c++ - how to create a trampoline function using DetourAttachEx? (with MS detours) -


i have dll , wish create detour 1 of exported functions,

  • the dll not part of windows.
  • i need able call real function after detour (call real function detoured one)
  • i know exact signature of function.
  • i have been able detour function, right can't call real one.

i realize need use trampoline function, i've seen examples online. problem is: examples show how detour windows api function, need same function thorough dll import.

any welcomed

--edit clarify, have attempted call original function pointer, not work. tried using method stack overflow article

that doesn't crash looks goes infinite loop (i assume because in original function there jump detoured one)

edit -- solved! not sure solved it, used this reference.

  • stopped using getprocadder , instead started using detourfindfunction instead
  • cleaned code (pretty sure cleaned out whatever caused issue)

works, anyway

i don't use detours(i detest it!), detouring non hot-patchable function can done in generic manner, so:

sstep 1: insert jmp <your code> @ start of function, takes 5 bytes, little more align nearest instruction. example

the start of function hook:

sub esp,3c push edi push esi //more code

would become:

jmp myfunction //more code

one writing 0xe9 @ first byte writing value (function_addr - patch_addr + sizeof(int_ptr)) in following dword. writing should done using writeprocessmemory after setting read/write/execute permissions virtualprotectex

step 2: next, create assembly interface:

void __declspec(naked) myfunc() {      __asm     {         call check             ;call out filter func         test eax,eax           ; test if let call through         je _exit         sub esp,3c             ; gone through, replicate overwrote         push edi         push esi         jmp nextexecutionaddress ; jump location after our jump     _exit:         retn                   ; note, must have correct stack cleanup     }  }

nextexecutionaddress need filled @ run time using modulebase + rva.

to honest, way easier, , better(!) eat (export address table) hook export table of dll, or iat (import address table) hook import tables of whats calling funcs want filter. detours should have functions these type of hooks, if not, there other freely available libs it.

the other way use detour hook every call in apps using dll reroute them proxy function in own code, has advantage of allowing 1 filter calls, , not across binary(it possible same using _returnaddress, thats more work), disadvantage though capturing locations patch(i use ollydbg + custom patching engine) , won't work on non-regular calling convention functions(like made #pragma aux in watcom or optimized calls generated vc7+).

one important thing note: if hooking multithreaded app, patches need done app suspended, or done attomically use interlockedexchange, interlockexchange64 , interlockedexchangepointer(i use latter iat/eat hooks, when hooking 'third party process')

looking @ post link to, method there horrible in opinion, due assmebly :p but, how calling pointer obtain, , how obtained?


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more