|
You last visited: Today at 07:02
Advertisement
[Help]MS detours
Discussion on [Help]MS detours within the CO2 Programming forum part of the Conquer Online 2 category.
04/17/2012, 21:28
|
#1
|
elite*gold: 0
Join Date: Jun 2006
Posts: 457
Received Thanks: 67
|
[Help]MS detours
EDIT: my question actually lies in now.
|
|
|
04/18/2012, 02:42
|
#2
|
elite*gold: 0
Join Date: Aug 2010
Posts: 991
Received Thanks: 1,107
|
The DetourFunction Void is missing lol its not a built in function you have to code it.
Or go back to where you got those codes and copy it to your project.
Or maybe its not missing cus you dident show us any real codes in that screen shot.
|
|
|
04/18/2012, 03:37
|
#3
|
elite*gold: 0
Join Date: Jun 2006
Posts: 457
Received Thanks: 67
|
Ermmm, that is the entire set of codes in the screen shot .. I figured out that tutorial is for Detours 1.5. That method is removed since 2.1
I tried following tanelipe's tutorial... Seems that my msvs is giving me some problem, trying to install a fresh copy of msvs on another computer and re-follow that tutorial.
EDIT:
Got msvs running on other comp. Followed through (except i compiled using nmake). I got my DLL compiled. But i cant inject it. Both Winject and CE are telling me inject failed or can't inject
PHP Code:
// dllmain.cpp : Defines the entry point for the DLL application. #include "stdafx.h"
#include <WinSock2.h> #include <shellapi.h>
#include "Detours\\src\\detours.h"
#pragma comment(lib, "shell32.lib") #pragma comment(lib, "ws2_32.lib") #pragma comment(lib, "Detours\\lib\\detours.lib") #pragma comment(lib, "Detours\\lib\\detoured.lib")
int (WINAPI *OriginalConnect)(SOCKET s, const sockaddr *name, int len) = connect; HINSTANCE (WINAPI *OriginalShell)(HWND hWnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, int nShowCmd) = ShellExecuteA;
HINSTANCE WINAPI DetouredShell(HWND hWnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, int nShowCmd) { if(strcmp("http://co.91.com/signout/", lpFile) == 0) { lpFile = "http://www.google.com"; }
return OriginalShell(hWnd, lpOperation, lpFile, lpParameters, lpDirectory, nShowCmd); }
int WINAPI DetouredConnect(SOCKET s, const sockaddr *name, int len) { MessageBox(NULL, L"read in socket",NULL, NULL ); return OriginalConnect(s, name, len); }
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)OriginalConnect, DetouredConnect); DetourAttach(&(PVOID&)OriginalShell, DetouredShell); DetourTransactionCommit(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; }
Any advices?
|
|
|
04/18/2012, 09:27
|
#4
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,198
|
Detours is a waste, just do your own WriteProcessMemory to patch the function prologue to JMP to your own detoured function, easy as that.
|
|
|
04/18/2012, 11:37
|
#5
|
elite*gold: 0
Join Date: Feb 2007
Posts: 348
Received Thanks: 2,175
|
Tool
Code:
#ifndef ASMBUILDER_H
#define ASMBUILDER_H
#include <windows.h>
#include <stdarg.h>
#include <sstream>
class AsmBuilder {
public:
AsmBuilder& reset() { os.str(""); return *this; }
AsmBuilder& ADD_EAX(int value) { BYTE(0x05).DWORD(value); return *this; }
AsmBuilder& SUB_EAX(int value) { BYTE(0x2D).DWORD(value); return *this; }
AsmBuilder& PUSH_EAX() { BYTE(0x50); return *this; }
AsmBuilder& POP_EAX() { BYTE(0x58); return *this; }
AsmBuilder& PUSHAD() { BYTE(0x60); return *this; }
AsmBuilder& POPAD() { BYTE(0x61); return *this; }
AsmBuilder& PUSH(int value) { BYTE(0x68).DWORD(value); return *this; }
AsmBuilder& PUSH_ARGS(int numParams, int arg1, ...) {
int params[numParams];
params[0] = arg1;
va_list argp;
va_start(argp, arg1);
for (int i = 1; i < numParams; ++i) {
params[i] = va_arg(argp, int);
}
va_end(argp);
for (int i = numParams-1; i >= 0; --i) {
PUSH(params[i]);
}
return *this;
}
AsmBuilder& JZ_SHORT_NEXT_EIP_PLUS(char direction) { return BYTE(0x74).BYTE(direction); }
AsmBuilder& MOV_ADDRESS_ESP(int address) { BYTE(0x89).BYTE(0x25).DWORD(address); return *this; }
AsmBuilder& ADD_ESP(int value) { return BYTE(0x81).BYTE(0xC4).DWORD(value); }
AsmBuilder& TEST_EAX_EAX() { return BYTE(0x85).BYTE(0xC0); }
AsmBuilder& POP_DWORD_PTR_EAX() { BYTE(0x8F).BYTE(0x00); return *this; }
AsmBuilder& POP_WORD_PTR_EAX() { BYTE(0x66).BYTE(0x8F).BYTE(0x00); return *this; }
AsmBuilder& MOV_EAX_ASM_START() { BYTE(0xE8).DWORD(0).POP_EAX().SUB_EAX(5 + getCodeSize()); }
AsmBuilder& MOV_EAX(int dword) { BYTE(0xB8).DWORD(dword); return *this; }
AsmBuilder& MOV_ECX(int dword) { BYTE(0xB9).DWORD(dword); return *this; }
AsmBuilder& RETN() { BYTE(0xC3); return *this; }
AsmBuilder& INT3() { BYTE(0xCC); return *this; }
AsmBuilder& CALL_NEXT_EIP_PLUS(int distance) { BYTE(0xE8).DWORD(distance); return *this; }
AsmBuilder& CALL(int address) { BYTE(0xE8).DWORD(0).DWORD(0x0AE40483).PUSH(address).RETN(); return *this; }
AsmBuilder& CALL_KERNEL32_FUNC(const char* funcName) {
CALL((int)GetProcAddress(GetModuleHandle("kernel32.dll"), funcName));
return *this;
}
AsmBuilder& CALL_REMOTE_PROCESS_FUNC(int processId, int funcAddress, int param) {
PUSHAD()
.PUSH_ARGS(3, PROCESS_ALL_ACCESS, 0, processId)
.CALL_KERNEL32_FUNC("OpenProcess")
.PUSH_EAX()
.PUSH(0)
.PUSH(0)
.PUSH(param)
.PUSH(funcAddress)
.PUSH(0)
.PUSH(0)
.PUSH_EAX()
.CALL_KERNEL32_FUNC("CreateRemoteThread")
.PUSH_EAX()
.PUSH(-1)
.PUSH_EAX()
.CALL_KERNEL32_FUNC("WaitForSingleObject")
.CALL_KERNEL32_FUNC("CloseHandle")
.CALL_KERNEL32_FUNC("CloseHandle")
.POPAD();
return *this;
}
AsmBuilder& JMP(int address) { PUSH(address).RETN(); return *this; }
AsmBuilder& JMP_NEXT_EIP_PLUS(int distance) { BYTE(0xE9).DWORD(distance); return *this; }
AsmBuilder& PUSH_DWORD_PTR_ESP() { BYTE(0xFF).BYTE(0x34).BYTE(0xE4); return *this; }
AsmBuilder& CALL_EAX() { BYTE(0xFF).BYTE(0xD0); return *this; }
AsmBuilder& PUSH_DWORD_PTR_ESP_PLUS(char offset) { BYTE(0xFF).BYTE(0x74).BYTE(0xE4).BYTE(offset); return *this; }
AsmBuilder& BYTE(char byte) { os.write(&byte, 1); return *this; }
AsmBuilder& WORD(short word) { os.write((char*)&word, 2); return *this; }
AsmBuilder& DWORD(int dword) { os.write((char*)&dword, 4); return *this; }
AsmBuilder& CODE(const char* code, int codeSize) { os.write(code, codeSize); return *this; }
const char* getCode() const { return os.str().c_str(); }
int getCodeSize() const { return os.str().length(); }
private:
std::ostringstream os;
};
#endif // ASMBUILDER_H
Usage
Code:
#include "AsmBuilder.h"
typedef HINSTANCE (WINAPI *ShellFn)(HWND hWnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, int nShowCmd);
static ShellFn OriginalShell;
static ShellFn CallbackShell;
static HINSTANCE WINAPI MyShell(HWND hWnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, int nShowCmd);
static AsmBuilder shellFixupCode;
static void installShellHook() {
OriginalShell = (ShellFn)GetProcAddress(GetModuleHandleA("shell32.dll"), "ShellExecuteA");
AsmBuilder code;
code.JMP((int)MyShell);
// To fix up the overridden code (hex copied from ollydbg)
char overriddenCode[] = {0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x40};
shellFixupCode.CODE(overriddenCode, sizeof(overriddenCode));
shellFixupCode.JMP((int)OriginalShell + shellFixupCode.getCodeSize());
DWORD old;
VirtualProtect(const_cast<char*>(shellFixupCode.getCode()), shellFixupCode.getCodeSize(), PAGE_EXECUTE_READWRITE, &old);
CallbackShell = (ShellFn)shellFixupCode.getCode();
VirtualProtect((void*)OriginalShell, code.getCodeSize(), PAGE_EXECUTE_WRITECOPY, &old);
memcpy((void*)OriginalShell, code.getCode(), code.getCodeSize());
VirtualProtect((void*)OriginalShell, code.getCodeSize(), old, &old);
}
HINSTANCE WINAPI MyShell(HWND hWnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, int nShowCmd) {
if(strcmp("http://co.91.com/signout/", lpFile) == 0) {
lpFile = "http://www.google.com";
}
return CallbackShell(hWnd, lpOperation, lpFile, lpParameters, lpDirectory, nShowCmd);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
installShellHook();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
A bit more involved than MS detours, but it works.
|
|
|
04/19/2012, 03:43
|
#6
|
elite*gold: 20
Join Date: Jan 2008
Posts: 2,012
Received Thanks: 2,882
|
Quote:
Originally Posted by IAmHawtness
Detours is a waste, just do your own WriteProcessMemory to patch the function prologue to JMP to your own detoured function, easy as that.
|
Detours = less work assuming you already have it installed.
Don't need to code **** yourself which is fine assuming you understand the mechanics of what Detours does.
|
|
|
04/19/2012, 10:23
|
#7
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,198
|
Quote:
Originally Posted by InfamousNoone
Detours = less work assuming you already have it installed.
Don't need to code **** yourself which is fine assuming you understand the mechanics of what Detours does.
|
I'd still rather write my own hooking/patching code instead of having to rely on detours.
|
|
|
|
Similar Threads
|
C# Detours/Hooks
04/18/2012 - .NET Languages - 4 Replies
Hey leute ich beschäftige mich seit einiger Zeit mit Detours in C++, da diese nich meine Hauptsprache ist sonder C# habe ich mal ein paar Fragen, bissher habe ich das so gemacht das ich mir speicher über virtualallocex reserviert habe und dort meine funktion,also jeden byte einzeln geschrieben habe und dann ein JMP vom MainModul in meinen Speicher, so kann ich aber schwer informationen auslesen da ich kein Zugang auf den Stack habe(falls doch belehrt mich eines besseren).
Bin jetzt auf...
|
Microsoft Detours 2.1
02/28/2012 - CO2 Programming - 26 Replies
When I was working on a proxy a while ago I needed a way redirect the connections from conquer client to my proxy. There is a couple of ways to achieve this but I choose detours (2.1). However I noticed that there was a lack of tutorials on how to actually start using Microsoft detours (or I couldn't use Google properly, which is also possible :D). So here's a little step-by-step tutorial how to start using them and I will also show how to detour Connect and ShellExecute functions.
Step 1 -...
|
c++ Python.h und detours.h
06/15/2011 - C/C++ - 4 Replies
hi
ich benutze Microsoft visual c++ 2010
und wenn ich
#include "windows.h"
#include <Python.h>
#include "detours.h"
benutze wird nur windows.h gefunden
|
MS Detours 1.5
07/16/2010 - Kal Online - 10 Replies
hi,
i'm having problem trying to compile my dll using ms detours 2.1 (not 1.5, sorry)
detours.lib(detours.obj) : error LNK2001: unresolved external symbol "struct HINSTANCE__ * __stdcall Detoured(void)" (?Detoured@@YGPAUHINSTANCE__@@XZ)
G:\KalOnline\d3dx9_29.dll : fatal error LNK1120: 1 unresolved externals
could someone tell me how to solve it?
could not google it.
|
Can EDX Detours be used for multibotting
06/19/2010 - SRO Private Server - 12 Replies
After editing source code can this be done? In EDX Detours thread he wrote this app can be used for another programs after tweaking the source. But i don't have any programming skills,so anyone who knows c++ please take a look at it http://www.elitepvpers.com/forum/sro-guides-templat es/308740-guide-using-windows-detours-redirect-sil kroad-proxy.html
|
All times are GMT +2. The time now is 07:02.
|
|