Support older versions

Injektor/Program.cs

@@ -22,19 +22,29 @@ static void Main(string[] args)
 
 		static void DoHax()
 		{
-			Process proc;
-			var procs = Process.GetProcessesByName(procName);
-			if (procs.Length == 0)
+			Process[] procs;
+			do
 			{
-				Console.WriteLine("No Proc found");
-				return;
-			}
-			else if (procs.Length == 1)
+				procs = Process.GetProcessesByName(procName);
+				if (procs.Length == 0)
+				{
+					Console.WriteLine("No Process found");
+					System.Threading.Thread.Sleep(1000);
+				}
+			} while (procs.Length == 0);
+
+			Process proc;
+			if (procs.Length == 1)
 			{
 				proc = procs[0];
 			}
 			else
 			{
+				for (int i = 0; i < procs.Length; i++)
+				{
+					Console.WriteLine("[{0}] TeamSpeak 3 ({1})", i, procs[i].MainModule.FileVersionInfo.FileVersion);
+				}
+
 				Console.WriteLine("Select proc [0-{0}]", procs.Length - 1);
 				int index = int.Parse(Console.ReadLine());
 				proc = procs[index];

TS3Hook/asmhook.asm

@@ -12,90 +12,146 @@ EXTERN packet_out_hook_return: QWORD
 PUBLIC packet_in_hook1
 
 pushaq macro
-	push rax
-	push rbx
-	push rcx
-	push rdx
-	push rbp
-	push rsi
-	push rdi
-	push r8
-	push r9
-	push r10
-	push r11
-	push r12
-	push r13
-	push r14
-	push r15
+	PUSH    rax
+	PUSH    rbx
+	PUSH    rcx
+	PUSH    rdx
+	PUSH    rbp
+	PUSH    rsi
+	PUSH    rdi
+	PUSH    r8
+	PUSH    r9
+	PUSH    r10
+	PUSH    r11
+	PUSH    r12
+	PUSH    r13
+	PUSH    r14
+	PUSH    r15
 endm
 
 popaq macro
-	pop r15
-	pop r14
-	pop r13
-	pop r12
-	pop r11
-	pop r10
-	pop r9
-	pop r8
-	pop rdi
-	pop rsi
-	pop rbp
-	pop rdx
-	pop rcx
-	pop rbx
-	pop rax
+	POP     r15
+	POP     r14
+	POP     r13
+	POP     r12
+	POP     r11
+	POP     r10
+	POP     r9
+	POP     r8
+	POP     rdi
+	POP     rsi
+	POP     rbp
+	POP     rdx
+	POP     rcx
+	POP     rbx
+	POP     rax
 endm
 
 packet_in_hook1 proc
 	; Restore origial
-	mov     rcx, [r14+80]
-	mov     rax, [rcx]
-	mov     byte ptr [rsp+32], 0
-	mov     r9, [r14+88]
-	mov     r8, r14
-	mov     rdx, rbx
+	MOV     rcx, [r14+80]
+	MOV     rax, [rcx]
+	MOV     byte ptr [rsp+32], 0
+	MOV     r9, [r14+88]
+	MOV     r8, r14
+	MOV     rdx, rbx
 
 	pushaq
-	sub rsp, 32
+	SUB rsp, 32
 
 	; Log in-packet
-	MOV r8, QWORD PTR [rdx+8]
-	ADD r8, 11 ; str
-	MOV edx, DWORD PTR [rdx+16]
-	SUB edx, 11 ; len
-	MOV rcx, print_in_format
-	call printf
-
-	add rsp, 32
+	MOV     r8, QWORD PTR [rdx+8]
+	ADD     r8, 11 ; str
+	MOV     edx, DWORD PTR [rdx+16]
+	SUB     edx, 11 ; len
+	MOV     rcx, print_in_format
+	CALL    printf
+
+	ADD rsp, 32
 	popaq
 
-	jmp packet_in_hook_return
+	JMP     packet_in_hook_return
 packet_in_hook1 endp
 
 packet_out_hook1 proc
 	pushaq
-	sub rsp, 32
+	SUB rsp, 32
 
 	; Log out-packet
-	MOV r8, QWORD PTR [rdi]
-	ADD r8, 13 ; str
-	MOV edx, DWORD PTR [rdi+8]
-	SUB edx, 13 ; len
-	MOV rcx, print_out_format
-	call printf
-
-	add rsp, 32
+	MOV     r8, QWORD PTR [rdi]
+	ADD     r8, 13 ; str
+	MOV     edx, DWORD PTR [rdi+8]
+	SUB     edx, 13 ; len
+	MOV     rcx, print_out_format
+	CALL    printf
+
+	ADD rsp, 32
 	popaq
 
 	; Restore origial
 	MOV     [rbp+0], eax
 	CMP     eax, 1
 	SETZ    cl
 	MOV     [rsp+68], cl
-	CMP     byte ptr [rsp+64], 0
+	CMP     BYTE PTR [rsp+64], 0
 
-	jmp packet_out_hook_return
+	JMP     packet_out_hook_return
 packet_out_hook1 endp
 
+packet_out_hook2 proc
+	pushaq
+	SUB     rsp, 32
+
+	; Log out-packet
+	MOV     r8, QWORD PTR [rdi]
+	ADD     r8, 13 ; str
+	MOV     edx, DWORD PTR [rdi+8]
+	SUB     edx, 13 ; len
+	MOV     rcx, print_out_format
+	CALL    printf
+
+	ADD rsp, 32
+	popaq
+
+	; Restore origial
+	MOV     [rbp-32], eax
+	CMP     eax, 1
+	SETZ    cl
+	MOV     [rsp+80], cl
+	CMP     BYTE PTR [rsp+64], 0
+
+	JMP     packet_out_hook_return
+packet_out_hook2 endp
+
+packet_out_hook3 proc
+	; Restore origial
+	MOV     rdx, [rax]
+	MOV     [rsp+80], rdx
+	MOV     [rsp+120], rdx
+	MOV     rbx, [rax+8]
+
+	pushaq
+
+	LEA     eax, [rdi-2]
+	CMP     al, 1
+	JA      _skip_packet
+	TEST    r9b, r9b
+	JNZ     _skip_packet
+
+	SUB     rsp, 32
+	; Log out-packet
+	MOV     r8, QWORD PTR [rsi]
+	ADD     r8, 13 ; str
+	MOV     edx, DWORD PTR [rsi+8]
+	SUB     edx, 13 ; len
+	MOV     rcx, print_out_format
+	CALL    printf
+	ADD     rsp, 32
+
+	_skip_packet:
+	popaq
+
+	JMP     packet_out_hook_return
+packet_out_hook3 endp
+
 END

TS3Hook/dllmain.cpp

@@ -9,20 +9,25 @@
 const LPCWSTR mod = L"ts3client_win32.exe";
 
 // Ver: 3.1.6>3.1.4.2>3.0.17  !3.0.16
-const char* MASK_IN_1 = "\x8B\x4F\x3C\x6A\x00\xFF\x77\x44\xFF\x77\x40\x8B\x01\x57\x56\xFF\x50\x10";
-const char* PATT_IN_1 = "xxxxxxxxxxxxxxxxxx";
+const char* PATT_IN_1 = "\x8B\x4F\x3C\x6A\x00\xFF\x77\x44\xFF\x77\x40\x8B\x01\x57\x56\xFF\x50\x10";
+const char* MASK_IN_1 = "xxxxxxxxxxxxxxxxxx";
 
 // Ver: 3.1.6>3.1.4.2>3.1>?  !3.0.17
-const char* MASK_OUT_1 = "\xC6\x45\xFC\x06\x80\xF9\x02\x74\x09\x80\xF9\x03";
-const char* PATT_OUT_1 = "xxxxxxxxxxxx";
+const char* PATT_OUT_1 = "\xC6\x45\xFC\x06\x80\xF9\x02\x74\x09\x80\xF9\x03";
+const char* MASK_OUT_1 = "xxxxxxxxxxxx";
 #else
 const LPCWSTR mod = L"ts3client_win64.exe";
 
-const char* MASK_IN_1 = "\x49\x8B\x4E\x50\x48\x8B\x01\xC6\x44\x24\x20\x00\x4D\x8B\x4E\x58\x4D\x8B\xC6\x48\x8B\xD3\xFF\x50\x20\xEB";
-const char* PATT_IN_1 = "xxxxxxxxxxxxxxxxxxxxxxxxxx";
+const char* PATT_IN_1 = "\x49\x8B\x4E\x50\x48\x8B\x01\xC6\x44\x24\x20\x00\x4D\x8B\x4E\x58\x4D\x8B\xC6\x48\x8B\xD3\xFF\x50\x20\xEB";
+const char* MASK_IN_1 = "xxxxxxxxxxxxxxxxxxxxxxxxxx";
 
-const char* MASK_OUT_1 = "\x89\x45\x00\x83\xF8\x01\x0F\x94\xC1\x88\x4C\x24\x44\x80\x7C\x24\x40\x00";
-const char* PATT_OUT_1 = "xxxxxxxxxxxxxxxxxx";
+hookpt OUT_HOOKS[] = {
+	// "xx?xxxxxxxxx?xxxxx"
+	hookpt{ 18, 18, packet_out_hook1, "\x89\x45\x00\x83\xF8\x01\x0F\x94\xC1\x88\x4C\x24\x44\x80\x7C\x24\x40\x00" ,"xxxxxxxxxxxxxxxxxx" },
+	hookpt{ 18, 18, packet_out_hook2, "\x89\x45\xE0\x83\xF8\x01\x0F\x94\xC1\x88\x4C\x24\x50\x80\x7C\x24\x40\x00" ,"xxxxxxxxxxxxxxxxxx" },
+	hookpt{ 17, 17, packet_out_hook3, "\x48\x8B\x10\x48\x89\x54\x24\x50\x48\x89\x54\x24\x78\x48\x8B\x58\x08", "xxxxxxxxxxxxxxxxx" }
+
+};
 #endif
 
 // RUNTIME CALCED
@@ -43,9 +48,13 @@ BOOL APIENTRY DllMain(HMODULE hModule, const DWORD ul_reason_for_call, LPVOID lp
 
 		if (!TryHook())
 		{
-			printf("Packet dispatcher not found, aborting");
+			printf("Packet dispatcher not found, aborting\n");
 			return FALSE;
 		}
+		else
+		{
+			printf("Hook successful!\n");
+		}
 
 		CreateThread(nullptr, NULL, (LPTHREAD_START_ROUTINE)idle_loop, nullptr, NULL, nullptr);
 		break;
@@ -67,11 +76,11 @@ extern "C"
 #ifdef ENV32
 bool TryHook()
 {
-	const auto match_in_1 = FindPattern(mod, MASK_IN_1, PATT_IN_1);
+	const auto match_in_1 = FindPattern(mod, PATT_IN_1, MASK_IN_1);
 	if (match_in_1 != NULL)
 		printf("> Found PKGIN1: %zX\n", match_in_1);
 
-	const auto match_out_1 = FindPattern(mod, MASK_OUT_1, PATT_OUT_1);
+	const auto match_out_1 = FindPattern(mod, PATT_OUT_1, MASK_OUT_1);
 	if (match_out_1 != NULL)
 		printf("> Found PKGOUT1: %zX\n", match_out_1);
 
@@ -138,26 +147,34 @@ void __declspec(naked) packet_out_hook1()
 		CMP DWORD PTR[ebp + 16], 1
 		SETZ BYTE PTR[ebp + 4]
 		JMP packet_out_hook_return
-	}
+}
 }
 #else
 bool TryHook()
 {
-	const auto match_in_1 = FindPattern(mod, MASK_IN_1, PATT_IN_1);
+	const auto match_in_1 = FindPattern(mod, PATT_IN_1, MASK_IN_1);
 	if (match_in_1 != NULL)
-		printf("> Found PKGIN1: %zX\n", match_in_1);
-
-	const auto match_out_1 = FindPattern(mod, MASK_OUT_1, PATT_OUT_1);
-	if (match_out_1 != NULL)
-		printf("> Found PKGOUT1: %zX\n", match_out_1);
+		printf("> Found PKGIN: %zX\n", match_in_1);
+
+	SIZE_T match_out = NULL;
+	hookpt* pt_out = nullptr;
+	for (hookpt &pt : OUT_HOOKS)
+	{
+		match_out = FindPattern(mod, pt.PATT, pt.MASK);
+		if (match_out != NULL) {
+			pt_out = &pt;
+			printf("> Found PKGOUT: %zX\n", match_out);
+			break;
+		}
+	}
 
-	if (match_in_1 != NULL && match_out_1 != NULL)
+	if (match_in_1 != NULL && match_out != NULL)
 	{
 		packet_in_hook_return = match_in_1 + 22;
 		MakeJMP((PBYTE)(match_in_1), packet_in_hook1, 22);
 
-		packet_out_hook_return = match_out_1 + 18;
-		MakeJMP((PBYTE)(match_out_1), packet_out_hook1, 18);
+		packet_out_hook_return = match_out + pt_out->hook_return_offset;
+		MakeJMP((PBYTE)(match_out), pt_out->target_hook, pt_out->hook_length);
 		return true;
 	}
 

TS3Hook/main.h

@@ -32,6 +32,19 @@ extern "C"
 {
 	void packet_in_hook1();
 	void packet_out_hook1();
+#ifdef ENV64
+	void packet_out_hook2();
+	void packet_out_hook3();
+#endif
 }
 
+const struct hookpt
+{
+	const SIZE_T hook_return_offset;
+	const SIZE_T hook_length;
+	void (*target_hook)();
+	const char* PATT;
+	const char* MASK;
+};
+
 #endif // MAIN_H