예전부터 DLL을 사용하여 실시간에 로직 코드를 변경하는 방법에 대해 관심을 가지고 있었는데, 그 가능성을 보여준 아티클을 보고 샘플 작성
원본 아티클은 리버스 코어에서 확인 바람
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | #pragma once#include <Windows.h>class CodePatch{public: explicit CodePatch(LPVOID pfnOrg); ~CodePatch(void); void hook(PROC pfnNew); void unhook();private: LPVOID mOrgFunc; BYTE mOrgByte[5]; BOOL mHooked;}; |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #include "stdafx.h"#include "CodePatch.h"#include <iostream>CodePatch::CodePatch(LPVOID pfnOrg) : mOrgFunc(pfnOrg), mHooked(FALSE){}CodePatch::~CodePatch(void){ if (mHooked == TRUE) unhook();}void CodePatch::hook(PROC pfnNew){ if (mHooked == TRUE) return; DWORD dwOldProtect, dwAddress; BYTE pBuf[5] = { 0xE9, 0, }; VirtualProtect((LPVOID)mOrgFunc, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(mOrgByte, mOrgFunc, 5); dwAddress = (DWORD)pfnNew - (DWORD)mOrgFunc - 5; memcpy(&pBuf[1], &dwAddress, 4); std::cout<< "hook : dwAddress("<< dwAddress<< ")"<< std::endl; memcpy(mOrgFunc, pBuf, 5); VirtualProtect((LPVOID)mOrgFunc, 5, dwOldProtect, &dwOldProtect); mHooked = true;}void CodePatch::unhook(){ if (mHooked == false) return; DWORD dwOldProtect; VirtualProtect((LPVOID)mOrgFunc, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(mOrgFunc, mOrgByte, 5); VirtualProtect((LPVOID)mOrgFunc, 5, dwOldProtect, &dwOldProtect); mHooked = false;} |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | int _tmain(int argc, _TCHAR* argv[]){ // ... HMODULE hPatch = LoadLibraryA("patch_dll.dll"); FARPROC func = GetProcAddress(hPatch, "dll_func_sub"); CodePatch func_code(FuncAdd); func_code.hook(func); // ... func_code.unhook(); // ... } |
'Dev.Write' 카테고리의 다른 글
| callback interface (1) | 2013.09.20 |
|---|---|
| a timer using boost (0) | 2013.08.02 |
| boost::xml_parser wrapper (1) | 2013.06.12 |
| list (0) | 2013.04.12 |
| quick sort, bouble sort (1) | 2013.03.25 |
