Skip to content

M
miscellaneous

冰山76 / miscellaneous
与 Fork 源项目一致

Fork自 Peacoor Zomboss / miscellaneous

通知 1
Star 0
Fork 0
M
miscellaneous

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 556cc0b7 编写于 作者: Peacoor Zomboss's avatar Peacoor Zomboss
浏览文件
操作

better code

上级 3ad4d02b
隐藏空白更改
内联 并排
Showing with 40 addition and 47 deletion
230130-hookgamesendto/src/fkhook.cpp
浏览文件 @ 556cc0b7
......@@ -56,43 +56,38 @@ static const std::vector<in_addr> &enum_addr()
static int WINAPI fake_sendto(SOCKET s, const char *buf, int len, int flags, const sockaddr *to, int tolen)
{
sockaddr_in *toaddr = (sockaddr_in *)to;
if (toaddr->sin_addr.S_un.S_addr != INADDR_BROADCAST) {
if (toaddr->sin_addr.S_un.S_addr != INADDR_BROADCAST)
return _sendto(s, buf, len, flags, to, tolen); // 非广播直接原样发送
}
else {
int result = -1;
origin_sock = s; // 暂存这个socket
const std::vector<in_addr> &list = enum_addr();
if (socks.size() != list.size()) {
sockaddr_in addr_self;
addr_self.sin_family = AF_INET;
int namelen = sizeof(sockaddr_in);
getsockname(s, (sockaddr *)&addr_self, &namelen); // 获取原sockaddr
if (addr_self.sin_port == 0) {
// 如果没有端口号,先原样发送,这样系统才会分配一个端口号
result = _sendto(s, buf, len, flags, to, tolen);
getsockname(s, (sockaddr *)&addr_self, &namelen); // 重新获取
}
for (int i = 0; i < socks.size(); i++)
closesocket(socks[i]);
socks.clear();
for (int i = 0; i < list.size(); i++) {
addr_self.sin_addr = list[i]; // 把新的地址换上去,然后绑定
SOCKET sock = socket(AF_INET, SOCK_DGRAM, 0);
BOOL opt = TRUE;
setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *)&opt, sizeof(BOOL)); // 广播
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(BOOL)); // 重用地址端口
bind(sock, (sockaddr *)&addr_self, sizeof(sockaddr)); // 绑定到地址端口
socks.push_back(sock);
}
int result = -1;
origin_sock = s; // 暂存这个socket
const std::vector<in_addr> &list = enum_addr();
if (socks.size() != list.size()) {
sockaddr_in addr_self;
addr_self.sin_family = AF_INET;
int namelen = sizeof(sockaddr_in);
getsockname(s, (sockaddr *)&addr_self, &namelen); // 获取原sockaddr
if (addr_self.sin_port == 0) {
// 如果没有端口号,先原样发送,这样系统才会分配一个端口号
result = _sendto(s, buf, len, flags, to, tolen);
getsockname(s, (sockaddr *)&addr_self, &namelen); // 重新获取
}
// 向列表中的每一个地址转发广播
for (int i = 0; i < socks.size(); i++) {
result = _sendto(socks[i], buf, len, flags, to, tolen);
for (int i = 0; i < socks.size(); i++)
closesocket(socks[i]);
socks.clear();
for (int i = 0; i < list.size(); i++) {
addr_self.sin_addr = list[i]; // 把新的地址换上去,然后绑定
SOCKET sock = socket(AF_INET, SOCK_DGRAM, 0);
BOOL opt = TRUE;
setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *)&opt, sizeof(BOOL)); // 广播
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(BOOL)); // 重用地址端口
bind(sock, (sockaddr *)&addr_self, sizeof(sockaddr)); // 绑定到地址端口
socks.push_back(sock);
}
return result;
}
return -1;
// 向列表中的每一个地址转发广播
for (int i = 0; i < socks.size(); i++)
result = _sendto(socks[i], buf, len, flags, to, tolen);
return result;
}
static int WINAPI fake_select(int n, fd_set *rd, fd_set *wr, fd_set *ex, const TIMEVAL *timeout)
......@@ -116,11 +111,9 @@ static int WINAPI fake_select(int n, fd_set *rd, fd_set *wr, fd_set *ex, const T
static int WINAPI fake_recvfrom(SOCKET s, char *buf, int len, int flags, sockaddr *from, int *fromlen)
{
if (s == origin_sock && fake_sock != 0) {
if (s == origin_sock && fake_sock != 0)
return _recvfrom(fake_sock, buf, len, flags, from, fromlen);
}
else
return _recvfrom(s, buf, len, flags, from, fromlen);
return _recvfrom(s, buf, len, flags, from, fromlen);
}
void hook_sendto()
......
230130-hookgamesendto/src/inlinehook.cpp
浏览文件 @ 556cc0b7
......@@ -22,7 +22,7 @@ static void *FindModuleTextBlankAlign(HMODULE hmodule)
if (memcmp(psec->Name, ".text", 5) == 0) { // 是否.text段
BYTE *offset = (BYTE *)hmodule + psec->VirtualAddress + psec->Misc.VirtualSize; // 计算空白区域偏移量
offset += 16 - (INT_PTR)offset % 16; // 对齐16字节
long long *buf = (long long *)offset;
UINT64 *buf = (UINT64 *)offset;
while (buf[0] != 0 || buf[1] != 0) // 找到一块全是0的区域
buf += 16;
return (void *)buf;
......@@ -50,23 +50,23 @@ InlineHook::InlineHook(HMODULE hmodule, const char *name, void *fake_func, int e
void *ptr;
struct
{
long lo;
long hi;
DWORD32 lo;
DWORD32 hi;
};
} ptr64;
void *blank = FindModuleTextBlankAlign(hmodule); // 找到第一处空白区域
VirtualProtect(blank, 14, PAGE_EXECUTE_READWRITE, NULL); // 可读写
hook_entry[0] = 0xE9; // 跳转代码
*(long *)&hook_entry[1] = (BYTE *)blank - (BYTE *)func_ptr - 5; // 跳转到空白区域
*(DWORD32 *)&hook_entry[1] = (BYTE *)blank - (BYTE *)func_ptr - 5; // 跳转到空白区域
ptr64.ptr = fake_func;
BYTE blank_jump[14];
blank_jump[0] = 0x68; // push xxx
*(long *)&blank_jump[1] = ptr64.lo; // xxx,即地址的低4位
*(DWORD32 *)&blank_jump[1] = ptr64.lo; // xxx,即地址的低4位
blank_jump[5] = 0xC7;
blank_jump[6] = 0x44;
blank_jump[7] = 0x24;
blank_jump[8] = 0x04; // mov dword [rsp+4], yyy
*(long *)&blank_jump[9] = ptr64.hi; // yyy,即地址的高4位
*(DWORD32 *)&blank_jump[9] = ptr64.hi; // yyy,即地址的高4位
blank_jump[13] = 0xC3; // ret
// 写入真正的跳转代码到空白区域
WriteProcessMemory(GetCurrentProcess(), blank, &blank_jump, 14, NULL);
......@@ -76,21 +76,21 @@ InlineHook::InlineHook(HMODULE hmodule, const char *name, void *fake_func, int e
// 设置新的跳转代码
BYTE *new_jump = (BYTE *)old_entry + entry_len;
new_jump[0] = 0x68;
*(long *)(new_jump + 1) = ptr64.lo;
*(DWORD32 *)(new_jump + 1) = ptr64.lo;
new_jump[5] = 0xC7;
new_jump[6] = 0x44;
new_jump[7] = 0x24;
new_jump[8] = 0x04;
*(long *)(new_jump + 9) = ptr64.hi;
*(DWORD32 *)(new_jump + 9) = ptr64.hi;
new_jump[13] = 0xC3;
#endif
#ifdef _CPU_X86
hook_entry[0] = 0xE9; // 跳转代码
*(long *)&hook_entry[1] = (BYTE *)fake_func - (BYTE *)func_ptr - 5; // 直接到hook的代码
*(DWORD32 *)&hook_entry[1] = (BYTE *)fake_func - (BYTE *)func_ptr - 5; // 直接到hook的代码
memcpy(old_entry, func_ptr, entry_len); // 保存入口
BYTE *new_jump = (BYTE *)old_entry + entry_len;
*new_jump = 0xE9; // 跳回去的代码
*(long *)(new_jump + 1) = (BYTE *)func_ptr + entry_len - new_jump - 5;
*(DWORD32 *)(new_jump + 1) = (BYTE *)func_ptr + entry_len - new_jump - 5;
#endif
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册