Code:
DWORD Address = 0;
DWORD ReturnAddress = 0;
bool ScanForAddress()
{
DWORD Base = 0x00400000;
DWORD SizeOfCode;
DWORD i = Base;
while ((memcmp((void *)i, "PE", 4)) && (i <= Base + 0x1000))
i++;
if (i <= Base + 0x1000)
SizeOfCode = *(DWORD *)(i + 0x1C);
BYTE Signature[] = {0x8B, 0xCB, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0x8D, 0x43, 0x02,
0x66, 0x89, 0x44, 0x24, 0x20};
Address = dwFindPattern(Base + 0x1000, SizeOfCode, Signature, "xxxxxxxxxxxxxxx") - 0x38;
ReturnAddress = Address + 6;
if (Address)
return true;
else
return false;
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
Here's the code to detour the internal send function. After the detour is set, every time a packet is sent the function Detour() is called.
Code:
char *buf;
int len;
void __declspec(naked) Detour()
{
__asm
{
pushad
pushfd
mov ebp, esp
mov eax, [esp+0x28]
mov buf, eax;
mov eax, [esp+0x2C]
mov len, eax;
}
//Here you can call a function which displays the packet.
//buf is a pointer to the packet and len indicates the length of it.
__asm
{
popfd
popad
push ebp
mov ebp, esp
and esp, 0xFFFFFFF8
jmp ReturnAddress
}
}
void SetDetour()
{
do
{
ScanForAddress();
Sleep(1);
}
while (!Address);
DWORD temp;
VirtualProtect((void *)Address, 5, PAGE_EXECUTE_READWRITE, &temp);
*(BYTE *)(Address) = 0xE9;
*(DWORD *)(Address + 1) = (DWORD)&Detour - Address - 5;
}
Here's the code to send a packet. I just call a function pointer to the internal send function.
Code:
void SendPacket(char *buf, int len)
{
void (* InternalCall)(char *, int) = (void (__cdecl *)(char *,int)) Address;
(* InternalCall)(buf, len);
}
I hope you enjoy! This is a really helpfull tool for peopol who want to make hacks troug packetediting