Added simple messagebox hooking

karol-gruszczyk · karol-gruszczyk · commit ba635501c5b8 · 2016-02-20T18:17:09.000-08:00
diff --git a/Makefile b/Makefile
@@ -1,27 +1,38 @@
-# the compiler: gcc for C, g++ for C++
-CC=cl.exe
-LINK=link.exe
+cc = g++
 
-# compiler flags:
-#  -g    adds debugging information to the executable file
-#  -Wall turns on most, but not all, compiler warnings
+lflags = -Wall --std=c++11
+cflags = $(lflags) -c
 
-CFLAGS=-g -Wall --std=c++11
+ifeq ($(debug), true)
+	cdebug = -g
+endif
 
-TARGET=rootkit.exe
-TEST_TARGET=test.exe
 
 
-all: main.o
-	$(CC) main.o -o $(TARGET)
+all: rootkit test
+
+
+
+rootkit_target = rootkit.exe
+rootkit_cppsources = src/main.cpp src/hook.cpp
+rootkit_cppobjects = $(rootkit_cppsources:.cpp=.o)
+
+rootkit: $(rootkit_cppobjects)
+	$(cc) $(cdebug) $(lflags) $(rootkit_cppobjects) -o $(rootkit_target)
 
 main.o: main.cpp
-	$(CC) $(CFLAGS) -c main.cpp
+	$(cc) $(cdebug) $(cflags) main.cpp
+
+hook.o: hook.cpp hook.h
+	$(cc) $(cdebug) $(cflags) hook.cpp
+
+
 
+test_target=test.exe
 
 test:
-	$(CC) $(CFLAGS) test.cpp -o $(TEST_TARGET)
+	$(cc) $(cdebug) $(cflags) src/test.cpp -o $(test_target)
 
 
 clean:
-	$(RM) *.o
+	$(RM) src/*.o
diff --git a/main.cpp b/main.cpp
diff --git a/src/hook.cpp b/src/hook.cpp
@@ -0,0 +1,44 @@
+#include "hook.h"
+
+Hook* Hook::instance;
+
+Hook* Hook::get_instance()
+{
+	if (!instance)
+		instance = new Hook();
+	return instance;
+}
+
+void Hook::install_hook(DWORD at_address, DWORD to_address)
+{
+	update_jmp_address(to_address);
+
+	DWORD old_protect;
+	VirtualProtect((LPVOID)at_address, 1024, PAGE_EXECUTE_READWRITE, &old_protect);
+	memcpy((void*)at_address, x86_code, X86_CODE_LEN);
+	VirtualProtect((LPVOID)at_address, 1024, old_protect, nullptr);
+}
+
+Hook::Hook()
+{
+	// mov <address>
+	x86_code[0] = 0xb8;
+
+	// jmp eax
+	x86_code[5] = 0xff;
+	x86_code[6] = 0xe0;
+}
+
+Hook::~Hook()
+{
+	if (instance)
+		delete instance;
+}
+
+void Hook::update_jmp_address(DWORD address)
+{
+	x86_code[1] = address & 0xFF;
+	x86_code[2] = (address >> 8) & 0xFF;
+	x86_code[3] = (address >> 16) & 0xFF;
+	x86_code[4] = (address >> 24) & 0xFF;
+}
diff --git a/src/hook.h b/src/hook.h
@@ -0,0 +1,20 @@
+#pragma once
+#include <windows.h>
+#define X86_CODE_LEN 7
+
+
+class Hook
+{
+public:
+	static Hook* get_instance();
+
+	void install_hook(DWORD at_address, DWORD to_address);
+private:
+	Hook();
+	~Hook();
+
+	static Hook* instance;
+	BYTE x86_code[X86_CODE_LEN];
+
+	void update_jmp_address(DWORD address);
+};
diff --git a/src/main.cpp b/src/main.cpp
@@ -0,0 +1,30 @@
+#include <windows.h>
+#include <memory>
+#include <iostream>
+
+#include "hook.h"
+
+
+typedef int (WINAPI *MessageBoxAPtr)(HWND, LPCSTR, LPCSTR, UINT);
+
+int WINAPI OverloadedMessageBoxA(HWND hwnd, LPCSTR text, LPCSTR title, UINT type)
+{
+	std::cout << "test test" << std::endl;
+	return 0;
+}
+
+void test()
+{
+	MessageBoxA(nullptr, "test", "test", 0);
+}
+
+int main()
+{
+	test();
+	DWORD oldFuncPtr = reinterpret_cast<DWORD>(MessageBoxA);
+	DWORD newFuncPtr = reinterpret_cast<DWORD>(OverloadedMessageBoxA);
+	Hook::get_instance()->install_hook(oldFuncPtr, newFuncPtr);
+	test();
+	system("pause");
+	return 0;
+}
diff --git a/src/test.cpp b/src/test.cpp
diff --git a/vs-project/win-rootkit.sln b/vs-project/win-rootkit.sln
@@ -1,20 +1,20 @@
 ﻿
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 2013
-VisualStudioVersion = 12.0.21005.1
+VisualStudioVersion = 12.0.30501.0
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win-rootkit", "win-rootkit.vcxproj", "{47EF6749-75DF-4059-B685-3F4CB34A44C3}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win-rootkit", "win-rootkit.vcxproj", "{3F18A64E-4274-44FA-AE16-3111056E14E2}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Release|Win32 = Release|Win32
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{47EF6749-75DF-4059-B685-3F4CB34A44C3}.Debug|Win32.ActiveCfg = Debug|Win32
-		{47EF6749-75DF-4059-B685-3F4CB34A44C3}.Debug|Win32.Build.0 = Debug|Win32
-		{47EF6749-75DF-4059-B685-3F4CB34A44C3}.Release|Win32.ActiveCfg = Release|Win32
-		{47EF6749-75DF-4059-B685-3F4CB34A44C3}.Release|Win32.Build.0 = Release|Win32
+		{3F18A64E-4274-44FA-AE16-3111056E14E2}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3F18A64E-4274-44FA-AE16-3111056E14E2}.Debug|Win32.Build.0 = Debug|Win32
+		{3F18A64E-4274-44FA-AE16-3111056E14E2}.Release|Win32.ActiveCfg = Release|Win32
+		{3F18A64E-4274-44FA-AE16-3111056E14E2}.Release|Win32.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/vs-project/win-rootkit.vcxproj b/vs-project/win-rootkit.vcxproj
@@ -10,20 +10,30 @@
       <Platform>Win32</Platform>
     </ProjectConfiguration>
   </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\src\hook.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\src\hook.cpp" />
+    <ClCompile Include="..\src\main.cpp" />
+  </ItemGroup>
   <PropertyGroup Label="Globals">
-    <ProjectGuid>{47EF6749-75DF-4059-B685-3F4CB34A44C3}</ProjectGuid>
-    <Keyword>MakeFileProj</Keyword>
+    <ProjectGuid>{3F18A64E-4274-44FA-AE16-3111056E14E2}</ProjectGuid>
+    <RootNamespace>winrootkit</RootNamespace>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Makefile</ConfigurationType>
+    <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <ConfigurationType>Makefile</ConfigurationType>
+    <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v120</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -35,25 +45,31 @@
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <NMakeBuildCommandLine>make</NMakeBuildCommandLine>
-    <NMakeOutput>rootkit.exe</NMakeOutput>
-    <NMakePreprocessorDefinitions>WIN32;_DEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <NMakeBuildCommandLine>g++</NMakeBuildCommandLine>
-    <NMakeOutput>win-rootkit.exe</NMakeOutput>
-    <NMakePreprocessorDefinitions>WIN32;NDEBUG;$(NMakePreprocessorDefinitions)</NMakePreprocessorDefinitions>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
+  <PropertyGroup />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
   </ItemDefinitionGroup>
-  <ItemGroup>
-    <None Include=".gitignore" />
-    <None Include="Makefile" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="main.cpp" />
-  </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
diff --git a/vs-project/win-rootkit.vcxproj.filters b/vs-project/win-rootkit.vcxproj.filters
@@ -15,13 +15,15 @@
     </Filter>
   </ItemGroup>
   <ItemGroup>
-    <None Include=".gitignore" />
-    <None Include="Makefile">
-      <Filter>Resource Files</Filter>
-    </None>
+    <ClInclude Include="..\src\hook.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="main.cpp">
+    <ClCompile Include="..\src\hook.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\src\main.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
   </ItemGroup>
