Example #1
0
        // this is where we are intercepting all file accesses!
        public int send_Hooked(IntPtr socket_handle, IntPtr lpBuffer, int buflen, int flags)
        {
            preprocessHook();

            //String z = extractBufferAsString(lpBuffer, buflen < BUFFER_SAMPLE_LENGTH ? buflen : BUFFER_SAMPLE_LENGTH);
            String z = extractBufferAsString(lpBuffer, buflen);

            z.Replace("\r\n", " ");
            //Console.WriteLine(z);
            Console.WriteLine("ws2_32.send intercepted");
            Func <int, string, string> gen = null;

            gen = (num, symb) => num == 0?"":gen(num - 1, symb) + symb;
            //Console.WriteLine(gen(10,"<")+gen(10,">"));

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket_handle.ToInt32();
            transfer_unit[Color.Buffer] = z;

            int result = WS2_32Support.send(socket_handle, lpBuffer, buflen, flags);

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }
            return(result);
        }
Example #2
0
        // this is where we are intercepting all file accesses!
        public int connect_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen)
        {
            preprocessHook();

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket.ToInt32();

            // call original API...
            int result = WS2_32Support.connect(socket, lpSockAddr, namelen);

            transfer_unit[Color.Result] = result;

            //Discovered in opera. Connect returns -1. But opera sends data anyway through this socket.
            //So we disable error checking here
            //if (result != WS2_32Support.SOCKET_ERROR)
            makeCallBack(transfer_unit);
            //else {
            //    int error = WS2_32Support.WSAGetLastError();

            //    WS2_32Support.WSASetLastError(error);
            //}

            return(result);
        }
Example #3
0
        // this is where we are intercepting all file accesses!
        public int listen_Hooked(IntPtr socket, int backlog)
        {
            preprocessHook();

            // call original API...
            int          result        = WS2_32Support.listen(socket, backlog);
            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket.ToInt32();

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }

            return(result);
        }
Example #4
0
        // this is where we are intercepting all file accesses!
        public int bind_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen)
        {
            preprocessHook();

            // call original API...
            int result = WS2_32Support.bind(socket, lpSockAddr, namelen);

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket.ToInt32();

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }

            return(result);
        }
Example #5
0
        // this is where we are intercepting all file accesses!
        public IntPtr accept_Hooked(IntPtr socket, IntPtr lpSockAddr, IntPtr int_addrlen)
        {
            preprocessHook();

            // call original API...
            IntPtr       result        = WS2_32Support.accept(socket, lpSockAddr, int_addrlen);
            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.ListeningSocketHandle] = socket.ToInt32();
            transfer_unit[Color.Handle] = result.ToInt32();

            if (result.ToInt32() != WS2_32Support.INVALID_SOCKET)
            {
                makeCallBack(transfer_unit);
            }

            return(result);
        }
Example #6
0
        // this is where we are intercepting all file accesses!
        public int WSAConnect_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen, IntPtr lpCallerData, IntPtr lpCalleeData, IntPtr lpSQOS, IntPtr lpGQOS)
        {
            preprocessHook();

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket.ToInt32();

            // call original API...
            int result = WS2_32Support.WSAConnect(socket, lpSockAddr, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);

            transfer_unit[Color.Result] = result;

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }

            return(result);
        }
Example #7
0
        // this is where we are intercepting all file accesses!
        public int WSASend_Hooked(IntPtr socket_handle, IntPtr lpBuffers, Int32 dwBufferCount, ref Int32 lpNumberOfBytesSent, int flags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine)
        {
            preprocessHook();

            WS2_32Support.WSABUF[] buffers = new WS2_32Support.WSABUF[dwBufferCount];
            unsafe {
                WS2_32Support.WSABUF *lpbuffer = (WS2_32Support.WSABUF *)lpBuffers.ToPointer();
                for (int i = 0; i < dwBufferCount; i++)
                {
                    buffers[i] = lpbuffer[i];
                }
            }
            string z = "";

            for (int i = 0; i < dwBufferCount; i++)
            {
                z += AbstractHookDescription.extractBufferAsString(buffers[i].buf, (int)(buffers[i].len < BUFFER_SAMPLE_LENGTH ? buffers[i].len : buffers[i].len));
            }
            z.Replace("\r\n", " ");
            //Console.WriteLine(z);
            Console.WriteLine("ws2_32.WSASend intercepted");
            Func <int, string, string> gen = null;

            gen = (num, symb) => num == 0 ? "" : gen(num - 1, symb) + symb;
            //Console.WriteLine(gen(10, "<") + gen(10, ">"));

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket_handle.ToInt32();
            transfer_unit[Color.Buffer] = z;

            //call original API
            int result = WS2_32Support.WSASend(socket_handle, lpBuffers, dwBufferCount, ref lpNumberOfBytesSent, flags, lpOverlapped, lpCompletionRoutine);

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }
            return(result);
        }
Example #8
0
        // this is where we are intercepting all file accesses!
        public IntPtr WSASocket_Hooked(WS2_32Support.ADDRESS_FAMILIES af, WS2_32Support.SOCKET_TYPE socket_type, WS2_32Support.PROTOCOL protocol,
                                       IntPtr lpProtocolInfo, Int32 group, WS2_32Support.OPTION_FLAGS_PER_SOCKET dwFlags)
        {
            preprocessHook();

            // call original API...
            IntPtr socket_handle = WS2_32Support.WSASocketW(af, socket_type, protocol, lpProtocolInfo, group, dwFlags);

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.AddressFamily] = af;
            transfer_unit[Color.SocketType]    = socket_type;
            transfer_unit[Color.Protocol]      = protocol;
            transfer_unit[Color.Flags]         = dwFlags;
            transfer_unit[Color.Handle]        = socket_handle.ToInt32();

            if (socket_handle.ToInt32() != Kernel32Support.INVALID_HANDLE_VALUE)
            {
                makeCallBack(transfer_unit);
            }
            return(socket_handle);
        }