Ilya Kozhevnikov Ilya Kozhevnikov - 2 months ago 19
C# Question

How to write to out structure's field with Deviare?

I can use Deviare to hook and intercept

GetLocalTime
function, but how can I change field's value of its
out
parameter, i.e. edit
wYear
in
SYSTEMTIME
? Few snippets I could find use
NktHookCallInfo.Result
, unfortunately it's a void function and direct assignment to
Field(0).Value
does nothing.

CreateHook("kernel32.dll!GetLocalTime", (int)eNktHookFlags.flgOnlyPostCall);




private static void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo info)
{
NktParamsEnum param = info.Params();
NktParam value = param.First().Evaluate();

for (int i = 0; i < 8; i++)
{
NktParam field = value.Field(i);
Console.WriteLine("{0} {1} {2}", field.Name, field.TypeName, field.Value);
}
}




void WINAPI GetLocalTime(
_Out_ LPSYSTEMTIME lpSystemTime
);

typedef struct _SYSTEMTIME {
WORD wYear;
WORD wMonth;
WORD wDayOfWeek;
WORD wDay;
WORD wHour;
WORD wMinute;
WORD wSecond;
WORD wMilliseconds;
} SYSTEMTIME, *PSYSTEMTIME;

Answer

Answer based on comment is: Use UShortVal

Comments