API tools faq
paste
Advertisement
dcomicboy

logger s2s

dcomicboy
May 17th, 2012
203
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. #define STS 0x4247818 //SANA
  2.  
  3. #include <Windows.h>
  4. #include <iostream>
  5. #include <string>
  6. #include <sstream>
  7. #include <fstream>
  8.  
  9. #pragma warning( disable: 4996 )
  10.  
  11. using namespace std;
  12. ofstream outfile;
  13.  
  14. #define dir_log "C:\\STS_LOG.txt"
  15.  
  16. void log(const char *fmt, ...) //standard stuffs
  17. {
  18. outfile.open(dir_log, ios::app);
  19. va_list va_alist;
  20. char buffer[512] = {0};
  21. va_start( va_alist, fmt );
  22. vsnprintf(buffer+strlen(buffer), sizeof(buffer) - strlen(buffer), fmt, va_alist );
  23. va_end( va_alist );
  24. outfile << buffer;
  25. outfile.close();
  26.  
  27. return;
  28. }
  29.  
  30. void *DetourFunction (BYTE *src, const BYTE *dst, const int len)
  31. {
  32. BYTE *jmp;
  33. DWORD dwback;
  34. DWORD jumpto, newjump;
  35.  
  36. VirtualProtect(src,len,PAGE_READWRITE,&dwback);
  37.  
  38. if(src[0] == 0xE9)
  39. {
  40. jmp = (BYTE*)malloc(10);
  41. jumpto = (*(DWORD*)(src+1))+((DWORD)src)+5;
  42. newjump = (jumpto-(DWORD)(jmp+5));
  43. jmp[0] = 0xE9;
  44. *(DWORD*)(jmp+1) = newjump;
  45. jmp += 5;
  46. jmp[0] = 0xE9;
  47. *(DWORD*)(jmp+1) = (DWORD)(src-jmp);
  48. }
  49. else
  50. {
  51. jmp = (BYTE*)malloc(5+len);
  52. memcpy(jmp,src,len);
  53. jmp += len;
  54. jmp[0] = 0xE9;
  55. *(DWORD*)(jmp+1) = (DWORD)(src+len-jmp)-5;
  56. }
  57. src[0] = 0xE9;
  58. *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
  59.  
  60. for(int i = 5; i < len; i++)
  61. src[i] = 0x90;
  62. VirtualProtect(src,len,dwback,&dwback);
  63. return (jmp-len);
  64. }
  65.  
  66. typedef unsigned int ( *tfnSendToServer)(void *pMsg, unsigned __int32 flags);
  67.  
  68. tfnSendToServer pfnSendToServer;
  69.  
  70. DWORD dwCache;
  71.  
  72. unsigned int hooked_SendToServer(void *pMsg, unsigned __int32 flags){
  73. __asm pushad;
  74.  
  75. log("SendToServer( 0x%02x, 0x%02x );\n{\n", pMsg, flags);
  76. VirtualProtect(pMsg, 400, 40, &dwCache);
  77. for(unsigned long ul=0;ul<400;ul++){
  78. if(!(ul%4)) log("\n");
  79. log("0x%02x, ", PBYTE(DWORD(pMsg))[ul]);
  80. }
  81. VirtualProtect(pMsg, 400, dwCache, 0);
  82.  
  83. __asm popad;
  84. return pfnSendToServer(pMsg, flags);
  85. }
  86.  
  87. void hookthread(void){
  88.  
  89. //while(!GetModuleHandleA("cshell.dll")) Sleep(100);
  90.  
  91. pfnSendToServer = tfnSendToServer(DetourFunction( PBYTE(((DWORD *)STS)[0x57]), PBYTE(hooked_SendToServer), 5));
  92.  
  93. log("Hooked STS Function; 0x%02x -> 0x%02x\n", STS, hooked_SendToServer);
  94. }
  95.  
  96. bool __stdcall DllMain( HMODULE hthis, DWORD dwReason, DWORD lpUNK ){
  97.  
  98. DisableThreadLibraryCalls(hthis);
  99.  
  100. if(dwReason==0x01){
  101. //CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hookthread, 0, 0, 0);
  102. hookthread();
  103. }
  104. return true;
  105. }
  106.  
  107. //Written by Bradley Galloway
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!