Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Hooking Send , Recv Problem

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
KratosA
How do I cheat?
Reputation: 0

Joined: 29 May 2015
Posts: 1
PostPosted: Fri May 29, 2015 11:48 am    Post subject: Hooking Send , Recv Problem Reply with quote
Ok i been playing around with some hooking again. I recently moved from studying php to c/c++ for several months now . so i decided to do something about Hooking looking up some facts from msdn and some other things on here .

I try to inject this DLL into Firefox, when i do, i do not see it open the hookFile.txt and save the buffer to the .txt file, am i getting something wrong ? my source code goes like this

Code:

#include <windows.h>
#include <stdio.h>

void ApiHook(LPSTR Module,LPCSTR OldFunc,LPVOID NewFunc,unsigned char *backup);
extern "C" _declspec(dllexport) void newSend(SOCKET s, const char* buf, int len, int flags);
extern "C" _declspec(dllexport) void newRecv(SOCKET s, const char* buf, int len, int flags);


now the main.cpp looks like this

Code:

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <Winsock.h>
#include "DLLHookSendRecv.h"

#pragma comment (lib,"ws2_32")

typedef int (*WINAPI oldsend)(SOCKET s,const char* buf,int len,int flags);
typedef int (*WINAPI oldrecv)(SOCKET s,const char* buf,int len,int flags);

BYTE hook[6];

void ApiHook(LPSTR Module,LPCSTR OldFunc,LPVOID NewFunc,unsigned char *backup)
{
  DWORD dwProtect;
  HINSTANCE hLib = LoadLibraryA(Module);
  DWORD OldFuncAddr = (DWORD)GetProcAddress(hLib,OldFunc);
  DWORD NewFuncAddr = (DWORD)NewFunc;

  BYTE jmp[6] ={0xE9,0x00,0x00,0x00,0x00,0xC3};
  DWORD  jmpAddr = (NewFuncAddr - OldFuncAddr) -5;
  memcpy(&jmp[1],&jmpAddr,4);

  VirtualProtect((LPVOID) OldFuncAddr,6,PAGE_EXECUTE_READWRITE,&dwProtect);
  WriteProcessMemory(GetCurrentProcess(),(LPVOID)OldFuncAddr,jmp,6,0);
  VirtualProtect((LPVOID)OldFuncAddr,6,dwProtect,&dwProtect);
}

extern "C" _declspec(dllexport) void newSend(SOCKET s, const char* buf, int len, int flags)
{
   FILE* logFile;
   logFile = fopen("hookFile.txt","w");
   fprintf(logFile,"%s",buf);
   fclose(logFile);
  return send(s,buf,len,flags);
}

extern "C" _declspec(dllexport) void newRecv(SOCKET s, const char* buf, int len, int flags)
{
   FILE* logFile;
   logFile = fopen("hookFile.txt","w");
   fprintf(logFile,buf);
   fclose(logFile);
  return recv(s,buf,len,flags);
}

BOOL APIENTRY DllMain(HINSTANCE hInstDLL,DWORD ul_reason_for_call,LPVOID lpReserved)
{
  switch(ul_reason_for_call)
  {
    case DLL_PROCESS_ATTACH:
      ApiHook("ws2_32.dll","send",newSend,hook);
      ApiHook("ws2_32.dll","recv",newRecv,hook);
    break;
    case DLL_PROCESS_DETACH:
    break;
    case DLL_THREAD_ATTACH:
      ApiHook("ws2_32.dll","send",newSend,hook);
      ApiHook("ws2_32.dll","recv",newRecv,hook);
    break;
    case DLL_THREAD_DETACH:
        break;
  }
    return TRUE;
}
Back to top
View user's profile Send private message  
atom0s
Moderator
Reputation: 204

Joined: 25 Jan 2006
Posts: 8580
Location: 127.0.0.1
PostPosted: Fri May 29, 2015 1:48 pm    Post subject: Reply with quote
You have several problems with your ApiHook function.

  • You are not storing a proper address to use as the real function call.
  • You are not handling a 'detour' correctly. Just placing a 5 byte jump at the start of any API is not valid and is going to cause crashes or other unwanted results.
  • You are calling the original API in your hooks which is incorrect.
  • You are calling ApiHook from DllMain which goes against the guidelines of a DLL by Microsoft. (Especially calling things like LoadLibrary from DllMain.)


I suggest you take a look at a real detouring library like Microsoft Detours as you are not doing this correctly.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website  
Reak
I post too much
Reputation: 0

Joined: 15 May 2007
Posts: 3496
PostPosted: Sun Jun 07, 2015 5:30 am    Post subject: Reply with quote
This one could help you.
Back to top
View user's profile Send private message  
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites