EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 202 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: AnthonyFurey3

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Kimler hatta?
Toplam 2 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 2 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 92 kişi Paz Ağus. 28, 2016 6:58 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

[C/C++] Hooking Tutorial

Önceki başlık Sonraki başlık Aşağa gitmek

[C/C++] Hooking Tutorial

Mesaj tarafından EMO Bir C.tesi Haz. 25, 2011 4:50 am

Requirements:

  • Knowledge of C/C++
  • MSDetours Version 1.5
Extra note: If don't know anything about any of the above.
I highly recommend you learn before trying tutorial.

Summary of Learning:

  • Simple hooking

When i was learning gamehacking i didn't see many Hooking tutorials out there so i thought
i'll make one and describe the logic behind it.

What is hooking?
You can hook APIs, Functions and alter the way the function works.
Example:
Code:

void Test(bool Status); Original
void Hooked_Test(bool Status); Hook


in our hook we add extra code like
Code:

void Hooked_Test(bool Status)
{
if (Status)
// custom shit

return Test; // return the original
}

This could be useful for removing arguements from function you dont want.
So e.g. on a game we

Ok the code with some comments:
Code:

#include
#include "detours.h"

// Typedef for the original API
typedef BOOL (APIENTRY *tGetOpenFileNameW)(LPOPENFILENAMEW);
tGetOpenFileNameW oGetOpenFileNameW;

// Our hook
BOOL APIENTRY hGetOpenFileNameW(LPOPENFILENAMEW lpofn)
{
// Custom Code
MessageBoxA(NULL, "Executing code before GetOpenFileNameW", "Hook", MB_OK);
// Original API
return oGetOpenFileNameW(lpofn);
}


int WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
if ( dwReason == DLL_PROCESS_ATTACH )
{
// Install Hook
oGetOpenFileNameW = (tGetOpenFileNameW)DetourFunction((PBYTE)GetOpenFileNameW, (PBYTE) hGetOpenFileNameW);
}
return true;
}


Ok now inject the dll into notepad or process that uses GetOpenFileNameW when its called you will see our MessageBox appear Smile
Notes: MSDetours only works for x86 programs and these hooks are easily to detect to i'd recommend you do NOT use this
method on protected games.

Any questions or problems feel free to ask.

Uploaded MSDetours 1.5 for people to download since it's not on microsoft website anymore:
http://www.darkhook.net/downloads/MSDetours_1.5.zip


EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 104343
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Geri: [C/C++] Hooking Tutorial

Mesaj tarafından EMO Bir C.tesi Haz. 25, 2011 4:51 am

tofurocks Wrote: Code:

int * address;
&address = 0x00
address = 10

Don't want to sound like a flamer but I can understand what your trying to do but that would not compile ideally you would want to use something like.
Code:

*(datatype*)(0xyouraddress) =

For example:
Code:

*(DWORD*)(0xDEADBEEF) = 12345;


You need to be careful of writing to invalid addresses i think there is an function for checking for valid pointers but think it's obsolete now? Maybe someone can confirm that but yeah you could setup SEH or VEH for handling invalid address.

Page permission so making it writeable using VirtualProtect then flushing CPU cache FlushInstructionCache but yeah starting to get off topic as what you stated isn't hooking but is writing a value to an address.

(05-09-2011 08:34 PM)Psycho Wrote: How vague, may I ask you to go into more detail or are you going to make an excuse? Yes, I am genuinely interested.
I'll expand on hooking for you. Not too sure what you wanting to know but here more detail hopefully you will find interesting or useful.

How hooking works?
So let's use say we want to hook "MessageBoxA" which is located in user32.dll if your unsure you can check
MSDN:
http://msdn.microsoft.com/en-us/library/...85%29.aspx

Where the table at bottom displays the DLL the exported function is in.
If your trying to hook a exported function that's not windows you could check EAT of the loaded DLL's within the application you want to hook. (I recommend LordPE for this).
The EAT may be encrypted and be using a fake EAT, EAT as loader you could use OllyDbg or IDA PRO to find runtime exports etc etc but yeah there so many method.

So here is MessageBoxA in dissambler:
Code:

USER32.dll+6FD1E - 8B FF - mov edi,edi


So this line of code will be replaced with your JMP to your code (or any sort of method you want to use to get to your code that you allocated within the process other method could be like PUSH
then RET and various other ).
USER32.dll+6FD1E - E9 DD02A991 - jmp 07E70000

0x07E70000 Contains your code.

So now hopefully you'll understand what happens behind the scenes.

What it's useful for?
Malicious use:

  • Hiding content from a process (Usually used in r3 rootkits etc)
  • Evading some sort of protection such as anti-cheats etc

Good use:

  • Adding functionally or fixing problems within a program
  • Preventing or limiting some APIs being used for malicious use. (For example my lastest project is highly complexed Sandbox that hooks certain APIs and lets you grant permission to certain resources. If your interesting i'll show some screenshot and explain in more depth.)

Little more on the hooks the self.

So we can modify the content of the arguments.
Code:

int WINAPI hMesssageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
strcpy(lpText, "Hi-jacked messagebox's message.");

return oMessageBoxA(hWnd, lpText, lpCaption, uType);
}


We could just something completety different than what the API is intended for:
Code:

int WINAPI hMesssageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
// Some code
return 0; // any return you want
}


You can execute code before or after API etc etc.

EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 104343
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön


 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz