[Help]Hooking Into PunkBuster

I Read up on PB, and the check function for PB uses strings, and checks them, there are good strings, and bad strings. We want to hook into the check function, and return a good string if there is a bad string.

Thats as far as i know. So i so far made a function to find the strings, so i can work from there. BUT, i cant "open" the detours.h
I downloaded and installed Detours
which is suppose to be the detours. Stuck from there... Tried with LanceVorgins CDetour, adn the DLL just crashes when i try making a detour.

Heres my source code.

Code:

// WarRock DLL v1.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include "Addresses.h"
#include "Detour/CDetour.h"
#include "iostream"
#include <windows.h>
#include <detours.h>  // Microsoft’s detour library
void Main();
BOOL APIENTRY DllMain( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
		DisableThreadLibraryCalls((HMODULE) hModule);
	CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&Main,NULL,0,NULL);
    return TRUE;
}

typedef int ( *PBPerformCheck_t )(int iEAX, size_t Count, char *Dest );
PBPerformCheck_t pPBPerformCheck = 0;
int _PBPerformCheck(int iEAX, size_t Count, char *Dest ){
	int iReturn = pPBPerformCheck( iEAX , Count, Dest );
		FILE * pFile;
		pFile = fopen ("C:/WarRock.txt","a");
		if (pFile!=NULL)
		{
		fputs (Dest,pFile);
		fputs ("\n",pFile);
		fclose (pFile);
	}
	return iReturn;
}
void Hook( ){
	DWORD dwPbclBase = ( DWORD )GetModuleHandle( "pbcl.dll" );
	pPBPerformCheck = ( PBPerformCheck_t )DetourFunction( ( BYTE * )( dwPbclBase + 0x55FC5 ), ( BYTE * )_PBPerformCheck);
}

void Main(){
		/*
		We Must First Find The Strings That PB Uses
		1. Detour The Function
		2. Log the strings
		3. Return The String
		*/
	while(true){
	Beep(2000,200);//To Show That The Thread Is Still Running (Debugging)
		if(GetAsyncKeyState(VK_NUMPAD0) &0x8000)Hook();
		Sleep(200);
	}
}

#include "stdafx.h"
#include "Addresses.h"
#include "Detour/CDetour.h"
#include "iostream"
#include <windows.h>
#include <detours.h> // Microsoft’s detour library

First, Remove "Detour/CDetour.h" From your includes.
Second, add detours.h into your project
Then, include "detours.h" , you can do this by typing '#include "detours.h" , but im sure, you already knew this...

If that doesn't work, Un-Install your Compiler, Re-Install A New Compiler, and Also, don't mix your library with MFC Headers, or you'll get lib errors, if you have any questions or need help, just PM me

Originally Posted by *Marneus901*

gah its got to get approved. try drop.io

EDIT:
Heres the errors i get when i incllde that detours.h

Code:

Compiling...
WarRock DLL v1.cpp
Linking...
libc.lib(crt0dat.obj) : error LNK2005: __cinit already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: _exit already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __exit already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __cexit already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __c_exit already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __C_Exit_Done already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __C_Termination_Done already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __exitflag already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __wpgmptr already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __pgmptr already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: ___winitenv already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __wenviron already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: ___initenv already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __environ already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: ___wargv already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: ___argv already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: ___argc already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __winminor already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __winmajor already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __winver already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __osver already defined in LIBCMTD.lib(crt0dat.obj)
libc.lib(crt0dat.obj) : error LNK2005: __umaskval already defined in LIBCMTD.lib(crt0dat.obj)
LIBCMTD.lib(crt0init.obj) : warning LNK4098: defaultlib "libc.lib" conflicts with use of other libs; use /NODEFAULTLIB:library
Debug/WarRock DLL v1.dll : fatal error LNK1169: one or more multiply defined symbols found
Error executing link.exe.

WarRock DLL v1.dll - 23 error(s), 1 warning(s)

Ok, That's a good thing. Here's how to fix that.
First go to 'Project' Then Properties...
Then go to the ' Linker ' Tab '.
Then 'Input'
It will say 'Ignore Specific Library', Just add LIBCMTD.lib their, Re-Compile, and it should compile perfectly.

Originally Posted by Koekenbakker

If you even succes logging PB, you'll still be banned because the detour is detected. By the way, the logfunction, did you write it by yourself or did you just copy it out of my piece of code (from another forum)?

Took it after trying to make my own Detour with LanceVorgins detour. It just crashes without any attempt, Now trying other methods.

And Vista, ill try that right now.
Well, Not sure what compiler that is for, but im using Microsoft Visual C++ 6.0
I went to
Project -> Settings -> Link -> Catagory [Input] -> Ignore Libraries -> LIBCMTD.lib
Made over 100 Errors...

Heres current source

Code:

#include "stdafx.h"
#include "iostream"
#include "detours.h"  // Microsoft’s detour library
void Main();
BOOL APIENTRY DllMain( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
		DisableThreadLibraryCalls((HMODULE) hModule);
	CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&Main,NULL,0,NULL);
    return TRUE;
}
typedef int ( *PBPerformCheck_t )(int iEAX, size_t Count, char *Dest );
PBPerformCheck_t pPBPerformCheck = 0;
int _PBPerformCheck(int iEAX, size_t Count, char *Dest ){
	int iReturn = pPBPerformCheck( iEAX , Count, Dest );
		FILE * pFile;
		pFile = fopen ("C:/WarRock.txt","a");
		if (pFile!=NULL)
		{
		fputs (Dest,pFile);
		fputs ("n",pFile);
		fclose (pFile);
	}
	return iReturn;
}

void Hook( ){
	DWORD dwPbclBase = ( DWORD )GetModuleHandle( "pbcl.dll" );
	pPBPerformCheck = (int (__cdecl *)(int,size_t,char *))DetourFunction( ( PBYTE )( dwPbclBase + 0x55FC5 ), ( PBYTE )_PBPerformCheck);
	
	//Make a function that jumps to my own function
}
void Main(){
	while(true){
	Beep(2000,200);//To Show That The Thread Is Still Running (Debugging)
	if(GetAsyncKeyState(VK_NUMPAD0) &0x8000)Hook();
		Sleep(200);
	}
}

And the current error: detours.lib(disasm.obj) : fatal error LNK1103: debugging information corrupt; recompile module

Ill be at my girlfreinds tonight. Ill be back in a couple hours...

Well, to make this a fuck of a lot easier you can do the exact same thing without all that fucking messy ass code. I wrote one up just now, this should do exactly as you needed.

Code:

// pbclLogger2.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include <fstream>
#include "detours.h"

typedef int (__stdcall *pbHook)(int iEAX, size_t Count, char *Dest);
pbHook pbHook2;
using namespace std;
ofstream Fileio;

int _pbHook2(int iEAX, size_t count, char *Dest)
{
	Beep(9000,20);

	int ireturn = pbHook2(iEAX,count,Dest);
	Fileio <<"\n\n\nIEAX :"<<iEAX<<"nnn count :"<<count<<"\n\n\n DEST :"<<Dest<<"-----------------------n";
	return ireturn;
}


void Main()
{
	Fileio <<"\n[Started Logging]\n";

	DWORD pbclBase = (DWORD) GetModuleHandle("pbcl.dll");
	if(!pbclBase)
		Fileio << "\n [ERROR :: UNABLE TO HOOK FUNCTION,PBCDLBASE IS NULL] \n";
	else
		Fileio << "\n [SUCESS:: LOCATED PBCL, NOW HOOKING] \n";

		pbHook2 = (pbHook)DetourFunction((BYTE*)(pbclBase + 0x55FC5), (BYTE*)_pbHook2);

	while(true)
		Sleep(10);

}



BOOL APIENTRY DllMain( HMODULE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
					 )
{
	switch(ul_reason_for_call)
	{
		case DLL_PROCESS_ATTACH:
		{
			DisableThreadLibraryCalls(hModule);
			CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Main,NULL,0,NULL);
			Fileio.open("C:\WRKLG.txt");
			break;
		}
		case DLL_PROCESS_DETACH:
		{
			Fileio << "\n\n Detaching"<<endl;
			Fileio.close();
			break;
		}
	}
    return TRUE;
}

The \'s don't show up I assume because of some forum bb code issue or whatever, so if you see an abnormal n located, its probably \n

I told you to change the data-type from HANDLE to HMODULE, if it didn't prevent it from crashing, it at least made it easier to read. You also have a million unrequired headers in there.

* Spam Removed, If You Have No Idea What The Hell Where Talking About, Please Don't Post It. *

BTW : If the DLL is injected before Pbcl.dll is loaded, then it can't locate pbcl.dll, thus it will throw an exception, and crash. So load this after pbcl.dll is loaded.

that did nothing. I used your source, and well
"detours.lib(disasm.obj) : fatal error LNK1103: debugging information corrupt; recompile module"

It happens when you call DetourFunction.
If you comment that line out, it completely compiles just fine...

Funny, it probably is my compiler... god i hate that bullshit, they need everything to be capatable with everything, with patches or whatever.
MVC6 is the best compiler in the world.
I searched online regarding this compiling error, and heres a quote of what i keep getting

Probably yes. I don't have this SDK so I cannot check it, but it is possible
that the library contains debug information in the new format used by VS7,
which VC6 does not understand.
You might have to use the library from an older SDK.

Anyone got one that i can use? =P

Originally Posted by *Marneus901*

Your compilers fucked up then, because it works fine with mine, are you using the Microsoft detours? If you really don't give a shit, I can just send you the compiled version. Or the VC++6 project.

is there a patch or something that i need? Its been a good 2 years since ive had someone else compile my own project, and i really dont want to go back to that again lol.

Originally Posted by *Marneus901*

is there a patch or something that i need? Its been a good 2 years since ive had someone else compile my own project, and i really dont want to go back to that again lol.

Hmm, what compiler and version are you using. This isn't a syntax error, I think your compiler has abnormal settings. It would be much better if we took this conversation on the MPGH IRC irc://irc.mpgh.net/

Go on AIM please.

Originally Posted by *Marneus901*

Go on AIM please.

Sorry, I'm really busy at the moment, if the rest of the forum can't help, I'll try to find some time. Again, I apologize for not assisting.

Its alright, your doing what you can.

Marneus i suggest to get VS 2003,i compiled Jetamay code and it give me no errors/warnings so its probably VS 6.0...

Fuck for not noticing this.
Go to -> Build -> Set Active Configurations -> Win32 Relase
Build -> Rebuild All
build -> Compile
Build -> Build YourProjectName.Dll

And there you go, I just ran into the problem now, I assume you can't hook functions in debug mode. Or not in VC++6 at least.

Well, thats fucked up, that worked! Thank all of you for your time and help! Please close...

Originally Posted by *Marneus901*

Well, thats fucked up, that worked! Thank all of you for your time and help! Please close...

Your welcome, enjoy your stay at mpgh.

[Help]Hooking Into PunkBuster

Post a Reply

Similar Threads

Tags for this Thread