Asm to C++ with DLL Injection

Question

I made a console to test for IsDebuggerPresent and i am trying to change its output. Memory region before DLL was injected : http://imageshack.us/photo/my-images/842/hso7.jpg/ Memory region after DLL was injected : http://imageshack.us/photo/my-images/59/i1jw.jpg/

I wish to change the address at 004116D5(selected gray address) from JE 004116DE to JNZ/JNE 004116DE using C++.

DWORD asmAddy = 0x004116D5;    
#define Naked __declspec(naked)
Naked void changeasm()
{
_asm
{
jnz 0x004116DE
}
}

under DllMain , i used Microsoft Detours 1.5

DetourFunction((PBYTE)asmAddy,(PBYTE)changeasm);

in the after image, it seems like it jumps to a memory of the injected dll.Can someone help me with this?I have changed the opcode using OllyDbg and it works fine.

Answer 1

I think Detours will replace an entire function by hooking the import table, won't it? That doesn't sound like what you are really trying to do.

If I undersand your question, you want to change an opcode from JE (0x74) to JNE (0x75). Writing to a code area is protected. You need to change the protected of the memory before you can write the new opcode to the known location. Something like this (untested code without error handling):

char *address = 0x004116d5;
MEMORY_BASIC_INFORMATION mbi;
VirtualQuery(address, &mbi, sizeof(mbi));
VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, &mbi.Protect);

*address = 0x75; // opcode of 

// restore the memory protection
DWORD oldProtect;
VirtualProtect(mbi.BaseAddress, mbi.RegionSize, mbi_thunk.Protect, &oldProtect);

Note, though, that this is all very risky. If this is an address in a DLL, then the DLL may be relocated and the address will be wrong.