ROAInject.cpp
资源名称:ROA3.40.rar [点击查看]
上传用户:tianheyiqi
上传日期:2010-04-16
资源大小:282k
文件大小:18k
源码类别:
外挂编程
开发平台:
Visual C++
- #define _WIN32_WINNT 0x0400
- #define NT
- #define DBG_TRACE 0
- #include <stdafx.h>
- #include <windows.h>
- #include <stdio.h>
- #include <winsock2.h>
- #include <malloc.h>
- #include "detours.h"
- #define PULONG_PTR PVOID
- #define PLONG_PTR PVOID
- #define ULONG_PTR PVOID
- #define LONG_PTR PVOID
- #define ENUMRESNAMEPROCA PVOID
- #define ENUMRESNAMEPROCW PVOID
- #define ENUMRESLANGPROCA PVOID
- #define ENUMRESLANGPROCW PVOID
- #define ENUMRESTYPEPROCA PVOID
- #define ENUMRESTYPEPROCW PVOID
- #define STGOPTIONS PVOID
- static TCHAR wzExeName[MAX_PATH];
- static char infobuf[32];
- static HWND g_hWnd;
- static UINT g_wMsg;
- //////////////////////////////////////////////////////////////////////
- #pragma warning(disable:4127) // Many of our asserts are constants.
- #ifndef _DEFINED_ASMBREAK_
- #define _DEFINED_ASMBREAK_
- #define ASMBREAK() __asm { int 3 }
- //#define ASMBREAK() DebugBreak()
- #endif // _DEFINED_ASMBREAK_
- #define ASSERT_ALWAYS(x)
- do {
- if (!(x)) {
- AssertMessage(#x, __FILE__, __LINE__);
- ASMBREAK();
- }
- } while (0)
- #ifndef NDEBUG
- #define ASSERT(x) ASSERT_ALWAYS(x)
- #endif
- #define UNUSED(c) (c) = (c)
- #define ARRAYOF(x) (sizeof(x)/sizeof(x[0]))
- //////////////////////////////////////////////////////////////////////
- static HMODULE s_hInst = NULL;
- static WCHAR s_wzDllPath[MAX_PATH];
- VOID _PrintDump(SOCKET socket, PCHAR pszData, INT cbData);
- VOID _PrintEnter(PCSTR psz, ...);
- VOID _PrintExit(PCSTR psz, ...);
- VOID _Print(PCSTR psz, ...);
- VOID AssertMessage(CONST PCHAR pszMsg, CONST PCHAR pszFile, ULONG nLine);
- #define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr)+(DWORD)(addValue))
- #define FALSECLIENT_TIMEOUT 12000
- #define FALSECLIENT_SEND_TIMEOUT 5000
- #define MAX_BUFFER_LENGTH 16384
- ////
- //FUNCTION PROTOTYPES AND TYPEDEF
- ////
- BOOL IsConnected(SOCKET s);
- void falseClientCom();
- ULONG falseClientComId;
- SOCKET falseClient;
- SOCKET currentServer;
- HINSTANCE g_hInst=0;
- WSADATA WSAData;
- char* falseClient_send;
- char* falseClient_recvInject;
- int falseClient_sendLength;
- int falseClient_recvInjectLength;
- CRITICAL_SECTION falseClient_sendSection;
- CRITICAL_SECTION falseClient_recvInjectSection;
- CRITICAL_SECTION address_section;
- //////////////////////////////////////////////////////////////////////////////
- //
- #pragma warning(disable:4100) // Trampolines don't use formal parameters.
- extern "C" {
- DETOUR_TRAMPOLINE(int WINAPI
- Real_WSAAsyncSelect(SOCKET s,
- HWND hWnd,
- unsigned int wMsg,
- long lEvent),
- WSAAsyncSelect);
- DETOUR_TRAMPOLINE(VOID WINAPI
- Real_InitializeCriticalSection(LPCRITICAL_SECTION lpSection),
- InitializeCriticalSection);
- DETOUR_TRAMPOLINE(VOID WINAPI
- Real_EnterCriticalSection(LPCRITICAL_SECTION lpSection),
- EnterCriticalSection);
- DETOUR_TRAMPOLINE(VOID WINAPI
- Real_LeaveCriticalSection(LPCRITICAL_SECTION lpSection),
- LeaveCriticalSection);
- }
- DETOUR_TRAMPOLINE(DWORD WINAPI Real_GetModuleFileNameW(HMODULE a0,
- LPWSTR a1,
- DWORD a2),
- GetModuleFileNameW);
- DETOUR_TRAMPOLINE(BOOL WINAPI Real_CreateProcessW(LPCWSTR a0,
- LPWSTR a1,
- LPSECURITY_ATTRIBUTES a2,
- LPSECURITY_ATTRIBUTES a3,
- BOOL a4,
- DWORD a5,
- LPVOID a6,
- LPCWSTR a7,
- struct _STARTUPINFOW* a8,
- LPPROCESS_INFORMATION a9),
- CreateProcessW);
- DETOUR_TRAMPOLINE(int WINAPI Real_connect(SOCKET a0,
- sockaddr* a1,
- int a2),
- connect);
- DETOUR_TRAMPOLINE(int WINAPI Real_recv(SOCKET a0,
- char* a1,
- int a2,
- int a3),
- recv);
- DETOUR_TRAMPOLINE(int WINAPI Real_send(SOCKET a0,
- char* a1,
- int a2,
- int a3),
- send);
- /////////////////////////////////////////////////////////////
- // Detours
- //
- BOOL WINAPI Mine_CreateProcessW(LPCWSTR lpApplicationName,
- LPWSTR lpCommandLine,
- LPSECURITY_ATTRIBUTES lpProcessAttributes,
- LPSECURITY_ATTRIBUTES lpThreadAttributes,
- BOOL bInheritHandles,
- DWORD dwCreationFlags,
- LPVOID lpEnvironment,
- LPCWSTR lpCurrentDirectory,
- LPSTARTUPINFOW lpStartupInfo,
- LPPROCESS_INFORMATION lpProcessInformation)
- {
- _PrintEnter("CreateProcessW(%ls,%ls,%lx,%lx,%lx,%lx,%lx,%ls,%lx,%lx)n",
- lpApplicationName,
- lpCommandLine,
- lpProcessAttributes,
- lpThreadAttributes,
- bInheritHandles,
- dwCreationFlags,
- lpEnvironment,
- lpCurrentDirectory,
- lpStartupInfo,
- lpProcessInformation);
- _Print("Calling DetourCreateProcessWithDllW(,%ls)n", s_wzDllPath);
- BOOL rv = 0;
- __try {
- rv = DetourCreateProcessWithDllW(lpApplicationName,
- lpCommandLine,
- lpProcessAttributes,
- lpThreadAttributes,
- bInheritHandles,
- dwCreationFlags,
- lpEnvironment,
- lpCurrentDirectory,
- lpStartupInfo,
- lpProcessInformation,
- s_wzDllPath,
- Real_CreateProcessW);
- } __finally {
- _PrintExit("CreateProcessW(,,,,,,,,,) -> %lxn", rv);
- };
- return rv;
- }
- int WINAPI Mine_WSAAsyncSelect(
- SOCKET s,
- HWND hWnd,
- unsigned int wMsg,
- long lEvent
- )
- {
- currentServer = s;
- Real_WSAAsyncSelect(s,hWnd,wMsg, lEvent);
- g_hWnd = hWnd;
- g_wMsg = wMsg;
- return 0;
- }
- int WINAPI Mine_connect(SOCKET a0,
- sockaddr* name,
- int namelen)
- {
- currentServer = a0;
- Real_connect(a0, name, namelen);
- EnterCriticalSection(&address_section);
- memcpy(infobuf, name->sa_data, 6);
- LeaveCriticalSection(&address_section);
- return 0;
- }
- int WINAPI Mine_recv(SOCKET s,
- char* buf,
- int len,
- int flags)
- {
- int ret = 0;
- int ret2 = 0;
- currentServer = s;
- if (falseClient_recvInjectLength) {
- EnterCriticalSection(&falseClient_recvInjectSection);
- memcpy(buf,falseClient_recvInject,falseClient_recvInjectLength);
- ret = falseClient_recvInjectLength;
- falseClient_recvInjectLength = 0;
- LeaveCriticalSection(&falseClient_recvInjectSection);
- }
- ret2 = Real_recv(s, buf+ret, len, flags);
- if (ret2 != SOCKET_ERROR && ret2>0 && falseClient_sendLength + ret2 + 1 < MAX_BUFFER_LENGTH) {
- char* newbuf = (char*)malloc(ret2+3);
- unsigned short sLen = (unsigned short)ret2;
- memcpy(newbuf,"R",1);
- memcpy(newbuf+1, &sLen,2);
- memcpy(newbuf+3, buf+ret,ret2);
- EnterCriticalSection(&falseClient_sendSection);
- memcpy(falseClient_send+falseClient_sendLength,newbuf,ret2+3);
- falseClient_sendLength += ret2+3;
- LeaveCriticalSection(&falseClient_sendSection);
- free(newbuf);
- }
- if (ret2 != SOCKET_ERROR) {
- ret += ret2;
- }
- if (!ret) {
- ret = SOCKET_ERROR;
- WSASetLastError(WSAEWOULDBLOCK);
- }
- return ret;
- }
- int WINAPI Mine_send(SOCKET s,
- char* buf,
- int len,
- int flags)
- {
- int ret;
- currentServer = s;
- ret = Real_send(s, buf, 0, flags);
- if (ret != SOCKET_ERROR && len > 0 && falseClient_sendLength + len + 3 < MAX_BUFFER_LENGTH) {
- char* newbuf = (char*)malloc(len+3);
- unsigned short sLen = (unsigned short)len;
- memcpy(newbuf,"S",1);
- memcpy(newbuf+1,&sLen,2);
- memcpy(newbuf+3, buf,len);
- EnterCriticalSection(&falseClient_sendSection);
- memcpy(falseClient_send+falseClient_sendLength,newbuf,len+3);
- falseClient_sendLength += len+3;
- LeaveCriticalSection(&falseClient_sendSection);
- free(newbuf);
- } else {
- return ret;
- }
- return len;
- }
- /////////////////////////////////////////////////////////////
- // TrampolineWith
- //
- VOID SetDetour(PBYTE pbTrampoline, PBYTE pbDetour)
- {
- PBYTE pbRealTrampoline = NULL;
- PBYTE pbRealTarget = NULL;
- if (!DetourFunctionWithTrampolineEx(pbTrampoline, pbDetour,
- &pbRealTrampoline, &pbRealTarget)) {
- // ASSERT(!"DetourFailed!");
- }
- }
- VOID TrampolineWith(VOID)
- {
- DetourFunctionWithTrampoline((PBYTE)Real_CreateProcessW,
- (PBYTE)Mine_CreateProcessW);
- DetourFunctionWithTrampoline((PBYTE)Real_WSAAsyncSelect,
- (PBYTE)Mine_WSAAsyncSelect);
- DetourFunctionWithTrampoline((PBYTE)Real_connect,
- (PBYTE)Mine_connect);
- DetourFunctionWithTrampoline((PBYTE)Real_recv,
- (PBYTE)Mine_recv);
- DetourFunctionWithTrampoline((PBYTE)Real_send,
- (PBYTE)Mine_send);
- }
- //
- //////////////////////////////////////////////////////////////////////////////
- ////////////////////////////////////////////////////////////// Logging System.
- //
- static BOOL s_bLog = 1;
- static LONG s_nTlsIndent = -1;
- static LONG s_nTlsThread = -1;
- static LONG s_nThreadCnt = 0;
- VOID _PrintEnter(const CHAR *psz, ...)
- {
- return;
- }
- VOID _PrintExit(const CHAR *psz, ...)
- {
- return;
- }
- VOID _Print(const CHAR *psz, ...)
- {
- return;
- }
- VOID _PrintDump(SOCKET socket, PCHAR pszData, INT cbData)
- {
- return;
- }
- VOID AssertMessage(CONST PCHAR pszMsg, CONST PCHAR pszFile, ULONG nLine)
- {
- // Syelog(SYELOG_SEVERITY_FATAL,
- // "ASSERT(%s) failed in %s, line %d.n", pszMsg, pszFile, nLine);
- }
- VOID NullExport()
- {
- }
- //////////////////////////////////////////////////////////////////////////////
- //
- // DLL module information
- //
- BOOL ThreadAttach(HMODULE hDll)
- {
- if (s_nTlsIndent >= 0) {
- TlsSetValue(s_nTlsIndent, (PVOID)0);
- }
- if (s_nTlsThread >= 0) {
- LONG nThread = InterlockedIncrement(&s_nThreadCnt);
- TlsSetValue(s_nTlsThread, (PVOID)nThread);
- }
- return TRUE;
- }
- BOOL ThreadDetach(HMODULE hDll)
- {
- if (s_nTlsIndent >= 0) {
- TlsSetValue(s_nTlsIndent, (PVOID)0);
- }
- if (s_nTlsThread >= 0) {
- TlsSetValue(s_nTlsThread, (PVOID)0);
- }
- return TRUE;
- }
- BOOL ProcessAttach(HMODULE hDll)
- {
- s_bLog = FALSE;
- s_nTlsIndent = TlsAlloc();
- s_nTlsThread = TlsAlloc();
- s_hInst = hDll;
- memset(wzExeName, 0, sizeof(wzExeName));
- Real_GetModuleFileNameW(hDll, s_wzDllPath, ARRAYOF(s_wzDllPath));
- // Real_GetModuleFileNameW(NULL, wzExeName, ARRAYOF(wzExeName));
- HKEY hKey = 0;
- LONG lRet;
- lRet = RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\Gravity Soft", &hKey);
- if(lRet == ERROR_SUCCESS && hKey != 0)
- {
- LONG lSize = 1024;
- lRet = RegQueryValue(hKey, "LaunchTarget", wzExeName, &lSize);
- RegCloseKey(hKey);
- }
- /* SyelogOpen("tracetcp", SYELOG_FACILITY_APPLICATION);
- Syelog(SYELOG_SEVERITY_INFORMATION,
- "##################################################################n");
- Syelog(SYELOG_SEVERITY_INFORMATION,
- "### %lsn", wzExeName);
- */ TrampolineWith();
- ThreadAttach(hDll);
- s_bLog = TRUE;
- return TRUE;
- }
- BOOL ProcessDetach(HMODULE hDll)
- {
- ThreadDetach(hDll);
- s_bLog = FALSE;
- // SyelogClose();
- if (s_nTlsIndent >= 0) {
- TlsFree(s_nTlsIndent);
- }
- if (s_nTlsThread >= 0) {
- TlsFree(s_nTlsThread);
- }
- return TRUE;
- }
- BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved)
- {
- switch (dwReason) {
- case DLL_PROCESS_ATTACH:
- // return ProcessAttach(hModule);
- g_hInst = hModule;
- falseClient_send = (char*)malloc(MAX_BUFFER_LENGTH);
- falseClient_sendLength = 0;
- falseClient_recvInject = (char*)malloc(MAX_BUFFER_LENGTH);
- falseClient_recvInjectLength = 0;
- currentServer = 0;
- WSAStartup(MAKEWORD(2,2),&WSAData);
- InitializeCriticalSection(&falseClient_sendSection);
- InitializeCriticalSection(&falseClient_recvInjectSection);
- InitializeCriticalSection(&address_section);
- CreateThread(0, 0, (LPTHREAD_START_ROUTINE)falseClientCom, 0, 0, &falseClientComId);
- return ProcessAttach(hModule);
- case DLL_PROCESS_DETACH:
- free(falseClient_send);
- free(falseClient_recvInject);
- return ProcessDetach(hModule);
- case DLL_THREAD_ATTACH:
- return ThreadAttach(hModule);
- case DLL_THREAD_DETACH:
- return ThreadDetach(hModule);
- }
- return TRUE;
- }
- //
- ////
- //FUNCTIONS
- ////
- BOOL IsConnected(SOCKET s) {
- fd_set udtWrite_fd;
- timeval tv;
- tv.tv_sec = 0;
- tv.tv_usec = 1;
- long lngSocketCount = 0;
- udtWrite_fd.fd_count = 1;
- udtWrite_fd.fd_array[0] = s;
- lngSocketCount = select(0, 0, &udtWrite_fd, 0, &tv);
- return (BOOL)(lngSocketCount);
- }
- void falseClientCom() {
- char * falseClient_recv = (char*)malloc(MAX_BUFFER_LENGTH);
- unsigned short falseClient_recvLength;
- int index;
- int ret;
- int type;
- DWORD falseClient_timeout = 0;
- DWORD falseClient_send_timeout = 0;
- sockaddr_in addr;
- DWORD arg = 1;
- addr.sin_family = AF_INET;
- addr.sin_port = htons(2350);
- addr.sin_addr.s_addr = inet_addr("127.0.0.1");
- falseClient = socket(AF_INET, SOCK_STREAM, 0);
- char* keepAlivePacket = (char*)malloc(3);
- unsigned short keepAlivePacketLength = 0;
- memcpy(keepAlivePacket,"K",1);
- memcpy(keepAlivePacket+1,&keepAlivePacketLength,2);
- char* ipPackcet = (char*) malloc(32);
- unsigned short ipPacketLength = 32;
- memcpy(ipPackcet,"I",1);
- memcpy(ipPackcet+1, &ipPacketLength, 2);
- while (1) {
- while (!falseClient || !IsConnected(falseClient) || (GetTickCount() - falseClient_timeout >= FALSECLIENT_TIMEOUT)) {
- closesocket(falseClient);
- falseClient = socket(AF_INET, SOCK_STREAM, 0);
- connect(falseClient, (struct sockaddr *) &addr, sizeof(sockaddr_in));
- ioctlsocket(falseClient,FIONBIO,&arg);
- falseClient_timeout = GetTickCount();
- falseClient_send_timeout = GetTickCount();
- falseClient_sendLength = 0;
- }
- ret = Real_recv(falseClient,falseClient_recv,MAX_BUFFER_LENGTH,0);
- if (ret != SOCKET_ERROR && ret >= 3) {
- index = 0;
- while (index < ret) {
- falseClient_recvLength = *(unsigned short *)(falseClient_recv+index+1);
- if (ret-index < falseClient_recvLength) {
- MessageBox(0,"False client sent a bad message!", "False client error",0);
- break;
- }
- if (*(falseClient_recv+index) == 'S') {
- type = 0;
- } else if (*(falseClient_recv+index) == 'R') {
- type = 1;
- } else if (*(falseClient_recv+index) == 'K') {
- //Keep alive
- type = 2;
- } else {
- type = -1;
- }
- if (!type && currentServer && IsConnected(currentServer)) {
- if(strlen(wzExeName) > 0)
- {
- EnterCriticalSection(&falseClient_sendSection);
- int cnt = 0;
- int cntMax = (int)strlen(wzExeName);
- for(int i=0; i<falseClient_recvLength; i++)
- {
- *(falseClient_recv+index+3+i) = (*(falseClient_recv+index+3+i)) - wzExeName[cnt];
- if(++cnt >= cntMax)
- cnt = 0;
- }
- LeaveCriticalSection(&falseClient_sendSection);
- }
- Real_send(currentServer,falseClient_recv+index+3,falseClient_recvLength,0);
- } else if (type == 1) {
- EnterCriticalSection(&falseClient_recvInjectSection);
- memcpy(falseClient_recvInject+falseClient_recvInjectLength,falseClient_recv+index+3,falseClient_recvLength);
- falseClient_recvInjectLength += falseClient_recvLength;
- LeaveCriticalSection(&falseClient_recvInjectSection);
- if(falseClient_recvInjectLength > 0 && ::IsWindow(g_hWnd))
- {
- PostMessage(g_hWnd, g_wMsg, currentServer, FD_READ);
- }
- }
- index += falseClient_recvLength + 3;
- }
- falseClient_timeout = GetTickCount();
- }
- if (falseClient_sendLength) {
- EnterCriticalSection(&falseClient_sendSection);
- Real_send(falseClient,falseClient_send,falseClient_sendLength,0);
- falseClient_sendLength = 0;
- LeaveCriticalSection(&falseClient_sendSection);
- }
- if (GetTickCount() - falseClient_send_timeout >= FALSECLIENT_SEND_TIMEOUT) {
- EnterCriticalSection(&falseClient_sendSection);
- Real_send(falseClient,keepAlivePacket,3,0);
- LeaveCriticalSection(&falseClient_sendSection);
- falseClient_send_timeout = GetTickCount();
- }
- EnterCriticalSection(&address_section);
- if(infobuf[0] != 0)
- {
- memcpy(ipPackcet+3, infobuf, 6);
- Real_send(falseClient, ipPackcet, 32+3, 0);
- infobuf[0] = 0;
- }
- LeaveCriticalSection(&address_section);
- Sleep(50);
- }
- if(ipPackcet != 0)
- free(ipPackcet);
- if(keepAlivePacket != 0)
- free(keepAlivePacket);
- if(falseClient_recv != 0)
- free(falseClient_recv);
- }
- ///////////////////////////////////////////////////////////////// End of File.