notmike101 · November 10, 2015 19:49
diff --git a/patch.cpp b/patch.cpp
 /*
    HeroHacks Loader Patch

    Patches the HeroHacks loader using detours on the winsock functions
    send and recv in order to fake the correct response, allowing for
    full use of the hack.

    Written by _DeNy.
    Time: 5 hours (Mostly due to lazyness and working on this off-and-on)
    Date: 3/16/2013
    
    DLL MUST be injected AFTER the loader is already running.  Do NOT attempt to
    use the loader before you inject the patch, otherwise it will not work.

    Compiled in Visual Studio 2012.
    
    Video demonstration: http://www.youtube.com/watch?v=0952e1onrhw
 */

 #include <windows.h>
 #include <stdio.h>
 #include <time.h>
 #include <iostream>

 #include <WinSock.h>
 #include "detours/detours.h"

 #pragma comment(lib,"ws2_32.lib")
 #pragma comment(lib,"detours.lib")
 #pragma comment(lib,"User32.lib")

 // Global Stuff
 BOOL hCheckingHwid = FALSE;
 BOOL hGettingIP = FALSE;
 BOOL hHooked = FALSE;

 // Functions to be Hooked/Detoured
 int (WINAPI *Real_send)(SOCKET a0, const char* a1, int a2, int a3) = send;
 int (WINAPI *Real_recv)(SOCKET a0, char* a1, int a2, int a3) = recv;

 // Functions to replace hooked/detoured functions
 int (WINAPI New_Send)( SOCKET s, const char* buf, int len, int flags );
 int (WINAPI New_Recv)( SOCKET s, char *buf, int len, int flags );

 // Entry Point
 // Just setting up everything
 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason,LPVOID lpReserved) {
    if (dwReason == DLL_PROCESS_ATTACH && hHooked == false) {
        hHooked = true;
        
        MessageBox(NULL, "\x48\x65\x72\x6f\x48\x61\x63\x6b\x73\x20\x6c\x6f\x61\x64\x65\x72\x20\x70\x61\x74\x63\x68\x65\x64\x20\x62\x79\x20\x5f\x44\x65\x4e\x79\x2e", "HH Patcher", MB_OK);

        DisableThreadLibraryCalls(hinstDLL);
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)Real_send,New_Send);
        if(DetourTransactionCommit() != NO_ERROR) {
            MessageBox(NULL, "An error occured.  Please report x01 to _DeNy","HH Patcher",MB_OK);
        }

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)Real_recv,New_Recv);
        if(DetourTransactionCommit() != NO_ERROR) {
            MessageBox(NULL, "An error occured.  Please report x02 to _DeNy","HH Patcher", MB_OK);
        }
    }

    return true;
 }


 // Replacement for socket send
 int (WINAPI New_Send)(SOCKET s, const char *buf, int len, int flags) {
    // If the application is attetmpting to verify the user, set hCheckingHwid to true for future use
    if(strstr(buf, "\x73\x65\x72\x76\x65\x72\x63\x68\x65\x63\x6b\x2f\x56\x65\x72\x6f\x6e\x69\x63\x61\x2e\x70\x68\x70") != NULL) {
        hCheckingHwid = TRUE;

        return len;
    }
    // If the application is attetmpting to get the user's IP, set hGettingIP to true for future use.
    if(strstr(buf, "\x2f\x69\x70\x2f") != NULL) {
        hGettingIP = TRUE;

        return len;
    }

    // Everything else can pass through normally.
    return Real_send(s, buf, len, flags);
 }

 // Replacement for socket recieve
 int (WINAPI New_Recv)(SOCKET s, char *buf, int len, int flags) {
    // If the application is attempting to verify the user, we are going to send the information
    // that it expects to be returned instead of the invalid user information.
    if(hCheckingHwid) {
        hCheckingHwid = false;
        sprintf(buf, "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\r\n"
                      "\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\r\n"
                      "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\r\n"
                      "\r\n"
                      "1");
        return (int)strlen(buf);
    }

    // If the application is attempting to get the user's IP, return the string "No.IP.4.U"
    // We are doing this because they log IPs through their authentication script, so they will see No.IP.4.U.
    if(hGettingIP) {
        hGettingIP = false;

        sprintf(buf, "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\r\n"
                      "\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\r\n"
                      "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\r\n"
                      "\r\n"
                      "No.IP.4.U");
        return (int)strlen(buf);
    }

    // All other requests pass through normally.
    return Real_recv(s, buf, len, flags);
 }
	/*
	HeroHacks Loader Patch

	Patches the HeroHacks loader using detours on the winsock functions
	send and recv in order to fake the correct response, allowing for
	full use of the hack.

	Written by _DeNy.
	Time: 5 hours (Mostly due to lazyness and working on this off-and-on)
	Date: 3/16/2013

	DLL MUST be injected AFTER the loader is already running. Do NOT attempt to
	use the loader before you inject the patch, otherwise it will not work.

	Compiled in Visual Studio 2012.

	Video demonstration: http://www.youtube.com/watch?v=0952e1onrhw
	*/

	#include <windows.h>
	#include <stdio.h>
	#include <time.h>
	#include <iostream>

	#include <WinSock.h>
	#include "detours/detours.h"

	#pragma comment(lib,"ws2_32.lib")
	#pragma comment(lib,"detours.lib")
	#pragma comment(lib,"User32.lib")

	// Global Stuff
	BOOL hCheckingHwid = FALSE;
	BOOL hGettingIP = FALSE;
	BOOL hHooked = FALSE;

	// Functions to be Hooked/Detoured
	int (WINAPI Real_send)(SOCKET a0, const char a1, int a2, int a3) = send;
	int (WINAPI Real_recv)(SOCKET a0, char a1, int a2, int a3) = recv;

	// Functions to replace hooked/detoured functions
	int (WINAPI New_Send)( SOCKET s, const char* buf, int len, int flags );
	int (WINAPI New_Recv)( SOCKET s, char *buf, int len, int flags );

	// Entry Point
	// Just setting up everything
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason,LPVOID lpReserved) {
	if (dwReason == DLL_PROCESS_ATTACH && hHooked == false) {
	hHooked = true;

	MessageBox(NULL, "\x48\x65\x72\x6f\x48\x61\x63\x6b\x73\x20\x6c\x6f\x61\x64\x65\x72\x20\x70\x61\x74\x63\x68\x65\x64\x20\x62\x79\x20\x5f\x44\x65\x4e\x79\x2e", "HH Patcher", MB_OK);

	DisableThreadLibraryCalls(hinstDLL);
	DetourTransactionBegin();
	DetourUpdateThread(GetCurrentThread());
	DetourAttach(&(PVOID&)Real_send,New_Send);
	if(DetourTransactionCommit() != NO_ERROR) {
	MessageBox(NULL, "An error occured. Please report x01 to _DeNy","HH Patcher",MB_OK);
	}

	DetourTransactionBegin();
	DetourUpdateThread(GetCurrentThread());
	DetourAttach(&(PVOID&)Real_recv,New_Recv);
	if(DetourTransactionCommit() != NO_ERROR) {
	MessageBox(NULL, "An error occured. Please report x02 to _DeNy","HH Patcher", MB_OK);
	}
	}

	return true;
	}


	// Replacement for socket send
	int (WINAPI New_Send)(SOCKET s, const char *buf, int len, int flags) {
	// If the application is attetmpting to verify the user, set hCheckingHwid to true for future use
	if(strstr(buf, "\x73\x65\x72\x76\x65\x72\x63\x68\x65\x63\x6b\x2f\x56\x65\x72\x6f\x6e\x69\x63\x61\x2e\x70\x68\x70") != NULL) {
	hCheckingHwid = TRUE;

	return len;
	}
	// If the application is attetmpting to get the user's IP, set hGettingIP to true for future use.
	if(strstr(buf, "\x2f\x69\x70\x2f") != NULL) {
	hGettingIP = TRUE;

	return len;
	}

	// Everything else can pass through normally.
	return Real_send(s, buf, len, flags);
	}

	// Replacement for socket recieve
	int (WINAPI New_Recv)(SOCKET s, char *buf, int len, int flags) {
	// If the application is attempting to verify the user, we are going to send the information
	// that it expects to be returned instead of the invalid user information.
	if(hCheckingHwid) {
	hCheckingHwid = false;
	sprintf(buf, "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\r\n"
	"\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\r\n"
	"\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\r\n"
	"\r\n"
	"1");
	return (int)strlen(buf);
	}

	// If the application is attempting to get the user's IP, return the string "No.IP.4.U"
	// We are doing this because they log IPs through their authentication script, so they will see No.IP.4.U.
	if(hGettingIP) {
	hGettingIP = false;

	sprintf(buf, "\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\r\n"
	"\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\r\n"
	"\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\r\n"
	"\r\n"
	"No.IP.4.U");
	return (int)strlen(buf);
	}

	// All other requests pass through normally.
	return Real_recv(s, buf, len, flags);
	}