Make unhook after hooked

Navigation
11

To make a hook I know, I do the following (dummy variables): 

MSGBOX:=GetProcAddress(GetModuleHandle('kernel32.dll'),'MessageBox');
  ReadProcessMemory(INVALID_HANDLE_VALUE,MSGBOX,@OldMSG,sizeof(oldcode),b);

  Jmpmsg.push:=$68;
  Jmpmsg.PProc:=@NewMSG;
  Jmpmsg.ret:=$C3;

  WriteProcessMemory(INVALID_HANDLE_VALUE,CPA,@Jmpmsg,sizeof(far_jmp),b);

How can I be doing Unhook?

I've tried the following: 

WriteProcessMemory(INVALID_HANDLE_VALUE,MSGBOX,@OldMSG,sizeof(Oldcode),b);

But it gives me error: (

    
asked by anonymous 27.11.2015 / 02:30

1 answer

1

Try to back up the memory before overwriting the original call: 

//faz o backup
ReadProcessMemory(INVALID_HANDLE_VALUE, CPA, @backup, sizeof(far_jmp), bytesBackup);

//substitui a chamada(faz o hook)
WriteProcessMemory(INVALID_HANDLE_VALUE, CPA, @Jmpmsg, sizeof(far_jmp), b);

//restaura o backup
WriteProcessMemory(INVALID_HANDLE_VALUE, CPA, @backup, bytesBackup, b);
    
01.07.2016 / 14:56
Modal form validation using Bootstrap Security in domain driven design