Home › Forum › MultiPlayer Game Hacks & Cheats › Combat Arms Hacks & Cheats › Combat Arms Hack Coding / Programming / Source Code › [Source] Hooking ! [Series part 0]
[Source] Hooking ! [Series part 0]
[Source] Hooking ! [Series part 0]
So, since most of you are an uneducated lot, I'll teach/show you (you can leech 
) how to hook functions and how hooks work. I'll provide working source code samples, but in some cases you'll have to adapt it to your own environment. In that case I'll show you what to look for. Maybe I'll make it into a series of tutorials, since there's a lot of depth (if not width) to the subject.
Since we'll start form the ground up, this part may not be very interesting to the average/adept hacker. Those people I promise that more advanced (and far more advanced) tutorials are on their way
For starters
To follow along you'll need:
*a debugger
*Cpp/C/ASM/anything (I'll do this tutorial in Cpp so I recommend any C++ compiler, if you want to use any other language you're on your own)
You must understand:
*Assembler and raw instructions/opcodes
*C++/C code
or Wikipedia and Google...
a definition I just made up:
Hooking is the act of detouring or otherwise altering the flow of execution inside a program. Hooking is often used to update programs or (in our case) to use/change information used by the program that was not intended to be Used/Changed.
Environment
First I'll give you the source of our test program. This is the program we're going to place our hooks into:
make a new console project, and add main.cpp
Now that is done we can begin taking our baby steps towards our goal in this tutorial: Building a basic api hook.
The next step
In this part of the series we're going to hook a windows api function (the sleep function to be more exact). Sleep() delays execution in your threads for a given time. After that Sleep() returns and execution resumes.
msdn:
prototype:
Here's an example of the sleep function:
Copy and paste the bold parts into your main.cpp file and compile or run it
Try to compile this, if it fails post your errors and I'll take a look.
Now this is still far from being a hook but at least we can see our target now. To actually hook the Sleep() function, we need to understand what's going on inside the program. And that's why we need a debugger.
This is how the call to the Sleep() function looks inside a debugger (olly)
As you can see in the image, a WinApi function is called like this:
This simply means that that function is called through a pointer. Consider this pseudo c++/asm code:
Now that we know that using Sleep() simply calls a pointer, and that that pointer is stored in our program. The next step towards a hook is clear! The only thing we have to do now is changing this pointer so that it points to where we want it to. If we do that successfully our basic hook is set!
To do this we need a little assembler, don't worry I've commented what is going on in the source code. And this is the only bit of assembler you'll have to use this time:
Copy and paste the bold parts into our main.cpp file and compile or run it
Try to compile this, if it fails post your errors and I'll take a look.
If this program compiles correctly you should see the message:
"No rest for the wicked!'
Appearing on your screen instead of your program waiting three seconds before continuing.
prologue
I do realize that this is not a usefully hook, quite the contrary actually since hack and game alike probably use the sleep function extensively. Not to mention we're not even inside another application at the moment. However this is the easiest way to start I think, and this doesn't involve allot of weird code and hackerisch glue between functions.
If you have any (smart) questions about the code you can post them and I am sure that I or another will answer them.
If you feel like you don't understand any of this, maybe this is still too hard for you. Try programming some basic applications before returning to game hacking.
The future
Although I've referred to a series of tutorials about hooking, I'm not yet completely sure If I'm actually going to write the series or not. I probably will, but don't expect me to post them in any regular pattern of time
-SCHiM
) how to hook functions and how hooks work. I'll provide working source code samples, but in some cases you'll have to adapt it to your own environment. In that case I'll show you what to look for. Maybe I'll make it into a series of tutorials, since there's a lot of depth (if not width) to the subject. Since we'll start form the ground up, this part may not be very interesting to the average/adept hacker. Those people I promise that more advanced (and far more advanced) tutorials are on their way
For starters
To follow along you'll need:
*a debugger
*Cpp/C/ASM/anything (I'll do this tutorial in Cpp so I recommend any C++ compiler, if you want to use any other language you're on your own)
You must understand:
*Assembler and raw instructions/opcodes
*C++/C code
or Wikipedia and Google...
a definition I just made up:
Hooking is the act of detouring or otherwise altering the flow of execution inside a program. Hooking is often used to update programs or (in our case) to use/change information used by the program that was not intended to be Used/Changed.
Environment
First I'll give you the source of our test program. This is the program we're going to place our hooks into:
make a new console project, and add main.cpp
Code:
#include <iostream>
int main(){
return 0;
}
The next step
In this part of the series we're going to hook a windows api function (the sleep function to be more exact). Sleep() delays execution in your threads for a given time. After that Sleep() returns and execution resumes.
msdn:
Suspends the execution of the current thread until the time-out interval elapses
Code:
VOID WINAPI Sleep( __in DWORD dwMilliseconds );
Copy and paste the bold parts into your main.cpp file and compile or run it
Code:
#include <iostream>
#include <windows.h>
int main(){
printf("Sleeping for 2 seconds!\n");
Sleep(2000); // sleep is in milliseconds therefore 2000 = 2 seconds
printf("Done sleeping!\n");
std::cin.ignore();
return 0;
}
Now this is still far from being a hook but at least we can see our target now. To actually hook the Sleep() function, we need to understand what's going on inside the program. And that's why we need a debugger.
This is how the call to the Sleep() function looks inside a debugger (olly)
As you can see in the image, a WinApi function is called like this:
Code:
call dword ptr[address]
Code:
DWORD* mypointer = Sleep(); // mypointer = the address of the sleep function *mypointer() // this simply means: call what mypointer points to.
To do this we need a little assembler, don't worry I've commented what is going on in the source code. And this is the only bit of assembler you'll have to use this time:
Copy and paste the bold parts into our main.cpp file and compile or run it
Code:
#include <iostream>
#include <windows.h>
void __stdcall hook(DWORD Timeout){
/*
since the caller (the one with the Sleep() in his code) does not know that the function is hooked
We have access to all the arguments that the function has. We can change and display them before passing on execution,
or we can even prevent the function from being executed!
*/
printf("No rest for the wicked! not even %d seconds!\n",(int) (Timeout/1000)); // display the timeout in milliseconds
return; // we wont execute the Sleep() function at all, No rest for the wicked!
}
void DoHook(DWORD* func, DWORD* hook){
/*
Here *func (what func points to) still points to the address of sleep.
We however, don't want it to point there, we want it to point to our hook function.
Therefore we're going to change it, this can be done without any modifications to our virtual memory access.
Because the pointers are kept in our .data section, and we have write permission in our .data section.
*/
*func = (DWORD) hook; // change what *func points to, remeber that func is the same pointer as used in the call dword[addfress] instruction.
return;
}
int main(){
DWORD* Func;
printf("Sleeping for 2 seconds!\n");
Sleep(2000); // sleep is in milliseconds 1/1000th second therefore 2000 = 2 seconds
printf("Done sleeping!\n");
__asm{
lea eax, Sleep // note: lea = Load Extended Address moving the address of the pointer to eax
mov Func, eax // note: mov = Move now we have the address of the pointer in Func
}
DoHook(Func, (DWORD*)&hook); // now detour Sleep()!
printf("Sleeping for 3 seconds!\n");
Sleep(3000);
printf("Done sleeping!\n");
std::cin.ignore();
return 0;
}
If this program compiles correctly you should see the message:
"No rest for the wicked!'
Appearing on your screen instead of your program waiting three seconds before continuing.
prologue
I do realize that this is not a usefully hook, quite the contrary actually since hack and game alike probably use the sleep function extensively. Not to mention we're not even inside another application at the moment. However this is the easiest way to start I think, and this doesn't involve allot of weird code and hackerisch glue between functions.
If you have any (smart) questions about the code you can post them and I am sure that I or another will answer them.
If you feel like you don't understand any of this, maybe this is still too hard for you. Try programming some basic applications before returning to game hacking.
The future
Although I've referred to a series of tutorials about hooking, I'm not yet completely sure If I'm actually going to write the series or not. I probably will, but don't expect me to post them in any regular pattern of time
-SCHiM
Similar Threads
- [Source] The jump hook [series part 1]By .::SCHiM::. in Combat Arms Hack Coding / Programming / Source Code13Last post
- 10Last post
- 10Last post
Originally Posted by kibbles18
