forked from RedLectroid/APIunhooker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAPIunhook.cpp
More file actions
36 lines (30 loc) · 777 Bytes
/
APIunhook.cpp
File metadata and controls
36 lines (30 loc) · 777 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#include "pch.h"
#include <windows.h>
#include <ImageHlp.h>
#include <iostream>
#include <vector>
using namespace std;
#pragma comment(lib,"imagehlp")
void unhookAPI(const char* functionName) {
HMODULE lib = LoadLibrary(L"C:\\Windows\\System32\\ntdll.dll");
BYTE assemblyBytes[5] = {};
if (lib) {
void* fa = GetProcAddress(lib, functionName);
if (fa) {
BYTE* read = (BYTE*)fa;
for (int i = 0; i < 5; i++) {
assemblyBytes[i] = read[i];
}
WriteProcessMemory(GetCurrentProcess(), GetProcAddress(GetModuleHandle(L"ntdll"), functionName), (LPCVOID)assemblyBytes, 5, NULL);
FreeLibrary(lib);
}
else
printf("Function not found!\n");
}
else
printf("Error loading library!\n");
}
int main() {
unhookAPI("NtReadVirtualMemory");
return 0;
}