// dllmain.cpp : Definiert den Einstiegspunkt für die DLL-Anwendung.#include "

1. // dllmain.cpp : Definiert den Einstiegspunkt für die DLL-Anwendung.
2. #include "windows.h"
3. #include <stdio.h>
4. #include "Tribes.h"
5.  
6. void patch_hook();
7. void patch_jump1();
8. void patch_jump2();
9.  
10. //EXTERN_C BOOL WINAPI _DllMainCRTStartup(
11. // HINSTANCE hInstDll, // handle to the DLL module
12. // DWORD fdwReason, // reason for calling function
13. // LPVOID lpvReserved // reserved
14. //)
15. BOOL APIENTRY DllMain( HMODULE hModule,
16. DWORD fdwReason,
17. LPVOID lpReserved
18. )
19. {
20. switch (fdwReason)
21. {
22. case DLL_PROCESS_ATTACH:
23. {
24. patch_hook(); //the prinf function is hooked, gives us the letter and the text
25. patch_jump1();
26. patch_jump2();
27. break;
28. }
29. case DLL_THREAD_ATTACH:
30. {
31. break;
32. }
33. case DLL_THREAD_DETACH:
34. {
35. break;
36. }
37. case DLL_PROCESS_DETACH:
38. {
39. break;
40. }
41. }
42. return TRUE;
43. }
44.  
45. /* internal, get the correct target adress */
46. unsigned int translateJMP(void * patchadress, void * targetadress)
47. {
48. unsigned int jmp = (char*)targetadress - (char*)patchadress - 5;
49. return jmp;
50. }
51.  
52.  
53. void intercept()
54. {
55. Tribes::SetVariable("ChatMenu::visibleItem","");
56. _asm
57. {
58. pop eax
59. mov eax, 0x004517FB //where the jump would usually end
60. jmp eax
61. }
62. }
63.  
64. static const int __printf = 0x5AA747;
65. int letter;
66. char * strt;
67. int lastmenu = 0;
68. int currentmenu = 0;
69. char** more;
70. //bool addnext = true;
71.  
72.  
73. //bool addnext = true;
74.  
75. //void addMenuEntry()
76. //{
77. // _asm {
78. // pushad
79. // mov letter, eax;
80. // mov strt, edx;
81. // mov currentmenu, edi;
82. // mov more, esi
83. // }
84. // if(*((((char*)(more))+7)))
85. // Tribes::Echo("%s",more);
86. // else
87. // {
88. // Tribes::Echo("%s","------------");
89. // }
90.  
91. void addMenuEntry()
92. {
93. _asm {
94. pushad
95. mov letter, eax;
96. mov strt, edx;
97. mov currentmenu, edi;
98. mov more, esi
99. }
100. if(*((((char*)(more))+0x28)) | *((((char*)(more))+0x29)) | *((((char*)(more))+0x2A )) | *((((char*)(more))+0x2B)))
101. {
102. sprintf_s(Tribes::sprintBuffer, 32768, "%c,%s", letter, strt);
103. Tribes::Echo("%s",Tribes::sprintBuffer);
104. }
105. else
106. {
107. sprintf_s(Tribes::sprintBuffer, 32768, "%c,%s", letter, strt);
108. Tribes::Echo("%s",Tribes::sprintBuffer);
109. Tribes::Echo("%s","------------");
110. }
111. //clear on new menu and add item
112. if(currentmenu != lastmenu)
113. {
114. Tribes::Echo("%s","NewMenu");
115. Tribes::SetVariable("ChatMenu::visibleItem","");
116. sprintf_s(Tribes::sprintBuffer, 32768, "%s,%c,%s", Tribes::GetVariable("ChatMenu::visibleItem"), letter, strt);
117. Tribes::SetVariable("ChatMenu::visibleItem",Tribes::sprintBuffer);
118. lastmenu = currentmenu; //update currentmenu
119. }
120.  
121. _asm {
122. popad
123. }
124. return;
125. }
126.  
127.  
128. void patch_hook()
129. {
130. //patch our interception hook
131. void* address = (void*) 0x004517A5;
132.  
133. unsigned int jmp = translateJMP(address,(void*)&addMenuEntry);
134.  
135. char ptr[5];
136. ptr[0] = 0xE8;
137. ptr[1] = ((char*)&jmp)[0];
138. ptr[2] = ((char*)&jmp)[1];
139. ptr[3] = ((char*)&jmp)[2];
140. ptr[4] = ((char*)&jmp)[3];
141.  
142. DWORD dwOldProtect;
143. if (!VirtualProtect ((LPVOID)address,
144. 5,
145. PAGE_READWRITE,
146. &dwOldProtect
147. ))
148. {
149.  
150. }
151. else
152. {
153. //copy patch in
154. memcpy(address, (void*)ptr, 5);
155.  
156. //reset the protection
157. VirtualProtect((LPVOID)address,5,dwOldProtect,NULL);
158. }
159. }
160.  
161. void patch_jump1()
162. {
163. //patch our interception hook
164. void* address = (void*) 0x00451638;
165.  
166. unsigned int jmp = translateJMP(address,(void*)&intercept);
167. jmp -= 1;
168.  
169. char ptr[6];
170. ptr[0] = 0x0F; //JE
171. ptr[1] = 0x84; //JE
172. ptr[2] = ((char*)&jmp)[0];
173. ptr[3] = ((char*)&jmp)[1];
174. ptr[4] = ((char*)&jmp)[2];
175. ptr[5] = ((char*)&jmp)[3];
176.  
177.  
178. DWORD dwOldProtect;
179. if (!VirtualProtect ((LPVOID)address,
180. 6,
181. PAGE_READWRITE,
182. &dwOldProtect
183. ))
184. {
185.  
186. }
187. else
188. {
189. //copy patch in
190. memcpy(address, (void*)ptr, 6);
191.  
192. //reset the protection
193. VirtualProtect((LPVOID)address,6,dwOldProtect,NULL);
194. }
195. }
196.  
197.  
198. void patch_jump2()
199. {
200. //patch our interception hook
201. void* address = (void*) 0x00451642;
202.  
203. unsigned int jmp = translateJMP(address,(void*)&intercept);
204. jmp -= 1;
205. char ptr[6];
206. ptr[0] = 0x0F; //JE
207. ptr[1] = 0x84; //JE
208. ptr[2] = ((char*)&jmp)[0];
209. ptr[3] = ((char*)&jmp)[1];
210. ptr[4] = ((char*)&jmp)[2];
211. ptr[5] = ((char*)&jmp)[3];
212.  
213. DWORD dwOldProtect;
214. if (!VirtualProtect ((LPVOID)address,
215. 6,
216. PAGE_READWRITE,
217. &dwOldProtect
218. ))
219. {
220.  
221. }
222. else
223. {
224. //copy patch in
225. memcpy(address, (void*)ptr, 6);
226.  
227. //reset the protection
228. VirtualProtect((LPVOID)address,6,dwOldProtect,NULL);
229. }
230. }
231. //00451638 |. /0F84 BD010000 JE 004517FB
232. //00451642 |. |0F84 B3010000 JE 004517FB