/// <summary>
/// InlineHook
/// </summary>
/// <param name="HookAddress">Hook地址</param>
/// <param name="Hooklen">Hook长度</param>
/// <param name="HookBytes0">Hook数据</param>
/// <param name="Callback">回调地址</param>
/// <param name="CallbackOffset">回调偏移</param>
/// <param name="IsFront">是否前置</param>
/// <param name="CallAddress">CALL地址</param>
public static IntPtr InlineHook(int HookAddress, int Hooklen,
byte[] HookBytes0, int Callback, int CallbackOffset,
bool IsFront, int CallAddress, string name, Action <Methods.Register> func)
{
WeChetHook.DllcallBack dllcallBack = new WeChetHook.DllcallBack((de1, de2, ECX1, EAX1, EDX1, EBX1, ESP1, EBP1, ESI1, EDI1) => {
func(new Register
{
EAX = EAX1,
EBP = EBP1,
EBX = EBX1,
ECX = ECX1,
EDI = EDI1,
EDX = EDX1,
ESI = ESI1,
ESP = ESP1
});
});
int CallHandle = ComputeHash(name);
Methods.callBacks.Add(CallHandle, dllcallBack);
List <byte> byteSource1 = new List <byte>();
byteSource1.AddRange(new byte[] { 199, 134, 240, 2, 0, 0 });
byteSource1.AddRange(BitConverter.GetBytes(CallHandle));
byteSource1.AddRange(HookBytes0);
byte[] hookbytes = byteSource1.ToArray();
List <byte> byteSource = new List <byte>();
IntPtr ptr = NativeAPI.VirtualAlloc(0, 128, 4096, 64);
if (IsFront)
{
NativeAPI.WriteProcessMemory(-1, ptr, Add(new byte[] { 232 }, Inline_GetBuf(ptr, CallAddress)), 5, 0);
NativeAPI.WriteProcessMemory(-1, ptr + 5, hookbytes, hookbytes.Length, 0);
NativeAPI.WriteProcessMemory(-1, ptr + 5 + CallbackOffset, Inline_GetBuf(ptr + 5 + CallbackOffset - 1, Callback), 4, 0);
NativeAPI.WriteProcessMemory(-1, ptr + 5 + hookbytes.Length, Add(new byte[] { 233 }, Inline_GetBuf(ptr + 5 + HookBytes0.Length, HookAddress + Hooklen)), 5, 0);
}
else
{
NativeAPI.WriteProcessMemory(-1, ptr, hookbytes, hookbytes.Length, 0);
NativeAPI.WriteProcessMemory(-1, ptr + CallbackOffset, Inline_GetBuf(ptr + CallbackOffset - 1, Callback), 4, 0);
NativeAPI.WriteProcessMemory(-1, ptr + hookbytes.Length, Add(new byte[] { 232 }, Inline_GetBuf(ptr + hookbytes.Length, CallAddress)), Hooklen, 0);
NativeAPI.WriteProcessMemory(-1, ptr + Hooklen + hookbytes.Length, Add(new byte[] { 233 }, Inline_GetBuf(ptr + Hooklen + HookBytes0.Length, HookAddress + Hooklen)), 5, 0);
}
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress), Add(new byte[] { 233 }, Inline_GetBuf(HookAddress, ptr.ToInt32())), 5, 0);
for (int i = 0; i < Hooklen - 5; i++)
{
byteSource.Add(144);
}
byte[] ByteFill = byteSource.ToArray();
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress + 5), ByteFill, ByteFill.Length, 0);
return(ptr);
}
/// <summary>
/// InlineHook
/// </summary>
/// <param name="HookAddress">Hook地址</param>
/// <param name="Hooklen">Hook长度</param>
/// <param name="Callback">回调地址</param>
/// <param name="CallbackOffset">回调偏移</param>
public static IntPtr InlineHook(int HookAddress, int Hooklen, int Callback)
{
List <byte> byteSource = new List <byte>();
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress), Add(new byte[] { 233 }, Inline_GetBuf(HookAddress, Callback)), 5, 0);
for (int i = 0; i < Hooklen - 5; i++)
{
byteSource.Add(144);
}
byte[] ByteFill = byteSource.ToArray();
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress + 5), ByteFill, ByteFill.Length, 0);
return(IntPtr.Zero);
}
/// <summary>
/// InlineHook
/// </summary>
/// <param name="HookAddress">Hook地址</param>
/// <param name="Hooklen">Hook长度</param>
/// <param name="HookBytes0">Hook数据</param>
/// <param name="Callback">回调地址</param>
/// <param name="CallbackOffset">回调偏移</param>
public static IntPtr InlineHook(int HookAddress, int Hooklen,
byte[] HookBytes0, int Callback, int CallbackOffset, string name, Action <Methods.Register> func)
{
WeChetHook.DllcallBack dllcallBack = new WeChetHook.DllcallBack((de1, de2, ECX1, EAX1, EDX1, EBX1, ESP1, EBP1, ESI1, EDI1) => {
//int ECX, int EAX, int EDX, int EBX, int ESP, int EBP, int ESI, int EDI
func(new Register
{
EAX = EAX1,
EBP = EBP1,
EBX = EBX1,
ECX = ECX1,
EDI = EDI1,
EDX = EDX1,
ESI = ESI1,
ESP = ESP1
});
});
int CallHandle = ComputeHash(name);
System.Windows.Forms.MessageBox.Show("CallHandle:" + CallHandle.ToString());
Methods.callBacks.Add(CallHandle, dllcallBack);
List <byte> byteSource1 = new List <byte>();
byteSource1.AddRange(new byte[] { 199, 134, 240, 2, 0, 0 });
byteSource1.AddRange(BitConverter.GetBytes(CallHandle));//把标识指针绑定到寄存器我觉得不靠谱但是目前没啥问题
byteSource1.AddRange(HookBytes0);
byte[] hookbytes = byteSource1.ToArray();
List <byte> byteSource = new List <byte>();
IntPtr ptr = NativeAPI.VirtualAlloc(0, 128, 4096, 64);
NativeAPI.WriteProcessMemory(-1, ptr, hookbytes, hookbytes.Length, 0);
NativeAPI.WriteProcessMemory(-1, ptr + CallbackOffset, Inline_GetBuf(ptr + CallbackOffset - 1, Callback), 4, 0);
NativeAPI.WriteProcessMemory(-1, ptr + hookbytes.Length, Add(new byte[] { 233 }, Inline_GetBuf(ptr + hookbytes.Length, HookAddress + Hooklen)), 5, 0);
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress), Add(new byte[] { 233 }, Inline_GetBuf(HookAddress, ptr.ToInt32())), 5, 0);
for (int i = 0; i < Hooklen - 5; i++)
{
byteSource.Add(144);
}
byte[] ByteFill = byteSource.ToArray();
NativeAPI.WriteProcessMemory(-1, new IntPtr(HookAddress + 5), ByteFill, ByteFill.Length, 0);
return(ptr);
}