Redirect Client Blocks (引诱服转移功能屏蔽代码+成品)

201724 发表于 2012-12-1 19:39:19

本帖最后由 201724 于 2012-12-1 20:00 编辑

代码+成品压缩包回复可见

原理:屏蔽引诱服的关键封包,让转移服务器的功能失效来达到屏蔽引诱服的效果

**** Hidden Message *****

//Code By 201724
//Anti Redirect Server Dynamic Library Sources Code
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <memory.h>
#include <stdarg.h>
#include <windows.h>
#include "detours.h"
HMODULE gSocket_ws2;
HMODULE gSocket_wsock32;
BOOL bInstance=FALSE;
typedef int (WINAPI * fnrecvfrom)(SOCKET s,char* buf,int len,int flags,struct sockaddr* from,int* fromlen);

//origin ws2_32.dll recvfrom callback
fnrecvfrom orecvfrom_ws2;
//origin wsock32.dll recvfrom callback
fnrecvfrom orecvfrom_wsock32;

//Quake Protocol Redirect Packet Title
#define S2C_REDIRECT 'L'

//ws2_32.dll new recvfrom
int WINAPI newrecvfrom_ws2(SOCKET s,char* buf,int len,int flags,struct sockaddr* from,int* fromlen)
{
int ret = orecvfrom_ws2(s,buf,len,flags,from,fromlen);
if(ret > 0 && *(DWORD*)buf == -1) //check request packet head
{
if(((PBYTE)buf) == S2C_REDIRECT) //check Redirect Packet
{
//Block this packet
WSASetLastError(WSAEWOULDBLOCK);
return -1;
}
}
return ret;
}

//wsock32.dll new recvfrom
int WINAPI newrecvfrom_wsock32(SOCKET s,char* buf,int len,int flags,struct sockaddr* from,int* fromlen)
{
int ret = orecvfrom_wsock32(s,buf,len,flags,from,fromlen);
if(ret > 0 && *(DWORD*)buf == -1) //check request packet head
{
if(((PBYTE)buf) == S2C_REDIRECT) //check Redirect Packet
{
//Block this packet
WSASetLastError(WSAEWOULDBLOCK);
return -1;
}
}
return ret;
}

//Initialize pakcet filter
void Instance()
{
//load librarys and get function address
gSocket_ws2 = LoadLibrary("ws2_32.dll");
gSocket_wsock32 = LoadLibrary("wsock32.dll");
orecvfrom_ws2 = (fnrecvfrom)GetProcAddress(gSocket_ws2,"recvfrom");
orecvfrom_wsock32 = (fnrecvfrom)GetProcAddress(gSocket_wsock32,"recvfrom");

if(orecvfrom_ws2) //check func ws2_32.dll -> recvfrom address
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach((void**)&orecvfrom_ws2,newrecvfrom_ws2); //attach make new jump data
DetourTransactionCommit(); //instance
}

if(orecvfrom_wsock32) //check func ws2_32.dll -> recvfrom address
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach((void**)&orecvfrom_wsock32,newrecvfrom_wsock32); //attach make new jump data
DetourTransactionCommit();//instance
}

bInstance = TRUE; //set hook mark
}

void Deinstance()
{
if(bInstance==TRUE) //check hook mark
{
if(orecvfrom_ws2)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach((void**)&orecvfrom_ws2,newrecvfrom_ws2); //detach hook
DetourTransactionCommit();//destory new jump data and restore
}
if(orecvfrom_wsock32) //check hook mark
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach((void**)&orecvfrom_wsock32,newrecvfrom_wsock32);//detach hook
DetourTransactionCommit();//destory new jump data and restore
}
}
}

//Dll Initialize
BOOL WINAPI DllMain(HINSTANCE hDllHandle,DWORD nReason,LPVOID lpReserved)
{
switch(nReason)
{
case DLL_PROCESS_ATTACH:
{
Instance();
break;
}
case DLL_PROCESS_DETACH:
{
Deinstance();
break;
}
}
return TRUE;
}

w854625286 发表于 2012-12-1 19:43:48

看下:)怎么样啊啊哈哈

cboby 发表于 2012-12-1 22:06:39

试试效果:victory::victory:试试效果

-Ka.Ka.Xi- 发表于 2012-12-2 00:56:39

不懂怎么用...

99无敌 发表于 2012-12-2 09:20:12

这是什么语言写的？

btlive 发表于 2012-12-2 09:55:53

这是什么啊！说说怎么用啊。老大给个能弄明白的说明

landyhsu 发表于 2012-12-2 11:11:03

回复后看看
然后下载收藏

吾名周小杰 发表于 2012-12-2 11:17:25

顶！！！！！！！！！！！

guoxiangwei 发表于 2012-12-2 11:49:17

回复后看看

hackroad 发表于 2012-12-2 12:02:34

本帖最后由 hackroad 于 2012-12-2 12:03 编辑

这下浩方可以借鉴了..........
是c++的吧

页: [1] 2 3 4 5 6 7

点通论坛's Archiver

Redirect Client Blocks (引诱服转移功能屏蔽代码+成品)