flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > hook system dll

Author
Thread Post new topic Reply to topic
skykrnl



Joined: 17 Nov 2008
Posts: 21
skykrnl 14 Aug 2009, 15:10
Code:
format pe dll
entry DllEntry

include 'Win32AX.inc'

HOOK_DLL_NAME    equ     'ws2_32.dll'

section '.text' code data readable writeable executable

hHookMod dd      0

proc DllEntry, hModule, fdwReason, lpReserved
      locals
              szSysDllPath    rb      MAX_PATH
            szTmp   db      '\',0
    endl

    .if     [fdwReason] = DLL_PROCESS_ATTACH
            invoke  GetSystemDirectory, addr szSysDllPath, MAX_PATH
             invoke  lstrcat, addr szSysDllPath, addr szTmp
              invoke  lstrcat, addr szSysDllPath, HOOK_DLL_NAME
           invoke  MessageBox,NULL,addr szSysDllPath,addr szSysDllPath,MB_OK
           invoke  LoadLibrary, addr szSysDllPath
              mov     [hHookMod], eax
     .elseif [fdwReason] = DLL_PROCESS_DETACH
            invoke  FreeLibrary, [hModule]
      .endif
      mov     eax, TRUE
   ret
endp

proc GetProcAddr, szProcName
     invoke  GetProcAddress, [hHookMod], [szProcName]
    ret
endp

macro HookApi [api]
{
common
  local   JumpComm
    JumpComm:
               call    GetProcAddr
         jmp     eax
forward
      local name
  ip#api:
         push    name
                jmp     JumpComm
common
  section '.edat' export readable executable
        local module,addresses,names,ordinal,count
  count = 0
forward
        count = count+1
common
   dd 0,0,0,RVA module,1
       dd count,count,RVA addresses,RVA names,RVA ordinal
  addresses:
forward
   dd RVA ip#api
common
     names:
forward
       dd RVA name
common
       ordinal:
        count = 0
forward
        dw count
    count = count+1
common
   module db HOOK_DLL_NAME,0
forward
        name db `api,0
common
    local x,y,z,str1,str2,v1,v2
 x = count shr 1
     while x > 0
              y = x
               while y < count
                  z = y
                       while z-x >= 0
                           load v1 dword from names+z*4
                                str1=($-RVA $)+v1
                           load v2 dword from names+(z-x)*4
                            str2=($-RVA $)+v2
                           while v1 > 0
                                     load v1 from str1+%-1
                                       load v2 from str2+%-1
                                       if v1 <> v2
                                           break
                                       end if
                              end while
                           if v1<v2
                                 load v1 dword from names+z*4
                                        load v2 dword from names+(z-x)*4
                                    store dword v1 at names+(z-x)*4
                                     store dword v2 at names+z*4
                                 load v1 word from ordinal+z*2
                                       load v2 word from ordinal+(z-x)*2
                                   store word v1 at ordinal+(z-x)*2
                                    store word v2 at ordinal+z*2
                                else
                                        break
                               end if
                              z = z-x
                     end while
                   y = y+1
             end while
           x = x shr 1
 end while
}

HookApi      FreeAddrInfoW,\
    GetAddrInfoW,\
     GetNameInfoW,\
     WEP,\
      WPUCompleteOverlappedRequest,\
     WSAAccept,\
        WSAAddressToStringA,\
      WSAAddressToStringW,\
      WSAAsyncGetHostByAddr,\
    WSAAsyncGetHostByName,\
    WSAAsyncGetProtoByName,\
   WSAAsyncGetProtoByNumber,\
 WSAAsyncGetServByName,\
    WSAAsyncGetServByPort,\
    WSAAsyncSelect,\
   WSACancelAsyncRequest,\
    WSACancelBlockingCall,\
    WSACleanup,\
       WSACloseEvent,\
    WSAConnect,\
       WSACreateEvent,\
   WSADuplicateSocketA,\
      WSADuplicateSocketW,\
      WSAEnumNameSpaceProvidersA,\
       WSAEnumNameSpaceProvidersW,\
       WSAEnumNetworkEvents,\
     WSAEnumProtocolsA,\
        WSAEnumProtocolsW,\
        WSAEventSelect,\
   WSAGetLastError,\
  WSAGetOverlappedResult,\
   WSAGetQOSByName,\
  WSAGetServiceClassInfoA,\
  WSAGetServiceClassInfoW,\
  WSAGetServiceClassNameByClassIdA,\
 WSAGetServiceClassNameByClassIdW,\
 WSAHtonl,\
 WSAHtons,\
 WSAInstallServiceClassA,\
  WSAInstallServiceClassW,\
  WSAIoctl,\
 WSAIsBlocking,\
    WSAJoinLeaf,\
      WSALookupServiceBeginA,\
   WSALookupServiceBeginW,\
   WSALookupServiceEnd,\
      WSALookupServiceNextA,\
    WSALookupServiceNextW,\
    WSANSPIoctl,\
      WSANtohl,\
 WSANtohs,\
 WSAProviderConfigChange,\
  WSARecv,\
  WSARecvDisconnect,\
        WSARecvFrom,\
      WSARemoveServiceClass,\
    WSAResetEvent,\
    WSASend,\
  WSASendDisconnect,\
        WSASendTo,\
        WSASetBlockingHook,\
       WSASetEvent,\
      WSASetLastError,\
  WSASetServiceA,\
   WSASetServiceW,\
   WSASocketA,\
       WSASocketW,\
       WSAStartup,\
       WSAStringToAddressA,\
      WSAStringToAddressW,\
      WSAUnhookBlockingHook,\
    WSAWaitForMultipleEvents,\
 WSApSetPostRoutine,\
       WSCDeinstallProvider,\
     WSCEnableNSProvider,\
      WSCEnumProtocols,\
 WSCGetProviderPath,\
       WSCInstallNameSpace,\
      WSCInstallProvider,\
       WSCUnInstallNameSpace,\
    WSCUpdateProvider,\
        WSCWriteNameSpaceOrder,\
   WSCWriteProviderOrder,\
    __WSAFDIsSet,\
     accept,\
   bind,\
     closesocket,\
      connect,\
  freeaddrinfo,\
     getaddrinfo,\
      gethostbyaddr,\
    gethostbyname,\
    gethostname,\
      getnameinfo,\
      getpeername,\
      getprotobyname,\
   getprotobynumber,\
 getservbyname,\
    getservbyport,\
    getsockname,\
      getsockopt,\
       htonl,\
    htons,\
    inet_addr,\
        inet_ntoa,\
        ioctlsocket,\
      listen,\
   ntohl,\
    ntohs,\
    recv,\
     recvfrom,\
 select,\
   send,\
     sendto,\
   setsockopt,\
       shutdown,\
 socket

section '.idat' import readable executable
  include 'sdk/win32.inc'

;section '.rsrc' resource readable
section '.reloc' fixups readable writeable
    


Description:
Download
Filename: ws2_32.zip
Filesize: 4.41 KB
Downloaded: 271 Time(s)

Post 14 Aug 2009, 15:10
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.