winsock hooking

c++ / delphi package - dll injection and api hooking
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Now how does it feel to have written the code yourself? :wink: I'm sure you really understand that code now!
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

hi

Post by legion »

hi
now i am very happy for finding the solution by myself.
i am also surprised by solution.it's so simple.i understand now you wouldn't give me it.
i needed just to chnage a bit of code. thank you madshi for that.

now i am working with the size adjustement.i try to change an string with another one which have an different lenght.
did you think is it possible ?

i have tried one but i receive the following error.

Code: Select all

invalid pointer operation
thank you
@+
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

How does your code look like?
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

hi

Post by legion »

hi
here is my code

Code: Select all

function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
i1 : integer;
newdata : pchar;
begin
    result:=0;
    i1 := 0;
    while true do begin
      i1 := PosPchar('helo', @Buf, 4, result, true, i1);
      if i1 >= 0 then
      begin
        GETMEM(newdata,len*2);
        copymemory(newdata,@buf,len*2);
        newdata :=pchar(newdata+#0);
        Move(pchar(string('realcool'))^, (pchar(@newdata) + i1)^, 8);
        zeromemory(@buf,len);
        copymemory(@buf,pointer(newdata),length(newdata));
        freemem(newdata,len*2)
        end
      else
      break;
    end;
 Result := sendNextHook(s, Buf, len, flags);
end;
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

YOu do not need to use

pointer(newdata)

because NewData is alread a Pointer. And do not need to do this

pchar(@newdata)

because NewData is reald a Pointer to a char (PChar). And this is not correct:

length(newdata)

You should use SizeOf instrad of Length, in this case, because its not exatly a String...
I hope I am helping you to find the right way
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Post by legion »

hi

thank you for your help.
but i have tried all that and it didn't work.
did you know why it doesn't work ?
i have trioed many things but i obtain always the same result.
did you have an idea ?

@+
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Debug it... Not using Delphi Debugger (as I know I can not use the Debugger to a injected dll), so put there manys MessageBox to know where the error is.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Or show us the new code after you corrected all the things Nildo mentioned.
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

hi

Post by legion »

hi
here is my code after doing change mentioned by nildo
but the error is not solved.

Code: Select all

function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
i1 : integer;
newdata : pchar;
begin
    result:=0;
    i1 := 0;
    while true do begin
      i1 := PosPchar('helo', @Buf, 4, result, true, i1);
      if i1 >= 0 then
      begin
        GETMEM(newdata,len*2);
        copymemory(newdata,@buf,len*2);
        Move(pchar(string('realcool'))^, (pchar(@newdata) + i1)^, 8);
        zeromemory(@buf,len); 
        copymemory(@buf,newdata,sizeof(newdata));
        freemem(newdata,len*2) 
        end
      else 
      break;
    end;
 Result := sendNextHook(s, Buf, len, flags);
end;

thank you
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Re: hi

Post by nildo »

Try this code, it worked for me

Code: Select all

function SendCallback( s: Integer; Buf: Pointer; len, flags: Integer): Integer; stdcall;
var
   i1 : integer;
   newdata : pchar;
begin
   Result := 0;
   i1 := 0;

   while true do
   begin
      i1 := PosPchar('halo', Buf, 4, len, true, i1);

      if i1 >= 0 then
      begin
         newdata := GetMemory( 8 );
         Move(pchar(string('realcool'))^, (PChar(newdata) + i1)^, 8);
         Buf := newdata;
         len := 8;
      end
      else
         break;
   end;

   Result := sendNextHook(s, Buf, len, flags);
end;
But look, I've used "Buf: Pointer" instead of "var Buf". And on this case, I do not write into the original Buffer, I just replace the Pointer to a Pointer that is pointing at NewData, so If you FreeMem of NewData, it won't work. Its just for you see it "working". Now that you get it working, do it in a way that you do not need to do this:

Buf := newdata;

Do in a way that you copy one buffer to another, but then you need to realloc the Buf. I am with no time for that now, try it!
legion
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

hi

Post by legion »

hi
thank you man for the code and help
the code doesn't work.
any error is occured when i inject it but all the data that i receive are changed and become unreadable even the halo string.

did you know why ?
are you tried the code ?
explication or help are welcome

@+
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Legion, the code works perfectly.
How are you testing it? Put here ALL your DLL. I think you are making a mistake. I think you have not changed the name of SendHookProc to HookCallBack, I think you have not changed the "var Buf" for "Buf: Pointer". Put here ALL your Dll.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

nildo's code looks alright to me - except one little thing. If "i1" is bigger than 0 there's a problem. Most of the time it will be "0" or "-1", though.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Here's a different approach using dynamic strings:

Code: Select all

function SendCallback( s: Integer; Buf: Pointer; len, flags: Integer): Integer; stdcall;
var s1 : string;
begin
  SetString(s1, Buf, len);
  ReplaceStr(s1, 'hello', 'reallycool');
  result := sendNextHook(s, pointer(s1), length(s1), flags);
end;
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

What about a dynamic PChar? Like if it have Chr( 0 ) in the Buffer ?
Post Reply