Help About Winsock Hook

c++ / delphi package - dll injection and api hooking
Post Reply
weic
Posts: 2
Joined: Fri Jun 11, 2004 6:45 am

Help About Winsock Hook

Post by weic »

Hi all,
I konw someone can use madCodeHook to Hook Winsock sucessfully,
but I can't, :(
what's problem with my program? Here is my code, please help;

Code: Select all

library SockHook;

uses
  SysUtils,
  System,
  winsock2,
  windows,
  Messages,
  madCodeHook;

{$R *.res}

var
  RecvNext: function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
  SendNext: function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;

  WSASendNext: function (s:TSocket;lpBuffers:LPWSABUF;
                         dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
                         dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
                         lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
  WSARecvNext: function (s:TSocket;lpBuffers:LPWSABUF;
                         dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
                         dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
                         lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;

  hParentWnd: THandle;


procedure SaveInfo(sMsg: String);
var
  ds: TCopyDataStruct;
begin
  ds.cbData := Length(sMsg) + 1;
  GetMem(ds.lpData,ds.cbData);
  StrCopy(ds.lpData,PChar(sMsg));
  if hParentWND <> 0 then
    SendMessage (hParentWND, WM_COPYDATA, 0,Cardinal(@ds));
  FreeMem(ds.lpData);
end;

procedure GetParentHWND(s: THandle);
begin
  hParentWND := s;
end;

function RecvCallback(s: TSocket; var Buf; len, flags: Integer) : Integer; stdcall;
begin
  result := RecvNext(s,Buf,len,flags);
  SaveInfo('Recv');
end;

function SendCallback(s: TSocket; var Buf; len, flags: Integer) : Integer; stdcall;
begin
  result := SendNext(s,Buf,len,flags);
  SaveInfo('Send');
end;

function WSASendHook(s:TSocket;lpBuffers:LPWSABUF;
          dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
          dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
          lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
begin
  WSASendHook:=WSASendNext(s,lpBuffers,dwBufferCount,
          lpNumberOfBytesSent,dwFlags,lpOverlapped,lpCompletionROUTINE);
  SaveInfo('WSASend');
end;

function WSARecvHook(s:TSocket;lpBuffers:LPWSABUF;
          dwBufferCount:dword;lpNumberOfBytesSent:LPDWORD;
          dwFlags:DWORD;lpOverlapped:LPWSAOVERLAPPED;
          lpCompletionROUTINE:LPWSAOVERLAPPED_COMPLETION_ROUTINE):integer;stdcall;
begin
  WSARecvHook:=WSARecvNext(s,lpBuffers,dwBufferCount,
          lpNumberOfBytesSent,dwFlags,lpOverlapped,lpCompletionROUTINE);
  SaveInfo('WSARecv');
end;


procedure DoHook;
begin
  HookAPI('ws2_32.dll', 'recv', @RecvCallback, @RecvNext);
  HookAPI('ws2_32.dll', 'send', @SendCallback, @SendNext);

  HookAPI('ws2_32.dll','WSASend',@WSASendHook,@WSASendNext);
  HookAPI('ws2_32.dll','WSARecv',@WSARecvHook,@WSARecvNext);

  SaveInfo('Hooking.....');
end;

exports
  GetParentHWND,DoHook;

begin
  DoHook;
end.
THK's :crazy:
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

The hooking probably works. But your message sending will not work. Look, each running process loads a totally independent copy of your hook dll. When you call "GetParentHwnd" you tell the hook dll copy which is loaded in your own process where to send the message to. But all the other dll copies still don't know that.

Basically I recommend to not export anything from the hook dll. It's not bad in itself. But not exporting anything will force you to do it right.

You can use SendIpcMessage and related functions to do the message sending. See documentation. Also see HookProcessTermination and PrinterMonitor demos.
weic
Posts: 2
Joined: Fri Jun 11, 2004 6:45 am

try

Post by weic »

thanks ,madshi.

I understand what you mean.I will try other ways, : )
Post Reply