Solved

How to Hook Winsock Api ,

Posted on 2002-04-26
15
1,656 Views
Last Modified: 2013-12-03
Situation:

Need to intercept the Connect APIs on Windows NT and replace it with my own function, being called
from a DLL, and then have my program call the "old" API function to complete the process.

Connect -> 192.1.1.254

replace to

if (Connect == '192.1.1.254')
{
  Connect == ' 192.1.1.10'
}


Good luck!  Let me know if you have any questions.  I would like VC++6.0 source code...  Thanks!

0
Comment
Question by:kk2k
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 20

Expert Comment

by:Madshi
ID: 6972859
Do you need this system wide or only for a specific process? Do you need to do this programatically or would perhaps installing a proxy (or something like that) solve the problem, too?
0
 

Author Comment

by:kk2k
ID: 6972920
Just only for a specific process.

0
 
LVL 20

Expert Comment

by:Madshi
ID: 6972951
Then you might want to look at my package "madCodeHookLib" (free for non-commercial purpose). With this package you can inject a self-written dll into the specific process. Then in the dll you can hook the connect APIs, again using my package.

Here is the online documentation. It is for the Delphi version of my package, but a C++ package is also available.

http://help.madshi.net/Data/madCodeHook.htm

Here is a demo, which shows all the basic framework you need:

http://help.madshi.net/Data/HookingNotepad.htm

Regards, Madshi.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:kk2k
ID: 6972976
Hi,Madshi
 
  Can you use your package write some functions  for me


Connect -> 192.1.1.254

replace to

if (Connect == '192.1.1.254')
{
 Connect == ' 192.1.1.10'
}

VC code ~~  thanks~

0
 

Author Comment

by:kk2k
ID: 6972977
Hi,Madshi
 
  Can you use your package write some functions  for me


Connect -> 192.1.1.254

replace to

if (Connect == '192.1.1.254')
{
 Connect == ' 192.1.1.10'
}

VC code ~~  thanks~

0
 
LVL 20

Expert Comment

by:Madshi
ID: 6972978
I'm sorry. First of all I'm a Delphi programmer. Second, I've not the time to do all the work for you...   :-/   There are also C++ demos in the demo folder. If you dig a bit, you'll be able to do it yourself, I think...
0
 
LVL 32

Expert Comment

by:jhance
ID: 6973057
Here's another great source of information:

http://www.codeguru.com/system/apihook.html

Not only is the article itself excellent, but an example application is supplied and there are references to just about every item written on this topic.
0
 

Author Comment

by:kk2k
ID: 6973074
I want some demo c++ code for my example
0
 
LVL 32

Expert Comment

by:jhance
ID: 6973081
It really would help if you would READ THE COMMENTS offered here to help you:


Here's another great source of information:

http://www.codeguru.com/system/apihook.html

Not only is the article itself excellent, but AN EXAMPLE APPLICATION IS SUPPLIED and there are references
to just about every item written on this topic.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6973160
The article & source code mentioned by jhance is really a good one. However, I don't like the API hooking method used there, namely Import Table Patching. It's really not the best method. Well, but it's good enough in a lot of situations, so you will have to try out, whether you catch all needed API calls with this method or not.
0
 
LVL 32

Expert Comment

by:jhance
ID: 6973225
The nicest thing about the article is the collection of references.  All the different techniques have their own advantages and disadvantatges.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6973328
Let me just add a comment to one part of that article:

>> Injecting DLL by using CreateRemoteThread() API function. Well, this is my favorite one. Unfortunately it is supported only by NT and Windows 2K operating systems.

Win9x does have a CreateRemoteThread like function, it's just not exported from kernel32. My package is able to access this internal function...   :-)
0
 

Author Comment

by:kk2k
ID: 6973388
OK, but not have source file for my Question .

To: jhance
   you havn't Detail for my Question.

To: Madshi

   i am VC programmer. i don't Use Delphi . but you madCodeHookLib is good tool .
   can you get me some source for vc ?

   i will accept comment as answer in tomorrow.
0
 
LVL 20

Accepted Solution

by:
Madshi earned 200 total points
ID: 6973510
Here is a demo that shows you how to hook the well known API "WinExec". You should be able to easily change it to the winsock "Connect" API(s). Do this stuff in a little dll. Then just call "InjectLibrary(otherProcessHandle, 'c:\fullPatj\yourHooking.dll')" in a little launcher application. That's it. Relatively easy, don't you agree?

This demo is directly from the Demo folder of my package. I'm sorry, but I don't have the time to give you full sources for you "Connect" hooking thing. It would cost me too much time...

Regards, Madshi.


// demonstrate how madCodeHook can hook (almost) any API under any win32 OS
// a madCodeHook is normally only process wide
// look at the systemAPI demo for infos about system wide hooks
// (note, that you can even hook so-called shared system APIs under win9x)

#include <windows.h>
#include "madCodeHookLib.h"

// variable for the "next hook", which we then call in the callback function
// it must have *exactly* the same parameters and calling convention as the
// original function
// besides, it's also the parameter that you need to undo the code hook again
UINT (WINAPI *WinExecNextHook)(LPCSTR lpCmdLine, UINT uCmdShow);

// this function is our hook callback function, which will receive
// all calls to the original SomeFunc function, as soon as we've hooked it
// the hook function must have *exactly* the same parameters and calling
// convention as the original function
UINT WINAPI WinExecHookProc(LPCSTR lpCmdLine, UINT uCmdShow)
{
  UINT result;

  // check the input parameters and ask whether the call should be executed
  if (MessageBox(0, lpCmdLine, "Execute?", MB_YESNO | MB_ICONQUESTION) == IDYES)
  {
    // now call the original function, but in minimized form (just for fun :-)
    result = WinExecNextHook(lpCmdLine, SW_SHOWMINIMIZED);
  } else
    // if we didn't execute the call, we should at least return a valid value
    result = ERROR_FILE_NOT_FOUND;
  return result;
}

int pascal WinMain(HINSTANCE hCurInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
  // we install our hook on the API...
  // alternatively to the call below you can also use this one:
  // HookAPI('kernel32.dll', 'WinExec', @WinExecHookProc, @WinExecNextHook);
  HookCode(WinExec, WinExecHookProc, (PVOID*) &WinExecNextHook);
  // now call the original (but hooked) API
  // as a result of the hook the user will receive our messageBox etc
  WinExec("notepad.exe", SW_SHOWNORMAL);
  // *PLEASE* be cautious when you hook APIs in win9x that are in the shared area
  // e.g. kernel32.dll and user32.dll are in the shared area
  // each dll with GetModuleHandle >= $80000000 is in the shared area
  // with madCodeHook you can hook such "shared APIs" like any other
  // but if you don't unhook them, rests of your hooks will remain installed
  // even after your application closes
  // that doesn't impact system stability, but it's not good for performance
  // (under winNT/2000 you don't need to care about unhooking)
  UnhookCode((PVOID*) &WinExecNextHook);

  return 0;
}
0
 
LVL 1

Expert Comment

by:nildo
ID: 7724895
What messages are avaliabled on the Socket APIs ?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to add a user-defined command button to the Windows 7 Explorer toolbar.  In the previous article (http://www.experts-exchange.com/A_2172.html), we saw how to put the Delete button back there where it belongs.  "Delete" is …
After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now