[C++] WINSOCK send hook.

I see a few people looking for information on winsock and WINAPI hooks in general.
Well, heres an easily modifiable inline hook, or trampoline hook.
It works quite simply by replacing the 5 byte preamble at the start of the target function (NOTE: in pre win-xp sp2 systems this will be 3 bytes, and not five, so that would need to be changed) with a jump to our function, doing whatever we need to do then jump back to the original code. However, because we’re replacing that preamble, for things to work we have to add those commands in our hook function.

winapihookdiagrampm3

C/C++ – Source Code
MSDN – send

Heres another breif example. I have a TV Card, made by winfast, it came with one of those remote controls. I wrote this to hook the monitor program and send keystrokes once button presses have been detected from the remote control:
[TV CARD HOOK] C – Source Code

Advertisements

~ by Rhys Mossom on July 27, 2008.

8 Responses to “[C++] WINSOCK send hook.”

  1. Finally some new stuff Rhys! Great job.
    This will probably help me a lot when i read it any time BUT 3am -_-“

  2. haha thanks.

  3. hello the source code link is broken…..

  4. Hi, works fine for me.
    http://theundead.atspace.com/Blog/Cplusplusssendhook.txt

  5. Heya Rhys! 🙂

    just wondering if you could recommend me a nice ASM tutorial, i know there are a lots of information out there but i need a professional’s voice. ;D

  6. Erm. I dunno about any tutorials. I just picked it up from decompiling and trial and error and just browsind around.
    but here, these have been great for reference. This is for x86 assembler:
    http://siyobik.info/index.php?module=x86
    http://www.intel.com/products/processor/manuals/index.htm

  7. I have a question about your hook. What if I wanted to break the connection temporarily between the module, and me?

  8. Hi Nikolai,
    Im not quite sure in what context you’re referring, but would simply calling the unhook procedure (changing 5 bytes around.) not suffice? Otherwise you could include a conditional statement in the actual hook after the preamble. If you wish to discuss it in more detail, please feel free to send me an email on somebastardstolemyname@gmail.com and I’ll try see to it as soon as possible.
    Rhys

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: