1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
|
#include <stdio.h>
#include <stdlib.h>
#include <Winsock.h>
#pragma comment (lib,"ws2_32.lib")
typedef int (*WINAPI oldsend)(SOCKET s,const char* buf,int len,int flags);
BYTE hook[6];
void ApiHook(LPSTR Module,LPCSTR OldFunc,LPVOID NewFunc, unsigned char *backup)
{
DWORD dwProtect;
HINSTANCE hLib = LoadLibrary(Module);
DWORD OldFuncAddr = (DWORD)GetProcAddress(hLib, OldFunc);
DWORD NewFuncAddr = (DWORD)NewFunc;
BYTE jmp[6] = {0xE9,0x00,0x00,0x00,0x00,0xC3};
DWORD jmpAddr = (NewFuncAddr - OldFuncAddr) - 5;
memcpy(&jmp[1],&jmpAddr,4);
VirtualProtect((LPVOID)OldFuncAddr,6,PAGE_EXECUTE_READWRITE,&dwProtect);
WriteProcessMemory(GetCurrentProcess(),(LPVOID)OldFuncAddr,jmp,6,0);
VirtualProtect((LPVOID)OldFuncAddr,6,dwProtect,&dwProtect);
}
int WINAPI newsend(SOCKET s,const char* buf,int len,int flags)
{
//Save log of Send() Function.
FILE *buffile;
buffile = fopen("logs.txt","w");
fprintf(buffile,"%s",buf);
fclose(buffile);
return send(s,buf,len,flags);
}
BOOL WINAPI DLLMain(HINSTANCE hInst,DWORD dwReason,LPVOID reserved)
{
if (dwReason ==DLL_PROCESS_ATTACH)
{
//Employ Hook Function
ApiHook("ws2_32.dll","send",newsend,hook);
return 0;
}
}
|