winsock hooking

c++ / delphi package - dll injection and api hooking

hi

Postby legion » Tue May 25, 2004 7:00 pm

hi madshi

thank you again now it work fine but if i hook only recv.
now i don't understand why by hooked only send i receive an error.
here is the code that i applied for the send

Code: Select all
function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var i1 : integer;
begin
  if result > 0 then begin
    i1 := 0;
    while true do begin
      i1 := PosPchar('helo', @Buf, 4, result, true, i1);
      if i1 >= 0 then
        Move(pchar(string('cool'))^, (pchar(@Buf) + i1)^, 4)
      else
        break;
    end;
  end;
  Result := sendNextHook(s, Buf, len, flags);
end;


normally i think it should work fine because i have hooked only the send inside my dll hook avoiding
error when hooking both (send and recv) like you are adviced.
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby madshi » Wed May 26, 2004 7:02 am

Come on. Try to understand the code, it's not *that* difficult. If you fail here, I'll have to guide you through every hooking project that you do and I don't have the time for that.

Hint: Look at where you're using "result" and where it actually gets filled with a value.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

hi

Postby legion » Wed May 26, 2004 2:56 pm

hi madshi


hooking winsock isn't easy because you must be an professionnal about hooking.you are an expert a bout hooking and me not.
all others hook that i have tried i have done it successfully but winsock
is a big problem for me.
i still try to solve it

@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby madshi » Wed May 26, 2004 3:06 pm

Code: Select all
function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var i1 : integer;
begin
  if result > 0 then begin    // (1)
    i1 := 0;
    while true do begin
      i1 := PosPchar('helo', @Buf, 4, result, true, i1);
      if i1 >= 0 then
        Move(pchar(string('cool'))^, (pchar(@Buf) + i1)^, 4)
      else
        break;
    end;
  end;
  Result := sendNextHook(s, Buf, len, flags);    // (2)
end;

In position (1) your code is asking what value is stored in "result". But "result" is undefined. Only in position (2) "result" gets initialized. So you can't use "result" before (2).

legion, have you tried to understand the code I gave you? I'm definately not willing to give you one piece of code after the other without that you try to understand it. Because if I do you won't learn anything. You'll just put my code in and next time you run into problems you'll ask me again and again - and I simply don't have the time for that in the long run. Try to understand the code. If you have trouble with that then say what you understood and where you have problems understanding it. If you have understood the code, you'll be able to make the "send" code work yourself.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Re: hi

Postby nildo » Wed May 26, 2004 8:16 pm

legion wrote:hooking winsock isn't easy because you must be an professionnal about hooking.


May I disagree with you?
Api Hooking will get an easy thing after you *understand* what is it and How does it work.
Hooking WinSock is not that different from others APIs. The differences are in the Pointers and Buffers that WinSock uses.
You need to learn more about Pointers and Buffers. Heres your difficult, not in hooking.

Theres a difference between hooking Send and Recv, is that your NextHook function must be called in different parts of your code. For example:

SendNextHook must be called AFTER you've changed the Buffer.
RecvNextHook must be called BEFORE you change the Buffer.

Thats the difference
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

hi

Postby legion » Wed May 26, 2004 11:07 pm

hi
ok i agree with you i know that hooking isn't difficult for you and perhaps for me.
hooking winsock the send function is became hard for me.after reading your replay (both) i have spent 3 hours by testing any possibilities
but i cannot solve it.
either it work but i can send only string "hello" without error or i can send any others strings and change work fine but the data are duplicated
eg : if i send helo i receive coolcool.
i have tested all possibilities that i know but i still receive an error.
the receive work fine now but the send :cry:
now i think that i must given up.
i am student at school not an perfect or professional programmer like you
i have tried many projects about hooking all worked fine but the (winsock and (registry hooking for monitoring change ) is so difficult for me .that is the first problem that i cannot solve. :sorry:

anyway thank you again for your help.
perhaps one day i will have the solution.

@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby madshi » Thu May 27, 2004 6:54 am

Don't give up that fast. Programmers sometimes need hours and days to solve a problem. But it's much more satisfying if you finally solve the problem yourself instead of getting a fully working solution from someone else which you don't understand.

Did you understand the "recv" code? Did you understand it fully (100%)? If not, ask what is unclear to you.

Come on, we'll guide you through this - but not by doing all the work for you. :wink:
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Re: hi

Postby nildo » Thu May 27, 2004 10:59 am

legion wrote:i am student at school not an perfect or professional programmer like you


erm, I am just 17 years old :oops:
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

hi

Postby legion » Thu May 27, 2004 7:26 pm

hi madshi

the code for the receive (recv) i tnink that i understand it fully i have even trying to change two data in the hook without any error occur.

i have tried even another method (overwriting but i don't know why it doesn't work).
i used this method to manage the buffer size.that's means when i change an data with an different string lenght it adjuste the size that why i tried the overwrite method.
i don't know what is bad in this code. :idea:
Code: Select all
function recvHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
  DataBuffer: pchar;
begin
  result := recvNextHook(s, Buf, len, flags);

  GetMem(DataBuffer, Result);
  try
    //get our copy of the data
    CopyMemory(DataBuffer, @Buf, Result);
    if result > 0 then begin
    i1 := 0;
    while true do begin
      i1 := PosPchar('helo', @DataBuffer, 4, result, true, i1);
      if i1 > 0 then
        Move(pchar(string('cool'))^, (pchar(@Buf)+i1)^, result)
      else
        break;
    end;
  end;
 //overwrite the original data with our new data
CopyMemory(@Buf, DataBuffer, Result);
finally
FreeMem(DataBuffer);
end;
end;


for the receive i think that all my code is fine because i have respected an logical structure.
but i still fails and i don't know what ?
i understand also that i must change data in send before calling the real api function.
but when i try to change it,an error occur inside my hook dll.
i have tested and looked many type of code that i have tried but it doesn't work.

if you can explain what's happen about my code and give me also some hint perhaps i think that i can solve it ? but i am not sure :idea:


thank you again
@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby nildo » Thu May 27, 2004 7:44 pm

Hi Legion!
Well, the Buf parameter is a Pointer... you'll need to reallocate memory for this Buffer. If its a Pointer to a Char, someone else had alread allocated that Buffer. If you want to change the size of this buffer you need to realloc. Thats it, but I strongly recommend you not to change the Buffer size, because the Server Side of your target may be waiting for a buffer of size X (most of the time this happens) to see what the Client Side is wanting. Wanna see an example of this?

Code: Select all
type
   TMyRecord = record
      name: string[ 10 ];
      age: integer;
   end;

var
   MyRecord: TMyRecord;


Client Side wrote:
Code: Select all
MySocket.SendBuf( @MyRecord, SizeOf( MyRecord ) );


Server Side wrote:
Code: Select all
if Len = SizeOf( MyRecord ) then
   MyRecordRecvd^ := TMyRecord( @MyRecordRecvd );


Understand? This sends a buffer to the server and the server recognize this Buffer by the Size. If the size was changed nothing will happen.
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

hi

Postby legion » Fri May 28, 2004 5:28 pm

hi nildo

thank you for trying to help me
but i don't understand your code i think that it is fifferent to the hook that i try to do.
in your code i see server side and client side but this is not what we are trying to do.
i would just hook the function send and change the data before sending
and also if it is posible to ajust the size if the data we are trying to change with the new one are different.
but for me just changing the data is good.

thank you again
hoping that madshi will give us the light

@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Postby nildo » Fri May 28, 2004 5:38 pm

I was just trying to tell you that its not really cool to change the data size. BUt if you would like to change, you need to realloc memory for the data (directly in Buf), because that is a Pointer to a Char, you can not change the data to a Bigger one, so you need to realloc the memory used by Buf
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

hi

Postby legion » Fri May 28, 2004 6:47 pm

hi
thank you man
now i understand how difficult it is for changing data to another one with the lenght.
what do you understand by "realloc memory for the data (directly in Buf)"
is it possible ? :idea:
if you have an basic code sample it is welcome.
in my hook i think that i have done an small progress because now i can change the data without error but the server or the application which waiting the data never received :confused:
i hope that madshi or someone will highlight us.

thank you all again


@+
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

Re: hi

Postby nildo » Fri May 28, 2004 7:20 pm

legion wrote:what do you understand by "realloc memory for the data (directly in Buf)"


When working with Pointers, you need to allocate a memory for it on the Memory. FOr example: I've allocated 10 bytes. If I want to change the size of this Buffer to 15, then I need to realocate this memory to 15 bytes.

legion wrote:if you have an basic code sample it is welcome.


Unfortunatly my code is very specific to another things, and on my code I do not change the size of the Buf because can confuse the Hooked-Application.

legion wrote:in my hook i think that i have done an small progress because now i can change the data without error but the server or the application which waiting the data never received :confused:


One thing at a Time. Make it work without changing the data size. Then you try to change the data size.
nildo
 
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

hi

Postby legion » Sat May 29, 2004 4:05 pm

hi all

héhé now i can change data in "send" successfully without any error. 8)
thank you both for your help
now i am working about changing an string with a different size.

thank you for your help.
legion
 
Posts: 32
Joined: Sat May 15, 2004 7:48 pm

PreviousNext

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 6 guests