Hack Stealer

1. #include "stdafx.h"
2. #include <fstream>
3. #include <Windows.h>
4. #define Naked __declspec(naked)
5. #define stdcall __stdcall
6.  
7. void PlaceJmp(HANDLE hwnd, PVOID JumpFrom, DWORD JumpTo){
8.     DWORD old;
9.     DWORD bkup;
10.     DWORD JmpOffset = (DWORD)JumpTo - (DWORD)JumpFrom - 5;
11.     VirtualProtectEx(hwnd, JumpFrom, 5, PAGE_EXECUTE_READWRITE, &old);
12.     *(BYTE*)JumpFrom = 0xE9;
13.     *(DWORD*)((DWORD)JumpFrom+1) = JmpOffset;
14.     VirtualProtectEx(hwnd, JumpFrom, 5, old, &bkup);
15. }
16.  
17. PVOID GetHookedAddress(PVOID address){
18.     if (*(unsigned char*)address == 0xE9){
19.         return (PVOID)(*(DWORD*)((DWORD)address + 1) + (DWORD)address + 5);
20.     }
21.     else return (PVOID)0;
22. }
23.  
24. PVOID HookSetup(PVOID HookAddr, PVOID CallThis){
25.     PVOID HookSpace = VirtualAlloc(NULL, 1024, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
26.  
27.     PlaceJmp((HANDLE)-1, HookSpace, (DWORD)CallThis);
28.     *(char*)HookSpace = 0xE8;
29.  
30.     PVOID SpaceOffset1 = (PVOID)((DWORD)HookSpace + 5);
31.     PVOID AlreadyHooked = GetHookedAddress(HookAddr);
32.     if (AlreadyHooked) PlaceJmp((HANDLE)-1, SpaceOffset1, (DWORD)AlreadyHooked);
33.  
34.     else {
35.         char StolenBytes[5];
36.         ReadProcessMemory((HANDLE)-1, HookAddr, StolenBytes, 5, NULL);
37.         WriteProcessMemory((HANDLE)-1, SpaceOffset1, StolenBytes, 5, NULL);
38.     }
39.  
40.     PlaceJmp((HANDLE)-1, (PVOID)((DWORD)HookSpace + 10), (DWORD)HookAddr + 5);
41.     return HookSpace;
42.  
43. }
44. void LockDLL(HMODULE DllHandle){
45.     TCHAR moduleName[1024];
46.     GetModuleFileName(
47.         DllHandle,
48.         moduleName,
49.         sizeof(moduleName) / sizeof(TCHAR));
50.     LoadLibrary(moduleName);
51. }
52.  
53.  
54. BOOL WINAPI WPM_HOOK(
55.     _In_  HANDLE  hProcess,
56.     _In_  LPVOID  lpBaseAddress,
57.     _In_  LPCVOID lpBuffer,
58.     _In_  SIZE_T  nSize,
59.     _Out_ SIZE_T  *lpNumberOfBytesWritten
60.     ){
61.     std::ofstream ofs;
62.     ofs.open("HookedData.txt", std::ofstream::out | std::ofstream::app);
63.  
64.     ofs << "WPM: "<<std::endl;
65.     ofs << "Addr: "<<lpBaseAddress<<std::endl;
66.     ofs << "First 16 bytes: "<<std::hex;
67.     for (int i = 0; i < 16; i++){
68.         ofs << +((BYTE*)lpBuffer)[i]<<" ";
69.     }
70.     ofs << std::endl;
71.     ofs << "Size: " << nSize << std::endl <<std::endl;
72.    
73.  
74.     ofs.close();
75.     return 1;
76. }
77. BOOL WINAPI RPM_HOOK(
78.     _In_  HANDLE  hProcess,
79.     _In_  LPCVOID lpBaseAddress,
80.     _Out_ LPVOID  lpBuffer,
81.     _In_  SIZE_T  nSize,
82.     _Out_ SIZE_T  *lpNumberOfBytesRead
83.     ){
84.     std::ofstream ofs;
85.     ofs.open("HookedData.txt", std::ofstream::out | std::ofstream::app);
86.  
87.     ofs << "ReadProcessMemory: " << std::endl;
88.     ofs << "Addr: " << lpBaseAddress << std::endl;
89.     ofs << "Receiver Address: " << lpBuffer << std::endl;
90.     ofs << "Size: " << nSize << std::endl << std::endl;
91.  
92.  
93.     ofs.close();
94.     return 1;
95. }
96.  
97. BOOL WINAPI DllMain(
98.     _In_ HINSTANCE hinstDLL,
99.     _In_ DWORD     fdwReason,
100.     _In_ LPVOID    lpvReserved
101.     ){
102.     if (fdwReason == DLL_PROCESS_ATTACH){
103.         LockDLL(hinstDLL);
104.         PVOID WPM = (PVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory");
105.         PVOID RPM = (PVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "ReadProcessMemory");
106.         PlaceJmp((HANDLE)-1, RPM, (DWORD)RPM_HOOK);
107.         PlaceJmp((HANDLE)-1, WPM, (DWORD)WPM_HOOK);
108.        
109.         LockDLL(hinstDLL);
110.        
111.     }
112. }