Hooking Winsock Again(sorry if this has already been covered

c++ / delphi package - dll injection and api hooking

Hooking Winsock Again(sorry if this has already been covered

Postby mic » Mon May 31, 2004 12:08 pm

the program sends data fine but...
what i would like to do is to hook winsock and recieve incoming data from the game and place it into a byte array, what code would i need

thx, in advance

Code: Select all
//CODE FOR LOADER

program CaveBot;

uses

Windows,
Sysutils,
madCodeHook;

var

StartInfo: TStartupInfo;
ProcInfo: TProcessInformation;

begin
ZeroMemory(@StartInfo, SizeOf(TStartupInfo));
ZeroMemory(@ProcInfo, SizeOf(TProcessInformation));
StartInfo.dwFlags := STARTF_USESHOWWINDOW;
StartInfo.wShowWindow := SW_SHOW;
CreateProcessEx(PChar(ExtractFilePath(paramstr(0)) + '\tibia.exe'), nil, nil, nil, False, 0, nil, nil, StartInfo, ProcInfo, PChar(ExtractFilePath(paramstr(0)) + '\CaveBot.dll'));
end.



Code: Select all
//DLL

library Project1;

uses
  Windows,
  Winsock,
  madCodeHook,
  Math,
  Forms,
  Classes,
  SysUtils,
  Unit1 in 'Unit1.pas' {Form1};

var
  Form1: TForm1;
  Application: TApplication;

const
  szTargetExe: string = 'tibia.exe';
  szTargetClass: string = 'TibiaClient';

function IsTibiaWindow(Window: HWND): boolean;
var
  PID: dword;
begin
  GetWindowThreadProcessId(Window, @PID);
  Result := GetCurrentProcessId = PID;
end;

function HighOrderBitSet (theWord: Word): Boolean;
const
  HighOrderBit = 15;
type
  BitSet = set of 0..15;
begin
  HighOrderBitSet := (HighOrderBit in BitSet(theWord));
end;

procedure Main;
begin
  Application := TApplication.Create(nil);
  Form1 := TForm1.Create(Application);
  Form1.Show;
  while True do
  begin
    Application.ProcessMessages;
    if IsTibiaWindow(GetForegroundWindow) then
    begin
      if HighOrderBitSet(Word(GetKeyState(VK_CONTROL))) then
      begin
        if HighOrderBitSet(Word(GetKeyState(VK_F12))) then
        begin
          if Form1.Visible then
            Form1.Hide
          else
            Form1.Show;
          Sleep(200);
        end;
      end;
    end;
    Sleep(1);
  end;
end;

procedure EntryPoint(Reason: dword); stdcall;
var
  TID: dword;
begin
  if Reason = DLL_PROCESS_ATTACH then
  begin
    CreateThread(nil, 0, @Main, nil, 0, TID);
  end;
end;

begin
  DLLProc := @EntryPoint;
  EntryPoint(DLL_PROCESS_ATTACH);
end.


unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, Math, Winsock, madCodeHook, ExtCtrls, StdCtrls;

var
  Form1: TForm1;
  DataSocket: TSocket;
  sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;

  const
  szTargetExe: string = 'tibia.exe';
  szTargetClass: string = 'TibiaClient';

implementation

{$R *.dfm}

function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
  DataSocket := s;
  Result := sendNextHook(s, Buf, len, flags);
end;

procedure CastSpell(Spell: string);
var
  Buffer: array [0..255] of byte;
begin
  Buffer[0] := byte(Length(Spell) + 4);
  Buffer[1] := $00;
  Buffer[2] := $96;
  Buffer[3] := $01;
  Buffer[4] := Length(Spell);
  Buffer[5] := $00;
  CopyMemory(@Buffer[6], @Spell[1], Length(Spell));
  sendNextHook(DataSocket, Buffer, Length(Spell) + 6, 0);
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
  DataSocket := 0;
  HookCode(@send, @sendHookProc, @sendNextHook);
end;

end.
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby nildo » Mon May 31, 2004 6:27 pm

Sorry, but you are trying to put your application inside your DLL. THis is not acceptable by a Hook DLL, you should never use VCL into a Hook DLL.
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby mic » Mon May 31, 2004 9:31 pm

what should i do then. ive just learnt delphi like in a day so im not that great

but what i really need to know is how to get the incoming data
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby madshi » Tue Jun 01, 2004 9:47 am

I guess you need to hook recv / WSARecv, but maybe I misunderstood you? For sure you shouldn't use the VCL in a hook dll, as nildo said.
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby mic » Tue Jun 01, 2004 9:50 am

Code: Select all
function recvHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
  AsciiBuffer: string;
begin
  //call the real winsock function
  Result := recvNextHook(s, Buf, len, flags);
  //convert data to readable ascii suitable for logging
  AsciiBuffer := ConvertDataToAscii(@Buf, Result);

  edit1.text := edit1.text + '#13#10' + AsciiBuffer; [b]<---- WAT IS WRONG WITH THIS, HOW DO I ADD THE INCOMING DATA TO A TEXTBOX[/b]

end;



and what do u mean by vcl? and why is it wrong to put it in the dll? and how would i put it somewhere else?
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby madshi » Tue Jun 01, 2004 11:32 am

The VCL is the "visual component library". All that you can do with the object inspector, the units "Classes", "Forms", "Controls" and that stuff are VCL. Check the size of your DLL, it should be quite big. A good size for a typical madCodeHook hook dll is < 100kb.

You shouldn't use the VCL is a hook dll, because it blows up the DLL size very much and because it's not thread safe. A hook DLL should do only what is absolutely necessary and not more, because the to-be-hooked application was not programmed with hook DLLs in mind. Your hook DLL must not break anything.

Look at the printer monitor demo to see who a hook DLL can output information.
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby mic » Tue Jun 01, 2004 10:36 pm

im confused :( so i should move the form stuff to the loader?

if i do that how do i use the send and recieve hook parts in the loader?
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby mic » Tue Jun 01, 2004 11:18 pm

can u plz just reformat my code with what i should have in the dll, and what i should have in the loader, and then can u show me how to use the dll functions in the loader?
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby madshi » Wed Jun 02, 2004 6:56 am

You shouldn't do that "edit1" stuff in your dll. Instead use SendIpcMessage to send a message to your application. The application can then write that into the memo.

And you can't directly call the dll functions from your loader application. You need to understand that a copy of your dll is loaded into each and every running process. So you could call the functions of the dll which is loaded in your own loader process. But that would not have any effect on any other dll copy.
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby mic » Wed Jun 02, 2004 7:00 am

i understand what u mean but im not a delphi programmer

can u just reformat the code (so the loader has the form and calls the dll functions) i dont really understand delphi

thx in advance
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby madshi » Wed Jun 02, 2004 7:05 am

I'm really sorry, but I don't have the time for that.

What language are you usually using? madCodeHook can also be used from C(++), if that makes life easier for you.
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby mic » Wed Jun 02, 2004 7:06 am

i use vb normally :(
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby mic » Wed Jun 02, 2004 7:07 am

so is it actually difficult to reformat it?
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm

Postby madshi » Wed Jun 02, 2004 7:12 am

It's more than reformatting. The DLLs (I mean the DLL copies) need to send the information to the application and the application needs to receive and display it. The printer monitor demo really contains all that. Studying that should really get you going (I think).
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby mic » Wed Jun 02, 2004 7:15 am

ok thx ill have a look :)

sorry to bother u its just that im only learning delphi to hook a game and make a bot but since i come from a vb background i thought it would be easier to learn delphi than cpp and im only just beginning to learn
mic
 
Posts: 11
Joined: Mon May 31, 2004 12:04 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests