Esempio n. 1
        public string generate_function_code_GlobalFunction(ParsedFunc func)
            string result = "";

            result += "\r\n";
            result += "//////////////////////////////////////////////////////////////////\r\n";
            result += "// " + func.func_name + " Hooking\r\n";
            result += "//////////////////////////////////////////////////////////////////\r\n";
            result += "\r\n";

            //split return type from function description

            Tokenizer t = new Tokenizer(func.return_type);

            string return_type = "";
            string call_type   = "";

            string tok = null;

            while (true)
                tok = t.NextToken();

                if (null == tok)

                if (tok.Contains("__declspec") || tok.Contains("__stdcall"))
                    if (!tok.Contains("__declspec(dllimport)"))
                        call_type += tok + " ";
                    return_type += tok + " ";

            // typedef

            result += "typedef " + return_type;
            result += " (" + call_type + "*" + func.func_name + "_FPTR)(\r\n";

            bool bFirst = true;

            foreach (ParsedArgument arg in func.args_list)
                result += "\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_type + " ";
                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t);\r\n";

            // orig func pointer

            result += func.func_name + "_FPTR g_" + func.func_name + "_ORIG = NULL;\r\n";

            // detour function

            result += return_type + " " + call_type + " " + func.func_name + "_DETOUR (\r\n";

            bFirst = true;

            foreach (ParsedArgument arg in func.args_list)
                result += "\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_type + " ";
                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t)\r\n";
            result += "{\r\n";

            //assert to test the orig func pointer is valid
            result += "\tassert(g_" + func.func_name + "_ORIG);\r\n";

            //call the orig function

            result += "\t";

            if ("void " != return_type)
                result += "return ";

            result += "\tg_" + func.func_name + "_ORIG(\r\n";

            bFirst = true;
            foreach (ParsedArgument arg in func.args_list)
                result += "\t\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t\t);\r\n";

            result += "}\r\n";

            // show to hook code itself

            result += "\r\n...\r\n";

            result += "void Init_" + func.func_name + "_Hook()\r\n";
            result += "{\r\n";

            //HMODULE hUser32 = LoadLibrary("user32.dll");

            //TODO: identify module for system functions

            result += "\tHMODULE hmod = LoadLibraryA(\"??????.dll\")\r\n";
            result += "\tassert(hmod);\r\n";
            result += "\tif (hmod)\r\n";
            result += "\t{\r\n";

            result += "\t\tg_" + func.func_name + "_ORIG = (" + func.func_name + "_FPTR) GetProcAddress(hmod,\"" + func.func_name + "\");\r\n";
            result += "\t\tassert(g_" + func.func_name + "_ORIG);\r\n";

            result += "\t\tif (g_" + func.func_name + "_ORIG)\r\n";

            result += "\t\t{\r\n";
            //BOOL hook_res = Mhook_SetHook((PVOID*) &g_MessageBoxA_Orig, MessageBoxA_Detour);
            result += "\t\t\t BOOL hook_res = Mhook_SetHook((PVOID*) &g_" + func.func_name + "_ORIG, " + func.func_name + "_DETOUR);\r\n";
            result += "\t\t\t assert(hook_res);\r\n";

            result += "\t\t}\r\n";

            result += "\t}\r\n";

            result += "}\r\n";

            result += "\r\n...\r\n";

Esempio n. 2
        private ParsedFunc parse_func()
            ParsedFunc func = new ParsedFunc();

            string tok;
            string prev = "";

            bool arg_list_started = false;
            bool arg_list_ended   = false;

            func.return_type = ""; //might not have return value - constructor/destructor

            int scope_depth = 0;

            int template_scope_depth = 0;

            func.args_list = new List <ParsedArgument>();

            ParsedArgument arg = new ParsedArgument();

            //bool first_arg = true;

            tok  = m_MainTokenizer.NextToken();
            prev = tok;

            //using one lookahead.

            while (tok != null)
                tok = m_MainTokenizer.NextToken();

                //note: i do not support const functions.

                if (";" == tok)
                    if (prev == "}")

                    if (func.func_name == func.return_type)
                        func.return_type = "";


                if ("<" == prev)
                else if (">" == prev)

                if ("{" == prev)
                else if ("}" == prev)

                    if (scope_depth < 0)
                    //if we're in deeper scope, then it's function definition which we don't care about.
                    if (0 == scope_depth)
                        if ("(" == tok)
                            arg_list_started = true;
                            func.func_name   = prev;
                        else if (")" == prev)
                            arg_list_ended = true;
                        else /*if (";" == prev)
                              * {
                              * if (func.func_name == func.return_type)
                              * {
                              * //constructor/destructor
                              * func.return_type = "";
                              * }
                              * return func;
                              * }
                              * else*/
                            if (!arg_list_started && !arg_list_ended)
                                if (prev.Contains("__declspec") ||
                                    prev.Contains("__stdcall") ||
                                    if (!prev.Contains("__declspec(dllimport)") && !prev.Contains("__declspec(nothrow)") && !prev.Contains("virtual"))
                                        if (func.call_type != "")
                                            func.call_type += " ";

                                        func.call_type += prev;
                                    if (func.return_type != "")
                                        func.return_type += " ";

                                    func.return_type += prev;
                            else if (arg_list_started == true && !arg_list_ended)
                                if (("(" != prev && "," != prev) || 0 != template_scope_depth)
                                    if (("," == tok || ")" == tok) && 0 == template_scope_depth) // if next is "," or ")" and we're not inside a template definition
                                        arg.arg_name = prev;

                                        arg = new ParsedArgument();
                                        arg.arg_type += prev + " ";

                prev = tok;

            Debug.Print("Error! text ended before func declaration ended.\n");
Esempio n. 3
        public string generate_function_code_GlobalFunction(ParsedFunc func)
            string result = "";

            result += "\r\n";
            result += "//////////////////////////////////////////////////////////////////\r\n";
            result += "// " + func.func_name + " Hooking\r\n";
            result += "//////////////////////////////////////////////////////////////////\r\n";
            result += "\r\n";

            //split return type from function description

            Tokenizer t = new Tokenizer(func.return_type);

            string return_type = "";
            string call_type = "";

            string tok = null;
            while (true)
                tok = t.NextToken();

                if (null == tok)

                if (tok.Contains("__declspec") || tok.Contains("__stdcall"))
                    if (!tok.Contains("__declspec(dllimport)"))
                        call_type += tok + " ";
                    return_type += tok + " ";


            // typedef

            result += "typedef " + return_type;
            result += " (" + call_type + "*" + func.func_name + "_FPTR)(\r\n";

            bool bFirst = true;

            foreach (ParsedArgument arg in func.args_list)
                result += "\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_type + " ";
                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t);\r\n";

            // orig func pointer

            result += func.func_name + "_FPTR g_" + func.func_name + "_ORIG = NULL;\r\n";

            // detour function

            result += return_type + " " + call_type + " " + func.func_name + "_DETOUR (\r\n";

            bFirst = true;

            foreach (ParsedArgument arg in func.args_list)
                result += "\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_type + " ";
                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t)\r\n";
            result += "{\r\n";

            //assert to test the orig func pointer is valid
            result += "\tassert(g_" + func.func_name + "_ORIG);\r\n";

            //call the orig function

            result += "\t";

            if ("void " != return_type)
                result += "return ";

            result += "\tg_" + func.func_name + "_ORIG(\r\n";

            bFirst = true;
            foreach (ParsedArgument arg in func.args_list)
                result += "\t\t";
                if (!bFirst)
                    result += ",";

                result += arg.arg_name + "\r\n";

                bFirst = false;

            result += "\t\t);\r\n";

            result += "}\r\n";

            // show to hook code itself

            result += "\r\n...\r\n";

            result += "void Init_" + func.func_name + "_Hook()\r\n";
            result += "{\r\n";

            //HMODULE hUser32 = LoadLibrary("user32.dll");

            //TODO: identify module for system functions

            result += "\tHMODULE hmod = LoadLibraryA(\"??????.dll\")\r\n";
            result += "\tassert(hmod);\r\n";
            result += "\tif (hmod)\r\n";
            result += "\t{\r\n";

            result += "\t\tg_" + func.func_name + "_ORIG = (" + func.func_name + "_FPTR) GetProcAddress(hmod,\"" + func.func_name + "\");\r\n";
            result += "\t\tassert(g_" + func.func_name + "_ORIG);\r\n";

            result += "\t\tif (g_" + func.func_name + "_ORIG)\r\n";

            result += "\t\t{\r\n";
            //BOOL hook_res = Mhook_SetHook((PVOID*) &g_MessageBoxA_Orig, MessageBoxA_Detour);
            result += "\t\t\t BOOL hook_res = Mhook_SetHook((PVOID*) &g_" + func.func_name + "_ORIG, " + func.func_name + "_DETOUR);\r\n";
            result += "\t\t\t assert(hook_res);\r\n";

            result += "\t\t}\r\n";

            result += "\t}\r\n";

            result += "}\r\n";

            result += "\r\n...\r\n";

            return result;