Posted November 30, 201014 yr This code is NOT by me, it's by Madshi, author of madCodeHook, taken from experts-exchange, i'm an expert there.You can use the following code, it's copied from my madExcept package. madCodeHook uses a much better but also much more complicated API hooking method. The missing parts (e.g. GetImageNtHeaders) can be found in the madBasic package (which includes sources) of my collection.This function works fine. For successful IAT patching you need to patch each and every module in your process. However, in win9x you're not allowed to patch system modules (modules whose handle is bigger than $80000000). If you would do that, you'd make the whole OS unstable. As a result IAT patching doesn't work too well in win9x. After all IAT patching is not the best hooking method. But in normal use you might not notice the difference. It depends on for which purpose you need this stuff.procedure PatchImportTable(module: dword; old, new: pointer);var pinh : PImageNtHeaders; pid : ^TImageImportDirectory; p1 : TPPointer; c1 : dword; eis : dword; // end of import sectionbegin pinh := GetImageNtHeaders(module); if pinh <> nil then begin with pinh^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT] do begin pid := pointer(module + VirtualAddress); eis := VirtualAddress + Size; end; if pid <> nil then while pid^.Name_ <> 0 do begin if pid^.ThunkArray > eis then break; // invalid import table! if pid^.ThunkArray <> 0 then begin p1 := pointer(module + pid^.ThunkArray); while p1^ <> nil do begin if (p1^ = old) and VirtualProtect(p1, 4, PAGE_EXECUTE_READWRITE, @c1) then p1^ := new; inc(p1); end; end; inc(pid); end; end;end;
December 2, 201014 yr Author Thanks for your sharing. It is very useful for meyou're welcome, and you will also need madCodeHook (Hook Engine) installed in order to use this procedure, website is http://www.madshi.net/. Edited December 2, 201014 yr by rotem156
December 3, 201014 yr i'm an expert there I highly doubt that But it's always nice to see someone brag with their skills while posting OTHER people's code Keep it up
December 7, 201014 yr Author I highly doubt that But it's always nice to see someone brag with their skills while posting OTHER people's code Keep it up says the one who's using dUP2 to generate noob patchers while he can't code his own ones, P.S - Why reinvent the wheel ? any bells ringing ?
Create an account or sign in to comment