Commit 32ad3b87 authored by SR_team's avatar SR_team 💬

Move SetProcAddress to Hook; fix make_for

parent c04b2052
#pragma once;
#ifndef SRHOOKPE_H
#define SRHOOKPE_H
......@@ -9,36 +11,6 @@
#include "fn2void.hpp"
namespace SRHook::PE {
bool SetProcAddress( PVOID ModuleBase, PCHAR pFunctionName, PVOID pFunctionAddress ) {
// Based on KernelGetProcAddress from ReactOS
ULONG size = 0;
ImageDirectoryEntryToData( ModuleBase, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)ModuleBase;
PIMAGE_NT_HEADERS nt = ( PIMAGE_NT_HEADERS )( (ULONG)ModuleBase + dos->e_lfanew );
PIMAGE_DATA_DIRECTORY expdir = ( PIMAGE_DATA_DIRECTORY )( nt->OptionalHeader.DataDirectory +
IMAGE_DIRECTORY_ENTRY_EXPORT );
ULONG addr = expdir->VirtualAddress;
PIMAGE_EXPORT_DIRECTORY exports = ( PIMAGE_EXPORT_DIRECTORY )( (ULONG)ModuleBase + addr );
PULONG functions = ( PULONG )( (ULONG)ModuleBase + exports->AddressOfFunctions );
PSHORT ordinals = ( PSHORT )( (ULONG)ModuleBase + exports->AddressOfNameOrdinals );
PULONG names = ( PULONG )( (ULONG)ModuleBase + exports->AddressOfNames );
ULONG max_name = exports->NumberOfNames;
ULONG max_func = exports->NumberOfFunctions;
for ( ULONG i = 0; i < max_name; i++ ) {
ULONG ord = ordinals[i];
if ( i >= max_name || ord >= max_func ) return false;
if ( functions[ord] < addr || functions[ord] >= addr + size ) {
if ( strcmp( (PCHAR)ModuleBase + names[i], pFunctionName ) == 0 ) {
memsafe::Unprotect( (DWORD)functions + ord, 4 );
functions[ord] = (PCHAR)pFunctionAddress - (PCHAR)ModuleBase;
return true;
}
}
}
return false;
}
template<call_t ct, typename R, typename... Args> class Hook {
std::string lib, func;
std::atomic_bool enabled;
......@@ -157,7 +129,7 @@ namespace SRHook::PE {
}
rasm->call( reinterpret_cast<int>( fn2void( &Hook::hook ) ) );
thissafe[0] = 0x8b;
// rasm->insert( thissafe, 6 );
rasm->insert( thissafe, 6 );
if constexpr ( ct == call_t::ccall )
rasm->ret();
else
......@@ -170,7 +142,42 @@ namespace SRHook::PE {
rasm->jmp( reinterpret_cast<int>( original ) );
enabled = false;
}
static bool SetProcAddress( PVOID ModuleBase, PCHAR pFunctionName, PVOID pFunctionAddress ) {
// Based on KernelGetProcAddress from ReactOS
ULONG size = 0;
ImageDirectoryEntryToData( ModuleBase, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)ModuleBase;
PIMAGE_NT_HEADERS nt = ( PIMAGE_NT_HEADERS )( (ULONG)ModuleBase + dos->e_lfanew );
PIMAGE_DATA_DIRECTORY expdir = ( PIMAGE_DATA_DIRECTORY )( nt->OptionalHeader.DataDirectory +
IMAGE_DIRECTORY_ENTRY_EXPORT );
ULONG addr = expdir->VirtualAddress;
PIMAGE_EXPORT_DIRECTORY exports = ( PIMAGE_EXPORT_DIRECTORY )( (ULONG)ModuleBase + addr );
PULONG functions = ( PULONG )( (ULONG)ModuleBase + exports->AddressOfFunctions );
PSHORT ordinals = ( PSHORT )( (ULONG)ModuleBase + exports->AddressOfNameOrdinals );
PULONG names = ( PULONG )( (ULONG)ModuleBase + exports->AddressOfNames );
ULONG max_name = exports->NumberOfNames;
ULONG max_func = exports->NumberOfFunctions;
for ( ULONG i = 0; i < max_name; i++ ) {
ULONG ord = ordinals[i];
if ( i >= max_name || ord >= max_func ) return false;
if ( functions[ord] < addr || functions[ord] >= addr + size ) {
if ( strcmp( (PCHAR)ModuleBase + names[i], pFunctionName ) == 0 ) {
memsafe::Unprotect( (DWORD)functions + ord, 4 );
functions[ord] = (PCHAR)pFunctionAddress - (PCHAR)ModuleBase;
return true;
}
}
}
return false;
}
};
template<call_t ct, typename R, typename... Args>
void make_for( Hook<ct, R, Args...> *&hook, std::string_view lib, std::string_view func ) {
hook = new Hook<ct, R, Args...>( lib, func );
}
} // namespace SRHook::PE
#endif // SRHOOKPE_H
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment