PacketEditor Hook

1. #include<Windows.h>
2. #include"Hook.h"
3. #include"memory.h"
4. #include<intrin.h>
5. #pragma intrinsic(_ReturnAddress)
6. #include"Packet.h"
7. #include"gui_pe.h"
8. #include<stdio.h>
9.  
10. //Buffer
11. char FormatS[65536];
12. char FormatR[65536];
13.  
14. //CClientSocket
15. void (_fastcall *_SendPacket)(LPVOID ecx, LPVOID edx, OutPacket *p);
16. void (_fastcall *_ProcessPacket)(LPVOID ecx, LPVOID edx, InPacket *p);
17.  
18. //COutPacket
19. void (_fastcall *_Init)(OutPacket *p, LPVOID edx, WORD w);
20. void (_fastcall *_Encode1)(OutPacket *p, LPVOID edx, BYTE b);
21. void (_fastcall *_Encode2)(OutPacket *p, LPVOID edx, WORD w);
22. void (_fastcall *_Encode4)(OutPacket *p, LPVOID edx, DWORD dw);
23. void (_fastcall *_Encode8)(OutPacket *p, LPVOID edx, ULONGLONG ull);
24. void (_fastcall *_EncodeStr)(OutPacket *p, LPVOID edx, char *s);
25. void (_fastcall *_EncodeBuffer)(OutPacket *p, LPVOID edx, BYTE *b, int Length);
26.  
27. //CInPacket
28. BYTE (_fastcall *_Decode1)(InPacket *p, LPVOID edx);
29. WORD (_fastcall *_Decode2)(InPacket *p, LPVOID edx);
30. DWORD (_fastcall *_Decode4)(InPacket *p, LPVOID edx);
31. ULONGLONG (_fastcall *_Decode8)(InPacket *p, LPVOID edx);
32. char** (_fastcall *_DecodeStr)(InPacket *p, LPVOID edx, LPVOID lpv1);
33. void (_fastcall *_DecodeBuffer)(InPacket *p, LPVOID edx, BYTE *b, int Length);
34.  
35. DWORD dwSendPacketReturn;
36. void _fastcall SendPacket(DWORD CClientSocket, LPVOID edx, OutPacket *p){
37.     DWORD Return = (DWORD)_ReturnAddress();
38.  
39.     AddLog(0, Return, p->Length, p->Packet, FormatS);
40.  
41.     _asm{
42.         push SP_Return
43.         push [p]
44.         push [dwSendPacketReturn]
45.         mov ecx,[CClientSocket]
46.         jmp dword ptr [_SendPacket]
47. SP_Return:
48.     }
49.  
50. }
51.  
52. void _fastcall ProcessPacket(LPVOID ecx, LPVOID edx, InPacket *p){
53.     FormatR[0] = 0;//初期化
54.     _ProcessPacket(ecx, edx, p);
55.     AddLog(1, p->Return, p->DataLength, p->Packet, FormatR);
56. }
57.  
58. void _fastcall Init(OutPacket *p, LPVOID edx, WORD w){
59.     FormatS[0] = 0;//初期化
60.     return _Init(p, edx, w);
61. }
62.  
63. void _fastcall Encode1(OutPacket *p, LPVOID edx, BYTE b){
64.     sprintf(&FormatS[strlen(FormatS)], " %02X", b);
65.     return _Encode1(p, edx, b);
66. }
67.  
68. void _fastcall Encode2(OutPacket *p, LPVOID edx, WORD w){
69.     if(FormatS[0] == NULL){
70.         sprintf(&FormatS[0], "@%04X", w);
71.     }
72.     else{
73.         sprintf(&FormatS[strlen(FormatS)], " %04X", w);
74.     }
75.     return _Encode2(p, edx, w);
76. }
77.  
78. void _fastcall Encode4(OutPacket *p, LPVOID edx, DWORD dw){
79.     sprintf(&FormatS[strlen(FormatS)], " %08X", dw);
80.     return _Encode4(p, edx, dw);
81. }
82.  
83. void _fastcall Encode8(OutPacket *p, LPVOID edx, ULONGLONG ull){
84.     sprintf(&FormatS[strlen(FormatS)], " %08X%08X", (DWORD)(ull >> 32), (DWORD)ull);
85.     return _Encode8(p, edx, ull);
86. }
87.  
88. void _fastcall EncodeStr(OutPacket *p, LPVOID edx, char *s){
89.     sprintf(&FormatS[strlen(FormatS)], " \"%s\"", s);
90.     return _EncodeStr(p, edx, s);
91. }
92.  
93. void _fastcall EncodeBuffer(OutPacket *p, LPVOID edx, BYTE *b, int Length){
94.     sprintf(&FormatS[strlen(FormatS)], " ");
95.     for(int i=0; i<Length; i++){
96.         sprintf(&FormatS[strlen(FormatS)], "%02X", b[i]);
97.     }
98.     return _EncodeBuffer(p, edx, b, Length);
99. }
100.  
101. BYTE _fastcall Decode1(InPacket *p, LPVOID edx){
102.     if(p->DecodedLength == 6){
103.         p->Return = (DWORD)_ReturnAddress();
104.     }
105.     BYTE b = _Decode1(p, edx);
106.     sprintf(&FormatR[strlen(FormatR)], " %02X", b);
107.     return b;
108. }
109.  
110. WORD _fastcall Decode2(InPacket *p, LPVOID edx){
111.     if(p->DecodedLength == 4){
112.         p->Return = 0;
113.     }
114.     else if(p->DecodedLength == 6){
115.         p->Return = (DWORD)_ReturnAddress();
116.     }
117.     WORD w =  _Decode2(p, edx);
118.     if(FormatR[0] == NULL){
119.         sprintf(&FormatR[strlen(FormatR)], "@%04X", w);
120.     }
121.     else{
122.         sprintf(&FormatR[strlen(FormatR)], " %04X", w);
123.     }
124.     return w;
125. }
126.  
127. DWORD _fastcall Decode4(InPacket *p, LPVOID edx){
128.     if(p->DecodedLength == 6){
129.         p->Return = (DWORD)_ReturnAddress();
130.     }
131.     DWORD dw =  _Decode4(p, edx);
132.     sprintf(&FormatR[strlen(FormatR)], " %08X", dw);
133.     return dw;
134. }
135.  
136. ULONGLONG _fastcall Decode8(InPacket *p, LPVOID edx){
137.     if(p->DecodedLength == 6){
138.         p->Return = (DWORD)_ReturnAddress();
139.     }
140.     ULONGLONG ull = _Decode8(p, edx);
141.     sprintf(&FormatR[strlen(FormatR)], " %08X%08X", (DWORD)(ull >> 32), (DWORD)ull);
142.     return ull;
143. }
144.  
145. char** _fastcall DecodeStr(InPacket *p, LPVOID edx, LPVOID lpv1){
146.     if(p->DecodedLength == 6){
147.         p->Return = (DWORD)_ReturnAddress();
148.     }
149.     char **s = _DecodeStr(p, edx, lpv1);
150.     sprintf(&FormatR[strlen(FormatR)], " \"%s\"", *s);
151.     return s;
152. }
153.  
154. void _fastcall DecodeBuffer(InPacket *p, LPVOID edx, BYTE *b, int Length){
155.     if(p->DecodedLength == 6){
156.         p->Return = (DWORD)_ReturnAddress();
157.     }
158.     _DecodeBuffer(p, edx, b, Length);
159.     sprintf(&FormatR[strlen(FormatR)], " ");
160.     for(int i=0; i<Length; i++){
161.         sprintf(&FormatR[strlen(FormatR)], "%02X", b[i]);
162.     }
163. }
164.  
165. //Aob v352.1
166. void Hook(){
167.     memory Maple;
168.  
169.     Maple.scan("55 8B EC 6A FF 68  ?? ?? ?? ?? 64 A1 00 00 00 00 50 81 EC ?? ?? ?? ?? A1 ?? ?? ?? ?? 33 C5 89 85 ?? ?? ?? ?? 53 56 57 50 8D 45 ?? 64 A3 00 00 00 00 89 8D ?? ?? ?? ?? E9");
170.     Maple.Hook(Maple.get(), SendPacket, &_SendPacket, 5);
171.  
172.     Maple.write(Maple.get() - 0x08, "52 E8 02 00 00 00 90 C3");
173.     dwSendPacketReturn = Maple.get() - 0x02;
174.  
175.     Maple.scan("6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3  00 00 00 00 8B D9 83 3D ?? ?? ?? ?? 00 0F 84 ?? ?? ?? ?? E9");
176.     Maple.Hook(Maple.get(), ProcessPacket, &_ProcessPacket, 7);
177.    
178.    
179.     Maple.scan("8B 44 24 04 6A 00 6A 00 50 E8 ?? ?? ?? ?? C2 04 00");
180.     Maple.Hook(Maple.get(), Init, &_Init, 6);
181.  
182.     Maple.scan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 41 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 8A 4C 24 0C 88 0C 02 FF 46 08 5F 5E C2 04 00");
183.     Maple.Hook(Maple.get(), Encode1, &_Encode1, 6);
184.  
185.     Maple.scan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 02 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 66 8B 4C 24 0C 66 89 0C 02 83 46 08 02 5F 5E C2 04 00");
186.     Maple.Hook(Maple.get(), Encode2, &_Encode2, 6);
187.  
188.     Maple.scan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 04 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 8B 4C 24 0C 89 0C 02 83 46 08 04 5F 5E C2 04 00");
189.     Maple.Hook(Maple.get(), Encode4, &_Encode4, 6);
190.  
191.     Maple.scan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 08 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 46 08 8B 0F 8B 54 24 0C 89 14 08 8B 54 24 10 89 54 08 04 83 46 08 08 5F 5E C2 08 00");
192.     Maple.Hook(Maple.get(), Encode8, &_Encode8, 6);
193.  
194.     Maple.scan("6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 51 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 00 00 00 00 8B F1 8B 44 24 ?? C7 44 24 ?? 00 00 00 00 85 C0 74");
195.     Maple.Hook(Maple.get(), EncodeStr, &_EncodeStr, 7);
196.  
197.     Maple.scan("53 56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 8B 5C 24 14 03 CB 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 54 24 14 52 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 4E 08 8B 44 24 10 03 0F 53 50 51 E8 ?? ?? ?? ?? 01 5E 08 83 C4 0C 5F 5E 5B C2 08 00");
198.     Maple.Hook(Maple.get(), EncodeBuffer, &_EncodeBuffer, 7);
199.  
200.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 01");
201.     Maple.Hook(Maple.get(), Decode1, &_Decode1, 5);
202.  
203.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 02");
204.     Maple.Hook(Maple.get(), Decode2, &_Decode2, 5);
205.  
206.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 04");
207.     Maple.Hook(Maple.get(), Decode4, &_Decode4, 5);
208.  
209.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 71 ?? 8B 41 ?? 8B 51 ?? 2B C6 C7 45 ?? 00 00 00 00 83 F8 08");
210.     Maple.Hook(Maple.get(), Decode8, &_Decode8, 5);
211.  
212.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 8B F1 89 75 ?? C7 45 ?? 00 00 00 00 8B 7D ?? B8 01 00 00 00");
213.     Maple.Hook(Maple.get(), DecodeStr, &_DecodeStr, 5);
214.  
215.     Maple.scan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 8B F1 89 75 ?? 8B 4E ?? 8B 46 ?? 8B 56 ?? 8B 7D ?? 2B C1 03 CA C7 45 ?? 00 00 00 00 3B C7");
216.     Maple.Hook(Maple.get(), DecodeBuffer, &_DecodeBuffer, 5);
217.    
218. }