Created
November 6, 2019 16:28
-
-
Save ivanvza/d808adbac2261c37dfda01c15ce02a89 to your computer and use it in GitHub Desktop.
DLL to capture&save proc send recv via detours
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <fstream> // Required to output logs to files | |
| #include <iomanip> // Required to display the hex properly | |
| #include "detours.h" // Version 3.0 use for this hook. Be sure to include the library and includes to your project in visual studio | |
| // Detours: https://www.microsoft.com/en-us/research/project/detours/ | |
| #pragma comment(lib,"detours.lib") // Need to include this so we can use Detours | |
| #pragma comment(lib,"ws2_32.lib") // Required to hook Send and Recv since they both reside in this library | |
| // All credits to: | |
| // https://guidedhacking.com/threads/packet-logger-hook-send-and-recv-and-dump-the-packets-to-text-files.9455/ | |
| extern "C" { // Pointers to the original functions | |
| int (WINAPI *originalSend)(SOCKET s, const char* buf, int len, int flags) = send; // https://msdn.microsoft.com/en-us/library/windows/desktop/ms740149(v=vs.85).aspx | |
| int (WINAPI *originalRecv)(SOCKET s, char* buf, int len, int flags) = recv; // https://msdn.microsoft.com/en-us/library/windows/desktop/ms740121(v=vs.85).aspx | |
| } | |
| HMODULE hModule; | |
| std::ofstream sendLog; | |
| std::ofstream recvLog; | |
| int WINAPI newSend(SOCKET s, char* buf, int len, int flags) // Dumps each buffer to a new line in the "send.txt" file in the games directory | |
| { | |
| sendLog.open("send.txt", std::ios::app); // Opens a handle to the send file | |
| for (int i = 0; i < len; i++) { // For each byte: | |
| sendLog << std::hex << std::setfill('0') << std::setw(2) << (unsigned int)(unsigned char)buf[i] << " "; // Log the hex of the byte with a width of 2 (leading 0 added if necessary) and a space after to separate bytes | |
| } | |
| sendLog << std::endl; // Add a newline to the text file, indicating the end of this request | |
| sendLog.close(); // Close the text file | |
| return originalSend(s, buf, len, flags); // Send the buffer to the original send function | |
| } | |
| int WINAPI newRecv(SOCKET s, char* buf, int len, int flags) // Dumps each buffer to a new line in the "recv.txt" file in the games directory | |
| { | |
| len = originalRecv(s, buf, len, flags); // Send the request with a pointer to the buffer for recv to store the response | |
| recvLog.open("recv.txt", std::ios::app); // Opens a handle to the recv file | |
| for (int i = 0; i < len; i++) { // For each byte in the response: | |
| recvLog << std::hex << std::setfill('0') << std::setw(2) << (unsigned int)buf[i] << " "; // Log the hex of the byte with a width of 2 (leading 0 added if necessary) and a space after to separate bytes | |
| } | |
| recvLog << std::endl; // Add a newline to the text file, indicating the end of this request | |
| recvLog.close(); // Close the text file | |
| return len; // Returns the output from the original recv call | |
| } | |
| void hook() { // Basic detours | |
| DisableThreadLibraryCalls(hModule); | |
| DetourTransactionBegin(); | |
| DetourUpdateThread(GetCurrentThread()); | |
| DetourAttach(&(PVOID&)originalSend, newSend); | |
| DetourAttach(&(PVOID&)originalRecv, newRecv); | |
| DetourTransactionCommit(); | |
| } | |
| BOOL APIENTRY DllMain(HMODULE hModule, DWORD Reason, LPVOID reserved) | |
| { | |
| switch (Reason) | |
| { | |
| case DLL_PROCESS_ATTACH: | |
| CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)hook, NULL, 0, NULL); | |
| break; | |
| case DLL_PROCESS_DETACH: | |
| break; | |
| } | |
| return TRUE; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment