From 0b2e30605a952548ab00fb9d3447ebc9c2491c1d Mon Sep 17 00:00:00 2001
From: Lenheart <947330670@qq.com>
Date: Mon, 7 Mar 2022 13:50:29 +0800
Subject: [PATCH] 111

---
 test/dllmain.cpp          | 79 +++++++++++++++++++++++++++++++++++++++
 test/inlinehook.cpp       | 36 ++++++++++++++++++
 test/inlinehook.h         | 52 ++++++++++++++++++++++++++
 test/test.vcxproj         |  2 +
 test/test.vcxproj.filters |  6 +++
 5 files changed, 175 insertions(+)
 create mode 100644 test/inlinehook.cpp
 create mode 100644 test/inlinehook.h

diff --git a/test/dllmain.cpp b/test/dllmain.cpp
index 42909bc..a95f905 100644
--- a/test/dllmain.cpp
+++ b/test/dllmain.cpp
@@ -144,10 +144,89 @@ void LenheartThread(void)
 
 
 
+#include "inlinehook.h"
 
+inlinehook* TEA = nullptr;
+inlinehook* TEB = nullptr;
+
+
+void JMPre(int address)
+{
+    _asm
+    {
+        pop ebp
+        add esp, 0x00000004
+        ret
+    }
+}
+
+void qubb(int a1,int a2,int a3)
+{
+    _asm
+    {
+        push esi
+        push edi
+        pushfd
+        cld
+        mov ecx, dword ptr[ebp + 0x10]
+        mov esi, dword ptr[ebp + 0x0c]
+        mov edi, dword ptr[ebp + 0x08]
+        rep movsb
+        popfd
+        pop edi
+        pop esi
+    }
+}
+
+void datec()
+{
+    int ptrd;
+    int packtype;
+    int packlen;
+
+    ptrd = 0;
+    _asm 
+    {
+        mov dword ptr[ebp - 0x04], ebx
+    }
+    //packtype = *(int*)(ptrd + 1);
+    qubb(packtype,ptrd + 1, 2);
+    qubb(packlen,ptrd + 3, 2);
+    //packlen = *(int*)(ptrd + 3);
+
+}
+
+
+void hookadd()
+{
+    _asm
+    {
+        pushad
+        pushfd
+    }
+
+    datec();
+
+    _asm
+    {
+        popfd
+        popad
+    }
+
+    _asm
+    {
+        mov ecx, dword ptr[ebp - 0x0000012c]
+    }
+
+    JMPre(7333970);
+}
 
 DWORD WINAPI MyThreadProc2(LPVOID pParam)
 {
+    std::cout << u8"å¼€å§‹HOOK" << std::endl;
+    TEA = new inlinehook(0x6FE84C, (int)hookadd);
+    //ä¿®æ”¹åœ°å€
+    TEA->Motify_address();
 
 
     return 0;
diff --git a/test/inlinehook.cpp b/test/inlinehook.cpp
new file mode 100644
index 0000000..b440a3f
--- /dev/null
+++ b/test/inlinehook.cpp
@@ -0,0 +1,36 @@
+#include "pch.h"
+#include "inlinehook.h"
+
+#include <Windows.h>
+
+
+DWORD inlinehook::Motify_memory_attributes(int address, DWORD attributes)
+{
+		DWORD Old_attributes;
+		VirtualProtect(reinterpret_cast<void*>(address), Byte_Length, attributes, &Old_attributes);
+		return Old_attributes;
+}
+
+void inlinehook::Motify_address()
+{
+	
+		DWORD attributes = Motify_memory_attributes(m_original_address);
+
+		//Ð´ÈëÎÒÃÇ¹¹ÔìµÄBYTE ÊµÏÖ hook
+		memcpy(reinterpret_cast<void*>(m_original_address), m_self_byte, Byte_Length);
+
+		//»Ö¸´ÄÚ´æÊôÐÔ
+		Motify_memory_attributes(m_original_address, attributes);
+	
+}
+
+void inlinehook::Restore_address()
+{
+	DWORD attributes = Motify_memory_attributes(m_original_address);
+
+	//Ð´ÈëÔ­Ê¼µÄBYTE ÊµÏÖ hook
+	memcpy(reinterpret_cast<void*>(m_original_address), m_original_byte, Byte_Length);
+
+	//»Ö¸´ÄÚ´æÊôÐÔ
+	Motify_memory_attributes(m_original_address, attributes);
+}
diff --git a/test/inlinehook.h b/test/inlinehook.h
new file mode 100644
index 0000000..81f6e39
--- /dev/null
+++ b/test/inlinehook.h
@@ -0,0 +1,52 @@
+#pragma once
+
+constexpr int Byte_Length = 5;
+
+class inlinehook
+{
+private:
+	using uchar = unsigned char;
+
+	//Ô­Ê¼º¯Êý´¦µÄ»ã±àÖ¸Áî
+	uchar m_original_byte[Byte_Length];
+	//ÎÒÃÇ¹¹ÔìµÄ»ã±àÖ¸Áî
+	uchar m_self_byte[Byte_Length];
+
+	//Ô­Ê¼º¯ÊýµØÖ·
+	int m_original_address;
+	//ÎÒÃÇº¯ÊýµØÖ·
+	int m_self_address;
+
+	DWORD Motify_memory_attributes(int address, DWORD attributes = PAGE_EXECUTE_READWRITE);
+
+
+public:
+
+	inlinehook(int original_address, int self_address):m_original_address(original_address), m_self_address(self_address)
+	{
+		//¹¹Ôìjmp
+		m_self_byte[0] = '\xe9';
+		//¼ÆËãÆ«ÒÆ
+		int offset = self_address - (original_address + Byte_Length);
+
+		//¹¹ÔìÌø×ªµ½ÎÒÃÇµÄº¯ÊýBYTE
+		memcpy(&m_self_byte[1], &offset, Byte_Length - 1);
+
+		//ÐÞ¸ÄÄÚ´æÊôÐÔ
+		DWORD attributes = Motify_memory_attributes(original_address);
+
+		//±£´æÔ­Ê¼µÄº¯ÊýµØÖ·µÄBYTE
+		memcpy(&m_original_byte, reinterpret_cast<void*>(original_address), Byte_Length);
+
+		//»Ö¸´ÄÚ´æÊôÐÔ
+		Motify_memory_attributes(original_address, attributes);
+	}
+
+
+	//ÐÞ¸ÄµØÖ·
+	void Motify_address();
+
+	//»¹Ô­µØÖ·
+	void Restore_address();
+};
+
diff --git a/test/test.vcxproj b/test/test.vcxproj
index 8a4b3d0..adc24e6 100644
--- a/test/test.vcxproj
+++ b/test/test.vcxproj
@@ -171,11 +171,13 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClInclude Include="framework.h" />
+    <ClInclude Include="inlinehook.h" />
     <ClInclude Include="pch.h" />
     <ClInclude Include="RSAC.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="inlinehook.cpp" />
     <ClCompile Include="pch.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
diff --git a/test/test.vcxproj.filters b/test/test.vcxproj.filters
index 204097b..1f9f069 100644
--- a/test/test.vcxproj.filters
+++ b/test/test.vcxproj.filters
@@ -24,6 +24,9 @@
     <ClInclude Include="RSAC.h">
       <Filter>å¤´æ–‡ä»¶</Filter>
     </ClInclude>
+    <ClInclude Include="inlinehook.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="dllmain.cpp">
@@ -38,5 +41,8 @@
     <ClCompile Include="RSAC.cpp">
       <Filter>æºæ–‡ä»¶</Filter>
     </ClCompile>
+    <ClCompile Include="inlinehook.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>
\ No newline at end of file