Перехват UNetworkHandler::AddNetworkQueue, для фришек
cpp Код:
#include <Windows.h>
class UNetworkHandler {};
#pragma pack(push, 1)
struct NetworkPacket
{
unsigned char id, _padding1, exid, _padding2;
unsigned short size, _padding3;
unsigned char* data;
};
#pragma pack(pop)
int (__fastcall *UNetworkHandler_AddNetworkQueue)(UNetworkHandler*, int, NetworkPacket*);
int __fastcall UNetworkHandler_AddNetworkQueue_hook(UNetworkHandler* This, int /*edx*/, NetworkPacket* packet)
{
// Полезная нагрузка перехвата
char buf[1024];
wsprintfA(buf, "Packet id=0x%x, size=0x%x", packet->id, packet->size);
OutputDebugStringA(buf);
//-----------------------------------------
return (*UNetworkHandler_AddNetworkQueue)(This, 0/*чтоугодно*/, packet);
}
DWORD WINAPI InitThread(LPVOID)
{
HMODULE hEngine = LoadLibraryA("Engine.dll");
(FARPROC&) UNetworkHandler_AddNetworkQueue = GetProcAddress(hEngine, "?AddNetworkQueue@UNetworkHandler@@UAEHPAUNetworkPacket@@@Z");
void** UNetworkHandler_vftable = (void**)GetProcAddress(hEngine, "??_7UNetworkHandler@@6BUObject@@@");
while(*UNetworkHandler_vftable != (void*)UNetworkHandler_AddNetworkQueue)
++UNetworkHandler_vftable;
*UNetworkHandler_vftable = (void*)UNetworkHandler_AddNetworkQueue_hook;
return 0;
}
BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID)
{
if (DLL_PROCESS_ATTACH != ul_reason_for_call)
return 1;
DisableThreadLibraryCalls(hModule);
CreateThread(0, 0, &InitThread, 0, 0, 0);
return 1;
}
Спасибо
Demion за идею использовать __fastcall вместо __thiscall.