added x86 support and cleaned the code up

master
xerox 5 years ago
parent aca34a8e64
commit b74dc0561d

@ -1,42 +0,0 @@
#include "hook.hpp"
namespace hook
{
//--- default constructor
detour::detour(void* addr_to_hook, void* jmp_to_addr)
: hook_addr((std::uintptr_t)addr_to_hook), detour_addr((std::uintptr_t)jmp_to_addr)
{
//finish the shellcode by adding the address to jmp to
*(uintptr_t*)(jmp_code + OFFSET_TO_ADDRESS) = (std::uintptr_t)jmp_to_addr;
//save old bytes
memcpy(org_bytes, (void*)hook_addr, JMP_CODE_SIZE);
//install the hook.
install();
}
detour::~detour()
{uninstall();}
void detour::install()
{
//install the hook.
write_to_readonly((void *)hook_addr, jmp_code, JMP_CODE_SIZE);
hook_installed = true;
}
void detour::uninstall()
{
//write the original bytes back.
write_to_readonly((void *)hook_addr, org_bytes, JMP_CODE_SIZE);
hook_installed = false;
}
uintptr_t detour::hook_address()
{return hook_addr;}
uintptr_t detour::detour_address()
{return detour_addr;}
bool detour::installed()
{return hook_installed;}
}

@ -1,29 +1,82 @@
#pragma once #pragma once
#include <Windows.h> #include <Windows.h>
#include <map> #include <map>
#include <atomic>
#include <memory> #include <memory>
#define JMP_CODE_SIZE 14 #if _M_IX86
#define OFFSET_TO_ADDRESS 0x1
#elif _M_X64
#define OFFSET_TO_ADDRESS 0x2 #define OFFSET_TO_ADDRESS 0x2
#endif
namespace hook namespace hook
{ {
static void write_to_readonly(void* addr, void* data, int size)
{
DWORD old_flags;
VirtualProtect((LPVOID)addr, size, PAGE_READWRITE, &old_flags);
memcpy((void*)addr, data, size);
VirtualProtect((LPVOID)addr, size, old_flags, &old_flags);
}
class detour class detour
{ {
public: public:
detour(void* addrToHook, void* jmpTo); detour(void* addr_to_hook, void* jmp_to, bool enable = true)
~detour(); : hook_addr(addr_to_hook), detour_addr(jmp_to)
void install(); {
void uninstall(); //setup hook
bool installed(); memcpy(
uintptr_t hook_address(); jmp_code + OFFSET_TO_ADDRESS,
uintptr_t detour_address(); &jmp_to,
sizeof(jmp_to)
);
//save bytes
memcpy(
org_bytes,
hook_addr,
sizeof(org_bytes)
);
if(enable)
install();
}
void install()
{
write_to_readonly(hook_addr, jmp_code, sizeof(jmp_code));
hook_installed.exchange(true);
}
void uninstall()
{
write_to_readonly(hook_addr, org_bytes, sizeof(org_bytes));
hook_installed.exchange(false);
}
~detour() { uninstall(); }
bool installed() { return hook_installed; }
void* hook_address() { return hook_addr; }
void* detour_address() { return detour_addr; }
private: private:
bool hook_installed{ false }; std::atomic<bool> hook_installed{ false };
uintptr_t hook_addr, detour_addr; void *hook_addr, *detour_addr;
unsigned char jmp_code[JMP_CODE_SIZE] = {
0x48, 0xb8, //movabs rax, &jmpTo #if _M_IX86
0x0, //jmpTo address will be here in these 0's /*
0: b8 ff ff ff ff mov eax, 0xffffffff
5: ff e0 jmp eax
*/
unsigned char jmp_code[7] = {
0xb8, 0x0, 0x0, 0x0, 0x0,
0xFF, 0xE0
};
#elif _M_X64
/*
0: 48 c7 c0 ff ff ff ff mov rax,0xffffffffffffffff
7: ff e0 jmp rax
*/
unsigned char jmp_code[12] = {
0x48, 0xb8,
0x0, 0x0,
0x0, 0x0,
0x0, 0x0,
@ -31,21 +84,14 @@ namespace hook
0x0, 0x0,
0x0, 0x0,
0x0, 0x0,
0xff, 0xe0, //jmp rax 0x0,
0x90, 0x90 //nop, nop 0xff, 0xe0
}; };
char org_bytes[JMP_CODE_SIZE]; #endif
std::uint8_t org_bytes[sizeof(jmp_code)];
}; };
static std::map<uintptr_t, std::unique_ptr<detour>> hooks{}; static std::map<void*, std::unique_ptr<detour>> hooks{};
__forceinline void write_to_readonly(void* addr, void* data, int size)
{
DWORD old_flags;
VirtualProtect((LPVOID)addr, size, PAGE_READWRITE, &old_flags);
memcpy((void*)addr, data, size);
VirtualProtect((LPVOID)addr, size, old_flags, &old_flags);
}
/* /*
Author: xerox Author: xerox
@ -53,16 +99,16 @@ namespace hook
Create Hook without needing to deal with objects Create Hook without needing to deal with objects
*/ */
__forceinline void install(void* addr_to_hook, void* jmp_to_addr) { static void make_hook(void* addr_to_hook, void* jmp_to_addr, bool enable = true)
{
if (!addr_to_hook) if (!addr_to_hook)
return; return;
hooks.insert({ hooks.insert({
(std::uintptr_t)addr_to_hook, addr_to_hook,
std::make_unique<detour>( std::make_unique<detour>(
addr_to_hook, addr_to_hook,
jmp_to_addr jmp_to_addr,
enable
)} )}
); );
} }
@ -73,11 +119,11 @@ namespace hook
Enable hook given the address to hook Enable hook given the address to hook
*/ */
__forceinline void enable(void* addr) static void enable(void* addr)
{ {
if (!addr) if (!addr)
return; return;
hooks.at((std::uintptr_t)addr)->install(); hooks.at(addr)->install();
} }
/* /*
@ -86,11 +132,11 @@ namespace hook
Disable hook givent the address of the hook Disable hook givent the address of the hook
*/ */
__forceinline void disable(void* addr) static void disable(void* addr)
{ {
if (!addr) if (!addr)
return; return;
hooks.at((std::uintptr_t)addr)->uninstall(); hooks.at(addr)->uninstall();
} }
@ -100,10 +146,10 @@ namespace hook
Remove hook completely from vector Remove hook completely from vector
*/ */
__forceinline void remove(void* addr) static void remove(void* addr)
{ {
if (!addr) if (!addr)
return; return;
hooks.erase((std::uintptr_t)addr); hooks.erase(addr);
} }
} }

@ -10,33 +10,47 @@ BOOL HookWriteFile(
LPOVERLAPPED lpOverlapped LPOVERLAPPED lpOverlapped
) )
{ {
//this will change the output to "shithooked!\n" //this will change the output to "shithooked!\n"
const char* shithooked = "shithooked!?";
memset((void *)lpBuffer, NULL, nNumberOfBytesToWrite);
memcpy((void*)lpBuffer, "shithooked!?\n", sizeof("shithooked!\n"));
hook::disable(&WriteFile); hook::disable(&WriteFile);
BOOL result = WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped); BOOL result = WriteFile(
hFile,
shithooked,
nNumberOfBytesToWrite,
lpNumberOfBytesWritten,
lpOverlapped
);
hook::enable(&WriteFile); hook::enable(&WriteFile);
return result; return result;
} }
int main() int main()
{ {
hook::install( //make hook
hook::make_hook(
&WriteFile, &WriteFile,
&HookWriteFile &HookWriteFile,
false // you can choose not to install it yet
); );
OFSTRUCT ofstruct; //make file
OpenFile("output.txt", &ofstruct, OF_CREATE); OFSTRUCT ofstruct{};
HFILE result = OpenFile("output.txt", &ofstruct, OF_READWRITE); auto result = std::unique_ptr<std::remove_pointer_t<HANDLE>, decltype(&CloseHandle)>(
(HANDLE)(OpenFile(
"output.txt",
&ofstruct,
OF_READWRITE | OF_CREATE
)), &CloseHandle
);
while (true) if (reinterpret_cast<HFILE>(result.get()) != HFILE_ERROR)
{ {
Sleep(1000); // we can enable it after we open the file
char aString[] = "Hello world!\n"; hook::enable(&WriteFile);
WriteFile((HANDLE)result, aString, sizeof(aString), NULL, NULL);
//write to file
const char aString[] = "Hello world!\n";
WriteFile(result.get(), aString, sizeof(aString), NULL, NULL);
} }
} }

@ -0,0 +1,31 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29519.181
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shithook", "shithook.vcxproj", "{E5255EE2-A83E-4455-99E3-B5D236B76D36}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Debug|x64.ActiveCfg = Debug|x64
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Debug|x64.Build.0 = Debug|x64
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Debug|x86.ActiveCfg = Debug|Win32
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Debug|x86.Build.0 = Debug|Win32
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Release|x64.ActiveCfg = Release|x64
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Release|x64.Build.0 = Release|x64
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Release|x86.ActiveCfg = Release|Win32
{E5255EE2-A83E-4455-99E3-B5D236B76D36}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {8D42E5D0-475A-4EA5-94EA-1ADB1F46CBF1}
EndGlobalSection
EndGlobal

@ -0,0 +1,170 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="hook.hpp" />
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<ProjectGuid>{E5255EE2-A83E-4455-99E3-B5D236B76D36}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>shithook</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)$(Configuration)\</OutDir>
<IntDir>$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)$(Configuration)\</OutDir>
<IntDir>$(Configuration)\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="hook.hpp">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>
Loading…
Cancel
Save