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew; }} = m_iDetourSize iOverwrittenBytes; m_pOrgAfterDetour = pbSrc / / ----- se | {/ / align [fim da função] Buffer + = (byte) ((* pbLastOp == OP_BRK | * pbLastOp == OP_NOP)!) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) m_pOrgAfterDetour &;} int iOrgReturnAddressOffset = Buffer.Peek (); buffer + = (BYTE) 0x8B / / mov esp, dword ptr + Tampão = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pOrgReturnAddress; m_pOrgGateBuf = Buffer.Copy () / / ----- * (DWORD *) & m_pOrgGateBuf [iOrgReturnAddressIndex] = (DWORD) e m_pOrgGateBuf [iOrgReturnAddressOffset]; BYTE * pbDst = & m_pOrgGateBuf [iOverwrittenOpsIndex]; pbSrc = (BYTE *) m_pAddr; se (m_iBytesToOverwrite> 0) { memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- se retornar falso (GenerateDetour (Buffer, m_pAddr, m_pGateBuf, m_iDetourSize)!); m_pDetourBuf = Buffer.Copy (); Buffer. Clear () / / ----------------- Org = (CDetourOrg_Func) m_pOrgGateBuf / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_pAddr, m_iDetourSize, dwOldProt, & dwDummy); m_bReady = true; return true;} CSimpleDetour int :: g_iApplied = 0; int CSimpleDetour :: g_iRemoved = 0; CSimpleDetour int :: Aplicada () {return g_iApplied;} CSimpleDetour int :: Removido () {return g_iRemoved;} CSimpleDetour :: CSimpleDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; Desconstruir ();}; CSimpleDetour :: ~ CSimpleDetour () {Desconstruir ();}; CSimpleDetour vazio :: Desconstruir () {m_bReady = false; se (m_bApplied) Remove (); FreeBuffers (); m_iBytesToOverwrite = 0; m_pAddr = NULL; m_pFuncToCall = NULL; m_iDetourSize = 0; m_pRetAddress = 0;} CSimpleDetour vazio :: FreeBuffers () {m_bReady = false; se (m_pDetourBuf) apagar [] m_pDetourBuf; se (m_pOrgBuf) delete [] m_pOrgBuf; se (m_pGateBuf) delete [] m_pGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL;} CSimpleDetour bool :: Evitar (BYTE * paddr, BYTE * pFuncToCall, bExecuteOverwrittenOps bool, iBytesToOverwrite int) {Desconstruir ();! se (paddr | | pFuncToCall ) return false; m_pAddr = paddr; m_pFuncToCall = pFuncToCall; m_bExecuteOverwrittenOps = bExecuteOverwrittenOps; m_iBytesToOverwrite = iBytesToOverwrite; retornar Gerar ();} CSimpleDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;!; DWORD dwOldProt, dwDummy; (! VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt)) se return false; (! memcpy (m_pAddr, pBuffer, iSize)) se return false; FlushInstructionCache (GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr , iSize, dwOldProt, & dwDummy); return true;} CSimpleDetour bool :: Aplique () {if (m_bReady | | m_bApplied) return false;!; se (WriteToAddr (m_pDetourBuf, m_iDetourSize!)) return false; m_bApplied = true; g_iApplied + + ; return true;} CSimpleDetour bool :: Remove () {if retornar falso (m_bApplied!); (! WriteToAddr (m_pOrgBuf, m_iDetourSize)) se return false; m_bApplied = false; g_iRemoved + +; return true;} CSimpleDetour bool IsReady :: ( ) {return m_bReady;} CSimpleDetour bool :: IsApplied () {return m_bApplied;} BYTE * CSimpleDetour :: GetAddr () {return m_pAddr;} BYTE * CSimpleDetour :: GetFuncToCall () {m_pFuncToCall retorno;} CSimpleDetour vazio :: SetFuncToCall ( BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE CSimpleDetour * :: GetRetAddress () {return m_pRetAddress;} CSimpleDetour bool :: Gerar () {FreeBuffers (); Tampão CByteArray / / ---------- ------- Buffer.Clear (); buffer + = (BYTE) 0xE8; / call / int iDetourOffsetIndex = Buffer + (DWORD) 0; BYTE * pRawDetourBuf = Buffer.Copy (); int iRawDetourSize = Buffer.Peek (); if (m_iBytesToOverwrite> 0) se (m_iBytesToOverwrite <iRawDetourSize) return false; VirtualProtect / / if (/ / ----------------- / / DWORD dwOldProt, dwDummy! (m_pAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / return false; / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pFuncToCall / / ----------------- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; iOverwrittenBytes int = 0; CDetourDis Dis (NULL, NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; se (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc, se (* pbSrc == OP_BRK ) break; BYTE * pbNew = Dis.CopyInstruction (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect (m_pAddr, m_iDetourSize, dwOldProt, & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew;}} = m_iDetourSize iOverwrittenBytes / / ----- Tampão + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pRetAddress; m_pGateBuf = Buffer.Copy () / / ------------ ----- BYTE * pbDst = & m_pGateBuf [iOverwrittenOpsIndex]; pbSrc = m_pAddr; se (m_iBytesToOverwrite> 0) {memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- * ( int *) & pRawDetourBuf [iDetourOffsetIndex] = m_pGateBuf - m_pAddr - 5; m_pDetourBuf = new byte [m_iDetourSize]; memset (m_pDetourBuf, OP_NOP, m_iDetourSize); memcpy (m_pDetourBuf, pRawDetourBuf, iRawDetourSize); delete [] pRawDetourBuf; pRawDetourBuf = NULL; / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_dwAddr, m_iDetourSize, dwOldProt, dwDummy & ); m_bReady = true; return true;}

Desvio / CByteArray.h

Código:

/ ****************************** Classe Detour Universal ** v2.0 *********** ********************* Por LanceVorgin *************************** ***** UNI possui todos ****************************** / / * Todo o crédito para CDetourDis vai para Micro $ oft GG CB para a idéia ByteArray - idiota: Licença P: Eu, LanceVorgin, permitem que você use essas classes em qualquer de seus projetos nas seguintes condições: * Meu nome aparece em sua readme e créditos junto com o fato de que meu CDetour foi usado * Você não toma crédito para CDetour Isso é tudo. GPL, fechado fonte , privado, é tudo de bom :) Configurações Desvio: bAutoReturn - Se for verdade, depois hookfunc é chamada, a função original será chamado com os argumentos originais - a menos que Ret (falso) foi chamado bNoRegs - Se desvio, é verdade não modificar qualquer registradores além esp. Use para fastcalls / funcs outros que levam params em regs (mal msvc 2k5) (geralmente, desvio vai economizar ecx e redefini-la em Org para funcs classe) bPolymorphic - Se desvio o falso é um jmp. Se desviar o verdadeiro é randomiezed e impliments um número aleatório. Estes são alot maior do que 5 iArgsOverride bytes - Normalmente, o hookfunc é definida como idêntica à função viciado em ambos os argumentos e convenção de chamada. Com este conjunto, a pilha será modificado após a hookfunc é chamado como se um stdcall com os argumentos x foi chamado. Útil se você tem uma função stdcall com uns 10 argumentos que não dão a mínima para (você gostaria de outra forma tem que ter 10 args lixo em seu hookfunc) iBytesToOverwrite - Substitui o reassembler automática. Todo: * Adicione SetProxy * adicionar a dimensão Metamorfose: substitua empurrar 8D 64 24 FC lea esp, [esp-4] C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h 83 CE 04 sub esp, 4 C7 04 24 78 56 34 12 mov dword ptr [esp], 12345678h * / # define # define WIN32_LEAN_AND_MEAN WIN32_EXTRA_LEAN # include # Include   # Include "CDetourDis.h" # include void "CDetour.h" * CDetour :: NullOrgFunc (...) {return null;} CDetour CDetourOrg_Func :: NullOrg = CDetour (CDetourOrg_Func) :: NullOrgFunc; CDetour int :: g_iApplied = 0; CDetour int :: g_iRemoved = 0; CDetour int :: Aplicada () {return g_iApplied;} CDetour int :: Removido () {return g_iRemoved;} CDetour vazio :: InitRand () {srand (ObterContagemMarcaEscala ());} CDetour :: CDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL; m_bApplied = false; Desconstruir ();}; CDetour :: ~ CDetour () {Desconstruir ();}; CDetour vazio: : Desconstruir () {m_bReady = false; se (m_bApplied) Remove (); FreeBuffers (); Org = NullOrgFunc; m_bAutoReturn = false; m_bNoRegs = false; m_bPolymorphic = false; m_iArgsOverride = -1; m_iBytesToOverwrite = -1; m_pAddr = NULL ; m_pFuncToCall = NULL; m_ubDetourType = 0; m_iDetourSize = 0; m_pOrgAfterDetour = NULL; m_bDontReplaceOrgClassInstance = false; m_bReturnToOriginal = false; m_pGateStack = NULL; m_pGateRealRet = NULL; m_pAutoReturnEndStack = NULL; m_pRetAddress = NULL; m_pClassInstance = NULL; m_pOrgReturnAddress = NULL; m_pOrgStack = NULL;} CDetour vazio :: FreeBuffers () {m_bReady = false; se (m_pDetourBuf) delete [] m_pDetourBuf; se (m_pOrgBuf) delete [] m_pOrgBuf; se (m_pGateBuf) delete [] m_pGateBuf; se (m_pOrgGateBuf) delete [] m_pOrgGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; m_pOrgGateBuf = NULL;} CDetour bool :: Evitar (BYTE * paddr, BYTE * pFuncToCall, bAutoReturn bool, bool, bool bNoRegs bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {Desconstruir (); (! paddr | | pFuncToCall) se return false; m_pAddr = paddr; m_pFuncToCall = pFuncToCall; bAutoReturn m_bAutoReturn =; m_bNoRegs = bNoRegs; m_bPolymorphic = bPolymorphic; m_iArgsOverride = iArgsOverride; m_iBytesToOverwrite iBytesToOverwrite =; retornar Gerar ();} bool CDetour :: Evitar (LPCSTR lpLibraryName, LPCSTR lpProcName, BYTE * pFuncToCall, bAutoReturn bool, bNoRegs bool, bool bPolymorphic, int iArgsOverride, int iBytesToOverwrite) {HMODULE hModule = LoadLibrary (lpLibraryName); (! hModule) se return false; BYTE * pTargetAddress = (BYTE *) GetProcAddress (hModule, lpProcName); (! pTargetAddress) se return false; desvio de retorno (pTargetAddress, pFuncToCall, bAutoReturn, bNoRegs, bPolymorphic, iArgsOverride, iBytesToOverwrite);} CDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;! DWORD dwOldProt, dwDummy; se (VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt!)) return false; (! memcpy (m_pAddr, pBuffer, iSize) se) return false; FlushInstructionCache ( GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr, iSize, dwOldProt, & dwDummy); return true;} CDetour bool :: Aplique () {if (m_bReady | | m_bApplied) return false;!; se (WriteToAddr (m_pDetourBuf! , m_iDetourSize)) return false; m_bApplied = true; g_iApplied + +; return true;} CDetour bool :: Remove () {if (m_bApplied) return false;! se (WriteToAddr (m_pOrgBuf, m_iDetourSize)) return false; m_bApplied = false; g_iRemoved + +; return true;} CDetour bool :: IsReady () {return m_bReady;} CDetour bool :: IsApplied () {return m_bApplied;} * BYTE CDetour :: GetAddr () {return m_pAddr;} * BYTE CDetour :: GetFuncToCall ( ) {m_pFuncToCall retorno;} CDetour vazio :: SetFuncToCall (BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE * CDetour :: GetRetAddress () {return m_pRetAddress;}; CDetour vazio BYTE CDetour * :: GetGateRetAddress () {return} m_pGateRealRet :: SetGateRetAddress (BYTE * pGateRetAddress) {m_pGateRealRet = pGateRetAddress;} BYTE * CDetour :: GetThisPtr () {return m_pClassInstance;} CDetour vazio :: SetThisPtr (BYTE * pThisPtr) {m_pClassInstance = pThisPtr;} CDetour vazio :: NoSetThisPtr (bool bNoSetThisPtr) {m_bDontReplaceOrgClassInstance = bNoSetThisPtr;} CDetour vazio :: Ret (bool bReturnToOriginal) {m_bReturnToOriginal = bReturnToOriginal;} int CDetour :: GetDetourSize () {CByteArray tampão, se (GenerateDetour (buffer, 0, 0!) return) -1; voltar Buffer.Size ();} # define RAND_DETOUR_TYPES 9 CDetour bool :: GenerateDetour (CByteArray & Buffer, BYTE * PBASE, BYTE * pTarget, iFinalSize int) {Buffer.Clear (); if (m_ubDetourType> RAND_DETOUR_TYPES) ​​return false; DWORD dwTmpRnd = ((m_ubDetourType = 0) (rand () | (rand () << 16)): 0!?); switch (m_ubDetourType) {case 0: Buffer + = (BYTE) 0xE9; / / Buffer jmp + = ( DWORD) (pTarget - PBASE - 5); break; case 1: case 2: case 3: Buffer + = (byte) 0x68; Buffer / push / + = (DWORD) dwTmpRnd; buffer + = (byte) 0x81 / / xor dword ptr [esp] Buffer + = (byte) 0x34; buffer + = (byte) 0x24; buffer + = (DWORD) (pTarget (DWORD) ^ dwTmpRnd); break; case 4: case 5: case 6: Buffer + = (byte) 0x68; / empurrar / Buffer + = (DWORD) (((DWORD) pTarget << ((BYTE) dwTmpRnd e 31)) | ((DWORD) >> pTarget (32 - ((BYTE) dwTmpRnd e 31 )))); buffer + = (BYTE) 0xC1; / / ror dword ptr [esp], buffer + = (BYTE) 0x0C; buffer + = (byte) 0x24; buffer + = (BYTE) dwTmpRnd; break; caso 7 : caso 8: case 9: Buffer + = (byte) 0x68; Buffer / push / + = (DWORD) (pTarget - dwTmpRnd); buffer + = (byte) 0x81 / / adicionar dword ptr [esp], buffer + = (byte) 0x04; buffer + = (byte) 0x24; buffer + = (DWORD) dwTmpRnd; break;} switch (m_ubDetourType) {case 1: case 4: case 7: Buffer + = (BYTE) 0xC3; break / / ret ; case 2: case 5: case 8: Buffer + = (BYTE) 0xC2; / / Buffer retn + = (PALAVRA) 0; break; case 3: case 6: case 9: Buffer + = (byte) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xC4; buffer + = (byte) 0x04; buffer + = (byte) 0xFF / / jmp dword ptr [esp-4] Buffer + = (byte) 0x64; buffer + = ( BYTE) 0x24; buffer + = (BYTE) 0xFC; break;} if (iFinalSize = -1) {if (iFinalSize <(int!) Buffer.Size ()) return false; while ((int) Buffer.Size () <iFinalSize) Buffer + = (byte) OP_NOP;} return true;} CDetour bool :: Gerar () {FreeBuffers (); buffer CByteArray; / / ----------------- if (m_bPolymorphic) m_ubDetourType = (byte) (rand ()% RAND_DETOUR_TYPES) ​​+ 1; mais m_ubDetourType = 0; int iRawDetourSize = GetDetourSize (); if (iRawDetourSize == -1) return false; se (m_iBytesToOverwrite> 0) se ( m_iBytesToOverwrite <iRawDetourSize) {if (m_bPolymorphic) return false;! para (m_ubDetourType = 1; m_ubDetourType <= RAND_DETOUR_TYPES; m_ubDetourType + +) {iRawDetourSize = GetDetourSize (); if (iRawDetourSize <= m_iBytesToOverwrite quebra);} if (m_ubDetourType> RAND_DETOUR_TYPES retorno) false;} / / ----------------- / / DWORD dwOldProt, dwDummy; (! VirtualProtect ((void *) m_dwAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / se / / return false; / / ----------------- Buffer.Clear (); se {buffer + = (byte) 0x89 (m_bNoRegs!) / / mov dword ptr, ecx tampão + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance;} buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = ( BYTE) 0x83 / / sub esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (byte) 0x04; int iCallOrgEndOffsetIndex = -1; int iCallOrgEndOffset = -1; se (m_bAutoReturn) {/ / Buffer + = BYTE ( ) 0xCC; buffer + = (BYTE) 0xC6; / / mov byte ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_bReturnToOriginal; buffer + = (byte) 1; buffer + = (BYTE) 0x8F / / pop dword Tampão ptr + = (byte) 0x05; buffer + = (DWORD) e m_pGateRealRet; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; tampão + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (byte) 0x80 / ​​/ byte cmp ptr buffer + = (BYTE) 0x3D; tampão + = (DWORD) e m_bReturnToOriginal; buffer + = (byte) 0; buffer + = (byte) 0x74 / / iCallOrgEndOffsetIndex je buffer = + (BYTE) 0; se (m_iArgsOverride <= 0) Buffer {+ = (BYTE) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pAutoReturnEndStack &;} buffer + = (BYTE) 0x8B / / mov esp, dword Tampão ptr + = (byte) 0x25; Tampão + = (DWORD) e m_pGateStack; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pOrgGateBuf; se (m_iArgsOverride> 0) {iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (BYTE) 0x8B / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateStack; buffer + = (byte) 0xFF; / push / dword ptr Tampão + = (byte) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (PALAVRA) (m_iArgsOverride * 4);} else Tampão {+ = (BYTE) 0x8B; / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pAutoReturnEndStack; iCallOrgEndOffset = Buffer.Peek () - iCallOrgEndOffsetIndex - 1; buffer + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pGateRealRet;}} else if (m_iArgsOverride> 0) {buffer + = (BYTE) 0x8F / / pop dword Tampão ptr + = (byte) 0x05; buffer + = (DWORD) & m_pGateRealRet; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = ( BYTE) 0x15; buffer + = (DWORD) e m_pFuncToCall; buffer + = (BYTE) 0x8B / / mov esp, dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) m_pGateStack &; buffer + = (byte) 0xFF ; / push / dword ptr buffer + = (byte) 0x35; buffer + = (DWORD) e m_pGateRealRet; buffer + = (BYTE) 0xC2; / / retn buffer + = (PALAVRA) (m_iArgsOverride * 4);} else Tampão {+ = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pFuncToCall;} = m_pGateBuf Buffer.Copy (); if (m_bAutoReturn) * (BYTE *) & m_pGateBuf [iCallOrgEndOffsetIndex] = (BYTE) iCallOrgEndOffset / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05 ; buffer + = (DWORD) e m_pOrgReturnAddress; buffer + = (byte) 0x89 / / mov dword ptr, esp buffer + = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (byte) 0x83 / / adicionar esp, 4 de buffer + = (BYTE) 0xEC; buffer + = (byte) 0x04; buffer + = (BYTE) 0xC7; / / mov dword ptr [esp], buffer + = (byte) 0x04; buffer + = BYTE ( ) 0x24; int iOrgReturnAddressIndex = Buffer + (DWORD) 0; se (m_bNoRegs) {buffer + = (byte) 0x80;! / / cmp byte buffer ptr + = (BYTE) 0x3D; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; Tampão + = 0x00 (BYTE); buffer + = (BYTE) 0x0F / / cmove ecx, dword ptr buffer + = (byte) 0x44; buffer + = (BYTE) 0x0D; buffer + = (DWORD) e m_pClassInstance; buffer + = BYTE ( ) 0xC6; / / mov byte ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_bDontReplaceOrgClassInstance; buffer + = 0x00 (BYTE); / Buffer / + = (BYTE) 0x8B / / mov ecx, dword ptr / / Buffer + = (BYTE) 0x0D; / Buffer / + = (DWORD) e m_pClassInstance;} / / ----- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; int iOverwrittenBytes = 0; CDetourDis Dis (NULL , NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; se (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc, se (* pbSrc == OP_BRK) break; BYTE * pbNew Dis.CopyInstruction = (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == null) | | (Idelta == 0)) {/ / VirtualProtect ((void *) m_pAddr, m_iDetourSize, pOldProt, & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew; }} = m_iDetourSize iOverwrittenBytes; m_pOrgAfterDetour = pbSrc / / ----- se | {/ / align [fim da função] Buffer + = (byte) ((* pbLastOp == OP_BRK | * pbLastOp == OP_NOP)!) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) m_pOrgAfterDetour &;} int iOrgReturnAddressOffset = Buffer.Peek (); buffer + = (BYTE) 0x8B / / mov esp, dword ptr + Tampão = (byte) 0x25; buffer + = (DWORD) e m_pOrgStack; buffer + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pOrgReturnAddress; m_pOrgGateBuf = Buffer.Copy () / / ----- * (DWORD *) & m_pOrgGateBuf [iOrgReturnAddressIndex] = (DWORD) e m_pOrgGateBuf [iOrgReturnAddressOffset]; BYTE * pbDst = & m_pOrgGateBuf [iOverwrittenOpsIndex]; pbSrc = (BYTE *) m_pAddr; se (m_iBytesToOverwrite> 0) { memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- se retornar falso (GenerateDetour (Buffer, m_pAddr, m_pGateBuf, m_iDetourSize)!); m_pDetourBuf = Buffer.Copy (); Buffer. Clear () / / ----------------- Org = (CDetourOrg_Func) m_pOrgGateBuf / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_pAddr, m_iDetourSize, dwOldProt, & dwDummy); m_bReady = true; return true;} CSimpleDetour int :: g_iApplied = 0; int CSimpleDetour :: g_iRemoved = 0; CSimpleDetour int :: Aplicada () {return g_iApplied;} CSimpleDetour int :: Removido () {return g_iRemoved;} CSimpleDetour :: CSimpleDetour () {m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL; Desconstruir ();}; CSimpleDetour :: ~ CSimpleDetour () {Desconstruir ();}; CSimpleDetour vazio :: Desconstruir () {m_bReady = false; se (m_bApplied) Remove (); FreeBuffers (); m_iBytesToOverwrite = 0; m_pAddr = NULL; m_pFuncToCall = NULL; m_iDetourSize = 0; m_pRetAddress = 0;} CSimpleDetour vazio :: FreeBuffers () {m_bReady = false; se (m_pDetourBuf) apagar [] m_pDetourBuf; se (m_pOrgBuf) delete [] m_pOrgBuf; se (m_pGateBuf) delete [] m_pGateBuf; m_pDetourBuf = NULL; m_pOrgBuf = NULL; m_pGateBuf = NULL;} CSimpleDetour bool :: Evitar (BYTE * paddr, BYTE * pFuncToCall, bExecuteOverwrittenOps bool, iBytesToOverwrite int) {Desconstruir ();! se (paddr | | pFuncToCall ) return false; m_pAddr = paddr; m_pFuncToCall = pFuncToCall; m_bExecuteOverwrittenOps = bExecuteOverwrittenOps; m_iBytesToOverwrite = iBytesToOverwrite; retornar Gerar ();} CSimpleDetour bool :: WriteToAddr (BYTE * pBuffer, int iSize) {if (m_bReady) return false;!; DWORD dwOldProt, dwDummy; (! VirtualProtect (m_pAddr, iSize, PAGE_EXECUTE_READWRITE & dwOldProt)) se return false; (! memcpy (m_pAddr, pBuffer, iSize)) se return false; FlushInstructionCache (GetCurrentProcess (), m_pAddr, iSize); VirtualProtect (m_pAddr , iSize, dwOldProt, & dwDummy); return true;} CSimpleDetour bool :: Aplique () {if (m_bReady | | m_bApplied) return false;!; se (WriteToAddr (m_pDetourBuf, m_iDetourSize!)) return false; m_bApplied = true; g_iApplied + + ; return true;} CSimpleDetour bool :: Remove () {if retornar falso (m_bApplied!); (! WriteToAddr (m_pOrgBuf, m_iDetourSize)) se return false; m_bApplied = false; g_iRemoved + +; return true;} CSimpleDetour bool IsReady :: ( ) {return m_bReady;} CSimpleDetour bool :: IsApplied () {return m_bApplied;} BYTE * CSimpleDetour :: GetAddr () {return m_pAddr;} BYTE * CSimpleDetour :: GetFuncToCall () {m_pFuncToCall retorno;} CSimpleDetour vazio :: SetFuncToCall ( BYTE * pFuncToCall) {m_pFuncToCall = pFuncToCall;} BYTE CSimpleDetour * :: GetRetAddress () {return m_pRetAddress;} CSimpleDetour bool :: Gerar () {FreeBuffers (); Tampão CByteArray / / ---------- ------- Buffer.Clear (); buffer + = (BYTE) 0xE8; / call / int iDetourOffsetIndex = Buffer + (DWORD) 0; BYTE * pRawDetourBuf = Buffer.Copy (); int iRawDetourSize = Buffer.Peek (); if (m_iBytesToOverwrite> 0) se (m_iBytesToOverwrite <iRawDetourSize) return false; VirtualProtect / / if (/ / ----------------- / / DWORD dwOldProt, dwDummy! (m_pAddr, iRawDetourSize, PAGE_EXECUTE_READWRITE & dwOldProt)) / / return false; / / ----------------- Buffer.Clear (); buffer + = (BYTE) 0x8F / / pop dword ptr buffer + = (byte) 0x05; buffer + = (DWORD) e m_pRetAddress; buffer + = (byte) 0xFF; / chamadas / dword ptr buffer + = (byte) 0x15; buffer + = (DWORD) e m_pFuncToCall / / ----------------- int iOverwrittenOpsIndex = Buffer.Peek (int); iOverwrittenOps = 0; iOverwrittenBytes int = 0; CDetourDis Dis (NULL, NULL); BYTE * pbSrc = m_pAddr; BYTE * pbLastOp = pbSrc; se (m_iBytesToOverwrite> 0) {iOverwrittenBytes = m_iBytesToOverwrite; pbSrc + = iOverwrittenBytes; Buffer.Grow (iOverwrittenBytes);} else {while (iOverwrittenBytes <iRawDetourSize) {pbLastOp = pbSrc, se (* pbSrc == OP_BRK ) break; BYTE * pbNew = Dis.CopyInstruction (NULL, pbSrc); iOverwrittenOps + +; int Idelta = (int) (pbNew - pbSrc); if ((pbNew == NULL) | | (Idelta == 0)) {/ / VirtualProtect (m_pAddr, m_iDetourSize, dwOldProt, & dwDummy); return false;} iOverwrittenBytes + = Idelta; pbSrc + = Idelta; Buffer.Grow (Idelta); pbSrc = pbNew;}} = m_iDetourSize iOverwrittenBytes / / ----- Tampão + = (byte) 0xFF / / jmp dword ptr buffer + = (byte) 0x25; buffer + = (DWORD) e m_pRetAddress; m_pGateBuf = Buffer.Copy () / / ------------ ----- BYTE * pbDst = & m_pGateBuf [iOverwrittenOpsIndex]; pbSrc = m_pAddr; se (m_iBytesToOverwrite> 0) {memcpy (pbDst, pbSrc, iOverwrittenBytes);} else {for (int iCurOp = 0; iCurOp <iOverwrittenOps; iCurOp + +) {BYTE * pbNew = Dis.CopyInstruction (pbDst, pbSrc); pbDst + = (pbNew - pbSrc); pbSrc = pbNew;}} / / ----------------- * ( int *) & pRawDetourBuf [iDetourOffsetIndex] = m_pGateBuf - m_pAddr - 5; m_pDetourBuf = new byte [m_iDetourSize]; memset (m_pDetourBuf, OP_NOP, m_iDetourSize); memcpy (m_pDetourBuf, pRawDetourBuf, iRawDetourSize); delete [] pRawDetourBuf; pRawDetourBuf = NULL; / / ----------------- m_pOrgBuf = new byte [m_iDetourSize]; memcpy (m_pOrgBuf, m_pAddr, m_iDetourSize) / / VirtualProtect ((void *) m_dwAddr, m_iDetourSize, dwOldProt, dwDummy & ); m_bReady = true; return true;}

Desvio / CDetourDis.cpp

Código:

/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Módulo /: detours.lib / / Arquivo: disasm.cpp / / / / Desvios para o funções binárias. Versão 1.5 (Build 46) / / Inclui suporte para todos os chips x86 antes do Pentium III. / / / / Copyright 1999-2001, Microsoft Corporation / / # define # define WIN32_LEAN_AND_MEAN WIN32_EXTRA_LEAN # include / / # Include / / # Include "detours.h" / / # include "disasm.h" # include "CDetourDis.h" # undef ASSERT # define ASSERT (x) / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Função: / DetourCopyInstruction / (PBYTE pbDst, PBYTE pbSrc, PBYTE ppbTarget *) / / Objetivo: / / Copia uma única instrução de pbSrc para pbDst. / / Argumentos: / pbDst /: / Destino / endereço para a instrução. Pode ser NULL em que DetourCopyInstruction / caso / é usado para medir uma instrução. / / Se não nulo, então a fonte de instrução é copiada para a instrução / destino / e quaisquer argumentos relativos são ajustados. / /: / / PbSrc           Fonte endereço da instrução. / PpbTarget /: / / Fora de parâmetro para qualquer endereço de instrução de destino apontado por / / instrução. Por exemplo, uma sucursal ou um salto insruction tem / / um alvo, mas uma instrução de carga ou loja não faz. Um alvo é / / outra instrução que pode ser executada, como resultado desta instrução / /. ppbTarget pode ser NULL. / / PlExtra: / / Fora de parâmetro para o número de bytes extras necessários para a instrução / / para atingir a meta. Por exemplo, lExtra = 3 se a instrução / / tinha uma relação de 8-bits de offset, mas precisa de um 32-bit / parente / offset. / / Retorna: / / retorna o endereço da próxima instrução (seguindo a fonte) / / Instrução. Ao subtrair pbSrc a partir do valor de retorno, o chamador / / pode determinte o tamanho da instrução copiado. / / Comentários: / / Seguindo o pbTarget, o chamador pode seguir alternativo / instrução / córregos. No entanto, nem sempre é possível determinar / / alvo com base na análise estática. Por exemplo, o destino de / / um salto em relação a um registo não pode ser determinada a partir apenas da corrente / instrução /. O valor de saída, pbTarget, pode ter qualquer uma das saídas / / seguinte: / / DETOUR_INSTRUCTION_TARGET_NONE: / / A instrução não tem metas. / / DETOUR_INSTRUCTION_TARGET_DYNAMIC: / / A instrução tem um alvo não-determinista (dinâmico). / / (Ou seja, o salto é para um endereço mantido em um registrador.) / / Endereço: A instrução tem o destino especificado. / / / / Ao copiar instruções, DetourCopyInstruction assegura que todos os objectivos / / permanecer constante. Fá-lo, ajustando qualquer parente IP / / compensações. / / PBYTE WINAPI DetourCopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE ppbTarget *, * LONGO plExtra) {CDetourDis oDetourDisasm (ppbTarget, plExtra); oDetourDisasm.CopyInstruction retorno (pbDst, pbSrc);} PBYTE DetourCopyInstruction WINAPI (PBYTE pbDst, PBYTE pbSrc, PBYTE * ppbTarget) {CDetourDis oDetourDisasm (ppbTarget, NULL); oDetourDisasm.CopyInstruction retorno (pbDst, pbSrc);} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Código Disassembler. CDetourDis :: CDetourDis (PBYTE ppbTarget *, * LONGO plExtra) {Set32BitOperand (); Set32BitAddress (); ppbTarget m_ppbTarget =? ppbTarget: & m_pbScratchTarget; m_plExtra = plExtra? plExtra: & m_lScratchExtra; * m_ppbTarget = DETOUR_INSTRUCTION_TARGET_NONE; * m_plExtra = 0; m_pbDstOverride = 0; m_bAdjustZero = FALSE;} VOID CDetourDis :: Set16BitOperand () {m_b16BitOperand = TRUE;} VOID CDetourDis :: Set32BitOperand () {m_b16BitOperand = FALSE;} VOID CDetourDis :: Set16BitAddress () {m_b16BitAddress = true;} VOID CDetourDis :: Set32BitAddress () {m_b16BitAddress = false;} PBYTE CDetourDis :: CopyInstruction (PBYTE pbDst, PBYTE pbSrc) {/ / Configure áreas de risco se as áreas reais não estão disponíveis. if (NULL == pbDst) pbDst = m_rbScratchDst; if (NULL == pbSrc) {/ / Não pode copiar uma instrução inexistente. SetLastError (ERROR_INVALID_DATA); return null;} / / descobrir o quão grande a instrução é, fazer a cópia apropriada, / / ​​e descobrir o que o destino da instrução é se houver. REFCOPYENTRY pentry = & s_rceCopyTable [pbSrc [0]]; retorno (este-> * pentry-> pfCopy) (pentry, pbDst, pbSrc);} PBYTE CDetourDis :: CopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE pbDstOverride) {m_pbDstOverride = pbDstOverride ; PBYTE pbRet = CopyInstruction (pbDst, pbSrc); m_pbDstOverride = NULL; pbRet retorno;} PBYTE CDetourDis :: CopyInstructionZero (PBYTE pbDst, PBYTE pbSrc) {m_bAdjustZero = TRUE; PBYTE pbRet = CopyInstructionEx (pbDst, pbSrc, NULL); m_bAdjustZero = FALSE; pbRet retorno;} BYTE CDetourDis :: InstructionLen (PBYTE pbSrc) {PBYTE pbDst = m_rbScratchDst; if (NULL == pbSrc) {/ / Não pode copiar uma instrução inexistente. SetLastError (ERROR_INVALID_DATA); return null;} / / descobrir o quão grande a instrução é, fazer a cópia apropriada, / / ​​e descobrir o que o destino da instrução é se houver. REFCOPYENTRY pentry = & s_rceCopyTable [pbSrc [0]]; PBYTE pbEnd = (this-> * pentry-> pfCopy) (pentry, pbDst, pbSrc); se o retorno 0; retorno (BYTE) (pbEnd - pbSrc) (pbEnd!); } PBYTE CDetourDis :: CopyBytes (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {LONGO nBytesFixed = (pentry-> nFlagBits e endereço)? (M_b16BitAddress pentry-> nFixedSize16: pentry-> nFixedSize?): (M_b16BitOperand pentry-> nFixedSize16:? Pentry-> nFixedSize); nbytes longo = nBytesFixed; bAddrOfs BYTE = 0; se (pentry-> nModOffset> 0) {BYTE bModRm = pbSrc [pentry-> nModOffset]; BYTE bFlags = s_rbModRm [bModRm]; if ((bFlags & NOENLARGE) && ((bFlags & NOTSIB) == 4)) bAddrOfs = (byte) pentry-> nModOffset + 1; se ( bFlags & SIB) {BYTE bSib = pbSrc [pentry-> nModOffset + 1]; if ((bSib & 0x07) == 0x05) {if ((bModRm & 0xc0) == 0x00) nbytes + = 4; else if (( bModRm & 0xc0) == 0x40) nbytes + = 1; else if ((bModRm & 0xc0) == 0x80) nbytes + = 4;}} + = nbytes bFlags & NOTSIB;} CopyMemory (pbDst, pbSrc, nbytes); se (&& m_bAdjustZero bAddrOfs) * (DWORD *) & pbDst [bAddrOfs] = 0; se (pentry-> nRelOffset) * m_ppbTarget = AdjustTarget (pbDst, pbSrc, nBytesFixed, pentry-> nRelOffset); se (pentry-> nFlagBits & NOENLARGE) * m_plExtra = - * m_plExtra; se (pentry-> nFlagBits e dinâmico) * m_ppbTarget DETOUR_INSTRUCTION_TARGET_DYNAMIC =; retorno pbSrc + nbytes;} PBYTE CDetourDis :: CopyBytesPrefix (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {CopyBytes (pentry, pbDst, pbSrc ); pentry = & s_rceCopyTable [pbSrc [1]]; retorno (este-> * pentry-> pfCopy) (pentry, pbDst + 1, pbSrc + 1);} PBYTE CDetourDis :: AdjustTarget (PBYTE pbDst, PBYTE pbSrc, cbOp LONGO , LONG cbTargetOffset) {LONGO cbTargetSize = cbOp - cbTargetOffset; pbTarget PBYTE = NULL; PVOID pvTargetAddr = & pbDst [cbTargetOffset]; nOldOffset LONGO = 0; switch (cbTargetSize) {case 1: nOldOffset = (long) * (PCHAR &) pvTargetAddr; * m_plExtra = 3; break; case 2: nOldOffset = (long) * (PSHORT &) pvTargetAddr; * m_plExtra = 2; break; case 4: nOldOffset = (long) * (Plong &) pvTargetAddr; * m_plExtra = 0; break; padrão: ASSERT ("cbTargetSize é inválido."!); break;} = pbTarget pbSrc + + cbOp nOldOffset; LONGO nNewOffset = nOldOffset - (((m_pbDstOverride = NULL) m_pbDstOverride:!? pbDst) - pbSrc); switch (cbTargetSize) {caso 1: * (PCHAR &) pvTargetAddr = nNewOffset (CHAR); break; case 2: * (PSHORT &) pvTargetAddr = (SHORT) nNewOffset; break; caso 4: * (Plong &) pvTargetAddr = (long) nNewOffset; break;} ASSERT ( pbDst + + cbOp nNewOffset == pbTarget); pbTarget retorno;} PBYTE CDetourDis :: inválido (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {(void) pbDst; (void) pentry; ASSERT ("Instrução inválida");! retorno pbSrc + 1;} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Códigos individuais bytes. PBYTE CDetourDis :: Copy0F (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {CopyBytes (pentry, pbDst, pbSrc); pentry = & s_rceCopyTable0F [pbSrc [1]]; retorno (este-> * pentry-> pfCopy) (pentry, pbDst + 1, pbSrc + 1);} PBYTE CDetourDis :: Copy66 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / Operando tamanho substituição prefixo Set16BitOperand (); retorno CopyBytesPrefix (pentry, pbDst, pbSrc);} PBYTE CDetourDis: : Copy67 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / Endereço tamanho do prefixo substituição Set16BitAddress (); retorno CopyBytesPrefix (pentry, pbDst, pbSrc);} PBYTE CDetourDis :: CopyF6 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) { (void) pentry; / TEST / byte / 0 se (0x00 == (0x38 & pbSrc [1])) {/ / reg (bits) de 543 ModR / M == 0 const COPYENTRY ce = {0xf6, ENTRY_CopyBytes2Mod1}; retorno (this-> * ce.pfCopy) (& cia, pbDst, pbSrc);} / DIV / / 6 / / IDIV / 7 / / IMUL / 5 / / MUL / 4 / / NEG / 3 / / NÃO / 2 const COPYENTRY ce = {0xf6, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& cia, pbDst, pbSrc);} PBYTE CDetourDis :: CopyF7 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {pentry (void) / / TEST WORD / 0 se (0x00 == (0x38 & pbSrc [1])) {/ / reg (bits) de 543 ModR / M == 0 const COPYENTRY ce = {0xf7, ENTRY_CopyBytes2ModOperand}; retorno (this-> * ce.pfCopy) (& cia, pbDst, pbSrc);} / / DIV / 6 / / IDIV / 7 / / IMUL / 5 / / MUL / 4 / / NEG / 3 / / NÃO / 2 const COPYENTRY ce = {0xf7, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& cia, pbDst, pbSrc);} PBYTE CDetourDis :: CopyFF (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) {/ / CALL / 2 / / CALL / 3 / / INC / 0 / / JMP / 4 / / JMP / 5 / / PUSH / 6 pentry (void); se (0x15 == pbSrc [1] | | 0x25 == pbSrc [1]) {/ / CALL [], JMP [] PBYTE * ppbTarget = * (PBYTE **) & pbSrc [2]; m_ppbTarget * = * ppbTarget;} else if (0x10 == (0x38 & pbSrc [1]) | | CALL / / / 2 -> reg ( bits de 543) de ModR / M == 010 == 0x18 (0x38 & pbSrc [1]) | | CALL / / / 3 -> reg (bits) de 543 ModR / M == 011 == 0x20 (0x38 & pbSrc [1]) | | / / JMP / 4 -> reg (bits) de 543 ModR / M == 100 == 0x28 0x38 & pbSrc ([1]) / / JMP / 5 -> reg (bits 543) de 101 == ModR / M) {* m_ppbTarget = DETOUR_INSTRUCTION_TARGET_DYNAMIC;} const COPYENTRY ce = {0xff, ENTRY_CopyBytes2Mod}; retorno (this-> * ce.pfCopy) (& cia, pbDst, pbSrc);} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Disassembler tabelas. const BYTE CDetourDis :: s_rbModRm [256] = {0,0,0,0, SIB | 1,4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / ​​0x 0,0,0,0, SIB | 1,4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / ​​1x 0,0,0,0, SIB | 1 , 4,0,0, 0,0,0,0, SIB | 1,4,0,0, / / ​​2x 0,0,0,0, SIB | 1,4,0,0, 0,0, 0,0, SIB | 1,4,0,0, / / ​​3x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1,1,1, / / 4x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1,1,1, / / ​​5x 1,1,1,1, 2,1,1 , 1, 1,1,1,1, 2,1,1,1, / / ​​6x 1,1,1,1, 2,1,1,1, 1,1,1,1, 2,1, 1,1, / / ​​7x 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / ​​8x 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / ​​9x 4,4,4,4, 5,4,4,4, 4,4,4,4 , 5,4,4,4, / / ​​Ax 4,4,4,4, 5,4,4,4, 4,4,4,4, 5,4,4,4, / / ​​Bx 0,0 , 0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, / / ​​Cx 0,0,0,0, 0,0,0,0, 0, 0,0,0, 0,0,0,0, / / ​​Dx 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, / / Ex 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 / / Fx}; CDetourDis const :: COPYENTRY CDetourDis :: s_rceCopyTable [257] = {{0x00, ENTRY_CopyBytes2Mod}, / / ​​ADD / r {0x01, ENTRY_CopyBytes2Mod}, / / ​​ADD / r {0x02, ENTRY_CopyBytes2Mod}, / / ​​ADD / r {0x03, ENTRY_CopyBytes2Mod}, / / ​​ADD / r {0x04, ENTRY_CopyBytes2 }, / / ​​ADD ib {0x05, ENTRY_CopyBytes3Or5}, / / ​​ADD iw {0x06, ENTRY_CopyBytes1}, / PUSH / {0x07, ENTRY_CopyBytes1}, / POP / {0x08, ENTRY_CopyBytes2Mod}, / / ​​ou / r {0x09, ENTRY_CopyBytes2Mod} , / / ​​ou / r {0x0A, ENTRY_CopyBytes2Mod}, / / ​​ou / r {0x0B, ENTRY_CopyBytes2Mod}, / / ​​ou / r {0x0C, ENTRY_CopyBytes2}, / / ​​OU ib {0x0D, ENTRY_CopyBytes3Or5}, / / ​​OU iw {0x0E , ENTRY_CopyBytes1}, / empurrar / {0x0F, ENTRY_Copy0F}, / extensão / Ops {0x10, ENTRY_CopyBytes2Mod}, / / ​​ADC / r {0x11, ENTRY_CopyBytes2Mod}, / / ​​ADC / r {0x12, ENTRY_CopyBytes2Mod}, / / ​​ADC / r {0x13, ENTRY_CopyBytes2Mod}, / / ​​ADC / r {0x14, ENTRY_CopyBytes2}, / / ​​ADC ib {0x15, ENTRY_CopyBytes3Or5}, / / ​​ID ADC {0x16, ENTRY_CopyBytes1}, / / ​​PUSH {0x17, ENTRY_CopyBytes1}, / / ​​POP { 0x18, ENTRY_CopyBytes2Mod}, / / ​​SBB / r {0x19, ENTRY_CopyBytes2Mod}, / / ​​SBB / r {0x1A, ENTRY_CopyBytes2Mod}, / / ​​SBB / r {0x1B, ENTRY_CopyBytes2Mod}, / / ​​SBB / r {0x1C, ENTRY_CopyBytes2}, / / SBB ib {0x1D, ENTRY_CopyBytes3Or5}, / / ​​ID SBB {0x1E, ENTRY_CopyBytes1}, / / ​​PUSH {0x1F, ENTRY_CopyBytes1}, / / ​​POP {0x20, ENTRY_CopyBytes2Mod}, / / ​​E / r {0x21, ENTRY_CopyBytes2Mod}, / / E / r {0x22, ENTRY_CopyBytes2Mod}, / / ​​E / r {0x23, ENTRY_CopyBytes2Mod}, / / ​​E / r {0x24, ENTRY_CopyBytes2}, / / ​​E ib {0x25, ENTRY_CopyBytes3Or5}, / / ​​ID E {0x26, ENTRY_CopyBytesPrefix} , / / ​​prefixo ES {0x27, ENTRY_CopyBytes1}, / / ​​DAA {0x28, ENTRY_CopyBytes2Mod}, / / ​​SUB / r {0x29, ENTRY_CopyBytes2Mod}, / / ​​SUB / r {0x2A, ENTRY_CopyBytes2Mod}, / / ​​SUB / r {0x2B, ENTRY_CopyBytes2Mod}, / / ​​SUB / r {0x2C, ENTRY_CopyBytes2}, / / ​​SUB ib {0x2D, ​​ENTRY_CopyBytes3Or5}, / / ​​ID SUB {0x2E, ENTRY_CopyBytesPrefix}, / / ​​CS prefixo {0x2F, ENTRY_CopyBytes1}, / / ​​DAS {0x30, ENTRY_CopyBytes2Mod}, / / ​​XOR / r {0x31, ENTRY_CopyBytes2Mod}, / / ​​XOR / r {0x32, ENTRY_CopyBytes2Mod}, / / ​​XOR / r {0x33, ENTRY_CopyBytes2Mod}, / / ​​XOR / r {0x34, ENTRY_CopyBytes2}, / / ​​XOR ib {0x35, ENTRY_CopyBytes3Or5}, / / ​​ID XOR {0x36, ENTRY_CopyBytesPrefix}, / / ​​SS prefixo {0x37, ENTRY_CopyBytes1}, / / ​​AAA {0x38, ENTRY_CopyBytes2Mod}, / / ​​CMP / r {0x39, ENTRY_CopyBytes2Mod}, / / ​​CMP / r {0x3A, ENTRY_CopyBytes2Mod}, / / ​​CMP / r {0x3B, ENTRY_CopyBytes2Mod}, / / ​​CMP / r {0x3C, ENTRY_CopyBytes2}, / / ​​CMP ib {0x3D, ENTRY_CopyBytes3Or5}, / / ​​ID CMP {0x3E, ENTRY_CopyBytesPrefix} / / DS prefixo {0x3F, ENTRY_CopyBytes1}, / / ​​AAS {0x40, ENTRY_CopyBytes1}, / / ​​INC {0x41, ENTRY_CopyBytes1}, / / ​​INC {0x42, ENTRY_CopyBytes1}, / / ​​INC {0x43, ENTRY_CopyBytes1}, / / ​​INC { 0x44, ENTRY_CopyBytes1}, / / ​​INC {0x45, ENTRY_CopyBytes1}, / / ​​INC {0x46, ENTRY_CopyBytes1}, / / ​​INC {0x47, ENTRY_CopyBytes1}, / / ​​INC {0x48, ENTRY_CopyBytes1}, / / ​​DEC {0x49, ENTRY_CopyBytes1} / / dezembro {0x4A, ENTRY_CopyBytes1}, / / ​​DEC {0x4B, ENTRY_CopyBytes1}, / / ​​DEC {0x4C, ENTRY_CopyBytes1}, / / ​​DEC {0x4D, ENTRY_CopyBytes1}, / / ​​DEC {0x4E, ENTRY_CopyBytes1}, / / ​​DEC {0x4F , ENTRY_CopyBytes1}, / / ​​DEC {0x50, ENTRY_CopyBytes1}, / PUSH / {0x51, ENTRY_CopyBytes1}, / PUSH / {0x52, ENTRY_CopyBytes1}, / PUSH / {0x53, ENTRY_CopyBytes1}, / PUSH / {0x54, ENTRY_CopyBytes1}, / / PUSH {0x55, ENTRY_CopyBytes1}, / PUSH / {0x56, ENTRY_CopyBytes1}, / PUSH / {0x57, ENTRY_CopyBytes1}, / PUSH / {0x58, ENTRY_CopyBytes1}, / POP / {0x59, ENTRY_CopyBytes1}, / POP / {0x5A, ENTRY_CopyBytes1}, / POP / {0x5B, ENTRY_CopyBytes1}, / POP / {0x5C, ENTRY_CopyBytes1}, / POP / {0x5D, ENTRY_CopyBytes1}, / POP / {0x5E, ENTRY_CopyBytes1}, / POP / {0x5F, ENTRY_CopyBytes1}, / / POP {0x60, ENTRY_CopyBytes1}, / / ​​PUSHAD {0x61, ENTRY_CopyBytes1}, / / ​​POPAD {0x62, ENTRY_CopyBytes2Mod}, / / ​​BOUND / r {0x63, ENTRY_CopyBytes2Mod}, / / ​​ARPL / r {0x64, ENTRY_CopyBytesPrefix}, / / ​​FS prefixo {0x65, ENTRY_CopyBytesPrefix}, / / ​​GS prefixo {0x66, ENTRY_Copy66}, / / ​​Prefixo Operando {0x67, ENTRY_Copy67}, / endereço / prefixo {0x68, ENTRY_CopyBytes3Or5}, / PUSH / {0x69, ENTRY_CopyBytes2ModOperand}, / / ​​{0x6A , ENTRY_CopyBytes2}, / PUSH / {0x6B, ENTRY_CopyBytes2Mod1}, / / ​​IMUL / r ib {0x6C, ENTRY_CopyBytes1}, {/ / INS 0x6D, ENTRY_CopyBytes1}, {/ / INS 0x6E, ENTRY_CopyBytes1}, / / ​​/ SAÍDAS OUTSB {0x6F , ENTRY_CopyBytes1}, / / ​​/ OUTS OUTSW {0x70, ENTRY_CopyBytes2Jump}, / / ​​Jo {0x71, ENTRY_CopyBytes2Jump}, / / ​​JNO {0x72, ENTRY_CopyBytes2Jump}, / / ​​JB / JC / JNAE {0x73, ENTRY_CopyBytes2Jump}, / / ​​JAE / JNB / JNC {0x74, ENTRY_CopyBytes2Jump}, / / ​​JE / JZ {0x75, ENTRY_CopyBytes2Jump}, / / ​​JNE / JNZ {0x76, ENTRY_CopyBytes2Jump}, / / ​​JBE / JNA {0x77, ENTRY_CopyBytes2Jump}, / / ​​JA / JNBE {0x78, ENTRY_CopyBytes2Jump}, / / ​​JS {0x79, ENTRY_CopyBytes2Jump}, / / ​​JNS {0x7A, ENTRY_CopyBytes2Jump}, / / ​​JP / JPE {0x7B, ENTRY_CopyBytes2Jump}, / / ​​JNP / JPO {0x7C, ENTRY_CopyBytes2Jump}, / / ​​JL / JNGE {0x7D , ENTRY_CopyBytes2Jump}, / / ​​JGE / JNL {0x7E, ENTRY_CopyBytes2Jump}, / / ​​JLE / JNG {0x7F, ENTRY_CopyBytes2Jump}, / / ​​JG / JNLE {0x80, ENTRY_CopyBytes2Mod1}, / / ​​ADC / 2 ib, etc.s {0x81, ENTRY_CopyBytes2ModOperand}, / / ​​{0x82, ENTRY_CopyBytes2}, / / ​​mov al, x {0x83, ENTRY_CopyBytes2Mod1}, / / ​​ADC / 2 ib, etc {0x84, ENTRY_CopyBytes2Mod}, / teste / / r {0x85, ENTRY_CopyBytes2Mod}, / / TEST / r {0x86, ENTRY_CopyBytes2Mod}, / / ​​XCHG / r @ todo {0x87, ENTRY_CopyBytes2Mod}, / / ​​XCHG / r @ todo {0x88, ENTRY_CopyBytes2Mod}, / / ​​MOV / r {0x89, ENTRY_CopyBytes2Mod}, / / ​​MOV / r {0x8A, ENTRY_CopyBytes2Mod}, / / ​​MOV / r {0x8B, ENTRY_CopyBytes2Mod}, / / ​​MOV / r {0x8C, ENTRY_CopyBytes2Mod}, / / ​​MOV / r {0x8D, ENTRY_CopyBytes2Mod}, / / ​​LEA / r {0x8E, ENTRY_CopyBytes2Mod }, / / ​​MOV / r {0x8F, ENTRY_CopyBytes2Mod}, / POP / / 0 {0x90, ENTRY_CopyBytes1}, / / ​​NOP {0x91, ENTRY_CopyBytes1}, / / ​​XCHG {0x92, ENTRY_CopyBytes1}, / / ​​XCHG {0x93, ENTRY_CopyBytes1} , / / ​​XCHG {0x94, ENTRY_CopyBytes1}, / / ​​XCHG {0x95, ENTRY_CopyBytes1}, / / ​​XCHG {0x96, ENTRY_CopyBytes1}, / / ​​XCHG {0x97, ENTRY_CopyBytes1}, / / ​​XCHG {0x98, ENTRY_CopyBytes1}, / / ​​{CWDE 0x99, ENTRY_CopyBytes1}, / / ​​CDQ {0x9A, ENTRY_CopyBytes5Or7Dynamic}, / CALL / cp {0x9B, ENTRY_CopyBytes1}, / / ​​espera / FWAIT {0x9C, ENTRY_CopyBytes1}, / / ​​PUSHFD {0x9D, ENTRY_CopyBytes1}, / / ​​POPFD {0x9E, ENTRY_CopyBytes1}, / / ​​SAHF {0x9F, ENTRY_CopyBytes1}, / / ​​LAHF {0xA0, ENTRY_CopyBytes3Or5Address}, / / ​​MOV {0xA1, ENTRY_CopyBytes3Or5Address}, / / ​​MOV {0xA2, ENTRY_CopyBytes3Or5Address}, / / ​​MOV {0xA3, ENTRY_CopyBytes3Or5Address}, / / MOV {0xA4, ENTRY_CopyBytes1}, {/ / MOVs 0xA5, ENTRY_CopyBytes1}, / / ​​/ MOVs MOVSD {0xA6, ENTRY_CopyBytes1}, / / ​​CMPS / CMPSB {0xA7, ENTRY_CopyBytes1}, / / ​​CMPS / CMPSW {0xA8, ENTRY_CopyBytes2}, / / teste {0xA9, ENTRY_CopyBytes3Or5}, / teste / {0xAA, ENTRY_CopyBytes1}, / / ​​/ STOS STOSB {0xAB, ENTRY_CopyBytes1}, / / ​​OCP / STOSW {0xAC, ENTRY_CopyBytes1}, / / ​​/ LODS LODSB {0xAD, ENTRY_CopyBytes1}, / / LODS / LODSW {0xAE, ENTRY_CopyBytes1}, / / ​​/ SCAS SCASB {0xAF, ENTRY_CopyBytes1}, / / ​​/ CPEA SCASD {0xB0, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB1, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB2, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB3, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB4, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB5, ENTRY_CopyBytes2}, / / ​​MOV B0 + {rb 0xB6, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB7, ENTRY_CopyBytes2}, / / ​​MOV B0 + rb {0xB8, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xB9, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xBA, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xBB, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xBC, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xBD, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xBE, ENTRY_CopyBytes3Or5} , / / ​​MOV B8 + rb {0xBF, ENTRY_CopyBytes3Or5}, / / ​​MOV B8 + rb {0xC0, ENTRY_CopyBytes2Mod1}, / / ​​RCL / 2 ib, etc {0xC1, ENTRY_CopyBytes2Mod1}, / / ​​RCL / 2 IB, etc { 0xC2, ENTRY_CopyBytes3}, / / ​​RET {0xC3, ENTRY_CopyBytes1}, / / ​​RET {0xC4, ENTRY_CopyBytes2Mod}, / / ​​LES {0xC5, ENTRY_CopyBytes2Mod}, / / ​​LDS {0xC6, ENTRY_CopyBytes2Mod1}, / / ​​MOV {0xC7, ENTRY_CopyBytes2ModOperand} / / MOV {0xC8, ENTRY_CopyBytes4}, / / ​​ENTER {0xC9, ENTRY_CopyBytes1}, / / ​​DEIXE {0xCA, ENTRY_CopyBytes3Dynamic}, / / ​​RET {0xCB, ENTRY_CopyBytes1Dynamic}, / / ​​RET {0xCC, ENTRY_CopyBytes1Dynamic}, / INT / 3 { 0xCD, ENTRY_CopyBytes2Dynamic}, / / ​​INT ib {0xCE, ENTRY_CopyBytes1Dynamic}, / / ​​INTO {0xCF, ENTRY_CopyBytes1Dynamic}, / / ​​IRET {0xD0, ENTRY_CopyBytes2Mod}, / / ​​RCL / 2, etc {0xD1, ENTRY_CopyBytes2Mod}, / / ​​RCL / 2, etc {0xD2, ENTRY_CopyBytes2Mod}, / / ​​RCL / 2, etc {0xD3, ENTRY_CopyBytes2Mod}, / / ​​RCL / 2, etc {0xD4, ENTRY_CopyBytes2}, / AAM / {0xD5, ENTRY_CopyBytes2}, / / AAD {0xD6, ENTRY_Invalid}, / / ​​{0xD7, ENTRY_CopyBytes1}, / / ​​XLAT / XLATB {0xD8, ENTRY_CopyBytes2Mod}, / / ​​FADD, etc {0xD9, ENTRY_CopyBytes2Mod}, / / ​​F2XM1, etc {0xDA, ENTRY_CopyBytes2Mod} / / FLADD, etc {0xDB, ENTRY_CopyBytes2Mod}, / / ​​FCLEX, etc {0xDC, ENTRY_CopyBytes2Mod}, / FADD / / 0, etc {0xDD, ENTRY_CopyBytes2Mod}, / / ​​FFREE, etc {0xDE, ENTRY_CopyBytes2Mod} / / FADDP, etc {0xDF, ENTRY_CopyBytes2Mod}, / / ​​FBLD / 4, etc {0xE0, ENTRY_CopyBytes2CantJump}, / / ​​LOOPNE cb {0xE1, ENTRY_CopyBytes2CantJump}, / / ​​LOOPE cb {0xE2, ENTRY_CopyBytes2CantJump}, / / ​​LOOP cb {0xE3, ENTRY_CopyBytes2Jump}, / / ​​JCXZ / JECXZ {0xE4, ENTRY_CopyBytes2}, / / ​​IN ib {0xE5, ENTRY_CopyBytes2}, / / ​​ID EM {0xE6, ENTRY_CopyBytes2}, / / ​​OUT ib {0xE7, ENTRY_CopyBytes2}, / / ​​OUT ib {0xE8, ENTRY_CopyBytes3Or5Target}, / CALL / cd {0xE9, ENTRY_CopyBytes3Or5Target}, / / ​​JMP cd {0xEA, ENTRY_CopyBytes5Or7Dynamic}, / / ​​JMP cp {0xEB, ENTRY_CopyBytes2Jump}, / / ​​JMP cb {0xEC, ENTRY_CopyBytes1}, / / ​​EM ib {0xED, ENTRY_CopyBytes1}, / / ​​ID EM {0xEE, ENTRY_CopyBytes1}, / / ​​OUT {0xEF, ENTRY_CopyBytes1}, / / ​​OUT {0xF0, ENTRY_CopyBytesPrefix}, / LOCK / prefixo {0xF1, ENTRY_Invalid}, / / ​​{0xF2, ENTRY_CopyBytesPrefix}, / / ​​prefixo REPNE {0xF3, ENTRY_CopyBytesPrefix}, / / ​​prefixo REPE {0xF4, ENTRY_CopyBytes1}, / / ​​HLT {0xF5, ENTRY_CopyBytes1}, / / ​​CMC {0xF6, ENTRY_CopyF6}, / TEST / / 0 DIV / 6 {0xF7, ENTRY_CopyF7}, / TEST / / 0 DIV / 6 {0xF8, ENTRY_CopyBytes1}, / / ​​CLC {0xF9, ENTRY_CopyBytes1}, / / ​​STC {0xFA, ENTRY_CopyBytes1}, / / ​​CLI {0xFB, ENTRY_CopyBytes1}, / / STI {0xFC, ENTRY_CopyBytes1}, / / ​​CLD {0xFD, ENTRY_CopyBytes1}, / / ​​DST {0xFE, ENTRY_CopyBytes2Mod}, / / ​​DEC / 1, INC / 0 {0xFF, ENTRY_CopyFF}, / / ​​CALL / 2 {0, ENTRY_End} ,}; const CDetourDis :: COPYENTRY CDetourDis :: s_rceCopyTable0F [257] = {{0x00, ENTRY_CopyBytes2Mod}, / / ​​LLDT / 2, etc {0x01, ENTRY_CopyBytes2Mod}, / / ​​INVLPG / 7, etc {0x02, ENTRY_CopyBytes2Mod} , / / ​​LAR / r {0x03, ENTRY_CopyBytes2Mod}, / / ​​LSL / r {0x04, ENTRY_Invalid}, / / ​​_04 {0x05, ENTRY_Invalid}, / / ​​_05 {0x06, ENTRY_CopyBytes2}, {/ / CLTS 0x07, ENTRY_Invalid} / / _07 {0x08, ENTRY_CopyBytes2}, / / ​​INVD {0x09, ENTRY_CopyBytes2}, / / ​​WBINVD {0x0A, ENTRY_Invalid}, / / ​​_0A {0x0B, ENTRY_CopyBytes2}, / / ​​UD2 {0x0C, ENTRY_Invalid}, / / ​​_0C {0x0D , ENTRY_Invalid}, / / ​​_0D {0x0E, ENTRY_Invalid}, / / ​​_0E {0x0F, ENTRY_Invalid}, / / ​​_0F {0x10, ENTRY_Invalid}, / / ​​_10 {0x11, ENTRY_Invalid}, / / ​​_11 {0x12, ENTRY_Invalid}, / / _12 {0x13, ENTRY_Invalid}, / / ​​_13 {0x14, ENTRY_Invalid}, / / ​​_14 {0x15, ENTRY_Invalid}, / / ​​_15 {0x16, ENTRY_Invalid}, / / ​​_16 {0x17, ENTRY_Invalid}, / / ​​_17 {0x18, ENTRY_Invalid}, / / ​​_18 {0x19, ENTRY_Invalid}, / / ​​_19 {0x1A, ENTRY_Invalid}, / / ​​_1A {0x1B, ENTRY_Invalid}, / / ​​_1B {0x1C, ENTRY_Invalid}, / / ​​_1C {0x1D, ENTRY_Invalid}, / / _1D {0x1E, ENTRY_Invalid}

Desvio / CDetourDis.h

Código:

/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Módulo /: detours.lib / / Arquivo: disasm.h / / / / Desvios para o funções binárias. Versão 1.5 (Build 46) / / Inclui suporte para todos os chips x86 antes do Pentium III. / / / / Copyright 1999-2001, Microsoft pragma Corporation / / # uma vez # ifndef # define _DISASM_H_ _DISASM_H_ classe CDetourDis {público: CDetourDis (PBYTE * ppbTarget, LONG * plExtra); CopyInstruction PBYTE (PBYTE pbDst, PBYTE pbSrc); PBYTE CopyInstructionEx (PBYTE pbDst, PBYTE pbSrc, PBYTE pbDstOverride); PBYTE CopyInstructionZero (PBYTE pbDst, PBYTE pbSrc); BYTE InstructionLen (PBYTE pbSrc); SanityCheckSystem BOOL estática (); público: COPYENTRY struct; COPYENTRY const typedef * REFCOPYENTRY; PBYTE typedef (CDetourDis: : * COPYFUNC) (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); enum {DYNAMIC = 0x1u, ENDEREÇO ​​= 0x2u, NOENLARGE = 0x4u, SIB = 0x10u, NOTSIB = 0x0fu,}; struct COPYENTRY nOpcode {ULONG: 8; / Opcode / ULONG nFixedSize: 3; tamanho / / fixo de opcode nFixedSize16 ULONG: 3; tamanho / / fixo quando nModOffset operando de 16 bits ULONG: 3 / / Deslocamento para mod byte / rm (0 = nenhum) nRelOffset LONGO: 3; / / Offset a meta relativa. NFlagBits ULONG: 4; / / Bandeiras para dinâmico, etc COPYFUNC pfCopy; ponteiro / / Função. }; Protegido: # define ENTRY_CopyBytes1 1, 1, 0, 0, 0, # define CopyBytes ENTRY_CopyBytes1Dynamic 1, 1, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes2 2, 2, 0, 0, 0, # define CopyBytes ENTRY_CopyBytes2Jump 2 , 2, 0, 1, 0, # define CopyBytes ENTRY_CopyBytes2CantJump 2, 2, 0, 1, NOENLARGE, CopyBytes # define ENTRY_CopyBytes2Dynamic 2, 2, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes3 3, 3, 0, 0, 0 , CopyBytes # define ENTRY_CopyBytes3Dynamic 3, 3, 0, 0, DYNAMIC, CopyBytes # define ENTRY_CopyBytes3Or5 5, 3, 0, 0, 0, # define CopyBytes ENTRY_CopyBytes3Or5Target 5, 3, 0, 1, 0, # define CopyBytes ENTRY_CopyBytes5Or7Dynamic 7, 5 , 0, 0, DINÂMICA, CopyBytes # define ENTRY_CopyBytes3Or5Address 5, 3, 0, 0, ENDEREÇO, CopyBytes # define ENTRY_CopyBytes4 4, 4, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes5 5, 5, 0, 0, 0, CopyBytes # define ENTRY_CopyBytes7 7, 7, 0, 0, 0, # define CopyBytes ENTRY_CopyBytes2Mod 2, 2, 1, 0, 0, # define CopyBytes ENTRY_CopyBytes2Mod1 3, 3, 1, 0, 0, # define CopyBytes ENTRY_CopyBytes2ModOperand 6, 4, 1 , 0, 0, # define CopyBytes ENTRY_CopyBytes3Mod 3, 3, 2, 0, 0, # define CopyBytes ENTRY_CopyBytesPrefix 1, 1, 0, 0, 0, # define CopyBytesPrefix ENTRY_Copy0F 1, 1, 0, 0, 0, # define Copy0F ENTRY_Copy66 1, 1, 0, 0, 0, # define Copy66 ENTRY_Copy67 1, 1, 0, 0, 0, # define Copy67 ENTRY_CopyF6 0, 0, 0, 0, 0, # define CopyF6 ENTRY_CopyF7 0, 0, 0, 0 , 0, # define CopyF7 ENTRY_CopyFF 0, 0, 0, 0, 0, # define CopyFF ENTRY_Invalid 1, 1, 0, 0, 0, # define inválido ENTRY_End 0, 0, 0, 0, 0, NULL CopyBytes PBYTE (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyBytesPrefix (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE inválido (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); AdjustTarget PBYTE (PBYTE pbDst, PBYTE pbSrc, cbOp LONG, cbTargetOffset LONG) ; Set16BitOperand VOID (); Set32BitOperand VOID (); VOID Set16BitAddress (); VOID Set32BitAddress (); protegida: PBYTE Copy0F (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE Copy66 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE Copy67 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyF6 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyF7 (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc); PBYTE CopyFF (REFCOPYENTRY pentry, PBYTE pbDst, PBYTE pbSrc) , protegida: COPYENTRY static const s_rceCopyTable [257]; static const COPYENTRY s_rceCopyTable0F [257]; s_rbModRm BYTE static const [256]; protegida: m_b16BitOperand BOOL; BYTE; BOOL m_b16BitAddress; PBYTE m_ppbTarget *; LONGO * m_plExtra; m_lScratchExtra LONGO; m_pbScratchTarget PBYTE m_rbScratchDst [64]; BYTE * m_pbDstOverride; BOOL m_bAdjustZero;} / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / enum {OP_PRE_ES = 0x26, OP_PRE_CS = 0x2e, OP_PRE_SS = 0x36, OP_PRE_DS = 0x3e, OP_PRE_FS = 0x64, 0x65 = OP_PRE_GS, OP_JMP_SEG = 0x25, 0x77 = OP_JA, OP_NOP = 0x90, OP_CALL = 0xe8, OP_JMP = 0xE9, OP_PREFIX = 0xff, OP_MOV_EAX = 0xA1, OP_SET_EAX = 0xb8, OP_JMP_EAX = 0xE0, OP_RET_POP = 0xC2, 0xC3 OP_RET =, = OP_BRK 0xCC, SIZE_OF_JMP = 5, SIZE_OF_NOP = 1, SIZE_OF_BRK = 1, = SIZE_OF_TRP_OPS SIZE_OF_JMP / * + SIZE_OF_BRK * /,}, / / ​​/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / inline PBYTE DetourGenMovEax (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xB8; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno ;} linha PBYTE DetourGenMovEbx (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBB; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenMovEcx (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xB9; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenMovEdx (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBA; * ((UINT32 * &) pbCode) + + = nValue; voltar pbCode;} linha PBYTE DetourGenMovEsi (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBE; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenMovEdi (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBF; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenMovEbp (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBD; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenMovEsp (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0xBC; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenPush (PBYTE pbCode, UINT32 nValue) {* pbCode + + = 0x68; * ((UINT32 * &) pbCode) + + = nValue; pbCode retorno;} linha PBYTE DetourGenPushad (PBYTE pbCode) {* pbCode + + = 0x60; pbCode retorno;} linha PBYTE DetourGenPopad (PBYTE pbCode) {* pbCode + + = 0x61; pbCode retorno;} linha PBYTE DetourGenJmp (PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0) {if (pbJmpSrc == 0) pbJmpSrc = pbCode; * pbCode + + = 0xE9; * ((INT32 * &) pbCode) + + = pbJmpDst - (pbJmpSrc + 5); pbCode retorno;} linha PBYTE DetourGenCall (PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0) {if (pbJmpSrc == 0) pbJmpSrc = pbCode; * pbCode + + = 0xE8; * ((INT32 * &) pbCode) + + = pbJmpDst - (pbJmpSrc + 5); pbCode retorno;} linha DetourGenBreak PBYTE (PBYTE pbCode) {* pbCode + + = 0xCC; pbCode retorno;} linha PBYTE DetourGenRet (PBYTE pbCode) {* pbCode + + = 0xC3; voltar pbCode;} linha PBYTE DetourGenNop (PBYTE pbCode) {* pbCode + + = 0x90; pbCode retorno;} # define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE) 0) # define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE) ~ 0ul) # endif / / _DISASM_H_

como funções e endereços 
Usado parágrafo codificação los MatchServer 

Exemplo:
sourcefiles.txt

Código:

*** FONTE ARQUIVOS compiland = \ \ Release MatchServer.res compiland = \ \ Release MBMatchAuth.obj c:.. \ Teamworks \ estável \ MatchServer \ mbmatchauth.hc:. \ Teamworks \ estável \ MatchServer \ mbmatchauth.cpp compiland = \ Release \ MMatchServer_Schedule.obj c: \ Teamworks \ estável \ MatchServer \ mmatchserver_schedule.cpp c: \ Teamworks \ estável \ cscommon \ include \ mmatchobject.h compiland = \ \ Release MBMatchServerConfigReloader.obj c: \. Teamworks \ estável \ MatchServer \ mbmatchserverconfigreloader . cpp c:. \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ XTree Files \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ stdexcept c: \. Teamworks \ estável \ cscommon \ include \ mmatchevent.hc:.. \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ vetor compiland = \ Release \ MBMatchServer_ServerKeeper.obj Files \ Microsoft Visual Studio. NET 2003 \ vc7 \ include \ vetor c: \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ xstring C:.. \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ xmemory c:. \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ xutility c: \ Arquivos de programas \ Microsoft Visual Studio.NET 2003 \ vc7 \ include \ memória compiland = \ \ Release MBMatchServer_OnCommand.obj c:.. \ Teamworks \ estável \ MatchServer \ mbmatchserver_oncommand.cpp c: \ Teamworks \ estável \ cscommon \ include \ mmatchobject.h 

Créditos: 
Blasper [0] OneWhoSighs
EletroBlack- Postador