i'v been working on a winsock demo project (orginally made by Aphex, but heavly modified) but i some things still goes wrong.. I attempt to intercept send/recv data and log it back to the base application using IPC. The problem is that IE/MSN act very unstable on this code. IE crashes after ~30 page requests, I suspect that a few bytes are lost in the send/recv events but im unable to find any thing wrong. The reason i think this is because MSN traffic is shown perfectly in the base logapp but it still says that there is a problem while connecting. Can somebody please look at it, so when its fixed u can give this thread url as refrence for a winsock demo .. (i'v seen the request for this alot of times). note: this code also tries to log the remote ip of the socket, i commented that code first, but had no effect.
btw, sorry for the sloppy coding, but just hacking on it for a few hours and the last thing on my mind was to clean up the code a bit
thanks for all the work madshi!
Code: Select all
library Project1;
uses
Windows,
Winsock,
SysUtils,
madRemote,
madCodeHook;
{$R *.RES}
var
connectNextHook: function (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
recvNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
DataSocket: TSocket;
LastDataSocket : Tsocket;
var
strAppExe: string;
strSockIP : String;
function GetModuleFileName: string;
var
pid : dword;
Buffer: array[0..MAX_PATH] of Char;
begin
{ SetString(Result, Buffer, Windows.GetModuleFileName(HInstance,
Buffer, SizeOf(Buffer)));}
ProcessIdToFilename(ProcessHandleToId (GetCurrentProcess()),Buffer);
Result := StrPas(Buffer);
end;
function GetPeerAddr: string;
var
saddr : TSockAddrIn;
saddrlen : integer;
szAddr : PChar;
begin
Result := 'error';
if GetPeerName(DataSocket, TSockAddr(saddr), saddrlen) = 0 then begin
szAddr := Inet_ntoa(saddr.sin_addr);
Result := StrPas(szAddr);
end;
end;
procedure CheckIP();
begin
if (LastDataSocket = 0) OR ( DataSocket <> LastDataSocket) then
begin
LastDataSocket := DataSocket;
strSockIP := GetPeerAddr();
end
end;
procedure IPCLog(strWhat : String);
var
Result : Integer;
begin
strWhat := '[' + strAppExe + ' (' + strSockIP + ')] ' + strWhat;
SendIpcMessage('whooklib', pchar(strWhat), Length(strWhat), @result, sizeOf(result));
end;
function ConvertDataToAscii(Buffer: pointer; Length: Word): string;
var
Iterator: integer;
AsciiBuffer: string;
begin
AsciiBuffer := '';
for Iterator := 0 to Length - 1 do
begin
if char(pointer(integer(Buffer) + Iterator)^) in [#32..#127] then
AsciiBuffer := AsciiBuffer + ' ' + char(pointer(integer(Buffer) + Iterator)^) + ' '
else
AsciiBuffer := AsciiBuffer + ' . ';
end;
Result := AsciiBuffer;
end;
function ConvertDataToHex(Buffer: pointer; Length: Word): string;
var
Iterator: integer;
HexBuffer: string;
begin
HexBuffer := '';
for Iterator := 0 to Length - 1 do
begin
HexBuffer := HexBuffer + IntToHex(Ord(char(pointer(integer(Buffer) + Iterator)^)), 2) + ' ';
end;
Result := HexBuffer;
end;
function connectHookProc (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
begin
Result := connectNextHook(s,name,namelen);
if Result = 0 then
begin
DataSocket := s;
CheckIP();
end;
end;
function recvHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
AsciiBuffer: string;
HexBuffer: string;
DataBuffer: pchar;
begin
//call the real winsock function
Result := recvNextHook(s, Buf, len, flags);
//allocate memory for our copy of the data
GetMem(DataBuffer, Result);
try
//get our copy of the data
CopyMemory(DataBuffer, @Buf, Result);
IPCLog( 'recv: ' + DataBuffer);
finally
FreeMem(DataBuffer);
end;
end;
function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
AsciiBuffer: string;
HexBuffer: string;
DataBuffer: pchar;
begin
{ DataSocket := s;
CheckIP();}
//allocate memory for our copy of the data
GetMem(DataBuffer, len);
try
//get our copy of the data
CopyMemory(DataBuffer, @Buf, len);
IPCLog( 'send: ' + DataBuffer);
finally
FreeMem(DataBuffer);
end;
//call the real winsock function
Result := sendNextHook(s, Buf, len, flags);
end;
begin
strAppExe := GetModuleFileName();
strSockIP := 'undefined';
DataSocket := 0;
LastDataSocket := 0;
hookapi('ws2_32.dll','send', @sendHookProc, @sendNextHook);
hookapi('wsock32.dll','send', @sendHookProc, @sendNextHook);
hookapi('ws2_32.dll','recv', @recvHookProc, @recvNextHook);
hookapi('wsock32.dll','recv', @recvHookProc, @recvNextHook);
hookapi('ws2_32.dll','connect', @connectHookProc, @connectNextHook);
hookapi('wsock32.dll','connect', @connectHookProc, @connectNextHook);
end.
for the interested ppl, the base log app:
Code: Select all
unit injecter;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, madCodeHook,
StdCtrls;
type
// this is how you get notified about incoming ipc messages
// you have to write a function which fits to this type definition
// and then you give it into "CreateIpcQueue"
TIpcCallback = procedure (name : pchar;
messageBuf : pointer;
messageLen : dword;
answerBuf : pointer;
answerLen : dword); stdcall;
type
TForm1 = class(TForm)
log: TMemo;
Button1: TButton;
Button2: TButton;
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
{procedure RecvIPCmsg(name: pchar; messageBuf: pointer;
messageLen: dword; answerBuf: pointer; answerLen: dword);stdcall;}
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure RecvIPCmsg(name: pchar; messageBuf: pointer;
messageLen: dword; answerBuf: pointer; answerLen: dword);stdcall;
begin
//wassap
Form1.log.Lines.Add(StrPas(messageBuf));
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
CreateIpcQueue('whooklib', RecvIPCmsg);
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
DestroyIpcQueue('whooklib');
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
log.Lines.Add('injecting');
InjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'Project1.dll');
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
log.Lines.Add('uninjecting');
UnInjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'Project1.dll');
end;
end.