Last active
September 6, 2016 15:07
-
-
Save gfreivasc/e81e074279789bd38a1276f3fac97227 to your computer and use it in GitHub Desktop.
VEHHook NoClass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Credits to @MarkHC | |
| #include <cstdio> | |
| #include <Windows.h> | |
| int add(int a, int b) | |
| { | |
| return a + b; | |
| } | |
| int mul(int a, int b) | |
| { | |
| return a * b; | |
| } | |
| LONG WINAPI VectoredExceptionHandle(PEXCEPTION_POINTERS peInfo) | |
| { | |
| printf("Found exception 0x%X\n", peInfo->ExceptionRecord->ExceptionCode); | |
| if (peInfo->ExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT) | |
| { | |
| peInfo->ContextRecord->Eip = (DWORD_PTR)&mul; | |
| return EXCEPTION_CONTINUE_EXECUTION; | |
| } | |
| return EXCEPTION_CONTINUE_SEARCH; | |
| } | |
| int main() | |
| { | |
| AddVectoredExceptionHandler(1, VectoredExceptionHandle); | |
| printf("%d != %d\n", add(3, 4), mul(3, 4)); | |
| printf("%d == ", add(4, 5)); | |
| BYTE origByte = *(BYTE*)&add; | |
| DWORD dwOld; | |
| VirtualProtect(&add, 1, PAGE_EXECUTE_READWRITE, &dwOld); | |
| *(BYTE*)&add = 0xCC; // INT3 Breakpoint | |
| printf("%d\n", add(4, 5)); | |
| *(BYTE*)&add = origByte; | |
| VirtualProtect(&add, 1, dwOld, &dwOld); | |
| printf("%d != %d\n", add(3, 4), mul(3, 4)); | |
| system("Pause"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment