Recent

Author Topic: Please help create detour in Pascal  (Read 14477 times)

shonay

  • Full Member
  • ***
  • Posts: 169
Please help create detour in Pascal
« on: June 09, 2015, 02:51:27 pm »
Good afternoon,

Been trying to do this in some c++, really hard tho, as it stops along the line, I have been wanting to code my own detour function, except I didn't know how to go about it
I saw something like this on some c++ site, just been trying and it's not giving me adequate results as I want it

I know this is a pascal forum, but I would be pasting some c/c++ code for your viewing so someone could assist in the creating of a good hooking / detour function for me please.

Code: [Select]
void *DetourFunction (BYTE *src, const BYTE *dst, const int len)
        {
        BYTE *jmp = (BYTE*)malloc(len+5);
        DWORD dwBack;

        VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
        memcpy(jmp, src, len);
        jmp += len;
        jmp[0] = 0xE9;
        *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
        src[0] = 0xE9;
        *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
        for (int i=5; i<len; i++) 
                src[i]=0x90;
        VirtualProtect(src, len, dwBack, &dwBack);
        return (jmp-len);
        }

Thanking you in advance for your time.
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

taazz

  • Hero Member
  • *****
  • Posts: 5368
Re: Please help create detour in Pascal
« Reply #1 on: June 09, 2015, 03:04:27 pm »
there are 2 libraries for detour in pascal 1) KOL Detour unit 2) Delphi detours library. I don't have any links but it should be fairly easy to find them through google. If this a learning exercise sorry I can't help I don't read C/C++.
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

skalogryz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2770
    • havefunsoft.com
Re: Please help create detour in Pascal
« Reply #2 on: June 09, 2015, 03:06:32 pm »
Ugh... what's "detour"?

Is that a way to call an object method as a regular function, by actually "building up" code for the method call.
Delphi 7, actually does it to call its TWinControl WndProc method. (Surprisingly, I was studying the code yesterday). So I cannot really copy/paste their code in here.
But if you've access to Delphi code, you might find a function named MakeObjectInstance(Method: TWndMethod): Pointer; in Classes unit.

taazz

  • Hero Member
  • *****
  • Posts: 5368
Re: Please help create detour in Pascal
« Reply #3 on: June 09, 2015, 03:19:23 pm »
Ugh... what's "detour"?

Is that a way to call an object method as a regular function, by actually "building up" code for the method call.

Not really, detours is the name of a microsoft library (that came out of their research projects) that
Quote
Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.
So in short it just swaps the api calls with calls to your code and if you are nice enough you might farward the calls to apis too or simply crash the app.

http://research.microsoft.com/en-us/projects/detours/
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

skalogryz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2770
    • havefunsoft.com
Re: Please help create detour in Pascal
« Reply #4 on: June 09, 2015, 03:21:25 pm »
I know this is a pascal forum, but I would be pasting some c/c++ code for your viewing so someone could assist in the creating of a good hooking / detour function for me please.
I didn't test this, but
Code: [Select]
function DetourFunction (src, dst: Pointer; len: Integer): Pointer;
var
  jmp     : PByteArray;
  dwBack  : LongWord;
  jmpaddr : PtrUInt;
  srcarr  : PByteArray;
  i       : Integer;
begin
  srcarr := PByteArray(src);
  GetMem(jmp, len + 5);
  VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, @dwBack);
  Move(src^, jmp^, len);
  jmp^[len]:=$e9;

  jmpaddr:=PtrUInt(@jmp^[len]);
  PPtrUInt( @jmp^[len+1])^ := PtrUInt(src)+PtrUInt(len) - jmpaddr - 5;

  srcarr^[0]:=$e9;
  PPtrUInt( @srcarr^[1] )^ := PtrUInt(dst) - PtrUInt(src) - 5;

  for i:=5 to len-1 do srcarr^[i]:=$90;

  VirtualProtect(src, len, dwBack, @dwBack);
  Result:=jmp;
end;

skalogryz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2770
    • havefunsoft.com
Re: Please help create detour in Pascal
« Reply #5 on: June 09, 2015, 03:24:13 pm »
So in short it just swaps the api calls with calls to your code and if you are nice enough you might farward the calls to apis too or simply crash the app.
http://research.microsoft.com/en-us/projects/detours/
Hmm... Is it MS step away from managed code? or yet another step to more managed code?

shonay

  • Full Member
  • ***
  • Posts: 169
Re: Please help create detour in Pascal
« Reply #6 on: June 09, 2015, 03:30:02 pm »
Saw the ddetours.pas file in one of the posts getmem posted for me earlier. Had issues with the porting especially with the instDecode file on ModRmFlagsTables.inc
The files appear to be there I wonder the errors

Can someone help.
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

shonay

  • Full Member
  • ***
  • Posts: 169
Re: Please help create detour in Pascal
« Reply #7 on: June 09, 2015, 03:32:27 pm »
I know this is a pascal forum, but I would be pasting some c/c++ code for your viewing so someone could assist in the creating of a good hooking / detour function for me please.
I didn't test this, but
Code: [Select]
function DetourFunction (src, dst: Pointer; len: Integer): Pointer;
var
  jmp     : PByteArray;
  dwBack  : LongWord;
  jmpaddr : PtrUInt;
  srcarr  : PByteArray;
  i       : Integer;
begin
  srcarr := PByteArray(src);
  GetMem(jmp, len + 5);
  VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, @dwBack);
  Move(src^, jmp^, len);
  jmp^[len]:=$e9;

  jmpaddr:=PtrUInt(@jmp^[len]);
  PPtrUInt( @jmp^[len+1])^ := PtrUInt(src)+PtrUInt(len) - jmpaddr - 5;

  srcarr^[0]:=$e9;
  PPtrUInt( @srcarr^[1] )^ := PtrUInt(dst) - PtrUInt(src) - 5;

  for i:=5 to len-1 do srcarr^[i]:=$90;

  VirtualProtect(src, len, dwBack, @dwBack);
  Result:=jmp;
end;

Hmm don't get it twisted, how about seeing if it redirects and pops out a messagebox "hooked "

Been studying this for game hacking
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

taazz

  • Hero Member
  • *****
  • Posts: 5368
Re: Please help create detour in Pascal
« Reply #8 on: June 09, 2015, 03:33:28 pm »
So in short it just swaps the api calls with calls to your code and if you are nice enough you might farward the calls to apis too or simply crash the app.
http://research.microsoft.com/en-us/projects/detours/
Hmm... Is it MS step away from managed code? or yet another step to more managed code?
I have no idea I can only speculate (and badly at that). As far as I know it is used from various low level applications debuggers, profilers, app protectors, code encryption etc and not so business oriented application like key loggers, password revealer, game trainers etc well you probably have more ideas on how such a library is supposed to be used, but it kinda fills like an rt addon to allow various apps (eg compilers) to work with out opening rights on the kernel or something along those lines. I don't think that .net is part of this move.
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

skalogryz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2770
    • havefunsoft.com
Re: Please help create detour in Pascal
« Reply #9 on: June 09, 2015, 03:34:37 pm »
The same approach is being used by Delphi. However, they're not trying to call WinAPI functions. Instead they're building the code wrapper in runtime, so WinAPI calls the "wrapping" code that forwards the call to method.

The method requires "data" (object) which is stored in the created wrapper. As well as it requires some sort of release memory mechanism.  In the end, it looks some sort of earlier "closure" implementations :)

They do benefit from that, since GWL_USERDATA remains unused. For example LCL populates GWL_USERDATA with the object reference instead.

shonay

  • Full Member
  • ***
  • Posts: 169
Re: Please help create detour in Pascal
« Reply #10 on: June 09, 2015, 03:40:57 pm »
Attached is the file given to me by getmem, could you take a look at a the ModRmFlagsTables.inc file?

I get this error
Code: [Select]
InstDecode.pas (377,2) fatal: it is not possible to include file that starts with utf-8 bom in a module that uses a different page

That's where I got lost. Someone pls help
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

skalogryz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2770
    • havefunsoft.com
Re: Please help create detour in Pascal
« Reply #11 on: June 09, 2015, 03:46:05 pm »
Hmm don't get it twisted, how about seeing if it redirects and pops out a messagebox "hooked "
this one?

shonay

  • Full Member
  • ***
  • Posts: 169
Re: Please help create detour in Pascal
« Reply #12 on: June 09, 2015, 03:51:56 pm »
Something to read from here

http://jbremer.org/x86-api-hooking-demystified/

Trampolines are used to redirect functions, re modify code, etc, used in several purposes.

I could give some sources in delphi if still interested, hence you have a look.
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

taazz

  • Hero Member
  • *****
  • Posts: 5368
Re: Please help create detour in Pascal
« Reply #13 on: June 09, 2015, 03:54:28 pm »
Attached is the file given to me by getmem, could you take a look at a the ModRmFlagsTables.inc file?

I get this error
Code: [Select]
InstDecode.pas (377,2) fatal: it is not possible to include file that starts with utf-8 bom in a module that uses a different page

That's where I got lost. Someone pls help
try with the attached file.
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

shonay

  • Full Member
  • ***
  • Posts: 169
Re: Please help create detour in Pascal
« Reply #14 on: June 09, 2015, 04:05:05 pm »
Done, that side is cool now, however the cpuId.pas file brings back several errors too.
Don't be offended, you could please do some checking on the file. See others to.

Most grateful for your time
When the power of love overcomes the love of power, the world would know Peace

- Jimi Hendrix.

 

TinyPortal © 2005-2018