Título: Ayuda con Api hook Publicado por: el_chavo en 7 Febrero 2009, 23:43 pm Bueno muchachos e encontrado algo para aquellos programadores puedan divertirse un poco. Es un programilla que me causa mucha gracia, y a mi parecer es un Api hook, pero no entiendo bien la estructura y como podria recompilarlo..
http://www.ziddu.com/download/3419494/KickaoII.exe.html http://www.ziddu.com/download/3419528/ki.ck.rar.html Este exe tiene un resource dentro el cual es el ki.ck, el cual e decompilado http://www.ziddu.com/download/3419507/ki.rar.html bueno decompilando o mejor atacheando el proceso en el juego y luego analizando el modulo del ki http://www.ziddu.com/download/341955...lyDbg.txt.html Código: signed int __cdecl sub_13571F6F(int a1, void *a2, unsigned int a3, signed int a4) { void *v5; // eax@5 void *v6; // eax@32 signed int v7; // [sp+44h] [bp-4h]@1 unsigned int v8; // [sp+30h] [bp-18h]@1 unsigned int v9; // [sp+2Ch] [bp-1Ch]@1 DWORD v10; // [sp+28h] [bp-20h]@2 void *v12; // [sp+38h] [bp-10h]@5 int v13; // [sp+40h] [bp-8h]@14 DWORD v14; // [sp+24h] [bp-24h]@14 signed int v15; // [sp+18h] [bp-30h]@21 int v16; // [sp+3Ch] [bp-Ch]@25 void *v17; // [sp+34h] [bp-14h]@32 v7 = 0; v8 = 0; v9 = 0; if ( !a1 ) { if ( !a2 || !a3 ) return v7; v12 = a2; v9 = a3; LABEL_13: while ( v8 + 6 <= v9 ) { v13 = (int)((char *)v12 + v8); v14 = *(_WORD *)((char *)v12 + v8); if ( !v14 || v8 + v14 > v9 ) { v14 = v9 - v8; v7 = 1; } if ( !v7 ) { if ( sub_135718FD() ) { if ( a4 == 1 ) { v15 = *(_WORD *)(v13 + 4); if ( v15 == 8465 ) { if ( *(_WORD *)v13 > 0xDu ) { v16 = (int)(v12 + v8 + 6); if ( !*(_WORD *)(v12 + v8 + 6) ) byte_13578028 = *(_BYTE *)(v16 + 3); } } else { if ( v15 == 8481 ) byte_13578028 = 0; } } else { if ( a4 == 2 ) { if ( *(_WORD *)(v13 + 4) == 20736 ) { if ( *(_WORD *)v13 > 6u ) { v6 = malloc(*(_WORD *)v13 - 5); v17 = v6; if ( v6 ) { memset(v17, 0, *(_WORD *)v13 - 5); strncpy((char *)v17, (const char *)v12 + v8 + 6, *(_WORD *)v13 - 6); if ( sub_13571D85((const char *)v17, "/get") ) sub_13571D54(); free(v17); } } } } } } } if ( a1 ) WriteFile(*(HANDLE *)(a1 + 4), (LPCVOID)v13, v14, &v10, 0); v8 += v14; } if ( v8 < v9 ) { if ( a1 ) WriteFile(*(HANDLE *)(a1 + 4), (char *)v12 + v8, v9 - v8, &v10, 0); v7 = 1; } goto LABEL_43; } if ( !PeekNamedPipe(*(HANDLE *)(a1 + 8), 0, 0, 0, &v10, 0) || !v10 ) return v7; v5 = malloc(v10 + 1); v12 = v5; if ( !v5 ) return v7; if ( ReadFile(*(HANDLE *)(a1 + 8), v12, v10, (LPDWORD)&v9, 0) ) goto LABEL_13; LABEL_43: if ( a1 ) free(v12); return v7; } Código: int __cdecl sub_13572957() { int result; // eax@8 char *v1; // eax@3 char v2; // [sp+20h] [bp-118h]@3 const char *v3; // [sp+1Ch] [bp-11Ch]@3 GetModuleFileNameA((HMODULE)dword_1357802C, (CHAR *)&unk_13578280, 0x104u); if ( byte_13575004 ) sub_13571772(dword_1357802C); GetModuleFileNameA((HMODULE)dword_13578030, &v2, 0x104u); v1 = strrchr(&v2, 92); v3 = v1; if ( v1 ) ++v3; else v3 = &v2; if ( !stricmp(v3, "gunbound.gme") ) dword_13578020 = 1; dword_13578040 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(0, "KERNEL32", "CreateProcessA", (int (__stdcall *)())sub_135724E6); dword_13578040 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_1357130E("KERNEL32", "CreateProcessA", (int (__stdcall *)())sub_135724E6); dword_13578044 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(0, "KERNEL32", "CreateProcessW", (int (__stdcall *)())sub_13572742); result = sub_1357130E("KERNEL32", "CreateProcessW", (int (__stdcall *)())sub_13572742); dword_13578044 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))result; if ( dword_13578020 ) { dword_13578038 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0( 0, "WS2_32", "recv", (int (__stdcall *)())sub_1357227E); dword_13578038 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_1357130E( "WS2_32", "recv", (int (__stdcall *)())sub_1357227E); dword_1357803C = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0( 0, "WS2_32", "send", (int (__stdcall *)())sub_1357246D); result = sub_1357130E("WS2_32", "send", (int (__stdcall *)())sub_1357246D); dword_1357803C = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))result; } dword_13575000 = 1; return result; } haber si alguien me ayudar con esto, yo diria a simple vista ... inyecta la dll en el proceso gunbound.gme luego, hace un Api hook y verifica el envio de /get y nose que |