Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Peacoor Zomboss
miscellaneous
提交
069bf373
M
miscellaneous
项目概览
Peacoor Zomboss
/
miscellaneous
通知
152
Star
9
Fork
18
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
2
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
M
miscellaneous
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
2
Issue
2
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
069bf373
编写于
2月 01, 2023
作者:
Peacoor Zomboss
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement the hookdll and injector for x86/x64
上级
9206867c
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
230 addition
and
4 deletion
+230
-4
230130-hookgamesendto/bin/Readme.txt
230130-hookgamesendto/bin/Readme.txt
+1
-0
230130-hookgamesendto/hookdll/Makefile
230130-hookgamesendto/hookdll/Makefile
+35
-0
230130-hookgamesendto/hookdll/hookdll.cpp
230130-hookgamesendto/hookdll/hookdll.cpp
+1
-3
230130-hookgamesendto/inc/fksendto.h
230130-hookgamesendto/inc/fksendto.h
+0
-1
230130-hookgamesendto/inc/inject.h
230130-hookgamesendto/inc/inject.h
+5
-0
230130-hookgamesendto/injector/Makefile
230130-hookgamesendto/injector/Makefile
+34
-0
230130-hookgamesendto/injector/injector.cpp
230130-hookgamesendto/injector/injector.cpp
+102
-0
230130-hookgamesendto/src/fksendto.cpp
230130-hookgamesendto/src/fksendto.cpp
+1
-0
230130-hookgamesendto/src/inject.cpp
230130-hookgamesendto/src/inject.cpp
+51
-0
未找到文件。
230130-hookgamesendto/bin/Readme.txt
0 → 100644
浏览文件 @
069bf373
编译输出的二进制文件
\ No newline at end of file
230130-hookgamesendto/hookdll/Makefile
0 → 100644
浏览文件 @
069bf373
vpath
%.cpp
../src
cxx
=
g++
cxxflags
=
-c
-O1
-I
../inc
linkflags
=
-shared
-l
ws2_32
cxx32prefix
=
i686-w64-mingw32-
cxx64prefix
=
x86_64-w64-mingw32-
objdir
=
./obj/
bindir
=
../bin/
src
=
hookdll.cpp fksendto.cpp inlinehook.cpp sockqueue.cpp
obj32
=
$(
patsubst
%.cpp,
$(objdir)
%_32.o,
$(src)
)
obj64
=
$(
patsubst
%.cpp,
$(objdir)
%_64.o,
$(src)
)
target32
=
$(bindir)
hookdll32.dll
target64
=
$(bindir)
hookdll64.dll
all
:
check $(target32) $(target64)
$(target32)
:
$(obj32)
$(cxx32prefix)$(cxx)
-o
$@
$^
$(linkflags)
$(target64)
:
$(obj64)
$(cxx64prefix)$(cxx)
-o
$@
$^
$(linkflags)
$(objdir)%_32.o
:
%.cpp
$(cxx32prefix)$(cxx)
$(cxxflags)
-o
$@
$<
$(objdir)%_64.o
:
%.cpp
$(cxx64prefix)$(cxx)
$(cxxflags)
-o
$@
$<
.PHONY
:
check clean
check
:
@
if
not exist obj md obj
clean
:
@
if
exist obj del obj
\*
.o
230130-hookgamesendto/
src
/hookdll.cpp
→
230130-hookgamesendto/
hookdll
/hookdll.cpp
浏览文件 @
069bf373
#include <winsock2.h>
#include <windows.h>
#include <windows.h>
#include <vector>
#include "inlinehook.h"
#include "inlinehook.h"
#include "fksendto.h"
#include "fksendto.h"
#ifdef _MSC_VER
#ifdef _MSC_VER
#pragma comment (lib, "ws2_32.lib")
// 比较坑啊,在项目设置里加没用
#pragma comment (lib, "ws2_32.lib")
#endif
#endif
BOOL
APIENTRY
DllMain
(
HINSTANCE
hinstdll
,
DWORD
reason
,
LPVOID
reserved
)
BOOL
APIENTRY
DllMain
(
HINSTANCE
hinstdll
,
DWORD
reason
,
LPVOID
reserved
)
...
...
230130-hookgamesendto/inc/fksendto.h
浏览文件 @
069bf373
#pragma once
#pragma once
#include <winsock2.h>
#include "inlinehook.h"
#include "inlinehook.h"
void
hook_sendto
();
void
hook_sendto
();
...
...
230130-hookgamesendto/inc/inject.h
0 → 100644
浏览文件 @
069bf373
#pragma once
#include <windows.h>
bool
inject_dll
(
DWORD
pid
,
const
char
*
dll_path
);
DWORD
find_pid_by_name
(
const
char
*
name
);
230130-hookgamesendto/injector/Makefile
0 → 100644
浏览文件 @
069bf373
vpath
%.cpp
../src
cxx
=
g++
cxxflags
=
-c
-O1
-I
../inc
cxx32prefix
=
i686-w64-mingw32-
cxx64prefix
=
x86_64-w64-mingw32-
objdir
=
./obj/
bindir
=
../bin/
src
=
injector.cpp inject.cpp
obj32
=
$(
patsubst
%.cpp,
$(objdir)
%_32.o,
$(src)
)
obj64
=
$(
patsubst
%.cpp,
$(objdir)
%_64.o,
$(src)
)
target32
=
$(bindir)
injector32.exe
target64
=
$(bindir)
injector64.exe
all
:
check $(target32) $(target64)
$(target32)
:
$(obj32)
$(cxx32prefix)$(cxx)
-o
$@
$^
$(target64)
:
$(obj64)
$(cxx64prefix)$(cxx)
-o
$@
$^
$(objdir)%_32.o
:
%.cpp
$(cxx32prefix)$(cxx)
$(cxxflags)
-o
$@
$<
$(objdir)%_64.o
:
%.cpp
$(cxx64prefix)$(cxx)
$(cxxflags)
-o
$@
$<
.PHONY
:
check clean
check
:
@
if
not exist obj md obj
clean
:
@
if
exist obj del obj
\*
.o
230130-hookgamesendto/injector/injector.cpp
0 → 100644
浏览文件 @
069bf373
#include "inject.h"
#include "platform.h"
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#ifdef _CPU_X64
#define DLL_NAME "hookdll64.dll"
#endif
#ifdef _CPU_X86
#define DLL_NAME "hookdll32.dll"
#endif
void
write_help
()
{
printf
(
"Usage: injector32/injector64 <option>
\n
"
);
printf
(
"The option can be:
\n
"
);
printf
(
" -h: Show this help
\n
"
);
printf
(
" -i<PID>: Inject to the PID
\n
"
);
printf
(
" -x<EXE>: Inject to the EXE
\n
"
);
printf
(
"
\n
"
);
printf
(
"e.g. injector32 -i123456
\n
"
);
printf
(
" injector64 -xAbc.exe
\n
"
);
exit
(
1
);
}
void
format_error
()
{
printf
(
"Parameter format error
\n
"
);
write_help
();
}
bool
doinject
(
const
char
*
dllpath
,
char
mode
,
const
char
*
param
)
{
if
(
mode
==
'i'
)
{
DWORD
pid
=
atoi
(
param
);
if
(
pid
==
0
)
{
printf
(
"
\"
%s
\"
is not a number
\n
"
,
param
);
return
false
;
}
else
if
(
pid
==
(
DWORD
)
-
1
)
{
printf
(
"
\"
%s
\"
is overflow
\n
"
,
param
);
return
false
;
}
return
inject_dll
(
pid
,
dllpath
);
}
else
if
(
mode
==
'x'
)
{
DWORD
pid
=
find_pid_by_name
(
param
);
if
(
pid
==
0
)
{
printf
(
"Can not find process by
\"
%s
\"\n
"
,
param
);
return
false
;
}
return
inject_dll
(
pid
,
dllpath
);
}
return
false
;
}
int
main
(
int
argc
,
char
*
argv
[])
{
char
dll_path
[
MAX_PATH
];
GetModuleFileNameA
(
NULL
,
dll_path
,
MAX_PATH
);
char
*
pos
=
strrchr
(
dll_path
,
'\\'
);
*
(
pos
+
1
)
=
'\0'
;
strcat
(
pos
,
DLL_NAME
);
FILE
*
fp
=
fopen
(
dll_path
,
"rb"
);
if
(
fp
==
NULL
)
{
printf
(
"Can not find DLL
\"
%s
\"\n
"
,
dll_path
);
exit
(
1
);
}
argc
--
;
argv
++
;
if
(
argc
==
0
)
write_help
();
bool
result
=
false
;
if
(
**
argv
==
'-'
)
{
(
*
argv
)
++
;
switch
(
**
argv
)
{
case
'h'
:
write_help
();
break
;
case
'i'
:
case
'x'
:
{
char
mode
=
**
argv
;
(
*
argv
)
++
;
if
(
**
argv
==
'\0'
)
format_error
();
result
=
doinject
(
dll_path
,
mode
,
*
argv
);
break
;
}
default:
format_error
();
break
;
}
}
else
format_error
();
if
(
result
)
{
printf
(
"Inject OK
\n
"
);
exit
(
0
);
}
else
{
printf
(
"Unknown error
\n
"
);
exit
(
1
);
}
}
230130-hookgamesendto/src/fksendto.cpp
浏览文件 @
069bf373
#include <winsock2.h>
#include "fksendto.h"
#include "fksendto.h"
#include "sockqueue.h"
#include "sockqueue.h"
#include "platform.h"
#include "platform.h"
...
...
230130-hookgamesendto/src/inject.cpp
0 → 100644
浏览文件 @
069bf373
#include <windows.h>
#include <tlhelp32.h>
bool
inject_dll
(
DWORD
pid
,
const
char
*
dll_path
)
{
int
path_len
=
strlen
(
dll_path
)
+
1
;
HANDLE
hproc
=
0
;
LPVOID
pmem
=
NULL
;
HANDLE
hthread
=
0
;
bool
result
=
false
;
hproc
=
OpenProcess
(
PROCESS_ALL_ACCESS
,
FALSE
,
pid
);
// 打开进程
if
(
hproc
==
0
)
goto
finally
;
pmem
=
VirtualAllocEx
(
hproc
,
NULL
,
path_len
,
MEM_COMMIT
,
PAGE_READWRITE
);
// 申请内存
if
(
pmem
==
NULL
)
goto
finally
;
WriteProcessMemory
(
hproc
,
pmem
,
dll_path
,
path_len
,
NULL
);
// 把dll路径写进去
hthread
=
CreateRemoteThread
(
hproc
,
NULL
,
0
,
(
LPTHREAD_START_ROUTINE
)
LoadLibraryA
,
pmem
,
0
,
NULL
);
// 创建远程线程注入
if
(
hthread
==
0
)
goto
finally
;
WaitForSingleObject
(
hthread
,
INFINITE
);
// 等待线程执行
DWORD
threadres
;
GetExitCodeThread
(
hthread
,
&
threadres
);
// 获取返回值
result
=
threadres
!=
0
;
// LoadLibraryA错误返回0
// 安全释放相应资源
finally:
if
(
pmem
)
VirtualFreeEx
(
hproc
,
pmem
,
0
,
MEM_RELEASE
);
if
(
hthread
!=
0
)
CloseHandle
(
hthread
);
if
(
hproc
!=
0
)
CloseHandle
(
hproc
);
return
result
;
}
DWORD
find_pid_by_name
(
const
char
*
name
)
{
HANDLE
procsnapshot
=
CreateToolhelp32Snapshot
(
TH32CS_SNAPPROCESS
,
0
);
PROCESSENTRY32
procentry
;
procentry
.
dwSize
=
sizeof
(
PROCESSENTRY32
);
Process32First
(
procsnapshot
,
&
procentry
);
if
(
strcmp
(
procentry
.
szExeFile
,
name
)
==
0
)
{
CloseHandle
(
procsnapshot
);
return
procentry
.
th32ProcessID
;
}
while
(
Process32Next
(
procsnapshot
,
&
procentry
))
{
if
(
strcmp
(
procentry
.
szExeFile
,
name
)
==
0
)
{
CloseHandle
(
procsnapshot
);
return
procentry
.
th32ProcessID
;
}
}
CloseHandle
(
procsnapshot
);
return
0
;
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录