Does IE use InternetOpenURL?

c++ / delphi package - dll injection and api hooking

Does IE use InternetOpenURL?

Postby jlist » Sun Aug 29, 2004 12:56 am

I want to get the URLs IE is trying to access. I tried InternetOpenURL in wininet.dll but didn't get anything :( IE is not using it?

Any other ways to hook IE and get the URL before IE fetches data?

Thanks.
jlist
 
Posts: 9
Joined: Sun Aug 29, 2004 12:48 am

Postby madshi » Sun Aug 29, 2004 7:16 am

There's no InternetOpenURL API. Instead there is InternetOpenUrlA and InternetOpenUrlW. Also keep an eye on case. APIs are case sensitive. If hooking InternetOpenUrlA/W doesn't work, I don't know what the IE uses...
madshi
Site Admin
 
Posts: 9879
Joined: Sun Mar 21, 2004 5:25 pm

Postby jlist » Sun Aug 29, 2004 9:30 am

Yeah, I know. I hooked InternetOpenUrlA and W.
jlist
 
Posts: 9
Joined: Sun Aug 29, 2004 12:48 am

hi

Postby legion » Sun Aug 29, 2004 10:23 pm

hi

try to hook this api : urldownloadtofileA

this is the api used.

@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby jlist » Mon Aug 30, 2004 3:55 pm

Thanks for the reply. You are talking about file downloading? Displaying a page doesn't seem to involve that function.
jlist
 
Posts: 9
Joined: Sun Aug 29, 2004 12:48 am

Postby nildo » Mon Aug 30, 2004 7:50 pm

Why don't you do this:
Hookup the function "send" of ws2_32.dll and see if the first 3 chars are GET. Then you check the others characters till a space appears (i think). So this will work for every browser, not only IE. An example of a HTTP Header:

Code: Select all
GET http://delphiforum.icft.com.br/forum/index.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
Accept-Language: pt-br
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: delphiforum.icft.com.br
Proxy-Connection: Keep-Alive
Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22c795dba9d9d712a94af5b61ca0611a8c%22%3Bs%3A6%3A%22userid%22%3Bi%3A125%3B%7D

Code retreaved with my Sniffer (made with MadCollection)

Look the first line wrote:GET http://delphiforum.icft.com.br/forum/index.php HTTP/1.1


The URL in Bold is the URL that a browser is trying to open. So this will work for every browsers and not only for Internet Explorer.

I hope this is helpfull!
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby jlist » Tue Aug 31, 2004 5:02 am

Thanks for the reply.
But you'll only get the first URL if it's a kept-alive connection.
jlist
 
Posts: 9
Joined: Sun Aug 29, 2004 12:48 am

Postby nildo » Tue Aug 31, 2004 11:07 am

In this case you need to study the HTTP Packet Header
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby jlist » Wed Sep 01, 2004 6:31 am

Yeah, that's a lot of work. That's why I wanted to hook some IE functions :)
jlist
 
Posts: 9
Joined: Sun Aug 29, 2004 12:48 am


Return to madCodeHook

Who is online

Users browsing this forum: Exabot [Bot] and 5 guests