|
Registriert seit: 10. Nov 2013
83 Beiträge
|
AW: How unhook LdrLoadDll function?
17. Dez 2017, 01:14
Zitat:
pbyte(target)^ := $E9;
Assignments can also be read out.
variable := pbyte(target)^;
Like this:
Code:
procedure Unhook(hookedfunc, oldfunc: pointer);
var
jmpto: DWORD;
OldProtect: Cardinal;
begin
jmpto := DWORD(oldfunc) - DWORD(hookedfunc) - 5;
VirtualProtect(hookedfunc, 5, PAGE_EXECUTE_READWRITE, @OldProtect);
hookedfunc := pbyte(oldfunc)^;
pdword(DWORD(hookedfunc) + 1)^ := jmpto;
end;
Usage:
Code:
Unhook(@NewLdrLoadDll, GetProcAddress(GetModuleHandle('ntdll.dll'), 'LdrLoadDll'));
right?
Geändert von flashcoder (17. Dez 2017 um 03:17 Uhr)
|