x64 Native Tools Command Prompt for VS 2022 실행

git clone https://github.com/Microsoft/Detours.git
cd detours
nmake

VS 2022로 Detours\vc\Detours.sln 오픈 후, x64, x86 각각 빌드

VS에서 새 DLL 프로젝트를 만들고, 해당 디렉토리에 아래의 파일을 복사

Detours\lib.X??\*.lib
Detours\include\*.h

속성 -> 링커 -> 입력 -> 추가 종속성에 아래의 파일을 추가

detours.lib
syelog.lib

아래와 같이 후킹 코드를 작성하고 빌드한다.

#include "pch.h"
#include <stdio.h>
#include "detours.h"

HANDLE(WINAPI* OrgCreateFileW)(LPCWSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE) = CreateFileW;

HANDLE WINAPI MyCreateFileW(
    _In_ LPCWSTR lpFileName,
    _In_ DWORD dwDesiredAccess,
    _In_ DWORD dwShareMode,
    _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
    _In_ DWORD dwCreationDisposition,
    _In_ DWORD dwFlagsAndAttributes,
    _In_opt_ HANDLE hTemplateFile
)
{
    wprintf(L"%s\n", lpFileName);    
    return OrgCreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}

BOOL Start()
{
    AllocConsole();
    FILE* fp;
    freopen_s(&fp, "CONOUT$", "w", stdout);
 
    DetourRestoreAfterWith();
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)OrgCreateFileW, MyCreateFileW);
    DetourTransactionCommit();
    return TRUE;
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{

    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        Start();
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

아래의 DLL Injector로 테스트가 가능하다.

 

GitHub - TarekExister/UWP-Dll-Injector-32bit-64bit: universal windows platform (uwp) apps Dll injector [32bit-64bit]

universal windows platform (uwp) apps Dll injector [32bit-64bit] - TarekExister/UWP-Dll-Injector-32bit-64bit

github.com

 

'Windows > Dev' 카테고리의 다른 글

[Visual Studio 2022] curl 빌드  (0) 2023.01.30
[VC++] string deallocate  (0) 2022.05.23
get EIP (gcc / vc)  (0) 2019.04.11
C용 초경량 XML 파서 : Mini-XML 소개 및 사용법  (0) 2017.06.29
x86 __usercall 함수 후킹하기  (0) 2017.05.11 
pragma solidity ^0.8.20;

contract ContractCall {

	address public owner;
	uint256 public num;
	address public lib;
	
	constructor() {
		owner = msg.sender;
	}
	function setLibAddress(address _Lib) public {
		lib = _Lib;
	}
	function nowOwner() public view returns (address) {
		return owner;
	}
	function callDelegate(uint256 _num) public payable returns (bool)
	{		
		(bool success, ) = lib.delegatecall(abi.encodeWithSignature("changeOwner(uint256)", _num));
		return success;
	}
}
pragma solidity ^0.8.20;

contract ChangeOwner {

    address public owner;
    uint256 public num;

    function changeOwner(uint256 _num) public {
        owner = msg.sender;
        num = _num;
    }
}

각각 deploy 후 setLibAddress에 ChangeOwner 컨트랙트의 주소를 넣고 callDelegate를 호출하면 num 및 owner가 변경된다.

주의할 점은 변수의 순서가 일치하여야 한다.

만약 아래와 같이 코딩했다면, ContractCall의 owner에는 num, num에는 owner가 저장된다.

contract ContractCall {
	address public owner;
	uint256 public num;
	address public lib;
    
contract ChangeOwner {
	uint256 public num;
	address public owner;

remix로 확인 결과

x64 Native Tools Command Prompt for VS 2022 오픈

editbin /dynamicbase:NO FSViewer1.exe

 

+ Recent posts

티스토리툴바