Video Tutorial – Function Hooking

This is my video tutorial on function hooking.

The hooking function:

 void WriteJMP(byte* location, byte* newFunction)
{
DWORD dwOldProtection;
VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, dwOldProtection);
location[0] = 0xE9;
 *((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
VirtualProtect(location, 5, dwOldProtection, &amp;dwOldProtection);
}

Complete Source:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include &lt;windows.h&gt;
 
typedef unsigned char byte;
typedef unsigned short word;
typedef unsigned int dword;
 
byte countSwitch = 0;
 
DWORD UpdateTimeCall = 0x01001D6C; //This call calls the UpdateTime function
DWORD UpdateTimeRetn = 0x01001D71; //This is the place where we will return     0x01001D6C + 0x05
DWORD UpdateTimeFunc = 0x01002FE0; //This is the updateTime function
 
 
void WriteJMP(byte* location, byte* newFunction){
	DWORD dwOldProtection;
	VirtualProtect(location, 5, PAGE_EXECUTE_READWRITE, &amp;dwOldProtection);
		location[0] = 0xE9;
		*((dword*)(location + 1)) = (dword)(newFunction - location) - 5;
	VirtualProtect(location, 5, dwOldProtection, &amp;dwOldProtection);
}
 
 
void _declspec(naked) hTimeFunc(){
 
	if(countSwitch == 0)
	{
		countSwitch = 1;
 
		_asm 
		{
			JMP UpdateTimeRetn
		}
	}
	else
	{
		countSwitch = 0;
 
		_asm 
		{
			CALL UpdateTimeFunc
			JMP UpdateTimeRetn
		}
 
	}
 
}
 
void initHooks(){
	WriteJMP((byte*)UpdateTimeCall,(byte*)hTimeFunc); //Writes a jump from the original call to our custom function
 
}
 
 
 
 
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		initHooks();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

Enjoy.

13 thoughts on “Video Tutorial – Function Hooking”

What tool did u used in this video 😀 ?

Patrickssj6 says:

January 7, 2013 at 8:54 AM

Olly Debugger?

Reply
1. AJ says:
  
  January 7, 2013 at 6:18 PM
  
  is there a 64 bit version ? cause i could only find 32 …
  
  Reply
  1. Patrickssj6 says:
    
    January 9, 2013 at 1:26 AM
    
    You need the 32-bit version and I believe Olly Phantom Plugin so it runs on 64-bit machines. It cannot debug 64-bit apps though.
    
    Reply

Thanks

Could you also post your source code for the win mine tut dll?

Patrickssj6 says:

November 23, 2010 at 1:49 AM

Done.

Reply

That would be great too.

Well I can make a tut on how to make a DLL Trainer in C++ with injection and how to freeze an address the way Cheat Engine does and a more elegant way.

Oh, and a few other ideas.

How to freeze an address the way cheat engine does

How to use CreateRemoteThread to inject a dll

How to Instead of writing a separate DLL, coping your code to the remote process directly with WriteProcessMemory, and execute it with CreateRemoteThread

I’ve been interested in learning how to make a trainer in C++, similiar to how you make one in C#.

This tutorials are awesome!!!! They have helped me a lot. I look forward to your next one.

Patrickssj6 says:

November 16, 2010 at 9:00 PM

Thanks a lot for your comment! If you have any suggestions for future tutorials, post here.

Reply

Video Tutorial – Function Hooking

May 19, 2010

13 thoughts on “Video Tutorial – Function Hooking”

Leave a message Cancel reply