hooking winsock fails for IE, but works for all else

c++ / delphi package - dll injection and api hooking
Post Reply
erickengelke
Posts: 8
Joined: Tue May 13, 2014 5:50 pm

hooking winsock fails for IE, but works for all else

Post by erickengelke »

Hi,

I'm hooking winsock2 (ws2_32.dll) in 32 and 64 bit mode, I hook them in the DLL startup code if the process is not a system process. And it's working ALMOST perfectly. Every 3rd party app follows my hooks perectly. But it doesn't work with Internet explorer. Now I looked up their EXE and DLLs with TDUMP and they delay load ws2_32.dll. Is that handled by madshi's code hook. Or maybe they claim to be a system process? I haven't figured it out yet. Has anyone else?

I know I could write a layered service provider, and did so in the past, but madshi's stuff is so much easier to work with.
erickengelke
Posts: 8
Joined: Tue May 13, 2014 5:50 pm

Re: hooking winsock fails for IE, but works for all else

Post by erickengelke »

I figured it out, I had a case mismatch with the function to hook. Now it works perfectly.
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: hooking winsock fails for IE, but works for all else

Post by iconic »

LSPs are expensive to write (resource wise) and something MS has tried to phase out. Uninstalling an LSP in a chain in the wrong order can hose your TCP/IP stack. Definitely stick with a winsock hooking solution if it can meet the needs of your goal. Glad that things are working for you. WFP (Vista+) is also a nice solution, it's documented and I use the technology myself for firewall development

--Iconic
Post Reply