C++:
DWORD JmpDetour(DWORD OA, DWORD DA) //Credits Jimster480
{
BYTE* DOA = (BYTE*)OA;BYTE* DDA = (BYTE*)DA;
DWORD OP;
BYTE* COC = (BYTE*)OA;
int COS =+ oplen(COC);
COC += COS;
while(COS < 5)
{
int l = oplen(COC);
if(!l) return NULL;
COS += l;
COC += l;
}
DWORD BL = (DWORD)(COC - DOA);
BYTE* DRT = (BYTE*)VirtualAlloc(NULL, 5 + BL, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if(!VirtualProtect(DOA,BL,PAGE_READWRITE,&OP)) return NULL;
if(!memcpy(DRT,DOA,BL)) return NULL;
DRT = DRT + BL;
DRT[0] = 0xE9;
*(DWORD*)(DRT + 1) = (DWORD)(DOA + BL - DRT)-5;
DOA[0] = 0xE9;
*(DWORD*)(DOA + 1) = (DWORD)(DDA - DOA)-5;
for(DWORD N = 5;N<BL;N++) {DOA[N] = 0x90;}
if(!VirtualProtect(DOA,BL,OP,&OP)) return NULL;
FlushInstructionCache(GetCurrentProcess(), NULL, 0);
return (((DWORD)DRT) - BL);
}
C++:
DWORD JmpDetour(DWORD OA, DWORD DA) // Syntax: Original Function Name (Ex: glBegin), New (Detoured) Function Name (Ex: h_glBegin)
{
BYTE* DOA = (BYTE*)OA; // Reassign Orig Address As A Byte (Detour Address)
BYTE* DDA = (BYTE*)DA; // Reassign Target Address As A Byte
DWORD OP; // Old Protect For VirtualProtect
BYTE* COC = (BYTE*)OA; // Current Opcode Of Current Address
int COS =+ oplen(COC); // Length Of Current Opcode
COC += COS; // Current Opcode + Current Opcode Length
while(COS < 5) // Address Opcode Length Finding Loop
{
int l = oplen(COC); // Length Of Current Opcode
if(!l) return NULL; // If Current Opcode Has No Length The Function Fails
COS += l; // Opcode Length + Current Opcode Length
COC += l; // Current Opcode + Current Opcode Length (Next Opcode)
}
DWORD BL = (DWORD)(COC - DOA); // Number (Length) Of Bytes At Detour Address
BYTE* DRT = (BYTE*)malloc(5 + BL); // Detour Return JmpGate Creation (JMPDETOUR Length + Length Of Bytes At Detour Address)
if(!VirtualProtect(DOA,BL,PAGE_READWRITE,&OP)) return NULL; // Set Memory Flags For Detour Address, If Unable To Set, The Function Fails
if(!memcpy(DRT,DOA,BL)) return NULL; // Copy The Opcodes At The Detour Address To The JmpGate We Made
DRT = DRT + BL; // Move The EIP Forward At The JmpGate So It Passes The Opcodes We Just Copied (To Prevent OverWriting)
DRT[0] = 0xE9; // Write The JMP Opcode At The Current JmpGate Address
*(DWORD*)(DRT + 1) = (DWORD)(DOA + BL - DRT) - 5; // Write Return Address After JMP Opcode (Orig Address + Byte Length At Detour Address - Current JmpGate Length) - JMPDETOUR Length
DOA[0] = 0xE9; // Write The JMP Opcode At Detour Address
*(DWORD*)(DOA + 1) = (DWORD)(DDA - DOA) - 5; // Write New (Detoured) Function Address After JMP Opcode (Target Address - Detour Address) - JMPDETOUR Length
if(!VirtualProtect(DOA,BL,OP,&OP)) return NULL; // Reset Memory Flags For Detour Address, If Unable To Set, The Function Fails
return (((DWORD)DRT) - BL); // Return Return JmpGate Address (JmpGate Address - Byte Length At Detour Address)
}
Last edited by a moderator: