Needed: madCodeHook Expert

c++ / delphi package - dll injection and api hooking
GaryGlaze2496
Posts: 14
Joined: Mon Dec 27, 2004 9:38 pm

Post by GaryGlaze2496 »

Hey guys,

Thank you for your quick replies.

It's not that the code "crashes" per se...rather, it causes extremely quirky behavior in all of the software that gets affected by the size-changed send commands.

For example..

If you do a Google search in Firefox for "abcd" (when it is being replaced with "efghi"), the browser acts as if the resulting page has finished loading...but it doesn't go anywhere.

If you type "abcd" into an outgoing Trillian IM, it disconnects you, then immediately reconnects you.

Outlook Express simply reports an error conencting to the outgoing SMTP server.

I'm wondering if it's possible for any of you to try to compile the hook DLL, and see if you can get it to work :-)

Gary
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Don't have time for it (without doing it as a job). But try to change the result value, as I hinted. It might solve the problem. Not sure, but it's a chance.
GaryGlaze2496
Posts: 14
Joined: Mon Dec 27, 2004 9:38 pm

Post by GaryGlaze2496 »

Hey madshi,

Tried that, and if I understand correctly, you wanted me to do...

oldHook(...);
result := oldSize;

instead of

result := oldHook(...);

right?

Tried that, no success unfortunately....

Email me at garyglaze2496@bluebottle.com about getting paid. We'll work out a price ;-)

Gary
killerbobjr
Posts: 1
Joined: Wed Jan 05, 2005 3:26 pm

Post by killerbobjr »

You're going about this the wrong way. What you need is an SMTP proxy server installed on the local machine that will relay the email along with the added/changed text lines (I'm assuming your ISP friend wants something like the banner ads at the bottom of emails the free, web-based email providers have or hyperlinking keywords in the body of emails). Trying to intercept Winsock entry points means that in addition to keeping track of the SMTP send and respond commands, you also have to keep track of the Winsock parameters and return values and adjust the stack for variable parameters. That's a whole heck of a lot of work for something that simply needs text lines added or changed.
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:

Post by dcsoft »

killerbobjr wrote:You're going about this the wrong way. What you need is an SMTP proxy server installed on the local machine that will relay the email along with the added/changed text lines.
The SMTP server is the cleaner way to go, no doubt. But that requires the settings of the e-mail client to be changed. Perhaps that is not desired.

-- David
GaryGlaze2496
Posts: 14
Joined: Mon Dec 27, 2004 9:38 pm

Post by GaryGlaze2496 »

Hey,

Great idea about the SMTP proxy server.

My only question would be very similar to the most recent reply - if we did it that way, would the user have to change their SMTP settings?

Or can we make it somewhat of a "transparent proxy?"

I know that AntiVirus software like AVG, and Norton, etc., all scan outgoing email before it goes out.

I wonder how they are doing it...

Gary
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Scanning and modifying are two different things. Read only access is easier to realize than modifying the contents of a mail.

Anyway, you asked me to contact you and I did. Did you receive my mail?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

P.S: Maybe you could hook the WinSock APIs which connect to a specific server and let that run through your proxy? Just an alternative idea. But I guess your first approach (hooking send) is probably easier to realize.
JohnStevenson
Posts: 27
Joined: Mon Jun 14, 2004 12:45 pm

Post by JohnStevenson »

Regarding changing your SMTP settings, I'm currently working on a project that diverts email to a new SMTP server address, without having to change the settings in your email program. This is useful if you use multiple ISPs or are moving around with a laptop.

It detects the settings for popular email clients like Outlook, Outlook Express, all Mozilla versions and Eudora.

Anyway, this technology is already written if you go down the SMTP proxy server route.
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:

Post by dcsoft »

GaryGlaze2496 wrote:Hey madshi,

Tried that, and if I understand correctly, you wanted me to do...

oldHook(...);
result := oldSize;

instead of

result := oldHook(...);

right?

Tried that, no success unfortunately....

Gary
Gary, by coincidence my own project demanded I accomplish this exact same task! And I got the same results as you: I modified the buffer in send() to be longer, and when I did that, Firefox acted like the page had been loaded but really did nothing.

Madshi was right on. The problem was caused by returning a length bigger than the original. It could be Firefox sees this as an impossible condition and does not repaint the screen. (Since Firefox is open-source, we could easily check.) Taking your example, I altered code as follows:

Code: Select all


function sendHookProc(s: Integer; Buf: Pointer; len, flags : Integer) : 
Integer; stdcall;

var
  s1: string;
  ret: Integer;

begin
  SetString(s1, PChar(Buf), len);
  ReplaceStr(s1, 'abcd', 'efghi');
  ret := sendNextHook(s, pointer(s1), length(s1), flags);

  { if ret < length(s1), the packet fragmented, and you must do something to send the rest! }

  { return what the client expects, or else it will behave inappropriately }
  result := len;
end;
and it worked perfectly. Give it a shot!

Thanks Madshi for a wonderful hint! :D

Cheers,
David
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

hi, I have this problem too.
How can I split a sending packet and send it with smaller size ??? (bandwidth limit)
GaryGlaze2496
Posts: 14
Joined: Mon Dec 27, 2004 9:38 pm

Post by GaryGlaze2496 »

Hi Everyone,

Just to let you know that we are still working out this program here. The solutions posted here have been a great help, and thank you to everyone...

I'll update you later with more progress..

Gary
Post Reply