In Delphi, I don't understand C code, and I don't understand which.
Just write to implement hook send in delphi (including the Hook to the package, send your own package)
Simulate WSOCKEXPERT, use APIHOOK
I don't know if you have used WSOCKEXPERT, it can be used to intercept the transmission of the specified process network data.
I thought it was to change the DLL from the real-time remote injection of DLL. However, I later found that when the program was running,
It has already inserted the DLL into all processes, which is similar to the simulation socketcap written by Ice brother.
It seems to be injecting the DLL into all processes, but think again, if this is the case, then the procedure launched
Should not be injected into the DLL (unless used ^ _ ^, this is too much trouble), considering these, I estimate it is
Hook, use hook, there is a convenience: Don't consider there is any problem with reading and writing.
Some troublesome.
I simulated a similar program in the BCB environment, insert DLL into all through hook
Process, then intercepted Winsock API. In the middle, I have encountered some problems, refer to Ice brother's Sockcap and
Eyas's big brother's Xhook. A backup of the original DLL in Xhook, not before the API is executed
Restore the API address, but directly call the backup function, which improves the execution efficiency. Is powerful, :-)
After another change, put a simple demonstration first, you can modify the extension of it:
DLL code:
/ / -------------------------------------------------------------------------------------------- ---------------------------
// Mady by Zwell
// 2004.8
// zwell@sohu.com
/ / -------------------------------------------------------------------------------------------- ---------------------------
#include
#include
#pragma argsused
/ / Customize APIHOOK Structure
Typedef struct
{
FarProc Funcaddr;
Byte OldData [5];
Byte newdata [5];
} Hookstruct;
HHOOK G_HHOOK;
Hinstance g_hinstdll;
HModule HModule;
Handle g_hform; // Receive information window handle
DWORD DWIDOLD, DWIDNEW;
/ / -------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
// Due to the function of two libraries, each function defines two hook structures.
// During the programming process, because of this problem, many packages have not intercepted,
// Later I thought that I broke two times in the program of imitation SOCKCAP.
// One is WSOCK32.DLL, one is WS2_32.dll
/ / -------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
Hookstruct recapi;
Hookstruct recapi1;
Hookstruct sendapi;
Hookstruct sendapi1;
Hookstruct sendtoAPI;
Hookstruct sendtoapi1;
Hookstruct wsasendapi;
Void hookon ();
Void hookoff ();
BOOL init ();
Extern "C" __DECLSPEC (DLLEXPORT) __STDCALL
Bool installhook ();
Extern "C" __DECLSPEC (DLLEXPORT) __stdcallbool uninstallhook ();
Bool Hookapi (Char * Dllname, Char * Procname, DWORD Myfuncaddr, Hookstruct * Hookfunc);
Int WinApi MyRecv (Socket S, Char Far * BUF, INT LEN, INT FLAGS;
Int WinApi MyRecv1 (Socket S, Char Far * BUF, INT LEN, INT FLAGS);
Int WinApi Mysend (Socket S, Char Far * BUF, INT LEN, INT FLAGS);
Int WinApi Mysend1 (Socket S, Char Far * BUF, INT LEN, INT FLAGS);
Int WinApi Mysendto (Socket S, Const Char Far * BUF, INT LEN,
INT FLAGS, Const struct sockaddr far * to, int toolen;
Int WinApi Mysendto1 (Socket S, Const Char Far * BUF, INT LEN,
INT FLAGS, Const struct sockaddr far * to, int toolen;
INT WINAPI MYWSASEND (
Socket S,
LPWSABUF LPBUFFERS,
DWORD DWBUFFERCOUNT,
LPDWORD LPNUMBEROFBYTESSENT,
DWORD DWFLAGS,
LPWSAOVERLAPPED LPOVERLAPPED,
LPWSAOVERLAPPED_COMPLETION_ROUTINE LPCOMPLETIONROUTINE
);
Void Sndmsg (Char * BUF);
/ / -------------------------------------------------------------------------------------------- ---------------------------
// Entrance function
/ / API interception is performed when it is loaded
/ / Restore during release
/ / -------------------------------------------------------------------------------------------- ---------------------------
Int WinApi DLLENTRYPOINT (Hinstance Hinst, Unsigned Long Reason, Void * LPRESERVED)
{
Switch (REASON)
{
Case DLL_Process_attach:
g_hinstdll = hinst;
g_hform = FindWindow (NULL, ZWELL ");
if (! init ())
{
MessageBoxa (NULL, INIT "," Error ", MB_OK;
Return (False);
}
Break;
Case DLL_THREAD_ATTACH:
Break;
Case DLL_THREAD_DETACH:
Break;
Case DLL_PROCESS_DETACH:
Uninstallhook ();
Break;
}
Return True;
}
/ / -------------------------------------------------------------------------------------------- -----------------------
BOOL init ()
{
HookApi ("Wsock32.dll", "RECV", (DWORD) MyRecv, & Recvapi;
HookApi ("WS2_32.dll", "Recv", (DWORD) MyRecv1, & Recvapi1); Hookapi ("Wsock32.dll", "Send", (DWORD) MySend, & Sendapi;
HookApi ("WS2_32.dll", "Send", (DWORD) Mysend1, & sendapi1);
Hookapi ("WSOCK32.DLL", "Sendto", (DWORD) Mysendto, & SendtoApi;
HookApi ("WS2_32.dll", "Sendto", (DWORD) Mysendto1, & SendtoAPI1);
Hookapi ("wsock32.dll", "wsasend", (dword) mywsasend, & wsasendapi;
DWidNew = getCurrentProcessId (); // Get the ID of the affix
dwidold = dwidnew;
Hookon (); // Start interception
Return (TRUE);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
LResult WinApi Hook (int Ncode, WPARAM WPARAM, LPARAM LPARAM)
{
Return (CallNexthookex (G_HHHOOK, NCODE, WPARAM, LPARAM);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Extern "C" __DECLSPEC (DLLEXPORT) __STDCALL
Bool installhook ()
{
g_hook = setWindowshookex (WH_GetMessage, (HookProc) hook, g_hinstdll, 0);
IF (! g_hhook)
{
MessageBoxa (Null, "Set Error", "Error", MB_OK;
Return (False);
}
Return (TRUE);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Extern "C" __DECLSPEC (DLLEXPORT) __STDCALL
BOOL Uninstallhook ()
{
Hookoff ();
IF (g_hhook == null)
Return True;
Return (UnHookWindowshookex (g_hhook);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
/ / Intercept API according to the input structure
/ / -------------------------------------------------------------------------------------------- ---------------------------
Bool Hookapi (Char * Dllname, Char * Procname, DWORD Myfuncaddr, Hookstruct * Hookfunc)
{
HModule = loadingLibrary (DLLNAME);
hookfunc-> funcaddr = getProcaddress (hmodule, procname); if (hookfunc-> funcaddr == null)
Return False;
Memcpy (hookfunc-> olddata, hookfunc-> funcaddr, 6);
Hookfunc-> newdata [0] = 0xE9;
DWORD JMPADDR = Myfuncaddr - (DWORD) HOOKFUNC-> Funcaddr - 5;
Memcpy (& Hookfunc-> NewData [1], & JMPAddr, 5);
Return True;
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void Hookonone (Hookstruct * Hookfunc)
{
Handle hproc;
dwidold = dwidnew;
Hproc = OpenProcess (Process_all_access, 0, dwidold);
VirtualProtectex (HProc, Hookfunc-> Funcaddr, 5, Page_Readwrite, & dwidold);
WriteProcessMemory (HProc, hookfunc-> funcaddr, hookfunc-> newdata, 5, 0);
VirtualProtectex (HPROC, HOOKFUNC-> Funcaddr, 5, dwidold, & dwidold);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void hookon ()
{
Hookonone (& Recvapi);
Hookonone (& Sendapi);
Hookonone (& SendToApi);
Hookonone (& Recvapi1);
Hookonone (& Sendapi1);
Hookonone (& SendtoAPI1);
Hookonone (& WSasendApi);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void Hookoffone (Hookstruct * Hookfunc)
{
Handle hproc;
dwidold = dwidnew;
Hproc = OpenProcess (Process_all_access, 0, dwidold);
VirtualProtectex (HProc, Hookfunc-> Funcaddr, 5, Page_Readwrite, & dwidold);
WriteProcessMemory (HProc, hookfunc-> funcaddr, hookfunc-> Olddata, 5, 0);
VirtualProtectex (HPROC, HOOKFUNC-> Funcaddr, 5, dwidold, & dwidold);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void hookoff ()
{
Hookoffone (& Recvapi);
Hookoffone (& Sendapi);
Hookoffone (& SendtoAPI);
Hookoffone (& Recvapi1); Hookoffone (& Sendapi1);
Hookoffone (& SendtoAPI1);
Hookoffone (& Wsasendapi);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Int WinApi MyRecv (Socket S, CHAR FAR * BUF, INT LEN, INT FLAGS)
{
Int nreturn;
Hookoffone (& Recvapi);
NRETURN = RECV (S, BUF, LEN, FLAGS);
Hookonone (& Recvapi);
Char * tmpbuf = new char [len 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "RECV |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Int WinApi MyRecv1 (Socket S, Char Far * BUF, INT LEN, INT FLAGS)
{
Int nreturn;
Hookoffone (& Recvapi1);
NRETURN = RECV (S, BUF, LEN, FLAGS);
Hookonone (& Recvapi1);
Char * tmpbuf = new char [len 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "RECV1 |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Int WinApi Mysend (Socket S, Char Far * BUF, INT LEN, INT FLAGS)
{
Int nreturn;
Hookoffone (& Sendapi);
NRETURN = Send (S, BUF, LEN, FLAGS);
Hookonone (& Sendapi);
Char * tmpbuf = new char [len 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "Send |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Int WinApi Mysend1 (Socket S, CHAR FAR * BUF, INT LEN, INT FLAGS)
{
Int nreturn;
Hookoffone (& sendapi1);
NRETURN = Send (S, BUF, LEN, FLAGS);
Hookonone (& sendapi1); char * TMPBUF = New char [g 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "Send1 |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ----------------------------
Int WinApi Mysendto (Socket S, Const Char Far * BUF, INT LEN,
Int Flags, Const Struct Sockaddr Far * To, Int Tolen
{
Int nreturn;
Hookoffone (& SendtoAPI);
NRETURN = Sendto (S, BUF, LEN, FLAGS, TO, TOLEN);
Hookonone (& SendToApi);
Char * tmpbuf = new char [len 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "Sendto |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ----------------------------
Int WinApi Mysendto1 (Socket S, Const Char Far * BUF, INT LEN,
Int Flags, Const Struct Sockaddr Far * To, Int Tolen
{
Int nreturn;
Hookoffone (& SendtoAPI1);
NRETURN = Sendto (S, BUF, LEN, FLAGS, TO, TOLEN);
Hookonone (& SendtoAPI1);
Char * tmpbuf = new char [len 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "Sendto1 |% D |% D |% S",
GetCurrentProcessid (),
Len,
BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- ----------------------------
INT WINAPI MYWSASEND (
Socket S,
LPWSABUF LPBUFFERS,
DWORD DWBUFFERCOUNT,
LPDWORD LPNUMBEROFBYTESSENT,
DWORD DWFLAGS,
LPWSAOVERLAPPED LPOVERLAPPED,
LPWSAOVERLAPPED_COMPLETION_ROUTINE LPCOMPLETIONROUTINE
)
{
Int nreturn;
Hookoffone (& Wsasendapi);
nreturn = Wsasend (s, lpbuffers, dwbuffercount,
LPNumberofbytessent, dwflags, lpoverlapped, lpcompletionroutine; hookonone; & wsasendapi;
Char * tmpbuf = new char [* lpnumberofbytessent 100];
Memset (TMPBUF, 0, SIZEOF (TMPBUF));
Sprintf (TMPBUF, "WSasend |% D |% D |% S",
GetCurrentProcessid (),
lpnumberofbytessent,
LPBUFFERS-> BUF);
SNDMSG (TMPBUF);
Delete TmpBuf;
Return (Nreturn);
}
/ / -------------------------------------------------------------------------------------------- -----------------
/ / Send a message to the window
// Taking the simplicity, use a CopyDataStruct structure
// You should be a little faster with memory mapping
/ / -------------------------------------------------------------------------------------------- -----------------
Void Sndmsg (Char * BUF)
{
CopyDataStruct CDS;
Cds.dwdata = sizeof (copyDataStruct);
Cds.cbdata = Strlen (buf);
CDS.LPDATA = BUF;
SendMessage (G_HForm, WM_CopyData, (WPARAM) NULL, (LPARAM) & CDS);
}
Main form code:
/ / -------------------------------------------------------------------------------------------- ---------------------------
#include
#pragma HDRSTOP
#include "main_form.h"
/ / -------------------------------------------------------------------------------------------- ---------------------------
#pragma package (smart_init)
#pragma link "HEXEDIT"
#pragma resource "* .dfm"
TFORM1 * FORM1;
Hinstance HDLL;
BOOL __STDCALL (* installhook) ();
BOOL __STDCALL (* Uninstallhook) ();
/ / -------------------------------------------------------------------------------------------- ---------------------------
__fastcall tform1 :: tform1 (tComponent * Owner)
: TFORM (OWNER)
{
Application-> onhint = displayhint;
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: button1click (Tobject * Sender)
{
g_dindex = 0;
HDLL = LoadLibrary ("dll.dll");
IF (HDLL == NULL)
MessageBox (Null, "LoadLibrary", "Error", MB_OK | MB_ICONEROR);
Installhook = GetProcaddress (HDLL, "Installhook";
IF (! installhook) {
MessageBox (Null, "Installhook", "Error", MB_OK | MB_ICONERROR);
}
Uninstallhook = GetProcaddress (HDLL, "Uninstallhook");
IF (! uninstallhook)
{
MessageBox (Null, "Uninstallhook", "Error", MB_OK | MB_ICONERROR);
}
INSTALLHOK ();
STARTBTN-> enabled = false;
STOPBTN-> enabled = true;
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: button2click (Tobject * Sender)
{
g_dindex = 0;
Uninstallhook ();
Freelibrary (HDLL);
STARTBTN-> enabled = true;
Stopbtn-> enabled = false;
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: oncopydata (tMessage & MSG)
{
CopyDataStruct * CDS = (copyDataStruct *) msg.lparam;
Ansistring TmpBuf = (char *) CDS-> LPDATA;
TLISTITEM * Li = lv-> items-> add ();
Li-> CAPTION = g_dindex;
IF (TMPBUF.SUBSTRING (1, TmpBuf.pos ("|") - 1) .pos ("send")> 0)
{
Li-> imageIndex = 1;
}
Else
{
Li-> imageIndex = 0;
}
Li-> Subitems-> Add (TmpBuf.Substring (1, TmpBuf.pos ("|") - 1));
TmpBuf = tmpbuf.substring (TmpBuf.pos ("|") 1, TmpBuf.Length ());
Li-> Subitems-> Add (TmpBuf.Substring (1, TmpBuf.pos ("|") - 1));
TmpBuf = tmpbuf.substring (TmpBuf.pos ("|") 1, TmpBuf.Length ());
Li-> Subitems-> Add (TmpBuf.Substring (1, TmpBuf.pos ("|") - 1));
Li-> Subitems-> Add (TmpBuf.Substring (TmpBuf.POS ("|") 1, TmpBuf.Length ()))));
}
Void __fastcall tform1 :: lvinsert (TOBJECT * ITER, TLISTITEM * ITEM)
{
g_dindex ;
LV-> Perform (LVM_Scroll, 0, 10);
}
/ / -------------------------------------------------------------------------------------------- --------------------------- void __fastcall tform1 :: lvclick (Tobject * Sender)
{
IF (lv-> itemindex <0)
Return;
HEXEDIT1-> LoadFromBuffer (lv-> items-> item [lv-> itemindex] -> Subitems-> strings [3] .c_str (),
LV-> items-> item [lv-> itemindex] -> Subitems-> strings [3] .length ());
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: spesedbutton3click (TOBJECT * SENDER)
{
LV-> clear ();
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: formclose (Tobject * Sender, Tclosection & Action)
{
IF (stopbtn-> enabled)
Button2Click (Sender);
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: lvadvancedcustomDrawItem (tcustomlistview * sender,
TListItem * Item, TcustomDrawState State, TcustomDrawStage Stage,
Bool & Defaultdraw)
{
IF (item-> imageindex == 0)
{
LV-> canvas-> brush-> color = 0x00FFF5EC;
}
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: lvkeyup (TOBJECT * Sender, Word & Key,
TshiftState Shift)
{
IF (lv-> itemindex <0)
Return;
HEXEDIT1-> LoadFromBuffer (lv-> items-> item [lv-> itemindex] -> Subitems-> strings [3] .c_str (),
LV-> items-> item [lv-> itemindex] -> Subitems-> strings [3] .length ());
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Void __fastcall tform1 :: displayHint (TOBJECT * SENDER)
{
STATUSBAR1-> SimpleText = getlonghint (Application-> Hint);
}
