Newbie Spellweaver
- Joined
- Mar 9, 2009
- Messages
- 39
- Reaction score
- 9
Maybe yes but updating is needed too. But we need to unrar the agt files to make updates and to find the ip and other things.
C:\Windows\System32\drivers\etc\hosts
#define _WIN32_WINNT 0x0501
#include <winsock2.h>
#include <windows.h>
#include <intrin.h>
#include <Detours.h>
#include <stdio.h>
#include <io.h>
#include <fcntl.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "psapi.lib")
typedef int (WINAPI* Prototype_Connect)(SOCKET, const struct sockaddr*, int);
Prototype_Connect Original_Connect;
typedef int (WINAPI *MessageBoxt) (int, char *, char *, int);
MessageBoxt MessageBoxOrg;
int WINAPI MessageBoxHook (int a, char *b, char *c, int d)
{
return MessageBoxOrg(a,b,c,d);
}
int WINAPI Hooked_Connect(SOCKET s, const struct sockaddr* name, int namelen)
{
sockaddr_in* service = (sockaddr_in*)name;
unsigned long address = inet_addr("127.0.0.1");
memcpy(&service->sin_addr, &address, sizeof(unsigned long));
return Original_Connect(s, name, namelen);
}
void HidePEB(HINSTANCE hModule) {
DWORD dwPEB_LDR_DATA = 0;
_asm{
pushad;
pushfd;
mov eax, fs:[30h]
mov eax, [eax+0Ch]
mov dwPEB_LDR_DATA, eax
InLoadOrderModuleList:
mov esi, [eax+0Ch]
mov edx, [eax+10h]
LoopInLoadOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+18h]
cmp ecx, hModule
jne SkipA
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InMemoryOrderModuleList
SkipA:
cmp edx, esi
jne LoopInLoadOrderModuleList
InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+14h]
mov edx, [eax+18h]
LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList
SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList
InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+1Ch]
mov edx, [eax+20h]
LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished
SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList
Finished:
popfd;
popad;
}
}
DWORD WINAPI DriftHook(LPVOID lpReserved)
{
AllocConsole();
HANDLE handle_out = GetStdHandle(STD_OUTPUT_HANDLE);
int hCrt = _open_osfhandle((long) handle_out, _O_TEXT);
FILE* hf_out = _fdopen(hCrt, "w");
setvbuf(hf_out, NULL, _IONBF, 1);
*stdout = *hf_out;
HANDLE handle_in = GetStdHandle(STD_INPUT_HANDLE);
hCrt = _open_osfhandle((long) handle_in, _O_TEXT);
FILE* hf_in = _fdopen(hCrt, "r");
setvbuf(hf_in, NULL, _IONBF, 128);
*stdin = *hf_in;
system("title DriftHook");
printf("DriftHook(C) Cosmos 2010\n");
printf("Debug mode started!\n");
Sleep(500);
printf("Hooks set!\n");
MessageBoxOrg = (MessageBoxt)DetourFunction ((PBYTE)GetProcAddress (GetModuleHandleA ("user32.dll"), "MessageBoxA"), (PBYTE)MessageBoxHook);
Sleep(500);
printf("Redirecting connections to localhost...\n");
Original_Connect = (Prototype_Connect)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect"), (PBYTE)Hooked_Connect);
Sleep(500);
printf("Done!\n");
return true;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
UNREFERENCED_PARAMETER(lpReserved);
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
{
HidePEB(hModule);
DisableThreadLibraryCalls(hModule);
CreateThread (NULL, NULL, DriftHook, NULL, NULL, NULL);
}
return true;
}
1.The IP appears to be hardcoded on DriftCity.exe
2.Editing /etc/hosts isn't gonna work unfortunately
3.Try setting up a loopback.
4.If you don't want to do that,use the DriftHook I posted
Code:#define _WIN32_WINNT 0x0501 #include <winsock2.h> #include <windows.h> #include <intrin.h> #include <Detours.h> #include <stdio.h> #include <io.h> #include <fcntl.h> #pragma comment(lib, "ws2_32.lib") #pragma comment(lib, "psapi.lib") typedef int (WINAPI* Prototype_Connect)(SOCKET, const struct sockaddr*, int); Prototype_Connect Original_Connect; typedef int (WINAPI *MessageBoxt) (int, char *, char *, int); MessageBoxt MessageBoxOrg; int WINAPI MessageBoxHook (int a, char *b, char *c, int d) { return MessageBoxOrg(a,b,c,d); } int WINAPI Hooked_Connect(SOCKET s, const struct sockaddr* name, int namelen) { sockaddr_in* service = (sockaddr_in*)name; unsigned long address = inet_addr("127.0.0.1"); memcpy(&service->sin_addr, &address, sizeof(unsigned long)); return Original_Connect(s, name, namelen); } void HidePEB(HINSTANCE hModule) { DWORD dwPEB_LDR_DATA = 0; _asm{ pushad; pushfd; mov eax, fs:[30h] mov eax, [eax+0Ch] mov dwPEB_LDR_DATA, eax InLoadOrderModuleList: mov esi, [eax+0Ch] mov edx, [eax+10h] LoopInLoadOrderModuleList: lodsd mov esi, eax mov ecx, [eax+18h] cmp ecx, hModule jne SkipA mov ebx, [eax] mov ecx, [eax+4] mov [ecx], ebx mov [ebx+4], ecx jmp InMemoryOrderModuleList SkipA: cmp edx, esi jne LoopInLoadOrderModuleList InMemoryOrderModuleList: mov eax, dwPEB_LDR_DATA mov esi, [eax+14h] mov edx, [eax+18h] LoopInMemoryOrderModuleList: lodsd mov esi, eax mov ecx, [eax+10h] cmp ecx, hModule jne SkipB mov ebx, [eax] mov ecx, [eax+4] mov [ecx], ebx mov [ebx+4], ecx jmp InInitializationOrderModuleList SkipB: cmp edx, esi jne LoopInMemoryOrderModuleList InInitializationOrderModuleList: mov eax, dwPEB_LDR_DATA mov esi, [eax+1Ch] mov edx, [eax+20h] LoopInInitializationOrderModuleList: lodsd mov esi, eax mov ecx, [eax+08h] cmp ecx, hModule jne SkipC mov ebx, [eax] mov ecx, [eax+4] mov [ecx], ebx mov [ebx+4], ecx jmp Finished SkipC: cmp edx, esi jne LoopInInitializationOrderModuleList Finished: popfd; popad; } } DWORD WINAPI DriftHook(LPVOID lpReserved) { AllocConsole(); HANDLE handle_out = GetStdHandle(STD_OUTPUT_HANDLE); int hCrt = _open_osfhandle((long) handle_out, _O_TEXT); FILE* hf_out = _fdopen(hCrt, "w"); setvbuf(hf_out, NULL, _IONBF, 1); *stdout = *hf_out; HANDLE handle_in = GetStdHandle(STD_INPUT_HANDLE); hCrt = _open_osfhandle((long) handle_in, _O_TEXT); FILE* hf_in = _fdopen(hCrt, "r"); setvbuf(hf_in, NULL, _IONBF, 128); *stdin = *hf_in; system("title DriftHook"); printf("DriftHook(C) Cosmos 2010\n"); printf("Debug mode started!\n"); Sleep(500); printf("Hooks set!\n"); MessageBoxOrg = (MessageBoxt)DetourFunction ((PBYTE)GetProcAddress (GetModuleHandleA ("user32.dll"), "MessageBoxA"), (PBYTE)MessageBoxHook); Sleep(500); printf("Redirecting connections to localhost...\n"); Original_Connect = (Prototype_Connect)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect"), (PBYTE)Hooked_Connect); Sleep(500); printf("Done!\n"); return true; } BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { UNREFERENCED_PARAMETER(lpReserved); if(ul_reason_for_call == DLL_PROCESS_ATTACH) { HidePEB(hModule); DisableThreadLibraryCalls(hModule); CreateThread (NULL, NULL, DriftHook, NULL, NULL, NULL); } return true; }
so if this hardcoded ip you cannot find, why not open up command prompt and run nbtstat -a and check all the outbound connections and find the ip that way.
Tbh,that's not the main issue at the moment.The server files have no database connection,there is no default connection,and the packets appear to be changed since the last update.It would be better to work on an emulator imho.