Thread: dll to encrypt packet sends

  1. #1
    Registered User
    Join Date
    Jan 2006
    Posts
    22

    Thumbs up dll to encrypt packet sends

    Hello, how i can encrypt packets sends of a program...

    I'm attaching the dll to program, but i dont know how to encrypt all packets before the program send it.

    i know that i need to attach a function to a windows function, but i dont know how do it...

    if anyone can just post a snippet (the attaching of the function, and a simple encrypt method)

    Thank you.

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    You mean like the same way the secure sockets layer works?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Registered User
    Join Date
    Jan 2006
    Posts
    22

    Arrow

    Hello,

    I dont know what you mean, but i'll try to explain it more...

    A program, any... to send anything to internet via TCP, use a function of windows that i dont remember the name, ...

    so, i need that my dll, when attach to a process, encrypt all packets before the program send it, understand?

    PROGRAM -> WINDOWS API (SOCKETS) -> SEND

    after hooked

    PROGRAM -> WINDOWS API (SOCKETS) -> MY DLL FUNC TO ENCRYPT IT -> SEND

    or

    PROGRAM -> MY DLL FUNC TO ENCRYPT IT -> WINDOWS API (SOCKETS) -> SEND

    Thank you.

  4. #4
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  5. #5
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Sorry, but i cant use it, i need a code to hook send/recv functions ...

    My problem is people using WPE PRO (Packet Editor) to cheat on my program, this program (WPE) load and hook a dll on my program, so a alternative method is detecting when a DLL is loaded in memory, and unload it if isn't allowed, anyone have a piece of code to detect and unhook a DLL?

    Remember, i dont have the sources, so it need to be using windows API functions.

  6. #6
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    That's easy. Unfortunately, such methods are only temporary until someone cracks them.
    I think the safest method is dynamic loading. By using dynamic loading, you can find and store function pointers to all your necessary functions and use those instead. Now, since you have stored the address to the functions already, the app won't be affected if some other program overwrites the export table in the dll (the most common way of hooking).
    The only way they could break this is by overwriting your function pointers, which might be like finding a needle in a haystack.
    There may be other safeguards such as VirtualProtect, but I don't know of any such methods currently and I don't think they'll be necessary. At least yet.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by splintter View Post
    Sorry, but i cant use it, i need a code to hook send/recv functions ...

    My problem is people using WPE PRO (Packet Editor) to cheat on my program, this program (WPE) load and hook a dll on my program, so a alternative method is detecting when a DLL is loaded in memory, and unload it if isn't allowed, anyone have a piece of code to detect and unhook a DLL?
    I'm confused: It's your program, but...

    Remember, i dont have the sources, so it need to be using windows API functions.
    ... you don't have the sources. Usually, when it's your program, you have the sources or at least access to someone that does in some form or another, e.g. a service contract or some such to a third party supplier.

    Also, if you encrypt the data one end, you obviously will need to decrypt the other end - so you need access to both ends to make any headway here.

    Edit: And, as Elysia hints, if you do use a hooking function, then what's preventing someone else from hooking your hook, and modifying the packet before it's encrypted?

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  8. #8
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Yes, the program is a third party software(i paid), the contract ended, and i loose the sources on a hardware failure...

    This will be the last try before recontract anyone or rewrite it by myself....

    The people that uses WPE on my program are only script kiddies, that dont know anything about reverse enginning or cracking... they just load WPE and Use it.

    So, i think that hooking send/recv functions and encrypting/decripting it (sources from server i have from a backup :S), and do something like a thread to unhook WPE when it loads, will solve my problem..
    Last edited by splintter; 04-12-2008 at 03:32 AM.

  9. #9
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Anyone?

    I really need help on this, did not want the COMPLETE CODE, just the functions and a exemple :|
    Last edited by splintter; 04-13-2008 at 05:28 PM.

  10. #10
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Quote Originally Posted by splintter View Post
    Anyone?

    I really need help on this, did not want the COMPLETE CODE, just the functions and a exemple :|
    Here is a link to AES (Rijndael) algorithms used for encryption/decryption.

    I'm not sure writing a hook is such a good idea to defeat the packet editor. Anyone with basic rootkit experience can identify any installed hook. Search the "nefarious" sites and you'll find a lot of examples of how to identify any installed hook.

    Also, I would assume that the packet editor is using the TCP/IP stack to capture the packets. Why not use raw sockets to defeat the packet editor?

  11. #11
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Hello BobS0327,

    I'll look at AES.

    What you mean by RAW packets? can you show a exemple? sorry, but my english is bad, and i didn't understand what you mean...

  12. #12
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Here is a link to a CodeProject article on raw sockets.

  13. #13
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Anyway,

    RAW Sockets will be blocked by some workstations firewalls and routers.

    I need to hook and encrypt send/recv. Encryptation can be simple.

    I was about 1 week asking for help, many says some arguments, but no one help-me with a snippet (Yes, i'm not a good programmer, my english is sucks, but i learn more by see a code and modify it).

    I did not want the complete code, just a exemple and i'll try by myself.

  14. #14
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Hooking send/receive for a particular application is FAR from trivial, and as I explained earlier, if there is sufficient interest to bypass your security, someone will find a way to hook before your hook, so it's a lot of effort for a potentially small benefit.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  15. #15
    Registered User
    Join Date
    Jan 2006
    Posts
    22
    Yes, but who is using WPE is end user, people that dont know anything about programming, just open WPE, record the packet, and send it with a loop.

    Hooking this, encrypting send and decrypting recv will stop it, and i can change the encrypt key every week by auto update, so if anyone REALLY try to bypass it, i change the method.

    Using this, encrypting executable by using anything like PE Compressor, will stop MY problem.

    i'm seeing that no one will help me, i'll give up...
    Have see how people dont remember when yourself are a newbie (not noob) and need to do anything that is above your know, and no one want to help.

    Sincerly,
    Splinter.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. non-MFC DLL with MFC app question.
    By Kempelen in forum Windows Programming
    Replies: 10
    Last Post: 08-20-2008, 07:11 AM
  2. Global Variables
    By Taka in forum C Programming
    Replies: 34
    Last Post: 11-02-2007, 03:25 AM
  3. Send()s being clumped into one packet
    By Yasir_Malik in forum Windows Programming
    Replies: 4
    Last Post: 05-03-2006, 09:58 PM
  4. dll communicating between each other
    By cloudy in forum C++ Programming
    Replies: 5
    Last Post: 06-17-2005, 02:20 AM
  5. DLL and std::string woes!
    By Magos in forum C++ Programming
    Replies: 7
    Last Post: 09-08-2004, 12:34 PM