Hi all,
not really a madCodeHook question but stems from a Winsock hook that I have, so I thought I'd ask the experts.
I have a situation where I'm tracking send and receive data through winsock. There is some information that I need from the send() hook and I need to use it in the recv() hook. I therefore need to store this information in a queue and *marry* / locate it again from within the recv() hook.
In order to ensure that I'm looking at the right entry in the queue, I need to use the socket handle as the identifier. The only issue is, I'm not sure if I can simply copy this handle or do I need to duplicate it the same way that you do with a generic HANDLE. Or is it possible to convert the socket handle into some sort of numeric identifier?
Many thanks in advance,
Mike C
winsock hook - tracking socket handles
Hay nildo,
Thanks for the reply. I havent prototyped it yet because i've been busy with documentation, but i thought i would post here first of all.
Are you sure that it needs to be duplicated? I've been reading about WSADuplicateSocket (http://msdn.microsoft.com/en-us/library ... S.85).aspx) and it clearly states that:
"Sockets can be shared among threads in a given process without using the WSADuplicateSocket function because a socket descriptor is valid in all threads of a process"
I dont even want to use or share the socket handle, I just want to use it as a reference to be able to match a send() hooked request with a recv() hooked reply.
Many thanks again,
Mike C
Thanks for the reply. I havent prototyped it yet because i've been busy with documentation, but i thought i would post here first of all.
Are you sure that it needs to be duplicated? I've been reading about WSADuplicateSocket (http://msdn.microsoft.com/en-us/library ... S.85).aspx) and it clearly states that:
"Sockets can be shared among threads in a given process without using the WSADuplicateSocket function because a socket descriptor is valid in all threads of a process"
I dont even want to use or share the socket handle, I just want to use it as a reference to be able to match a send() hooked request with a recv() hooked reply.
Many thanks again,
Mike C
Mikec,
I have been debugging an app with hooked wsasend/wsareceive sockets for some time and I did not see the handle getting repeated in the time span of my tests. Not a guarantee though.
I'm extremely interested in your approach if you are storing the received data, and not immediately sending it back out. I have only managed to do an immediate 'receive next' in the hooked receive call, but would like to process the data 'asynchronously': MSN messages sometimes come in several blocks and I can only make decisions based on the content of *several* blocks, so I need to e.g. recieve and store 1, receive and store 2, process 1 and 2 (even modify them), send 1, send 2.
Is that what you are doing as well?
Bye
Jan
I have been debugging an app with hooked wsasend/wsareceive sockets for some time and I did not see the handle getting repeated in the time span of my tests. Not a guarantee though.
I'm extremely interested in your approach if you are storing the received data, and not immediately sending it back out. I have only managed to do an immediate 'receive next' in the hooked receive call, but would like to process the data 'asynchronously': MSN messages sometimes come in several blocks and I can only make decisions based on the content of *several* blocks, so I need to e.g. recieve and store 1, receive and store 2, process 1 and 2 (even modify them), send 1, send 2.
Is that what you are doing as well?
Bye
Jan