hi guys,
i want to disable any internet request (only http/ftp) from the lokal workstation in a lan to the internet. i think i have to hook a special api funktion, but dont know which one ?!
Any help ?
thx
hook http requests
-
JohnStevenson
- Posts: 27
- Joined: Mon Jun 14, 2004 12:45 pm
You need to use Dll Injection to hook the Winsock function "connect", then in your dll you need to trap connections to the relevant ports - 80 for http, 20 and 21 for FTP, I think.
In your application you inject your dll like this:
Your dll, MyHookDll should look like this:
Notes:
ConnectNext is the "next hook" variable, which is called in the ConnectCallback callback function.
ConnectCallback is the hook callback function, which will receive all calls to the original Connect API.
DllName is the full path and name of the correct Winsock dll, either "winsock.dll" or "ws2_32.dll" depending on the OS.
HookProcs, in "uses" contains your MyConnect function which traps for ports 20, 21 and 80 and sets the name.sin_addr.S_addr value to 0. By zeroing this, the IP address, we can block the connection:
Hope this helps.
In your application you inject your dll like this:
Code: Select all
InjectLibrary(CURRENT_SESSION, 'MyHookDll.dll');Code: Select all
library MyHookDll ;
uses
Windows,
madRemote,
madCodeHook,
winsock,
HookProcs in HookProcs.pas';
var
ConnectNext : function(s: TSocket; var name: TSockAddr;
namelen: Integer): Integer; stdcall;
{$R *.res}
function ConnectCallback(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
begin
LastError := GetLastError;
MyConnect(s, name, namelen);
SetLastError(LastError);
Result := ConnectNext(s, name, namelen);
end;
begin
HookAPI(PChar(DllName), 'connect', @ConnectCallback, @ConnectNext);
end.ConnectNext is the "next hook" variable, which is called in the ConnectCallback callback function.
ConnectCallback is the hook callback function, which will receive all calls to the original Connect API.
DllName is the full path and name of the correct Winsock dll, either "winsock.dll" or "ws2_32.dll" depending on the OS.
HookProcs, in "uses" contains your MyConnect function which traps for ports 20, 21 and 80 and sets the name.sin_addr.S_addr value to 0. By zeroing this, the IP address, we can block the connection:
Code: Select all
procedure MyConnect(s: TSocket; var name: TSockAddr;
namelen: Integer);
var
Port: Integer;
begin
try
case ntohs(name.sin_port) of
20,21,80: name.sin_addr.S_addr := 0;
end;
except
end;
end;
-
JohnStevenson
- Posts: 27
- Joined: Mon Jun 14, 2004 12:45 pm
The name param of Winsock's connect function contains the IP address and port so you can trap for both. If you use file-mapping your application can set the ip/ports to trap, and your dll can read them.brainfuck wrote:OK, you hook explict the connection on port 80,21&20 ! But the User can change the proxy-adresse and ports like 1332, 3128, 8080 etc...
I don't quite understand what you mean. Surely, using the above is hooking http requests directly, or do you mean reading the tcp data packets to see if they contain an HTTP request?brainfuck wrote:i think it is better to hook http-requests directly ?!
