MrCalab666
asked on
How to hook WS2_32.recv systemwide under Windows XP?
I'm using MadShi's CodeHook and following WinSock-hook works fine in Win 98, but in Windows XP the hook for the WS2_32.recv function is never called. send, connect and closesocket are still working as intended.
HookAPI('ws2_32.dll', 'recv', @recvCallback, @recvNext);
Some working example code would be great. I guess not SUCH a big deal, but I gave it up to search the web so 500 points, because I need a solution soon :).
Greetings,
Michael
HookAPI('ws2_32.dll', 'recv', @recvCallback, @recvNext);
Some working example code would be great. I guess not SUCH a big deal, but I gave it up to search the web so 500 points, because I need a solution soon :).
Greetings,
Michael
What does HookAPI return? True or false?
ASKER
Log-File:
send succesfuly hooked
recv succesfuly hooked
recvfrom succesfuly hooked
connect succesfuly hooked
closesocket succesfuly hooked
All hooked. "recvfrom" is even called, but "recv" never and the code works perfectly for Win9x and WinME. If you search google for problems+hooking+recv+XP you'll also find a couple of results with the same problem. Don't know what's so especial on this function. As said, send, recvfrom, connect and closesocket work fine, but my recv is never called. I also don't have any firewall installed or what ever, simple XP install and it doesn't work on friend's computers as well... only on 9x.... why ever. I also tried renewing the hook as written in your documentation... no effect.
Greetings,
Michael
send succesfuly hooked
recv succesfuly hooked
recvfrom succesfuly hooked
connect succesfuly hooked
closesocket succesfuly hooked
All hooked. "recvfrom" is even called, but "recv" never and the code works perfectly for Win9x and WinME. If you search google for problems+hooking+recv+XP you'll also find a couple of results with the same problem. Don't know what's so especial on this function. As said, send, recvfrom, connect and closesocket work fine, but my recv is never called. I also don't have any firewall installed or what ever, simple XP install and it doesn't work on friend's computers as well... only on 9x.... why ever. I also tried renewing the hook as written in your documentation... no effect.
Greetings,
Michael
Are you sure that the API is called? Maybe the hook doesn't fire, because nobody calls that API?
ASKER
Did a lot of testing now.... seems that many programs which have been calling "recv" in Win9x, don't call it anymore in Windows XP... I guess they're not using WinSock directly, but some sort of driver which uses WinSock in Win9x, but not in XP anymore. I tried a bunch of programs and the only one still using recv was TeamSpeak... what the heck are they using as alternate? Well, for games DirectPlay possibly... but normal applications? I need to find a way to hook in at a lower level I guess, so that I am able to filter all TCP/IP packages, doesn't matter which API they're using, not just the ones using WinSock.... normally thought with hooking WinSock I would hook everything... thought wrong ^^.
Greetings,
Michael
Greetings,
Michael
Remember, there is wsock32.dll (WinSock 1) and ws2_32.dll (WinSock 2). Also remember, some of the APIs are alternatively available with a "WSA" prefix.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was the solution, now it's working as intended in XP as well, thanks a bunch :).
Greetings,
Michael
p.s. Am simply "routing" both functions now to my own one and always call WinSock2's recv, works fine:
b:=HookAPI('ws2_32.dll', 'recv', @recvCallback, @recvNext);
if(b) then writeln(t,'recv succesfuly hooked') else writeln(t,'recv couldn''t be hooked');
b:=HookAPI('wsock32.dll', 'recv', @recvCallback, @recvOldNext);
if(b) then writeln(t,'WinSock1 recv succesfuly hooked') else writeln(t,'WinSock1 recv couldn''t be hooked');
Greetings,
Michael
p.s. Am simply "routing" both functions now to my own one and always call WinSock2's recv, works fine:
b:=HookAPI('ws2_32.dll', 'recv', @recvCallback, @recvNext);
if(b) then writeln(t,'recv succesfuly hooked') else writeln(t,'recv couldn''t be hooked');
b:=HookAPI('wsock32.dll', 'recv', @recvCallback, @recvOldNext);
if(b) then writeln(t,'WinSock1 recv succesfuly hooked') else writeln(t,'WinSock1 recv couldn''t be hooked');