public static void InstallSend()
{
_hookDelegateSend = HookSend;
var addrs = HookHelper.searchAsm(new byte[] { 0x8d, 0x8e, 0x7c, 0x01, 0x00, 0x00, 0x89, 0x45, 0xf8 });
Debug.Requires(addrs.Count == 1);
_hookAddress = (IntPtr)addrs[0];
IntPtr codeCave = HookHelper.MakeCodeCave(new[]
{
"pushad",
"lea ecx, [esi + 0x17c]",
"mov dword[ebp-0x8], eax",
"push edi",
"push ebx",
"mov eax, [ebp + 8]", //param1
"mov eax, [eax]",
"push dword[eax+0x40]", //type2 - placeholder
"call " + Marshal.GetFunctionPointerForDelegate(_hookDelegateSend),
"popad",
"lea ecx, [esi + 0x17c]",
"jmp " + (_hookAddress + 9)
});
HookHelper.Jump(_hookAddress, codeCave);
}
internal static void Install(HookType hook)
{
var hookLocation = new IntPtr(0x0081c8a0);
IntPtr codeCave = Marshal.AllocHGlobal(128);
byte[] code = FasmNet.Assemble(new[]
{
"use32",
"org " + codeCave,
"int 3",
"push ebp",
"mov ebp, esi",
"push 0",
"pushad",
"call " + Marshal.GetFunctionPointerForDelegate(hook),
"mov [ebp+0x4], eax",
"popad",
"pop eax",
"pop ebp",
"jmp " + (hookLocation + 5)
});
Marshal.Copy(code, 0, codeCave, code.Length);
HookHelper.Jump(hookLocation, codeCave);
}
public static void Install()
{
_hookDelegate = Hook;
IntPtr addr = Kernel32.GetProcAddress(Kernel32.GetModuleHandle("ws2_32.dll"), "WSAAsyncGetHostByName");
_originalDelegate = (HookType)Marshal.GetDelegateForFunctionPointer(addr, typeof(HookType));
HookHelper.Jump(_hookAddress, Marshal.GetFunctionPointerForDelegate(_hookDelegate));
}
public static void InstallRecv()
{
_hookDelegateRecv = HookRecv;
var addrs = HookHelper.searchAsm(new byte[] { 0xff, 0x75, 0x14, 0x8d, 0x04, 0x1f });
Debug.Requires(addrs.Count == 1);
var _hookAddressPre = (IntPtr)addrs[0] - 14;
var _hookAddressPost = (IntPtr)addrs[0];
IntPtr codeCavePre = HookHelper.MakeCodeCave(new[]
{
"push ebx", //len
"push edi", //dest
"mov eax, [ebp + 8]", //param1
"mov eax, [eax]",
"push dword[eax+0x40]", //type2 - placeholder
"push edi",
"push esi",
"push ebx",
"mov esi, [ebp + 8]",
"lea ecx, [esi + 0x74]",
//"mov dword[esp + 0xc], ecx", //store key in placeholder
"jmp " + (_hookAddressPre + 9) // calls Rc4 and takes 3 arguments off the stack
});
IntPtr codeCavePost = HookHelper.MakeCodeCave(new[]
{
"mov eax, esp",
"pushad",
"mov ebx, [eax+8]", //len
"push ebx",
"mov ebx, [eax+4]", //dest
"push ebx",
"mov ebx, [eax]", //type
"push ebx",
"call " + Marshal.GetFunctionPointerForDelegate(_hookDelegateRecv),
"popad",
"push dword[ebp + 0x14]",
"lea eax, [edi + ebx]",
"jmp " + (_hookAddressPost + 6)
});
HookHelper.Jump(_hookAddressPre, codeCavePre);
HookHelper.Jump(_hookAddressPost, codeCavePost);
}
internal static void Install(HookType hook)
{
var hookLocation1 = new IntPtr(0x005D53B1);
var hookLocation = new IntPtr(0x005D5590);
IntPtr codeCave2 = Marshal.AllocHGlobal(4);
IntPtr codeCave1 = Marshal.AllocHGlobal(128);
byte[] code1 = FasmNet.Assemble(new[]
{
"use32",
"org " + codeCave1,
"push esi",
"push edi",
"mov esi, dword[ebx+0x10]",
"mov dword[" + codeCave2 + "],esi",
"lea esi, dword[ebx+0x78]",
"jmp " + (hookLocation1 + 5)
});
Marshal.Copy(code1, 0, codeCave1, code1.Length);
HookHelper.Jump(hookLocation1, codeCave1);
IntPtr codeCave = Marshal.AllocHGlobal(128);
byte[] code = FasmNet.Assemble(new[]
{
"use32",
"org " + codeCave,
"push dword [ebp+0x8]",
"push dword [" + codeCave2 + "]",
"call " + Marshal.GetFunctionPointerForDelegate(hook),
"pop edi",
"pop esi",
"pop ebx",
"leave",
"retn 8"
});
Marshal.Copy(code, 0, codeCave, code.Length);
HookHelper.Jump(hookLocation, codeCave);
}
internal static void Install(HookType hook)
{
var hookLocation = new IntPtr(0x007B25F6);
IntPtr codeCave = Marshal.AllocHGlobal(128);
byte[] code = FasmNet.Assemble(new[]
{
"use32",
"org " + codeCave,
"mov dword[esi+0x88],ecx",
"pushad",
"push dword[esi+0x2C]",
"call " + Marshal.GetFunctionPointerForDelegate(hook),
"popad",
"jmp " + (hookLocation + 6)
});
Marshal.Copy(code, 0, codeCave, code.Length);
HookHelper.Jump(hookLocation, codeCave);
}
internal static void Install()
{
var hookLocation = new IntPtr(0x005D2EF1);
IntPtr codeCave = Marshal.AllocHGlobal(128);
_speedModifierLocation = Marshal.AllocHGlobal(4);
byte[] code = FasmNet.Assemble(new[]
{
"use32",
"org " + codeCave,
"mov ebx, dword[ecx*0x4+eax]",
"mov dword[" + _speedModifierLocation + "], ebx",
"test ebx, ebx",
"jmp " + (hookLocation + 5)
});
Marshal.Copy(code, 0, codeCave, code.Length);
HookHelper.Jump(hookLocation, codeCave);
}
internal static void Install()
{
// 8b 34 b0 85 f6 75 14 68 2d 04 00 00
List <int> addrs = HookHelper.searchAsm(new byte[] { 0x8b, 0x34, 0xb0, 0x85, 0xf6, 0x75, 0x14, 0x68, 0x2d, 0x04, 0x00, 0x00 });
Debug.Requires(addrs.Count == 1);
var hookLocation = new IntPtr(addrs[0]);
_speedModifierLocation = Marshal.AllocHGlobal(4);
_db8Location = Marshal.AllocHGlobal(4);
IntPtr codeCave = HookHelper.MakeCodeCave(new[] {
"mov esi, dword[esi*0x4+eax]", //instruction from original
"mov dword[" + _speedModifierLocation + "], esi",
"mov dword[" + _db8Location + "], ebx",
"test esi, esi", //instruction from original
"jmp " + (hookLocation + 5)
});
HookHelper.Jump(hookLocation, codeCave);
}
internal static void Install2(HookType hook)
{
// 83 c4 08 89 46 18
List <int> addrs = HookHelper.searchAsm(new byte[] { 0x83, 0xc4, 0x08, 0x89, 0x46, 0x18 });
Debug.Requires(addrs.Count == 1);
int addrStart = addrs[0];
var hookLocation = new IntPtr(addrStart);
IntPtr codeCave = HookHelper.MakeCodeCave(new[] {
"pushad",
"push dword[ebp+8]",
"push dword[ebp+8]",
"call " + Marshal.GetFunctionPointerForDelegate(hook),
"popad",
"add esp,8", //instruction from original
"mov dword[esi+0x18],eax", //instruction from original
"jmp " + (hookLocation + 6)
});
HookHelper.Jump(hookLocation, codeCave);
}
internal static void Install(HookType hook)
{
// Get start of function
List <int> addrs = HookHelper.searchAsm(new byte[] { 0x89, 0x4d, 0xe8, 0x8b, 0x46, 0x78 });
Debug.Requires(addrs.Count == 1);
int addrStart = addrs[0];
// End of function (5e 8b e5 5d c2 08 00) is at addrStart + 0x0267
int addrEnd = addrStart + 0x0267;
var hookLocation1 = new IntPtr(addrStart);
var hookLocation = new IntPtr(addrEnd);
IntPtr codeCave2 = Marshal.AllocHGlobal(4);
IntPtr codeCave1 = HookHelper.MakeCodeCave(new[] {
"mov eax, dword[esi+0x10]", //eax will be overwritten soon
"mov dword[" + codeCave2 + "],eax", //store value in codeCave
"mov dword[ebp-0x18],ecx", //instruction from original (89 4d e8)
"mov eax,dword[esi+0x78]", //instruction from original (8b 46 78)
"jmp " + (hookLocation1 + 6)
});
HookHelper.Jump(hookLocation1, codeCave1);
IntPtr codeCave = HookHelper.MakeCodeCave(new[] {
"push dword [ebp+0x8]", //id parameter
"push dword [" + codeCave2 + "]",
"call " + Marshal.GetFunctionPointerForDelegate(hook),
"pop esi",
"mov esp,ebp",
"pop ebp",
"retn 8"
});
HookHelper.Jump(hookLocation, codeCave);
}
