Hooking with detours tutorial

[konsowa]

Hey ppl so i decided to make this tutorial for all of u that want to start hooking functions using detours..

So first thing ull need is microsoft detours which u can easily find by searching on Google.
The second thing ull need is microsoft visual studio or an equivalent.
And last but definitely not least u will need ur brain

Lets start:

So lets say u are playing a mmorpg and suddenly u wanna hack that game and lets say make ur own bot for packet editing(this is not a full bot tutorial this is only a small part of it), the first thing u wanna do at that point is find out which function u wanna hook(hint use a debugger and find out if it uses ws2_32.dll) if so then the game probably uses the connect function but u shud still check if it does. If thats the case then get ready to hook that function, here we go..

• 
  [li]create an empty dll[/li]
  [li]include winsock2.h, detours.h and iostream(u never know when ull need it) as well as windows.h like so:[/li]
  

#include <WinSock2.h>
#include <Windows.h>
#include <detours.h>
#include <iostream>

• [li] Now what u want to do is get the declaration of the function u want to hook, in this case the connect function, u can find the declaration at msdn and u declare it as so:[/li]

int (__stdcall *connect_o)( __in SOCKET s, __in const struct sockaddr_in *name, __in int namelen );

note: the o stands for original, as this is the original function.

• [li] Now that its declared u want to define it which is really simple..[/li]

int __stdcall connect_h(__in SOCKET s, __in  struct sockaddr_in *name, __in int namelen )
{
    MessageBoxA(NULL,"I just made my first hook!!","Hook Tutorial", MB_OK);
    return connect_o(s, name, namelen);
}

• [li] Now u want to make A function that represents ur thread..[/li]

void WINAPI HookApi(LPVOID param)
{
}

• [li]Next u want to get the address of the connect function inside that function that u just created, here is how[/li]

HANDLE ConnectAddress = GetProcAddress(GetModuleHandleA("ws2_32"), "connect");

• [li]Your next step is making the actual detour which will allow ur function to be called when ever the original is called if that makes sense..[/li]

if(ConnectAddress)
		connect_o = (int (__stdcall *)( __in SOCKET s, __in const struct sockaddr_in *name, __in int namelen ))DetourFunction((PBYTE)ConnectAddress,(PBYTE)connect_h);

• [li]Now for the final step creating the thread and disabling thread library calls, so ur dll main shud like like this[/li]

bool __stdcall DllMain(HINSTANCE hinst, DWORD _Reason, _In_opt_ LPVOID _Reserved)
{
	DisableThreadLibraryCalls(hinst);

	CreateThread(0,0,(LPTHREAD_START_ROUTINE)HookApi,0,0,&ThreadID);

	return true;
}

• 
  
  

Now u can build this dll and inject it in ur game and u shud get a message box every time the connect function is called, u can hook the send/recv functions using the same technique.

Note: Who ever hooks the send/recv functions first gets a cookie

And here we are at the end of the tutorial, i hope it helped you in some way if u have any problems please dont hesitate to pm me or leave a comment below ill be very happy to help u with ur problems, if u encounter any and dont forget to give me sum kudos

Edit: I added the detours lib and includes in the attachments

 

[Fleep]

Very interesting stuff, Im not a big fan of detours in general but you can do some great stuff with it.

Fleep

 

[Puaaap]

thanks for this, will see if I can make it work

 

[konsowa]

Your very welcome
if u encounter any problems just pm me or leave a comment here.

 

[MrModd]

Now I'm just learning all of this from scratch. But I am guessing this is, or on, the lines of what needs to be done to make a bypass right.

 

[konsowa]

Yes Sir, this stuff will definitely help u make a bypass but not if u hook the connect function tho i was just making this so that if anyone ever wants to make a proxy he can just make this dll and then make a program that would recieve and redirect everything on a specific port.

 

[MrModd]

Ahh very cool and TY. you have no idea how long I have been searching for stuff like this lmao. I get so many mixed signals on the net with trying to look this stuff up. I think part of my issue is I lack in the knowledge for the language while looking things up lol. I have my work cut for me trying to figure all this out lol. But I must say, I can't stop thinking about it. Feels like I'm back on Prom Night hahaha.

 

[konsowa]

No actually the problem is that most hackers don't want to give others the knowledge they have gained mostly because they worked hard to find that stuff and learn it, but there are some of us that are open to giving our knowledge to those that need it. So yea you really wont find too much about this topic on most sites.

 

[MrModd]

I can understand that. That's why even on other forums I tried I NEVER ask someone to give/do for me. I ask..... could you point me in the direction of. I don't want hand outs because in the end i feel like it will be more rewarding doing things with a little help than having it done for me. I just like talking to people that have some knowledge about things because it really really sux tring 100 different things just to find out that there ALL wrong lmao. Most I have ever really done was use an unpacker, WinHex, CE, and Excel to make some .csv hacks. So I don't want to say I am a total noob lol but this is fun stuff to learn.

 

[konsowa]

i agree and if you ever need anything just make a thread and don't be afraid to ask u will never learn if u don't ask.

 

[Fleep]

No actually the problem is that most hackers don't want to give others the knowledge they have gained mostly because they worked hard to find that stuff and learn it, but there are some of us that are open to giving our knowledge to those that need it. So yea you really wont find too much about this topic on most sites.

Agreed, this is a big part of the reason why I created the site, too many people learn to do some basic hacking and next thing you know everyone that needs help is a noob.
You can always find help for things like C# programming and general development, but when It comes to hacking most places where you ask for help are only going to give stupid or offensive replies.

Its stupid to be honest, but I guess thats how things are for now. Once the site Is big enough and we pretty much have tutorials on everything then people are going to see that is a decent place to come for help.

Fleep

 

[iVision]

I do not know if I'm stupid or it doesn't work for me..
First DetourFunction doesn't exist in the free versions? So I just replaced it with DetourFindFunction.
But then when I try to compile I get this: unresolved external symbol _DetourFindFunction@@.
So did I forgot something to link?

 

[konsowa]

Did u link the includes and libs?

 

[iVision]

I didn't know how to link, but I did it like this:
Set the Additional Include Directory and Library Directories to the right path. I think I forgot something like
#pragma comment(lib "")
But I'm not sure, and neither know what should be in the qoutes.

 

[konsowa]

Hmm..would you mind uploading ur solution? Oh and i added the detours header and lib in my OP.

 

[iVision]

Ah with the attachment you posted it works excellent Thank you so much But why do we need to define/clare the original function?
int (__stdcall *send_o)(__in SOCKET s, __in const char *buf, __in int len, __in int flags);

Can't we just use send instead of send_o?

Btw where is my cookie? I changed to send ;P

 

[konsowa]

Congrats well since ur dll is injected it is considered part of the game coz u injected it every time u would call the ws2_32 send function u would do what ever is in send_h, so basically calling the original send function would kinda put u in a situation where u have an endless loop if u know what im sayin.

BTW here is ur cookie:

Spoiler

 

[Jabberwock]

Agreed, this is a big part of the reason why I created the site, too many people learn to do some basic hacking and next thing you know everyone that needs help is a noob.
You can always find help for things like C# programming and general development, but when It comes to hacking most places where you ask for help are only going to give stupid or offensive replies.

You are so damn right!

They don't want to help because they worked hard to accomplish what they know.

Also to the thread starter, you should put an if statement in DLLMain. Like this:

BOOL WINAPI DllMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved)
{
	if (fdwReason == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(hDLLInst);

		if (!CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL))
			return FALSE;
	}
	
	return TRUE;
}

And you don't need to include WinSock2.h, just use DetourFindFunction.
I do it like this(Detours version V3):

const char module[] = "Ws2_32.dll";

while (!(unsigned long)GetModuleHandle(module))
	Sleep(100);// Wait until loaded

real_send = (pFunc)DetourFindFunction(module, "send");

DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)real_send, MySend);

if (DetourTransactionCommit() != NO_ERROR) throw;

 

[konsowa]

Hmmm, always nice to learn something new.
But i doubt that function exists in the version i posted..