Windows Api Hooking

[user1]

This code only for x86 for x64 need changed

anyone can help with this?

Code:

#define DETOUR_DEFINE(F) BYTE OH_##F[5]; BYTE NH_##F[5];
#define DETOUR_SET(F) DetourSet((DWORD)F, (DWORD)D_##F, OH_##F, NH_##F)
#define DETOUR_EXEC(R, F, ...) { CopyMemory((LPVOID)F, OH_##F, 5); R = F(__VA_ARGS__); CopyMemory((LPVOID)F, NH_##F, 5); }

VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header)
{
    DWORD op;
    VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);

    CopyMemory(old_header, (LPVOID)old_func, 5);

    DWORD size = new_func - (old_func + 5);

    new_header[0] = 0xE9;
    new_header[1] = size >> 0;
    new_header[2] = size >> 8;
    new_header[3] = size >> 16;
    new_header[4] = size >> 24;

    CopyMemory((LPVOID)old_func, new_header, 5);
}

[h4sh3m]

Quote:

Originally Posted by user1

This code only for x86 for x64 need changed

anyone can help with this?

Code:

#define DETOUR_DEFINE(F) BYTE OH_##F[5]; BYTE NH_##F[5];
#define DETOUR_SET(F) DetourSet((DWORD)F, (DWORD)D_##F, OH_##F, NH_##F)
#define DETOUR_EXEC(R, F, ...) { CopyMemory((LPVOID)F, OH_##F, 5); R = F(__VA_ARGS__); CopyMemory((LPVOID)F, NH_##F, 5); }

VOID DetourSet(DWORD old_func, DWORD new_func, BYTE* old_header, BYTE* new_header)
{
    DWORD op;
    VirtualProtect((LPVOID)old_func, 5, PAGE_EXECUTE_READWRITE, &op);

    CopyMemory(old_header, (LPVOID)old_func, 5);

    DWORD size = new_func - (old_func + 5);

    new_header[0] = 0xE9;
    new_header[1] = size >> 0;
    new_header[2] = size >> 8;
    new_header[3] = size >> 16;
    new_header[4] = size >> 24;

    CopyMemory((LPVOID)old_func, new_header, 5);
}

Hi

Maybe you just need to change DWORD to UInt64 (old_func, new_func).
Also you might face error in some functions(size of instructions), you can't overwrite bytes blindly unless you don't have any plan to use original function anymore !!!

[user1]

false in x64 different.