Results 1 to 1 of 1
Hybrid View
-
4th January 2018 16:39 #1
(exe dll) nodevfee , minhook- TsudaKageyu (ETH ) (ETH ).
, devfee ? .
, .
Main.cpp
nodevfee.dllCode:#include <Windows.h> #include <stdio.h> static void Error(const char *format, int result) { char error[1024] = {0}; sprintf(error, format, result); MessageBoxA(0, error, "NoDevFee", 0); } static void InjectDll(HANDLE process, const wchar_t *dllName) { HMODULE kernel = GetModuleHandleW(L"kernel32.dll"); if (kernel != 0) { void *loadLibrary = GetProcAddress(kernel, "LoadLibraryW"); if (loadLibrary != 0) { size_t length = (wcslen(dllName) + 1) * sizeof(wchar_t); void *remoteString = VirtualAllocEx(process, 0, length, MEM_COMMIT, PAGE_READWRITE); if (remoteString != 0) { if (WriteProcessMemory(process, remoteString, dllName, length - sizeof(wchar_t), 0)) { HANDLE thread = CreateRemoteThread(process, 0, 0, (LPTHREAD_START_ROUTINE) loadLibrary, remoteString, 0, 0); if (thread != 0) { if (WaitForSingleObject(thread, INFINITE) == WAIT_OBJECT_0) { unsigned long int exitCode = 0; if (GetExitCodeThread(thread, &exitCode)) { if (exitCode == 0) { Error("LoadLibraryW error #%X", GetLastError()); } } else { Error("GetExitCodeThread error #%X", GetLastError()); } } else { Error("WaitForSingleObject error #%X", GetLastError()); } CloseHandle(thread); } else { Error("CreateRemoteThread error #%X", GetLastError()); } } else { Error("WriteProcessMemory error #%X", GetLastError()); } } else { Error("VirtualAllocEx error #%X", GetLastError()); } } else { Error("GetProcAddress error #%X", GetLastError()); } } else { Error("GetModuleHandleW error #%X", GetLastError()); } } int wmain(int argc, wchar_t *argv[]) { if (argc > 1) { STARTUPINFO si = {0}; si.cb = sizeof(si); PROCESS_INFORMATION pi = {0}; if (CreateProcessW(0, wcsstr(GetCommandLineW(), argv[1]), 0, 0, false, CREATE_SUSPENDED | REALTIME_PRIORITY_CLASS, 0, 0, &si, &pi) != 0) { InjectDll(pi.hProcess, L"nodevfeeDll.dll"); if (ResumeThread(pi.hThread) == -1) { Error("ResumeThread error #%X", GetLastError()); } CloseHandle(pi.hThread); CloseHandle(pi.hProcess); } else { Error("CreateProcessW error #%X", GetLastError()); } } return EXIT_SUCCESS; }
Code:#include <WinSock2.h> #include <stdio.h> #include "minhook\MinHook.h" bool Initial = true; char Wallet[43] = {0}; FILE *LogFile = 0, *WalletFile = 0, *PoolsFile = 0; struct Pool { char Address[256]; unsigned int Port; }; Pool Pools[256] = {0}; int PoolCount = 0; int (__stdcall *sendOriginal)(SOCKET s, const char *buf, int len, int flags); int (__stdcall *connectOriginal)(SOCKET s, const struct sockaddr *name, int namelen); static void Error(const char *format, int result) { char error[1024] = {0}; sprintf(error, format, result); MessageBoxA(0, error, "NoDevFeeDll", 0); } int __stdcall sendHook(SOCKET s, const char *buf, int len, int flags) { if (strstr(buf, "eth_submitLogin") != 0) { const char *wallet = strstr(buf, "\"params\": [\""); if (wallet != 0) { wallet += 12; if (Initial) { memcpy(Wallet, wallet, 42); Initial = false; } memcpy((void*) wallet, Wallet, 42); printf("NoDevFee: eth_submitLogin -> %s\n", Wallet); } else { printf("NoDevFee: eth_submitLogin -> Error\n"); } } else if (strstr(buf, "eth_login") != 0) { const char *wallet = strstr(buf, "\"params\":[\""); if (wallet != 0) { wallet += 11; if (Initial) { memcpy(Wallet, wallet, 42); Initial = false; } memcpy((void*) wallet, Wallet, 42); printf("NoDevFee: eth_login -> %s\n", Wallet); } else { printf("NoDevFee: eth_login -> Error\n"); } } if (LogFile) { fprintf(LogFile, "s = 0x%04X flags = 0x%04X len = %4d buf = ", (unsigned int) s, flags, len); for (int i = 0; i < len; ++i) fprintf(LogFile, "%02X ", buf[i]); fprintf(LogFile, "\n%s\n", buf); fflush(LogFile); } return sendOriginal(s, buf, len, flags); } int __stdcall connectHook(SOCKET s, const struct sockaddr *name, int namelen) { sockaddr_in *addr = (sockaddr_in*) name; if (PoolCount > 1) { for (int i = 1; i < PoolCount; ++i) { hostent *host = gethostbyname(Pools[i].Address); if (host != 0) { if ((host->h_addrtype == addr->sin_family) && (addr->sin_port == htons(Pools[i].Port)) && (addr->sin_addr.S_un.S_addr == ((in_addr*) host->h_addr_list[0])->S_un.S_addr)) { host = gethostbyname(Pools[0].Address); if (host != 0) { addr->sin_port = htons(Pools[0].Port); addr->sin_addr.S_un.S_addr = ((in_addr*) host->h_addr_list[0])->S_un.S_addr; printf("NoDevFee: connect -> %s:%d\n", Pools[0].Address, Pools[0].Port); break; } } } } } if (LogFile) { fprintf(LogFile, "s = 0x%04X sin_family = 0x%04X sin_addr = %s sin_port = %4d namelen = %4d\n\n", (unsigned int) s, addr->sin_family, inet_ntoa(addr->sin_addr), ntohs(addr->sin_port), namelen); fflush(LogFile); } return connectOriginal(s, name, namelen); } static void Hook() { LogFile = fopen("nodevfeeLog.txt", "r"); if (LogFile) { fclose(LogFile); LogFile = fopen("nodevfeeLog.txt", "w"); } WalletFile = fopen("nodevfeeWallet.txt", "r"); if (WalletFile) { if (fread(Wallet, 1, 42, WalletFile) == 42) Initial = false; fclose(WalletFile); } PoolsFile = fopen("nodevfeePools.txt", "r"); if (PoolsFile) { fscanf(PoolsFile, "%d\n", &PoolCount); for (int i = 0; i < PoolCount; ++i) fscanf(PoolsFile, "%s %d\n", Pools[i].Address, &Pools[i].Port); fclose(PoolsFile); } MH_STATUS result = MH_UNKNOWN; result = MH_Initialize(); if (result == MH_OK) { result = MH_CreateHookApi(L"ws2_32.dll", "send", sendHook, (void**) &sendOriginal); if (result == MH_OK) { result = MH_CreateHookApi(L"ws2_32.dll", "connect", connectHook, (void**) &connectOriginal); if (result == MH_OK) { result = MH_EnableHook(MH_ALL_HOOKS); if (result != MH_OK) { Error("MH_EnableHook error #%X", result); } } else { Error("MH_CreateHookApi connect error #%X", result); } } else { Error("MH_CreateHookApi send error #%X", result); } } else { Error("MH_Initialize error #%X", result); } } int __stdcall DllMain(HINSTANCE instance, unsigned long int reason, void *reserved) { switch (reason) { case DLL_PROCESS_DETACH: break; case DLL_PROCESS_ATTACH: Hook(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: break; } return true; }




Reply With Quote
Lenovo ThinkPad 15 IdeaPad 15
5th May 2023, 22:16 in