OldSchoolHack

Register / Login English
deutschDeutsch
englishEnglish
New Posts Advanced Search

[Source] Beispielcode für eine Hack-DLL

icon Thread: [Source] Beispielcode für eine Hack-DLL

Join Date: Aug 2007

Posts: 8643

User-Rating:

199 positive
33 negative
 An diesem Beispielcode könnt ihr sehen, wie einfach ihr das GUI in euren Hack integrieren könnt:

CPP Code:
  1. #define OSHGUI_COMPILE_STATIC
  2. #include "../../OSHGui.hpp"
  3. #include "../../Drawing/RendererDX9.hpp"
  4. #include "../../Input/Windows.hpp"
  5. using namespace OSHGui;
  6.  
  7. //---------------------------------------------------------------------------
  8. DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask);
  9. void* DetourFunction(BYTE *source, const BYTE *destination, const int length);
  10. typedef HRESULT (WINAPI *oEndScene)(LPDIRECT3DDEVICE9 pDevice);
  11. oEndScene pEndScene = nullptr;
  12. //---------------------------------------------------------------------------
  13. //global vars
  14. //---------------------------------------------------------------------------
  15. Input::Windows input;
  16. Drawing::RendererDX9 *renderer;
  17. HHOOK messageHookHandle;
  18. //---------------------------------------------------------------------------
  19. LRESULT CALLBACK KeyboardHook(int code, WPARAM wParam, LPARAM lParam)
  20. {
  21. 	if (lParam & 0x80000000 || lParam & 0x40000000)
  22. 	{
  23. 		return CallNextHookEx(messageHookHandle, code, wParam, lParam);
  24. 	}
  25.  
  26. 	if (code == HC_ACTION)
  27. 	{
  28. 		if(input.ProcessMessage((LPMSG)lParam))
  29. 		{
  30. 			return true;
  31. 		}
  32. 	}
  33.  
  34. 	return CallNextHookEx(messageHookHandle, code, wParam, lParam);
  35. }
  36. //---------------------------------------------------------------------------
  37. HRESULT WINAPI hook_EndScene(LPDIRECT3DDEVICE9 pDevice)
  38. {
  39. 	Application *app = Application::Instance();
  40. 	static bool initGui = true;
  41. 	if (initGui)
  42. 	{
  43. 		initGui = false;
  44. 		renderer = new Drawing::RendererDX9(pDevice);
  45. 		app->Create(renderer);
  46.  
  47. 		messageHookHandle = SetWindowsHookExW(WH_GETMESSAGE, KeyboardHook, 0, GetCurrentThreadId());
  48.  
  49. 		app->Run(std::shared_ptr<Form>(new Form()));
  50. 		app->Enable();
  51. 	}
  52.  
  53. 	renderer->Begin();
  54. 	app->Render();
  55. 	renderer->End();
  56.  
  57. 	return pEndScene(pDevice);
  58. }
  59. //---------------------------------------------------------------------------
  60. bool WINAPI DllMain(HMODULE hDll, DWORD dwReason, PVOID pvReserved)
  61. {
  62. 	if (dwReason == DLL_PROCESS_ATTACH)
  63. 	{
  64. 		DisableThreadLibraryCalls(hDll);
  65.  
  66. 		HMODULE d3d9 = NULL;
  67. 		for (; !(d3d9 = GetModuleHandle("d3d9.dll")); Sleep(100));
  68.  
  69. 		DWORD device = FindPattern(d3d9, (BYTE*)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx") + 2;
  70. 		DWORD *VTable = NULL;
  71. 		memcpy(&VTable, (void*)device, 4);
  72.  
  73. 		pEndScene = (oEndScene)DetourFunction((BYTE*)VTable[42], (BYTE*)hook_EndScene, 5);
  74. 	}
  75. 	return true;
  76. }
  77. //---------------------------------------------------------------------------
  78. //Utils
  79. //---------------------------------------------------------------------------
  80. bool DataCompare(const BYTE *data, const BYTE *pattern, LPCTSTR mask)
  81. {
  82. 	for (; *mask; ++mask, ++data, ++pattern)
  83. 	{
  84. 		if (*mask == 'x' && *data != *pattern)
  85. 		{
  86. 			return false;
  87. 		}
  88. 	}
  89.  
  90. 	return *mask == 0;
  91. }
  92. //---------------------------------------------------------------------------
  93. DWORD FindPattern(const HMODULE module, const BYTE *pattern, LPCTSTR mask)
  94. {
  95. 	if (module == NULL || module == INVALID_HANDLE_VALUE)
  96. 	{
  97. 		throw Misc::ArgumentNullException("module");
  98. 	}
  99.  
  100. 	PIMAGE_DOS_HEADER dosHeader =(PIMAGE_DOS_HEADER)module;
  101.  
  102. 	if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
  103. 	{
  104. 		throw Misc::Exception("e_magic != IMAGE_DOS_SIGNATURE");
  105. 	}
  106.  
  107. 	PIMAGE_NT_HEADERS NTHead = (PIMAGE_NT_HEADERS)((DWORD)dosHeader + (DWORD)dosHeader->e_lfanew);
  108.  
  109. 	if (NTHead->Signature != IMAGE_NT_SIGNATURE)
  110. 	{
  111. 		throw Misc::Exception("Signature != IMAGE_NT_SIGNATURE");
  112. 	}
  113.  
  114. 	DWORD address = (DWORD)module + NTHead->OptionalHeader.BaseOfCode;
  115. 	DWORD size = NTHead->OptionalHeader.SizeOfCode; 
  116.  
  117. 	for (DWORD i = NULL; i < size; i++)
  118. 	{
  119. 		if (DataCompare((BYTE*)(address + i), pattern, mask))
  120. 		{
  121. 			return address + i;
  122. 		}
  123. 	}
  124.  
  125. 	return NULL;
  126. }
  127. //---------------------------------------------------------------------------
  128. void* DetourFunction(BYTE *source, const BYTE *destination, const int length)
  129. {
  130. 	BYTE *trampolin = (BYTE*)malloc(5 + length);
  131. 	DWORD dwback;
  132.  
  133. 	VirtualProtect(trampolin, length + 5, PAGE_EXECUTE_READWRITE, &dwback);
  134. 	VirtualProtect(source, length, PAGE_EXECUTE_READWRITE, &dwback);
  135.  
  136. 	memcpy(trampolin, source, length);
  137. 	trampolin += length;
  138.  
  139. 	trampolin[0] = 0xE9;
  140. 	*(DWORD*)(trampolin + 1) = (DWORD)(source + length - trampolin) - 5;
  141.  
  142. 	source[0] = 0xE9;
  143. 	*(DWORD*)(source + 1) = (DWORD)(destination - source) - 5;
  144.  
  145. 	for (int i = 5; i < length; i++)
  146. 	{
  147. 		source[i] = 0x90;
  148. 	}
  149.  
  150. 	return trampolin - length;
  151. }
  152. //---------------------------------------------------------------------------
Die DLL aus diesem Code erzeugt eine leere Form und zeigt sie an.

__________________

Hallo
KN4CK3R is offline