EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 202 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: AnthonyFurey3

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Kimler hatta?
Toplam 2 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 2 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 92 kişi Paz Ağus. 28, 2016 6:58 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

How do I hook the winsock send, recv, and connect in c#

Önceki başlık Sonraki başlık Aşağa gitmek

How do I hook the winsock send, recv, and connect in c#

Mesaj tarafından EMO Bir Perş. Haz. 02, 2011 8:45 am

I have been injecting a c++ .dll that is able to hook the send, recv functions of winsock, so that I can manipulate the data.



However, I have recenly learned how to get a Windows Form created in a
C# dll (By injecting a c++ .dll that acts as a loader, and loads the
CLR, then calls a method on my managed C# class library)



In this method, I need to hook the winsock functions for send and recv.
I know how to do this in C++, but I have never found any instructions
to do this in c#



Here is my c++ code, so to better illustrate what I am trying to do.



Code:



typedef SOCKET (WINAPI *PSOCKET)(int af, int type, int protocol);

typedef int (WINAPI *PCONNECT)(SOCKET s, const struct sockaddr *address, int namelen);

typedef int (WINAPI *PSEND)(SOCKET s, const char* buf, int len, int flags);



PSOCKET OrigSocket;

PCONNECT OrigConnect;

PSEND OrigSend;



int WINAPI __stdcall MyConnect(SOCKET s, const struct sockaddr *address, int namelen)

{

}



int WINAPI __stdcall MySend(SOCKET s, const char* buf, int len, int flags)

{

}



DWORD APIHook(DWORD HookFunc, DWORD MyFunc, DWORD OrigFunc)

{

unsigned char NewData[5], DetourJump[5], OldData[5];

DWORD OldProtect;

int i;

unsigned char* HookFuncPtr = (unsigned char*) HookFunc;

unsigned char* HookDetour = (unsigned char*)new char[(25)];

for(i = 0; i < 25; i++)

HookDetour = 0x90; //NOP

NewData[0] = 0xE9; //JMP (near)

*(PDWORD)&NewData[1] = (DWORD)((DWORD)MyFunc - ((DWORD)HookFunc + 5));

DetourJump[0] = 0xE9;

*(PDWORD)&DetourJump[1] = (DWORD)((DWORD)HookFunc - ((DWORD)HookDetour + 14 + 5));

VirtualProtectEx(GetCurrentProcess(), (void*)HookFunc, 10, PAGE_EXECUTE_WRITECOPY, &OldProtect);

for(i = 0; i < 5; i++)

{

OldData[i] = HookFuncPtr[i];

HookFuncPtr[i] = NewData[i];

}

VirtualProtectEx(GetCurrentProcess(), (void*)HookFunc, 10, OldProtect, NULL);

VirtualProtectEx(GetCurrentProcess(), (void*)HookDetour, 25, PAGE_EXECUTE_WRITECOPY, &OldProtect);

for(i = 0; i < 5; i++)

HookDetour[i] = OldData[i];

HookDetour[24-5] = DetourJump[0];

HookDetour[24-4] = DetourJump[1];

HookDetour[24-3] = DetourJump[2];

HookDetour[24-2] = DetourJump[3];

HookDetour[24-1] = DetourJump[4];

HookDetour[24] = 0xC3; //RET

VirtualProtectEx(GetCurrentProcess(), (void*)HookDetour, 25, OldProtect, NULL);

OrigFunc = (DWORD)HookDetour;

return OrigFunc;

}







DWORD WINAPI Inject(HINSTANCE hInst /*LPVOID lparam*/)

{

WSADATA wsaData;

WSAStartup(MAKEWORD(1,1), &wsaData);

*(PDWORD)&OrigConnect =
APIHook((DWORD)GetProcAddress(GetModuleHandle((LPCSTR)"Ws2_32.dll"),
"connect"), (DWORD)MyConnect, (DWORD)OrigConnect);

*(PDWORD)&OrigSend =
APIHook((DWORD)GetProcAddress(GetModuleHandle((LPCSTR)"Ws2_32.dll"),
"send"), (DWORD)MySend, (DWORD)OrigSend);

}






Unsafe is only needed if you plan to use direct
access. You can read and write to pointers using the Marshal class and
not have to touch unsafe at all. Basically if you were wanting to deal
with the pointers like C++ does and such. But you can do the same things
using Marshaling if you are injected.



[i]Think of it as memcpy/memset.



Quote:
I
was referring to the functions that "are" the detours (MyConnect,
MySend, MyRecv, MyWSASend, MyWSARecv) rather than the functions that
"create" the detours (Inject, APIHook) when I stated that the functions
must be unmanaged. This is assuming that an abstraction such as EasyHook
is not to be used.



You can do all these in C# / managed code as well. The detours can be
written in managed code without issue. I was writing a Direct3D hook /
wrapper that does this, for example the Direct3DCreate9 detour:



Code:

///

/// Direct3DCreate9 Hook

///


///

///

[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]

delegate IntPtr delegate_Direct3DCreate9(ushort SDKVersion);

public IntPtr Mine_Direct3DCreate9(ushort SDKVersion)

{

Debug.Write("[Mine_Direct3DCreate9] Hooked Direct3DCreate9 called.");



this.m_vDirect3D = (IntPtr)DetourManager.Instance["Direct3DCreate9"].CallOriginal(SDKVersion);

return this.m_vDirect3D;

}




Placement:

Code:

// Detour Direct3DCreate9

bool bAttached = DetourManager.Instance.DetourAttach(

"d3d9.dll", "Direct3DCreate9", new delegate_Direct3DCreate9(Mine_Direct3DCreate9), true

);




Then the detour code creates the patch in the function as:

PUSH 0x68 0xFF 0xFF 0xFF 0xFF

RETN 0xC3



Which my Detour manager uses delegate pointers to call the original
functions. All of which are using Marshal calls instead of having to
touch unsafe.



You can create delegates to the real function like:

Code:
Delegate realFunction = Marshal.GetDelegateForFunctionPointer(lpFunctionAddress, lpFunctionDelegate.GetType())



Which you can call with:

Code:

object ret = realFunction.DynamicInvoke(params_here);




Pretty fun stuff to dive into, the Marshal class is nice for stuff like
this if you haven't taken a chance to look into it much: Marshal

EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 104393
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön

- Similar topics

 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz