diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index 388269b..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,6 +0,0 @@
-[submodule "src/mhook"]
- path = src/mhook
- url = git://github.com/apriorit/mhook.git
-[submodule "mhook"]
- path = mhook
- url = git://github.com/apriorit/mhook.git
diff --git a/README.md b/README.md
index 1fba6a7..aa4d651 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,9 @@ Please do support Spotify by using premium!!!!
## Video, audio & banner adblock/skip for Spotify
-**Current Version:** 0.19
+**Current Version:** 0.20
-**Last updated:** 19th August 2019
+**Last updated:** 22 August 2019
**Last tested version:** 1.1.12.451.gdb77255f
diff --git a/chrome_elf.dll b/chrome_elf.dll
index 5a4463e..f226d93 100644
Binary files a/chrome_elf.dll and b/chrome_elf.dll differ
diff --git a/mhook b/mhook
deleted file mode 160000
index 6b82fa4..0000000
--- a/mhook
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 6b82fa43b51349dcf006010c95e714879944fa68
diff --git a/src/BlockTheSpot.cpp b/src/BlockTheSpot.cpp
index 7c77e34..e5516d5 100644
--- a/src/BlockTheSpot.cpp
+++ b/src/BlockTheSpot.cpp
@@ -1,4 +1,6 @@
// BlockTheSpot.cpp : Defines the exported functions for the DLL application.
+//
+
#include "stdafx.h"
bool AddDllToBlacklist (const wchar_t* dll_name) { return true; }
diff --git a/src/BlockTheSpot.vcxproj b/src/BlockTheSpot.vcxproj
index 9e13659..e0134a2 100644
--- a/src/BlockTheSpot.vcxproj
+++ b/src/BlockTheSpot.vcxproj
@@ -48,7 +48,6 @@
chrome_elf
- false
chrome_elf
$(ProjectDir)..\
@@ -73,12 +72,11 @@
MaxSpeed
- true
- true
+ false
WIN32;NDEBUG;_WINDOWS;_USRDLL;BLOCKTHESPOT_EXPORTS;%(PreprocessorDefinitions)
- true
MultiThreaded
- ProgramDatabase
+ None
+ Size
AnySuitable
@@ -89,24 +87,16 @@
chrome_elf.def
+ UseLinkTimeCodeGeneration
-
-
-
-
-
-
+
-
-
-
-
false
@@ -116,6 +106,8 @@
+
+
diff --git a/src/BlockTheSpot.vcxproj.filters b/src/BlockTheSpot.vcxproj.filters
index 170534d..cc8f027 100644
--- a/src/BlockTheSpot.vcxproj.filters
+++ b/src/BlockTheSpot.vcxproj.filters
@@ -4,48 +4,25 @@
-
- mhook
-
-
- mhook
-
-
- mhook
-
-
- mhook
+
+ hookapi
+
-
-
- mhook
-
-
- mhook
-
-
- mhook
-
-
- mhook
-
-
- mhook
-
-
- mhook
+
+ hookapi
+
-
- {5f92c477-8601-4c3c-a1e2-b55ebd230af4}
+
+ {6dec95b4-4fa2-4d85-9de5-8a6af4d6bb2d}
\ No newline at end of file
diff --git a/src/HookApi.cpp b/src/HookApi.cpp
new file mode 100644
index 0000000..d500a13
--- /dev/null
+++ b/src/HookApi.cpp
@@ -0,0 +1,472 @@
+/*
+//////////////////////////////////////////////////////////////////////////
+HookApi 0.6
+
+thanks to xIkUg ,sucsor
+
+by 海风月影[RCT] , StrongOD@Safengine.com
+2011.06.08
+
+//////////////////////////////////////////////////////////////////////////
+//更新内容
+2011.06.08 0.6
+1,增加cdecl的hook
+2,使用malloc申请内存,节约空间
+3,新接口InstallHookStub,支持直接传函数地址去hook
+4,hook还没完成的时候,不会发生调用hookproc的情况(主要是VirtualProtect函数)
+
+2008.04.15 0.5
+
+1,重新写了Stub,换了一种模式,使hook更加自由,将hookbefore和hookafter合并
+HookProc的定义方式与以前有所不同:
+
+HookProc的函数类型和原来的api一样,只是参数比原API多2个
+DWORD WINAPI HookProc(DWORD RetAddr ,__pfnXXXX pfnXXXX, ...);
+
+//参数比原始的API多2个参数
+RetAddr //调用api的返回地址
+pfnXXX //类型为__pfnXXXX,待hook的api的声明类型,用于调用未被hook的api
+
+详见My_LoadLibraryA
+原始的LoadLibraryA的声明是:
+
+HMODULE WINAPI LoadLibraryA( LPCSTR lpLibFileName );
+
+那么首先定义一下hook的WINAPI的类型
+typedef HMODULE (WINAPI __pfnLoadLibraryA)(LPCTSTR lpFileName);
+
+然后hookproc的函数声明如下:
+HMODULE WINAPI My_LoadLibraryA(DWORD RetAddr,
+ __pfnLoadLibraryA pfnLoadLibraryA,
+ LPCTSTR lpFileName
+ );
+
+比原来的多了2个参数,参数位置不能颠倒,在My_LoadLibraryA中可以自由的调用未被hook的pfnLoadLibraryA
+也可以调用系统的LoadLibraryA,不过要自己在hookproc中处理好重入问题
+
+另外,也可以在My_LoadLibraryA中使用UnInstallHookApi()函数来卸载hook,用法如下:
+将第二个参数__pfnLoadLibraryA pfnLoadLibraryA强制转换成PHOOKENVIRONMENT类型,使用UnInstallHookApi来卸载
+
+例如:
+UnInstallHookApi((PHOOKENVIRONMENT)pfnLoadLibraryA);
+
+
+至于以前版本的HookBefore和HookAfter,完全可以在自己的HookProc里面灵活使用了
+
+
+2,支持卸载hook
+InstallHookApi()调用后会返回一个PHOOKENVIRONMENT类型的指针
+需要卸载的时候可以使用UnInstallHookApi(PHOOKENVIRONMENT pHookEnv)来卸载
+
+在HookProc中也可以使用UnInstallHookApi来卸载,参数传入HookProc中的第二个参数
+
+注意:当HookProc中使用UnInstallHookApi卸载完后就不能用第二个参数来调用API了~~,切记!
+
+2008.04.15 0.41
+1,前面的deroko的LdeX86 有BUG,678b803412 会算错
+ 换了一个LDX32,代码更少,更容易理解
+
+2,修复了VirtualProtect的一个小BUG
+
+
+0.4以前
+改动太大了,前面的就不写了
+*/
+
+
+#include "stdafx.h"
+#include "HookApi.h"
+
+//#pragma comment(linker, "/SECTION:HookStub,R")
+
+//#define ALLOCATE_HookStub ALLOCATE(HookStub)
+
+//#pragma code_seg("HookStub")
+#pragma optimize("gsy",on)
+/*ALLOCATE_HookStub*/ HOOKENVIRONMENT pEnv={0};
+NAKED void StubShell_stdcall()
+{
+ __asm
+ {
+ push dword ptr [esp];
+ push dword ptr [esp];
+ call _next;
+_next:
+ xchg dword ptr [esp], eax;
+ lea eax, [eax - 0x20];
+ mov dword ptr [esp + 0xC], eax;
+ pop eax;
+ _emit 0xE9;
+ _emit 'g';
+ _emit 'o';
+ _emit 'o';
+ _emit 'd';
+ }
+}
+
+NAKED void StubShell_cdecl()
+{
+ __asm
+ {
+ push dword ptr [esp];
+ call _next;
+_next:
+ xchg dword ptr [esp], eax;
+ lea eax, [eax - 0x1D];
+ mov dword ptr [esp + 0x8], eax;
+ pop eax;
+ _emit 0x68;
+ _emit 'b';
+ _emit 'a';
+ _emit 'd';
+ _emit 'd';
+ _emit 0xE9;
+ _emit 'g';
+ _emit 'o';
+ _emit 'o';
+ _emit 'd';
+ }
+}
+#pragma optimize("",off)
+//#pragma code_seg()
+
+NAKED void cdeclret_stub()
+{
+ __asm retn 4;
+}
+DWORD MyInterlockedExchange32(PDWORD Target, DWORD Value)
+{
+ DWORD retvalue;
+ __asm
+ {
+ mov ecx, Target;
+ mov eax, Value;
+ xchg dword ptr[ecx], eax;
+ mov retvalue, eax;
+ }
+ return retvalue;
+}
+WORD MyInterlockedExchange16(PWORD Target, WORD Value)
+{
+ WORD retvalue;
+ __asm
+ {
+ mov ecx, Target;
+ mov ax, Value;
+ xchg word ptr[ecx], ax;
+ mov retvalue, ax;
+ }
+ return retvalue;
+}
+void MyCopyBytes(void * pTarget, BYTE *pBuf, int size)
+{
+ /*
+ 优化 memcpy 字节
+ 先把stub的前2个字节改成 EB FE,构造一个死循环,然后memcpy剩下字节,再把前2个字节改回去
+ */
+ WORD w1;
+ w1 = *(WORD*)pBuf;
+ MyInterlockedExchange16((PWORD)pTarget, 0xFEEB);
+ memcpy((char*)pTarget + 2, (char*)pBuf + 2, size - 2);
+ MyInterlockedExchange16((PWORD)pTarget, w1);
+}
+
+DWORD __stdcall GetOpCodeSize(BYTE* iptr0)
+{
+ BYTE* iptr = iptr0;
+
+ DWORD f = 0;
+
+prefix:
+ BYTE b = *iptr++;
+
+ f |= table_1[b];
+
+ if (f&C_FUCKINGTEST)
+ if (((*iptr)&0x38)==0x00) // ttt
+ f=C_MODRM+C_DATAW0; // TEST
+ else
+ f=C_MODRM; // NOT,NEG,MUL,IMUL,DIV,IDIV
+
+ if (f&C_TABLE_0F)
+ {
+ b = *iptr++;
+ f = table_0F[b];
+ }
+
+ if (f==C_ERROR)
+ {
+ //printf("error in %02X\n",b);
+ return C_ERROR;
+ }
+
+ if (f&C_PREFIX)
+ {
+ f&=~C_PREFIX;
+ goto prefix;
+ }
+
+ if (f&C_DATAW0) if (b&0x01) f|=C_DATA66; else f|=C_DATA1;
+
+ if (f&C_MODRM)
+ {
+ b = *iptr++;
+ BYTE mod = b & 0xC0;
+ BYTE rm = b & 0x07;
+ if (mod!=0xC0)
+ {
+ if (f&C_67) // modrm16
+ {
+ if ((mod==0x00)&&(rm==0x06)) f|=C_MEM2;
+ if (mod==0x40) f|=C_MEM1;
+ if (mod==0x80) f|=C_MEM2;
+ }
+ else // modrm32
+ {
+ if (mod==0x40) f|=C_MEM1;
+ if (mod==0x80) f|=C_MEM4;
+ if (rm==0x04) rm = (*iptr++) & 0x07; // rm<-sib.base
+ if ((rm==0x05)&&(mod==0x00)) f|=C_MEM4;
+ }
+ }
+ } // C_MODRM
+
+ if (f&C_MEM67) if (f&C_67) f|=C_MEM2; else f|=C_MEM4;
+ if (f&C_DATA66) if (f&C_66) f|=C_DATA2; else f|=C_DATA4;
+
+ if (f&C_MEM1) iptr++;
+ if (f&C_MEM2) iptr+=2;
+ if (f&C_MEM4) iptr+=4;
+
+ if (f&C_DATA1) iptr++;
+ if (f&C_DATA2) iptr+=2;
+ if (f&C_DATA4) iptr+=4;
+
+ return iptr - iptr0;
+}
+
+HANDLE g_hStupHeap = NULL;
+
+PHOOKENVIRONMENT __stdcall InstallHookStub(PVOID StubAddress, PVOID HookProc, int type)
+{
+ int ReplaceCodeSize;
+ DWORD oldpro;
+ DWORD SizeOfStub;
+
+ DWORD SizeOfStubShell = 0;
+ DWORD AddrOfStubShell = 0;
+
+ DWORD dwHookStubAddress;
+ DWORD RetSize =0;
+
+ PHOOKENVIRONMENT pHookEnv;
+
+ BYTE JMPGate[5] = {0xE9, 0x00, 0x00, 0x00, 0x00};
+
+ if (HookProc == NULL)
+ {
+ return NULL;
+ }
+
+ if (StubAddress == NULL) return NULL;
+
+ if (*(BYTE*)StubAddress == 0xE9 || *(BYTE*)StubAddress == 0xE8) return NULL;
+
+ if(type == e_stdcall)
+ {
+ SizeOfStubShell = 0x1B;
+ AddrOfStubShell = (DWORD)StubShell_stdcall;
+ }
+ else if (type == e_cdecl)
+ {
+ SizeOfStubShell = 0x1D;
+ AddrOfStubShell = (DWORD)StubShell_cdecl;
+ }
+
+#ifdef _DEBUG
+ AddrOfStubShell = AddrOfStubShell + 5 + *(DWORD*)(AddrOfStubShell + 1);
+#endif
+
+ ReplaceCodeSize = GetOpCodeSize((BYTE*)StubAddress);
+
+ while (ReplaceCodeSize < 5)
+ {
+ ReplaceCodeSize += GetOpCodeSize((BYTE*)((DWORD)StubAddress + (DWORD)ReplaceCodeSize));
+ }
+
+ if (ReplaceCodeSize > 16) return NULL;
+
+ SizeOfStub = SizeOfStubShell + sizeof(HOOKENVIRONMENT);
+
+ if(g_hStupHeap == NULL)
+ {
+ g_hStupHeap = HeapCreate(HEAP_CREATE_ENABLE_EXECUTE, 0, 0);
+ if(g_hStupHeap == NULL)
+ {
+ return NULL;
+ }
+ }
+
+ pHookEnv = (PHOOKENVIRONMENT)HeapAlloc(g_hStupHeap, 0, sizeof(HOOKENVIRONMENT));
+
+ memcpy(pHookEnv, (PVOID)&pEnv, sizeof(HOOKENVIRONMENT));
+ memset((void*)pHookEnv->savebytes, 0x90, sizeof(pHookEnv->savebytes));
+ memcpy((void*)pHookEnv->hookstub, (PVOID)AddrOfStubShell, SizeOfStubShell);
+ memcpy(pHookEnv->savebytes, StubAddress, ReplaceCodeSize);
+
+ pHookEnv->OrgApiAddr = StubAddress;
+ pHookEnv->SizeOfReplaceCode = ReplaceCodeSize;
+
+ pHookEnv->jmptoapi[0] = 0xE9;
+ *(DWORD*)(&pHookEnv->jmptoapi[1]) = (DWORD)StubAddress + ReplaceCodeSize - ((DWORD)pHookEnv->jmptoapi + 5);
+
+ dwHookStubAddress = (DWORD)pHookEnv->hookstub;
+
+ pHookEnv->jmptostub[0] = 0xE9;
+ *(DWORD*)(&pHookEnv->jmptostub[1]) = (DWORD)pHookEnv->savebytes - ((DWORD)pHookEnv->jmptostub + 5);
+ //*(DWORD*)(&pHookEnv->jmptostub[1]) = (DWORD)(dwHookStubAddress) - ((DWORD)pHookEnv->jmptostub + 5);
+
+ *(DWORD*)(&JMPGate[1]) = ((DWORD)pHookEnv->jmptostub) - ((DWORD)StubAddress + 5);
+
+ //写入变量,这里要先写变量,否则如果hook VirtualProtect,下面的api调用会出问题
+ if(type == e_stdcall)
+ {
+ *(DWORD*)(dwHookStubAddress + SizeOfStubShell - 4) = (DWORD)HookProc - (dwHookStubAddress + SizeOfStubShell);
+ }
+ else if(type == e_cdecl)
+ {
+ *(DWORD*)(dwHookStubAddress + SizeOfStubShell - 4) = (DWORD)HookProc - (dwHookStubAddress + SizeOfStubShell);
+ *(DWORD*)(dwHookStubAddress + SizeOfStubShell - 9) = (DWORD)cdeclret_stub;
+ }
+
+ //patch api
+ if (VirtualProtect(StubAddress, ReplaceCodeSize, PAGE_EXECUTE_READWRITE, &oldpro))
+ {
+ //memcpy(StubAddress, JMPGate, sizeof(JMPGate));
+ MyCopyBytes((void*)StubAddress, (BYTE*)JMPGate, sizeof(JMPGate));
+ VirtualProtect(StubAddress, ReplaceCodeSize, oldpro, &oldpro);
+ MyInterlockedExchange32((PDWORD)(&pHookEnv->jmptostub[1]), (DWORD)(dwHookStubAddress) - ((DWORD)pHookEnv->jmptostub + 5));
+ }
+ else
+ {
+ //失败了,无法hook
+ HeapFree(g_hStupHeap, 0, (void*)pHookEnv);
+ return NULL;
+ }
+ return pHookEnv;
+}
+
+PHOOKENVIRONMENT __stdcall InstallHookApi(PCHAR DllName, PCHAR ApiName, PVOID HookProc, int type)
+{
+ return InstallHookStub((PVOID)GetProcAddress(LoadLibraryA(DllName), ApiName), HookProc, type);
+}
+
+BOOL __stdcall UnInstallHookApi(PHOOKENVIRONMENT pHookEnv)
+{
+ DWORD oldpro;
+
+ //如果内存不存在了,则退出
+ if(HeapSize(g_hStupHeap, 0, (void*)pHookEnv) <= 0)
+ return FALSE;
+
+ if(IsBadReadPtr((const void*)pHookEnv, sizeof(HOOKENVIRONMENT)))
+ return FALSE;
+
+ if(!VirtualProtect(pHookEnv->OrgApiAddr, pHookEnv->SizeOfReplaceCode, PAGE_EXECUTE_READWRITE, &oldpro))
+ return FALSE;
+
+ //memcpy(pHookEnv->OrgApiAddr, pHookEnv->savebytes, pHookEnv->SizeOfReplaceCode);
+ MyCopyBytes((void*)pHookEnv->OrgApiAddr, (BYTE*)pHookEnv->savebytes, pHookEnv->SizeOfReplaceCode);
+
+ VirtualProtect(pHookEnv->OrgApiAddr, pHookEnv->SizeOfReplaceCode, oldpro, &oldpro);
+
+ HeapFree(g_hStupHeap, 0, (void*)pHookEnv);
+ return TRUE;
+}
+
+
+//定义下面这行可以作为演示使用
+//#define TEST_MAIN
+
+
+#ifdef TEST_MAIN
+
+BOOL IsMe = FALSE;
+
+//先定义一下要hook的WINAPI
+typedef HMODULE (WINAPI __pfnLoadLibraryA)(LPCSTR lpFileName);
+
+/*
+HookProc的参数声明方式类型等和原来的api一样,只是参数比原API多2个
+DWORD WINAPI HookProc(DWORD RetAddr ,__pfnXXXX pfnXXXX, ...);
+
+//参数比原始的API多2个参数
+RetAddr //调用api的返回地址
+pfnXXX //类型为__pfnXXXX,待hook的api的声明类型,用于调用未被hook的api
+
+详见My_LoadLibraryA
+原始的LoadLibraryA的声明是:
+
+HMODULE WINAPI LoadLibraryA( LPCSTR lpLibFileName );
+
+那么首先定义一下hook的WINAPI的类型
+typedef HMODULE (WINAPI __pfnLoadLibraryA)(LPCTSTR lpFileName);
+
+然后hookproc的函数声明如下:
+HMODULE WINAPI My_LoadLibraryA(DWORD RetAddr,
+ __pfnLoadLibraryA pfnLoadLibraryA,
+ LPCTSTR lpFileName
+ );
+
+比原来的多了2个参数,参数位置不能颠倒,在My_LoadLibraryA中可以自由的调用未被hook的pfnLoadLibraryA
+也可以调用系统的LoadLibraryA,不过要自己在hookproc中处理好重入问题
+
+另外,也可以在My_LoadLibraryA中使用UnInstallHookApi()函数来卸载hook,用法如下:
+将第二个参数__pfnLoadLibraryA pfnLoadLibraryA强制转换成PHOOKENVIRONMENT类型,使用UnInstallHookApi来卸载
+
+例如:
+UnInstallHookApi((PHOOKENVIRONMENT)pfnLoadLibraryA);
+
+
+至于以前版本的HookBefore和HookAfter,完全可以在自己的HookProc里面灵活使用了
+
+*/
+
+HMODULE WINAPI My_LoadLibraryA(DWORD RetAddr,
+ __pfnLoadLibraryA pfnLoadLibraryA,
+ LPCSTR lpFileName
+ )
+{
+ HMODULE hLib;
+
+ //需要自己处理重入和线程安全问题
+ if (!IsMe)
+ {
+ IsMe = TRUE;
+ MessageBoxA(NULL, lpFileName, "test", MB_ICONINFORMATION);
+ hLib = LoadLibraryA(lpFileName);//这里调用的是系统的,已经被hook过的
+ IsMe = FALSE;
+ //这里是卸载Hook,这里卸载完就不能用pfnLoadLibraryA来调用了
+ UnInstallHookApi((PHOOKENVIRONMENT)pfnLoadLibraryA);
+ return hLib;
+ }
+ return pfnLoadLibraryA(lpFileName);//这里调用非hook的
+}
+
+
+int main()
+{
+ PHOOKENVIRONMENT pHookEnv;
+
+ pHookEnv = InstallHookApi("Kernel32.dll", "LoadLibraryA", My_LoadLibraryA);
+ //pHookEnv = InstallHookApi("Kernel32.dll", "Beep", My_LoadLibraryA);
+ LoadLibraryA("InjectDll.dll");
+ MessageBoxA(NULL,"Safe Here!!!","Very Good!!",MB_ICONINFORMATION);
+ UnInstallHookApi(pHookEnv);//由于HookProc中卸载过了,所以这里的卸载就无效了
+ MessageBoxA(NULL,"UnInstall Success!!!","Good!!",MB_ICONINFORMATION);
+ return 0;
+}
+
+#endif
+
+
\ No newline at end of file
diff --git a/src/HookApi.h b/src/HookApi.h
new file mode 100644
index 0000000..654f394
--- /dev/null
+++ b/src/HookApi.h
@@ -0,0 +1,585 @@
+#ifndef _HOOKAPI_H
+#define _HOOKAPI_H
+
+
+typedef struct _HOOKENVIRONMENT
+{
+ //前两项的位置不能改变!
+ unsigned char savebytes[16];
+ unsigned char jmptoapi[5];
+ unsigned char hookstub[0x30];
+ unsigned char jmptostub[5];
+ void* OrgApiAddr;
+ unsigned long SizeOfReplaceCode;
+ unsigned long oldpro;
+}HOOKENVIRONMENT,*PHOOKENVIRONMENT;
+
+enum hooktype{
+ e_stdcall,
+ e_cdecl,
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+DWORD __stdcall GetOpCodeSize(BYTE* startaddress);
+PHOOKENVIRONMENT __stdcall InstallHookStub(PVOID StubAddress, PVOID HookProc, int type = e_stdcall);
+PHOOKENVIRONMENT __stdcall InstallHookApi(PCHAR DllName, PCHAR ApiName, PVOID HookProc, int type = e_stdcall);
+BOOL __stdcall UnInstallHookApi(PHOOKENVIRONMENT pHookEnv);
+
+#ifdef __cplusplus
+};
+#endif
+
+#define NAKED __declspec(naked)
+
+#define ALLOCATE(x1) __declspec(allocate(#x1))
+
+#define ReloCationForADDR(x1, dwHookStubAddress) ((DWORD(&x1) + dwHookStubAddress))
+#define ReloCationForDWORD(x1, dwHookStubAddress) (*(LPDWORD(DWORD(&x1) + dwHookStubAddress)))
+#define ReloCationForTCHAR(x1, dwHookStubAddress) (LPCTSTR(DWORD(&x1) + dwHookStubAddress))
+#define ReloCationForLP(x1, dwHookStubAddress) (__##x1(ReloCationForDWORD(x1, dwHookStubAddress)))
+
+//////////////////////////////////////////////////////////////////////////
+//另一个LDX32
+
+#define C_ERROR 0xFFFFFFFF
+#define C_PREFIX 0x00000001
+#define C_66 0x00000002
+#define C_67 0x00000004
+#define C_DATA66 0x00000008
+#define C_DATA1 0x00000010
+#define C_DATA2 0x00000020
+#define C_DATA4 0x00000040
+#define C_MEM67 0x00000080
+#define C_MEM1 0x00000100
+#define C_MEM2 0x00000200
+#define C_MEM4 0x00000400
+#define C_MODRM 0x00000800
+#define C_DATAW0 0x00001000
+#define C_FUCKINGTEST 0x00002000
+#define C_TABLE_0F 0x00004000
+
+static int table_1[256] =
+{
+ /* 00 */ C_MODRM
+ /* 01 */, C_MODRM
+ /* 02 */, C_MODRM
+ /* 03 */, C_MODRM
+ /* 04 */, C_DATAW0
+ /* 05 */, C_DATAW0
+ /* 06 */, 0
+ /* 07 */, 0
+ /* 08 */, C_MODRM
+ /* 09 */, C_MODRM
+ /* 0A */, C_MODRM
+ /* 0B */, C_MODRM
+ /* 0C */, C_DATAW0
+ /* 0D */, C_DATAW0
+ /* 0E */, 0
+ /* 0F */, C_TABLE_0F
+ /* 10 */, C_MODRM
+ /* 11 */, C_MODRM
+ /* 12 */, C_MODRM
+ /* 13 */, C_MODRM
+ /* 14 */, C_DATAW0
+ /* 15 */, C_DATAW0
+ /* 16 */, 0
+ /* 17 */, 0
+ /* 18 */, C_MODRM
+ /* 19 */, C_MODRM
+ /* 1A */, C_MODRM
+ /* 1B */, C_MODRM
+ /* 1C */, C_DATAW0
+ /* 1D */, C_DATAW0
+ /* 1E */, 0
+ /* 1F */, 0
+ /* 20 */, C_MODRM
+ /* 21 */, C_MODRM
+ /* 22 */, C_MODRM
+ /* 23 */, C_MODRM
+ /* 24 */, C_DATAW0
+ /* 25 */, C_DATAW0
+ /* 26 */, C_PREFIX
+ /* 27 */, 0
+ /* 28 */, C_MODRM
+ /* 29 */, C_MODRM
+ /* 2A */, C_MODRM
+ /* 2B */, C_MODRM
+ /* 2C */, C_DATAW0
+ /* 2D */, C_DATAW0
+ /* 2E */, C_PREFIX
+ /* 2F */, 0
+ /* 30 */, C_MODRM
+ /* 31 */, C_MODRM
+ /* 32 */, C_MODRM
+ /* 33 */, C_MODRM
+ /* 34 */, C_DATAW0
+ /* 35 */, C_DATAW0
+ /* 36 */, C_PREFIX
+ /* 37 */, 0
+ /* 38 */, C_MODRM
+ /* 39 */, C_MODRM
+ /* 3A */, C_MODRM
+ /* 3B */, C_MODRM
+ /* 3C */, C_DATAW0
+ /* 3D */, C_DATAW0
+ /* 3E */, C_PREFIX
+ /* 3F */, 0
+ /* 40 */, 0
+ /* 41 */, 0
+ /* 42 */, 0
+ /* 43 */, 0
+ /* 44 */, 0
+ /* 45 */, 0
+ /* 46 */, 0
+ /* 47 */, 0
+ /* 48 */, 0
+ /* 49 */, 0
+ /* 4A */, 0
+ /* 4B */, 0
+ /* 4C */, 0
+ /* 4D */, 0
+ /* 4E */, 0
+ /* 4F */, 0
+ /* 50 */, 0
+ /* 51 */, 0
+ /* 52 */, 0
+ /* 53 */, 0
+ /* 54 */, 0
+ /* 55 */, 0
+ /* 56 */, 0
+ /* 57 */, 0
+ /* 58 */, 0
+ /* 59 */, 0
+ /* 5A */, 0
+ /* 5B */, 0
+ /* 5C */, 0
+ /* 5D */, 0
+ /* 5E */, 0
+ /* 5F */, 0
+ /* 60 */, 0
+ /* 61 */, 0
+ /* 62 */, C_MODRM
+ /* 63 */, C_MODRM
+ /* 64 */, C_PREFIX
+ /* 65 */, C_PREFIX
+ /* 66 */, C_PREFIX+C_66
+ /* 67 */, C_PREFIX+C_67
+ /* 68 */, C_DATA66
+ /* 69 */, C_MODRM+C_DATA66
+ /* 6A */, C_DATA1
+ /* 6B */, C_MODRM+C_DATA1
+ /* 6C */, 0
+ /* 6D */, 0
+ /* 6E */, 0
+ /* 6F */, 0
+ /* 70 */, C_DATA1
+ /* 71 */, C_DATA1
+ /* 72 */, C_DATA1
+ /* 73 */, C_DATA1
+ /* 74 */, C_DATA1
+ /* 75 */, C_DATA1
+ /* 76 */, C_DATA1
+ /* 77 */, C_DATA1
+ /* 78 */, C_DATA1
+ /* 79 */, C_DATA1
+ /* 7A */, C_DATA1
+ /* 7B */, C_DATA1
+ /* 7C */, C_DATA1
+ /* 7D */, C_DATA1
+ /* 7E */, C_DATA1
+ /* 7F */, C_DATA1
+ /* 80 */, C_MODRM+C_DATA1
+ /* 81 */, C_MODRM+C_DATA66
+ /* 82 */, C_MODRM+C_DATA1
+ /* 83 */, C_MODRM+C_DATA1
+ /* 84 */, C_MODRM
+ /* 85 */, C_MODRM
+ /* 86 */, C_MODRM
+ /* 87 */, C_MODRM
+ /* 88 */, C_MODRM
+ /* 89 */, C_MODRM
+ /* 8A */, C_MODRM
+ /* 8B */, C_MODRM
+ /* 8C */, C_MODRM
+ /* 8D */, C_MODRM
+ /* 8E */, C_MODRM
+ /* 8F */, C_MODRM
+ /* 90 */, 0
+ /* 91 */, 0
+ /* 92 */, 0
+ /* 93 */, 0
+ /* 94 */, 0
+ /* 95 */, 0
+ /* 96 */, 0
+ /* 97 */, 0
+ /* 98 */, 0
+ /* 99 */, 0
+ /* 9A */, C_DATA66+C_MEM2
+ /* 9B */, 0
+ /* 9C */, 0
+ /* 9D */, 0
+ /* 9E */, 0
+ /* 9F */, 0
+ /* A0 */, C_MEM67
+ /* A1 */, C_MEM67
+ /* A2 */, C_MEM67
+ /* A3 */, C_MEM67
+ /* A4 */, 0
+ /* A5 */, 0
+ /* A6 */, 0
+ /* A7 */, 0
+ /* A8 */, C_DATA1
+ /* A9 */, C_DATA66
+ /* AA */, 0
+ /* AB */, 0
+ /* AC */, 0
+ /* AD */, 0
+ /* AE */, 0
+ /* AF */, 0
+ /* B0 */, C_DATA1
+ /* B1 */, C_DATA1
+ /* B2 */, C_DATA1
+ /* B3 */, C_DATA1
+ /* B4 */, C_DATA1
+ /* B5 */, C_DATA1
+ /* B6 */, C_DATA1
+ /* B7 */, C_DATA1
+ /* B8 */, C_DATA66
+ /* B9 */, C_DATA66
+ /* BA */, C_DATA66
+ /* BB */, C_DATA66
+ /* BC */, C_DATA66
+ /* BD */, C_DATA66
+ /* BE */, C_DATA66
+ /* BF */, C_DATA66
+ /* C0 */, C_MODRM+C_DATA1
+ /* C1 */, C_MODRM+C_DATA1
+ /* C2 */, C_DATA2
+ /* C3 */, 0
+ /* C4 */, C_MODRM
+ /* C5 */, C_MODRM
+ /* C6 */, C_MODRM+C_DATA66
+ /* C7 */, C_MODRM+C_DATA66
+ /* C8 */, C_DATA2+C_DATA1
+ /* C9 */, 0
+ /* CA */, C_DATA2
+ /* CB */, 0
+ /* CC */, 0
+ /* CD */, C_DATA1+C_DATA4
+ /* CE */, 0
+ /* CF */, 0
+ /* D0 */, C_MODRM
+ /* D1 */, C_MODRM
+ /* D2 */, C_MODRM
+ /* D3 */, C_MODRM
+ /* D4 */, 0
+ /* D5 */, 0
+ /* D6 */, 0
+ /* D7 */, 0
+ /* D8 */, C_MODRM
+ /* D9 */, C_MODRM
+ /* DA */, C_MODRM
+ /* DB */, C_MODRM
+ /* DC */, C_MODRM
+ /* DD */, C_MODRM
+ /* DE */, C_MODRM
+ /* DF */, C_MODRM
+ /* E0 */, C_DATA1
+ /* E1 */, C_DATA1
+ /* E2 */, C_DATA1
+ /* E3 */, C_DATA1
+ /* E4 */, C_DATA1
+ /* E5 */, C_DATA1
+ /* E6 */, C_DATA1
+ /* E7 */, C_DATA1
+ /* E8 */, C_DATA66
+ /* E9 */, C_DATA66
+ /* EA */, C_DATA66+C_MEM2
+ /* EB */, C_DATA1
+ /* EC */, 0
+ /* ED */, 0
+ /* EE */, 0
+ /* EF */, 0
+ /* F0 */, C_PREFIX
+ /* F1 */, 0 // 0xF1
+ /* F2 */, C_PREFIX
+ /* F3 */, C_PREFIX
+ /* F4 */, 0
+ /* F5 */, 0
+ /* F6 */, C_FUCKINGTEST
+ /* F7 */, C_FUCKINGTEST
+ /* F8 */, 0
+ /* F9 */, 0
+ /* FA */, 0
+ /* FB */, 0
+ /* FC */, 0
+ /* FD */, 0
+ /* FE */, C_MODRM
+ /* FF */, C_MODRM
+}; // table_1
+
+static int table_0F[256] =
+{
+ /* 00 */ C_MODRM
+ /* 01 */, C_MODRM
+ /* 02 */, C_MODRM
+ /* 03 */, C_MODRM
+ /* 04 */, -1
+ /* 05 */, -1
+ /* 06 */, 0
+ /* 07 */, -1
+ /* 08 */, 0
+ /* 09 */, 0
+ /* 0A */, 0
+ /* 0B */, 0
+ /* 0C */, -1
+ /* 0D */, -1
+ /* 0E */, -1
+ /* 0F */, -1
+ /* 10 */, -1
+ /* 11 */, -1
+ /* 12 */, -1
+ /* 13 */, -1
+ /* 14 */, -1
+ /* 15 */, -1
+ /* 16 */, -1
+ /* 17 */, -1
+ /* 18 */, -1
+ /* 19 */, -1
+ /* 1A */, -1
+ /* 1B */, -1
+ /* 1C */, -1
+ /* 1D */, -1
+ /* 1E */, -1
+ /* 1F */, -1
+ /* 20 */, -1
+ /* 21 */, -1
+ /* 22 */, -1
+ /* 23 */, -1
+ /* 24 */, -1
+ /* 25 */, -1
+ /* 26 */, -1
+ /* 27 */, -1
+ /* 28 */, -1
+ /* 29 */, -1
+ /* 2A */, -1
+ /* 2B */, -1
+ /* 2C */, -1
+ /* 2D */, -1
+ /* 2E */, -1
+ /* 2F */, -1
+ /* 30 */, -1
+ /* 31 */, -1
+ /* 32 */, -1
+ /* 33 */, -1
+ /* 34 */, -1
+ /* 35 */, -1
+ /* 36 */, -1
+ /* 37 */, -1
+ /* 38 */, -1
+ /* 39 */, -1
+ /* 3A */, -1
+ /* 3B */, -1
+ /* 3C */, -1
+ /* 3D */, -1
+ /* 3E */, -1
+ /* 3F */, -1
+ /* 40 */, -1
+ /* 41 */, -1
+ /* 42 */, -1
+ /* 43 */, -1
+ /* 44 */, -1
+ /* 45 */, -1
+ /* 46 */, -1
+ /* 47 */, -1
+ /* 48 */, -1
+ /* 49 */, -1
+ /* 4A */, -1
+ /* 4B */, -1
+ /* 4C */, -1
+ /* 4D */, -1
+ /* 4E */, -1
+ /* 4F */, -1
+ /* 50 */, -1
+ /* 51 */, -1
+ /* 52 */, -1
+ /* 53 */, -1
+ /* 54 */, -1
+ /* 55 */, -1
+ /* 56 */, -1
+ /* 57 */, -1
+ /* 58 */, -1
+ /* 59 */, -1
+ /* 5A */, -1
+ /* 5B */, -1
+ /* 5C */, -1
+ /* 5D */, -1
+ /* 5E */, -1
+ /* 5F */, -1
+ /* 60 */, -1
+ /* 61 */, -1
+ /* 62 */, -1
+ /* 63 */, -1
+ /* 64 */, -1
+ /* 65 */, -1
+ /* 66 */, -1
+ /* 67 */, -1
+ /* 68 */, -1
+ /* 69 */, -1
+ /* 6A */, -1
+ /* 6B */, -1
+ /* 6C */, -1
+ /* 6D */, -1
+ /* 6E */, -1
+ /* 6F */, -1
+ /* 70 */, -1
+ /* 71 */, -1
+ /* 72 */, -1
+ /* 73 */, -1
+ /* 74 */, -1
+ /* 75 */, -1
+ /* 76 */, -1
+ /* 77 */, -1
+ /* 78 */, -1
+ /* 79 */, -1
+ /* 7A */, -1
+ /* 7B */, -1
+ /* 7C */, -1
+ /* 7D */, -1
+ /* 7E */, -1
+ /* 7F */, -1
+ /* 80 */, C_DATA66
+ /* 81 */, C_DATA66
+ /* 82 */, C_DATA66
+ /* 83 */, C_DATA66
+ /* 84 */, C_DATA66
+ /* 85 */, C_DATA66
+ /* 86 */, C_DATA66
+ /* 87 */, C_DATA66
+ /* 88 */, C_DATA66
+ /* 89 */, C_DATA66
+ /* 8A */, C_DATA66
+ /* 8B */, C_DATA66
+ /* 8C */, C_DATA66
+ /* 8D */, C_DATA66
+ /* 8E */, C_DATA66
+ /* 8F */, C_DATA66
+ /* 90 */, C_MODRM
+ /* 91 */, C_MODRM
+ /* 92 */, C_MODRM
+ /* 93 */, C_MODRM
+ /* 94 */, C_MODRM
+ /* 95 */, C_MODRM
+ /* 96 */, C_MODRM
+ /* 97 */, C_MODRM
+ /* 98 */, C_MODRM
+ /* 99 */, C_MODRM
+ /* 9A */, C_MODRM
+ /* 9B */, C_MODRM
+ /* 9C */, C_MODRM
+ /* 9D */, C_MODRM
+ /* 9E */, C_MODRM
+ /* 9F */, C_MODRM
+ /* A0 */, 0
+ /* A1 */, 0
+ /* A2 */, 0
+ /* A3 */, C_MODRM
+ /* A4 */, C_MODRM+C_DATA1
+ /* A5 */, C_MODRM
+ /* A6 */, -1
+ /* A7 */, -1
+ /* A8 */, 0
+ /* A9 */, 0
+ /* AA */, 0
+ /* AB */, C_MODRM
+ /* AC */, C_MODRM+C_DATA1
+ /* AD */, C_MODRM
+ /* AE */, -1
+ /* AF */, C_MODRM
+ /* B0 */, C_MODRM
+ /* B1 */, C_MODRM
+ /* B2 */, C_MODRM
+ /* B3 */, C_MODRM
+ /* B4 */, C_MODRM
+ /* B5 */, C_MODRM
+ /* B6 */, C_MODRM
+ /* B7 */, C_MODRM
+ /* B8 */, -1
+ /* B9 */, -1
+ /* BA */, C_MODRM+C_DATA1
+ /* BB */, C_MODRM
+ /* BC */, C_MODRM
+ /* BD */, C_MODRM
+ /* BE */, C_MODRM
+ /* BF */, C_MODRM
+ /* C0 */, C_MODRM
+ /* C1 */, C_MODRM
+ /* C2 */, -1
+ /* C3 */, -1
+ /* C4 */, -1
+ /* C5 */, -1
+ /* C6 */, -1
+ /* C7 */, -1
+ /* C8 */, 0
+ /* C9 */, 0
+ /* CA */, 0
+ /* CB */, 0
+ /* CC */, 0
+ /* CD */, 0
+ /* CE */, 0
+ /* CF */, 0
+ /* D0 */, -1
+ /* D1 */, -1
+ /* D2 */, -1
+ /* D3 */, -1
+ /* D4 */, -1
+ /* D5 */, -1
+ /* D6 */, -1
+ /* D7 */, -1
+ /* D8 */, -1
+ /* D9 */, -1
+ /* DA */, -1
+ /* DB */, -1
+ /* DC */, -1
+ /* DD */, -1
+ /* DE */, -1
+ /* DF */, -1
+ /* E0 */, -1
+ /* E1 */, -1
+ /* E2 */, -1
+ /* E3 */, -1
+ /* E4 */, -1
+ /* E5 */, -1
+ /* E6 */, -1
+ /* E7 */, -1
+ /* E8 */, -1
+ /* E9 */, -1
+ /* EA */, -1
+ /* EB */, -1
+ /* EC */, -1
+ /* ED */, -1
+ /* EE */, -1
+ /* EF */, -1
+ /* F0 */, -1
+ /* F1 */, -1
+ /* F2 */, -1
+ /* F3 */, -1
+ /* F4 */, -1
+ /* F5 */, -1
+ /* F6 */, -1
+ /* F7 */, -1
+ /* F8 */, -1
+ /* F9 */, -1
+ /* FA */, -1
+ /* FB */, -1
+ /* FC */, -1
+ /* FD */, -1
+ /* FE */, -1
+ /* FF */, -1
+}; // table_0F
+
+#endif
\ No newline at end of file
diff --git a/src/dllmain.cpp b/src/dllmain.cpp
index 8a7acd9..b1ec485 100644
--- a/src/dllmain.cpp
+++ b/src/dllmain.cpp
@@ -1,49 +1,11 @@
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
-
-typedef int (WSAAPI* _getaddrinfo)(
- _In_opt_ PCSTR pNodeName,
- _In_opt_ PCSTR pServiceName,
- _In_opt_ const ADDRINFOA *pHints,
- _Out_ PADDRINFOA *ppResult
- );
-
-typedef int (WSAAPI* _WSASend)(
- _In_ SOCKET s,
- _In_ LPWSABUF lpBuffers,
- _In_ DWORD dwBufferCount,
- _Out_ LPDWORD lpNumberOfBytesSent,
- _In_ DWORD dwFlags,
- _In_ LPWSAOVERLAPPED lpOverlapped,
- _In_ LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
-);
-
-static _getaddrinfo getaddrinfo_orig;
-static _WSASend WSASend_orig;
-
-int WSAAPI getaddrinfo_hook(
- _In_opt_ PCSTR pNodeName,
- _In_opt_ PCSTR pServiceName,
- _In_opt_ const ADDRINFOA *pHints,
- _Out_ PADDRINFOA *ppResult)
-{
- if (pNodeName)
- {
- for (size_t i = 0; i < sizeof(HostNames) / sizeof(HostNames[0]); i++)
- {
- if (!_strcmpi(pNodeName, HostNames[i]))
- return WSANO_RECOVERY;
- }
- }
- return getaddrinfo_orig(pNodeName, pServiceName, pHints, ppResult);
-}
-
-LPVOID Search(char* pPattern, size_t patternSize, uint8_t* scanStart, size_t scanSize)
+LPVOID Search (char* pPattern, size_t patternSize, uint8_t* scanStart, size_t scanSize)
{
__try
{
- auto res = std::search(
+ auto res = std::search (
scanStart, scanStart + scanSize, pPattern, pPattern + patternSize,
[](uint8_t val1, uint8_t val2) { return (val1 == val2); }
);
@@ -55,8 +17,24 @@ LPVOID Search(char* pPattern, size_t patternSize, uint8_t* scanStart, size_t sca
}
}
+LPVOID FindFunction (char* hModule, DWORD hModuleSize, char* midFuncPtn, int lenMidFuncPtn, int seekBackCount, char* startFuncPtn, int lenStartFuncPtn)
+{
+ LPVOID pfnAddr = Search (midFuncPtn, lenMidFuncPtn, (uint8_t*)hModule, hModuleSize);
+ if (!pfnAddr) return NULL;
+ char* pfnStart = NULL;
+ char* pfnCurrent = (char*)pfnAddr - seekBackCount;
+ while ((pfnCurrent = (char*)Search (startFuncPtn, lenStartFuncPtn, (uint8_t*)pfnCurrent, hModule + hModuleSize - pfnCurrent)) &&
+ pfnCurrent < pfnAddr)
+ {
+ pfnStart = pfnCurrent;
+ pfnCurrent++;
+ }
+
+ return pfnStart;
+}
+
// https://www.unknowncheats.me/forum/1064672-post23.html
-bool DataCompare(BYTE* pData, BYTE* bSig, char* szMask)
+bool DataCompare (BYTE* pData, BYTE* bSig, char* szMask)
{
for (; *szMask; ++szMask, ++pData, ++bSig)
{
@@ -66,14 +44,14 @@ bool DataCompare(BYTE* pData, BYTE* bSig, char* szMask)
return (*szMask) == NULL;
}
-BYTE* FindPattern(BYTE* dwAddress, DWORD dwSize, BYTE* pbSig, char* szMask)
+BYTE* FindPattern (BYTE* dwAddress, DWORD dwSize, BYTE* pbSig, char* szMask)
{
- DWORD length = strlen(szMask);
+ DWORD length = strlen (szMask);
for (DWORD i = NULL; i < dwSize - length; i++)
{
__try
{
- if (DataCompare(dwAddress + i, pbSig, szMask))
+ if (DataCompare (dwAddress + i, pbSig, szMask))
return dwAddress + i;
}
__except (EXCEPTION_EXECUTE_HANDLER) {
@@ -83,490 +61,54 @@ BYTE* FindPattern(BYTE* dwAddress, DWORD dwSize, BYTE* pbSig, char* szMask)
return 0;
}
-#define HOST_STR "Host: "
-
-int WSAAPI WSASend_hook(
- _In_ SOCKET s,
- _In_ LPWSABUF lpBuffers,
- _In_ DWORD dwBufferCount,
- _Out_ LPDWORD lpNumberOfBytesSent,
- _In_ DWORD dwFlags,
- _In_ LPWSAOVERLAPPED lpOverlapped,
- _In_ LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
-)
-{
- if (lpBuffers)
- {
- for (DWORD x = 0; x < dwBufferCount; x++)
- {
- LPVOID res = Search(HOST_STR, sizeof(HOST_STR) - 1, (uint8_t*)lpBuffers[x].buf, lpBuffers[x].len);
-
- if (res)
- {
- size_t max_len = (uint8_t*)lpBuffers[x].buf + lpBuffers[x].len - (uint8_t*) res;
-
- for (size_t i = 0; i < sizeof(HostNames) / sizeof(HostNames[0]); i++)
- {
- size_t l = strlen(HostNames[i]);
- if (l < max_len && !_strnicmp((char*)res + sizeof(HOST_STR) - 1, HostNames[i], l))
- return WSAENETUNREACH;
- }
- }
- }
- }
-
- return WSASend_orig(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
-}
-
-//void __stdcall LoadAPI(LPVOID* destination, LPCSTR apiName)
-//{
-// if (*destination)
-// return;
-//
-// wchar_t path[MAX_PATH];
-// //wchar_t windows[MAX_PATH];
-// //GetSystemDirectoryW(windows, MAX_PATH);
-// //wsprintf(path, L"%s\\netutils.dll", windows);
-// wsprintf(path, L".\\chrome_elf_.dll");
-// HMODULE hModule = GetModuleHandle(path);
-// if (!hModule && !(hModule = LoadLibrary(path)))
-// return;
-// *destination = GetProcAddress(hModule, apiName);
-//}
-//
-//#define API_EXPORT_ORIG(N) \
-// static LPVOID _##N = NULL; \
-// char S_##N[] = "" # N; \
-// extern "C" __declspec(dllexport) __declspec(naked) void N ## () \
-// { \
-// __asm pushad \
-// __asm push offset S_##N \
-// __asm push offset _##N \
-// __asm call LoadAPI \
-// __asm popad \
-// __asm jmp [_##N] \
-// }
-
-//API_EXPORT_ORIG(AddDllToBlacklist)
-//API_EXPORT_ORIG(ClearReportsBetween_ExportThunk)
-//API_EXPORT_ORIG(CrashForException_ExportThunk)
-//API_EXPORT_ORIG(DisableHook)
-//API_EXPORT_ORIG(DrainLog)
-//API_EXPORT_ORIG(DumpHungProcessWithPtype_ExportThunk)
-//API_EXPORT_ORIG(DumpProcessWithoutCrash)
-//API_EXPORT_ORIG(GetApplyHookResult)
-//API_EXPORT_ORIG(GetBlockedModulesCount)
-//API_EXPORT_ORIG(GetCrashReports_ExportThunk)
-//API_EXPORT_ORIG(GetCrashpadDatabasePath_ExportThunk)
-//API_EXPORT_ORIG(GetHandleVerifier)
-//API_EXPORT_ORIG(GetInstallDetailsPayload)
-//API_EXPORT_ORIG(GetUniqueBlockedModulesCount)
-//API_EXPORT_ORIG(GetUserDataDirectoryThunk)
-//API_EXPORT_ORIG(InjectDumpForHungInput_ExportThunk)
-//API_EXPORT_ORIG(IsBlacklistInitialized)
-//API_EXPORT_ORIG(IsCrashReportingEnabledImpl)
-//API_EXPORT_ORIG(RegisterLogNotification)
-//API_EXPORT_ORIG(RequestSingleCrashUpload_ExportThunk)
-//API_EXPORT_ORIG(SetCrashKeyValueImpl)
-//API_EXPORT_ORIG(SetMetricsClientId)
-//API_EXPORT_ORIG(SetUploadConsent_ExportThunk)
-//API_EXPORT_ORIG(SignalChromeElf)
-//API_EXPORT_ORIG(SignalInitializeCrashReporting)
-//API_EXPORT_ORIG(SuccessfullyBlocked)
-
-//#define API_COPY(M, N) \
-// _##N = GetProcAddress(M, #N);
-
-typedef char (__fastcall* _is_skippable)(
- char* This,
- void*
-);
-
-typedef int(__fastcall* _can_focus)(
- char* This,
- void*
-);
-
-typedef int(__fastcall* _now_playing)(
- char* This,
- void*,
- void* Unk
-);
-
-
-static _is_skippable is_skippable_orig;
-static _can_focus can_focus_orig;
-static _now_playing now_playing_orig;
-
-static DWORD dwCurrentTrackUriOffset = 0x0;
-static LPVOID pfnSkippableStart = NULL;
-static char lastPlayingUri[2048] = {0};
-static bool skipTrack = false;
-
-__declspec(naked) void is_skippable_hook()
-{
- __asm {
- mov eax, 1
- ret
- }
-}
-
-_declspec(naked) void can_focus_hook()
-{
- __asm {
- xor eax, eax
- ret
- }
-}
-
-DWORD WINAPI SkipTrack(LPVOID)
-{
- int cnt = 0;
- while (skipTrack && cnt++ < 2)
- {
- Sleep(250);
- if (skipTrack)
- {
- keybd_event(VK_MEDIA_NEXT_TRACK, 0x0, KEYEVENTF_EXTENDEDKEY, NULL);
- keybd_event(VK_MEDIA_NEXT_TRACK, 0x0, KEYEVENTF_EXTENDEDKEY | KEYEVENTF_KEYUP, NULL);
- break;
- }
- }
- return 0;
-}
-
-int __fastcall now_playing_hook(char* This, void* Edx, void* Track)
-{
- char* szCurrentTrackUri = (char*)*(void**)((char*)Track + dwCurrentTrackUriOffset);
-
- __try
- {
- if (strncmp(szCurrentTrackUri, lastPlayingUri, 2048))
- {
- strncpy_s(lastPlayingUri, szCurrentTrackUri, 2048);
-
- // If the now playing track is an ad or interruption, immediately skip using old method (simulating a "skip" media button press)
- if (!strncmp(szCurrentTrackUri, "spotify:ad:", 11) || !strncmp(szCurrentTrackUri, "spotify:interruption:", 21))
- {
- skipTrack = true;
- CreateThread(NULL, 0, SkipTrack, NULL, 0, NULL);
- }
- else
- {
- skipTrack = false;
- }
- }
- } __except (EXCEPTION_EXECUTE_HANDLER) {
- }
-
- return now_playing_orig(This, Edx, Track);
-}
-
-LPVOID FindFunction(char* hModule, DWORD hModuleSize, char* midFuncPtn, int lenMidFuncPtn, int seekBackCount, char* startFuncPtn, int lenStartFuncPtn)
-{
- LPVOID pfnAddr = Search(midFuncPtn, lenMidFuncPtn, (uint8_t*) hModule, hModuleSize);
- if (!pfnAddr) return NULL;
- char* pfnStart = NULL;
- char* pfnCurrent = (char*) pfnAddr - seekBackCount;
- while ((pfnCurrent = (char*) Search(startFuncPtn, lenStartFuncPtn, (uint8_t*)pfnCurrent, hModule + hModuleSize - pfnCurrent)) &&
- pfnCurrent < pfnAddr)
- {
- pfnStart = pfnCurrent;
- pfnCurrent++;
- }
-
- return pfnStart;
-}
-
-static char* ZeroString = "0\0";
-
-void Patch(HMODULE hModule, MODULEINFO mInfo)
-{
- DWORD d;
- VirtualProtect(hModule, mInfo.SizeOfImage, PAGE_EXECUTE_READWRITE, &d);
- LPVOID hEndOfModule = (uint8_t*)hModule + mInfo.SizeOfImage;
-
- // Hook skippable function (make all tracks skippable)
- pfnSkippableStart = FindFunction((char*)hModule, mInfo.SizeOfImage, "\x74\x04\xc6\x45\xbf\x01\xf6\xc3\x02\x74\x0b", 11, 1024,
- "\x55\x8b\xec\x6a\xff", 5);
-
- // fix for 1.0.91.183
- if (!pfnSkippableStart)
- pfnSkippableStart = FindFunction((char*)hModule, mInfo.SizeOfImage, "\x8D\x46\x1C\xC7\x45\xB8\x01\x00\x00\x00\x50\x8D\x45\xC0\x50\xE8", 16, 1024,
- "\x55\x8b\xec\x6a\xff", 5);
-
- if (pfnSkippableStart)
- {
- is_skippable_orig = (_is_skippable)pfnSkippableStart;
- Mhook_SetHook((PVOID*)&is_skippable_orig, is_skippable_hook);
- }
-
- // Hook now playing function (determine what current track is playing)
- LPVOID szNowPlaying = Search("now_playing_uri\0", 16, (uint8_t*)hModule, mInfo.SizeOfImage);
- if (szNowPlaying) {
- char szNowPlayingPattern[7];
- strcpy_s(szNowPlayingPattern, "\x6a\x0f\x68\x00\x00\x00\x00");
- memcpy(szNowPlayingPattern + 3, &szNowPlaying, sizeof(LPVOID));
-
- LPVOID pfnNowPlaying = FindFunction((char*)hModule, mInfo.SizeOfImage, szNowPlayingPattern, 7, 1024,
- "\x55\x8b\xec\x6a\xff", 5);
-
- if (pfnNowPlaying)
- {
- LPVOID pfnUriPtn = Search("\x6a\xff\x8d\x87", 4, (uint8_t*)pfnNowPlaying, (char*)hEndOfModule - (char*)pfnNowPlaying);
-
- // fix for 1.0.91.183
- if (!pfnUriPtn)
- pfnUriPtn = Search("\x74\x1a\x8d\x86", 4, (uint8_t*)pfnNowPlaying, (char*)hEndOfModule - (char*)pfnNowPlaying);
-
- if (pfnUriPtn)
- {
- dwCurrentTrackUriOffset = *(DWORD*)((char*)pfnUriPtn + 4);
- now_playing_orig = (_now_playing)pfnNowPlaying;
- Mhook_SetHook((PVOID*)&now_playing_orig, now_playing_hook);
- }
- }
- }
-
- // Hook focus function (disable focus for ads)
- LPVOID pfnRequireFocus = (uint8_t*)hModule;
- while ((pfnRequireFocus = Search("\x8d\x46\x40\x50\x8d\x45\xc0\x50\xe8", 9, (uint8_t*)pfnRequireFocus, (char*)hEndOfModule - (char*)pfnRequireFocus)))
- {
- if (*((char*)pfnRequireFocus - 5) == 0x68 &&
- !strcmp((char*)*(LPVOID*)((char*)pfnRequireFocus - 4), "require_focus"))
- {
- // Find the start of the function
- LPVOID pfnRequireFocusStart = NULL;
- LPVOID pfnRequireFocusCurrent = (char*)pfnRequireFocus - 500;
- while ((pfnRequireFocusCurrent = Search("\x55\x8b\xec\x6a\xff", 5, (uint8_t*)pfnRequireFocusCurrent, (char*)hEndOfModule - (char*)pfnRequireFocusCurrent)) &&
- pfnRequireFocusCurrent < pfnRequireFocus)
- {
- pfnRequireFocusStart = pfnRequireFocusCurrent;
- pfnRequireFocusCurrent = (char*)pfnRequireFocusCurrent + 1;
- }
- if (pfnRequireFocusStart)
- {
- can_focus_orig = (_can_focus)pfnRequireFocusStart;
- Mhook_SetHook((PVOID*)&can_focus_orig, can_focus_hook);
- break;
- }
- }
- pfnRequireFocus = (char*)pfnRequireFocus + 1;
- }
-
- uint8_t* cur = (uint8_t*)hModule;
- uint8_t* end = cur + mInfo.SizeOfImage;
-
- while (cur < end)
- {
- MEMORY_BASIC_INFORMATION mbi;
- VirtualQuery(cur, &mbi, sizeof(mbi));
- if (mbi.Protect & PAGE_EXECUTE_READ ||
- mbi.Protect & PAGE_EXECUTE_READWRITE ||
- mbi.Protect & PAGE_READWRITE ||
- mbi.Protect & PAGE_READONLY ||
- mbi.Protect & PAGE_EXECUTE_WRITECOPY)
- {
- // Patch 5 second minimum wait to skip video ads
- LPVOID skipStuckSeconds = (LPVOID)FindPattern((uint8_t*)mbi.BaseAddress, mbi.RegionSize, (BYTE*) "\x83\xc4\x08\x6a\x00\x68\xe8\x03\x00\x00\xff\x70\x04\xff\x30\xe8\x00\x00\x00\x00\x8d\x4d\xc0", "xxxxxxxxxxxxxxxx????xxx");
- int oneThousandMsOffset = 6;
-
- // fix for 1.0.91.183
- if (!skipStuckSeconds)
- {
- skipStuckSeconds = (LPVOID)FindPattern((uint8_t*)mbi.BaseAddress, mbi.RegionSize, (BYTE*) "\xb9\xe8\x03\x00\x00\xf7\xe9\x83\xc4\x1c", "xxxxxxxxxx");
- oneThousandMsOffset = 1;
- }
- if (skipStuckSeconds)
- {
- DWORD oldProtect;
- VirtualProtect((char*)skipStuckSeconds + oneThousandMsOffset, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
- *(DWORD*)((char*)skipStuckSeconds + oneThousandMsOffset) = 0;
- VirtualProtect((char*)skipStuckSeconds + oneThousandMsOffset, 4, oldProtect, &oldProtect);
- break;
- }
- }
- cur = (uint8_t*)mbi.BaseAddress + mbi.RegionSize;
- }
-}
-
-void PatchNet()
-{
- HMODULE hModule = GetModuleHandle(L"ws2_32.dll");
- if (!hModule)
- hModule = LoadLibrary(L"ws2_32.dll");
-
- if (hModule)
- {
- getaddrinfo_orig = (_getaddrinfo)GetProcAddress(hModule, "getaddrinfo");
- if (getaddrinfo_orig)
- Mhook_SetHook((PVOID*)&getaddrinfo_orig, getaddrinfo_hook);
- WSASend_orig = (_WSASend)GetProcAddress(hModule, "WSASend");
- if (WSASend_orig)
- Mhook_SetHook((PVOID*)&WSASend_orig, WSASend_hook);
- }
-}
-
-void PatchAdMain(HMODULE hModule, MODULEINFO mInfo)
-{
- // fix for 1.0.91.183
- LPVOID adMissingIdAddr = FindPattern((uint8_t*)hModule, mInfo.SizeOfImage, (BYTE*) "\x84\xC0\x0F\x85\x00\x00\x00\x00\x6A\x0D\x68", "xxxx????xxx");
- int adMissingNopOffset = 2;
- int adMissingNopCount = 6;
-
- // fallback old version
- if (!adMissingIdAddr) {
- adMissingIdAddr = FindPattern((uint8_t*)hModule, mInfo.SizeOfImage, (BYTE*) "\x84\xc0\x75\x00\x6a\x0d\x68", "xxx?xxx");
- adMissingNopOffset = 2, adMissingNopCount = 2;
- }
- if (adMissingIdAddr)
- {
- DWORD oldProtect;
- VirtualProtect((char*)adMissingIdAddr + adMissingNopOffset, adMissingNopCount, PAGE_EXECUTE_READWRITE, &oldProtect);
- memset((char*)adMissingIdAddr + adMissingNopOffset, 0x90, adMissingNopCount);
- VirtualProtect((char*)adMissingIdAddr + adMissingNopOffset, adMissingNopCount, oldProtect, &oldProtect);
- }
-}
-
-void WriteAll(HMODULE hModule, MODULEINFO mInfo)
-{
- uint8_t* cur = (uint8_t*)hModule;
- uint8_t* end = cur + mInfo.SizeOfImage;
-
- while (cur < end)
- {
- MEMORY_BASIC_INFORMATION mbi;
- VirtualQuery(cur, &mbi, sizeof(mbi));
- if (!(mbi.Protect & PAGE_GUARD)) {
- DWORD dwOldProtect;
- if (!VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &dwOldProtect) &&
- mbi.Type & MEM_MAPPED)
- VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_WRITECOPY, &dwOldProtect);
- }
- cur = (uint8_t*)mbi.BaseAddress + mbi.RegionSize;
- }
-}
-
-typedef struct
-{
- DWORD dwMajor;
- DWORD dwMinor;
- DWORD dwBuild;
- DWORD dwRevision;
-} version_t;
-
-typedef struct {
- WORD wLength;
- WORD wValueLength;
- WORD wType;
- WCHAR szKey[16];
- WORD Padding1;
- VS_FIXEDFILEINFO Value;
- WORD Padding2;
- WORD Children;
-} VS_VERSIONINFO;
-
-BOOL GetFileVersionInfo(version_t* v)
+DWORD WINAPI MainThread (LPVOID)
{
- BOOL ok = FALSE;
- WCHAR moduleFilePath[MAX_PATH];
- DWORD verHandle;
- GetModuleFileName(GetModuleHandle(NULL), moduleFilePath, MAX_PATH);
- DWORD verSize = GetFileVersionInfoSize(moduleFilePath, &verHandle);
- if (verSize)
- {
- LPVOID verBuffer;
- UINT size;
- LPVOID verData = new char[verSize];
- if (GetFileVersionInfo(moduleFilePath, verHandle, verSize, verData) &&
- VerQueryValueA(verData, "\\", &verBuffer, &size) &&
- size)
- {
- VS_VERSIONINFO *verInfo = (VS_VERSIONINFO *) verData;
- if (verInfo->Value.dwSignature == 0xfeef04bd)
- {
- v->dwMajor = verInfo->Value.dwFileVersionMS >> 16 & 0xffff;
- v->dwMinor = verInfo->Value.dwFileVersionMS & 0xffff;
- v->dwBuild = verInfo->Value.dwFileVersionLS >> 16 & 0xffff;
- v->dwRevision = verInfo->Value.dwFileVersionLS & 0xffff;
- ok = TRUE;
- }
- }
- delete (char*) verData;
- }
- return ok;
-}
+ HMODULE hModule = GetModuleHandle (NULL);
+ MODULEINFO mInfo = { 0 };
+ if (GetModuleInformation (GetCurrentProcess (), hModule, &mInfo, sizeof (MODULEINFO))) {
-DWORD WINAPI MainThread(LPVOID)
-{
- // Block known ad hosts via function hooks
- __try {
- PatchNet();
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- }
+ LPVOID skipPod = FindPattern ((uint8_t*)hModule, mInfo.SizeOfImage, (BYTE*) "\xFF\x07\x0F\x85\x00\x00\x00\x00\xE8", "xxxx????x");
- HMODULE hModule = GetModuleHandle(NULL);
- MODULEINFO mInfo = { 0 };
- if (GetModuleInformation(GetCurrentProcess(), hModule, &mInfo, sizeof(MODULEINFO))) {
- // Attempt to make entire module writable
- __try {
- WriteAll(hModule, mInfo);
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
+ if (skipPod)
{
- }
+ DWORD oldProtect;
+ VirtualProtect ((char*)skipPod + 2, 1, PAGE_EXECUTE_READWRITE, &oldProtect);
+ memset ((char*)skipPod + 2, 0x90, 1);
+ VirtualProtect ((char*)skipPod + 2, 1, oldProtect, &oldProtect);
- // Perform fallback patches (just in-case the main method fails)
- // Only allow for version 1.1.0.xx and below
- version_t v;
- if (GetFileVersionInfo(&v) && v.dwMajor <= 1 && v.dwMinor <= 1 && v.dwBuild <= 0)
- {
- __try {
- Patch(hModule, mInfo);
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- }
+ VirtualProtect ((char*)skipPod + 3, 1, PAGE_EXECUTE_READWRITE, &oldProtect);
+ memset ((char*)skipPod + 3, 0xE9, 1);
+ VirtualProtect ((char*)skipPod + 3, 1, oldProtect, &oldProtect);
}
- // Perform main ad patch
- __try {
- PatchAdMain(hModule, mInfo);
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- }
}
return 0;
}
-BOOL APIENTRY DllMain( HMODULE hModule,
- DWORD ul_reason_for_call,
- LPVOID lpReserved
- )
+BOOL APIENTRY DllMain (HMODULE hModule,
+ DWORD ul_reason_for_call,
+ LPVOID lpReserved
+)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
- DisableThreadLibraryCalls(hModule);
- // Only patch the main process and none of the renderers/workers
- if (!wcsstr (GetCommandLine (), L"--type="))
- switch (MessageBox (
- NULL,
- (LPCWSTR)L"I'll buy premium if had money!",
- (LPCWSTR)L"Warning",
- MB_YESNO | MB_ICONWARNING)) {
- case IDYES:
- CreateThread (NULL, NULL, MainThread, NULL, 0, NULL);
- break;
- default:
- exit (0);
- break;
- }
+ DisableThreadLibraryCalls (hModule);
+ // Only patch the main process and none of the other
+ if (!wcsstr (GetCommandLine (), L"--type=")) {
+ //skip processing ads but ads still downloaded
+ CreateThread (NULL, NULL, MainThread, NULL, 0, NULL);
+ }
+ if (wcsstr (GetCommandLine (), L"--url=")) {
+ exit (0);
+ }
+ // block the ads banner by hostname
+ InstallHookApi ("ws2_32.dll", "getaddrinfo", getaddrinfohook);
+ // real ads block
+ InstallHookApi ("Winhttp.dll", "WinHttpOpenRequest", winhttpopenrequesthook);
+ // for future
+ //InstallHookApi ("ws2_32.dll", "connect", connecthook);
break;
-
}
return TRUE;
}
diff --git a/src/hosts.cpp b/src/hosts.cpp
new file mode 100644
index 0000000..25e4f30
--- /dev/null
+++ b/src/hosts.cpp
@@ -0,0 +1,67 @@
+#include "stdafx.h"
+#include "hosts.h"
+
+int WINAPI winhttpopenrequesthook (DWORD RetAddr,
+ pfnwinhttpopenrequest fnwinhttpopenrequest,
+ HINTERNET hConnect,
+ LPCWSTR pwszVerb,
+ LPCWSTR pwszObjectName,
+ LPCWSTR pwszVersion,
+ LPCWSTR pwszReferrer,
+ LPCWSTR* ppwszAcceptTypes,
+ DWORD dwFlags)
+{
+ //wcscmp (pwszVerb, L"POST") == 0
+ if (wcscmp (pwszObjectName, L"/ad-logic/flashpoint") == 0)
+ return NULL;
+ if (wcscmp (pwszObjectName, L"/ads") == 0)
+ return NULL;
+ //if (wcscmp (pwszObjectName, L"/ads/v1/ads/leaderboard") == 0)
+ //return NULL;
+
+ return fnwinhttpopenrequest (hConnect,
+ pwszVerb,
+ pwszObjectName,
+ pwszVersion,
+ pwszReferrer,
+ ppwszAcceptTypes,
+ dwFlags);
+}
+
+int WINAPI connecthook (DWORD RetAddr,
+ pfnconnect fnconnect,
+ SOCKET s,
+ const struct sockaddr* name,
+ int namelen)
+{
+ return fnconnect (s, name, namelen);
+
+ //for future whitelist or blacklist ip
+ //struct sockaddr_in* sa = (struct sockaddr_in*)name;
+ //if (sa->sin_family != AF_INET) // check only IPv4
+ //return fnconnect (s, name, namelen);
+
+
+ //char* allowip = "151.101.8.246"; // Image
+ //char ipstr[INET_ADDRSTRLEN];
+ //inet_ntop (sa->sin_family, &(sa->sin_addr), ipstr, INET_ADDRSTRLEN);
+ //if (_stricmp (ipstr, allowip) == 0) {
+ //return SOCKET_ERROR;
+ //}
+
+}
+
+int WINAPI getaddrinfohook (DWORD RetAddr,
+ pfngetaddrinfo fngetaddrinfo,
+ const char* nodename,
+ const char* servname,
+ const struct addrinfo* hints,
+ struct addrinfo** res)
+{
+ for (size_t i = 0; i < sizeof (blockhost) / sizeof (blockhost[0]); i++)
+ {
+ if (strstr (nodename, blockhost[i]) != NULL)
+ return WSANO_RECOVERY;
+ }
+ return fngetaddrinfo (nodename, servname, hints, res);
+}
diff --git a/src/hosts.h b/src/hosts.h
index 609c5b1..e58e491 100644
--- a/src/hosts.h
+++ b/src/hosts.h
@@ -1,7 +1,48 @@
-#pragma once
+#ifndef _HOSTS_H
+#define _HOSTS_H
-static const char* HostNames[] = {
-// new website
+typedef SOCKET (__stdcall* pfnconnect)(SOCKET s,
+ const struct sockaddr* name,
+ int namelen);
+
+typedef int (__stdcall* pfngetaddrinfo)(const char* nodename,
+ const char* servname,
+ const struct addrinfo* hints,
+ struct addrinfo** res);
+
+typedef int (__stdcall* pfnwinhttpopenrequest)(HINTERNET hConnect,
+ LPCWSTR pwszVerb,
+ LPCWSTR pwszObjectName,
+ LPCWSTR pwszVersion,
+ LPCWSTR pwszReferrer,
+ LPCWSTR* ppwszAcceptTypes,
+ DWORD dwFlags);
+
+int WINAPI winhttpopenrequesthook (DWORD RetAddr,
+ pfnwinhttpopenrequest fnwinhttpopenrequest,
+ HINTERNET hConnect,
+ LPCWSTR pwszVerb,
+ LPCWSTR pwszObjectName,
+ LPCWSTR pwszVersion,
+ LPCWSTR pwszReferrer,
+ LPCWSTR* ppwszAcceptTypes,
+ DWORD dwFlags
+);
+
+int WINAPI connecthook (DWORD RetAddr,
+ pfnconnect fnconnect,
+ SOCKET s,
+ const struct sockaddr* name,
+ int namelen);
+
+int WINAPI getaddrinfohook (DWORD RetAddr,
+ pfngetaddrinfo fngetaddrinfo,
+ const char* nodename,
+ const char* servname,
+ const struct addrinfo* hints,
+ struct addrinfo** res);
+
+static const char* blockhost[] = {
// fork this if you found more... I'll check if had time.
"google.ac",
"google.ad",
@@ -454,518 +495,8 @@ static const char* HostNames[] = {
"beacons4.gvt2.com",
"beacons5.gvt2.com",
"beacons5.gvt3.com",
- "clients2.google.com"
+ "clients2.google.com",
+ "crashdump.spotify.com"
};
-/*
- "1435575.fls.doubleclick.net",
- "2542116.fls.doubleclick.net",
- "2mdn.net",
- "3642305.fls.doubleclick.net",
- "3765329.fls.doubleclick.net",
- "3ad.doubleclick.net",
- "4.afs.googleadservices.com",
- "4053494.fls.doubleclick.net",
- "4236808.fls.doubleclick.net",
- "4360661.fls.doubleclick.net",
- "4488352.fls.doubleclick.net",
- "4514783.fls.doubleclick.net",
- "4684100.fls.doubleclick.net",
- "5362399.fls.doubleclick.net",
- "ad-ace.doubleclick.net",
- "ad-apac.doubleclick.net",
- "ad-emea.doubleclick.net",
- "ad-g.doubleclick.net",
- "ad-yt-bfp.doubleclick.net",
- "ad.3au.doubleclick.net",
- "ad.ae.doubleclick.net",
- "ad.ar.doubleclick.net",
- "ad.at.doubleclick.net",
- "ad.au.doubleclick.net",
- "ad.be.doubleclick.net",
- "ad.bg.doubleclick.net",
- "ad.br.doubleclick.net",
- "ad.ca.doubleclick.net",
- "ad.ch.doubleclick.net",
- "ad.cl.doubleclick.net",
- "ad.cn.doubleclick.net",
- "ad.de.doubleclick.net",
- "ad.dk.doubleclick.net",
- "ad.doubleclick.net",
- "ad.es.doubleclick.net",
- "ad.fi.doubleclick.net",
- "ad.fr.doubleclick.net",
- "ad.gr.doubleclick.net",
- "ad.hk.doubleclick.net",
- "ad.hr.doubleclick.net",
- "ad.hu.doubleclick.net",
- "ad.ie.doubleclick.net",
- "ad.in.doubleclick.net",
- "ad.it.doubleclick.net",
- "ad.jp.doubleclick.net",
- "ad.kr.doubleclick.net",
- "ad.mo.doubleclick.net",
- "ad.my.doubleclick.net",
- "ad.n2434.doubleclick.net",
- "ad.nl.doubleclick.net",
- "ad.no.doubleclick.net",
- "ad.nz.doubleclick.net",
- "ad.pl.doubleclick.net",
- "ad.pt.doubleclick.net",
- "ad.ro.doubleclick.net",
- "ad.rs.doubleclick.net",
- "ad.ru.doubleclick.net",
- "ad.se.doubleclick.net",
- "ad.sg.doubleclick.net",
- "ad.si.doubleclick.net",
- "ad.terra.doubleclick.net",
- "ad.th.doubleclick.net",
- "ad.tw.doubleclick.net",
- "ad.uk.doubleclick.net",
- "ad.us.doubleclick.net",
- "ad.ve.doubleclick.net",
- "ad.za.doubleclick.net",
- "ad2.doubleclick.net",
- "adclick.g.doublecklick.net",
- "adclick.g.doubleclick.net",
- "adeventtracker.spotify.com",
- "adnxs.com",
- "ads-fa.spotify.com",
- "ads.cc-dt.com",
- "ads.pubmatic.com",
- "ads.yahoo.com",
- "adservices.google.com",
- "adwords.google.lloymlincs.com",
- "affiliate.2mdn.net",
- "affiliate.googleusercontent.com",
- "agkn.com",
- "aktrack.pubmatic.com",
- "amn.doubleclick.net",
- "analytic-google.com",
- "analytics-api-samples.googlecode.com",
- "analytics.google.com",
- "analytics.spotify.com",
- "anon.doubleclick.speedera.net",
- "aud.pubmatic.com",
- "audio-ec.spotify.com",
- "audio-fa.spotify.com",
- "audio-sp-ash.spotify.com",
- "audio-sp-tyo.spotify.com",
- "audio-sp.spotify.com",
- "audio2.spotify.com",
- "b.scorecardresearch.com",
- "bid.g.doubleclick.net",
- "bid.pubmatic.com",
- "bounceexchange.com",
- "bs.serving-sys.com",
- "buttons.googlesyndication.com",
- "cc-dt.com",
- "clickserve.cc-dt.com",
- "clientmetrics-pa.googleapis.com",
- "cloudfront.net",
- "cm.g.doubleclick.net",
- "content.bitsontherun.com",
- "core.insightexpressai.com",
- "crashdump.spotify.com",
- "creative.cc-dt.com",
- "creatives.doubleclick.net",
- "d2gi7ultltnc2u.cloudfront.net",
- "d3rt1990lpmkn.cloudfront.net",
- "desktop.spotify.com",
- "dfp.doubleclick.net",
- "domains.googlesyndication.com",
- "doubleclick.com",
- "doubleclick.de",
- "doubleclick.ne.jp",
- "doubleclick.net",
- "dp.g.doubleclick.net",
- "ds.serving-sys.com",
- "ebaycn.doubleclick.net",
- "ebaytw.doubleclick.net",
- "exnjadgda1.doubleclick.net",
- "exnjadgda2.doubleclick.net",
- "exnjadgds1.doubleclick.net",
- "exnjmdgda1.doubleclick.net",
- "exnjmdgds1.doubleclick.net",
- "fastclick.net",
- "feedads.g.doubleclick.net",
- "feedads.googleadservices.com",
- "fgoogle.com",
- "fls.au.doubleclick.net",
- "fls.doubleclick.net",
- "fls.uk.doubleclick.net",
- "gads.pubmatic.com",
- "gan.doubleclick.net",
- "gcdn.2mdn.net",
- "gd1.doubleclick.net",
- "gd10.doubleclick.net",
- "gd11.doubleclick.net",
- "gd12.doubleclick.net",
- "gd13.doubleclick.net",
- "gd14.doubleclick.net",
- "gd15.doubleclick.net",
- "gd16.doubleclick.net",
- "gd17.doubleclick.net",
- "gd18.doubleclick.net",
- "gd19.doubleclick.net",
- "gd2.doubleclick.net",
- "gd20.doubleclick.net",
- "gd21.doubleclick.net",
- "gd22.doubleclick.net",
- "gd23.doubleclick.net",
- "gd24.doubleclick.net",
- "gd25.doubleclick.net",
- "gd26.doubleclick.net",
- "gd27.doubleclick.net",
- "gd28.doubleclick.net",
- "gd29.doubleclick.net",
- "gd3.doubleclick.net",
- "gd30.doubleclick.net",
- "gd31.doubleclick.net",
- "gd4.doubleclick.net",
- "gd5.doubleclick.net",
- "gd7.doubleclick.net",
- "gd8.doubleclick.net",
- "gd9.doubleclick.net",
- "google-analytics.com",
- "googleads.g.doubleclick.net",
- "googleads2.g.doubleclick.net",
- "googleads4.g.doubleclick.net",
- "googleadservices.com",
- "googlepositions.com",
- "googlesyndication.com",
- "googletagservices.com",
- "gtssl2-ocsp.geotrust.com",
- "gvt1.com",
- "haso.pubmatic.com",
- "heads-fab.spotify.com",
- "image2.pubmatic.com",
- "ir.doubleclick.net",
- "iv.doubleclick.net",
- "js.moatads.com",
- "ln.doubleclick.net",
- "log.spotify.com",
- "m.2mdn.net",
- "m.de.2mdn.net",
- "m.doubleclick.net",
- "m.fr.2mdn.net",
- "m.uk.2mdn.net",
- "m1.2mdn.net",
- "m1.ae.2mdn.net",
- "m1.au.2mdn.net",
- "m1.be.2mdn.net",
- "m1.br.2mdn.net",
- "m1.ca.2mdn.net",
- "m1.cn.2mdn.net",
- "m1.de.2mdn.net",
- "m1.dk.2mdn.net",
- "m1.doubleclick.net",
- "m1.emea.2mdn.net",
- "m1.emea.2mdn.net.edgesuite.net",
- "m1.es.2mdn.net",
- "m1.fi.2mdn.net",
- "m1.fr.2mdn.net",
- "m1.it.2mdn.net",
- "m1.jp.2mdn.net",
- "m1.nl.2mdn.net",
- "m1.no.2mdn.net",
- "m1.nz.2mdn.net",
- "m1.pl.2mdn.net",
- "m1.se.2mdn.net",
- "m1.sg.2mdn.net",
- "m1.uk.2mdn.net",
- "m1.ve.2mdn.net",
- "m1.za.2mdn.net",
- "m2.ae.2mdn.net",
- "m2.au.2mdn.net",
- "m2.be.2mdn.net",
- "m2.br.2mdn.net",
- "m2.ca.2mdn.net",
- "m2.cn.2mdn.net",
- "m2.cn.doubleclick.net",
- "m2.de.2mdn.net",
- "m2.dk.2mdn.net",
- "m2.doubleclick.net",
- "m2.es.2mdn.net",
- "m2.fi.2mdn.net",
- "m2.fr.2mdn.net",
- "m2.it.2mdn.net",
- "m2.jp.2mdn.net",
- "m2.nl.2mdn.net",
- "m2.no.2mdn.net",
- "m2.nz.2mdn.net",
- "m2.pl.2mdn.net",
- "m2.se.2mdn.net",
- "m2.sg.2mdn.net",
- "m2.uk.2mdn.net",
- "m2.ve.2mdn.net",
- "m2.za.2mdn.net",
- "m3.2mdn.net",
- "m3.ae.2mdn.net",
- "m3.au.2mdn.net",
- "m3.be.2mdn.net",
- "m3.br.2mdn.net",
- "m3.ca.2mdn.net",
- "m3.cn.2mdn.net",
- "m3.de.2mdn.net",
- "m3.dk.2mdn.net",
- "m3.doubleclick.net",
- "m3.es.2mdn.net",
- "m3.fi.2mdn.net",
- "m3.fr.2mdn.net",
- "m3.it.2mdn.net",
- "m3.jp.2mdn.net",
- "m3.nl.2mdn.net",
- "m3.no.2mdn.net",
- "m3.nz.2mdn.net",
- "m3.pl.2mdn.net",
- "m3.se.2mdn.net",
- "m3.sg.2mdn.net",
- "m3.uk.2mdn.net",
- "m3.ve.2mdn.net",
- "m3.za.2mdn.net",
- "m4.ae.2mdn.net",
- "m4.afs.googleadservices.com",
- "m4.au.2mdn.net",
- "m4.be.2mdn.net",
- "m4.br.2mdn.net",
- "m4.ca.2mdn.net",
- "m4.cn.2mdn.net",
- "m4.de.2mdn.net",
- "m4.dk.2mdn.net",
- "m4.doubleclick.net",
- "m4.es.2mdn.net",
- "m4.fi.2mdn.net",
- "m4.fr.2mdn.net",
- "m4.it.2mdn.net",
- "m4.jp.2mdn.net",
- "m4.nl.2mdn.net",
- "m4.no.2mdn.net",
- "m4.nz.2mdn.net",
- "m4.pl.2mdn.net",
- "m4.se.2mdn.net",
- "m4.sg.2mdn.net",
- "m4.uk.2mdn.net",
- "m4.ve.2mdn.net",
- "m4.za.2mdn.net",
- "m5.ae.2mdn.net",
- "m5.au.2mdn.net",
- "m5.be.2mdn.net",
- "m5.br.2mdn.net",
- "m5.ca.2mdn.net",
- "m5.cn.2mdn.net",
- "m5.de.2mdn.net",
- "m5.dk.2mdn.net",
- "m5.doubleclick.net",
- "m5.es.2mdn.net",
- "m5.fi.2mdn.net",
- "m5.fr.2mdn.net",
- "m5.it.2mdn.net",
- "m5.jp.2mdn.net",
- "m5.nl.2mdn.net",
- "m5.no.2mdn.net",
- "m5.nz.2mdn.net",
- "m5.pl.2mdn.net",
- "m5.se.2mdn.net",
- "m5.sg.2mdn.net",
- "m5.uk.2mdn.net",
- "m5.ve.2mdn.net",
- "m5.za.2mdn.net",
- "m6.ae.2mdn.net",
- "m6.au.2mdn.net",
- "m6.be.2mdn.net",
- "m6.br.2mdn.net",
- "m6.ca.2mdn.net",
- "m6.cn.2mdn.net",
- "m6.de.2mdn.net",
- "m6.dk.2mdn.net",
- "m6.doubleclick.net",
- "m6.es.2mdn.net",
- "m6.fi.2mdn.net",
- "m6.fr.2mdn.net",
- "m6.it.2mdn.net",
- "m6.jp.2mdn.net",
- "m6.nl.2mdn.net",
- "m6.no.2mdn.net",
- "m6.nz.2mdn.net",
- "m6.pl.2mdn.net",
- "m6.se.2mdn.net",
- "m6.sg.2mdn.net",
- "m6.uk.2mdn.net",
- "m6.ve.2mdn.net",
- "m6.za.2mdn.net",
- "m7.ae.2mdn.net",
- "m7.au.2mdn.net",
- "m7.be.2mdn.net",
- "m7.br.2mdn.net",
- "m7.ca.2mdn.net",
- "m7.cn.2mdn.net",
- "m7.de.2mdn.net",
- "m7.dk.2mdn.net",
- "m7.doubleclick.net",
- "m7.es.2mdn.net",
- "m7.fi.2mdn.net",
- "m7.fr.2mdn.net",
- "m7.it.2mdn.net",
- "m7.jp.2mdn.net",
- "m7.nl.2mdn.net",
- "m7.no.2mdn.net",
- "m7.nz.2mdn.net",
- "m7.pl.2mdn.net",
- "m7.se.2mdn.net",
- "m7.sg.2mdn.net",
- "m7.uk.2mdn.net",
- "m7.ve.2mdn.net",
- "m7.za.2mdn.net",
- "m8.ae.2mdn.net",
- "m8.au.2mdn.net",
- "m8.be.2mdn.net",
- "m8.br.2mdn.net",
- "m8.ca.2mdn.net",
- "m8.cn.2mdn.net",
- "m8.de.2mdn.net",
- "m8.dk.2mdn.net",
- "m8.doubleclick.net",
- "m8.es.2mdn.net",
- "m8.fi.2mdn.net",
- "m8.fr.2mdn.net",
- "m8.it.2mdn.net",
- "m8.jp.2mdn.net",
- "m8.nl.2mdn.net",
- "m8.no.2mdn.net",
- "m8.nz.2mdn.net",
- "m8.pl.2mdn.net",
- "m8.se.2mdn.net",
- "m8.sg.2mdn.net",
- "m8.uk.2mdn.net",
- "m8.ve.2mdn.net",
- "m8.za.2mdn.net",
- "m9.ae.2mdn.net",
- "m9.au.2mdn.net",
- "m9.be.2mdn.net",
- "m9.br.2mdn.net",
- "m9.ca.2mdn.net",
- "m9.cn.2mdn.net",
- "m9.de.2mdn.net",
- "m9.dk.2mdn.net",
- "m9.doubleclick.net",
- "m9.es.2mdn.net",
- "m9.fi.2mdn.net",
- "m9.fr.2mdn.net",
- "m9.it.2mdn.net",
- "m9.jp.2mdn.net",
- "m9.nl.2mdn.net",
- "m9.no.2mdn.net",
- "m9.nz.2mdn.net",
- "m9.pl.2mdn.net",
- "m9.se.2mdn.net",
- "m9.sg.2mdn.net",
- "m9.uk.2mdn.net",
- "m9.ve.2mdn.net",
- "m9.za.2mdn.net",
- "marketing.doubleclickindustries.com",
- "media-match.com",
- "mimageads.googleadservices.com",
- "mimageads1.googleadservices.com",
- "mimageads2.googleadservices.com",
- "mimageads3.googleadservices.com",
- "mimageads4.googleadservices.com",
- "mimageads5.googleadservices.com",
- "mimageads6.googleadservices.com",
- "mimageads7.googleadservices.com",
- "mimageads8.googleadservices.com",
- "mimageads9.googleadservices.com",
- "motifcdn.doubleclick.net",
- "motifcdn2.doubleclick.net",
- "mpartner.googleadservices.com",
- "n3302ad.doubleclick.net",
- "n3349ad.doubleclick.net",
- "n4052ad.doubleclick.net",
- "n4061ad.doubleclick.net",
- "n4061ad.hk.doubleclick.net",
- "n4403ad.doubleclick.net",
- "n479ad.doubleclick.net",
- "omaze.com",
- "open.spotify.com",
- "optimize.doubleclick.net",
- "pagead-googlehosted.l.google.com",
- "pagead.googlesyndication.com",
- "pagead.l.doubleclick.net",
- "pagead.l.google.com",
- "pagead1.googlesyndication.com",
- "pagead2.googleadservices.com",
- "pagead2.googlesyndication.com",
- "pagead3.googlesyndication.com",
- "pagead46.l.doubleclick.net",
- "partner.googleadservices.com",
- "partnerad.l.doubleclick.net",
- "partnerad.l.google.com",
- "paypalssl.doubleclick.net",
- "pubads.g.doubleclick.net",
- "pubmatic.com",
- "ravenjs.com",
- "rd.intl.doubleclick.net",
- "redirector.gvt1.com",
- "rlcdn.com",
- "rmcdn.2mdn.net",
- "rmcdn.f.2mdn.net",
- "router.googlecom.biz",
- "s0.2mdn.net",
- "s1.2mdn.net",
- "s2.video.doubleclick.net",
- "securepubads.g.doubleclick.net",
- "showads.pubmatic.com",
- "showads1000.pubmatic.com",
- "showadsak.pubmatic.com",
- "so.2mdn.net",
- //"spclient.wg.spotify.com",
- "ssl.google-analytics.com",
- "static.2mdn.net",
- "static.doubleclick.net",
- "stats.g.doubleclick.net",
- "survey.g.doubleclick.net",
- "tpc.googlesyndication.com",
- "track.pubmatic.com",
- "twx.2mdn.net",
- "twx.doubleclick.net",
- "uunyadgda1.doubleclick.net",
- "uunyadgds1.doubleclick.net",
- "v.jwpcdn.com",
- "video-ad-stats.googlesyndication.com",
- "video-stats.video.google.com",
- "weblb-wg.gslb.spotify.com",
- "wintricksbanner.googlepages.com",
- "www-google-analytics.l.google.com",
- "www-google.nl",
- "www.adwords.google.lloymlincs.com",
- "www.analytic-google.com",
- "www.doubleclick.com",
- "www.doubleclick.net",
- "www.doubleclickbygoogle.com",
- "www.google-analytics.com",
- "www.google-docs.info",
- "www.google-docs.org",
- "www.google-tour.com",
- "www.google.ienet.pl",
- "www.google.xweb24.pl",
- "www.googleadservices.com",
- "www.googleapps-espana.com",
- "www.googleapps-jobs.com",
- "www.googleapps-spain.com",
- "www.googlechrome2013.com",
- "www.googletagmanager.com",
- "www.googletagservices.com",
- "www.googlew.com",
- "www.googlewordpad.info",
- "www.partner.googleadservices.com",
- "www.www-google.nl",
- "www.wwwgoogles.com",
- "www2.doubleclick.com",
- "www3.doubleclick.com",
- "www3.doubleclick.net",
- "video-ad-stats.googlesyndication.com",
- "weblb-wg.dual-gslb.spotify.com",
- "weblb-wg.gslb.spotify.com",
- "ds.serving-sys.com",
- "bs.serving-sys.com"
- */
\ No newline at end of file
+#endif /* _HOSTS_H */
diff --git a/src/stdafx.h b/src/stdafx.h
index 2adc2ca..4d258c7 100644
--- a/src/stdafx.h
+++ b/src/stdafx.h
@@ -13,13 +13,14 @@
// TODO: reference additional headers your program requires here
-#include "../mhook/mhook-lib/mhook.h"
-#include "hosts.h"
-#include
#include
#include
#include
-
-#pragma comment(lib, "Ws2_32.lib")
+#include
+#include
+#include
+#include "HookApi.h"
+#include "hosts.h"
#pragma comment(lib, "Psapi.lib")
-#pragma comment(lib, "Version.lib")
\ No newline at end of file
+#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, "Winhttp.lib")