|
You last visited: Today at 12:23
Advertisement
Hook Send problem (UK)
Discussion on Hook Send problem (UK) within the Nostale forum part of the MMORPGs category.
10/17/2011, 17:03
|
#1
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Hook Send problem (UK)
Hello folks,
I'm trying to hook the "send" function of nostale.
I wrote this little piece of code
Code:
#include <Windows.h>
#include <fstream>
#include <detours.h>
using namespace std; // byte me
void __cdecl add_log (char *fmt, ...);
//int __usercall sub_5D9464<eax>(int a1<eax>, int a2<edx>, int a3<edi>)
DWORD orgAddress = 0x5d9464;
DWORD jumpAddress;
void *DetourCreate(BYTE *src, const BYTE *dst, const int len);
// wrapper for __usercall
__declspec(naked) void send_unencrypted_hook()
{
_asm pushad;
_asm pushfd;
DWORD a1,a2;
char * command;
__asm{
mov a1,eax;
mov command,edx;
mov a2,edi;
}
add_log("Send hook: %d %d %s",a1,a2,command);
_asm popfd;
_asm popad;
_asm jmp jumpAddress
_asm ret // never gets here
}
DWORD initHook()
{
add_log("Inside hook thread");
//jumpAddress = (DWORD)DetourFunction((PBYTE)orgAddress,(PBYTE)send_unencrypted_hook);
jumpAddress = (DWORD)DetourCreate((PBYTE)orgAddress,(PBYTE)send_unencrypted_hook,6);
return true;
}
void __cdecl add_log (char *fmt, ...)
{
ofstream ofile;
ofile.open("mylog.txt", ios::app);
if(ofile != NULL)
{
if(!fmt) { return; }
va_list va_alist;
char logbuf[256] = {0};
va_start (va_alist, fmt);
_vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
va_end (va_alist);
ofile << logbuf << endl;
}
ofile.close();
}
BOOL WINAPI DllMain(HMODULE hMod, DWORD dwReason, LPVOID lpReserved)
{
DisableThreadLibraryCalls(hMod);
switch(dwReason)
{
case DLL_PROCESS_ATTACH:
CreateThread(0,0,(LPTHREAD_START_ROUTINE)initHook,0,0,0);
break;
}
return TRUE;
}
void *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for (int i=5; i<len; i++) src[i]=0x90;
VirtualProtect(src, len, dwBack, &dwBack);
return (jmp-len);
}
this is the sendhook function:
Code:
CODE:005D9464 sub_5D9464 proc near ; CODE XREF: sub_5D9120+62p
CODE:005D9464 ; sub_5D9B8C+1A2p ...
CODE:005D9464 push ebx
CODE:005D9465 push esi
CODE:005D9466 mov esi, edx
CODE:005D9468 mov ebx, eax
CODE:005D946A jmp short loc_5D9470
CODE:005D946A ; ---------------------------------------------------------------------------
CODE:005D946C dd 193905EBh
CODE:005D9470 ; ---------------------------------------------------------------------------
CODE:005D9470
CODE:005D9470 loc_5D9470: ; CODE XREF: sub_5D9464+6j
CODE:005D9470 mov edx, esi
CODE:005D9472 mov eax, ebx
CODE:005D9474 call sub_5D9260
CODE:005D9479 test al, al
CODE:005D947B jz short loc_5D9497
CODE:005D947D call sub_461498
CODE:005D9482 mov [ebx+70h], eax
CODE:005D9485 cmp word ptr [ebx+22h], 0
CODE:005D948A jz short loc_5D94A8
CODE:005D948C mov edx, esi
CODE:005D948E mov eax, [ebx+24h]
CODE:005D9491 call dword ptr [ebx+20h]
CODE:005D9494 pop esi
CODE:005D9495 pop ebx
CODE:005D9496 retn
CODE:005D9497 ; ---------------------------------------------------------------------------
CODE:005D9497
CODE:005D9497 loc_5D9497: ; CODE XREF: sub_5D9464+17j
CODE:005D9497 cmp word ptr [ebx+2Ah], 0
CODE:005D949C jz short loc_5D94A8
CODE:005D949E mov ecx, esi
CODE:005D94A0 mov dl, 2
CODE:005D94A2 mov eax, [ebx+2Ch]
CODE:005D94A5 call dword ptr [ebx+28h]
CODE:005D94A8
CODE:005D94A8 loc_5D94A8: ; CODE XREF: sub_5D9464+26j
CODE:005D94A8 ; sub_5D9464+38j
CODE:005D94A8 pop esi
CODE:005D94A9 pop ebx
CODE:005D94AA retn
CODE:005D94AA sub_5D9464 endp
Somehow, i'm still not doing something right with the registers, and I can't figure out what.
When I do something in game i get the error msg: Error in address: xxx, couldnt write address: xxx.
The data that the hook gets is alright:
Send hook: 72055760 4837768 say hello
Send hook: 72055760 500 ncif 1 455015
Send hook: 72055760 100 walk 34 103 0 11
|
|
|
10/17/2011, 17:52
|
#2
|
elite*gold: 0
Join Date: Feb 2011
Posts: 387
Received Thanks: 33
|
what exactly are you trying to do? o-o
|
|
|
10/17/2011, 17:55
|
#3
|
elite*gold: 113
Join Date: Dec 2009
Posts: 16,685
Received Thanks: 4,449
|
I think the hook is just for a test right now, as I'm seeing.
And from what it looks like, it's gonna be some sort of packet Bot?
|
|
|
10/17/2011, 18:56
|
#4
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,344
|
Using Microsoft's Detours-library instead of your own detour-function would make your hook easier since you wouldn't have to deal with the registers.
|
|
|
10/17/2011, 19:27
|
#5
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Quote:
Originally Posted by Metin2Spieler97
Using Microsoft's Detours-library instead of your own detour-function would make your hook easier since you wouldn't have to deal with the registers.
|
I don't really see what you're saying here.
I'm dealing with a __usercall function. Parameters are not pushed onto the stack, they are inside the eax edx etc registers.
This is why i have to do a naked function, to handle the registers myself.
What this does is it logs all the actions that user does.
Later on i'll add a simple wrapper to call this function so you can let it act like a bot.
|
|
|
10/17/2011, 19:54
|
#6
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,344
|
Perhaps the local variables inside your detour-function are overwriting some other values on the stack. Try saving the registers into global variables instead, maybe that will do the trick.
|
|
|
10/17/2011, 21:19
|
#7
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Quote:
Originally Posted by Metin2Spieler97
Perhaps the local variables inside your detour-function are overwriting some other values on the stack. Try saving the registers into global variables instead, maybe that will do the trick.
|
Thanks, this did the trick.
I was quickly browsing through the german threads, and i saw they had a similar tools, that's why i made this. My german is not that good so i don't really understand what they're doing with it.
|
|
|
10/18/2011, 18:32
|
#8
|
elite*gold: 0
Join Date: Oct 2011
Posts: 33
Received Thanks: 133
|
So it's working?
(So the question in my thread is allready answered?)
|
|
|
10/18/2011, 19:34
|
#9
|
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
|
Quote:
Originally Posted by Mr.Crunch
So it's working?
(So the question in my thread is allready answered?)
|
No, i still cannot send packets myself...
Where do you actually call this function?
In another thread, or do you hook somewhere in nostalex.dat ?
|
|
|
|
Similar Threads
|
Winsock send Hook Problem
08/08/2011 - General Coding - 20 Replies
Huhu,
Ich würde gerne die send(...) Mehtode hooken, um das Socket abfangen zu können, damit ich danach eigene Pakete verschicken kann.
Das Problem besteht darin, dass sobald ich die dll injecte(z.b in firefox) und ein paket versende, einmal die MessageBox erscheint, das send() aufgerufen wurde und danach das Programm abstürtzt. Zum hooken benutze ich microsoft detours 1.5 und arbeite unter win 7 64bit. Die dll compile ich als 32bit und injecte sie auch in einen 32bit prozess.
Würde mich...
|
[Help]HackShield detected send,recv hook c++
08/17/2010 - C/C++ - 6 Replies
Entschuldigung für noch einen Thread am selben Tag aber das passt glaub ich nicht wirklich in das andere deswegen eröffne ich einen neuen.
Wenn ich die Winsock send recv hooke detected das Hackshield nach ca. 2 minuten einen hack kann man das Bypassen ?
Und wenn ja,wie sollte ich anfangen.
Würde mich freuen auf eine Antwort.
Mit freundlichen Grüßen :)
|
[osds] problem send item & send weapon
11/12/2009 - Dekaron Private Server - 3 Replies
Hello i have 2 problems with osds control panel
when i try to send weapon i have no more weapon available i cant choice i have nothing but i can send armor succesfully and my second problem is send item when i try to send item the browser say Login Error, Please login again.anyone can be fix that please?
i post screenshots http://panzer.power-heberg.com/itembug.JPG
http://panzer.power-heberg.com/noweapon.JPG
|
Hshield send function hook
10/11/2008 - Kal Online - 12 Replies
ey kann mir wer nen tipp geben wie man die addressen rauskriegt von int vom hshield für recv und send funktion damit die gehooked wird??
|
All times are GMT +2. The time now is 12:23.
|
|