/// <summary>
/// Hooked function will jump to our function
/// </summary>
public void SetJump(IntPtr callbackAdr)
{
IntPtr callbackAddress;
if (callbackAdr == IntPtr.Zero)
{
callbackAddress = Marshal.GetFunctionPointerForDelegate(Callback);
}
else
{
callbackAddress = callbackAdr;
}
var asm_bytes = new List <byte>();
asm_bytes.Add(0xE9);
asm_bytes.AddRange(BitConverter.GetBytes(callbackAddress.ToInt32() - HookAddress.ToInt32() - 5));
OldBytes = new byte[asm_bytes.Count];
Marshal.Copy(HookAddress, OldBytes, 0, asm_bytes.Count);
int oldProtect = 0;
WinAPI.VirtualProtect(HookAddress, asm_bytes.Count, (int)WinAPI.Protection.PAGE_EXECUTE_READWRITE, out oldProtect);
Marshal.Copy(asm_bytes.ToArray(), 0, HookAddress, asm_bytes.Count);
WinAPI.VirtualProtect(HookAddress, asm_bytes.Count, oldProtect, out oldProtect);
}
private void OnDeserialized(StreamingContext context)
{
if (Address.StartsWith("0x"))
{
address = Convert.ToUInt32(Address, 16);
}
else
{
address = Convert.ToUInt32(Address);
}
if (HookAddress.StartsWith("0x"))
{
hookAddress = Convert.ToUInt32(HookAddress, 16);
}
else
{
hookAddress = Convert.ToUInt32(HookAddress);
}
if (HookValue.StartsWith("0x"))
{
hookValue = Convert.ToUInt32(HookValue, 16);
}
else
{
hookValue = Convert.ToUInt32(HookValue);
}
}
/// <summary>
/// Change call address to hooked address
/// </summary>
public void SetCall()
{
var callbackAddress = Marshal.GetFunctionPointerForDelegate(Callback);
byte firstByte = Marshal.ReadByte(HookAddress);
var asm_bytes = new List <byte>();
asm_bytes.Add(0xE8);
asm_bytes.AddRange(BitConverter.GetBytes(callbackAddress.ToInt32() - HookAddress.ToInt32() - 5));
if (firstByte == 0xFF)
{
asm_bytes.Add(0x90);
}
int oldProtect = 0;
WinAPI.VirtualProtect(HookAddress, asm_bytes.Count, (int)WinAPI.Protection.PAGE_EXECUTE_READWRITE, out oldProtect);
Marshal.Copy(asm_bytes.ToArray(), 0, HookAddress, asm_bytes.Count);
WinAPI.VirtualProtect(HookAddress, asm_bytes.Count, oldProtect, out oldProtect);
}
