开发者

Winsock2 recv() hook into a remote process

I was trying to hook a custom recv() winsock2.0 method to a remote process, so that my function executes instead of the one in the process, i have been googling this and i found some really good example, but they lack description

typedef (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = recv;

Now my question is, what does开发者_如何学JAVA this mean, or does, is this some sort of a pointer to the real recv() function?

And then the other piece of code for the custom function

int WINAPI Cus_Recv( SOCKET s, char *buf, int len, int flags ) 
{
    printf("Intercepted a packet");

    return WSAREC( s, buf, len, flags ); // <- What is this?
}

Sorry if these questions sound really basic, i only started learning 2 or 3 weeks ago. Thanks.


where did you find such an example ?

the first line tries to define a new type WSAREC, which is a pointer to a function having the same signature as recv(). unfortunately, it is also trying to declare a variable of this type to store the address of the recv() function. the typedef is wrong since the function is lacking a return type. so it does not compile under Visual Studio 2003.

you may have more luck using:

int (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = &recv;

which declares only a variable of type "pointer to function", which stores the address of the recv().

now the second snippet is a function which has the same signature as the recv()function, which prints a message, then calls the original recv() through the function pointer declared above.

the code here only shows how to call a function through a pointer: it does not replace anything in the current process.

also, i am not sure you can interfere with another process and replace one function at your will. it would be a great threat to the security of the system. but why would you do that in the first place ??

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜