From 97b8b373b560ec13a421da8d3db767c2d3d8c0f9 Mon Sep 17 00:00:00 2001 From: Sanheiii <35133371+Sanheiii@users.noreply.github.com> Date: Thu, 5 Sep 2024 15:36:43 +0800 Subject: [PATCH] Modify host header in HTTP requests to bypass domain censorship in China. --- hooklib/dns.c | 71 +++++++++++++++++++++++++++++++++++-- meson.build | 1 + util/get_function_ordinal.c | 34 ++++++++++++++++++ util/get_function_ordinal.h | 6 ++++ util/meson.build | 3 ++ 5 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 util/get_function_ordinal.c create mode 100644 util/get_function_ordinal.h diff --git a/hooklib/dns.c b/hooklib/dns.c index d7f0c4a..ff63cf5 100644 --- a/hooklib/dns.c +++ b/hooklib/dns.c @@ -14,6 +14,7 @@ #include "hook/table.h" #include "util/dprintf.h" +#include "util/get_function_ordinal.h" #include "hooklib/dns.h" @@ -81,6 +82,12 @@ static bool WINAPI hook_WinHttpCrackUrl( DWORD dwFlags, LPURL_COMPONENTS lpUrlComponents); +static DWORD WINAPI hook_send( + SOCKET s, + const char* buf, + int len, + int flags); + /* Link pointers */ static DNS_STATUS (WINAPI *next_DnsQuery_A)( @@ -122,6 +129,12 @@ static bool (WINAPI *next_WinHttpCrackUrl)( DWORD dwFlags, LPURL_COMPONENTS lpUrlComponents); +static DWORD (WINAPI *next_send)( + SOCKET s, + const char* buf, + int len, + int flags); + static const struct hook_symbol dns_hook_syms_dnsapi[] = { { .name = "DnsQuery_A", @@ -138,13 +151,17 @@ static const struct hook_symbol dns_hook_syms_dnsapi[] = { } }; -static const struct hook_symbol dns_hook_syms_ws2[] = { +static struct hook_symbol dns_hook_syms_ws2[] = { { .name = "getaddrinfo", .ordinal = 176, .patch = hook_getaddrinfo, .link = (void **) &next_getaddrinfo, - } + }, { + .name = "send", + .patch = hook_send, + .link = (void **) &next_send + }, }; static const struct hook_symbol dns_hook_syms_winhttp[] = { @@ -175,6 +192,10 @@ static void dns_hook_init(void) dns_hook_initted = true; InitializeCriticalSection(&dns_hook_lock); + for (size_t i = 0; i < _countof(dns_hook_syms_ws2); ++i) { + dns_hook_syms_ws2[i].ordinal = get_function_ordinal("ws2_32.dll", dns_hook_syms_ws2[i].name); + } + hook_table_apply( NULL, "dnsapi.dll", @@ -618,3 +639,49 @@ static bool WINAPI hook_WinHttpCrackUrl( lpUrlComponents ); } + +DWORD WINAPI hook_send(SOCKET s, const char* buf, int len, int flags) { + if (strstr(buf, "HTTP/") != NULL) { + char *new_buf = malloc(len + 1); + if (new_buf == NULL) return SOCKET_ERROR; + + memcpy(new_buf, buf, len); + new_buf[len] = '\0'; + + char *host_start = strstr(new_buf, "Host: "); + if (host_start != NULL) { + char *host_end = strstr(host_start, "\r\n"); + if (host_end != NULL) { + host_end += 2; + int host_len = host_end - host_start; + + char *host_value_start = host_start + 6; + char *host_value_end = strstr(host_value_start, "\r\n"); + if (host_value_end != NULL) { + int value_len = host_value_end - host_value_start; + char host_value[value_len + 1]; + strncpy(host_value, host_value_start, value_len); + host_value[value_len] = '\0'; + + for (struct dns_hook_entry *entry = dns_hook_entries; entry && entry->from; entry++) { + char from_value[256]; + wcstombs(from_value, entry->from, sizeof(from_value)); + + if (strcmp(host_value, from_value) == 0) { + char to_value[256]; + wcstombs(to_value, entry->to, sizeof(to_value)); + snprintf(host_start, len - (host_start - new_buf), "Host: %s\r\n", to_value); + break; + } + } + } + len = (int)strlen(new_buf); + } + } + DWORD result = next_send(s, new_buf, len, flags); + free(new_buf); + return result; + } + + return next_send(s, buf, len, flags); +} \ No newline at end of file diff --git a/meson.build b/meson.build index c5b3d40..3826b15 100644 --- a/meson.build +++ b/meson.build @@ -81,6 +81,7 @@ dinput8_lib = cc.find_library('dinput8') dxguid_lib = cc.find_library('dxguid') xinput_lib = cc.find_library('xinput') pathcch_lib = cc.find_library('pathcch') +imagehlp_lib = cc.find_library('imagehlp') inc = include_directories('.') capnhook = subproject('capnhook') diff --git a/util/get_function_ordinal.c b/util/get_function_ordinal.c new file mode 100644 index 0000000..470bf7f --- /dev/null +++ b/util/get_function_ordinal.c @@ -0,0 +1,34 @@ +#include "get_function_ordinal.h" + +DWORD get_function_ordinal(const char* dllName, const char* functionName) { + HMODULE hModule = LoadLibraryA(dllName); + if (!hModule) { + dprintf("Failed to load DLL: %s\n", dllName); + return 0; + } + + ULONG size; + PIMAGE_EXPORT_DIRECTORY exportDir = (PIMAGE_EXPORT_DIRECTORY)ImageDirectoryEntryToData( + hModule, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size); + if (!exportDir) { + dprintf("Failed to get export table\n"); + FreeLibrary(hModule); + return 0; + } + + DWORD* functionNames = (DWORD*)((BYTE*)hModule + exportDir->AddressOfNames); + WORD* ordinals = (WORD*)((BYTE*)hModule + exportDir->AddressOfNameOrdinals); + + for (DWORD i = 0; i < exportDir->NumberOfNames; ++i) { + char* name = (char*)((BYTE*)hModule + functionNames[i]); + if (strcmp(name, functionName) == 0) { + DWORD ordinal = ordinals[i] + exportDir->Base; + FreeLibrary(hModule); + return ordinal; + } + } + + dprintf("Function not found: %s\n", functionName); + FreeLibrary(hModule); + return 0; +} \ No newline at end of file diff --git a/util/get_function_ordinal.h b/util/get_function_ordinal.h new file mode 100644 index 0000000..6bc4b9e --- /dev/null +++ b/util/get_function_ordinal.h @@ -0,0 +1,6 @@ +#pragma once + +#include +#include "dprintf.h" + +DWORD get_function_ordinal(const char* dllName, const char* functionName); \ No newline at end of file diff --git a/util/meson.build b/util/meson.build index 575d123..2c29609 100644 --- a/util/meson.build +++ b/util/meson.build @@ -5,6 +5,7 @@ util_lib = static_library( c_pch : '../precompiled.h', dependencies : [ capnhook.get_variable('hook_dep'), + imagehlp_lib, ], sources : [ 'async.c', @@ -17,6 +18,8 @@ util_lib = static_library( 'dprintf.h', 'dump.c', 'dump.h', + 'get_function_ordinal.c', + 'get_function_ordinal.h', 'lib.c', 'lib.h', 'str.c',