1 AddToTable proc uses ebx edx lpFunctionAddress:DWORD,lpNewFunc:DWORD
2 invoke VirtualAlloc,0,20,MEM_COMMIT,PAGE_READWRITE
3
4 ; FunctionAddr Head BYTE of Function New Head for Function
5 ;[00 00 00 00] [00 00 00 00 00 00 00 00] [B8 00 00 00 00 FF E0 00]
6
7 push eax
8 mov ebx,eax
9 mov eax,lpFunctionAddress
10 mov [ebx],eax
11 add ebx,4
12
13 mov edx,[eax]
14 mov [ebx],edx
15 add eax,4
16 mov edx,[eax]
17 add ebx,4
18 mov [ebx],edx
19
20 add ebx,4
21 mov edx,0b8h
22 mov [ebx],edx
23
24 add ebx,4
25 mov edx,0e0ff00h
26 mov [ebx],edx
27
28 sub ebx,3
29 mov edx,lpNewFunc
30 mov [ebx],edx
31 pop eax
32
33 ret
34 AddToTable endp
35
36
37
38
39
40 RestoreApi proc uses eax ebx ecx dwID:DWORD,bFlag:DWORD
41 local ByteWritten:DWORD
42
43 invoke IsBadReadPtr,dwID,12
44 .if !eax
45 mov eax,dwID
46 mov ebx,[eax]
47
48 mov ecx,eax
49 .if bFlag
50 sub ecx,8
51 .endif
52
53 add ecx,12
54
55 invoke WriteProcessMemory,-1,ebx,ecx,8,addr ByteWritten
56 .endif
57
58 ret
59 RestoreApi endp
60
61
62
63
64
65 AddHookApi proc uses ebx lpszLib:DWORD,lpszFunc:DWORD,lpNewFunc:DWORD
66 invoke LoadLibrary,lpszLib
67 .if eax
68 invoke GetProcAddress,eax,lpszFunc
69 .if eax
70 mov ebx,eax
71 invoke AddToTable,eax,lpNewFunc
72 push eax
73 invoke RestoreApi,eax,0
74 pop eax
75 .else
76 xor eax,eax
77 .endif
78 .endif
79 ret
80 AddHookApi endp
