[Tut] Hooking

Results 1 to 7 of 7
  1. #1
    Wait wut PenguinGuy is offline
    MemberRank
    Apr 2010 Join Date
    United StatesLocation
    765Posts

    [Tut] Hooking

    [READ]
    Please note I'm having problems with using the detour library as my compiler is having a stick up it's ass. It should work, but then again I'm doing this from memory.
    [/READ]


    When using detours, you can pretty much, in idiot terms, "control" a function to do what you want (it changes how the function works as long as you use your hook).

    In example, we can make the function "ZChatOutput" (Which is a client-sided chat) call a message box when that function executes. I'll be using Lance's "CDetour" library, instead of M$'s.

    What we want to do is first create a library project, and add the files in the "CDetour" folder to your project, and compile. This will produce a file named "CDetour.lib" (Or <your_project_name.lib). Now, create a new project named "HookingTest" or w/e, and make it a dynamic link library. Add all the "CDetour" files and the .lib file into your projects directory, or add it in the VC++ Directories in your IDE.
    Include "CDetour.h" to your source, and same with the .lib.
    The beginning of your code, of your main.cpp file, should look like this:
    Code:
    #include "Stdafx.h" //Don't complain >.>
    #include <windows.h>
    #include <CDetour.h> //OR:  #include "CDetour.h" if the file is in your projects directory
    
    #pragma comment( lib, "CDetour.lib" )
    Next, we'll need to define "ZChatOutput"'s address:
    Code:
    DWORD dwZChatOutputAddress = 0x0042A230; //Valid for 2007 files
    Alright, that should do it.

    After, you should create a object of the "CDetour" class like so:
    Code:
    CDetour MyHookLMAO;
    Now, our entire "main.cpp" source should look like this:
    Code:
    #include "stdafx.h"
    #include <windows.h>
    #include <CDetour.h>
    
    #pragma comment( lib, "CDetour.lib" )
    
    DWORD dwZChatOutputAddress = 0x0042A230;
    
    CDetour ZChatOutputDet; //I changed it from "MyHookLMAO" to this for readability.
    Just about done!
    We'll need to create the thread for ZChatOutput's hook:
    Code:
    void ZChatOutputHook( const char* szMsg, int nType, int nLoc, DWORD dwColor )
    {
        //.... STUFFS
    }
    Now, whenever ZChatOutput is being used it'll call whatever is in "ZChatOutputHook(...)". Hmm, I'm bored. Getting tired writing this lol. Alright, let's make our hook call a message box. We'll do that like so:

    Code:
    void ZChatOutputHook( const char* szMsg, int nType, int nLoc, DWORD dwColor )
    {
        MessageBoxA( NULL, "I just roflbbqsauce", "Title", MB_OK );
    
        ZChatOutputDet.Org( szMsg, nType, nLoc, dwColor );
    }
    Alright, we're pretty much done, the rest is the main thread and the dll entry point!
    Which is the main thread is done like this:
    Code:
    void WINAPI MainThread( void )
    {
            ZChatOutputDet.Detour( ( PBYTE ) dwZChatOutputAddress, ( PBYTE ) ZChatOutputHook );
            ZChatOutputDet.Apply( );
    }
    And the dll entry point is like this:
    Code:
    extern "C" __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
    {
        DisableThreadLibraryCalls( hInstance );
    
        if( dwReason == DLL_PROCESS_ATTACH )
            CreateThread( NULL, NULL, ( LPTHREAD_START_ROUTINE )&MainThread, NULL, NULL, NULL );
    
        else
            MessageBoxA( NULL, "Error injecting dll", "Title", MB_OK );
    
        return true;
    }
    We're done! This is what the code should look like as of right now:
    Code:
    #include "stdafx.h"
    #include <windows.h>
    #include <CDetour.h>
    
    #pragma comment( lib, "CDetour.lib" )
    
    DWORD dwZChatOutputAddress = 0x0042A230;
    
    CDetour ZChatOutputDet;
    
    void ZChatOutputHook( const char* szMsg, int nType, int nLoc, DWORD dwColor )
    {
        MessageBoxA( NULL, "I just roflbbqsauce", "Title", MB_OK );
    
        ZChatOutputDet.Org( szMsg, nType, nLoc, dwColor );
    }
    
    void WINAPI MainThread( void )
    {
            ZChatOutputDet.Detour( ( PBYTE ) dwZChatOutputAddress, ( PBYTE ) ZChatOutputHook );
            ZChatOutputDet.Apply( );
    }
    
    extern "C" __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
    {
        DisableThreadLibraryCalls( hInstance );
    
        if( dwReason == DLL_PROCESS_ATTACH )
            CreateThread( NULL, NULL, ( LPTHREAD_START_ROUTINE )&MainThread, NULL, NULL, NULL );
    
        else
            MessageBoxA( NULL, "Error injecting dll", "Title", MB_OK );
    
        return true;
    }
    That's all their is to it!

    Now, if I remember right, you can inject this dll and type "/help" (which if I remember right) will execute "ZChatOutput"'s function, thus executing the hook.

    Edit-
    I attached CDetour with the .lib, and posted an example source
    that upon entering the recommended channel, you will be placed in room #1 (or created if none is their) and automatically join.

    Clientdll.cpp
    Code:
    #include "stdafx.h"
    #include <windows.h>
    #include <stdio.h>
    #include "ClientDll.h"
    #include "CDetour.h"
    
    #pragma comment( lib, "CDetour.lib" )
    
    CDetour ZGameClientOnResponseRecommandedChannelDet;
    
    void ZGameClientOnResponseRecommandedChannelHook( MUID* uidChannel )
    {
    	uidCharacter->Low = NULL;
    	uidCharacter->High = GetMe( );
    
    	uidStaged->Low = NULL;
    	uidStaged->High = GetStage( );
    
    	if( uidStaged == NULL )
    	{
    		ZPostStageCreate( uidCharacter, "Test Stage", 0, NULL );
    
    		uidStaged->Low = NULL;
    		uidStaged->High = GetStage( );
    
    		MSTAGE_SETTING_NODE MStage;
    
    		MStage.n1   = NULL;
    		MStage.n2   = NULL;
    		MStage.n3   = NULL;
    		MStage.nGap = NULL;
    		MStage.nRounds  = 65535;
    		MStage.nMinutes = 65535;
    		MStage.bLateJoin     = true;
    		MStage.bFriendlyFire = false;
    		MStage.bMode1        = false;
    		MStage.bMode2        = false;
    		MStage.bMode3        = false;
    		MStage.bMode4        = false;
    		MStage.bTeamBalance  = false;
    		strcpy_s( MStage.szMapName, "Battle Arena" );
    
    		ZPostStageSetting( uidCharacter, uidStaged, MStage );
    
    		ZPostStageStart( uidCharacter, uidStaged );
    	}
    
    	ZPostRequestStageJoin( uidCharacter, uidStaged );
    
    	ZPostStageEnterBattle( uidCharacter, uidStaged );
    
    	ZGameClientOnResponseRecommandedChannelDet.Org( uidChannel );
    }
    
    void MainThread(  )
    {
    	ZGameClientOnResponseRecommandedChannelDet.Detour( ( PBYTE ) ZGameClientOnResponseRecommandedChannelAddress, ( PBYTE )ZGameClientOnResponseRecommandedChannelHook );
    	ZGameClientOnResponseRecommandedChannelDet.Apply( );
    }
    
    extern "C" __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
    {
    	DisableThreadLibraryCalls( hInstance );
    
    	if( dwReason == DLL_PROCESS_ATTACH )
    		CreateThread( NULL, NULL, ( LPTHREAD_START_ROUTINE )&MainThread, NULL, NULL, NULL );
    
    	else
    		MessageBoxA( NULL, "Error injecting Dll", "ERROR", MB_OK );
    
    	return true;
    }
    ClientDll.h
    Code:
    unsigned long ZGetGameClientAddress                         = 0x004ABCC0;
    unsigned long ZChatOutputAddress                            = 0x0042A230;
    unsigned long ZGameClientOnResponseRecommandedChannelAddress = 0x00;
    unsigned long ZPostStageCreateAddress                       = 0x00448230;
    unsigned long ZPostStageStartAddress                        = 0x00448E30;
    unsigned long ZPostStageSettingAddress                      = 0x0045BE00;
    unsigned long ZPostRequestStageJoinAddress                  = 0x004257E0;
    unsigned long ZPostStageEnterBattleAddress                  = 0x00;
    
    struct MUID
    {
    	unsigned long Low;
    	unsigned long High;
    };
    
    MUID* uidCharacter = new MUID( );
    MUID* uidStaged = new MUID( );
    
    struct MSTAGE_SETTING_NODE
    {
    	int n1;
    	int n2;
    	int n3;
    
    	char szMapName[32];
    	char szPlayers;
    
    	unsigned int nType;
    	unsigned int nRounds;
    	unsigned int nMinutes;
    	unsigned int nGap;
    
    	bool bMode1;
    	bool bMode2;
    	bool bMode3;
    	bool bMode4;
    	bool bFriendlyFire;
    	bool bLateJoin;
    	bool bTeamBalance;
    };
    
    typedef DWORD( __cdecl* ZGetGameClientType ) ( );
    ZGetGameClientType ZGetGameClient = ( ZGetGameClientType )ZGetGameClientAddress;
    
    //DWORD ZGetGameClient( )
    //{
    //	__asm
    //	{
    //	}
    //}
    
    //typedef void( __cdecl* ZChatOutputType ) ( const char*, int, int, DWORD );
    //ZChatOutputType ZChatOutput = ( ZChatOutputType )ZChatOutputAddress;
    
    void ZChatOutput( const char* szMsg )
    {
    	__asm
    	{
    		PUSH 0xFFFFFF
    		PUSH 0
    		PUSH 2
    		PUSH szMsg
    		CALL ZChatOutputAddress
    	}
    }
    
    //typedef void( __cdecl* ZPostStageCreateType ) ( MUID* uidChar, char* szStageName, bool bPrivate, char* szPassword );
    //ZPostStageCreateType ZPostStageCreate = ( ZPostStageCreateType )ZPostStageCreateAddress;
    
    void ZPostStageCreate( MUID* uidChar, char* szStageName, int boolPrivate, char* szPassword )
    {
    	__asm
    	{
    		PUSH szPassword
    		PUSH boolPrivate
    		PUSH szStageName
    		PUSH uidChar
    		CALL ZPostStageCreateAddress
    	}
    }
    
    
    //typedef void( __cdecl* ZPostRequestStageJoinType ) ( MUID* uidChar, MUID* uidStage );
    //ZPostRequestStageJoinType ZPostRequestStageJoin = ( ZPostRequestStageJoinType )ZPostRequestStageJoinAddress;
    
    void ZPostRequestStageJoin( MUID* uidChar, MUID* uidStage )
    {
    	__asm
    	{
    		PUSH uidStage
    		PUSH uidChar
    		CALL ZPostRequestStageJoin
    	}
    }
    
    //typedef void( __cdecl* ZPostStageStartType ) ( MUID* uidChar, MUID* uidStage );
    //ZPostStageStartType ZPostStageStart = ( ZPostStageStartType )ZPostStageStartAddress;
    
    void ZPostStageStart( MUID* uidChar, MUID* uidStage )
    {
    	__asm
    	{
    		PUSH uidStage
    		PUSH uidChar
    		CALL ZPostStageStartAddress
    	}
    }
    
    //typedef void( __cdecl* ZPostStageSettingType ) ( MUID* uidChar, MUID* uidStage, MSTAGE_SETTING_NODE pSetting );
    //ZPostStageSettingType ZPostStageSetting = ( ZPostStageSettingType )ZPostStageSettingAddress;
    
    void ZPostStageSetting( MUID* uidChar, MUID* uidStage, MSTAGE_SETTING_NODE pSetting )
    {
    	__asm
    	{
    		PUSH pSetting
    		PUSH uidStage
    		PUSH uidChar
    		CALL ZPostStageSettingAddress
    	}
    }
    
    //typedef void( __cdecl* ZPostStageEnterBattleType ) ( MUID* uidChar, MUID* uidStage );
    //ZPostStageEnterBattleType ZPostStageEnterBattle = ( ZPostStageEnterBattleType )ZPostStageEnterBattleAddress;
    
    void ZPostStageEnterBattle( MUID* uidChar, MUID* uidStage )
    {
    	__asm
    	{
    		PUSH uidStage
    		PUSH uidChar
    		CALL ZPostStageEnterBattleAddress
    	}
    }
    
    unsigned long GetStage( )
    {
    	return *( DWORD* ) ( ZGetGameClient() + 0x1B4 );
    }
    
    unsigned long GetMe( )
    {
    	return *( DWORD* ) ( ZGetGameClient() + 0x1A4 );
    }
    
    unsigned long GetChannel( )
    {
    	return *( DWORD* ) ( ZGetGameClient() + 0x1AC );
    }
    Attached Files Attached Files
    Last edited by PenguinGuy; 10-06-10 at 11:13 AM.


  2. #2
    RestyleGamerZ FTW Mambo is offline
    MemberRank
    Mar 2008 Join Date
    The NetherlandsLocation
    821Posts

    Re: [Tut] Hooking =D

    Wow i like it ^^

    This kind of tuts is why i keep checking RageZone ^^

    Thankyou!

  3. #3
    I am THE DON Joe9099 is offline
    MemberRank
    Jan 2007 Join Date
    England, UkLocation
    3,655Posts

    Re: [Tut] Hooking =D

    haha same, im not experienced in ASM or hooking dll's but seriously man this is a great tutorial.
    Gonna actually give a thanks because it helps a lot!
    But then again the tutorial makes it LOOK harder than it actually is XD

    Thanks.

  4. #4
    igunz.net Dawson is offline
    LegendRank
    Feb 2010 Join Date
    ::1 (Canada BC)Location
    2,581Posts

    Re: [Tut] Hooking =D

    Nice tutorial mate, well written.

  5. #5
    Wait wut PenguinGuy is offline
    MemberRank
    Apr 2010 Join Date
    United StatesLocation
    765Posts

    Re: [Tut] Hooking =D

    Quote Originally Posted by Mambo View Post
    Wow i like it ^^

    This kind of tuts is why i keep checking RageZone ^^

    Thankyou!
    Mhm, anytime. :)

    Quote Originally Posted by Joe9099 View Post
    haha same, im not experienced in ASM or hooking dll's but seriously man this is a great tutorial.
    Gonna actually give a thanks because it helps a lot!
    But then again the tutorial makes it LOOK harder than it actually is XD

    Thanks.
    I was pretty tired lol, sorry if their is any confusion. It actually isn't hard, once you learn how detouring works and use it a few times it isn't hard at all. I thought it was hard when I first tried it, but after messing with it for a while I learned it was quite easy.

    Quote Originally Posted by DawsonByrd View Post
    Nice tutorial mate, well written.
    Not really lol, but thank you.

  6. #6
    Account Upgraded | Title Enabled! wesley1189 is offline
    MemberRank
    Dec 2009 Join Date
    On a potatoLocation
    407Posts

    Re: [Tut] Hooking

    This made me realize how dumb i am.......

  7. #7
    Wait wut PenguinGuy is offline
    MemberRank
    Apr 2010 Join Date
    United StatesLocation
    765Posts

    Re: [Tut] Hooking

    Quote Originally Posted by wesley1189 View Post
    This made me realize how dumb i am.......
    Don't think that. If you want to learn how to develop for GunZ, all you need to know is the basics. "PenguinGuy" made a tutorial on using C++ for GunZ in the tutorial section, you should take a look at that. :)



Advertisement