Part 2: Functions
Now we have our bytes and signature values so lets start coding. We need to create a function that'll hold the signature values and tell program how far between lines the orginial address and the top address is that we selected. I've bolded the areas that you need to change.
Spoiler: AOB Function
We have our AOB function so lets create our bytes functions. You will need to create 3 functions for the bytes. One for the unhooked bytes, one for hooked bytes, and the last for our hack bytes. Here's what ours looks like in our trainer
Spoiler: Bytecode Functions
Now our DllMain function (Pretty much the same as any dll hack)
You will now need to create 2 functions. When your hack is on and when it's off and this is where we use our global variables that we created at the top.
Spoiler: On/Off Hack Functions
If your wondering what's going on here let me explain. VirtualProtect() is used to change the permission of the addressed memory to allow us to modify. Memcpy() is used to to copy the bytes from sizeof to the memory address that we changed the protection for. Confusing? Lets take a look at the syntax and description of the parameters from MSDN
Spoiler: MSDN Reference
So using my example
Spoiler: VirtualProtect First line
The first parameter is a pointer to address of our hack function. We actually haven't defined this yet, but don't worry we will. The second parameter grabs the byte size of our hooked bytecodes so the program knows the area of where the hack is going to start and the size of the area that needs to have the protection changed. The third parameter is the permission change. So we're changing the permission of that area to read, write, and execute (should be self explanatory to all the Linux lovers out there!). The last parameter holds the value of the previous protection level (permission) to revert to once our hack has copied the address with memcpy to the pointer of the hooked address.
What this is doing is taking bytes from our hooked bytecodes and storing it into hook addresss. An easier way to read this is by parameter 2, parameter 3, then parameter one. Parameter 2 is the source of our hooked bytecodes. The third parameter is the size of our bytecodes which is copied into the first parameter.
Spoiler: VirtualProtect 3rd line
This is changing the permission level back to its original state. I'm sure you can now follow the SilverHackOFF() function now, hopefully?
For this last part we need to call our define the rest of the hack, assign it a key, and have it turn the hack on or off based on its current state.
Breakdown time! Ok the baseaddress should be pretty obvious by now on what it is.
Spoiler: SilverHookAddress Defined
Remember earlier I said we would define the hookaddress later? Now we have defined the hookaddress. VirtualAlloc allocates the specified amount of memory for our hack (in bytes) specified in the second parameter. So in this case it allocates 1024 bytes of memory.
Spoiler: AOB calculations
Here we define our SilverHackBC function. In my example calculate it with 14 because that was how many lines I went up (remember in 2 bytes still) to start the array of byte at. So you'll input your own number that you got from your calculation. The now you take that number and subtract it by 1 and write it out like I did with 13 + 5. The 5's will always be 5's. So if you came up with 28 your's would 27 + 5. Why 5 you ask? My answer is I honestly don't know. This part is a little vague to me. I'm not afraid to admit when I don't know something and this is one of those times. This is the one area I haven't been able to understand yet. See I'm still learning too. If anyone can shed some light on this for me please do because I would like to know. You will be properly credited.
If this isn't obvious i'll explain real quick. When the F1 key is pressed it'll check to see if the hack is on or off. Depending on the current state it'll call the other function. So if it's on, it'll call SilverHackOFF.
This just prevents the program from registering the keypress more than once while it's still being held down. So when you press the F1 key it will only fire once until the key is unpressed and pressed again. Otherwise it might go through several cycles of SilverHackON and SilverHackOFF.
Well that's the end of this tutorial. Hope you learned something from it.