API tools faq
paste
Advertisement
lelejau

PT2Hook - dllmain

lelejau
Dec 21st, 2015
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 7.14 KB | None | 0 0
raw download clone embed print report
  1. // dllmain.cpp : Defines the entry point for the DLL application.
  2. #include "stdafx.h"
  3. #include "Logging.h"
  4.  
  5.  
  6.  
  7. int(WINAPI* pWSASend)(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumbersOfBytesSent, DWORD dwFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine) = WSASend;
  8. int (WINAPI *pWSARecv)(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine) = WSARecv;
  9. void (CALLBACK *pOriginalCompletion_Recv)(DWORD, DWORD, LPWSAOVERLAPPED, DWORD) = NULL;
  10. void (CALLBACK *pOriginalCompletion_Send)(DWORD, DWORD, LPWSAOVERLAPPED, DWORD) = NULL;
  11.  
  12.  
  13. static bool CompletionHook_Recv = false;
  14. static bool CompletionHook_Send = false;
  15. static WSABUF bufferPointer;
  16.                                       //   opcode hour minute seconds
  17. const char* szRecvdPacketDumpFormat = "%s\\S2C_%02X_%02d_%02d_%02d.dat";
  18. const char* szSentPacketDumpFormat = "%s\\C2S_%02X_%02d_%02d_%02d.dat";
  19. const char* szPacketsDumpPath = "C:\\PT2_Packets";
  20.  
  21. enum PacketType
  22. {
  23.     CLIENT_TO_SERVER = 2,
  24.     SERVER_TO_CLIENT = 4,
  25. };
  26.  
  27. void WINAPI PrintPacket(DWORD length, PacketType mode)
  28. {
  29.     unsigned short packetOpcode = *(unsigned short*)(bufferPointer.buf);
  30.  
  31.     // generate fileName
  32.     char szPacketFileName[64] = "";
  33.  
  34.     Logging::UpdateTime();
  35.    
  36.     switch (mode)
  37.     {
  38.     case PacketType::CLIENT_TO_SERVER:
  39.         _snprintf(szPacketFileName, 64, szSentPacketDumpFormat,
  40.             szPacketsDumpPath,
  41.             packetOpcode,
  42.             Logging::currentDate->tm_hour,
  43.             Logging::currentDate->tm_min,
  44.             Logging::currentDate->tm_sec
  45.             );
  46.         Logging::PrintDebug("Dumping Client => Server packet with length %d. - Possible Opcode: %02X. \n", length, packetOpcode);
  47.         break;
  48.  
  49.     case PacketType::SERVER_TO_CLIENT:
  50.         _snprintf(szPacketFileName, 64, szRecvdPacketDumpFormat,
  51.             szPacketsDumpPath,
  52.             packetOpcode,
  53.             Logging::currentDate->tm_hour,
  54.             Logging::currentDate->tm_min,
  55.             Logging::currentDate->tm_sec
  56.             );
  57.         Logging::PrintDebug("Dumping Server => Client packet with length %d. - Possible Opcode: %02X. \n", length, packetOpcode);
  58.         break;
  59.     }
  60.  
  61.     // create file and write content
  62.     FILE* pFile = fopen(szPacketFileName, "wb+");
  63.     fwrite(bufferPointer.buf, 1, length, pFile);
  64.     fclose(pFile);
  65.    
  66. }
  67.  
  68. // MyCompletionCallback
  69. void CALLBACK MyCompletionCallback_Recv(DWORD dwError, DWORD dwTransferred, LPWSAOVERLAPPED lpOverlapped, DWORD dwFlags)
  70. {
  71.    
  72.     //ogging::PrintDebug("Recv Completion Routine called!\n");
  73.     DWORD bytesReceived = 0;
  74.  
  75.     if (dwTransferred == 0)
  76.     {
  77.         Logging::PrintDebug("dwTransferred = 0!\n");
  78.     }
  79.     else if (dwTransferred > 0)
  80.     {
  81.         bytesReceived = dwTransferred;
  82.         PrintPacket(bytesReceived, PacketType::SERVER_TO_CLIENT);
  83.     }
  84.     pOriginalCompletion_Recv(dwError, bytesReceived, lpOverlapped, dwFlags);
  85. }
  86.  
  87. void CALLBACK MyCompletionCallback_Send(DWORD dwError, DWORD dwTransferred, LPWSAOVERLAPPED lpOverlapped, DWORD dwFlags)
  88. {
  89.     //ogging::PrintDebug("Send Completion Routine called!\n");
  90.     DWORD bytesReceived = 0;
  91.  
  92.     if (dwTransferred == 0)
  93.     {
  94.         Logging::PrintDebug("dwTransferred = 0!\n");
  95.     }
  96.     else if (dwTransferred > 0)
  97.     {
  98.         bytesReceived = dwTransferred;
  99.         PrintPacket(bytesReceived, PacketType::CLIENT_TO_SERVER);
  100.     }
  101.     pOriginalCompletion_Send(dwError, bytesReceived, lpOverlapped, dwFlags);
  102. }
  103.  
  104. int WINAPI MyWSASend(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesSent, DWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
  105. {
  106.     if (!CompletionHook_Send)
  107.     {
  108.         //Logging::PrintDebug("First WSARecv called, trying to hook Completion Routine...\n");
  109.         // set original function pointer
  110.         pOriginalCompletion_Send = lpCompletionRoutine;
  111.  
  112.         DetourUpdateThread(GetCurrentThread());
  113.         DetourTransactionBegin();
  114.         DetourAttach(&reinterpret_cast<PVOID&>(pOriginalCompletion_Send), MyCompletionCallback_Send);
  115.         if (DetourTransactionCommit() == NO_ERROR)
  116.         {
  117.             //Logging::PrintDebug("Completion Routine for WSARecv hooked!\n");
  118.             CompletionHook_Send = true;
  119.         }
  120.     }
  121.     return pWSASend(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, lpFlags, lpOverlapped, lpCompletionRoutine);
  122. }
  123. int WINAPI MyWSARecv(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
  124. {
  125.     if (!CompletionHook_Recv)
  126.     {
  127.         //Logging::PrintDebug("First WSARecv called, trying to hook Completion Routine...\n");
  128.         // set original function pointer
  129.         pOriginalCompletion_Recv = lpCompletionRoutine;
  130.  
  131.         DetourUpdateThread(GetCurrentThread());
  132.         DetourTransactionBegin();
  133.         DetourAttach(&reinterpret_cast<PVOID&>(pOriginalCompletion_Recv), MyCompletionCallback_Recv);
  134.         if (DetourTransactionCommit() == NO_ERROR)
  135.         {
  136.             //Logging::PrintDebug("Completion Routine for WSARecv hooked!\n");
  137.             CompletionHook_Recv = true;
  138.         }
  139.     }
  140.  
  141.     //Logging::PrintDebug("WSARecv called! - Updating the bufferPointer variable.\n");
  142.  
  143.     // copy buffer data
  144.     CopyMemory(&bufferPointer, lpBuffers, sizeof(WSABUF));
  145.  
  146.     return pWSARecv(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
  147. }
  148.  
  149. void BeginOperations(HMODULE me)
  150. {
  151.     // alloc console.
  152.     AllocConsole();
  153.     freopen("CONOUT$", "w", stdout);
  154.     SetConsoleTitle("PT2 Sniffer - by Sheen");
  155.  
  156.     // start log
  157.     Logging::Start();
  158.  
  159.     // check packet directory
  160.     DWORD dwAttributes = GetFileAttributes(szPacketsDumpPath);
  161.     BOOL dirExists = (dwAttributes == INVALID_FILE_ATTRIBUTES) ? false : dwAttributes & FILE_ATTRIBUTE_DIRECTORY;
  162.  
  163.     if (!dirExists)
  164.     {
  165.         BOOL success = CreateDirectory(szPacketsDumpPath, NULL);
  166.         if (!success)
  167.         {
  168.             Logging::PrintDebug("Failed to create directory %s. Packet dump function will not work properly.", szPacketsDumpPath);
  169.         }
  170.         else
  171.         {
  172.             Logging::PrintDebug("Directory %s created to save the packet dumps.", szPacketsDumpPath);
  173.         }
  174.     }
  175.  
  176.  
  177.     DisableThreadLibraryCalls(me);
  178.     //Logging::PrintDebug("Hooking WSARecv...\n");
  179.  
  180.     DetourRestoreAfterWith();
  181.  
  182.     DetourTransactionBegin();
  183.     DetourUpdateThread(GetCurrentThread());
  184.    
  185.     DetourAttach(&reinterpret_cast<PVOID&>(pWSARecv), MyWSARecv);
  186.     DetourAttach(&reinterpret_cast<PVOID&>(pWSASend), MyWSASend);
  187.  
  188.     if (DetourTransactionCommit() == NO_ERROR)
  189.         Logging::PrintDebug("Hooks OK.\n");
  190. }
  191.  
  192. void EndOperations(HMODULE me)
  193. {
  194.     DetourTransactionBegin();
  195.     DetourUpdateThread(GetCurrentThread());
  196.  
  197.     DetourDetach(&reinterpret_cast<PVOID&>(pWSARecv), MyWSARecv);
  198.     DetourDetach(&reinterpret_cast<PVOID&>(pWSASend), MyWSASend);
  199.     DetourAttach(&reinterpret_cast<PVOID&>(pOriginalCompletion_Recv), MyCompletionCallback_Recv);
  200.     DetourAttach(&reinterpret_cast<PVOID&>(pOriginalCompletion_Send), MyCompletionCallback_Send);
  201.  
  202.     DetourTransactionCommit();
  203. }
  204.  
  205. BOOL APIENTRY DllMain( HMODULE hModule,
  206.                        DWORD  ul_reason_for_call,
  207.                        LPVOID lpReserved
  208.                      )
  209. {
  210.     switch (ul_reason_for_call)
  211.     {
  212.     case DLL_PROCESS_ATTACH:
  213.  
  214.         BeginOperations(hModule);
  215.        
  216.         break;
  217.     case DLL_THREAD_ATTACH:
  218.     case DLL_THREAD_DETACH:
  219.  
  220.         EndOperations(hModule);
  221.         break;
  222.     case DLL_PROCESS_DETACH:
  223.         break;
  224.     }
  225.     return TRUE;
  226. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!