Can't hook getaddrinfo() in IE10+

c++ / delphi package - dll injection and api hooking
Post Reply
math
Posts: 5
Joined: Thu Apr 23, 2015 6:50 pm

Can't hook getaddrinfo() in IE10+

Post by math »

I'm using madshi to hook the getaddrinfo function of the ws2_32.dll, I need to check the address the user is trying to access in the browser and do some actions depending on the address.

The code works fine with most of the browsers, so far I just can't hook IE 10 or above, it is like they use another function of the dll but I can't determine which. Does anyone know what would it be?

Regards.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Can't hook getaddrinfo() in IE10+

Post by madshi »

I've no idea. Does hooking of other APIs work in IE10? Or does hooking generally not work at all in IE10?
math
Posts: 5
Joined: Thu Apr 23, 2015 6:50 pm

Re: Can't hook getaddrinfo() in IE10+

Post by math »

Well, it is not that the hook does not work, it works but it seems like IE10+ don't use the getaddrinfo() to retrieve the service and node name, when I hook it I get no information while accessing websites via IE10+.

I also tried to hook the followings functions to get this information, but without success: GetAddrInfoW, connect, gethostbyname, recv, send, WSARecv, WSASend.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Can't hook getaddrinfo() in IE10+

Post by madshi »

Ok, so it doesn't look like a bug in madCodeHook, it's just that IE10+ doesn't seem to use the APIs you thought it would use, correct?

Unfortunately I don't really know which other APIs IE10+ might use. Microsoft has a history of using undocumented stuff in their own applications... :?
math
Posts: 5
Joined: Thu Apr 23, 2015 6:50 pm

Re: Can't hook getaddrinfo() in IE10+

Post by math »

Yes, you're right, I didn't mean to say there was a problem with the madCodeHook, for sure the title I wrote is completely misleading, I was just wondering if anyone knew what function should I hook in IE10+ instead of getaddrinfo, as soon as that this function has not the desired effect.

Thanks for the response. If anyone knows please add a response below. Meanwhile I'll keep trying.
math
Posts: 5
Joined: Thu Apr 23, 2015 6:50 pm

Re: Can't hook getaddrinfo() in IE10+

Post by math »

It's necessary to hook GetAddrInfoW and GetAddrInfoExW, instead.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Can't hook getaddrinfo() in IE10+

Post by madshi »

So you got it working?
math
Posts: 5
Joined: Thu Apr 23, 2015 6:50 pm

Re: Can't hook getaddrinfo() in IE10+

Post by math »

Yes, I can get useful information now from IE10+ hooking these functions. Thanks.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Can't hook getaddrinfo() in IE10+

Post by madshi »

Glad to hear that...
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:

Re: Can't hook getaddrinfo() in IE10+

Post by dcsoft »

FWIW, I had to start hooking GetAddrInfo(Ex)W starting with IE 10 on Win 8.
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: Can't hook getaddrinfo() in IE10+

Post by iconic »

Most Win32 API calls will end up in Ex function variants (EXtra parameter) calls and on NT-based OS' Ansi functions call Unicode so that makes perfect sense

--Iconic
Post Reply