How to reader char* buf ?

I'm developing a game guard. And in the process, I want to read a packet and check its contents ... how should I do?

*(PDWORD)&OrigRecv = APIHook((DWORD)GetProcAddress(GetModuleHandle("Ws2_32.dll"), "recv"), (DWORD)MyRecv, (DWORD)OrigRecv);

Open in new window


my function recv

int WINAPI __stdcall MyRecv(SOCKET s, const char* buf, int len, int flags)
{
	int RecvedBytes = OrigRecv(s, buf, len, flags);
	if(RecvedBytes == SOCKET_ERROR) return RecvedBytes;

	eikasia_process_recv(s, (char *)buf, &RecvedBytes, flags); // Process the recived buffer
	return RecvedBytes;
}

Open in new window


My function process

void eikasia_process_recv(SOCKET s, char* buf, int *len, int flags) {
	unsigned int command = (*(unsigned short*)buf);


	if(command == 0x0363 ) {
 
     //reader buf data ...? read char* buf.... ?? help-me!

		}
	
}

Open in new window



When I find the packet I want to process, I want to read the contents of it to find the value I want. How to proceed?


my github: https://github.com/AsiaGenius/ring-0
magdiel linharesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sarabandeCommented:
first, if you call

     
int RecvedBytes = OrigRecv(s, buf, len, flags);

Open in new window


you should be sure that OrigRecv reads all data from socket. when using normal recv function you have to call in a loop until you got all data. you couldn't rely on that only complete packets were sent.

so normally the packets should begin with an integer telling how many bytes you have to read from socket until you were complete.

that means you first call recv and provide only a buffer of 4 bytes. these 4 bytes casted to an integer tell how many bytes you have to read.
then you call recv in a loop until you got all data.


I want to read the contents of it to find the value I want.  

if you pass the char buffer to another function, you should know how the data in the buffer are structured.

if the buffer is a text (message) you simply can assign the buffer to a string variable and then look for keywords by using the find functions (parsing).

std::string strkey;
std::string strbuf(buf, len); // fills buf into a string
std::cout << strbuf << std::endl;
int pos1 = (int)strbuf.find("Key=");
if (pos1 != std::string::npos)
{
    int pos2 = (int)strbuf.find(";", pos1);
    if (pos2 != std::string::npos)
    {
         pos1+=4;
         strkey = strbuf.substr(pos1, pos2-pos1);
         ....

Open in new window

if you got binary data you normally would have a structure definition which you could use as an overlay for the buffer:

struct MyData
{
     unsigned char bytes[20];
     char key[4];
     double data[10];
};

...

MyData data = { 0 };
if (len == (int)sizeof(MyData))
{
      memcpy(&data, buf, len);
      // now you can access all members of the data structure

Open in new window


Sara

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Murugesan NagarajanShell_script Automation /bin/bash /bin/bash.exe /bin/ksh /bin/mksh.exe AIX C C++ CYGWIN_NT HP-UX Linux MINGW32 MINGW64 SunOS Windows_NTCommented:
Hi magdiel linhares,

Before using buf verify that using:
if ( buf)
{
	// related statements.
}

Open in new window


Replace:
      if (pos1 != std::string::npos)
With:
      if ( std::string::npos != pos1 )

Replace:
      if ( std::string::npos != pos2 )
With:
      if ( std::string::npos != pos2 )

Replace:
      if (len == (int)sizeof(MyData))
With:
      if ( (int)sizeof(MyData) == len )

Purpose of these statements:
by mistake
         if (len == (int)sizeof(MyData))
can be written missing single equal to operator "="
         if (len = (int)sizeof(MyData))
and compiler won't report that error.

if (pos2 != std::string::npos)
can be written by missing not operartor:
if (pos2 = std::string::npos)
sarabandeCommented:
Before using buf verify that using:

if ( buf)
{
    ...
}

since there was an additional argument 'len' given, you better would check that len is big enough for to receive the data requested.

the chance that buf is NULL is vanishingly low compared to buf is not sufficiently sized.

Purpose of these statements:
by mistake
         if (len == (int)sizeof(MyData))
can be written missing single equal to operator "="
         if (len = (int)sizeof(MyData))
and compiler won't report that error.

that's wrong. any c++ compiler which is younger than 25 years would at least show a warning if you were using assignment operator= instead of operator==. if you set the option 'treat warnings as error' you never need to exchange the operands like in

if ( std::string::npos != pos2 ) 

Open in new window


what is badly readable and therefore error-prone and not recommended because of all that.

Sara
Murugesan NagarajanShell_script Automation /bin/bash /bin/bash.exe /bin/ksh /bin/mksh.exe AIX C C++ CYGWIN_NT HP-UX Linux MINGW32 MINGW64 SunOS Windows_NTCommented:
1. Answer was provided
2. Handled regular exceptions
3. Inactive for 14 days.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.