1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

hooking send() and call the original

Discussion in 'C' started by yoni1993, Nov 24, 2007.

  1. yoni1993

    yoni1993 New Member

    Joined:
    Nov 24, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    i detoured the send() with success, and in my detoured function i want to call the ORIGINAL function !

    How to do it if the original itself get hooked, its will go into a loop !

    Code:
    void *DetourFunc(BYTE *src, const BYTE *dst, const int len)
    {
    	BYTE *jmp = (BYTE*)malloc(len+5);
    	DWORD dwback;
    
    	VirtualProtect(src, len, PAGE_READWRITE, &dwback);
    
    	memcpy(jmp, src, len);	jmp += len;
    	
    	jmp[0] = 0xE9;
    	*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
    
    	src[0] = 0xE9;
    	*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
    
    	VirtualProtect(src, len, dwback, &dwback);
    
    	return (jmp-len);
    }
    
    int WINAPI mysend(SOCKET s,	const char* buf, int len, int flags)
    {
    	MessageBox(NULL, buf, "I caught a packet :) !!!", NULL);
    	send(s, buf, len, flags);
    	return 1;
    }
    
    BOOL APIENTRY DllMain( HMODULE hModule,
                           DWORD  ul_reason_for_call,
                           LPVOID lpReserved
    					 )
    {
    	DisableThreadLibraryCalls(hModule);
    
    	hMod = LoadLibrary("ws2_32.dll");
    		
    	DetourFunc((BYTE*)GetProcAddress(hMod, "send"), (BYTE*)mysend,2);
    
        return TRUE;
    }
    
    im new here, i hope that members can help me.
    thank you
     

Share This Page