Implement the hookdll and injector for x86/x64

230130-hookgamesendto/bin/Readme.txt

+编译输出的二进制文件
\ No newline at end of file

230130-hookgamesendto/hookdll/Makefile

+vpath %.cpp ../src
+cxx = g++
+cxxflags = -c -O1 -I ../inc
+linkflags = -shared -l ws2_32
+cxx32prefix = i686-w64-mingw32-
+cxx64prefix = x86_64-w64-mingw32-
+objdir = ./obj/
+bindir = ../bin/
+src = hookdll.cpp fksendto.cpp inlinehook.cpp sockqueue.cpp
+obj32 = $(patsubst %.cpp, $(objdir)%_32.o, $(src))
+obj64 = $(patsubst %.cpp, $(objdir)%_64.o, $(src))
+target32 = $(bindir)hookdll32.dll
+target64 = $(bindir)hookdll64.dll
+
+all: check $(target32) $(target64)
+
+$(target32): $(obj32)
+	$(cxx32prefix)$(cxx) -o $@ $^ $(linkflags)
+
+$(target64): $(obj64)
+	$(cxx64prefix)$(cxx) -o $@ $^ $(linkflags)
+
+$(objdir)%_32.o: %.cpp
+	$(cxx32prefix)$(cxx) $(cxxflags) -o $@ $<
+
+$(objdir)%_64.o: %.cpp
+	$(cxx64prefix)$(cxx) $(cxxflags) -o $@ $<
+
+.PHONY: check clean
+
+check:
+	@ if not exist obj md obj
+
+clean:
+	@ if exist obj del obj\*.o

230130-hookgamesendto/src/hookdll.cpp → 230130-hookgamesendto/hookdll/hookdll.cpp

-#include <winsock2.h>
 #include <windows.h>
-#include <vector>
 #include "inlinehook.h"
 #include "fksendto.h"
 
 #ifdef _MSC_VER
-#pragma comment (lib, "ws2_32.lib") // 比较坑啊，在项目设置里加没用
+#pragma comment (lib, "ws2_32.lib")
 #endif
 
 BOOL APIENTRY DllMain(HINSTANCE hinstdll, DWORD reason, LPVOID reserved)

230130-hookgamesendto/inc/fksendto.h

 #pragma once
 
-#include <winsock2.h>
 #include "inlinehook.h"
 
 void hook_sendto();

230130-hookgamesendto/inc/inject.h

+#pragma once
+#include <windows.h>
+
+bool inject_dll(DWORD pid, const char *dll_path);
+DWORD find_pid_by_name(const char *name);

230130-hookgamesendto/injector/Makefile

+vpath %.cpp ../src
+cxx = g++
+cxxflags = -c -O1 -I ../inc
+cxx32prefix = i686-w64-mingw32-
+cxx64prefix = x86_64-w64-mingw32-
+objdir = ./obj/
+bindir = ../bin/
+src = injector.cpp inject.cpp
+obj32 = $(patsubst %.cpp, $(objdir)%_32.o, $(src))
+obj64 = $(patsubst %.cpp, $(objdir)%_64.o, $(src))
+target32 = $(bindir)injector32.exe
+target64 = $(bindir)injector64.exe
+
+all: check $(target32) $(target64)
+
+$(target32): $(obj32)
+	$(cxx32prefix)$(cxx) -o $@ $^
+
+$(target64): $(obj64)
+	$(cxx64prefix)$(cxx) -o $@ $^
+
+$(objdir)%_32.o: %.cpp
+	$(cxx32prefix)$(cxx) $(cxxflags) -o $@ $<
+
+$(objdir)%_64.o: %.cpp
+	$(cxx64prefix)$(cxx) $(cxxflags) -o $@ $<
+
+.PHONY: check clean
+
+check:
+	@ if not exist obj md obj
+
+clean:
+	@ if exist obj del obj\*.o

230130-hookgamesendto/injector/injector.cpp

+#include "inject.h"
+#include "platform.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <windows.h>
+
+#ifdef _CPU_X64
+#define DLL_NAME "hookdll64.dll"
+#endif
+#ifdef _CPU_X86
+#define DLL_NAME "hookdll32.dll"
+#endif
+
+void write_help()
+{
+    printf("Usage: injector32/injector64 <option>\n");
+    printf("The option can be:\n");
+    printf("  -h:         Show this help\n");
+    printf("  -i<PID>:    Inject to the PID\n");
+    printf("  -x<EXE>:    Inject to the EXE\n");
+    printf("\n");
+    printf("e.g. injector32 -i123456\n");
+    printf("     injector64 -xAbc.exe\n");
+    exit(1);
+}
+
+void format_error()
+{
+    printf("Parameter format error\n");
+    write_help();
+}
+
+bool doinject(const char *dllpath, char mode, const char *param)
+{
+    if (mode == 'i') {
+        DWORD pid = atoi(param);
+        if (pid == 0) {
+            printf("\"%s\" is not a number\n", param);
+            return false;
+        }
+        else if (pid == (DWORD)-1) {
+            printf("\"%s\" is overflow\n", param);
+            return false;
+        }
+        return inject_dll(pid, dllpath);
+    }
+    else if (mode == 'x') {
+        DWORD pid = find_pid_by_name(param);
+        if (pid == 0) {
+            printf("Can not find process by \"%s\"\n", param);
+            return false;
+        }
+        return inject_dll(pid, dllpath);
+    }
+    return false;
+}
+
+int main(int argc, char *argv[])
+{
+    char dll_path[MAX_PATH];
+    GetModuleFileNameA(NULL, dll_path, MAX_PATH);
+    char *pos = strrchr(dll_path, '\\');
+    *(pos + 1) = '\0';
+    strcat(pos, DLL_NAME);
+    FILE *fp = fopen(dll_path, "rb");
+    if (fp == NULL) {
+        printf("Can not find DLL \"%s\"\n", dll_path);
+        exit(1);
+    }
+    argc--;
+    argv++;
+    if (argc == 0)
+        write_help();
+    bool result = false;
+    if (**argv == '-') {
+        (*argv)++;
+        switch (**argv) {
+            case 'h': write_help(); break;
+            case 'i':
+            case 'x':
+            {
+                char mode = **argv;
+                (*argv)++;
+                if (**argv == '\0')
+                    format_error();
+                result = doinject(dll_path, mode, *argv);
+                break;
+            }
+            default: format_error(); break;
+        }
+    }
+    else
+        format_error();
+    if (result) {
+        printf("Inject OK\n");
+        exit(0);
+    }
+    else {
+        printf("Unknown error\n");
+        exit(1);
+    }
+}

230130-hookgamesendto/src/fksendto.cpp

+#include <winsock2.h>
 #include "fksendto.h"
 #include "sockqueue.h"
 #include "platform.h"

230130-hookgamesendto/src/inject.cpp

+#include <windows.h>
+#include <tlhelp32.h>
+
+bool inject_dll(DWORD pid, const char *dll_path)
+{
+    int path_len = strlen(dll_path) + 1;
+    HANDLE hproc = 0;
+    LPVOID pmem = NULL;
+    HANDLE hthread = 0;
+    bool result = false;
+    hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); // 打开进程
+    if (hproc == 0) goto finally;
+    pmem = VirtualAllocEx(hproc, NULL, path_len, MEM_COMMIT, PAGE_READWRITE); // 申请内存
+    if (pmem == NULL) goto finally;
+    WriteProcessMemory(hproc, pmem, dll_path, path_len, NULL); // 把dll路径写进去
+    hthread = CreateRemoteThread(hproc, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, pmem, 0, NULL); // 创建远程线程注入
+    if (hthread == 0) goto finally;
+    WaitForSingleObject(hthread, INFINITE); // 等待线程执行
+    DWORD threadres;
+    GetExitCodeThread(hthread, &threadres); // 获取返回值
+    result = threadres != 0; // LoadLibraryA错误返回0
+    // 安全释放相应资源
+    finally:
+    if (pmem)
+        VirtualFreeEx(hproc, pmem, 0, MEM_RELEASE);
+    if (hthread != 0)
+        CloseHandle(hthread);
+    if (hproc != 0)
+        CloseHandle(hproc);
+    return result;
+}
+
+DWORD find_pid_by_name(const char *name)
+{
+    HANDLE procsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    PROCESSENTRY32 procentry;
+    procentry.dwSize = sizeof(PROCESSENTRY32);
+    Process32First(procsnapshot, &procentry);
+    if (strcmp(procentry.szExeFile, name) == 0) {
+        CloseHandle(procsnapshot);
+        return procentry.th32ProcessID;
+    }
+    while (Process32Next(procsnapshot, &procentry)) {
+        if (strcmp(procentry.szExeFile, name) == 0) {
+            CloseHandle(procsnapshot);
+            return procentry.th32ProcessID;
+        }
+    }
+    CloseHandle(procsnapshot);
+    return 0;
+}