70 lines
1.1 KiB
C++
70 lines
1.1 KiB
C++
|
/*++
|
||
|
|
||
|
Copyright (c) 2002 Microsoft Corporation
|
||
|
|
||
|
Module Name:
|
||
|
|
||
|
Mutek.cpp
|
||
|
|
||
|
Abstract:
|
||
|
|
||
|
App passes NumberOfBytesRead as inside the block of memory they're reading.
|
||
|
|
||
|
Notes:
|
||
|
|
||
|
This is an app specific shim.
|
||
|
|
||
|
History:
|
||
|
|
||
|
05/23/2002 linstev Created
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#include "precomp.h"
|
||
|
#include "strsafe.h"
|
||
|
|
||
|
IMPLEMENT_SHIM_BEGIN(Mutek)
|
||
|
#include "ShimHookMacro.h"
|
||
|
|
||
|
APIHOOK_ENUM_BEGIN
|
||
|
APIHOOK_ENUM_ENTRY(ReadProcessMemory)
|
||
|
APIHOOK_ENUM_END
|
||
|
|
||
|
/*++
|
||
|
|
||
|
Buffer parameters so they don't get overwritten.
|
||
|
|
||
|
--*/
|
||
|
|
||
|
BOOL
|
||
|
APIHOOK(ReadProcessMemory)(
|
||
|
HANDLE hProcess,
|
||
|
LPCVOID lpBaseAddress,
|
||
|
LPVOID lpBuffer,
|
||
|
DWORD nSize,
|
||
|
LPDWORD lpNumberOfBytesRead
|
||
|
)
|
||
|
{
|
||
|
__asm nop;
|
||
|
|
||
|
BOOL bRet = ORIGINAL_API(ReadProcessMemory)(hProcess, lpBaseAddress, lpBuffer,
|
||
|
nSize, lpNumberOfBytesRead);
|
||
|
|
||
|
__asm nop;
|
||
|
|
||
|
return bRet;
|
||
|
}
|
||
|
|
||
|
/*++
|
||
|
|
||
|
Register hooked functions
|
||
|
|
||
|
--*/
|
||
|
|
||
|
HOOK_BEGIN
|
||
|
APIHOOK_ENTRY(KERNEL32.DLL, ReadProcessMemory)
|
||
|
HOOK_END
|
||
|
|
||
|
IMPLEMENT_SHIM_END
|
||
|
|