Code:
#define STS 0x4247818 //SANA
#include <Windows.h>
#include <iostream>
#include <string>
#include <sstream>
#include <fstream>
#pragma warning( disable: 4996 )
using namespace std;
ofstream outfile;
#define dir_log "C:\\STS_LOG.txt" // where ID's get saved.
void logz(const char *fmt, ...) //standard stuffs
{
outfile.open(dir_log, ios::app);
va_list va_alist;
char buffer[512] = {0};
va_start( va_alist, fmt );
vsnprintf(buffer+strlen(buffer), sizeof(buffer) - strlen(buffer), fmt, va_alist );
va_end( va_alist );
outfile << buffer;
outfile.close();
return;
}
void *DetourFunction (BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp;
DWORD dwback;
DWORD jumpto, newjump;
VirtualProtect(src,len,PAGE_READWRITE,&dwback);
if(src[0] == 0xE9)
{
jmp = (BYTE*)malloc(10);
jumpto = (*(DWORD*)(src+1))+((DWORD)src)+5;
newjump = (jumpto-(DWORD)(jmp+5));
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = newjump;
jmp += 5;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src-jmp);
}
else
{
jmp = (BYTE*)malloc(5+len);
memcpy(jmp,src,len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len-jmp)-5;
}
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for(int i = 5; i < len; i++)
src[i] = 0x90;
VirtualProtect(src,len,dwback,&dwback);
return (jmp-len);
}
typedef unsigned int ( *tfnSendToServer)(void *pMsg, unsigned __int32 flags);
tfnSendToServer mfnSendToServer;
DWORD dwCache;
unsigned int hooked_SendToServer(void *pMsg, unsigned __int32 flags){
__asm pushad;
log("SendToServer( 0x%02x, 0x%02x );\n{\n", pMsg, flags);
VirtualProtect(pMsg, 400, 40, &dwCache);
for(unsigned long ul=0;ul<400;ul++){
if(!(ul%4)) log("\n");
log("0x%02x, ", PBYTE(DWORD(pMsg))[ul]);
}
VirtualProtect(pMsg, 400, dwCache, 0);
__asm popad;
return pfnSendToServer(pMsg, flags);
}
void hookthread(void){
//while(!GetModuleHandleA("cshell.dll")) Sleep(100);
pfnSendToServer = tfnSendToServer(DetourFunction( PBYTE(((DWORD *)STS)[0x57]), PBYTE(hooked_SendToServer), 5));
log("Hooked STS Function; 0x%02x -> 0x%02x\n", STS, hooked_SendToServer);
}
bool __stdcall DllMain( HMODULE hthis, DWORD dwReason, DWORD lpUNK ){
DisableThreadLibraryCalls(hthis);
if(dwReason==0x01){
//CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hookthread, 0, 0, 0);
hookthread();
}
return true;
}
credits to Bradley Galloway (idk his username)