{ Delphi Winsock Hooking Example by Aphex http://www.iamaphex.cjb.net unremote@knology.net
This example shows you how to hook winsock functions of a target process and control incomming and outgoing data. It is based on send and recv but it will work the same way applied to sendto and recvfrom.
The output file is a CPL (Control Panel Extension) which is simply a special DLL that is loaded when it is double clicked. This saves us from having to write a seperate loader for the hook library.
The example shows how to hook the needed functions and perform some simple manipulation of the data, using two different methods of accessing the data. The second, which uses pointers, is more flexible but also more complex. }
library Project1;
uses Windows, Winsock, SysUtils, madCodeHook;
{$R *.RES}
{$E CPL}
var sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; recvNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; DataSocket: TSocket;
const szTargetExe: string = ''''GAME.EXE'''';
function ConvertDataToAscii(Buffer: pointer; Length: Word): string; var Iterator: integer; AsciiBuffer: string; begin AsciiBuffer := ''''''''; for Iterator := 0 to Length - 1 do begin if char(pointer(integer(Buffer) + Iterator)^) in [#32..#127] then AsciiBuffer := AsciiBuffer + '''' '''' + char(pointer(integer(Buffer) + Iterator)^) + '''' '''' else AsciiBuffer := AsciiBuffer + '''' . ''''; end; Result := AsciiBuffer; end;
function ConvertDataToHex(Buffer: pointer; Length: Word): string; var Iterator: integer; HexBuffer: string; begin HexBuffer := ''''''''; for Iterator := 0 to Length - 1 do begin HexBuffer := HexBuffer + IntToHex(Ord(char(pointer(integer(Buffer) + Iterator)^)), 2) + '''' ''''; end; Result := HexBuffer; end;
function recvHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; var AsciiBuffer: string; HexBuffer: string; DataBuffer: pchar; begin //call the real winsock function Result := recvNextHook(s, Buf, len, flags); //allocate memory for our copy of the data GetMem(DataBuffer, Result); try //get our copy of the data CopyMemory(DataBuffer, @Buf, Result); //using the data as a byte array DataBuffer[0] := chr(10); //changing first byte DataBuffer[1] := chr(20); //changing second byte DataBuffer[2] := chr(30); //changing thrid byte //using the data as a pointer to other data sizes word(pointer(DataBuffer)^) := 10; //changing first 2 bytes dword(pointer(integer(DataBuffer) + 2)^) := 20; //changing next 4 bytes word(pointer(integer(DataBuffer) + 6)^) := 30; //changing next 2 bytes //overwrite the original data with our new data CopyMemory(@Buf, DataBuffer, Result); finally FreeMem(DataBuffer); end; //convert data to readable ascii suitable for logging AsciiBuffer := ConvertDataToAscii(@Buf, Result); //convert data to readable hex suitable for logging HexBuffer := ConvertDataToHex(@Buf, Result); end;
function sendHookProc(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; var AsciiBuffer: string; HexBuffer: string; DataBuffer: pchar; begin Result := 0; //save the socket so we can send data too DataSocket := s; //allocate memory for our copy of the data GetMem(DataBuffer, Result); try //get our copy of the data CopyMemory(DataBuffer, @Buf, Result); //using the data as a byte array DataBuffer[0] := chr(10); //changing first byte DataBuffer[1] := chr(20); //changing second byte DataBuffer[2] := chr(30); //changing thrid byte //using the data as a pointer to other data sizes word(pointer(DataBuffer)^) := 10; //changing first 2 bytes dword(pointer(integer(DataBuffer) + 2)^) := 20; //changing next 4 bytes word(pointer(integer(DataBuffer) + 6)^) := 30; //changing next 2 bytes //overwrite the original data with our new data CopyMemory(@Buf, DataBuffer, Result); finally FreeMem(DataBuffer); end; //convert data to readable ascii suitable for logging AsciiBuffer := ConvertDataToAscii(@Buf, Result); //convert data to readable hex suitable for logging HexBuffer := ConvertDataToHex(@Buf, Result); //call the real winsock function Result := sendNextHook(s, Buf, len, flags); end;
procedure EntryPoint(Reason: dword); stdcall; var lpFileName: array [0..MAX_PATH - 1] of char; StartInfo: TStartupInfo; ProcInfo: TProcessInformation; begin if Reason = DLL_PROCESS_ATTACH then begin //check if we are injected inside the target if lstrcmpi(pchar(Copy(ParamStr(0), Length(ParamStr(0)) - Length(szTargetExe) + 1, Length(szTargetExe))), pchar(szTargetExe)) = 0 then begin //if we are then we hook the needed functions DataSocket := 0; HookCode(@send, @sendHookProc, @sendNextHook); HookCode(@recv, @recvHookProc, @recvNextHook); end else begin //if not then load the target and inject ourself GetModuleFileName(hInstance, @lpFileName, MAX_PATH); ZeroMemory(@StartInfo, SizeOf(TStartupInfo)); ZeroMemory(@ProcInfo, SizeOf(TProcessInformation)); StartInfo.dwFlags := STARTF_USESHOWWINDOW; StartInfo.wShowWindow := SW_SHOW; CreateProcess(PChar(ExtractFilePath(lpFileName) + szTargetExe), nil, nil, nil, False, 0, nil, nil, StartInfo, ProcInfo); Sleep(3000); InjectLibrary(ProcInfo.hProcess, lpFileName); end; end; end;
begin DLLProc := @EntryPoint; EntryPoint(DLL_PROCESS_ATTACH); end.
注:本站部分文章源于互联网,版权归原作者所有!如有侵权,请原作者与本站联系,本站将立即删除! 本站文章除特别注明外均可转载,但需注明出处! [MinTao学以致用网] 
