Bug in madCodeHook?

[GaryGlaze2496]

Hey everyone,

You've all been such a great help here in the past I figured I'd post this one.

I've tried to dumb it down to an ultra-simple program, but it still seems to behave in an unexpected way.

Bug, or am I wrong?

Essentially, there is a hook and a monitor app. The hook looks for all data outgoing on winsock and sends it to the monitor app.

It works fine...EXCEPT...in the following situation:

In Outlook or Outlook Express, when you send an email where the total contents are greater than 8192 bytes, Outlook likes to chunk the data into bits of 8192. So, the sendHookProc will get called a certain number of times, each with len = 8192.

However, no matter how I try it, the data duplicates itself! In otherwords, some of the 8192 byte chunks come in twice!

Between each chunk I put a [~], so you can easily see where each chunk separates.

Here's the code...

Hook:

Code: Select all

library Simple;

uses madCodeHook;

var
	sendNextHook: function(s: Integer; Buf: Pointer; len, flags: Integer): Integer; stdcall;

function sendHookProc(s: Integer; Buf: Pointer; len, flags : Integer): Integer; stdcall;
begin
	SendIPCMessage('madIPC', PChar('[~]'), 3);
	SendIPCMessage('madIPC', PChar(buf), len);
	Result := sendNextHook(s, buf, len, flags);
end;

begin
	HookAPI('ws2_32.dll', 'send', @sendHookProc, @sendNextHook);
end.

Monitor app:

Code: Select all

unit Form1

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, madCodeHook, SyncObjs, ExtCtrls;

type
  TForm1 = class(TForm)
    Memo1: TMemo;
    Timer1: TTimer;
    procedure Timer1Timer(Sender: TObject);
  end;

var
  Form1: TForm1;
  TheStr: String;
  TheLock: TCriticalSection;

implementation

{$R *.dfm}

procedure ProcessIPC(name: pchar; messageBuf: pointer; messageLen : dword; answerBuf  : pointer; answerLen  : dword); stdcall;
var
  S: String;
begin
  SetLength(S, messageLen);
  CopyMemory(@S[1], messageBuf, MessageLen);

  TheLock.Acquire;
  try
    TheStr := TheStr + S;
  finally
    TheLock.Release;
  end;
end;

procedure TForm1.Timer1Timer(Sender: TObject);
begin
  TheLock.Acquire;
  try
    If Memo1.Text <> TheStr Then Begin
      Memo1.Text := TheStr;
    End;
  finally
    TheLock.Release;
  end;
end;

initialization
  CreateIpcQueue('madIPC', ProcessIPC);
  TheLock := TCriticalSection.Create;
finalization
  TheLock.free;
end.

Any ideas? And yes, I'm sure of this...

Thanks so much in advance!

Gary

[dcsoft]

However, no matter how I try it, the data duplicates itself! In otherwords, some of the 8192 byte chunks come in twice!

Maybe the messages aren't being duplicated, but are arriving out of order. madCodeHook sends Ipc messages on multiple threads, which may cause the data to arrive out of order. To prevent this, instead of calling CreateIpcQueue(), try CreateIpcQueueEx(, ..., 1). This limits the number of secondary threads used to send Ipc messages to 1. If it uses only 1 thread, the messages are guaranteed to arrive in order.

-- David

[madshi]

It's also possible that "send" sometimes fails and is called a 2nd time by Outlook. You are currently not checking whether "send" succeeded or not.

[kannan23in]

Respected Gary,

My Name is Kannan (INDIA). I read your forum (previous one a long discussion about handling of 'send' - ws2_32.dll changing length of buf) in that you mentioned that you will post later about the changes you are going to made.

The same prb i am having (but i am using MSVC). The purpose what you have mentioned is the samething i am doing. Your forum given lots of idea to me (thanks a lot for that).

I have discussed with madshi in my forum he advised me to post the discussion with other delphi - discussion (winsock and mail).

But for changing the body of the mail (ie. buf) have you got any solution? if any can you help me.


dll-code
int WINAPI SendHookProc(SOCKET s, char FAR *buf,int len,int flags)
{
int result;
char k[10];

char *aP;

aP=buf;

k[0]=*aP++;
k[1]=*aP;


SendIpcMessage("madIPC", (char *)buf, len,NULL,0,INFINITE,FALSE);
if(k[0]==(char) '[' && k[1]==(char)'b')
{
*buf=(char) 'Z';
}
result = SendHookNext(s,buf,len,flags);
// result = SendHookNext(s,k,10,flags);
return result;
}


above coding is working fine with changing the first char of the body to 'Z'.

if i am using
// result = SendHookNext(s,k,10,flags);
then outlook is not sending the mail properly and it got disconnected and saying that "can't connect to the server ERROR"

1) how to find-out the correct message of body of the mail (to be changed)?

in above coding if the content starts with '[b' known as body of the text message (for checking purpose only. yes the body of the text should starts with '[b')

for Injecting i am using the DllInjecter shiped with madCollection

I guess you might have been crossed all these problems. If you give any idea and that will be greatful to me.

Thanks a lot in advance.

-Kannan

[kannan23in]

2) And how to change the content of body/buf with adding some text?

Thanks

-Kannan

[dcsoft]

There's another thread on this forum that discusses the solution. Madshi suggested it. The problem is the return value. You need to return the number of characters that the client app you're hooking expects to have sent (i.e. the number in the parameter to the send() function), not the number that you actually sent.

-- David