This example will increase the size of the Ghost project substantially. The reasons for the increased size and complexity stem from the need to parse PE (Windows executable) files, the need to provide hook functions and hook injection code, and the need to accurately identify an x86 instruction. Parsing machine code to find an instruction that can be replaced by a jump may seem outside the scope of this book, but it is a necessary component of the trampoline hook method.
The functionality required for processes injection has been implemented by creating four new files and modifying six existing files.
The new files are as follows:
injectManager.c injectManager.h parse86.c parse86.h
Following are the modified files:
Ghost.c Ghost.h hookManager.c hookManager.h peFormat.h SOURCES
Following is the code.
The files injectManager.c and parse86.c have been added to SOURCES:
TARGETNAME=comint32 TARGETPATH=OBJ TARGETTYPE=DRIVER SOURCES=Ghost.c\ fileManager.c\ hookManager.c\ injectManager.c\ parse86.c\ configManager.c