// this is where we are intercepting all file accesses! public int send_Hooked(IntPtr socket_handle, IntPtr lpBuffer, int buflen, int flags) { preprocessHook(); //String z = extractBufferAsString(lpBuffer, buflen < BUFFER_SAMPLE_LENGTH ? buflen : BUFFER_SAMPLE_LENGTH); String z = extractBufferAsString(lpBuffer, buflen); z.Replace("\r\n", " "); //Console.WriteLine(z); Console.WriteLine("ws2_32.send intercepted"); Func <int, string, string> gen = null; gen = (num, symb) => num == 0?"":gen(num - 1, symb) + symb; //Console.WriteLine(gen(10,"<")+gen(10,">")); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket_handle.ToInt32(); transfer_unit[Color.Buffer] = z; int result = WS2_32Support.send(socket_handle, lpBuffer, buflen, flags); if (result != WS2_32Support.SOCKET_ERROR) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public int connect_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen) { preprocessHook(); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket.ToInt32(); // call original API... int result = WS2_32Support.connect(socket, lpSockAddr, namelen); transfer_unit[Color.Result] = result; //Discovered in opera. Connect returns -1. But opera sends data anyway through this socket. //So we disable error checking here //if (result != WS2_32Support.SOCKET_ERROR) makeCallBack(transfer_unit); //else { // int error = WS2_32Support.WSAGetLastError(); // WS2_32Support.WSASetLastError(error); //} return(result); }
// this is where we are intercepting all file accesses! public int listen_Hooked(IntPtr socket, int backlog) { preprocessHook(); // call original API... int result = WS2_32Support.listen(socket, backlog); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket.ToInt32(); if (result != WS2_32Support.SOCKET_ERROR) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public int bind_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen) { preprocessHook(); // call original API... int result = WS2_32Support.bind(socket, lpSockAddr, namelen); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket.ToInt32(); if (result != WS2_32Support.SOCKET_ERROR) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public IntPtr accept_Hooked(IntPtr socket, IntPtr lpSockAddr, IntPtr int_addrlen) { preprocessHook(); // call original API... IntPtr result = WS2_32Support.accept(socket, lpSockAddr, int_addrlen); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.ListeningSocketHandle] = socket.ToInt32(); transfer_unit[Color.Handle] = result.ToInt32(); if (result.ToInt32() != WS2_32Support.INVALID_SOCKET) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public int WSAConnect_Hooked(IntPtr socket, IntPtr lpSockAddr, int namelen, IntPtr lpCallerData, IntPtr lpCalleeData, IntPtr lpSQOS, IntPtr lpGQOS) { preprocessHook(); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket.ToInt32(); // call original API... int result = WS2_32Support.WSAConnect(socket, lpSockAddr, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS); transfer_unit[Color.Result] = result; if (result != WS2_32Support.SOCKET_ERROR) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public int WSASend_Hooked(IntPtr socket_handle, IntPtr lpBuffers, Int32 dwBufferCount, ref Int32 lpNumberOfBytesSent, int flags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine) { preprocessHook(); WS2_32Support.WSABUF[] buffers = new WS2_32Support.WSABUF[dwBufferCount]; unsafe { WS2_32Support.WSABUF *lpbuffer = (WS2_32Support.WSABUF *)lpBuffers.ToPointer(); for (int i = 0; i < dwBufferCount; i++) { buffers[i] = lpbuffer[i]; } } string z = ""; for (int i = 0; i < dwBufferCount; i++) { z += AbstractHookDescription.extractBufferAsString(buffers[i].buf, (int)(buffers[i].len < BUFFER_SAMPLE_LENGTH ? buffers[i].len : buffers[i].len)); } z.Replace("\r\n", " "); //Console.WriteLine(z); Console.WriteLine("ws2_32.WSASend intercepted"); Func <int, string, string> gen = null; gen = (num, symb) => num == 0 ? "" : gen(num - 1, symb) + symb; //Console.WriteLine(gen(10, "<") + gen(10, ">")); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.Handle] = socket_handle.ToInt32(); transfer_unit[Color.Buffer] = z; //call original API int result = WS2_32Support.WSASend(socket_handle, lpBuffers, dwBufferCount, ref lpNumberOfBytesSent, flags, lpOverlapped, lpCompletionRoutine); if (result != WS2_32Support.SOCKET_ERROR) { makeCallBack(transfer_unit); } return(result); }
// this is where we are intercepting all file accesses! public IntPtr WSASocket_Hooked(WS2_32Support.ADDRESS_FAMILIES af, WS2_32Support.SOCKET_TYPE socket_type, WS2_32Support.PROTOCOL protocol, IntPtr lpProtocolInfo, Int32 group, WS2_32Support.OPTION_FLAGS_PER_SOCKET dwFlags) { preprocessHook(); // call original API... IntPtr socket_handle = WS2_32Support.WSASocketW(af, socket_type, protocol, lpProtocolInfo, group, dwFlags); TransferUnit transfer_unit = createTransferUnit(); transfer_unit[Color.AddressFamily] = af; transfer_unit[Color.SocketType] = socket_type; transfer_unit[Color.Protocol] = protocol; transfer_unit[Color.Flags] = dwFlags; transfer_unit[Color.Handle] = socket_handle.ToInt32(); if (socket_handle.ToInt32() != Kernel32Support.INVALID_HANDLE_VALUE) { makeCallBack(transfer_unit); } return(socket_handle); }