C++

Forum

 
2 / 5 Byte Code Hopping (Detouring)

nominal (13)
Hi,

I am trying to detour GetASyncKeyState, at first I thought I just need to djmp 5 bytes into the function which would be fine but I have tried this but unsuccessful; 

1
2
3
4
5
6
7
8
9
10
11
12
 
static short(__stdcall*_GetAsyncKeyState)(int vKey);
		_GetAsyncKeyState = (short(__stdcall*)(int vKey))((DWORD)GetAsyncKeyState + 0x05);

		if( GetAsyncKeyState(VK_MBUTTON) )
		{
			Hook();
			Sleep(10);
		}
	}

	return 0;
}


Someone suggested it needs to look like this; 

1
2
3
4
5
6
7
8
9
 
mov eax, apiAddress         // Store the API address in EAX..
add eax, 5                  // Step 5 bytes ahead of the API start..
 
// push arguments here..
 
mov edi, edi                // Restore the __stdcall calling convention..
push ebp                    // Restore the __stdcall calling convention..
mov ebp, esp                // Restore the __stdcall calling convention..
jmp eax                     // Call the API..


Not really sure how I would implement this, any ideas?

Thanks,
nominal (13)
BUMP.

I have gotten this working almost;

SHORT emuGetAsyncKeyState(int vKey);

1
2
3
4
5
6
7
8
9
10
11
 
__declspec(naked) SHORT emuGetAsyncKeyState();
	{
		__asm
	{
		mov eax,GetAsyncKeyState
		add eax,5
		push ebp
		mov ebp,esp
		jmp eax
	}
}


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
		SHORT emuGetAsyncKeyState(int vKey);
{
	__asm
	{
		push vKey
	}
	return GetAsyncKeyState(VK_XBUTTON1);
}

		if( emuGetAsyncKeyState(VK_XBUTTON1) )
		{
			Activate();
			Sleep(10);
		}
	}

	return 0;
}


It is pretty much there, just getting a few errors now but you will understand the implementation.

Thanks,
Topic archived. No new replies allowed.