mirror of
https://github.com/HIllya51/LunaHook.git
synced 2024-12-25 12:44:13 +08:00
38 lines
1.2 KiB
C++
38 lines
1.2 KiB
C++
#include"Kincaid.h"
|
|
namespace{
|
|
bool _1(){
|
|
// .text:0000000140230D80 mov rsi, rax
|
|
// .text:0000000140230D83 mov edx, 1
|
|
// .text:0000000140230D88 mov rcx, rdi
|
|
// .text:0000000140230D8B call sub_1402B35B0
|
|
// .text:0000000140230D90 lea ebx, [rax-1]
|
|
// .text:0000000140230D93 mov edx, 2
|
|
// .text:0000000140230D98 mov rcx, rdi
|
|
// .text:0000000140230D9B call sub_1402B35B0
|
|
BYTE b1[]={
|
|
0x48,0x8b,0xf0,
|
|
0xba,0x01,0x00,0x00,0x00,
|
|
0x48,0x8b,0xcf,
|
|
0xe8,XX4,
|
|
0x8d,0x58,0xff,
|
|
0xba,0x02,0x00,0x00,0x00,
|
|
0x48,0x8b,0xcf,
|
|
0xe8,XX4
|
|
};
|
|
auto addr=MemDbg::findBytes(b1,sizeof(b1),processStartAddress,processStopAddress);
|
|
if(addr==0)return false;
|
|
HookParam hp;
|
|
hp.address=addr;
|
|
hp.type=USING_STRING|CODEC_UTF8;
|
|
hp.offset=get_reg(regs::rax);
|
|
hp.text_fun=[](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len){
|
|
*data=stack->rax;
|
|
if(stack->retaddr==(DWORD)-1)
|
|
*len=strlen((char*)*data);
|
|
};
|
|
return NewHook(hp,"Kincaid");
|
|
}
|
|
}
|
|
bool Kincaid::attach_function(){
|
|
return _1();
|
|
} |