void set_hooks_dll(const wchar_t *library, int len)
{
for (int i = 0; i < ARRAYSIZE(g_hooks); i++) {
if(!wcsnicmp(g_hooks[i].library, library, len)) {
hook_api(&g_hooks[i], HOOKTYPE);
}
}
}
void set_hooks()
{
// the hooks contain executable code as well, so they have to be RWX
DWORD old_protect;
VirtualProtect(g_hooks, sizeof(g_hooks), PAGE_EXECUTE_READWRITE,
&old_protect);
hook_disable();
// now, hook each api :)
for (int i = 0; i < ARRAYSIZE(g_hooks); i++) {
if(g_hooks[i].allow_hook_recursion != FALSE) {
hook_api(&g_hooks[i], HOOKTYPE);
}
else {
hook_api(&g_hooks[i], HOOKTYPE);
}
}
hook_enable();
}
int main()
{
// we allocate one memory pages, because globals have different addresses
// based on compiler/settings (addresses are still relative to each other
// so the base address is not important)
unsigned char *functions = (unsigned char *) VirtualAlloc(NULL, 0x3000,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
unsigned char *gates = functions + 0x1000;
hook_t *hook = (hook_t *)(functions + 0x2000);
if(functions == NULL) {
printf("Error allocating memory..\n");
return 0;
}
memcpy(functions, g_functions, sizeof(g_functions));
// create and check callgates
for (int i = 0; i < COUNT && functions[i * SIZE] != 0; i++) {
int len = hook_create_callgate(&functions[i * SIZE],
g_function_lengths[i], &gates[i * SIZE]);
if(memcmp(&gates[i * SIZE], gate_solutions[i], SIZE)) {
printf("%dth gate is invalid!\n", i);
for (int j = 0; j < len; j++) {
printf("%02x %02x\n", gates[i * SIZE + j],
gate_solutions[i][j]);
}
return 0;
}
}
memset(gates, 0, 0x1000);
memset(hook, 0, 0x1000);
// make a hook which hooks the first function and uses the second function
// as hook address
void *old_addr;
hook->addr = functions;
hook->new_func = &functions[SIZE];
hook->old_func = &old_addr;
hook_api(hook, HOOK_DIRECT_JMP);
if(memcmp(functions, "\xe9\x3b\x00\x00\x00\x40", 6) || memcmp(hook->gate,
"\x55\x89\xe5\x83\xec\x40\xe9\xe7\xdf\xff\xff", 11)) {
printf("Invalid first hook!\n");
return 0;
}
printf("all tests were successful!\n");
}
DWORD WINAPI mainfn(LPVOID lp)
{
g_dwPID = GetCurrentProcessId();
pid_2_name(GetCurrentProcessId(), g_szProcessName, sizeof(g_szProcessName));
_snprintf(g_szSimpleLogFile, sizeof(g_szSimpleLogFile)-1,
"c:\\%d.%s.simple.log", g_dwPID, g_szProcessName);
_snprintf(g_szDetailLogFile, sizeof(g_szDetailLogFile)-1,
"c:\\%d.%s.detail.log", g_dwPID, g_szProcessName);
InitDll("ws2_32.dll", &ws2_32);
hook_api(&ws2_32, "connect", (DWORD)hack_connect, &new_connect);
hook_api(&ws2_32, "WSAConnect", (DWORD)hack_WSAConnect, &new_WSAConnect);
hook_api(&ws2_32, "send", (DWORD)hack_send, &new_send);
hook_api(&ws2_32, "WSASend", (DWORD)hack_WSASend, &new_WSASend);
hook_api(&ws2_32, "recv", (DWORD)hack_recv, &new_recv);
hook_api(&ws2_32, "WSARecv", (DWORD)hack_WSARecv, &new_WSARecv);
hook_api(&ws2_32, "sendto", (DWORD)hack_sendto, &new_sendto);
hook_api(&ws2_32, "WSASendTo", (DWORD)hack_WSASendTo, &new_WSASendTo);
hook_api(&ws2_32, "recvfrom", (DWORD)hack_recvfrom, &new_recvfrom);
hook_api(&ws2_32, "WSARecvFrom", (DWORD)hack_WSARecvFrom, &new_WSARecvFrom);
hook_api(&ws2_32, "gethostbyname", (DWORD)hack_gethostbyname, &new_gethostbyname);
return 0;
}
