Random stuff

Feb 28, 2024

Custom function declaration. Used when hooking, to get a pointer to the original function to get it dinamically resolved via IAT and then override this pointer, or to craft a new function that points to a shellcode with the function behavior (used in reflective DLL shellcode)

Case of getting the function pointer to a resolving Windows API call:

1
2
3
4
5

// Declaring the function pointer to a resolving Windows API call
int (WINAPI* pToUnicodeEx) (UINT wVirtKey,  UINT wScanCode, const BYTE *lpKeyState, LPWSTR pwszBuff, int cchBuff, UINT wFlags, HKL dwhkl) = ToUnicodeEx;

// Call the function using its pointer
pToUnicodeEx(wVirtKey, wScanCode, lpKeyState, pwszBuff, cchBuff, wFlags, dwhkl);

Case of getting the function pointer to a memory zone where the function is implemented via shellcode:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

// Declaring the function pointer to a resolving Windows API call
typedef DWORD (WINAPI * EXECUTEX64)( X64FUNCTION pFunction, DWORD dwParameter );

// Declaring the function pointer instance to NULL
EXECUTEX64 pExecuteX64   = NULL;

// Allocating function for the function pointer
pExecuteX64 = (EXECUTEX64)VirtualAlloc( NULL, sizeof(sh_executex64), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE );

// Copying the shellcode to the function pointer location
memcpy( pExecuteX64, sh_executex64, sh_executex64_len );

// Call the function using its pointer
pExecuteX64( pX64function, (DWORD)ctx );
Powered by Hugo with Console Theme.