flat assembler
Message board for the users of flat assembler.
Index
> Windows > WS2_32.DLL |
Author |
|
LocoDelAssembly 02 Oct 2006, 20:03
No, I wanted to do that in the past by I finally didn't do anything...
Anyway, the technique is called "proxy DLL". http://www.internals.com/articles/apispy/apispy.htm there is some info. I had more links stored in a TXT but well, I already explained what happend with my HD... |
|||
02 Oct 2006, 20:03 |
|
vid 02 Oct 2006, 20:21
winpcap?
|
|||
02 Oct 2006, 20:21 |
|
Fungos Bauux 02 Oct 2006, 20:27
Well the truth is.. I only need to change the connect destination of a game. It used to connect to a hostname, so I only changed my "hosts" file to point that name to 127.0.0.1 and I have my fake server working.
The client was updated, and now it has the destination IP hardcoded. I cannot simply change the program (binary path or memory patch) because its protected by a rootkit like that one from Sony. And I dont want to study and reverse this protection. I only want to get able to connect to localhost and play the game locally. I need any simple solution, because I will publish that server emulator and dont want to change other people system DLLs Well, Proxy DLL should work. I will try... There is any tool that create a DLL skel based on imports/exports of a original dll? |
|||
02 Oct 2006, 20:27 |
|
okasvi 02 Oct 2006, 20:29
simple hooking does the job... either messing with target's IAT or using detours, up to you...
|
|||
02 Oct 2006, 20:29 |
|
Fungos Bauux 02 Oct 2006, 20:34
I wanted to do a WS2_32.DLL wrapper with FASM, so I can practice my asm a little. ;D
I already know detours, I will give a try to it. |
|||
02 Oct 2006, 20:34 |
|
okasvi 02 Oct 2006, 20:39
Fungos Bauux wrote: I wanted to do a WS2_32.DLL wrapper with FASM, so I can practice my asm a little. ;D making a wrapper means that you must emulate, or atleast export and reroute ALL exported funcs by WS2_32.DLL, and if you simply need to change just the address it's connecting to, just go for detour... _________________ When We Ride On Our Enemies support reverse smileys |: |
|||
02 Oct 2006, 20:39 |
|
vid 02 Oct 2006, 21:15
studying something about export forwarding may ease your work. for others, just import original dll renamed to something else, forward unhooked imports, and overtake wanted ones.
in theory, it's easy |
|||
02 Oct 2006, 21:15 |
|
f0dder 02 Oct 2006, 21:55
Writing a wrapper DLL is usually a bad idea, hooking specific functions (with something robust like detours) is better...
|
|||
02 Oct 2006, 21:55 |
|
Fungos Bauux 03 Oct 2006, 01:24
Im trying to do the Exports Forwarding thing, but look this:
dumpbin /imports game.exe Code: WS2_32.dll 4745E0 Import Address Table 483FC0 Import Name Table 0 time date stamp 0 Index of first forwarder reference Ordinal 17 3D WSASetEvent 47 WSAWaitForMultipleEvents Ordinal 13 34 WSARecv 39 WSASend Ordinal 7 Ordinal 1 Ordinal 5 Ordinal 4 Ordinal 115 Ordinal 116 Ordinal 12 Ordinal 52 Ordinal 11 Ordinal 111 28 WSAIoctl Ordinal 21 12 WSACloseEvent Ordinal 3 38 WSAResetEvent 1E WSAGetOverlappedResult Ordinal 20 14 WSACreateEvent Ordinal 2 Ordinal 23 Ordinal 9 Ordinal 15 Ordinal 6 41 WSASocketA Ordinal 22 How can I do a forward of these "Ordinal"? What they are? and which one is the connect one? I have done the forwarding for the Text Named ones, but when I runs it says something like, cannot find ordinal 17 inside ws2_32.dll ... @okasvi: OT: Reversed smileys arent a nice idea.. |
|||
03 Oct 2006, 01:24 |
|
Fungos Bauux 03 Oct 2006, 01:51
Ok, I have done a forward of all exported functions of ws2_32.dll, but the application doesnt work.
It gives this error: "The application failed to initialize properly (0xc00000fd)" Its only a bunch of pragma to forward. no actual code, see here: http://pastebin.wikistuce.info/?257 And Im having problem to export myConnect in this code: http://pastebin.wikistuce.info/?258 |
|||
03 Oct 2006, 01:51 |
|
f0dder 03 Oct 2006, 10:14
Just grab detours and go with that, it's going to save you so much time.
|
|||
03 Oct 2006, 10:14 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.