Hook Send problem (UK)

10/17/2011 17:03 blackmorpheus#1
Hello folks,

I'm trying to hook the "send" function of nostale.

I wrote this little piece of code
Code:
#include <Windows.h>
#include <fstream>
#include <detours.h>

using namespace std; // byte me
void __cdecl add_log (char *fmt, ...);

//int __usercall sub_5D9464<eax>(int a1<eax>, int a2<edx>, int a3<edi>)
DWORD orgAddress = 0x5d9464;
DWORD jumpAddress;

void *DetourCreate(BYTE *src, const BYTE *dst, const int len);

// wrapper for __usercall
__declspec(naked) void send_unencrypted_hook()
{
	
	_asm pushad;
	_asm pushfd;
	
	DWORD a1,a2;
	char * command;

	__asm{
		
		mov a1,eax;
		mov command,edx;
		mov a2,edi;
	}

	add_log("Send hook: %d %d %s",a1,a2,command);

	
	_asm popfd;
	_asm popad;
	_asm jmp jumpAddress
	_asm ret // never gets here
}


DWORD initHook()
{
	add_log("Inside hook thread");
	//jumpAddress = (DWORD)DetourFunction((PBYTE)orgAddress,(PBYTE)send_unencrypted_hook);
	 jumpAddress = (DWORD)DetourCreate((PBYTE)orgAddress,(PBYTE)send_unencrypted_hook,6);
	return true;
}

void __cdecl add_log (char *fmt, ...)
{
	ofstream ofile;    
	ofile.open("mylog.txt", ios::app);
    if(ofile != NULL)
    {
        if(!fmt) { return; }

        va_list va_alist;
        char logbuf[256] = {0};

        va_start (va_alist, fmt);
        _vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
        va_end (va_alist);

        ofile << logbuf << endl;
    }
	ofile.close();
}


BOOL WINAPI DllMain(HMODULE hMod, DWORD dwReason, LPVOID lpReserved)
{
	DisableThreadLibraryCalls(hMod);

	switch(dwReason)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(0,0,(LPTHREAD_START_ROUTINE)initHook,0,0,0);
		break;
	}
	
	return TRUE;
}



void *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
	BYTE *jmp = (BYTE*)malloc(len+5);
	DWORD dwBack;

	VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
	memcpy(jmp, src, len);	
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
	src[0] = 0xE9;
	*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
	for (int i=5; i<len; i++)  src[i]=0x90;
	VirtualProtect(src, len, dwBack, &dwBack);
	return (jmp-len);
}
this is the sendhook function:


Somehow, i'm still not doing something right with the registers, and I can't figure out what.

When I do something in game i get the error msg: Error in address: xxx, couldnt write address: xxx.

The data that the hook gets is alright:

Send hook: 72055760 4837768 say hello
Send hook: 72055760 500 ncif 1 455015
Send hook: 72055760 100 walk 34 103 0 11
10/17/2011 17:52 yoyoboss09#2
what exactly are you trying to do? o-o
10/17/2011 17:55 Rorc#3
I think the hook is just for a test right now, as I'm seeing.
And from what it looks like, it's gonna be some sort of packet Bot?
10/17/2011 18:56 ms​#4
Using Microsoft's Detours-library instead of your own detour-function would make your hook easier since you wouldn't have to deal with the registers.
10/17/2011 19:27 blackmorpheus#5
Quote:
Originally Posted by Metin2Spieler97 View Post
Using Microsoft's Detours-library instead of your own detour-function would make your hook easier since you wouldn't have to deal with the registers.
I don't really see what you're saying here.

I'm dealing with a __usercall function. Parameters are not pushed onto the stack, they are inside the eax edx etc registers.
This is why i have to do a naked function, to handle the registers myself.

What this does is it logs all the actions that user does.
Later on i'll add a simple wrapper to call this function so you can let it act like a bot.
10/17/2011 19:54 ms​#6
Perhaps the local variables inside your detour-function are overwriting some other values on the stack. Try saving the registers into global variables instead, maybe that will do the trick.
10/17/2011 21:19 blackmorpheus#7
Quote:
Originally Posted by Metin2Spieler97 View Post
Perhaps the local variables inside your detour-function are overwriting some other values on the stack. Try saving the registers into global variables instead, maybe that will do the trick.
Thanks, this did the trick. :handsdown:

I was quickly browsing through the german threads, and i saw they had a similar tools, that's why i made this. My german is not that good so i don't really understand what they're doing with it.
10/18/2011 18:32 Mr.Crunch#8
So it's working? :)
(So the question in my thread is allready answered?)
10/18/2011 19:34 blackmorpheus#9
Quote:
Originally Posted by Mr.Crunch View Post
So it's working? :)
(So the question in my thread is allready answered?)
No, i still cannot send packets myself...
Where do you actually call this function?

In another thread, or do you hook somewhere in nostalex.dat ?