Jump to content
  • Advertisement
Sign in to follow this  

Hooking WSARecv

This topic is 3079 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm trying to hook WSARecv, and so far i did great.
I replaced the epilogue code of the original function with a JMP to my fake function.Now, when it comes to reading the data, seems that the data keeps repeating itself.Sometimes, my fake functions gets called twice, with the same data in the buffer.It is very strange, since i'm handling the buffer after everything is received.

Below is my fake function

class hook
static void WSARecv();
void __declspec(naked) oCHook::WSARecv()

static SOCKET s;
static LPWSABUF buf;
static DWORD dwReturn;

__asm mov dwReturn, eax

__asm push eax
__asm mov eax, [ebp + 8]
__asm mov s, eax
__asm mov eax, [ebp + 12]
__asm mov buf, eax
if(dwReturn >0)
pThis->_WSARecv(s, buf);
// pThis is a static member containing the instance of the parent class
// _WSARecv is the function that handles the data obtained by the hook.
// Now, for some reason _WSARecv gets called twice or even more times,
// having the same data in the buffer.
// What can be wrong?
__asm pop eax

__asm pop esi
__asm leave
__asm retn 0x1C00


Share this post

Link to post
Share on other sites
The buffer passed to WSARecv() is not a single structure, but an array of buffer structures. You need to look at the number of buffers provided and the size of each one to determine how much data was actually read off the socket.

Share this post

Link to post
Share on other sites
Sign in to follow this  

  • Advertisement

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!