Хук на функцию ExitProcess
Пример показывающий как легко и просто можно установить хук на функцию API. В
данном случае это реализовано на функции закрытия приложения ExitProcess.
Платформа: Windows
Автор: JaDogg, создано в 2010 году
'WRITTEN BY Bhathiya Perera AKA JaDogg #INCLUDE "windows.bi" #INCLUDE "crt/string.bi" Sub SAY_HELLO_WORLD() 'THIS IS called when exitprocess is called ? "Hello World!" End Sub Dim As Ubyte Ptr B,ZZ ' var B is a temp variable ' zz is the buffer of the new asm code Dim As Any Ptr func_location,new_func_location Dim As DWORD dwProt = NULL If 0 Then ExitProcess(0) 'THIS LINE IS STUPID BUT ITS IMPORTANT func_location = (@ExitProcess) ZZ = Allocate(10) VirtualProtect(func_location,6,PAGE_READWRITE,@dwProt) 'prevent crashing new_func_location = @SAY_HELLO_WORLD ' load the func ptr into new_func_location B = @new_func_location ZZ[0] = &HFF '|this two chars are used for jmp ZZ[1] = &H25 '| *Cast(Uinteger Ptr ,@ZZ[2]) = Cast(Uinteger ,B) 'cpy new location of function memcpy(func_location,ZZ,6) ExitProcess(0) ' CALLS SAY_HELLO_WORLD ExitProcess(0) ' CALLS SAY_HELLO_WORLD Sleep
