[C++] HostsPatch

[mr.exodia]

Hey everyone,

Saw this new section and I have some old sources to share with you guys. This is the first: a 'hosts' patcher. It adds an entry to the hosts file.

It supports read-only hosts files, just let the user start the keygen/patch as Administrator. It works for both x32 and x64.

Usage is simple:

Code:

bool HostsPatch(
HWND hwndDlg, //window handle (can be 0)
const char* website //website to block (without 'http://')
);

int main(int argc, char* argv[])
{
    HostsPatch(0, "activation.acme.com");
    return 0;
}

Feel free to use it in your keygens/patches, credit not needed, but appreciated.

Greetings,

Mr. eXoDia

[WhoCares]

windows 8 changes the hosts file encoding, it supports several encodings(with BOM). so it can be a non-ANSI file. But the default is ANSI.

[SLV]

a few recomendations..

> GetWindowsDirectoryA(hosts, 256);
> PathAppendA(hosts, "system32\\drivers\\etc\\hosts");
using a symlink \\.\globalroot\systemroot\drivers\hosts will be more easy

> char* data=new char[size+website_len*2];
ok, new, c++, but it generate an exception if can't alloc memory. no try/except found.

> int website_len=strlen(website);
no input buffer check.

> memset(data, 0, size+website_len*2);
by default new memory is alreadt zero initiialized.

> if(!ReadFile(hFile, data, size, &read, 0))
if(!ReadFile(hFile, data, size, &read, 0) || read != size)

> MessageBoxA(hwndDlg, "Could not read file attributes", "Opened with admin privileges?", MB_ICONERROR|MB_SYSTEMMODAL);
use IsUserAnAdmin for checking admin rights, GetFileAttributes doesn't require them.

> unsigned int size=GetFileSize(hFile, 0);
it's recommended to use GetFileSizeEx

> if(!WriteFile(hFile, data, strlen(data), &written, 0))
if(!WriteFile(hFile, data, strlen(data), &written, 0) || strlen(data) != written)

I advice you to read about SESE coding style.
In general such code is not recommended to use because hosts is a malwares lovely file. It's better to use firewall or hooks.

[mr.exodia]

@SLV: Thanks for your suggestions, feel free to update the code and upload it here when it's fixed. I personally detest SESE pretty much always, I only use it sometimes, but what's the point of generating a 10-layer deep if statement if you could simply do some checks and return false if something went wrong?

The only disadvantage is the possibility of handle/memory leaks, usually this can be resolved by writing a small class like this:

Code:

class Handle
{
public:
    Handle(HANDLE h = 0)
    {
        mHandle = h;
    }

    ~Handle()
    {
        DWORD dwFlags = 0;
        if(GetHandleInformation(mHandle, &dwFlags) && !(dwFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE))
            CloseHandle(mHandle);
    }

    const HANDLE & operator=(const HANDLE & h)
    {
        return mHandle = h;
    }

private:
    HANDLE mHandle;
};

Which you can then use like this:

Code:

Handle hTest=CreateFileA("main.cpp", GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
//do file operations
return 0;

EDIT: Some more information and opinions about SESE: http://stackoverflow.com/questions/12745412/single-entry-single-exit-rule

[SLV]

SESE is very userful for debugging and preventing memory/handle leaks. My lovely construction is:

Code:

VOID
RoutineName(
   PVOID Arg0
   )
{
   HANDLE hFile = INVALID_HANDLE_VALUE;
   PVOID  pMem  = NULL;

   do
   {
      if (!Arg0) 
      {
         DebugRoutine(__FILE__, __LINE__, ...
         break;
      }

      hFile = ...
      pMem = ...

   } while (FALSE);

   if (hFile != INVALID_HANDLE_VALUE) {
      CloseHandle(hFile);
   }

   if (pMem) {
      ...
}

[mcp]

If you're doing C++, SESE is pretty much outdated. The better alternative is to use the RAII principle (resource acquisition is initialization), i.e. you would have a local instance of a HANDLE-class that closes the handle on destruction. You can even "abuse" std::unique_ptr for this by providing a custom deleter.
This also makes the code much more readable than the SESE style. Also, you almost never want to use raw memory (i.e. naked pointers). Simply use unique_ptr, which automatically makes you exception save and prevents any memory leaks.