Thread: [Help] C++ Winsock Hook
View Single Post
  (#1 (permalink)) Old
DragonHunt
Member
 


32-Bit Member

 
Posts: 46
Join Date: May 2009
Location: Hackers Paradise
Last Online: 02-27-2010 06:08 PM
Reputation: DragonHunt is on a distinguished road
User is Offline
thailand
  Send a message via MSN to DragonHunt  
C++ Winsock Hook - 07-08-2009, 01:07 PM
Hello, I'm at the moment stuck with some things because I'm searching for a long time for an .dll Winsock hook and I found one


Code:
#include "windows.h"
#include "winsock.h"

#pragma comment ( lib, "Ws2_32.lib" )
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);

DWORD SendOriginalAddress = 0;
DWORD SendReturnAddress = 0;
DWORD* SendNewAddress = 0;
DWORD OldProtection = 0;

char* send_buffer;
int send_sizeofdata = 0;
SOCKET send_s;
int send_flags = 0;

void __declspec(naked) __stdcall  SendHookFunc() 	
{
	__asm
	{ 
				mov  edi,edi
				push ebp
				mov ebp, esp
				mov eax, [ebp+0x08] /* Param 1 : Socket */
				mov send_s, eax
				mov eax, [ebp+0x0C] /* Param 2 : buffer */
				mov [send_buffer], eax
				mov eax, [ebp+0x10] /*Param 3 : Size*/
				mov send_sizeofdata, eax
				mov eax, [ebp+0x14] /*Param 4 : flags*/
				mov send_flags, eax
				jmp SendReturnAddress
	}
}

void UnHookSend()
{
	/* To unhook on a WinXP post SP2 box you need to restore the 5 byte preamble */
	*(WORD *)SendOriginalAddress = 0xFF8B;		// mov  edi,edi
	*(BYTE *)(SendOriginalAddress+2) = 0x55;	// push epb
	*(WORD *)(SendOriginalAddress+3) = 0xEC8B;	// mov epb, esp
	VirtualProtect( (void*)SendOriginalAddress, 0x05, OldProtection, &OldProtection );
}

void HookSend()
{
	SendNewAddress = (DWORD*)SendHookFunc;
	HINSTANCE hDll = LoadLibrary((LPCTSTR) "Ws2_32.dll"); 
	SendOriginalAddress = (DWORD)GetProcAddress(hDll, "send"); 
	SendReturnAddress = SendOriginalAddress + 5;
	VirtualProtect( (void*)SendOriginalAddress, 0x05, PAGE_READWRITE , &OldProtection );
	*(BYTE *)(SendOriginalAddress) = 0xe9;
	*(int *)(SendOriginalAddress+1) = JMP(SendOriginalAddress, SendNewAddress);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH)
		HookSend();
	if (ul_reason_for_call == DLL_THREAD_DETACH)
		UnHookSend();
    return TRUE;
}
When I compile it said it successful but with a warnin
Warning 1 warning C4793: 'SendHookFunc' : function compiled as native

Warning 2 warning C4747: Calling managed '_DllMain@12': Managed code may not be run under loader lock, including the DLL entrypoint and calls reached from the DLL entrypoint

And when I use WinJect to inject it to a process (l2.exe) it said this




I'm working on a program that looks like this



And another question:
How to send packets through the game by using the dll injection
I'm having already the packets I need to send but I just need to know how

(I just named the injection deleteme.dll because I just wanted to test it fast)


Fixed the error message from WinJect!
But I still need to know how to send packets
Last edited by DragonHunt; 07-08-2009 at 01:31 PM..
  
Reply With Quote