Modify from https://forum.eviloctal.com/thread-28859-1-1.html
Compiled in vc6
# Include <stdio. h>
# Include <windows. h>
// Save the original 6 bytesCode
Byte orig_code [6] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
// JMP 0 XXXXXXXXX
Byte hook_code [5] = {0xe9, 0, 0, 0 };
Byte jmp_orig_code [5] = {0xe9, 0, 0, 0 };
Int func ();
Int fake_func ();
Void hook_func ();
Int jmp_back ();
Int main (INT argc, char ** argv)
{
Int ret;
Hook_func ();
Ret = func ();
Return ret;
}
Int func ()
{
Printf ("func () \ n ");
Return 0;
}
Void hook_func ()
{
DWORD dwoldprotect;
If (! Virtualprotect (jmp_back, 12, page_execute_readwrite, & dwoldprotect ))
{
Printf ("virtualprotect error! \ R \ n ");
Return;
}
// Save the original operation code
Memcpy (orig_code, (byte *) func, 6 );
// Calculate the fack_func address
* (Ulong *) (hook_code + 1) = (ulong) fake_func-(ulong) func-5;
// Modify the original entry
Memcpy (byte *) func, hook_code, 5 );
// Calculate the bounce address
* (Ulong *) (jmp_orig_code + 1) = (ulong) func-(ulong) jmp_back-5;
// Fill in jmp_back
Memcpy (byte *) jmp_back, orig_code, 6 );
Memcpy (byte *) jmp_back + 6, jmp_orig_code, 5 );
}
_ Declspec (naked) int jmp_back ()
{
_ ASM
{
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
_ Emit 0x90
}
}
Int fake_func ()
{
Int ret;
Printf ("fake_func () \ n ");
Ret = jmp_back ();
Return ret;
}