public DetourCallback(IntPtr _startAddress, IntPtr _codeCaveAddress, int _overwriteByteCount, byte[] _overwrittenOriginalBytes, byte[] _jumpInBytes, byte[] _jumpOutBytes, byte[] _codeCaveBytes, bool _saveOriginalBytes, bool _putOriginalBytesAfterMnemonics, Classes.RemoteMemory _allocationObject, Classes.RemoteMemory _hitCounter, Classes.RemoteMemory _registerStructs, InterceptHookExecuteDelegate _RaiseEvent, Main _mainReference)
{
DetourStartAddress = _startAddress;
CodeCaveAddress = _codeCaveAddress;
OriginalByteOverwriteCount = _overwriteByteCount;
OriginalBytes = _overwrittenOriginalBytes;
SaveOriginalBytes = _saveOriginalBytes;
PutOriginalBytesAfterMnemonics = _putOriginalBytesAfterMnemonics;
JumpInBytes = _jumpInBytes;
CodeCaveBytes = _codeCaveBytes;
CodeCaveAllocationObject = _allocationObject;
HitCounter = _hitCounter;
RegisterStructs = _registerStructs;
RaiseEvent = _RaiseEvent;
JumpOutBytes = _jumpOutBytes;
MainReference = _mainReference;
}
public static List <string> GenerateFunctionMnemonics(IntPtr functionAddress, List <dynamic> parameters, Classes.CallingConventionsEnum callingConvention, Main mainRef, Type funcReturnType, bool Process64Bit, out List <Classes.RemoteMemory> paramAllocations)
{
List <string> mnemonics = new List <string>();
List <Classes.RemoteMemory> parameterAllocationsReturn = new List <Classes.RemoteMemory>();
List <Classes.RemoteMemory> parameterAllocations = new List <Classes.RemoteMemory>();
foreach (var param in parameters)
{
Classes.RemoteMemory paramAllocation = mainRef.Allocator.AllocateMemory((uint)Marshal.SizeOf((object)param));
if (!paramAllocation.IsValid)
{
foreach (var alloc in parameterAllocations)
{
alloc.ReleaseMemory();
}
throw new Exception("ERROR");
}
byte[] buff = StructureToByteArray(param);
mainRef.Writer.WriteBytes(paramAllocation.BaseAddress, buff);
parameterAllocations.Add(paramAllocation);
}
parameterAllocationsReturn = parameterAllocations;
int offset = 0;
switch (callingConvention)
{
case Classes.CallingConventionsEnum.Cdecl:
parameterAllocations.Reverse();
foreach (var param in parameterAllocations)
{
mnemonics.Add($"push dword [{param.BaseAddress}]");
}
mnemonics.Add($"call {functionAddress}");
mnemonics.Add($"add esp, {parameterAllocations.Count * 4}");
break;
case Classes.CallingConventionsEnum.Winapi: // This defaults to StdCall on windows
case Classes.CallingConventionsEnum.StdCall:
parameterAllocations.Reverse();
foreach (var param in parameterAllocations)
{
mnemonics.Add($"push [{param.BaseAddress}]");
}
mnemonics.Add($"call {functionAddress.ToInt32()}");
break;
case Classes.CallingConventionsEnum.FastCall:
if (parameterAllocations.Count > 0)
{
mnemonics.Add($"mov ecx, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
if (parameterAllocations.Count - offset > 0)
{
mnemonics.Add($"mov edx, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
parameterAllocations = parameterAllocations.Skip(offset).ToList();
parameterAllocations.Reverse();
foreach (var param in parameterAllocations)
{
mnemonics.Add($"push [{param.BaseAddress}]");
}
mnemonics.Add($"call {functionAddress.ToInt32()}");
break;
case Classes.CallingConventionsEnum.ThisCall:
if (parameterAllocations.Count > 0)
{
mnemonics.Add($"mov ecx, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
parameterAllocations = parameterAllocations.Skip(offset).ToList();
parameterAllocations.Reverse();
foreach (var param in parameterAllocations)
{
mnemonics.Add($"push [{param.BaseAddress}]");
}
mnemonics.Add($"call {(Process64Bit ? functionAddress.ToInt64().ToString() : functionAddress.ToInt32().ToString())}");
break;
case Classes.CallingConventionsEnum.x64Convention:
if (parameterAllocations.Count > 0)
{
mnemonics.Add($"mov rcx, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
if (parameterAllocations.Count - offset > 0)
{
mnemonics.Add($"mov rdx, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
if (parameterAllocations.Count - offset > 0)
{
mnemonics.Add($"mov r8, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
if (parameterAllocations.Count - offset > 0)
{
mnemonics.Add($"mov r9, [{parameterAllocations[offset].BaseAddress}]");
offset++;
}
parameterAllocations = parameterAllocations.Skip(offset).ToList();
foreach (var param in parameterAllocations)
{
mnemonics.Add($"push [{param.BaseAddress}]");
}
mnemonics.Add($"call {functionAddress.ToInt64()}");
break;
default:
throw new InvalidOperationException("Deal with this");
}
paramAllocations = parameterAllocationsReturn;
mnemonics.Insert(0, (callingConvention != Classes.CallingConventionsEnum.x64Convention ? "use32" : "use64"));
mnemonics.Add((callingConvention == Classes.CallingConventionsEnum.x64Convention ? "ret" : "retn"));
return(mnemonics);
}