Sending own packets to winsock hook.

c++ / delphi package - dll injection and api hooking
Post Reply
xHeaps
Posts: 17
Joined: Mon Oct 18, 2004 12:21 am

Sending own packets to winsock hook.

Post by xHeaps »

Hi all!

I would like to ask, is it possible to send own packets via hooked application?

I am kinda new to all this (hooking, i mean), and I am trying to figure out the ICQMenace tool. As I understand it, it hooks the winsock functions, dumps the data and parses it. So far - so good. However, I am wondering - is it possible to send your own packets via this hook? Because I think (and I'm probably wrong, too) the buffer needs to be placed in created socket, but, how to make the target process (icq in this case) understand and accept this socket?

In any case, could someone point me in the right direction?

Thank you all, and thanks madshi for this wonderful dll!
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Sorry to say, but I'm not WinSock expert. Maybe someone else can help here...
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Re: Sending own packets to winsock hook.

Post by nildo »

xHeaps wrote:Hi all!

I would like to ask, is it possible to send own packets via hooked application?

I am kinda new to all this (hooking, i mean), and I am trying to figure out the ICQMenace tool. As I understand it, it hooks the winsock functions, dumps the data and parses it. So far - so good. However, I am wondering - is it possible to send your own packets via this hook? Because I think (and I'm probably wrong, too) the buffer needs to be placed in created socket, but, how to make the target process (icq in this case) understand and accept this socket?

In any case, could someone point me in the right direction?

Thank you all, and thanks madshi for this wonderful dll!
Hello
You need a way to use the function SEND (of winsock) inside your DLL that is injected, and as the Socket parameter you need the handle of the socket that is openned by that other process.
xHeaps
Posts: 17
Joined: Mon Oct 18, 2004 12:21 am

I think I'm getting a hang of

Post by xHeaps »

Thanks for the replys.

I think I understand how I might accomplish this, but first, I want to truly understand something.

When the send() is hooked, does the get the data BEFORE it's actually sent, or AFTER? Basically, what I mean is, if I change certain bytes in the buffer, and then call the sendNext hook, will it be sent to ICQ (for the sake of example) with the changed bytes?

If the above is correct, then I do understand it a bit :crazy:

And so, I am thinking about using IPC to pass the packet bytes of my own. But what I still haven't understood is - can the application use IPC to talk to the dll, or does it only work the other way (DLL calls Application)? If not, how can the DLL be passed with a certain buffer?

If I understand correctly how the send hook works, and if I can pass the data from the Application to the DLL, I could just make some if..then..else routine in the send() hook code, and pass the buffer...

I just need to verify those few things. Thanks in advance!
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Re: I think I'm getting a hang of

Post by nildo »

xHeaps wrote:Thanks for the replys.

I think I understand how I might accomplish this, but first, I want to truly understand something.

When the send() is hooked, does the get the data BEFORE it's actually sent, or AFTER? Basically, what I mean is, if I change certain bytes in the buffer, and then call the sendNext hook, will it be sent to ICQ (for the sake of example) with the changed bytes?

If the above is correct, then I do understand it a bit :crazy:
Yes, you got it :blueBalloon:
xHeaps wrote:And so, I am thinking about using IPC to pass the packet bytes of my own. But what I still haven't understood is - can the application use IPC to talk to the dll, or does it only work the other way (DLL calls Application)? If not, how can the DLL be passed with a certain buffer?
What you need to do is to pass from the DLL to the EXE, using the IPC technique are: the processID of the hooked application (GetCurrentProcessId) and the Pointer to the Buffer that comes as the Buffer parameter of the hooked function SEND and the Size. Ok, now your application received that message. Now you can read that buffer using

ProcHandle := OpenProcess( Process_all_access, False, THe_process_ID_you_received );

and then use ReadProcessMemory( ProcHandle, Pointer_you_received, a_local_buffer, Size_you_received, any_cardinal_var );

Now you copied the buffer to your application and now you can show it. To change the data, you need to use WriteProcessMemory from your application. Remember not to change the size of the buffer, because you can get a BufferOverflow.
xHeaps wrote:If I understand correctly how the send hook works, and if I can pass the data from the Application to the DLL, I could just make some if..then..else routine in the send() hook code, and pass the buffer...

I just need to verify those few things. Thanks in advance!


Ya!

Might it help 8)
Post Reply