Hi all!
I would like to ask, is it possible to send own packets via hooked application?
I am kinda new to all this (hooking, i mean), and I am trying to figure out the ICQMenace tool. As I understand it, it hooks the winsock functions, dumps the data and parses it. So far - so good. However, I am wondering - is it possible to send your own packets via this hook? Because I think (and I'm probably wrong, too) the buffer needs to be placed in created socket, but, how to make the target process (icq in this case) understand and accept this socket?
In any case, could someone point me in the right direction?
Thank you all, and thanks madshi for this wonderful dll!
Sending own packets to winsock hook.
Re: Sending own packets to winsock hook.
HelloxHeaps wrote:Hi all!
I would like to ask, is it possible to send own packets via hooked application?
I am kinda new to all this (hooking, i mean), and I am trying to figure out the ICQMenace tool. As I understand it, it hooks the winsock functions, dumps the data and parses it. So far - so good. However, I am wondering - is it possible to send your own packets via this hook? Because I think (and I'm probably wrong, too) the buffer needs to be placed in created socket, but, how to make the target process (icq in this case) understand and accept this socket?
In any case, could someone point me in the right direction?
Thank you all, and thanks madshi for this wonderful dll!
You need a way to use the function SEND (of winsock) inside your DLL that is injected, and as the Socket parameter you need the handle of the socket that is openned by that other process.
I think I'm getting a hang of
Thanks for the replys.
I think I understand how I might accomplish this, but first, I want to truly understand something.
When the send() is hooked, does the get the data BEFORE it's actually sent, or AFTER? Basically, what I mean is, if I change certain bytes in the buffer, and then call the sendNext hook, will it be sent to ICQ (for the sake of example) with the changed bytes?
If the above is correct, then I do understand it a bit
And so, I am thinking about using IPC to pass the packet bytes of my own. But what I still haven't understood is - can the application use IPC to talk to the dll, or does it only work the other way (DLL calls Application)? If not, how can the DLL be passed with a certain buffer?
If I understand correctly how the send hook works, and if I can pass the data from the Application to the DLL, I could just make some if..then..else routine in the send() hook code, and pass the buffer...
I just need to verify those few things. Thanks in advance!
I think I understand how I might accomplish this, but first, I want to truly understand something.
When the send() is hooked, does the get the data BEFORE it's actually sent, or AFTER? Basically, what I mean is, if I change certain bytes in the buffer, and then call the sendNext hook, will it be sent to ICQ (for the sake of example) with the changed bytes?
If the above is correct, then I do understand it a bit
And so, I am thinking about using IPC to pass the packet bytes of my own. But what I still haven't understood is - can the application use IPC to talk to the dll, or does it only work the other way (DLL calls Application)? If not, how can the DLL be passed with a certain buffer?
If I understand correctly how the send hook works, and if I can pass the data from the Application to the DLL, I could just make some if..then..else routine in the send() hook code, and pass the buffer...
I just need to verify those few things. Thanks in advance!
Re: I think I'm getting a hang of
Yes, you got itxHeaps wrote:Thanks for the replys.
I think I understand how I might accomplish this, but first, I want to truly understand something.
When the send() is hooked, does the get the data BEFORE it's actually sent, or AFTER? Basically, what I mean is, if I change certain bytes in the buffer, and then call the sendNext hook, will it be sent to ICQ (for the sake of example) with the changed bytes?
If the above is correct, then I do understand it a bit
What you need to do is to pass from the DLL to the EXE, using the IPC technique are: the processID of the hooked application (GetCurrentProcessId) and the Pointer to the Buffer that comes as the Buffer parameter of the hooked function SEND and the Size. Ok, now your application received that message. Now you can read that buffer usingxHeaps wrote:And so, I am thinking about using IPC to pass the packet bytes of my own. But what I still haven't understood is - can the application use IPC to talk to the dll, or does it only work the other way (DLL calls Application)? If not, how can the DLL be passed with a certain buffer?
ProcHandle := OpenProcess( Process_all_access, False, THe_process_ID_you_received );
and then use ReadProcessMemory( ProcHandle, Pointer_you_received, a_local_buffer, Size_you_received, any_cardinal_var );
Now you copied the buffer to your application and now you can show it. To change the data, you need to use WriteProcessMemory from your application. Remember not to change the size of the buffer, because you can get a BufferOverflow.
xHeaps wrote:If I understand correctly how the send hook works, and if I can pass the data from the Application to the DLL, I could just make some if..then..else routine in the send() hook code, and pass the buffer...
I just need to verify those few things. Thanks in advance!
Ya!
Might it help