hook_payload_test.c

uint8_t payload[] = {
		0x48, 0xb8, 0x48, 0x47, 0x46, 0x45, 0x44, 0x43, 0x42, 0x41, // movabs rax, 0x4142434445464748
		0x48, 0x89, 0x02 // mov qword ptr [rdx], rax
	};
  
LPVOID pHookBody = myVirtualAlloc(0x1000, PAGE_EXECUTE_READWRITE);
hook_body_offset = pHookBody;

// copy payload
myVirtualProtect((LPVOID)sectionInfo.SectionAddress, sectionInfo.SectionSize, PAGE_EXECUTE_READWRITE, &dwOldProtect);
memcpy(hook_body_offset, payload, sizeof(payload));
hook_body_offset = (uint64_t*)pHookBody + sizeof(payload);

// copy erased instructions from hooked function
memcpy(hook_body_offset, MsgBox, damaged_instructions_len);
hook_body_offset = (uint64_t*)hook_body_offset + damaged_instructions_len;

// return to hooked place
get_bait_code(bait_code, (char*)MsgBox + damaged_instructions_len);
memcpy(hook_body_offset, bait_code, sizeof(bait_code));
hook_body_offset = (uint64_t*)hook_body_offset + sizeof(bait_code);

// hook function
get_bait_code(bait_code, pHookBody);
myVirtualProtect((LPVOID)(user32 + 0x1000), 0x9d000, PAGE_EXECUTE_READWRITE, &dwOldProtect);
memcpy(MsgBox, bait_code, sizeof(bait_code));