| View previous topic :: View next topic |
| Author |
Message |
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
 Posted: Mon Aug 10, 2009 7:16 pm Post subject: Simpler Function Hooks |
 |
|
Wouldn't this | Code: | __asm {
push eax
mov eax, [WSASend]
mov OriginalAddress, eax
pop eax
} |
be simpiler than this? | Code: | HINSTANCE hDll = LoadLibrary((LPCTSTR) "Ws2_32.dll");
OriginalAddress = (DWORD)GetProcAddress(hDll, "WSASend"); |
Just wondering why do it the first way? |
|
| Back to top |
|
 |
HomerSexual
Grandmaster Cheater Supreme
 Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Mon Aug 10, 2009 8:25 pm Post subject: |
|
|
don't you have to load the library to get the address? The first one doesn't have the library loaded
_________________
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Aug 10, 2009 8:27 pm Post subject: |
|
|
Well, it returns the same address. I guess I should try it with the first method. I guess if the program didn't have the winsock library loaded it could be a problem... Anyone else know why?
EDIT:
I tested my method, it works. I tested injecting it into a program of mine without winsock, it also works (because the DLL will have winsock). I check file size, and my way is 512 bytes bigger. I don't care about 512 bytes; unless someone has a reason not to, I will use my simpler way. |
|
| Back to top |
|
|
HomerSexual
Grandmaster Cheater Supreme
Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Mon Aug 10, 2009 8:38 pm Post subject: |
|
|
| Chaosis13 wrote: | Well, it returns the same address. I guess I should try it with the first method. I guess if the program didn't have the winsock library loaded it could be a problem... Anyone else know why?
EDIT:
I tested my method, it works. I tested injecting it into a program of mine without winsock, it also works (because the DLL will have winsock). I check file size, and my way is 512 bytes bigger. I don't care about 512 bytes; unless someone has a reason not to, I will use my simpler way. |
also it might be preferred to use the 2nd way just because its all C++ and not mixing languages?
_________________
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Aug 10, 2009 8:58 pm Post subject: |
|
|
Some compilers don't allow this: | Code: | | OriginalAddress = (DWORD)WSASend; |
I use gcc a lot, but let me try it on VC++...
EDIT:
Yes, the C++ version works with VC++.
Last edited by Chaosis13 on Mon Aug 10, 2009 9:10 pm; edited 1 time in total |
|
| Back to top |
|
|
HomerSexual
Grandmaster Cheater Supreme
Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Mon Aug 10, 2009 9:06 pm Post subject: |
|
|
| Chaosis13 wrote: | Some compilers don't allow this: | Code: | | OriginalAddress = (DWORD)WSASend; |
I use gcc a lot, but let me try it on VC++... |
that shouldn't work, unless you load all the libraries for winsock
_________________
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Mon Aug 10, 2009 9:14 pm Post subject: |
|
|
| Code: |
HMODULE Ws = GetModuleHandle('ws2_32.dll');
if(Ws)
{
FindWsaSend..
}
else
{
LoadLibrary();
}
|
_________________
don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you. |
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Aug 10, 2009 9:51 pm Post subject: |
|
|
| I don't know why you need that if the DLL has the library and will always return true. I am all for clean code, but not overly complex code. |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Tue Aug 11, 2009 1:24 am Post subject: |
|
|
not sure about other compilers but for example in masm32 if you were to do something like :
mov eax, WSASend
then that by itself will import ws2_32.dll. no need to load the library manually. of course i can't speak for other compilers/assemblers |
|
| Back to top |
|
|
Deltron Z
Expert Cheater
![]() Reputation: 1
Joined: 14 Jun 2009
Posts: 164
|
| Posted: Tue Aug 11, 2009 6:47 am Post subject: |
|
|
| BanMe wrote: | | Code: |
HMODULE Ws = GetModuleHandle('ws2_32.dll');
if(Ws)
{
FindWsaSend..
}
else
{
LoadLibrary();
}
|
|
It's easier to simply call LoadLibrary, if the library is already loaded it will return the handle to the loaded library, else it'll simply load it.
And there's no point of calling LoadLibrary in this case, if the library isn't loaded then it means there are no calls to WSASend so... no point of hooking. |
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Tue Aug 11, 2009 9:37 am Post subject: |
|
|
| Slugsnack wrote: | not sure about other compilers but for example in masm32 if you were to do something like :
mov eax, WSASend
then that by itself will import ws2_32.dll. no need to load the library manually. of course i can't speak for other compilers/assemblers |
Oh, I should look into this... It would explain why it doesn't crash... But like Deltron Z said, it doesn't matter if it doesn't use the library. 
Thanks for the input. I just want to create a hook made with only my code. |
|
| Back to top |
|
|
Bswap
Newbie cheater
 Reputation: 0
Joined: 18 Aug 2009
Posts: 21
|
| Posted: Wed Aug 19, 2009 2:36 am Post subject: re: |
|
|
| Code: | __asm {
push eax
mov eax, [WSASend]
mov OriginalAddress, eax
pop eax
} |
In this case, WSASend is the pointer to WSASend() Entry in the Import Address Table (IAT). It is not the address within the Ws2_32.dll.
Example;
| Code: | ;--------------------------------------------------------
; MASM
;
mov eax, ExitProcess
;--------------------------------------------------------
; Deadlisting
;
B8 66104000 MOV EAX,<JMP.&kernel32.ExitProcess>
; IAT
FF25 14204000 JMP DWORD PTR DS:[<&kernel32.ExitProcess> |
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Wed Aug 19, 2009 4:31 am Post subject: |
|
|
this would get you the actual address :
| Code: | mov eax,[MessageBox]
add eax,2
mov eax,[eax]
mov eax,[eax] |
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Wed Aug 19, 2009 5:15 am Post subject: |
|
|
Ja
| Code: | | OriginalAddress = &WSASend; |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
