Greetings,
Has anyone used MadCodeHook to create an LSP transport service? In the context of parental control LSP seems a natural fit.
Do you think MadCodeHook is the way to go to achieve this? If not, how have you used MadCodeHook to hook into Winsock2?
Your feedback is greatly appreciated.
Using MadCodeHook in an Layered Service Provider solution?
-
MaestroNaj
- Posts: 4
- Joined: Tue Dec 22, 2009 8:51 pm
-
MaestroNaj
- Posts: 4
- Joined: Tue Dec 22, 2009 8:51 pm
LSP versus Hook: Pros and cons thus far
Based a preliminary study it would seem that hooking and LSPs are attempting to accomplish the same goal: inject a process in an existing flow to monitor, modify or block the outcome. The (current) pros and cons are as follows: please feel free to add to this initial list. Also, the list is presented in the (it's late and I've got other things to attend to order and no priority should be ascribed to the ordering.
1. Reusability: hook wins hands down since LSPs are (as far as I can tell) specific to winsock 2. I do not know if they are being used elsewhere.
2. Scalability: jury is still out. It would seem that since LSP is inherent to Winsock2 the Microsoft engineers would have structured it to handle the appropriate load although it is unsettling that no such details are given in the SDK docs. If you plan to hook within the context of a client than I'd wager that scalability is not important. If you plan to hook a server with thousands of connections / second, this may become important.
3. Legitimacy: LSP wins hands down. It is the Microsoft approved way to hook into Winsock. Hooking has a tarnished reputation since it has been used by (begin rant) pre-Cro-Magnon individuals who have tightly coupled their self-worth and finger muscles to a haggard collection of indisposed bits(end rant)
4. Shield Strength by "shield strength" I mean the ability of a piece of software to resist being summarily dislodged by a haggard collection of indisposed bits (see previous rants) or by a well-meaning but ignorant virus removal program. My current view is that it is a wash since both hooks and LSPs can be targeted by the same variety of software and Microsoft does not seem to offer a protection for installed LSPs. I do not know if virus removal programs ignore LSPs altogether or not.
5. Ease of Programming If you are a Delphi coder, hooking with MadCodeHook wins hands-down. If you are a C++ coder and do not fully understand how LSPs function hooking wins hands-down. If you are a c++/c coder who is proficient in Winsock then you might consider LSPs but I would like someone who is far more knowledgeable in this area to comment on this one.
6. Performance: TBD.
To be continued...
1. Reusability: hook wins hands down since LSPs are (as far as I can tell) specific to winsock 2. I do not know if they are being used elsewhere.
2. Scalability: jury is still out. It would seem that since LSP is inherent to Winsock2 the Microsoft engineers would have structured it to handle the appropriate load although it is unsettling that no such details are given in the SDK docs. If you plan to hook within the context of a client than I'd wager that scalability is not important. If you plan to hook a server with thousands of connections / second, this may become important.
3. Legitimacy: LSP wins hands down. It is the Microsoft approved way to hook into Winsock. Hooking has a tarnished reputation since it has been used by (begin rant) pre-Cro-Magnon individuals who have tightly coupled their self-worth and finger muscles to a haggard collection of indisposed bits(end rant)
4. Shield Strength by "shield strength" I mean the ability of a piece of software to resist being summarily dislodged by a haggard collection of indisposed bits (see previous rants) or by a well-meaning but ignorant virus removal program. My current view is that it is a wash since both hooks and LSPs can be targeted by the same variety of software and Microsoft does not seem to offer a protection for installed LSPs. I do not know if virus removal programs ignore LSPs altogether or not.
5. Ease of Programming If you are a Delphi coder, hooking with MadCodeHook wins hands-down. If you are a C++ coder and do not fully understand how LSPs function hooking wins hands-down. If you are a c++/c coder who is proficient in Winsock then you might consider LSPs but I would like someone who is far more knowledgeable in this area to comment on this one.
6. Performance: TBD.
To be continued...
-
jonny_valentine
- Posts: 109
- Joined: Thu Dec 30, 2004 9:59 pm
- Location: UK
DCsoft may be able to help better here, however in my opinion, Hooking with MCH is a lot easier than LSP... MCH is designed for this kind of thing, plus like David says, LSP can easily mess up and cause problems with your PC... MCH can also, but just play around with User processes only and restart PC if something goes wrong 
Be careful not to return bigger packet back to browser than it expects without first increasing the memory first or you will crash the browser.
Be careful not to return bigger packet back to browser than it expects without first increasing the memory first or you will crash the browser.