Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-01-2014, 02:26
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
[C++] HostsPatch

Hey everyone,

Saw this new section and I have some old sources to share with you guys. This is the first: a 'hosts' patcher. It adds an entry to the hosts file.

It supports read-only hosts files, just let the user start the keygen/patch as Administrator. It works for both x32 and x64.

Usage is simple:
Code:
bool HostsPatch(
HWND hwndDlg, //window handle (can be 0)
const char* website //website to block (without 'http://')
);

int main(int argc, char* argv[])
{
    HostsPatch(0, "activation.acme.com");
    return 0;
}
Feel free to use it in your keygens/patches, credit not needed, but appreciated.

Greetings,

Mr. eXoDia
Attached Files
File Type: rar HostsPatch.rar (1.0 KB, 95 views)
Reply With Quote
The Following 12 Users Gave Reputation+1 to mr.exodia For This Useful Post:
alekine322 (04-03-2014), b30wulf (04-01-2014), besoeso (04-01-2014), chessgod101 (04-01-2014), conan981 (04-03-2014), giv (04-05-2014), Jhonjhon_123 (04-01-2014), papi (04-02-2014), serseri_1453 (04-01-2014), UniSoft (04-28-2014), Wannabe (04-06-2014), zeuscane (04-01-2014)
  #2  
Old 05-09-2014, 00:50
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 409
Rept. Given: 10
Rept. Rcvd 16 Times in 14 Posts
Thanks Given: 41
Thanks Rcvd at 155 Times in 61 Posts
WhoCares Reputation: 17
windows 8 changes the hosts file encoding, it supports several encodings(with BOM). so it can be a non-ANSI file. But the default is ANSI.
__________________
AKA Solomon/blowfish.
Reply With Quote
The Following 2 Users Gave Reputation+1 to WhoCares For This Useful Post:
mr.exodia (05-18-2014), tom324 (05-14-2014)
  #3  
Old 07-27-2014, 05:50
SLV SLV is offline
Friend
 
Join Date: May 2005
Posts: 62
Rept. Given: 3
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
SLV Reputation: 4
a few recomendations..

> GetWindowsDirectoryA(hosts, 256);
> PathAppendA(hosts, "system32\\drivers\\etc\\hosts");
using a symlink \\.\globalroot\systemroot\drivers\hosts will be more easy

> char* data=new char[size+website_len*2];
ok, new, c++, but it generate an exception if can't alloc memory. no try/except found.

> int website_len=strlen(website);
no input buffer check.

> memset(data, 0, size+website_len*2);
by default new memory is alreadt zero initiialized.

> if(!ReadFile(hFile, data, size, &read, 0))
if(!ReadFile(hFile, data, size, &read, 0) || read != size)

> MessageBoxA(hwndDlg, "Could not read file attributes", "Opened with admin privileges?", MB_ICONERROR|MB_SYSTEMMODAL);
use IsUserAnAdmin for checking admin rights, GetFileAttributes doesn't require them.

> unsigned int size=GetFileSize(hFile, 0);
it's recommended to use GetFileSizeEx

> if(!WriteFile(hFile, data, strlen(data), &written, 0))
if(!WriteFile(hFile, data, strlen(data), &written, 0) || strlen(data) != written)

I advice you to read about SESE coding style.
In general such code is not recommended to use because hosts is a malwares lovely file. It's better to use firewall or hooks.
Reply With Quote
The Following User Gave Reputation+1 to SLV For This Useful Post:
b30wulf (08-05-2014)
  #4  
Old 07-28-2014, 01:58
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@SLV: Thanks for your suggestions, feel free to update the code and upload it here when it's fixed. I personally detest SESE pretty much always, I only use it sometimes, but what's the point of generating a 10-layer deep if statement if you could simply do some checks and return false if something went wrong?

The only disadvantage is the possibility of handle/memory leaks, usually this can be resolved by writing a small class like this:
Code:
class Handle
{
public:
    Handle(HANDLE h = 0)
    {
        mHandle = h;
    }

    ~Handle()
    {
        DWORD dwFlags = 0;
        if(GetHandleInformation(mHandle, &dwFlags) && !(dwFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE))
            CloseHandle(mHandle);
    }

    const HANDLE & operator=(const HANDLE & h)
    {
        return mHandle = h;
    }

private:
    HANDLE mHandle;
};
Which you can then use like this:
Code:
Handle hTest=CreateFileA("main.cpp", GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
//do file operations
return 0;
EDIT: Some more information and opinions about SESE: http://stackoverflow.com/questions/12745412/single-entry-single-exit-rule
Reply With Quote
  #5  
Old 07-28-2014, 16:08
SLV SLV is offline
Friend
 
Join Date: May 2005
Posts: 62
Rept. Given: 3
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
SLV Reputation: 4
SESE is very userful for debugging and preventing memory/handle leaks. My lovely construction is:

Code:
VOID
RoutineName(
   PVOID Arg0
   )
{
   HANDLE hFile = INVALID_HANDLE_VALUE;
   PVOID  pMem  = NULL;

   do
   {
      if (!Arg0) 
      {
         DebugRoutine(__FILE__, __LINE__, ...
         break;
      }

      hFile = ...
      pMem = ...

   } while (FALSE);

   if (hFile != INVALID_HANDLE_VALUE) {
      CloseHandle(hFile);
   }

   if (pMem) {
      ...
}
Reply With Quote
  #6  
Old 07-28-2014, 16:53
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
If you're doing C++, SESE is pretty much outdated. The better alternative is to use the RAII principle (resource acquisition is initialization), i.e. you would have a local instance of a HANDLE-class that closes the handle on destruction. You can even "abuse" std::unique_ptr for this by providing a custom deleter.
This also makes the code much more readable than the SESE style. Also, you almost never want to use raw memory (i.e. naked pointers). Simply use unique_ptr, which automatically makes you exception save and prevents any memory leaks.
Reply With Quote
The Following User Gave Reputation+1 to mcp For This Useful Post:
mr.exodia (07-29-2014)
Reply

Tags
code, hosts, patcher, source

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 23:28.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )