Hi!
Currently, I'm trying to redirect the IP by patching the memory of the sro_client at the connect function, to call my own function. However, there is a problem which I can't figure out, why it happens.
If i'm moving the Socket of the ECX register into my own Socket variable, I get the WSAENOTSOCK error, when trying to duplicate it, to get the Protocol Information.
Same happens, when I push the unchanged parameters to call the connect function.
If i create my own Socket, it connects to the proxy but still ends with the C9 MessageBox:
[Only registered and activated users can see links. Click Here To Register...]
This is the function, that is being called instead of the original connect:
Any help is appreciated.
Thanks in advance!
Currently, I'm trying to redirect the IP by patching the memory of the sro_client at the connect function, to call my own function. However, there is a problem which I can't figure out, why it happens.
If i'm moving the Socket of the ECX register into my own Socket variable, I get the WSAENOTSOCK error, when trying to duplicate it, to get the Protocol Information.
Same happens, when I push the unchanged parameters to call the connect function.
If i create my own Socket, it connects to the proxy but still ends with the C9 MessageBox:
[Only registered and activated users can see links. Click Here To Register...]
This is the function, that is being called instead of the original connect:
Code:
void Redirect()
{
__asm MOV sock, ECX
__asm MOV pSockAddr, EDI
int af = AF_INET;
int type = SOCK_STREAM;
int protocol = IPPROTO_TCP;
sockaddr_in *addr_in = (sockaddr_in*)pSockAddr;
addr_in->sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
addr_in->sin_port = htons(16000);
addr_in->sin_family = AF_INET;
pSockAddr = (PSOCKADDR)addr_in;
SOCKET s = socket(af, type, protocol);
DWORD d = PtrToUlong(GetProcAddress(GetModuleHandle("WS2_32.dll"), "connect"));
int result;
__asm MOV ECX, s
__asm MOV EDI, pSockAddr
__asm PUSH 16
__asm PUSH EDI
__asm PUSH ECX
__asm CALL DWORD PTR DS:[d]
__asm MOV result, EAX
if(result == -1)
{
std::stringstream ss;
ss<<"Error on redirecting: "<<WSAGetLastError()<<"\n";
printf(ss.str().c_str());
}
//connect function
byte connect_pattern[10] = { 0x6A, 0x10, //PUSH 10
0x57, //PUSH EDI
0x51, //PUSH ECX
0xFF, 0x15, 0x30, 0xB6, 0xE4, 0x00 }; //CALL DWORD PTR DS:[<&WS2_32.#4>]
//patch it back to original connect
WriteProcessMemory(GetCurrentProcess(), UlongToPtr(ConnectAddress), connect_pattern, 10, NULL);
}
Thanks in advance!