- Joined
- May 29, 2007
- Messages
- 2,167
- Reaction score
- 899
I decided to release an easy to use source code for building your own spoofed DSETUP.DLL so you can use it in your own project. I have done this to avoid people getting scammed or infected by others. The full source code is included below.
I assume you have Visual Studio 2013 or newer installed on your system.
If you do not then go download it on your own.
If you run into trouble, create a help thread in the help section. Please read the comments inside the code and replies on this thread before you reply. I assume you can compile a program in C++. No support will be given.
Features
How to use
Source Code
I assume you have Visual Studio 2013 or newer installed on your system.
If you do not then go download it on your own.
If you run into trouble, create a help thread in the help section. Please read the comments inside the code and replies on this thread before you reply. I assume you can compile a program in C++. No support will be given.
Features
- Change the auth server to another ip.
- Change auth server port.
- Change game server port.
How to use
- Make a new empty Win32 Project.
- Create a new file called Main.cpp.
- Paste the source code in the file.
- Change the settings under the // Configuration comment.
- Navigate to the top and change Debug to Release.
- Right click your project with your mouse and click on build project.
- Check if you already have stfl32.dll inside your WarRock System folder, if you do go to step 9.
- Rename the original DSETUP.dll to stfl32.dll.
- Copy the spoofed DSETUP.dll to your WarRock System folder.
- Launch the game and have fun.
Source Code
Code:
// Credits CodeDragon & ToXiiC
// Configuration
#define ORIGINAL_DSETUP_NAME L"stfl32.dll" // The original DSETUP.dll File renamed.
#define NEW_AUTH_SERVER_IP "127.0.0.1" // New AuthServer ip
#define NEW_AUTH_SERVER_PORT 5330 // New AuthServer port
#define NEW_GAME_SERVER_PORT 5340 // New GameServer Port
/* ======================================================================== *\
|| DO NOT EDIT ANYTHING UNDER THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING! ||
\* ======================================================================== */
#define ORIGINAL_AUTH_SERVER_PORT 5330 // Original AuthServer port.
#define ORIGINAL_GAME_SERVER_PORT 5340 // Original GameServer port.
#include <Windows.h>
#include <winsock.h>
#pragma comment (lib, "ws2_32.lib")
// All the variables used.
#pragma region Variables
// DSETUP Spoofing
void* jumpPointer[16 * 4]; // Pointers to the originals location of the DSETUP calls.
// Socket Spoofing
SOCKET authServerSocket = NULL;
SOCKET gameServerSocket = NULL;
typedef int(__stdcall * oConnect)(SOCKET socket, sockaddr* name, int namelen);
oConnect pConnect = nullptr;
#pragma endregion
// All DSETUP.DLL overrided functions.
#pragma region Spoofed DSETUP.DLL functions
// DirectXDeviceDriverSetupA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXDeviceDriverSetupA()
{
__asm
{
JMP jumpPointer[0 * 4];
}
}
// DirectXDeviceDriverSetupW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXDeviceDriverSetupW()
{
__asm
{
JMP jumpPointer[1 * 4];
}
}
// DirectXLoadString
extern "C" __declspec(naked, dllexport) void __cdecl DirectXLoadString()
{
__asm
{
JMP jumpPointer[2 * 4];
}
}
// DirectXRegisterApplicationA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXRegisterApplicationA()
{
__asm
{
JMP jumpPointer[3 * 4];
}
}
// DirectXRegisterApplicationW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXRegisterApplicationW()
{
__asm
{
JMP jumpPointer[4 * 4];
}
}
// DirectXSetupA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupA()
{
__asm
{
JMP jumpPointer[5 * 4];
}
}
// DirectXSetupCallback
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupCallback()
{
__asm
{
JMP jumpPointer[6 * 4];
}
}
// DirectXSetupGetFileVersion
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupGetFileVersion()
{
__asm
{
JMP jumpPointer[7 * 4];
}
}
// DirectXSetupGetVersion
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupGetVersion()
{
__asm
{
JMP jumpPointer[8 * 4];
}
}
// DirectXSetupIsEng
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsEng()
{
__asm
{
JMP jumpPointer[9 * 4];
}
}
// DirectXSetupIsJapan
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsJapan()
{
__asm
{
JMP jumpPointer[10 * 4];
}
}
// DirectXSetupIsJapanNec
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupIsJapanNec()
{
__asm
{
JMP jumpPointer[11 * 4];
}
}
// DirectXSetupSetCallback
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupSetCallback()
{
__asm
{
JMP jumpPointer[12 * 4];
}
}
// DirectXSetupShowEULA
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupShowEULA()
{
__asm
{
JMP jumpPointer[13 * 4];
}
}
// DirectXSetupW
extern "C" __declspec(naked, dllexport) void __cdecl DirectXSetupW()
{
__asm
{
JMP jumpPointer[14 * 4];
}
}
// DirectXUnRegisterApplication
extern "C" __declspec(naked, dllexport) void __cdecl DirectXUnRegisterApplication()
{
__asm
{
JMP jumpPointer[15 * 4];
}
}
#pragma endregion
// All WinSock overrided functions.
#pragma region Spoofed WinSock functions
void *DetourFunction(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len + 5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src + 1) = (DWORD)(dst - src) - 5;
for (int i = 5; i < len; i++) src[i] = 0x90;
VirtualProtect(src, len, dwBack, &dwBack);
return(jmp - len);
}
int __stdcall ConnectModification(SOCKET socket, sockaddr* name, int namelen) {
_asm pushad;
SOCKADDR_IN* pSockAddr = (SOCKADDR_IN*)name; // This will manipulate name directly since it is a pointer.
u_short socketPort = ntohs(pSockAddr->sin_port); // Convert the port so we can read it.
switch (socketPort)
{
case ORIGINAL_AUTH_SERVER_PORT:
// Detected a auth server connection
authServerSocket = SOCKET(socket);
pSockAddr->sin_addr.s_addr = inet_addr(NEW_AUTH_SERVER_IP); // Change ip.
pSockAddr->sin_port = htons(NEW_AUTH_SERVER_PORT); // Change port.
break;
case ORIGINAL_GAME_SERVER_PORT:
// Detected a game server connection.
gameServerSocket = SOCKET(socket);
pSockAddr->sin_port = htons(NEW_GAME_SERVER_PORT); // Change port.
break;
default:
break;
}
_asm popad;
return pConnect(socket, name, namelen);
}
#pragma endregion
// Initialization functions.
#pragma region Initialize functions
// A function that will add the detours.
bool InitializeSpoofing()
{
// Find the original instance of the DSETUP.DLL and load it into memory if possible.
HINSTANCE hDll = LoadLibrary(ORIGINAL_DSETUP_NAME); // ORIGINAL DSETUP.DLL
if (hDll == NULL)
{
MessageBox(0, L"Couldn't load DirectX dependencies.", 0, 0);
ExitProcess(0);
return false;
}
// Find the original addresses of the functions.
jumpPointer[0] = GetProcAddress(hDll, "DirectXDeviceDriverSetupA");
jumpPointer[1] = GetProcAddress(hDll, "DirectXDeviceDriverSetupW");
jumpPointer[2] = GetProcAddress(hDll, "DirectXLoadString");
jumpPointer[3] = GetProcAddress(hDll, "DirectXRegisterApplicationA");
jumpPointer[4] = GetProcAddress(hDll, "DirectXRegisterApplicationW");
jumpPointer[5] = GetProcAddress(hDll, "DirectXSetupA");
jumpPointer[6] = GetProcAddress(hDll, "DirectXSetupCallback");
jumpPointer[7] = GetProcAddress(hDll, "DirectXSetupGetFileVersion");
jumpPointer[8] = GetProcAddress(hDll, "DirectXSetupGetVersion");
jumpPointer[9] = GetProcAddress(hDll, "DirectXSetupIsEng");
jumpPointer[10] = GetProcAddress(hDll, "DirectXSetupIsJapan");
jumpPointer[11] = GetProcAddress(hDll, "DirectXSetupIsJapanNec");
jumpPointer[12] = GetProcAddress(hDll, "DirectXSetupSetCallback");
jumpPointer[13] = GetProcAddress(hDll, "DirectXSetupShowEULA");
jumpPointer[14] = GetProcAddress(hDll, "DirectXSetupW");
jumpPointer[15] = GetProcAddress(hDll, "DirectXUnRegisterApplication");
return true;
}
DWORD WINAPI InitializeSocketSpoofing(LPVOID lpParam) {
int attempts = 0;
HMODULE socketDLL = NULL;
do {
socketDLL = GetModuleHandle(L"ws2_32.dll");
if (++attempts >= 300) {
// We assume it will never load.
MessageBox(0, L"Couldn't load WinSock dependencies.", 0, 0);
ExitProcess(0);
}
Sleep(100);
} while (!socketDLL);
// We found the WinSock dll, hook it.
// Hook the connect function of ws2_32.dll.
pConnect = *(oConnect)DetourFunction((PBYTE)GetProcAddress(socketDLL, "connect"), (PBYTE)ConnectModification, 5);
return 0;
}
#pragma endregion
// Main function, this is called when the DLL is loaded.
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
switch (fdwReason)
{
case DLL_PROCESS_DETACH:
// The DLL was detached from the process.
break;
case DLL_PROCESS_ATTACH:
// The DLL was attached to a process.
DisableThreadLibraryCalls(hinstDLL);
// Start the spoofing of the original functions.
if (InitializeSpoofing()) {
// Create another thread that detects when the Winsock dll is loaded.
CreateThread(NULL, NULL, InitializeSocketSpoofing, NULL, NULL, NULL);
return TRUE;
}
return FALSE;
default:
break; // DO NOTHING.
}
return TRUE;
}
Last edited: