Winsock (mainly recv function)

[Walkman]

I've read a bunch of text right now and I decided to ask here now .

Anyways, I've successfully coded a winsock hook for both the send() and recv() functions. I've managed to read both the sent and recieved data of an application through my hooking DLL. I've also managed to be able to send my own packets through ipc queue's which calls a function in the DLL file; as if the application is sending the packets itself.

I've now encountered a problem with the recv function: I'm trying to make the application recieve packets as if they were sent from the server. (I am aware that I can filter packets, but that is not what I want). But none of my tests worked.

So, basically I just need a little help or a push in the right direction

Thanks for any answers in advance;

If it is any help I'm doing this with Delphi 7 and of course madCodeHook
// Walkman

PS: I recently reinstalled my other computer, but every time I tried to use InjectLibrary on that computer (WinME) every system process caused an error and the computer had to be restarted. Any idea what causes this?

[madshi]

Sorry, I'm no WinSock expert. Maybe someone else can help.

About that ME computer. Can you please try the demos which ship with madCodeHook? Do they also freeze that PC? Which version of madCodeHook/madCollection are you using?

[Walkman]

No, the demos didn't work either. The first thing that happends is that kernel causes an error in <unknown> and then a chain reaction that eventually crashes the whole system.

(It worked before I formatted the computer; altho all drivers etc are back where they should be as before. But I must have missed something, otherwise this wouldn't have happened)

// Walkman

[madshi]

Now that's strange. How about compressing the computer and sending it to me via email, so that I can have a look at the problem?

[madshi]

Which version of madCodeHook/madCollection are you using?

[Walkman]

The one that is currently available at this host; 2.1.6.0 I believe it is.

I'll send it via air-mail

// Walkman

[xHeaps]

... I've also managed to be able to send my own packets through ipc queue's which calls a function in the DLL file; as if the application is sending the packets itself.

Could you please explain how did you manage to do this?

Thanks!

[Walkman]

Of course. Create an IPC queue which points to an IPC handler. At the IPC handler you extract the "packet" from the IPC message. (Like, send an IPC message that looks like a packet in HEXadecimals).

After you've caught the packet and copied it then convert it to raw data format. I can help you with that loop if you want.

When you've done all that, just call the real Winsock Send function; but instead of calling with the normal "Buf" pointer, use your raw data you caught from the IPC Queue.

If this was unclear, tell me and I'll try to clarify

Edit:
Also, be sure you use the same socket number for YOUR send function as in the real one. A global variable might help you there

// Walkman

[xHeaps]

Thanks, it was perfectly clear, as I already tried something similar myself, but with no apparent success.

The thing is, the hooked application trough which I was trying to send the packet either didn't respond, and sometimes even crashed...

So if it is possible, I will keep trying! Thanks!

BTW, which application do you hook?

[Walkman]

Conveniently enough, an online game (my brother wanted me to make him something to *ease* his gaming )

PS: How does your function look like? I can maybe help you out

// Walkman

[madshi]

Ok, air-mail it to me...

[Walkman]

WSAGetLastError returns an error code 10035 (WSAEWOULDBLOCK ) and I got no idea why it does this, or how to get around it. It's quite late now so I'll hopefully find something on this later.

I think I found out the problem (just woke up) - I'm trying to recieve data on a socket which is not cleared. I'm thinking up several approaches now and if I can find something I'll tell you.

// Walkman