| Code: |
| include \masm32\include\masm32rt.inc include \masm32\include\psapi.inc includelib \masm32\lib\psapi.lib main proto HookFxn proto .data szTempFile byte "IAT Hook.txt", 0 szModulename byte "user32.dll", 0 szProcname byte "MessageBoxA", 0 bPlaceHooks bool TRUE szParam1 byte "Param 1 : 0x" szParam2 byte "Param 2 : 0x" szParam3 byte "Param 3 : 0x" szParam4 byte "Param 4 : 0x" .data? hInstance dword ? hProcess dword ? hFile dword ? hSnapshot dword ? lpProc dword ? me MODULEENTRY32 <> szFilename byte 255 dup (?) .code LibMain proc instance:DWORD,reason:DWORD,unused:DWORD .IF reason == DLL_PROCESS_ATTACH mrm hInstance, instance ; copy local to global invoke CreateThread, 0, 0, addr main, 0, 0, 0 mov eax, TRUE ; return TRUE so DLL will start .ELSEIF reason == DLL_PROCESS_DETACH .ELSEIF reason == DLL_THREAD_ATTACH .ELSEIF reason == DLL_THREAD_DETACH .ENDIF ret LibMain endp main proc LOCAL flOldProtect:DWORD xor ebx, ebx invoke GetCurrentProcessId invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, eax mov hProcess, eax invoke GetModuleFileNameEx, hProcess, hInstance, addr szFilename, 255 mov ecx, offset szFilename @@: dec eax cmp byte ptr ds:[eax+ecx], '\' jne @b mov byte ptr ds:[eax+ecx+1], 0 mov eax, add$(addr szFilename, addr szTempFile) invoke CreateFile, addr szFilename, GENERIC_READ OR GENERIC_WRITE, ebx, ebx, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, ebx mov hFile, eax invoke SetEndOfFile, eax invoke GetModuleHandle, addr szModulename invoke GetProcAddress, eax, addr szProcname mov edi, eax mov lpProc, eax restoreIAT: invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, ebx mov hSnapshot, eax mov me.dwSize, sizeof me invoke Module32First, eax, addr me @@: mov eax, me.modBaseAddr ; address of PE header add eax, 3Ch ; offset to value of offset to PE signature mov eax, dword ptr ds:[eax] add eax, me.modBaseAddr ; eax = pointer to PE signature add eax, 0D8h ; eax = pointer to pointer to IAT mov esi, dword ptr ds:[eax] ; esi = pointer to offset of IAT add esi, me.modBaseAddr ; esi = pointer to IAT mov ecx, dword ptr ds:[eax+4] ; ecx = IAT size .WHILE ecx != 0 .IF dword ptr ds:[esi+4*ecx] == edi lea esi, [esi+4*ecx] invoke VirtualProtect, esi, 4, PAGE_EXECUTE_READWRITE, addr flOldProtect .IF bPlaceHooks == 1 mov dword ptr ds:[esi], offset HookFxn .ELSE mov eax, lpProc mov dword ptr ds:[esi], eax .ENDIF invoke VirtualProtect, esi, 4, flOldProtect, addr flOldProtect mov ecx, 1 .ENDIF dec ecx .ENDW invoke Module32Next, hSnapshot, addr me test eax, eax jnz @b invoke CloseHandle, hSnapshot .IF bPlaceHooks == TRUE xor eax, eax .WHILE eax == 0 invoke Sleep, 100 invoke GetAsyncKeyState, VK_F10 .ENDW mov bPlaceHooks, FALSE mov edi, offset HookFxn jmp restoreIAT .ENDIF invoke CloseHandle, hFile invoke CloseHandle, hProcess invoke FreeLibraryAndExitThread, hInstance, ebx ret main endp HookFxn proc OPTION PROLOGUE:NONE OPTION EPILOGUE:NONE push ebp mov ebp, esp pushad mov edi, lengthof szParam1 mov ebx, dword ptr ss:[ebp+8] mov eax, fwrite(hFile, addr szParam1, edi) fprint hFile, uhex$(ebx) mov ebx, dword ptr ss:[ebp+0Ch] mov eax, fwrite(hFile, addr szParam2, edi) fprint hFile, uhex$(ebx) mov ebx, dword ptr ss:[ebp+010h] mov eax, fwrite(hFile, addr szParam3, edi) fprint hFile, uhex$(ebx) mov ebx, dword ptr ss:[ebp+014h] mov eax, fwrite(hFile, addr szParam4, edi) fprint hFile, uhex$(ebx) popad pop ebp jmp lpProc ret HookFxn endp end LibMain reflink: http://forum.cheatengine.org/viewtopic.php?t=495489&postdays=0&postorder=asc&start=0 |
| |