int HookDirect3D(int version){
HINSTANCE hinst;
void *tmp;
LPDIRECT3D9 lpd3d;
switch(version){
case 0:
tmp = HookAPI("d3d8.dll", "Direct3DCreate8", extDirect3DCreate8);
if(tmp) pDirect3DCreate8 = (Direct3DCreate8_Type)tmp;
tmp = HookAPI("d3d9.dll", "Direct3DCreate9", extDirect3DCreate9);
if(tmp) pDirect3DCreate9 = (Direct3DCreate9_Type)tmp;
break;
case 8:
hinst = LoadLibrary("d3d8.dll");
pDirect3DCreate8 =
(Direct3DCreate8_Type)GetProcAddress(hinst, "Direct3DCreate8");
if(pDirect3DCreate8){
lpd3d = (LPDIRECT3D9)extDirect3DCreate8(220);
if(lpd3d) lpd3d->Release();
}
break;
case 9:
hinst = LoadLibrary("d3d9.dll");
pDirect3DCreate9 =
(Direct3DCreate9_Type)GetProcAddress(hinst, "Direct3DCreate9");
if(pDirect3DCreate9){
lpd3d = (LPDIRECT3D9)extDirect3DCreate9(31);
if(lpd3d) lpd3d->Release();
}
break;
}
if(pDirect3DCreate8 || pDirect3DCreate9) return 1;
return 0;
}
static void InstallTextOutHooks()
{
HookAPI("gdi32.dll", "TextOutA", (PROC)TextOutACallbackProc, (PROC*)&TextOutANextHook);
HookAPI("gdi32.dll", "TextOutW", (PROC)TextOutWCallbackProc, (PROC*)&TextOutWNextHook);
HookAPI("gdi32.dll", "ExtTextOutA", (PROC)ExtTextOutACallbackProc, (PROC*)&ExtTextOutANextHook);
HookAPI("gdi32.dll", "ExtTextOutW", (PROC)ExtTextOutWCallbackProc, (PROC*)&ExtTextOutWNextHook);
}
static void UninstallTextOutHooks()
{
if (TextOutANextHook)
HookAPI("gdi32.dll", "TextOutA", (PROC)TextOutANextHook, NULL);
if (TextOutWNextHook)
HookAPI("gdi32.dll", "TextOutW", (PROC)TextOutWNextHook, NULL);
if (ExtTextOutANextHook)
HookAPI("gdi32.dll", "ExtTextOutA", (PROC)ExtTextOutANextHook, NULL);
if (ExtTextOutWNextHook)
HookAPI("gdi32.dll", "ExtTextOutW", (PROC)ExtTextOutWNextHook, NULL);
}
static void InstallTextOutHooks()
{
TextOutAOri = NULL;
HookAPI("gdi32.dll", "TextOutA", (PROC)TextOutAHook, (PROC*)&TextOutAOri);
TextOutWOri = NULL;
HookAPI("gdi32.dll", "TextOutW", (PROC)TextOutWHook, (PROC*)&TextOutWOri);
ExtTextOutAOri = NULL;
HookAPI("gdi32.dll", "ExtTextOutA", (PROC)ExtTextOutAHook, (PROC*)&ExtTextOutAOri);
ExtTextOutWOri = NULL;
HookAPI("gdi32.dll", "ExtTextOutW", (PROC)ExtTextOutWHook, (PROC*)&ExtTextOutWOri);
}
SECURITY_STATUS SEC_ENTRY _DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP) {
SECURITY_STATUS ret;
LPBYTE data;
int i;
if(pMessage)
i = pMessage->cBuffers;
UnHookAPI("DecryptMessage", "secur32.dll", _DecryptMsg);
ret = DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
_DecryptMsg = HookAPI("DecryptMessage", "secur32.dll", (DWORD) _DecryptMessage);
if(pMessage)
while(i--)
if(pMessage->pBuffers[i].BufferType == SECBUFFER_DATA || pMessage->pBuffers[i].BufferType == SECBUFFER_EMPTY) {
data = (LPBYTE) malloc(pMessage->pBuffers[i].cbBuffer*sizeof(BYTE) + 1);
strncpy((LPSTR) data, (LPCSTR) pMessage->pBuffers[i].pvBuffer, pMessage->pBuffers[i].cbBuffer);
data[pMessage->pBuffers[i].cbBuffer] = NULL;
OutputDebugStringA((LPCSTR) data);
free(data);
}
return ret;
}
HINTERNET WINAPI _HttpOpenRequestW(HINTERNET hConnect, LPCWSTR lpszVerb, LPCWSTR lpszObjectName, LPCWSTR lpszVersion, LPCWSTR lpszReferrer, LPCWSTR *lplpszAcceptTypes, DWORD dwFlags, DWORD_PTR dwContext) {
HINTERNET ret;
/*__asm {
int 3;
}
wsprintfW((LPWSTR) msg, L"_HttpOpenRequestW: %s | %s | %s | %s | %s", lpszVerb, lpszObjectName, lpszVersion, lpszReferrer, lplpszAcceptTypes[0]);
OutputDebugStringW((LPWSTR) msg);
BuildRequestW(lpszVerb, lpszObjectName, lplpszAcceptTypes, lpszReferrer, dwFlags);*/
addVerbW(lpszVerb);
addHostW(dwFlags);
addObjectW(lpszObjectName);
addAcceptTypesW(lplpszAcceptTypes);
addReferrerW(lpszReferrer);
if(dwFlags & INTERNET_FLAG_KEEP_CONNECTION)
addKeepAliveW();
UnHookAPI("HttpOpenRequestW", "wininet.dll", _OpenReqW);
ret = HttpOpenRequestW(hConnect, lpszVerb, lpszObjectName, lpszVersion, lpszReferrer, lplpszAcceptTypes, dwFlags, dwContext);
_OpenReqW = HookAPI("HttpOpenRequestW", "wininet.dll", (DWORD) _HttpOpenRequestW);
return ret;
}
int HookDirectInput(HMODULE module, int version)
{
HINSTANCE hinst;
void *tmp;
LPDIRECTINPUT lpdi;
const GUID di7 = {0x9A4CB684,0x236D,0x11D3,0x8E,0x9D,0x00,0xC0,0x4F,0x68,0x44,0xAE};
const GUID di8 = {0xBF798030,0x483A,0x4DA2,0xAA,0x99,0x5D,0x64,0xED,0x36,0x97,0x00};
tmp = HookAPI(module, "dinput.dll", NULL, "DirectInputCreateA", extDirectInputCreate);
if(tmp) pDirectInputCreate = (DirectInputCreate_Type)tmp;
tmp = HookAPI(module, "dinput.dll", NULL, "DirectInputCreateW", extDirectInputCreate);
if(tmp) pDirectInputCreate = (DirectInputCreate_Type)tmp;
tmp = HookAPI(module, "dinput.dll", NULL, "DirectInputCreateEx", extDirectInputCreateEx);
if(tmp) pDirectInputCreateEx = (DirectInputCreateEx_Type)tmp;
tmp = HookAPI(module, "dinput8.dll", NULL, "DirectInput8Create", extDirectInput8Create);
if(tmp) pDirectInputCreateEx = (DirectInputCreateEx_Type)tmp;
if(!pDirectInputCreate && !pDirectInputCreateEx){
if(version < 8){
hinst = LoadLibrary("dinput.dll");
pDirectInputCreate =
(DirectInputCreate_Type)GetProcAddress(hinst, "DirectInputCreateA");
if(pDirectInputCreate)
if(!extDirectInputCreate(GetModuleHandle(0), DIRECTINPUT_VERSION,
&lpdi, 0)) lpdi->Release();
pDirectInputCreateEx =
(DirectInputCreateEx_Type)GetProcAddress(hinst, "DirectInputCreateEx");
if(pDirectInputCreateEx)
if(!extDirectInputCreateEx(GetModuleHandle(0), DIRECTINPUT_VERSION,
di7, (void **)&lpdi, 0)) lpdi->Release();
}
else{
hinst = LoadLibrary("dinput8.dll");
pDirectInputCreateEx =
(DirectInputCreateEx_Type)GetProcAddress(hinst, "DirectInput8Create");
if(pDirectInputCreateEx)
if(!extDirectInputCreateEx(GetModuleHandle(0), DIRECTINPUT_VERSION,
di8, (void **)&lpdi, 0)) lpdi->Release();
}
}
if(pDirectInputCreate || pDirectInputCreateEx) return 1;
return 0;
}
BOOL WINAPI _HttpSendRequestA(HINTERNET hRequest, LPCSTR lpszHeaders, DWORD dwHeadersLength, LPVOID lpOptional, DWORD dwOptionalLength) {
BOOL ret;
sprintf(msg, "_HttpSendRequestA - %s", lpszHeaders);
OutputDebugStringA(msg);
if(lpOptional) {
sprintf(msg, "POST: %s", (LPSTR) lpOptional);
OutputDebugStringA(msg);
}
UnHookAPI("HttpSendRequestA", "wininet.dll", _SendReqA);
ret = HttpSendRequestA(hRequest, lpszHeaders, dwHeadersLength, lpOptional, dwOptionalLength);
_SendReqA = HookAPI("HttpSendRequestA", "wininet.dll", (DWORD) _HttpSendRequestA);
return ret;
}
HINTERNET WINAPI _HttpOpenRequestA(HINTERNET hConnect, LPCSTR lpszVerb, LPCSTR lpszObjectName, LPCSTR lpszVersion, LPCSTR lpszReferrer, LPCSTR *lplpszAcceptTypes, DWORD dwFlags, DWORD_PTR dwContext) {
HINTERNET ret;
/*__asm {
int 3;
}
sprintf(msg, "_HttpOpenRequestA: %s | %s | %s | %s | %s", lpszVerb, lpszObjectName, lpszVersion, lpszReferrer, lplpszAcceptTypes[0]);
OutputDebugStringA(msg);*/
UnHookAPI("HttpOpenRequestA", "wininet.dll", _OpenReqA);
ret = HttpOpenRequestA(hConnect, lpszVerb, lpszObjectName, lpszVersion, lpszReferrer, lplpszAcceptTypes, dwFlags, dwContext);
_OpenReqA = HookAPI("HttpOpenRequestA", "wininet.dll", (DWORD) _HttpOpenRequestA);
return ret;
}
BOOL WINAPI _HttpSendRequestW(HINTERNET hRequest, LPCWSTR lpszHeaders, DWORD dwHeadersLength, LPVOID lpOptional, DWORD dwOptionalLength) {
BOOL ret;
WCHAR tmp[MAX_PATH*sizeof(WCHAR)];
/*wsprintfW((LPWSTR) msg, L"_HttpSendRequestW - %s", lpszHeaders);
OutputDebugStringW((LPWSTR) msg);
ZeroMemory(tmp, MAX_PATH*sizeof(WCHAR));
if(lpszHeaders) {
wcscpy(tmp, L"\r\n\0");
wcscat(tmp, lpszHeaders);
}
if(lpOptional) {
//sprintf(msg, "POST: %s", (LPSTR) lpOptional);
//OutputDebugStringA(msg);
wsprintfW((LPWSTR) msg, L"\r\nContent-Length: %d", dwOptionalLength);
wcscat(tmp, (LPCWSTR) msg);
wcscat(tmp, L"\r\n\0");
wcsncat(tmp, (LPCWSTR) lpOptional, dwOptionalLength);
wcscat(tmp, L"\r\n\r\n\0");
}
if(wcslen(tmp)) {
wrequest = (LPWSTR) realloc(wrequest, wcslen(wrequest) + wcslen(tmp));
wcsncat(wrequest, tmp, wcslen(tmp));
}
OutputDebugStringW(L"\n");
OutputDebugStringW(wrequest);
free(wrequest);
*/
if(dwHeadersLength)
addHeadersW(lpszHeaders);
if(dwOptionalLength)
addOptionalW(lpOptional, dwOptionalLength);
OutputDebugStringW(L"\n");
OutputDebugStringW(wrequest);
OutputDebugStringW(L"\n");
free(wrequest);
UnHookAPI("HttpSendRequestW", "wininet.dll", _SendReqW);
ret = HttpSendRequestW(hRequest, lpszHeaders, dwHeadersLength, lpOptional, dwOptionalLength);
_SendReqW = HookAPI("HttpSendRequestW", "wininet.dll", (DWORD) _HttpSendRequestW);
return ret;
}
//------------------------------------------------------------------------------------------
// Function name: DllMain
// Description: The dll's main entry point
// Parameters: Parameters are used to determine the creation purpose.
// Returns: TRUE.
//------------------------------------------------------------------------------------------
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
//DisableThreadLibraryCalls(hModule);
HookHandle = hModule;
HookAPI();
}
else if (ul_reason_for_call == DLL_PROCESS_DETACH)
{
UnhookAPI();
}
return TRUE;
}
HINTERNET WINAPI _InternetConnectA(HINTERNET hInternet, LPCSTR lpszServerName, INTERNET_PORT nServerPort, LPCSTR lpszUsername, LPCSTR lpszPassword, DWORD dwService, DWORD dwFlags, DWORD_PTR dwContext) {
HINTERNET ret;
/*__asm {
int 3;
}*/
sprintf(msg, "_InternetConnectA - %s", lpszServerName);
OutputDebugStringA(msg);
UnHookAPI("InternetConnectA", "wininet.dll", _InternetConA);
ret = InternetConnectA(hInternet, lpszServerName, nServerPort, lpszUsername, lpszPassword, dwService, dwFlags, dwContext);
_InternetConA = HookAPI("InternetConnectA", "wininet.dll", (DWORD) _InternetConnectA);
return ret;
}
static void UninstallTextOutHooks()
{
if (TextOutAOri != NULL) {
HookAPI("gdi32.dll", "TextOutA", (PROC)TextOutAOri, NULL);
}
if (TextOutWOri != NULL) {
HookAPI("gdi32.dll", "TextOutW", (PROC)TextOutWOri, NULL);
}
if (ExtTextOutAOri != NULL) {
HookAPI("gdi32.dll", "ExtTextOutA", (PROC)ExtTextOutAOri, NULL);
}
if (ExtTextOutWOri != NULL) {
HookAPI("gdi32.dll", "ExtTextOutW", (PROC)ExtTextOutWOri, NULL);
//ExtTextOutWOri = NULL; /* May ExtTextOutWHook is being called. */
}
Sleep(20); // Wait TextOutHook series functions exit -- don't know if necessay.
/* Don't know exactly what happens if TextOutHook series are called
when TextOutHooks are being uninstall. It seems Sleep(20) not help. */
}
HINTERNET WINAPI _InternetConnectW(HINTERNET hInternet, LPCWSTR lpszServerName, INTERNET_PORT nServerPort, LPCWSTR lpszUsername, LPCWSTR lpszPassword, DWORD dwService, DWORD dwFlags, DWORD_PTR dwContext) {
HINTERNET ret;
/*__asm {
int 3;
}
wsprintfW((LPWSTR) msg, L"_InternetConnectW - %s", lpszServerName);
OutputDebugStringW((LPWSTR) msg);*/
ZeroMemory(whost, MAX_PATH);
wcscpy(whost, lpszServerName);
UnHookAPI("InternetConnectW", "wininet.dll", _InternetConW);
ret = InternetConnectW(hInternet, lpszServerName, nServerPort, lpszUsername, lpszPassword, dwService, dwFlags, dwContext);
_InternetConW = HookAPI("InternetConnectW", "wininet.dll", (DWORD) _InternetConnectW);
return ret;
}
///
/// @brief
///
void StartHook()
{
pRule = new CWeb_Rule;
InitializeMadCHook();
/// TODO : CoCreateInstance Hook
HookAPI("ntdll.dll", "ZwResumeThread", (PVOID)ZwResumeThreadCallback, (PVOID*)&ZwResumeThreadNext);
HookAPI("Comdlg32.dll", "GetOpenFileNameW", (PVOID)GetOpenFileNameWCallback, (PVOID*)&GetOpenFileNameWNext);
HookAPI("Comdlg32.dll", "GetOpenFileNameA", (PVOID)GetOpenFileNameACallback, (PVOID*)&GetOpenFileNameANext);
HookAPI("Shell32.dll", "DragQueryFileW", (PVOID)DragQueryFileWCallback, (PVOID*)&DragQueryFileWNext);
HookAPI("Shell32.dll", "DragQueryFileA", (PVOID)DragQueryFileACallback, (PVOID*)&DragQueryFileANext);
HookAPI("Ws2_32.dll", "send", (PVOID)sendCallback, (PVOID*)&sendNext);
HookAPI("Ws2_32.dll", "WSASend", (PVOID)WSASendCallback, (PVOID*)&WSASendNext);
HookAPI("Wininet.dll", "InternetWriteFile", (PVOID)InternetWriteFileCallback, (PVOID*)&InternetWriteFileNext);
HookAPI("Ole32.dll", "CoCreateInstance", CoCreateInstanceCallback, (PVOID*) &CoCreateInstanceNext);
}
BOOL _InternetCloseHandle(HINTERNET hInternet) {
BOOL ret;
LPVOID data;
DWORD size;
data = malloc(10240*sizeof(BYTE));
ZeroMemory(data, 10240*sizeof(BYTE));
size = 0;
HttpQueryInfoA(hInternet, HTTP_QUERY_RAW_HEADERS_CRLF, data, &size, 0);
if(size)
OutputDebugStringA((LPCSTR) data);
free(data);
UnHookAPI("InternetCloseHandle", "wininet.dll", _Close);
ret = InternetCloseHandle(hInternet);
_Close = HookAPI("InternetCloseHandle", "wininet.dll", (DWORD) _InternetCloseHandle);
return ret;
}
CHookAPI::CHookAPI(void)
{
#ifdef _DEBUG
CreateFileAPI=(pfnCreateFile)HookAPI(_T("KERNEL32.dll"),LPCSTR("CreateFileW"),(FARPROC)Hook_CreateFile,GetModuleHandle(_T("Duilib_ud.dll")));
EnableCreateFile(true);
HookAPI(_T("Duilib_ud.dll"),LPCSTR("?Invalidate@CPaintManagerUI@DuiLib@@QAEXAAUtagRECT@@@Z"),(FARPROC)Hook_Invalidate,m_InvalidateHookInfo);
EnableInvalidate(true);
HookAPI(_T("Duilib_ud.dll"),LPCSTR("?GetImageEx@CPaintManagerUI@DuiLib@@QAEPAUtagTImageInfo@2@PB_W0K@Z"),(FARPROC)Hook_GetImageEx,m_GetImageExHookInfo);
EnableGetImageEx(true);
#else
CreateFileAPI=(pfnCreateFile)HookAPI(_T("KERNEL32.dll"),LPCSTR("CreateFileW"),(FARPROC)Hook_CreateFile,GetModuleHandle(_T("Duilib_u.dll")));
EnableCreateFile(true);
HookAPI(_T("Duilib_u.dll"),LPCSTR("?Invalidate@CPaintManagerUI@DuiLib@@QAEXAAUtagRECT@@@Z"),(FARPROC)Hook_Invalidate,m_InvalidateHookInfo);
EnableInvalidate(true);
HookAPI(_T("Duilib_u.dll"),LPCSTR("?GetImageEx@CPaintManagerUI@DuiLib@@QAEPAUtagTImageInfo@2@PB_W0K@Z"),(FARPROC)Hook_GetImageEx,m_GetImageExHookInfo);
EnableGetImageEx(true);
#endif
}
int HookedInit(WPARAM, LPARAM)
{
HookAPI();
return 0;
}
int HookedInit(WPARAM wParam, LPARAM lParam)
{
HookAPI();
return 0;
}
