Code: Select all
; hot patching hook
; xorc1zt
Procedure HotPatchHook(TargetFuncAddress.l, ProxyFuncAddress.l)
;E9 XX XX XX XX EB F9
Protection.w
JumpOffset.l = ( ProxyFuncAddress - ( TargetFuncAddress-5 ) )-5
VirtualProtect_(TargetFuncAddress-5, 7, #PAGE_EXECUTE_READWRITE, @Protection)
PokeA( TargetFuncAddress-5, $E9 ) ;Far Jump
PokeL( TargetFuncAddress-4, JumpOffset )
PokeA( TargetFuncAddress, $EB ) ;Short Jump
PokeA( TargetFuncAddress+1, $F9 ) ; -5
VirtualProtect_(TargetFuncAddress-5, 7, Protection, @Protection )
EndProcedure
Procedure RemoveHook(TargetFuncAddress.l)
;90 90 90 90 90 8B FF
Protection.w
VirtualProtect_(TargetFuncAddress-5, 7, #PAGE_EXECUTE_READWRITE, @Protection)
PokeA( TargetFuncAddress-5, $90 )
PokeA( TargetFuncAddress-4, $90 )
PokeA( TargetFuncAddress-3, $90 )
PokeA( TargetFuncAddress-2, $90 )
PokeA( TargetFuncAddress-1, $90 )
PokeA( TargetFuncAddress, $8B )
PokeA( TargetFuncAddress+1, $FF )
VirtualProtect_(TargetFuncAddress-5, 7, Protection, @Protection )
EndProcedure
Code: Select all
Prototype.l ProtoMessageBox(Window.l, Body$, Title$, Flags.l = 0)
Global CocoaMessageBox.ProtoMessageBox
Procedure MsgBoxProxy(Window.l, Body$, Title$, Flags.l = 0)
Debug "MessageBoxA: "+Str(Window)+", "+Body$+", "+Title$+", "+Str(Flags)
CocoaMessageBox(Window, Body$, Title$, Flags)
EndProcedure
OpenLibrary(0, "User32.dll")
address.l = GetFunction(0, "MessageBoxA")
CocoaMessageBox = address+2
HotPatchHook(address,@MsgBoxProxy())
CallFunction(0,"MessageBoxA", 0, @"Body", @"Title", 0)
CallFunction(0,"MessageBoxA", 0, @"aaaa", @"bbbb", 0)
CallFunction(0,"MessageBoxA", 0, @"1111", @"2222", 0)
RemoveHook(address)
CallFunction(0,"MessageBoxA", 0, @"cccc", @"dddd", 0)
Code: Select all
Procedure.b IsHotPatchable(TargetFuncAddress.l)
op.q = PeekQ(TargetFuncAddress-5)
If FindString(Hex(op), "FF8B9090909090", 3)
ProcedureReturn #True
EndIf
ProcedureReturn #False
EndProcedure