Hey guy's i found this Source code in google this is useful code someday to you its hard to search that's why i post it here easy to find no need to search in google...
DllMain.cpp
Code:
#include <windows.h>
#include <stdio.h>
#include <winsock.h>
__declspec(naked) HookFunction()
{
char Text = "Mpgh.net.. :] \n";
int sizeMsg = 40;
// Some Gcc inline here :\
__asm("movl %eax,0xC(%ebp)"); // Put msg param into stack
__asm("pop %eax"); // Take msglen from stack
__asm("movl %eax,0x10(%ebp)"); // Put msglen into stack
__asm("pop %eax"); // Sub dword from stack
__asm("popf"); // Restore Flags
__asm("mov %edi,%edi");
__asm("push %ebp"); ////// } Harcoded preable from Ws2_32.dll -> Too lazy today :} Do a VirtualProtect and memcpy of your own.
__asm("mov %ebp,%esp");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop"); // If you desire to add some functionalities :]
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop");
__asm("nop"); //1 byte JMP + 4 bytes for address.
__asm("nop");
__asm("nop");
__asm("nop");
}
BOOL APIENTRY DllMain (HINSTANCE hInst,DWORD reason,LPVOID reserved)
{
char JmpOpcode[1] = "\xE9";
char SavesOpcodes[5] = "\x90\x90\x90\x90\x90";
char OpcodesMyFunc[3] = "\x9C\x8B\xEC";
DWORD AddressToWriteTrampolineToSend;
DWORD CalculateJumpFromHookFunctionToWsaSend,CalculateAddressTrampoline;
DWORD lpflOldProtect = 0;
DWORD OldProtect = 0;
HMODULE HandleModule;
DWORD AddressAPI;
DWORD AddresseFakeApi;
DWORD calculateJMP,JMP_TO;
switch (reason)
{
case DLL_PROCESS_ATTACH:
HandleModule = GetModuleHandle(TEXT("ws2_32.dll")); // Get the module Handle of ws2_32.dll
AddressAPI = GetProcAddress(HandleModule,"send"); // Get Address of send API
AddresseFakeApi = (LPDWORD)&HookFunction; // Get address of AddresseFakeApi
memcpy(SavesOpcodes,AddressAPI,0x5); // Save Opcodes from preable. You can use them later with memcpy or harcode them into your HookFunction.
calculateJMP = AddresseFakeApi - AddressAPI; // Calculate our Jump
JMP_TO = calculateJMP - 5;
VirtualProtect(AddressAPI,0x8,PAGE_READWRITE,&lpflOldProtect); // Disable memory protection.
memcpy(AddressAPI,JmpOpcode,0x1); // Write Jump Opcode
memcpy(AddressAPI+1,&JMP_TO,0x4); // Write jump address
VirtualProtect(AddressAPI,0x8,PAGE_EXECUTE_READ,&lpflOldProtect); //Nuevo
VirtualProtect(AddresseFakeApi,0x3,PAGE_READWRITE,&OldProtect); // Disable memory protection.
memcpy(AddresseFakeApi,OpcodesMyFunc,0x3); // "\x9C\x8B\xEC" to -> HookFunction
VirtualProtect(AddresseFakeApi,0x3,PAGE_EXECUTE_READ,&OldProtect); // Enable memory protection.
//__asm("int3"); // 0xCC BreakPoint. For debugging purposes.
AddressToWriteTrampolineToSend = AddresseFakeApi + 0x32; //1e // Where are we going to write JMP XXXXXXXX ?
CalculateAddressTrampoline = AddressAPI + 0x5; // We must calculate our jump to the first intruction after the preable @ address -> 7651C4CD SUB ESP,10
CalculateJumpFromHookFunctionToWsaSend = CalculateAddressTrampoline - AddressToWriteTrampolineToSend - 0x5;
VirtualProtect(AddressToWriteTrampolineToSend,0x8,PAGE_READWRITE,&OldProtect); // Disable memory protection @ HookFunction
memcpy(AddressToWriteTrampolineToSend,JmpOpcode,0x1); //Copy uncondicional JUMP opcode
memcpy(AddressToWriteTrampolineToSend+1,&CalculateJumpFromHookFunctionToWsaSend,0x4); //Copy Jump Opcode
VirtualProtect(AddressToWriteTrampolineToSend,0x8,PAGE_EXECUTE_READ,&OldProtect); //Enable memory protection @ HookFunction
break;
}
return TRUE;
}
DllMain.h
Code:
#ifndef _DLL_H_
#define _DLL_H_
#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */
#endif /* _DLL_H_ */
No credit be found