Help About Winsock Hook

c++ / delphi package - dll injection and api hooking

Help About Winsock Hook

Postby weic » Fri Jun 11, 2004 6:53 am

Hi all,
I konw someone can use madCodeHook to Hook Winsock sucessfully,
but I can't, :(
what's problem with my program? Here is my code, please help;
Code: Select all
library SockHook;

uses
  SysUtils,
  System,
  winsock2,
  windows,
  Messages,
  madCodeHook;

{$R *.res}

var
  RecvNext: function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
  SendNext: function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;

  WSASendNext: function (s:TSocket;lpBuffers:LPWSABUF;
                         dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
                         dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
                         lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
  WSARecvNext: function (s:TSocket;lpBuffers:LPWSABUF;
                         dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
                         dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
                         lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;

  hParentWnd: THandle;


procedure SaveInfo(sMsg: String);
var
  ds: TCopyDataStruct;
begin
  ds.cbData := Length(sMsg) + 1;
  GetMem(ds.lpData,ds.cbData);
  StrCopy(ds.lpData,PChar(sMsg));
  if hParentWND <> 0 then
    SendMessage (hParentWND, WM_COPYDATA, 0,Cardinal(@ds));
  FreeMem(ds.lpData);
end;

procedure GetParentHWND(s: THandle);
begin
  hParentWND := s;
end;

function RecvCallback(s: TSocket; var Buf; len, flags: Integer) : Integer; stdcall;
begin
  result := RecvNext(s,Buf,len,flags);
  SaveInfo('Recv');
end;

function SendCallback(s: TSocket; var Buf; len, flags: Integer) : Integer; stdcall;
begin
  result := SendNext(s,Buf,len,flags);
  SaveInfo('Send');
end;

function WSASendHook(s:TSocket;lpBuffers:LPWSABUF;
          dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
          dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
          lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
begin
  WSASendHook:=WSASendNext(s,lpBuffers,dwBufferCount,
          lpNumberOfBytesSent,dwFlags,lpOverlapped,lpCompletionROUTINE);
  SaveInfo('WSASend');
end;

function WSARecvHook(s:TSocket;lpBuffers:LPWSABUF;
          dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
          dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
          lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
begin
  WSARecvHook:=WSARecvNext(s,lpBuffers,dwBufferCount,
          lpNumberOfBytesSent,dwFlags,lpOverlapped,lpCompletionROUTINE);
  SaveInfo('WSARecv');
end;


procedure DoHook;
begin
  HookAPI('ws2_32.dll', 'recv', @RecvCallback, @RecvNext);
  HookAPI('ws2_32.dll', 'send', @SendCallback, @SendNext);

  HookAPI('ws2_32.dll','WSASend',@WSASendHook,@WSASendNext);
  HookAPI('ws2_32.dll','WSARecv',@WSARecvHook,@WSARecvNext);

  SaveInfo('Hooking.....');
end;

exports
  GetParentHWND,DoHook;

begin
  DoHook;
end.

THK's :crazy:
weic
 
Posts: 2
Joined: Fri Jun 11, 2004 6:45 am

Postby madshi » Fri Jun 11, 2004 10:47 am

The hooking probably works. But your message sending will not work. Look, each running process loads a totally independent copy of your hook dll. When you call "GetParentHwnd" you tell the hook dll copy which is loaded in your own process where to send the message to. But all the other dll copies still don't know that.

Basically I recommend to not export anything from the hook dll. It's not bad in itself. But not exporting anything will force you to do it right.

You can use SendIpcMessage and related functions to do the message sending. See documentation. Also see HookProcessTermination and PrinterMonitor demos.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

try

Postby weic » Tue Jun 15, 2004 12:51 pm

thanks ,madshi.

I understand what you mean.I will try other ways, : )
weic
 
Posts: 2
Joined: Fri Jun 11, 2004 6:45 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 8 guests