Ebenzere yönelik saldirilari yakalar ve Listeler ayrica Saldirilardan korur..
Reallizt'ten Alıntıdır.
Kod:
#include "stdafx.h"
#include <detours.h>
#include <Winsock2.h>
#include <fstream.h>
#include <winbase.h>
#include <stdio.h>
#include <Urlmon.h>
#include <AtlBase.h>
#include <windows.h>
#include <iostream>
#include <conio.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <time.h>
#include <vector>
#define DATA_BUFSIZE 16384
using namespace std;
HWND MainWindowHandle = 0;
bool InitWindowApp(HINSTANCE instanceHandle, int Show);
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "wsock32")
//ofstream out("C:\\logW32sock.txt", ios::out | ios::binary);
DETOUR_TRAMPOLINE(int WINAPI Real_WSASend(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, DWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6), WSASend);
DETOUR_TRAMPOLINE(int WINAPI Real_WSARecv(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, LPDWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6), WSARecv);
DETOUR_TRAMPOLINE(int WINAPI real_recv(SOCKET a0, CHAR *buf, int size, int args), recv);
void wconsole2(char text, char *color);
void print( char* output, int color );
void writelog(char *text);
void start_console();
char *timestamp(/* void */);
char *GetTimeStamp(char *file);
void AddTimeStamp(char *file, int opt);
int WINAPI custom_WSASend(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, DWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6);
int WINAPI custom_WSARecv(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, LPDWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6);
int WINAPI custom_recv(SOCKET a0, char *buf, int size, int args);
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved)
{
//SetWindowText(FindWindow(NULL, "GameServer Ver - 20041111"), "Game Server (1.4.53)");
if ( reason == DLL_PROCESS_ATTACH )
{
start_console();
DetourFunctionWithTrampoline((PBYTE)Real_WSASend,(PBYTE)custom_WSASend);
DetourFunctionWithTrampoline((PBYTE)Real_WSARecv,(PBYTE)custom_WSARecv);
DetourFunctionWithTrampoline((PBYTE)real_recv,(PBYTE)custom_recv);
}
else if ( reason == DLL_PROCESS_DETACH )
{
DetourRemove((PBYTE)Real_WSASend,(PBYTE)custom_WSASend);
DetourRemove((PBYTE)Real_WSARecv,(PBYTE)custom_WSARecv);
DetourRemove((PBYTE)real_recv,(PBYTE)custom_recv);
//out.close();
}
return true;
}
void wconsole(const char *text,char *color)
{
if(color == "white"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
if(color == "green"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_GREEN);
}
if(color == "red"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED);
}
char consoleStringBuffer[2000];
HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
DWORD dwChars;
sprintf(consoleStringBuffer, text);
WriteConsole(hOut, consoleStringBuffer,
(DWORD)strlen(consoleStringBuffer), &dwChars, NULL);
}
void wconsole2(char text,char *color)
{
if(color == "white"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
if(color == "green"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_GREEN);
}
if(color == "red"){
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY | FOREGROUND_RED);
}
//char consoleStringBuffer[2000];
HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
DWORD dwChars;
//sprintf(consoleStringBuffer, text);
WriteConsole(hOut, (const char*)text,
1, &dwChars, NULL);
}
void wconsole_prox(const char *text, char *color)
{
wconsole("[","white");
wconsole("CONSOLE","green");
wconsole("]: ","white");
wconsole(text,color);
wconsole("\r\n","white");
}
DWORD WINAPI ThreadFunc( LPVOID lpParam )
{
AllocConsole();
SetConsoleTitle("Ebenezer Monitor - EuropeKnightOnline");
wconsole_prox("(c)oded by Reallizt & Devin");
wconsole_prox("www.europeko.net");
wconsole_prox("The system has initialized successfully.","green");
return 0;
}
int WINAPI __stdcall custom_recv(SOCKET a0, CHAR *buf, int size, int args)
{
return real_recv(a0, buf, size, args);
}
/*int WINAPI __stdcall custom_WSARecv(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, LPDWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6)
{
return 1;
}*/
int WINAPI __stdcall custom_WSARecv(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, LPDWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6)
{
char *buf = (char *)malloc(256);
char *ipstr = (char *)malloc(256);
char buffer[DATA_BUFSIZE*2];
struct sockaddr_in addr;
int len,x=0,ret=-1;
getpeername(a0, (struct sockaddr*)&addr, &len);
ipstr = inet_ntoa(addr.sin_addr);
if(strcmp(ipstr, "127.0.0.1") && strcmp(ipstr, "0.0.0.0") && strcmp(ipstr, "69.162.116.226")){
__try {
buffer[recv(a0, buffer, DATA_BUFSIZE-1, 0)] = 0x00;
} __finally {
for(int d=0;d<=DATA_BUFSIZE-256;d=d+256){
if(strstr(buffer+d, "\xAA\x55")){
sprintf(buf, "Remote_Addr(%s),Offset(0x%d)\r\n{\r\n m_Socket->%p,\r\n m_RecvData->%s,\r\n m_RecvHex->0x%02x,\r\n m_RecvBytes->%i\r\n}\r\n", ipstr, d, a0, buffer+d, buffer+d, sizeof(buffer+8192));
wconsole(buf, "red");
x++;
}
}
}
}
if(x<1)
return closesocket(a0);
return Real_WSARecv( a0, a1, a2, a3, a4, a5, a6 );
}
int WINAPI custom_WSASend(SOCKET a0, LPWSABUF a1, DWORD a2, LPDWORD a3, DWORD a4, LPWSAOVERLAPPED a5, LPWSAOVERLAPPED_COMPLETION_ROUTINE a6)
{
return Real_WSASend(a0,a1,a2,a3,a4,a5,a6);
}
void start_console()
{
DWORD dwThreadId;
char dwThrdParam[12] = "cls_start";
HANDLE hThread;
hThread = CreateThread(NULL,0,ThreadFunc,&dwThrdParam,0,&dwThreadId);
}
void writelog(char *text){
FILE *fp;
fp = fopen("C:\\Reallizt.txt", "a");
fwrite(text, strlen(text), sizeof(text), fp);
fclose(fp);
}
void AddTimeStamp(char *file, int opt)
{
FILE *fp;
switch(opt)
{
case 0: fp = fopen(file, "w"); break;
case 1: fp = fopen(file, "a"); break;
}
fwrite(timestamp(), strlen(timestamp()), sizeof(timestamp()), fp);
fclose(fp);
}
char *timestamp()
{
time_t seconds;
char *ret = (char *) malloc(256);
seconds = time (NULL);
sprintf(ret, "%ld", seconds);
return ret;
}
char *GetTimeStamp(char *file)
{
FILE * pFile;
long lSize;
char * buffer;
size_t result;
pFile = fopen ( file , "rb" );
if (pFile==NULL) {return false;}
// Dosya Boyutunu bul:
fseek (pFile , 0 , SEEK_END);
lSize = ftell (pFile);
rewind (pFile);
buffer = (char*) malloc (sizeof(char)*lSize);
if (buffer == NULL) {return false;}
// Dosyayi buffera kopyalar:
result = fread (buffer,1,lSize,pFile);
if (result != lSize) {return false;}
/* Memory buffer e yüklenmistir. */
// terminate
fclose (pFile);
return buffer;
}Reallizt'ten Alıntıdır.
Son düzenleme:
source kod oalrakmı veriliyor kardeşim 
senin vücudunun üstündeki şeyden her insanda var, sen yapabiliyorsan bizlerde yapabiliriz.
