DSetup Spoof Source

Taiga · Dec 11, 2015

UPDATE: A full working example has been release inside the release section, you can find it here.

This snippet code is used to spoof DSETUP.DLL. Keep in mind that you've to rename your original DSETUP.DLL to stfl32.dll. The code for hooking the sockets is not included. You can find this on Google.

Code:

#include <Windows.h>


void* p[16 * 4];


// DirectXDeviceDriverSetupA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXDeviceDriverSetupA()
{
    __asm
    {
        JMP p[0 * 4];
    }
}


// DirectXDeviceDriverSetupW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXDeviceDriverSetupW()
{
    __asm
    {
        JMP p[1 * 4];
    }
}


// DirectXLoadString
extern "C" __declspec(naked, dllexport) void __cdecl DirectXLoadString()
{
    __asm
    {
        JMP p[2 * 4];
    }
}


// DirectXRegisterApplicationA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXRegisterApplicationA()
{
    __asm
    {
        JMP p[3 * 4];
    }
}


// DirectXRegisterApplicationW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXRegisterApplicationW()
{
    __asm
    {
        JMP p[4 * 4];
    }
}


// DirectXSetupA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupA()
{
    __asm
    {
        JMP p[5 * 4];
    }
}


// DirectXSetupCallback
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupCallback()
{
    __asm
    {
        JMP p[6 * 4];
    }
}


// DirectXSetupGetFileVersion
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupGetFileVersion()
{
    __asm
    {
        JMP p[7 * 4];
    }
}


// DirectXSetupGetVersion
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupGetVersion()
{
    __asm
    {
        JMP p[8 * 4];
    }
}


// DirectXSetupIsEng
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsEng()
{
    __asm
    {
        JMP p[9 * 4];
    }
}


// DirectXSetupIsJapan
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsJapan()
{
    __asm
    {
        JMP p[10 * 4];
    }
}


// DirectXSetupIsJapanNec
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsJapanNec()
{
    __asm
    {
        JMP p[11 * 4];
    }
}


// DirectXSetupSetCallback
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupSetCallback()
{
    __asm
    {
        JMP p[12 * 4];
    }
}


// DirectXSetupShowEULA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupShowEULA()
{
    __asm
    {
        JMP p[13 * 4];
    }
}


// DirectXSetupW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupW()
{
    __asm
    {
        JMP p[14 * 4];
    }
}


// DirectXUnRegisterApplication
extern "C" __declspec(naked, dllexport) void __cdecl DirectXUnRegisterApplication()
{
    __asm
    {
        JMP p[15 * 4];
    }
}


void InitializeSpoofing()
{
    // Spoof processes from the original DSETUP


    HINSTANCE hDll = LoadLibraryA("stfl32.dll"); // stfl32.dll - Original DSETUP (Needed)
    if (hDll == NULL)
    {
        MessageBox(0, "Couldn't load DirectX dependencies.", 0, 0);
        ExitProcess(0);
    }


    p[0] = GetProcAddress(hDll, "DirectXDeviceDriverSetupA");
    p[1] = GetProcAddress(hDll, "DirectXDeviceDriverSetupW");
    p[2] = GetProcAddress(hDll, "DirectXLoadString");
    p[3] = GetProcAddress(hDll, "DirectXRegisterApplicationA");
    p[4] = GetProcAddress(hDll, "DirectXRegisterApplicationW");
    p[5] = GetProcAddress(hDll, "DirectXSetupA");
    p[6] = GetProcAddress(hDll, "DirectXSetupCallback");
    p[7] = GetProcAddress(hDll, "DirectXSetupGetFileVersion");
    p[8] = GetProcAddress(hDll, "DirectXSetupGetVersion");
    p[9] = GetProcAddress(hDll, "DirectXSetupIsEng");
    p[10] = GetProcAddress(hDll, "DirectXSetupIsJapan");
    p[11] = GetProcAddress(hDll, "DirectXSetupIsJapanNec");
    p[12] = GetProcAddress(hDll, "DirectXSetupSetCallback");
    p[13] = GetProcAddress(hDll, "DirectXSetupShowEULA");
    p[14] = GetProcAddress(hDll, "DirectXSetupW");
    p[15] = GetProcAddress(hDll, "DirectXUnRegisterApplication");
}

Taiga · Jan 26, 2016

Re: [RESOURCE] DSetup Spoof Source

Here is some additional code for hooking the socket so you can make the game connect to your server.

Code:

#include <Windows.h>
#include <winsock.h>
#include <stdio.h>


#pragma comment (lib, "ws2_32.lib")

typedef int(__stdcall * oConnect)(SOCKET s, sockaddr*name, int namelen);

oConnect pConnect = nullptr;

SOCKET sGameServer = 0;
SOCKET sLoginServer = 0;

int __stdcall ConnectModification(SOCKET s, sockaddr*name, int namelen)
{
    SOCKADDR_IN * pSockAddr = (SOCKADDR_IN*)name;
    if (ntohs(pSockAddr->sin_port) == 5330)
    {
        sLoginServer = SOCKET(s);
        // TODO: CHANGE TARGET IP HERE.
    }
    else if (ntohs(pSockAddr->sin_port) == 5340)
    {
        printf("Connecting to GameServer at %s\n", inet_ntoa(pSockAddr->sin_addr));
        sGameServer = SOCKET(s);
    }
    return pConnect(s, name, namelen);
}


DWORD __stdcall StartProcedure(LPVOID lpArg)
{
    HMODULE hWinsockDLL = 0;
    do
    {
        hWinsockDLL = GetModuleHandleA("ws2_32.dll");
        Sleep(50);
    } while (!hWinsockDLL);//Wait for WarRock to load the socket module


    DWORD dwOld = 0;


    pConnect = *(oConnect*)(addresses.dwConnectIAT);


    if (VirtualProtect((void*)addresses.dwConnectIAT, 0x4, 0x40, &dwOld)) {
        *(oConnect*)(addresses.dwConnectIAT) = ConnectModification;
        VirtualProtect((void*)addresses.dwConnectIAT, 0x4, dwOld, &dwOld);
    }


    return 1;
}


int __stdcall DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
    {
        CreateThread(0, 0, StartProcedure, 0, 0, 0);
    }


    return 1;
}

Taiga · Oct 23, 2016

Re: [RESOURCE] DSetup Spoof Source

A full working and easy to use source has been release inside the release section. You can find it here.

Taiga · Nov 6, 2016

Re: [RESOURCE] DSetup Spoof Source

Code for hooking send & receive.

Code:

typedef int (__stdcall* oSend)(SOCKET s, char * buf, int len, int flags);
typedef int (__stdcall* oRecv)(SOCKET s, char * buf, int len, int flags);
oSend pSend = nullptr;
oRecv pRecv = nullptr;

Code:

static int __stdcall SendModification(SOCKET s, char * buf, int len, int flags)
{
    if (s == sLoginServer)
    {
        printf("Send!\n");
    }


    return pSend(s, buf, len, flags);
}

Code:

static int __stdcall RecvModification(SOCKET s, char * buf, int len, int flags)
{


    int iLen = pRecv(s, buf, len, flags);
    if (s == sGameServer)
    {
        int scanIndex = 0;
        int packetLength = 0;
        char* currBuff = new char[len];
        char* currPacket;


        for (int i = 0; i < iLen; i++) {
            currBuff[i] = (buf[i]) ^ 0x96;
            if (currBuff[i] == 10) {
                currPacket = new char[i - scanIndex];
                for (int j = 0; j < (i - scanIndex); j++) {
                    currPacket[j] = currBuff[scanIndex + j];
                }
                scanIndex = i + 1;
                printf("Received %s\n", currPacket);
            }
        }


    }


    return iLen;
}

Extra for opening the console window:

Code:

AllocConsole() ;
AttachConsole( GetCurrentProcessId() ) ;
freopen( "CON", "w", stdout ) ;

sananebak · Apr 29, 2020

Thanks

DSetup Spoof Source

Taiga

◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜

Taiga

◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜

Taiga

◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜

Taiga

◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜

sananebak

Junior Spellweaver

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor