Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Windows Api Hooking
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-02-2022, 02:08
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 695
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 841
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Post
@Fyyre

HTML Code:
https://reverseengineering.stackexchange.com/questions/15933/how-to-bypass-or-block-getsystemtime

A friend and I made this a long time ago, to bypass trial on a certain program (not naming it). It modifies the value that GetSystemTimeAsFileTime returned.

GetSystemTimeAsFileTime Hotpatch

http://fyyre.ru/dllmain.cpp
can please re upload it, very much interested.

Thanks !
Attached Images
File Type: jpg Capture.JPG (39.7 KB, 17 views)
Reply With Quote
  #2  
Old 11-03-2022, 01:00
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 295
Rept. Given: 106
Rept. Rcvd 93 Times in 44 Posts
Thanks Given: 203
Thanks Rcvd at 397 Times in 130 Posts
Fyyre Reputation: 93
Hi there,

Today I made this method/project available via my Github. I hope you find it helpful:

https://github.com/Fyyre/proxy_dll

Quote:
Originally Posted by user1 View Post
@Fyyre

HTML Code:
https://reverseengineering.stackexchange.com/questions/15933/how-to-bypass-or-block-getsystemtime

A friend and I made this a long time ago, to bypass trial on a certain program (not naming it). It modifies the value that GetSystemTimeAsFileTime returned.

GetSystemTimeAsFileTime Hotpatch

http://fyyre.ru/dllmain.cpp
can please re upload it, very much interested.

Thanks !
__________________
Pax in vultu, bellum in corde.

--

https://github.com/Fyyre
Reply With Quote
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post:
chessgod101 (11-03-2022), copyleft (12-16-2022), MarcElBichon (11-03-2022), tonyweb (12-10-2022), user1 (11-29-2022), yoza (11-03-2022)
The Following 14 Users Say Thank You to Fyyre For This Useful Post:
besoeso (11-04-2022), chessgod101 (11-03-2022), copyleft (12-16-2022), FiNALSErAPH (11-06-2022), hp3 (11-03-2022), Mendax47 (11-03-2022), niculaita (11-03-2022), ontryit (12-03-2022), sh3dow (11-03-2022), Spiderz_Soft (12-16-2022), user1 (11-03-2022), user_hidden (11-03-2022), yoza (11-03-2022), zeuscane (11-03-2022)
  #3  
Old 11-29-2022, 22:36
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 695
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 841
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Question
This code only for x86 for x64 need changed

anyone can help with this?

Code:
#define DETOUR_DEFINE(F) BYTE OH_##F[5]; BYTE NH_##F[5];
#define DETOUR_SET(F) DetourSet((DWORD)F, (DWORD)D_##F, OH_##F, NH_##F)
#define DETOUR_EXEC(R, F, ...) { CopyMemory((LPVOID)F, OH_##F, 5); R = F(__VA_ARGS__); CopyMemory((LPVOID)F, NH_##F, 5); }

VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header)
{
    DWORD op;
    VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);

    CopyMemory(old_header, (LPVOID)old_func, 5);

    DWORD size = new_func - (old_func + 5);

    new_header[0] = 0xE9;
    new_header[1] = size >> 0;
    new_header[2] = size >> 8;
    new_header[3] = size >> 16;
    new_header[4] = size >> 24;

    CopyMemory((LPVOID)old_func, new_header, 5);
}
Reply With Quote
  #4  
Old 11-29-2022, 23:34
h4sh3m h4sh3m is offline
Friend
  
Join Date: Aug 2016
Location: RCE
Posts: 61
Rept. Given: 1
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 54
Thanks Rcvd at 81 Times in 35 Posts
h4sh3m Reputation: 4
Quote:
Originally Posted by user1 View Post
This code only for x86 for x64 need changed

anyone can help with this?

Code:
#define DETOUR_DEFINE(F) BYTE OH_##F[5]; BYTE NH_##F[5];
#define DETOUR_SET(F) DetourSet((DWORD)F, (DWORD)D_##F, OH_##F, NH_##F)
#define DETOUR_EXEC(R, F, ...) { CopyMemory((LPVOID)F, OH_##F, 5); R = F(__VA_ARGS__); CopyMemory((LPVOID)F, NH_##F, 5); }

VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header)
{
    DWORD op;
    VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);

    CopyMemory(old_header, (LPVOID)old_func, 5);

    DWORD size = new_func - (old_func + 5);

    new_header[0] = 0xE9;
    new_header[1] = size >> 0;
    new_header[2] = size >> 8;
    new_header[3] = size >> 16;
    new_header[4] = size >> 24;

    CopyMemory((LPVOID)old_func, new_header, 5);
}
Hi

Maybe you just need to change DWORD to UInt64 (old_func, new_func).
Also you might face error in some functions(size of instructions), you can't overwrite bytes blindly unless you don't have any plan to use original function anymore !!!
Reply With Quote
  #5  
Old 11-30-2022, 16:27
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 695
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 841
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Post
false in x64 different.
Reply With Quote
Reply

Tags
windows api hooking

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
.NET dll hooking Avi_RE General Discussion 10 09-28-2023 07:09
API-hooking MaRKuS-DJM General Discussion 11 03-25-2005 13:27


All times are GMT +8. The time now is 21:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )