I have even better idea than waste my time and being spammed all day long ...
I will release patterns, masks, relative distances and asm handling functions
Code:
//PATTERNS AND MASKS
BYTE bPattern_SendPacket_KOCP[] = {0x55, 0x89, 0xE5, 0x83, 0xEC, 0x14, 0x89, 0xE8, 0x8B, 0x40, 0x04, 0x83, 0xE8, 0x05, 0xA3, 0xDC, 0x1D, 0x32, 0x02, 0x83, 0x3D, 0x98, 0xEA, 0x70, 0x00, 0x00, 0x74, 0x07};
const char * chMask_SendPacket_KOCP = "xxxxxxxxxxxxxxx?????xxxxxxxx";
BYTE bPattern_RecvPacket[] = {0x89, 0x55, 0xFC, 0xE9, 0x2A, 0x6E, 0xFF, 0x6F, 0x48, 0x02, 0x89, 0x8D, 0xFC, 0xCE, 0xFF, 0xFF, 0x83, 0xBD, 0xFC, 0xCE, 0xFF, 0xFF, 0x67, 0x0F, 0x87, 0xB2, 0xE8, 0x00, 0x00, 0x8B, 0x95, 0xFC, 0xCE, 0xFF, 0xFF};
const char * chMask_RecvPacket = "xxx?????xxxxxxxxxxxxxxxxxxxxxxxxxxx";
BYTE bPattern_SendJump[] = {0x53, 0x56, 0x57, 0x8B, 0x7D, 0x14, 0x8B, 0x75, 0x10, 0x8B, 0x5D, 0x0C, 0xE8};
const char * chMask_SendJump = "xxxxxxxxxxxxx";
BYTE bPattern_SendJump2[] = {0x50, 0xE8, 0xEC, 0x06, 0x00, 0x00, 0x83, 0xC4, 0x0C, 0x84, 0xC0, 0x74, 0x3A};
const char * chMask_SendJump2 = "xx????xxxxxxx";
//JMPACKS AND RELATIVE DISTANCES FROM PATTERN
// SAMPLE: pSendPacket_KOCP = pSend_KOCP_RelDist + FindBlahBlah(ADDY1, ADDY2, PATTERN, MASK);
pSend_KOCP_RelDist = 0x00;
pSend_KOCP_JMPBack = pSendPacket_KOCP + 0x06;
// YOU DON'T HAVE TO USE PATTERN FOR RECV BTW
pRecv_RelDist = 0x0A;
pRecv_JMPBack = pRecvPacketKOCP + 0x06;
pSendJump_RelDist = 0x2C;
PSendJump2_RelDist = 0x0B;
//HANDLERS
void __declspec( naked ) RecvHook(void)
{
__asm
{
PUSHAD// NOT REALLY NECESSARY, BUT NVM
PUSH EAX
CALL RecvHandler
POP EAX
POPAD
MOV DWORD PTR SS:[EBP-0x3104],ECX
JMP DWORD PTR [pRecv_JMPBack]
}
}
int __declspec ( naked ) SendPacket(BYTE bType, LPCSTR lpszFormat, ...)
{
//SEND HAS OLD PROLOGUE
__asm
{
PUSH EBP
MOV EBP,ESP
SUB ESP,0x14
}
// <= FUNCTION BODY HERE. USE OLD SOURCES IF YOU DON'T HAVE ANYTHING SPECIAL TO DO=>
// EPILOGUE
__asm
{
jmp DWORD PTR [pSend_KOCP_JMPBack]
}
}
When you have address (Obtained from pattern search + reldists) and jumps - use Intercept (or any other function of your choice) to hook from pSendPacket_KOCP to SendPacket and do the same for Recv.
You must also create function void RecvHandler(unsigned char * chBuffer) (Guess why).