各位大虾好,小弟有个问题要请教各位:
我写了个HOOK,是HOOK SDK中的recv(SOCKET s,char *buf,int len,int flags)函数的,现在的问题是我HOOK成功了,数据也截获了,但是怎么将截获的数据提交给原来的应用程序呢?
我的Recv函数如下:
//当调用SDK中的recv函数时,会改成调用我的这个函数
int _stdcall hook_receive(SOCKET s,char * buf,int len,int flags)
{
int nRet;
struct sockaddr_in m_remoteHostInformation;
int m_len; TRACE("进入hook_receive函数\n");
WaitForSingleObject( g_hReceiveEvent, INFINITE );
//恢复API头8个字节
WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_receiveAddress,
( void* )g_dwOldBytes[0], sizeof( DWORD )*2, NULL ); m_len=sizeof(m_remoteHostInformation); int msg=::getpeername(s,(struct sockaddr* )&m_remoteHostInformation,&m_len); TRACE("msg=%d\n",msg);
TRACE("远程计算机的IP是:%s\n",inet_ntoa(m_remoteHostInformation.sin_addr));
TRACE("远程计算机所用的端口为:%d\n",m_remoteHostInformation.sin_port);
//调用系统SDK的recv函数接受数据,当然这句应该放在本函数开头,这里不做讨论.
nRet=::recv(s,buf,len,flags);
TRACE("接收到的字节数nRet=%d\n",nRet);
TRACE("SOCKET=0x%8x\n",s);
TRACE("len=%d\n",len);//???????????????????????????????????????????????????????
/*
*如何将buf中的数据提交给它本来的进程呢?
*
*/
//????????????????????????????????????????????????????????
//写入跳转语句,继续Hook
WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_receiveAddress,
( void* )g_btNewBytes, sizeof( DWORD )*2, NULL );
SetEvent( g_hReceiveEvent );
return nRet;
}
我写了个HOOK,是HOOK SDK中的recv(SOCKET s,char *buf,int len,int flags)函数的,现在的问题是我HOOK成功了,数据也截获了,但是怎么将截获的数据提交给原来的应用程序呢?
我的Recv函数如下:
//当调用SDK中的recv函数时,会改成调用我的这个函数
int _stdcall hook_receive(SOCKET s,char * buf,int len,int flags)
{
int nRet;
struct sockaddr_in m_remoteHostInformation;
int m_len; TRACE("进入hook_receive函数\n");
WaitForSingleObject( g_hReceiveEvent, INFINITE );
//恢复API头8个字节
WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_receiveAddress,
( void* )g_dwOldBytes[0], sizeof( DWORD )*2, NULL ); m_len=sizeof(m_remoteHostInformation); int msg=::getpeername(s,(struct sockaddr* )&m_remoteHostInformation,&m_len); TRACE("msg=%d\n",msg);
TRACE("远程计算机的IP是:%s\n",inet_ntoa(m_remoteHostInformation.sin_addr));
TRACE("远程计算机所用的端口为:%d\n",m_remoteHostInformation.sin_port);
//调用系统SDK的recv函数接受数据,当然这句应该放在本函数开头,这里不做讨论.
nRet=::recv(s,buf,len,flags);
TRACE("接收到的字节数nRet=%d\n",nRet);
TRACE("SOCKET=0x%8x\n",s);
TRACE("len=%d\n",len);//???????????????????????????????????????????????????????
/*
*如何将buf中的数据提交给它本来的进程呢?
*
*/
//????????????????????????????????????????????????????????
//写入跳转语句,继续Hook
WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_receiveAddress,
( void* )g_btNewBytes, sizeof( DWORD )*2, NULL );
SetEvent( g_hReceiveEvent );
return nRet;
}
截获的ip包里有目的地址和目的端口,把数据包发过去
光发数据包就可以吗? 如何解析? 顺利问 呵呵~
然后在拦截函数里用CreateMapFile指定名字为share来打开该映射内存,如果有多个进程同时要往里写数据的话,最好再创建个互斥体来调节以下他们的顺序。
比如在你的拦截函数中:
HANDLE hHookMainAliveEvent = pfnCreateEvent(NULL, TRUE, TRUE, szHookMainAliveEvent); //这里就是你创建的内存隐射的名字,
pfnWriteProcessMemory(CurrentProcessHandle, Rpm->lpFunAddr, (LPCVOID)Rpm->szOldCode, 12, NULL);//直接往里写你拦截到的数据就可以了。具体可以到我的blog看看去吧。