WSock32 Hook send and recv Functions

最近开始研究应用层的Hook,但是由于时间紧迫,所以也没什么深入的东西。这个程序是基于《Windows Via C/C++》的基础上改出来的。所以所有的技术都是作者的,原理呢,就是这个原理了,这里只是hook了send和recv函数,其他的函数hook方式是一样的。自己改一下就可以了。

由于Hook功能作者已经封装成了一个类,因而用起来十分方便,这里是源代码(全部代码猛击此处下载):

/******************************************************************************
Module:  Wsock32Hook.cpp
Notices: Hook wsock32 send and recv functions
******************************************************************************/


#include "..\..\CommonFiles\CmnHdr.h"
#include 
#include 
#include 
#include "APIHook.h"

#define WSOCK32HOOKAPI extern "C" __declspec(dllexport)
#include "Wdll.h"
#include 


///////////////////////////////////////////////////////////////////////////////


// Prototypes for the hooked functions
typedef int (WINAPI *PFNSEND)(SOCKET s, char *buf, int len, int flags);

typedef int (WINAPI *PFNRECV)(SOCKET s, char *buf, int len, int flags);



extern CAPIHook g_Send;
extern CAPIHook g_Recv;


///////////////////////////////////////////////////////////////////////////////


// This function sends the Send data to our main dialog box
void SendLastMsgInfo(BOOL bUnicode,char *buf) {

		// Get Send Datas
		wchar_t szProcessPathname[MAX_PATH];
		GetModuleFileNameW(NULL, szProcessPathname, MAX_PATH);
		wchar_t sz[2048];
		StringCchPrintfW(sz, _countof(sz), bUnicode 
			? L"Send data: %s\n"
			: L"Send data: %s\n",
			buf);

		// Send the string to the main dialog box
		COPYDATASTRUCT cds = { 0, ((DWORD)wcslen(sz) + 1) * sizeof(wchar_t), sz };
		FORWARD_WM_COPYDATA(FindWindow(NULL, TEXT("Wsock32hook by obaby")), 
			NULL, &cds, SendMessage);
}

// This function sends the Recv data to our main dialog box
void RecvLastMsgInfo(BOOL bUnicode,char *buf) {

	// Get the Recv Datas
	wchar_t szProcessPathname[MAX_PATH];
	GetModuleFileNameW(NULL, szProcessPathname, MAX_PATH);
	wchar_t sz[2048];
	StringCchPrintfW(sz, _countof(sz), bUnicode 
		? L"Recv data: %s\n"
		: L"Recv data: %s\n",
		buf);

	// Send the string to the main dialog box
	COPYDATASTRUCT cds = { 0, ((DWORD)wcslen(sz) + 1) * sizeof(wchar_t), sz };
	FORWARD_WM_COPYDATA(FindWindow(NULL, TEXT("Wsock32hook by obaby")), 
		NULL, &cds, SendMessage);
}
///////////////////////////////////////////////////////////////////////////////


// This is the send replacement function
int WINAPI Hook_Send(SOCKET s, char *buf, int len, int flags) 
{

		// Call the original send function
		int nResult = ((PFNSEND)(PROC) g_Send)
			(s, buf, len, flags);

		// Send the information to the main dialog box
		SendLastMsgInfo(FALSE, buf);

		// Return the result back to the caller
		return(nResult);
}


///////////////////////////////////////////////////////////////////////////////


// This is the recv replacement function
int WINAPI Hook_Recv(SOCKET s, char *buf, int len, int flags) {

		// Call the original recv function
		int nResult = ((PFNRECV)(PROC) g_Recv)
			(s, buf, len, flags);

		// Send the information to the main dialog box
		RecvLastMsgInfo(FALSE, buf);

		// Return the result back to the caller
		return(nResult);
}


///////////////////////////////////////////////////////////////////////////////


// Hook the send and recv functions
CAPIHook g_Send("wsock32.dll", "send", 
	(PROC) Hook_Send);

CAPIHook g_Recv("wsock32.dll", "recv", 
	(PROC) Hook_Recv);

HHOOK g_hhook = NULL;


///////////////////////////////////////////////////////////////////////////////


static LRESULT WINAPI GetMsgProc(int code, WPARAM wParam, LPARAM lParam) {
	return(CallNextHookEx(g_hhook, code, wParam, lParam));
}


///////////////////////////////////////////////////////////////////////////////


// Returns the HMODULE that contains the specified memory address
static HMODULE ModuleFromAddress(PVOID pv) {

	MEMORY_BASIC_INFORMATION mbi;
	return((VirtualQuery(pv, &mbi, sizeof(mbi)) != 0) 
		? (HMODULE) mbi.AllocationBase : NULL);
}


///////////////////////////////////////////////////////////////////////////////


BOOL WINAPI Wsock32_HookAllApps(BOOL bInstall, DWORD dwThreadId) {

	BOOL bOk;

	if (bInstall) {

		chASSERT(g_hhook == NULL); // Illegal to install twice in a row

		// Install the Windows' hook
		g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, 
			ModuleFromAddress(Wsock32_HookAllApps), dwThreadId);

		bOk = (g_hhook != NULL);
	} else {

		chASSERT(g_hhook != NULL); // Can't uninstall if not installed
		bOk = UnhookWindowsHookEx(g_hhook);
		g_hhook = NULL;
	}

	return(bOk);
}


//////////////////////////////// End of File //////////////////////////////////

原创文章,转载请注明: 转载自 obaby@mars

本文标题: 《WSock32 Hook send and recv Functions》

本文链接地址: https://h4ck.org.cn/2011/01/wsock32-hook-send-and-recv-functions/

分享文章:

猜你喜欢:

一条评论

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注