Skip to content

Instantly share code, notes, and snippets.

@zezba9000

zezba9000/VTableMethodHooking.cpp

Last active October 11, 2018 02:08
Show Gist options
  • Save zezba9000/d93a1738ec1e6c43be9458ae0768689c to your computer and use it in GitHub Desktop.
Save zezba9000/d93a1738ec1e6c43be9458ae0768689c to your computer and use it in GitHub Desktop.
Download ZIP
VTable Method hooking
Raw
VTableMethodHooking.cpp
#include "stdafx.h"
#include <Windows.h>
#include <iostream>
#include <string>
using namespace std;
class Base
{
public:
virtual void foo(int i)
{
cout << ("Base foo: " + to_string(i)).c_str() << endl;
}
virtual void foo2(int i, int i2)
{
cout << ("Base foo2: " + to_string(i + i2)).c_str() << endl;
}
};
class Derived : Base
{
public:
void foo(int i) override
{
Base::foo(i);
cout << ("Derived foo: " + to_string(i)).c_str() << endl;
}
void foo2(int i, int i2) override
{
Base::foo2(i, i2);
cout << ("Derived foo2: " + to_string(i + i2)).c_str() << endl;
}
};
auto a = new Derived();
void** pdwVTable = *(void***)a;
typedef void(__thiscall* foo_org)(Derived* thisptr, int i, int i2);
foo_org foo_org_ptr;
void __fastcall myFoo2(Derived* thisptr, void* _EDX, int i, int i2)
{
cout << ("YAHOO: " + to_string(i + i2)).c_str() << endl;
foo_org_ptr(thisptr, i, i2);
}
int main()
{
a->foo(200);
int methodIndex = 1;
MEMORY_BASIC_INFORMATION mbi;
VirtualQuery((LPCVOID)pdwVTable, &mbi, sizeof(mbi));
VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect);// unlock
foo_org_ptr = (foo_org)pdwVTable[methodIndex];
pdwVTable[methodIndex] = &myFoo2; // Hook!
VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect);// lock
a->foo2(300, 100);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment