return (UNHandlerTable + 0x48) +
0x68;
I do like this:
PHP код:
DWORD sendPacketAddr = 0;
int __fastcall new_AddNetworkQueue(unsigned int This, unsigned int EDX, TNetworkPacket *NetworkPacket)
{
if (sendPacketAddr == 0)
{
UNetworkHandler* UNH;
UNH = (UNetworkHandler*)This;
__asm
{
mov ecx,UNH;
mov eax,[ecx + 48h];
mov ecx,[eax]
mov edx,[ecx + 68h]//IL
mov sendPacketAddr,edx;
}
true_SendPacket = (_SendPacket) splice((unsigned char*) sendPacketAddr, new_SendPacket);
}
.....
And need another recursed version function Splice for Interlude:
PHP код:
unsigned int splice(unsigned char *addr, void *hook_fn)
{
if (*addr == 0xE9)
{
//splice> jmp operand found, calc jump addr and retry splice on this addr
unsigned int jmpAddr = (unsigned int)addr + (*(int*)((unsigned int)addr + 1)) + 5;
return splice((unsigned char*)jmpAddr, hook_fn);
}
unsigned char *saved = alloc_rwx_mem();
int cb = splicing_length(addr);
unsigned long oldprotect;
for (int i = 0; i < cb; i++)
{
saved[i] = addr[i];
}
write_jmp(saved + cb, addr + cb);
VirtualProtect(addr, 5, PAGE_EXECUTE_READWRITE, &oldprotect);
write_jmp(addr, hook_fn);
VirtualProtect(addr, 5, oldprotect, &oldprotect);
return (unsigned int) saved;
}
void write_jmp(unsigned char *addr, void *dest)
{
*addr = 0xE9;
*(int*) (addr + 1) = (unsigned char*) dest - (addr + 5);
}
int splicing_length(void *codePtr)
{
int cb = 0;
do
{
cb += instruction_length((char*) codePtr + cb);
}
while (cb < 5);
return cb;
}