[Help] C++ Winsock Hook

DragonHunt · 01:31 PM

Hello, I'm at the moment stuck with some things because I'm searching for a long time for an .dll Winsock hook and I found one

Code:

#include "windows.h"
#include "winsock.h"

#pragma comment ( lib, "Ws2_32.lib" )
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);

DWORD SendOriginalAddress = 0;
DWORD SendReturnAddress = 0;
DWORD* SendNewAddress = 0;
DWORD OldProtection = 0;

char* send_buffer;
int send_sizeofdata = 0;
SOCKET send_s;
int send_flags = 0;

void __declspec(naked) __stdcall  SendHookFunc() 	
{
	__asm
	{ 
				mov  edi,edi
				push ebp
				mov ebp, esp
				mov eax, [ebp+0x08] /* Param 1 : Socket */
				mov send_s, eax
				mov eax, [ebp+0x0C] /* Param 2 : buffer */
				mov [send_buffer], eax
				mov eax, [ebp+0x10] /*Param 3 : Size*/
				mov send_sizeofdata, eax
				mov eax, [ebp+0x14] /*Param 4 : flags*/
				mov send_flags, eax
				jmp SendReturnAddress
	}
}

void UnHookSend()
{
	/* To unhook on a WinXP post SP2 box you need to restore the 5 byte preamble */
	*(WORD *)SendOriginalAddress = 0xFF8B;		// mov  edi,edi
	*(BYTE *)(SendOriginalAddress+2) = 0x55;	// push epb
	*(WORD *)(SendOriginalAddress+3) = 0xEC8B;	// mov epb, esp
	VirtualProtect( (void*)SendOriginalAddress, 0x05, OldProtection, &OldProtection );
}

void HookSend()
{
	SendNewAddress = (DWORD*)SendHookFunc;
	HINSTANCE hDll = LoadLibrary((LPCTSTR) "Ws2_32.dll"); 
	SendOriginalAddress = (DWORD)GetProcAddress(hDll, "send"); 
	SendReturnAddress = SendOriginalAddress + 5;
	VirtualProtect( (void*)SendOriginalAddress, 0x05, PAGE_READWRITE , &OldProtection );
	*(BYTE *)(SendOriginalAddress) = 0xe9;
	*(int *)(SendOriginalAddress+1) = JMP(SendOriginalAddress, SendNewAddress);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH)
		HookSend();
	if (ul_reason_for_call == DLL_THREAD_DETACH)
		UnHookSend();
    return TRUE;
}

When I compile it said it successful but with a warnin
Warning 1 warning C4793: 'SendHookFunc' : function compiled as native

Warning 2 warning C4747: Calling managed '_DllMain@12': Managed code may not be run under loader lock, including the DLL entrypoint and calls reached from the DLL entrypoint

And when I use WinJect to inject it to a process (l2.exe) it said this

I'm working on a program that looks like this

And another question:
How to send packets through the game by using the dll injection
I'm having already the packets I need to send but I just need to know how

(I just named the injection deleteme.dll because I just wanted to test it fast)

Fixed the error message from WinJect!
But I still need to know how to send packets

Cha0sBG · 07-08-2009, 02:32 PM

Isn't Lineage2 protected by Game Guard ? If yes you will need to bypass it so it will allow you to modify/write memory / inject / read packets

DragonHunt · 03:42 PM

Quote Originally Posted by Cha0sBG

Isn't Lineage2 protected by Game Guard ? If yes you will need to bypass it so it will allow you to modify/write memory / inject / read packets

I only need to send packets thats all

I will take care about the GG protection (The most private servers are cracked against GG)
And 90% of the private servers are made in JAVA so the only thing I need to know is sending packets

Frit0 · 05:01 PM

Quote Originally Posted by DragonHunt

I only need to send packets thats all

I will take care about the GG protection (The most private servers are cracked against GG)
And 90% of the private servers are made in JAVA so the only thing I need to know is sending packets

I posted my source HERE for hooking winsock.Take a look at it.

Send packet Example:

char packet[20] =
"\x42\x10\x00\xBA\x0B\x0C\x00\x0E\x02\x2E\x00\x09\ x01\x0A\x00\x00\x00\x00\x00";

MySend(s,packet,19,0);

Dyndrilliac · 07-09-2009, 07:31 PM

To the original poster, you need to disable the CLR support in your project settings. Your code is written in native C, but the CLR is interpreting it and compiling it into MSIL as it does with C++/CLI for backwards compatibility. Unless you specify Win32 Console or Win32 Application when you create your project in Microsoft Visual C++, the CLR always begins enabled.

DragonHunt · 07-09-2009, 09:06 PM

Thanks for your help Dyndrilliac It's now compiling without any warnings/errors

Frit0 Can you come online at msn because I'm having some trouble with ur script...

**Ksbunker** · 07:07 AM

frit0!

Good to see you're still floating around.

Nice help, as always.

Regarding the hardcoding of the prologue "mov edi, edi; push ebp; mov ebp, esp"... some systems and service packs have different prologues so it's probably not the best idea to hardcode it in.

But don't worry easy fix.

Just read the first 5 bytes of the orig function. Save somewhere. Then when unhooking, re-write the original bytes back. That way you know it's gonna match.

Frit0 · 07-10-2009, 02:19 PM

Quote Originally Posted by Ksbunker

frit0!

Good to see you're still floating around.

Nice help, as always.

Ksbunker! sup buddy been awhile. Im making my way back into the scene.Been away working on other things in my life but im getting the itch to code again. Hopefully you will see more of me.

Hit me up on msn.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To Site?	Need Help?
Register to Participate View our Activity Play In the Arcade View Forum Leaders Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read

Cha0sBG Member 32-Bit Member Posts: 69 Join Date: Jun 2009 Location: C:\Windows\System32 Last Online: 01-24-2010 10:42 PM Reputation: User is Offline	07-08-2009, 02:32 PM Isn't Lineage2 protected by Game Guard ? If yes you will need to bypass it so it will allow you to modify/write memory / inject / read packets Post in the right section ~ Give rep if someone helped you ~ Don't double post ~ Help people in need if you know the answer.

Dyndrilliac Member 32-Bit Member Posts: 62 Join Date: Jan 2008 Last Online: 02-02-2010 10:40 PM Reputation: User is Offline	07-09-2009, 07:31 PM To the original poster, you need to disable the CLR support in your project settings. Your code is written in native C, but the CLR is interpreting it and compiling it into MSIL as it does with C++/CLI for backwards compatibility. Unless you specify Win32 Console or Win32 Application when you create your project in Microsoft Visual C++, the CLR always begins enabled.

DragonHunt Member 32-Bit Member Posts: 46 Join Date: May 2009 Location: Hackers Paradise Last Online: 02-27-2010 06:08 PM Reputation: User is Offline	07-09-2009, 09:06 PM Thanks for your help Dyndrilliac It's now compiling without any warnings/errors Frit0 Can you come online at msn because I'm having some trouble with ur script...

Frit0 n00bie 16-Bit Member Posts: 20 Join Date: Apr 2007 Last Online: 02-13-2010 08:47 PM Reputation: User is Offline	07-10-2009, 02:19 PM Quote Originally Posted by Ksbunker frit0! Good to see you're still floating around. Nice help, as always. Ksbunker! sup buddy been awhile. Im making my way back into the scene.Been away working on other things in my life but im getting the itch to code again. Hopefully you will see more of me. Hit me up on msn.