 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Bswap
Newbie cheater
 Reputation: 0
Joined: 18 Aug 2009
Posts: 21
|
 Posted: Wed Aug 19, 2009 8:39 am Post subject: MASM - IAT Hook |
 |
|
Thought this should be shared. Tis asm sexh.
Written by Ksbunker
| Code: | .data
o_MessageBoxA DWORD 0
dwOrigProtect DWORD 0
.code
MyMsgHook PROC uses ebx esi edx hWin:DWORD, lpText:DWORD, lpCaption:DWORD, dwStyle:DWORD
push DWORD PTR [dwStyle]
push DWORD PTR [lpCaption]
push DWORD PTR [lpText]
push DWORD PTR [hWin]
call o_MessageBoxA
ret
MyMsgHook ENDP
start:
; get user32!MessageBoxA and save into o_MessageBoxA
INVOKE LoadLibrary, CTEXT("user32.dll")
INVOKE GetProcAddress, eax, CTEXT("MessageBoxA")
mov o_MessageBoxA, eax
; call user32!MessageBox test
invoke MessageBox, 0, CTEXT("caption..."), 0, 0
; install hook and change protections
mov eax, MessageBoxA
add eax, 2
mov eax, [eax]
push eax
invoke VirtualProtect, eax, 4, PAGE_WRITECOPY, addr dwOrigProtect
pop eax
mov [eax], OFFSET MyMsgHook
invoke VirtualProtect, eax, 4, addr dwOrigProtect, NULL
; this time we execute our hookproc instead of user32!MessageBoxA
invoke MessageBox, 0, CTEXT("hooked..."), 0, 0 |
|
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Wed Aug 19, 2009 10:37 am Post subject: |
|
|
| Title says IAT Hook?
|
|
| Back to top |
|
|
NoManchesPuto
I post too much
![]() Reputation: 0
Joined: 24 Jan 2009
Posts: 2820
|
| Posted: Wed Aug 19, 2009 10:58 am Post subject: |
|
|
Sorry but I don't understand what this does  Mind to shed some light?
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Wed Aug 19, 2009 11:34 am Post subject: |
|
|
that isn't an IAT hook. let me show you my sexiness MASM32 IAT hook :
x59.zwit.org
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Wed Aug 19, 2009 1:48 pm Post subject: |
|
|
That's not an IAT hook...
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Wed Aug 19, 2009 3:02 pm Post subject: |
|
|
looked more carefully and actually that is an IAT hook but it's not as nice as my one : D
| Code: | mov eax, MessageBoxA
add eax, 2
mov eax, [eax] |
first line moves jmp thunk table entry address for messageboxa to eax. add 2 is to get pointer to IAT entry. third line sets eax as IAT entry address for MessageBoxA
but that only performs an IAT hook on your own module which is not particularly useful even when injecting your dll since you'll just hook your own dll and not the other modules. my IAT hook does it properly though
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
