mirror of
https://github.com/HIllya51/LunaHook.git
synced 2024-12-26 13:14:13 +08:00
issues/34
This commit is contained in:
parent
9c12e7dcd2
commit
bdd8c86474
@ -397,8 +397,82 @@ bool elf2(){
|
||||
|
||||
return NewHook(hp,"Elf");
|
||||
}
|
||||
namespace{
|
||||
//リフレインブルー【Windows10対応】
|
||||
bool _h1(){
|
||||
//HAN-18*-4@42E12:AI5WIN.exe
|
||||
BYTE sig[]={
|
||||
0x33,0xff,
|
||||
0x8b,0x06,
|
||||
0x8b,0xce,
|
||||
0x6a,0x01,
|
||||
0x8b,0x40,0x08,
|
||||
0xff,0xd0,
|
||||
0x0f,0x0b6,0xc0,
|
||||
0x8b,0xce,
|
||||
0x66,0xc1,0xe0,0x08,
|
||||
0x0f,0xb7,0xc0,
|
||||
0x89,0x45,0xfc,
|
||||
0x8b,0x06,
|
||||
0x6a,0x01,
|
||||
0x8b,0x40,0x08,
|
||||
0xff,0xd0,
|
||||
0x0f,0xb6,0xc0,
|
||||
0x8b,0xce,
|
||||
0x66,0x09,0x45,0xfc,
|
||||
0xff,0x75,0xfc,
|
||||
0xe8
|
||||
};
|
||||
ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress);
|
||||
if (!addr)return false;
|
||||
HookParam hp;
|
||||
hp.address=addr+sizeof(sig)-1;
|
||||
hp.type=NO_CONTEXT|USING_CHAR|DATA_INDIRECT|CODEC_ANSI_BE;
|
||||
hp.offset=get_reg(regs::ebp);
|
||||
hp.index=-4;
|
||||
return NewHook(hp,"Elf");
|
||||
}
|
||||
bool _h2(){
|
||||
//HAN4@49570:AI5WIN.exe
|
||||
BYTE sig[]={
|
||||
0x33,0xc5,
|
||||
0x89,0x45,0xfc,
|
||||
0x8a,0x81,XX4,
|
||||
|
||||
0x84,0xc0,
|
||||
0x75,0x0e,
|
||||
0x8b,0x81,XX4,
|
||||
0x03,0x81,XX4,
|
||||
0xeb,XX,
|
||||
|
||||
0x3c,0x01,
|
||||
0x75,0x0e,
|
||||
0x8b,0x81,XX4,
|
||||
0x03,0x81,XX4,
|
||||
0xeb,XX,
|
||||
|
||||
0x3c,0x02,
|
||||
0x75,0x0e,
|
||||
0x8b,0x81,XX4,
|
||||
0x03,0x81,XX4,
|
||||
0xeb,XX,
|
||||
};
|
||||
ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress);
|
||||
if (!addr)return false;
|
||||
addr=MemDbg::findEnclosingAlignedFunction(addr);
|
||||
if (!addr)return false;
|
||||
HookParam hp;
|
||||
hp.address=addr;
|
||||
hp.type=NO_CONTEXT|USING_CHAR|CODEC_ANSI_BE;
|
||||
hp.offset=get_stack(1);
|
||||
return NewHook(hp,"Elf");
|
||||
}
|
||||
bool all(){
|
||||
return _h1()|_h2();
|
||||
}
|
||||
}
|
||||
bool Elf2::attach_function(){
|
||||
return elf2()||Elf2attach_function();
|
||||
return elf2()||Elf2attach_function()||all();
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user