#define _WIN32_WINNT 0x0501
#include <winsock2.h>
#include <windows.h>
#include <intrin.h>
#include <Detours.h>
#include <stdio.h>
#include <io.h>
#include <fcntl.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "psapi.lib")
typedef int (WINAPI* Prototype_Connect)(SOCKET, const struct sockaddr*, int);
Prototype_Connect Original_Connect;
typedef int (WINAPI *MessageBoxt) (int, char *, char *, int);
MessageBoxt MessageBoxOrg;
int WINAPI MessageBoxHook (int a, char *b, char *c, int d)
{
return MessageBoxOrg(a,b,c,d);
}
int WINAPI Hooked_Connect(SOCKET s, const struct sockaddr* name, int namelen)
{
sockaddr_in* service = (sockaddr_in*)name;
unsigned long address = inet_addr("127.0.0.1");
memcpy(&service->sin_addr, &address, sizeof(unsigned long));
return Original_Connect(s, name, namelen);
}
void HidePEB(HINSTANCE hModule) {
DWORD dwPEB_LDR_DATA = 0;
_asm{
pushad;
pushfd;
mov eax, fs:[30h]
mov eax, [eax+0Ch]
mov dwPEB_LDR_DATA, eax
InLoadOrderModuleList:
mov esi, [eax+0Ch]
mov edx, [eax+10h]
LoopInLoadOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+18h]
cmp ecx, hModule
jne SkipA
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InMemoryOrderModuleList
SkipA:
cmp edx, esi
jne LoopInLoadOrderModuleList
InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+14h]
mov edx, [eax+18h]
LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList
SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList
InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+1Ch]
mov edx, [eax+20h]
LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished
SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList
Finished:
popfd;
popad;
}
}
DWORD WINAPI DriftHook(LPVOID lpReserved)
{
AllocConsole();
HANDLE handle_out = GetStdHandle(STD_OUTPUT_HANDLE);
int hCrt = _open_osfhandle((long) handle_out, _O_TEXT);
FILE* hf_out = _fdopen(hCrt, "w");
setvbuf(hf_out, NULL, _IONBF, 1);
*stdout = *hf_out;
HANDLE handle_in = GetStdHandle(STD_INPUT_HANDLE);
hCrt = _open_osfhandle((long) handle_in, _O_TEXT);
FILE* hf_in = _fdopen(hCrt, "r");
setvbuf(hf_in, NULL, _IONBF, 128);
*stdin = *hf_in;
system("title DriftHook");
printf("DriftHook(C) Cosmos 2010\n");
printf("Debug mode started!\n");
Sleep(500);
printf("Hooks set!\n");
MessageBoxOrg = (MessageBoxt)DetourFunction ((PBYTE)GetProcAddress (GetModuleHandleA ("user32.dll"), "MessageBoxA"), (PBYTE)MessageBoxHook);
Sleep(500);
printf("Redirecting connections to localhost...\n");
Original_Connect = (Prototype_Connect)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect"), (PBYTE)Hooked_Connect);
Sleep(500);
printf("Done!\n");
return true;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
UNREFERENCED_PARAMETER(lpReserved);
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
{
HidePEB(hModule);
DisableThreadLibraryCalls(hModule);
CreateThread (NULL, NULL, DriftHook, NULL, NULL, NULL);
}
return true;
}