Backups/SA-MP
1
0
Fork 0
mirror of https://github.com/dashr9230/SA-MP.git synced 2024-12-22 22:47:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[launch3] Replace DLL injection functions with Detours library integration

Browse Source
This commit is contained in:
RD42 2023-10-27 17:05:24 +08:00
parent 3dba9aef58
commit 7c4cb763b2
7 changed files with 622 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

616
launch3/detours.h Normal file
View File

@ -0,0 +1,616 @@
//////////////////////////////////////////////////////////////////////////////
//
// File: detours.h
// Module: detours.lib
//
// Detours for binary functions. Version 1.5 (Build 46)
//
// Copyright 1995-2001, Microsoft Corporation
//
#pragma once
#ifndef _DETOURS_H_
#define _DETOURS_H_
#pragma comment(lib, "detours")
//////////////////////////////////////////////////////////////////////////////
//
#ifndef GUID_DEFINED
#define GUID_DEFINED
typedef struct _GUID
{
DWORD Data1;
WORD Data2;
WORD Data3;
BYTE Data4[ 8 ];
} GUID;
#endif // !GUID_DEFINED
#if defined(__cplusplus)
#ifndef _REFGUID_DEFINED
#define _REFGUID_DEFINED
#define REFGUID const GUID &
#endif // !_REFGUID_DEFINED
#else // !__cplusplus
#ifndef _REFGUID_DEFINED
#define _REFGUID_DEFINED
#define REFGUID const GUID * const
#endif // !_REFGUID_DEFINED
#endif // !__cplusplus
//
//////////////////////////////////////////////////////////////////////////////
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/////////////////////////////////////////////////// Instruction Target Macros.
//
#define DETOUR_INSTRUCTION_TARGET_NONE ((PBYTE)0)
#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PBYTE)~0ul)
/////////////////////////////////////////////////////////// Trampoline Macros.
//
// DETOUR_TRAMPOLINE(trampoline_prototype, target_name)
//
// The naked trampoline must be at least DETOUR_TRAMPOLINE_SIZE bytes.
//
#define DETOUR_TRAMPOLINE_SIZE 32
#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0"
#define DETOUR_TRAMPOLINE(trampoline,target) \
static PVOID __fastcall _Detours_GetVA_##target(VOID) \
{ \
return ⌖ \
} \
\
__declspec(naked) trampoline \
{ \
__asm { nop };\
__asm { nop };\
__asm { call _Detours_GetVA_##target };\
__asm { jmp eax };\
__asm { ret };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
}
#define DETOUR_TRAMPOLINE_EMPTY(trampoline) \
__declspec(naked) trampoline \
{ \
__asm { nop };\
__asm { nop };\
__asm { xor eax, eax };\
__asm { mov eax, [eax] };\
__asm { ret };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
__asm { nop };\
}
/////////////////////////////////////////////////////////// Binary Structures.
//
#pragma pack(push, 8)
typedef struct _DETOUR_SECTION_HEADER
{
DWORD cbHeaderSize;
DWORD nSignature;
DWORD nDataOffset;
DWORD cbDataSize;
DWORD nOriginalImportVirtualAddress;
DWORD nOriginalImportSize;
DWORD nOriginalBoundImportVirtualAddress;
DWORD nOriginalBoundImportSize;
DWORD nOriginalIatVirtualAddress;
DWORD nOriginalIatSize;
DWORD nOriginalSizeOfImage;
DWORD nReserve;
} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER;
typedef struct _DETOUR_SECTION_RECORD
{
DWORD cbBytes;
DWORD nReserved;
GUID guid;
} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD;
#pragma pack(pop)
#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \
{ \
sizeof(DETOUR_SECTION_HEADER),\
DETOUR_SECTION_HEADER_SIGNATURE,\
sizeof(DETOUR_SECTION_HEADER),\
(cbSectionSize),\
\
0,\
0,\
0,\
0,\
\
0,\
0,\
0,\
0,\
}
///////////////////////////////////////////////////////////// Binary Typedefs.
//
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)(PVOID pContext,
PCHAR pszFile,
PCHAR *ppszOutFile);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)(PVOID pContext,
PCHAR pszOrigFile,
PCHAR pszFile,
PCHAR *ppszOutFile);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)(PVOID pContext,
DWORD nOrdinal,
PCHAR pszOrigSymbol,
PCHAR pszSymbol,
PCHAR *ppszOutSymbol);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FINAL_CALLBACK)(PVOID pContext);
typedef BOOL (CALLBACK *PF_DETOUR_BINARY_EXPORT_CALLBACK)(PVOID pContext,
DWORD nOrdinal,
PCHAR pszName,
PBYTE pbCode);
typedef VOID * PDETOUR_BINARY;
typedef VOID * PDETOUR_LOADED_BINARY;
//////////////////////////////////////////////////////// Trampoline Functions.
//
PBYTE WINAPI DetourFunction(PBYTE pbTargetFunction,
PBYTE pbDetourFunction);
BOOL WINAPI DetourFunctionWithEmptyTrampoline(PBYTE pbTrampoline,
PBYTE pbTarget,
PBYTE pbDetour);
BOOL WINAPI DetourFunctionWithEmptyTrampolineEx(PBYTE pbTrampoline,
PBYTE pbTarget,
PBYTE pbDetour,
PBYTE *ppbRealTrampoline,
PBYTE *ppbRealTarget,
PBYTE *ppbRealDetour);
BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline,
PBYTE pbDetour);
BOOL WINAPI DetourFunctionWithTrampolineEx(PBYTE pbTrampoline,
PBYTE pbDetour,
PBYTE *ppbRealTrampoline,
PBYTE *ppbRealTarget);
BOOL WINAPI DetourRemove(PBYTE pbTrampoline, PBYTE pbDetour);
////////////////////////////////////////////////////////////// Code Functions.
//
PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction);
PBYTE WINAPI DetourGetFinalCode(PBYTE pbCode, BOOL fSkipJmp);
PBYTE WINAPI DetourCopyInstruction(PBYTE pbDst, PBYTE pbSrc, PBYTE *ppbTarget);
PBYTE WINAPI DetourCopyInstructionEx(PBYTE pbDst,
PBYTE pbSrc,
PBYTE *ppbTarget,
LONG *plExtra);
///////////////////////////////////////////////////// Loaded Binary Functions.
//
HMODULE WINAPI DetourEnumerateModules(HMODULE hModuleLast);
PBYTE WINAPI DetourGetEntryPoint(HMODULE hModule);
BOOL WINAPI DetourEnumerateExports(HMODULE hModule,
PVOID pContext,
PF_DETOUR_BINARY_EXPORT_CALLBACK pfExport);
PBYTE WINAPI DetourFindPayload(HMODULE hModule, REFGUID rguid, DWORD *pcbData);
DWORD WINAPI DetourGetSizeOfPayloads(HMODULE hModule);
///////////////////////////////////////////////// Persistent Binary Functions.
//
BOOL WINAPI DetourBinaryBindA(PCHAR pszFile, PCHAR pszDll, PCHAR pszPath);
BOOL WINAPI DetourBinaryBindW(PWCHAR pwzFile, PWCHAR pwzDll, PWCHAR pwzPath);
#ifdef UNICODE
#define DetourBinaryBind DetourBinaryBindW
#else
#define DetourBinaryBind DetourBinaryBindA
#endif // !UNICODE
PDETOUR_BINARY WINAPI DetourBinaryOpen(HANDLE hFile);
PBYTE WINAPI DetourBinaryEnumeratePayloads(PDETOUR_BINARY pBinary,
GUID *pGuid,
DWORD *pcbData,
DWORD *pnIterator);
PBYTE WINAPI DetourBinaryFindPayload(PDETOUR_BINARY pBinary,
REFGUID rguid,
DWORD *pcbData);
PBYTE WINAPI DetourBinarySetPayload(PDETOUR_BINARY pBinary,
REFGUID rguid,
PBYTE pbData,
DWORD cbData);
BOOL WINAPI DetourBinaryDeletePayload(PDETOUR_BINARY pBinary, REFGUID rguid);
BOOL WINAPI DetourBinaryPurgePayloads(PDETOUR_BINARY pBinary);
BOOL WINAPI DetourBinaryResetImports(PDETOUR_BINARY pBinary);
BOOL WINAPI DetourBinaryEditImports(PDETOUR_BINARY pBinary,
PVOID pContext,
PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway,
PF_DETOUR_BINARY_FILE_CALLBACK pfFile,
PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol,
PF_DETOUR_BINARY_FINAL_CALLBACK pfFinal);
BOOL WINAPI DetourBinaryWrite(PDETOUR_BINARY pBinary, HANDLE hFile);
BOOL WINAPI DetourBinaryClose(PDETOUR_BINARY pBinary);
/////////////////////////////////////////////// First Chance Exception Filter.
//
LPTOP_LEVEL_EXCEPTION_FILTER WINAPI
DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter);
///////////////////////////////////////////////// Create Process & Inject Dll.
//
typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)
(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)
(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
BOOL WINAPI DetourCreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEA
pfCreateProcessA);
BOOL WINAPI DetourCreateProcessWithDllW(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPCWSTR lpDllName,
PDETOUR_CREATE_PROCESS_ROUTINEW
pfCreateProcessW);
#ifdef UNICODE
#define DetourCreateProcessWithDll DetourCreateProcessWithDllW
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW
#else
#define DetourCreateProcessWithDll DetourCreateProcessWithDllA
#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA
#endif // !UNICODE
BOOL WINAPI DetourContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName);
BOOL WINAPI DetourContinueProcessWithDllW(HANDLE hProcess, LPCWSTR lpDllName);
#ifdef UNICODE
#define DetourContinueProcessWithDll DetourContinueProcessWithDllW
#else
#define DetourContinueProcessWithDll DetourContinueProcessWithDllA
#endif // !UNICODE
//
//////////////////////////////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif // __cplusplus
/////////////////////////////////////////////////////////////////// Old Names.
//
#define ContinueProcessWithDll DetourContinueProcessWithDll
#define ContinueProcessWithDllA DetourContinueProcessWithDllA
#define ContinueProcessWithDllW DetourContinueProcessWithDllW
#define CreateProcessWithDll DetourCreateProcessWithDll
#define CreateProcessWithDllA DetourCreateProcessWithDllA
#define CreateProcessWithDllW DetourCreateProcessWithDllW
#define DETOUR_TRAMPOLINE_WO_TARGET DETOUR_TRAMPOLINE_EMPTY
#define DetourBinaryPurgePayload DetourBinaryPurgePayloads
#define DetourEnumerateExportsForInstance DetourEnumerateExports
#define DetourEnumerateInstances DetourEnumerateModules
#define DetourFindEntryPointForInstance DetourGetEntryPoint
#define DetourFindFinalCode DetourGetFinalCode
#define DetourFindPayloadInBinary DetourFindPayload
#define DetourGetSizeOfBinary DetourGetSizeOfPayloads
#define DetourRemoveWithTrampoline DetourRemove
#define PCREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINE
#define PCREATE_PROCESS_ROUTINEA PDETOUR_CREATE_PROCESS_ROUTINEA
#define PCREATE_PROCESS_ROUTINEW PDETOUR_CREATE_PROCESS_ROUTINEW
//
//////////////////////////////////////////////// Detours Internal Definitions.
//
#ifdef __cplusplus
#ifdef DETOURS_INTERNAL
//////////////////////////////////////////////////////////////////////////////
//
#ifdef IMAGEAPI // defined by IMAGEHLP.H
typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(LPAPI_VERSION AppVersion);
typedef BOOL (NTAPI *PF_SymInitialize)(IN HANDLE hProcess,
IN LPSTR UserSearchPath,
IN BOOL fInvadeProcess);
typedef DWORD (NTAPI *PF_SymSetOptions)(IN DWORD SymOptions);
typedef DWORD (NTAPI *PF_SymGetOptions)(VOID);
typedef BOOL (NTAPI *PF_SymLoadModule)(IN HANDLE hProcess,
IN HANDLE hFile,
IN PSTR ImageName,
IN PSTR ModuleName,
IN DWORD BaseOfDll,
IN DWORD SizeOfDll);
typedef BOOL (NTAPI *PF_SymGetModuleInfo)(IN HANDLE hProcess,
IN DWORD dwAddr,
OUT PIMAGEHLP_MODULE ModuleInfo);
typedef BOOL (NTAPI *PF_SymGetSymFromName)(IN HANDLE hProcess,
IN LPSTR Name,
OUT PIMAGEHLP_SYMBOL Symbol);
typedef BOOL (NTAPI *PF_BindImage)(IN LPSTR pszImageName,
IN LPSTR pszDllPath,
IN LPSTR pszSymbolPath);
typedef struct _DETOUR_SYM_INFO
{
HANDLE hProcess;
HMODULE hImageHlp;
PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx;
PF_SymInitialize pfSymInitialize;
PF_SymSetOptions pfSymSetOptions;
PF_SymGetOptions pfSymGetOptions;
PF_SymLoadModule pfSymLoadModule;
PF_SymGetModuleInfo pfSymGetModuleInfo;
PF_SymGetSymFromName pfSymGetSymFromName;
PF_BindImage pfBindImage;
} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO;
PDETOUR_SYM_INFO DetourLoadImageHlp(VOID);
#endif // IMAGEAPI
//////////////////////////////////////////////////////////////////////////////
//
class CDetourEnableWriteOnCodePage
{
public:
CDetourEnableWriteOnCodePage(PBYTE pbCode, LONG cbCode = DETOUR_TRAMPOLINE_SIZE)
{
m_pbCode = pbCode;
m_cbCode = cbCode;
m_dwOldPerm = 0;
m_hProcess = GetCurrentProcess();
if (m_pbCode && m_cbCode) {
if (!FlushInstructionCache(m_hProcess, pbCode, cbCode)) {
return;
}
if (!VirtualProtect(pbCode,
cbCode,
PAGE_EXECUTE_READWRITE,
&m_dwOldPerm)) {
return;
}
}
}
~CDetourEnableWriteOnCodePage()
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
DWORD dwTemp = 0;
if (!FlushInstructionCache(m_hProcess, m_pbCode, m_cbCode)) {
return;
}
if (!VirtualProtect(m_pbCode, m_cbCode, m_dwOldPerm, &dwTemp)) {
return;
}
}
}
BOOL SetPermission(DWORD dwPerms)
{
if (m_dwOldPerm && m_pbCode && m_cbCode) {
m_dwOldPerm = dwPerms;
return TRUE;
}
return FALSE;
}
BOOL IsValid(VOID)
{
return m_pbCode && m_cbCode && m_dwOldPerm;
}
private:
HANDLE m_hProcess;
PBYTE m_pbCode;
LONG m_cbCode;
DWORD m_dwOldPerm;
};
//////////////////////////////////////////////////////////////////////////////
//
inline PBYTE DetourGenMovEax(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB8;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBB;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEcx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xB9;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdx(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBA;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBE;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEdi(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBF;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEbp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBD;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenMovEsp(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0xBC;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPush(PBYTE pbCode, UINT32 nValue)
{
*pbCode++ = 0x68;
*((UINT32*&)pbCode)++ = nValue;
return pbCode;
}
inline PBYTE DetourGenPushad(PBYTE pbCode)
{
*pbCode++ = 0x60;
return pbCode;
}
inline PBYTE DetourGenPopad(PBYTE pbCode)
{
*pbCode++ = 0x61;
return pbCode;
}
inline PBYTE DetourGenJmp(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE9;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenCall(PBYTE pbCode, PBYTE pbJmpDst, PBYTE pbJmpSrc = 0)
{
if (pbJmpSrc == 0) {
pbJmpSrc = pbCode;
}
*pbCode++ = 0xE8;
*((INT32*&)pbCode)++ = pbJmpDst - (pbJmpSrc + 5);
return pbCode;
}
inline PBYTE DetourGenBreak(PBYTE pbCode)
{
*pbCode++ = 0xcc;
return pbCode;
}
inline PBYTE DetourGenRet(PBYTE pbCode)
{
*pbCode++ = 0xc3;
return pbCode;
}
inline PBYTE DetourGenNop(PBYTE pbCode)
{
*pbCode++ = 0x90;
return pbCode;
}
#endif DETOURS_INTERAL
#endif // __cplusplus
#endif // _DETOURS_H_
//
//////////////////////////////////////////////////////////////// End of File.

BIN
launch3/detours.lib Normal file
View File

Binary file not shown.

BIN
launch3/launch3.aps
View File

Binary file not shown.

4
launch3/launch3.dsp
View File

@ -112,6 +112,10 @@ SOURCE=.\StdAfx.cpp
# PROP Default_Filter "h;hpp;hxx;hm;inl"
# Begin Source File
SOURCE=.\detours.h
# End Source File
# Begin Source File
SOURCE=.\launch3.h
# End Source File
# Begin Source File

BIN
launch3/launch3.ncb
View File

Binary file not shown.

BIN
launch3/launch3.opt
View File

Binary file not shown.

243
launch3/launch3Dlg.cpp
View File

@ -5,7 +5,7 @@
#include "launch3.h"
#include "launch3Dlg.h"
#include <windows.h>
#include "detours.h"
#ifdef _DEBUG
#define new DEBUG_NEW
@ -13,43 +13,6 @@
static char THIS_FILE[] = __FILE__;
#endif
typedef BOOL (WINAPI* Proc_CreateProcessA)(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPSTR lpDllFullPath,
Proc_CreateProcessA FuncAddress);
BOOL SuspendTidAndInjectCode(HANDLE hProcess, HANDLE hThread, DWORD dwFuncAddress, const BYTE * lpShellCode, size_t uCodeSize);
BYTE* mov_eax_xx(BYTE* lpCurAddress, DWORD eax);
BYTE* mov_ebx_xx(BYTE* lpCurAddress, DWORD ebx);
BYTE* mov_ecx_xx(BYTE* lpCurAddress, DWORD ecx);
BYTE* mov_edx_xx(BYTE* lpCurAddress, DWORD edx);
BYTE* mov_esi_xx(BYTE* lpCurAddress, DWORD esi);
BYTE* mov_edi_xx(BYTE* lpCurAddress, DWORD edi);
BYTE* mov_ebp_xx(BYTE* lpCurAddress, DWORD ebp);
BYTE* mov_esp_xx(BYTE* lpCurAddress, DWORD esp);
BYTE* push_xx(BYTE* lpCurAddress, DWORD dwAddress);
BYTE* mov_eip_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip);
BYTE* Call_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip);
/////////////////////////////////////////////////////////////////////////////
PROCESS_INFORMATION ProcessInformation;
@ -67,7 +30,7 @@ void LaunchMod(LPCSTR lpPath, LPSTR lpParams)
StartupInfo.cb = sizeof(StartupInfo);
ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
if (!CreateProcessWithDllA(szGtaExe,
if (!DetourCreateProcessWithDll(szGtaExe,
lpParams,
NULL,
NULL,
@ -207,205 +170,3 @@ void CLaunch3Dlg::OnButton1()
{
LaunchMod(GetAppPath(), "-c -h 127.0.0.1 -p 7777 -n Player");
}
DWORD GetFuncAddress()
{
return (DWORD)GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA");
}
BOOL WINAPI CreateProcessWithDllA(LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
LPSTR lpDllFullPath,
Proc_CreateProcessA FuncAddress)
{
BOOL bResult = FALSE;
size_t uCodeSize;
DWORD dwCreaFlags = dwCreationFlags;
PROCESS_INFORMATION pi;
if (FuncAddress == NULL)
{
FuncAddress = CreateProcessA;
}
dwCreaFlags = dwCreationFlags | CREATE_SUSPENDED;
if (FuncAddress(lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreaFlags,
lpEnvironment,
lpCurrentDirectory,
lpStartupInfo,
&pi))
{
if (lpDllFullPath)
uCodeSize = strlen(lpDllFullPath) + 1;
else
uCodeSize = 0;
DWORD dwLoadDllProc = GetFuncAddress();
if (SuspendTidAndInjectCode(pi.hProcess, pi.hThread, dwLoadDllProc, (BYTE*)lpDllFullPath, uCodeSize))
{
if (lpProcessInformation)
memcpy(lpProcessInformation, &pi, sizeof(PROCESS_INFORMATION));
if (!(dwCreationFlags & CREATE_SUSPENDED))
ResumeThread(pi.hThread);
bResult = TRUE;
}
}
return bResult;
}
BOOL SuspendTidAndInjectCode(HANDLE hProcess, HANDLE hThread, DWORD dwFuncAddress, const BYTE * lpShellCode, size_t uCodeSize)
{
BYTE ShellCodeBuf[0x480];
CONTEXT Context;
DWORD flOldProtect = 0;
SIZE_T NumberOfBytesWritten = 0;
LPBYTE lpCurESPAddress;
LPBYTE lpCurBufAddress;
BOOL bResult = FALSE;
SuspendThread(hThread);
memset(&Context,0,sizeof(Context));
Context.ContextFlags = CONTEXT_FULL;
if (GetThreadContext(hThread, &Context))
{
lpCurESPAddress = (LPBYTE)((Context.Esp - 0x480) & 0xFFFFFFE0);
lpCurBufAddress = &ShellCodeBuf[0];
if (lpShellCode)
{
memcpy(ShellCodeBuf + 128, lpShellCode, uCodeSize);
lpCurBufAddress = push_xx(lpCurBufAddress, (DWORD)(lpCurESPAddress + 128));
lpCurBufAddress = Call_xx(lpCurBufAddress, dwFuncAddress, (DWORD)lpCurESPAddress + (DWORD)lpCurBufAddress - (DWORD)&ShellCodeBuf);
}
lpCurBufAddress = mov_eax_xx(lpCurBufAddress, Context.Eax);
lpCurBufAddress = mov_ebx_xx(lpCurBufAddress, Context.Ebx);
lpCurBufAddress = mov_ecx_xx(lpCurBufAddress, Context.Ecx);
lpCurBufAddress = mov_edx_xx(lpCurBufAddress, Context.Edx);
lpCurBufAddress = mov_esi_xx(lpCurBufAddress, Context.Esi);
lpCurBufAddress = mov_edi_xx(lpCurBufAddress, Context.Edi);
lpCurBufAddress = mov_ebp_xx(lpCurBufAddress, Context.Ebp);
lpCurBufAddress = mov_esp_xx(lpCurBufAddress, Context.Esp);
lpCurBufAddress = mov_eip_xx(lpCurBufAddress, Context.Eip, (DWORD)lpCurESPAddress + (DWORD)lpCurBufAddress - (DWORD)&ShellCodeBuf);
Context.Esp = (DWORD)(lpCurESPAddress - 4);
Context.Eip = (DWORD)lpCurESPAddress;
if (VirtualProtectEx(hProcess, lpCurESPAddress, 0x480, PAGE_EXECUTE_READWRITE, &flOldProtect)
&& WriteProcessMemory(hProcess, lpCurESPAddress, &ShellCodeBuf, 0x480, &NumberOfBytesWritten)
&& FlushInstructionCache(hProcess, lpCurESPAddress, 0x480)
&& SetThreadContext(hThread, &Context) )
{
bResult = TRUE;
}
}
ResumeThread(hThread);
return bResult;
}
BYTE* mov_eax_xx(BYTE* lpCurAddress, DWORD eax)
{
*lpCurAddress = 0xB8;
*(DWORD*)(lpCurAddress + 1) = eax;
return lpCurAddress + 5;
}
BYTE* mov_ebx_xx(BYTE* lpCurAddress, DWORD ebx)
{
*lpCurAddress = 0xBB;
*(DWORD*)(lpCurAddress + 1) = ebx;
return lpCurAddress + 5;
}
BYTE* mov_ecx_xx(BYTE* lpCurAddress, DWORD ecx)
{
*lpCurAddress = 0xB9;
*(DWORD*)(lpCurAddress + 1) = ecx;
return lpCurAddress + 5;
}
BYTE* mov_edx_xx(BYTE* lpCurAddress, DWORD edx)
{
*lpCurAddress = 0xBA;
*(DWORD*)(lpCurAddress + 1) = edx;
return lpCurAddress + 5;
}
BYTE* mov_esi_xx(BYTE* lpCurAddress, DWORD esi)
{
*lpCurAddress = 0xBE;
*(DWORD*)(lpCurAddress + 1) = esi;
return lpCurAddress + 5;
}
BYTE* mov_edi_xx(BYTE* lpCurAddress, DWORD edi)
{
*lpCurAddress = 0xBF;
*(DWORD*)(lpCurAddress + 1) = edi;
return lpCurAddress + 5;
}
BYTE* mov_ebp_xx(BYTE* lpCurAddress, DWORD ebp)
{
*lpCurAddress = 0xBD;
*(DWORD*)(lpCurAddress + 1) = ebp;
return lpCurAddress + 5;
}
BYTE* mov_esp_xx(BYTE* lpCurAddress, DWORD esp)
{
*lpCurAddress = 0xBC;
*(DWORD*)(lpCurAddress + 1) = esp;
return lpCurAddress + 5;
}
BYTE* push_xx(BYTE* lpCurAddress, DWORD dwAddress)
{
*lpCurAddress = 0x68;
*(DWORD*)(lpCurAddress + 1) = dwAddress;
return lpCurAddress + 5;
}
BYTE* mov_eip_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip)
{
if (!newEip)
{
newEip = (DWORD)lpCurAddress;
}
*lpCurAddress = 0xE9;
*(DWORD*)(lpCurAddress + 1) = eip - (newEip + 5);
return lpCurAddress + 5;
}
BYTE* Call_xx(BYTE* lpCurAddress, DWORD eip, DWORD newEip)
{
if (!newEip)
{
newEip = (DWORD)lpCurAddress;
}
*lpCurAddress = 0xE8;
*(DWORD*)(lpCurAddress + 1) = eip - (newEip + 5);
return lpCurAddress + 5;
}