lineage2/l2-unlegits
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
alexey.min
2012-02-03 12:03:33 +00:00
parent 0e47178e31
commit ddc3cdddd1
5 changed files with 34 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
l2detect/DebugDlg.cpp
View File

@@ -288,12 +288,21 @@ void DebugDlg_OnBnClickedValidateInterception( HWND hDlg )
{
hDlg = NULL;
Hook_ValidateInterception_my();
Hook_CheckVirtualProtect();
Hook_check_func_prolog( L"ws2_32.dll", "WSAConnect", original_ws2_32_WSAConnect_6_bytes );
Hook_check_func_prolog( L"ws2_32.dll", "WSASend", original_ws2_32_WSASend_6_bytes );
Hook_check_func_prolog( L"ws2_32.dll", "WSARecv", original_ws2_32_WSARecv_6_bytes );
}
void DebugDlg_OnBnClickedInterceptConnect( HWND hDlg )
{
hDlg = NULL;
Hook_InterceptConnect_my();
if( !Hook_ValidateInterception_my() )
{
log_error( LOG_ERROR, "Seems like my try to intercept ws2_32.dll!connect() failed.\n" );
log_error( LOG_ERROR, "All network connections will not be intercepted!\n" );
}
}
void DebugDlg_OnBnClickedCheckVP( HWND hDlg )

2
l2detect/L2Detect.rc
View File

@@ -91,7 +91,7 @@ BEGIN
CONTROL "char_name",IDC_CHARNAME,"Static",WS_CHILD|WS_VISIBLE|WS_GROUP|SS_SUNKEN,7,76,251,11
CONTROL "Enable Console",IDC_B_CONENABLE,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,65,42,64,14
CONTROL "Disable Console",IDC_B_CONDISABLE,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,141,42,63,14
CONTROL "Validate Interception",IDC_B_VALIDATEINTERCEPT,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,6,94,92,15
CONTROL "Check Interceptions",IDC_B_VALIDATEINTERCEPT,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,6,94,92,15
CONTROL "Intercept connect",IDC_B_INTERCEPTCONNECT,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,106,94,80,15
CONTROL "Check VP",IDC_B_CHECK_VIRTUALPROTECTEX,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,190,94,60,15
CONTROL "Load L2Walker.dll",IDC_B_LOADWALKER,"Button",WS_CHILD|WS_VISIBLE|WS_TABSTOP,7,116,75,14

12
l2detect/main.cpp
View File

@@ -124,12 +124,12 @@ DWORD WINAPI DllThread(LPVOID lpParam)
log_error( LOG_WARNING, "Maybe we're running in GameGuard protected program?\n" );
log_error( LOG_WARNING, "Be careful!\n" );
}
Hook_InterceptConnect_my();
if( !Hook_ValidateInterception_my() )
{
log_error( LOG_ERROR, "Seems like my try to intercept ws2_32.dll!connect() failed.\n" );
log_error( LOG_ERROR, "All network connections will not be intercepted!\n" );
}
//Hook_InterceptConnect_my();
//if( !Hook_ValidateInterception_my() )
//{
// log_error( LOG_ERROR, "Seems like my try to intercept ws2_32.dll!connect() failed.\n" );
// log_error( LOG_ERROR, "All network connections will not be intercepted!\n" );
//}
//Hook_InterceptConnect_Dis(); // this unused..
#ifdef _MSC_VER
}

12
l2detect/net_hook.h
View File

@@ -12,6 +12,18 @@ bool Hook_ValidateInterception_my();
bool Hook_IsWinsockConnectOrig();
bool Hook_CheckVirtualProtect();
// checking hooks
extern const unsigned char original_ws2_32_connect_6_bytes[6];
extern const unsigned char original_ws2_32_recv_6_bytes[6];
extern const unsigned char original_ws2_32_send_6_bytes[6];
extern const unsigned char original_ws2_32_WSAConnect_6_bytes[6];
extern const unsigned char original_ws2_32_WSARecv_6_bytes[6];
extern const unsigned char original_ws2_32_WSASend_6_bytes[6];
extern const unsigned char original_vpex_6_bytes[6];
extern const unsigned char l2walker_connect_6_bytes[6];
// ^^ orig_bytes
bool Hook_check_func_prolog( LPCWSTR dllName, LPCSTR funcName, const unsigned char *orig_bytes );
int __stdcall connect_hook_my( unsigned int sock, void *sockaddr, int addrlen );
int __stdcall connect_nohook_my( unsigned int sock, void *sockaddr, int addrlen );

10
l2detect/net_hook_my.cpp
View File

@@ -70,6 +70,7 @@ void Hook_InterceptConnect_my()
if( Proxied_VirtualProtectEx )
log_error( LOG_WARNING, "Hook_InterceptConnect_my(): Using proxied VirtualProtectEx!\n" );
ErrorLogger_FlushLogFile();
BOOL ret;
DWORD old_protect = 0, old_protect_2 = 0;
@@ -137,13 +138,13 @@ bool Hook_check_func_prolog( LPCWSTR dllName, LPCSTR funcName, const unsigned ch
HINSTANCE hDll = GetModuleHandleW( dllName );
if( !hDll )
{
log_error( LOG_WARNING, "Hook_check_func_prolog(): module [%ls] not found!\n", dllName );
log_error( LOG_WARNING, "Hook_check_func_prolog(): module [%S] not found!\n", dllName );
return false;
}
unsigned int func_addr = (unsigned int)GetProcAddress( hDll, funcName );
if( func_addr == 0 )
{
log_error( LOG_WARNING, "Hook_check_func_prolog(): module [%ls] does not have func [%s]\n", dllName, funcName );
log_error( LOG_WARNING, "Hook_check_func_prolog(): module [%S] does not have func [%s]\n", dllName, funcName );
return false;
}
// read prolog
@@ -154,15 +155,16 @@ bool Hook_check_func_prolog( LPCWSTR dllName, LPCSTR funcName, const unsigned ch
// compare
if( memcmp( cur, orig_bytes, 6 ) == 0 )
{
log_error( LOG_OK, "Hook_check_func_prolog(): %ls ! %s() prolog OK\n", dllName, funcName );
log_error( LOG_OK, "Hook_check_func_prolog(): %S!%s() prolog OK\n", dllName, funcName );
ErrorLogger_FlushLogFile();
return true;
}
// not equal
log_error( LOG_WARNING,
"Hook_check_func_prolog(): %ls.%s() prolog modified, dump of machine codes:\n"
"Hook_check_func_prolog(): %S!%s() prolog modified, dump of machine codes:\n"
" current : %02X %02X %02X %02X %02X %02X\n"
" orig : %02X %02X %02X %02X %02X %02X\n",
dllName, funcName,
(int)cur[0], (int)cur[1], (int)cur[2], (int)cur[3], (int)cur[4], (int)cur[5],
(int)orig_bytes[0], (int)orig_bytes[1], (int)orig_bytes[2],
(int)orig_bytes[3], (int)orig_bytes[4], (int)orig_bytes[5]