Solved Attempting to detour a Kernel32 function

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat
Status
Not open for further replies.

Paga

Newbie
Full Member
Jul 23, 2017
11
59
1
It's the first time I'm trying something like this, because I just got the idea. I am trying to advance in defensive programming (just made it up). Anyway, I'm almost sure this is something possible but I am pretty sure I messed up somewhere.

C++:
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <detours.h>
#pragma comment(lib, "detours.lib")

BOOL(WINAPI *tWpmOriginal)(IN HANDLE hProcess, IN LPVOID lpBaseAddress, IN LPCVOID lpBuffer, IN SIZE_T nSize, OUT SIZE_T *lpNumberOfBytesWritten);

BOOL WINAPI tWpmHooked(void)
{
	std::cout << "_-_";
	return tWpmOriginal(NULL, NULL, NULL, NULL, nullptr);
}

bool WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		tWpmOriginal = (BOOL(__stdcall *)(IN HANDLE hProcess, IN LPVOID lpBaseAddress, IN LPCVOID lpBuffer, IN SIZE_T nSize, OUT SIZE_T *lpNumberOfBytesWritten))DetourFunction((PBYTE)GetProcAddress(GetModuleHandleW(L"Kernel32.dll"), "WriteProcessMemory"), (BYTE*)tWpmHooked);
	case DLL_PROCESS_DETACH:
		DetourRemove((BYTE*)GetProcAddress(GetModuleHandleW(L"Kernel32.dll"), "WriteProcessMemory"), (BYTE*)tWpmHooked);
	}
	return 1;
}
Hopefully someone can tell me what I did wrong. I was thinking it's because of tWpmHooked, but I am looking for something concrete. Thanks!
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,746
40,528
316
The hook function must have the same arguments otherwise the stack gets corrupted:
C++:
BOOL WINAPI hk_WPM(HANDLE hProc, void *  pAddress, void * pBuffer, SIZE_T Size, SIZE_T * pSizeOut)
{
    std::cout << "_-_";
    return pTrp_WPM(nullptr, nullptr, nullptr, 0, nullptr);
}
Edit: Oh, and you can use typedef (or the "using" keyword) to create a type for the function:
C++:
typedef BOOL(WINAPI * f_WPM)(HANDLE, void*, void*, SIZE_T, SIZE_T*);
f_WPM pTrp_WPM = (f_WPM)DetourFunction((PBYTE)GetProcAddress(GetModuleHandleW(L"Kernel32.dll"), "WriteProcessMemory"), (BYTE*)hk_WPM);
 
Last edited:

Paga

Newbie
Full Member
Jul 23, 2017
11
59
1
It seems like I forgot to edit that part and didn't even notice, my bad. Thanks anyway!
 
Status
Not open for further replies.
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods