Jump to content
  • Advertisement
Sign in to follow this  
xilup

Hooking WSARecv

This topic is 2901 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm trying to hook WSARecv, and so far i did great.
I replaced the epilogue code of the original function with a JMP to my fake function.Now, when it comes to reading the data, seems that the data keeps repeating itself.Sometimes, my fake functions gets called twice, with the same data in the buffer.It is very strange, since i'm handling the buffer after everything is received.

Below is my fake function

class hook
{
.....
static void WSARecv();
.....
};
void __declspec(naked) oCHook::WSARecv()
{

static SOCKET s;
static LPWSABUF buf;
static DWORD dwReturn;

__asm mov dwReturn, eax

__asm push eax
__asm mov eax, [ebp + 8]
__asm mov s, eax
__asm mov eax, [ebp + 12]
__asm mov buf, eax
if(dwReturn >0)
pThis->_WSARecv(s, buf);
// pThis is a static member containing the instance of the parent class
// _WSARecv is the function that handles the data obtained by the hook.
// Now, for some reason _WSARecv gets called twice or even more times,
// having the same data in the buffer.
// What can be wrong?
__asm pop eax

__asm pop esi
__asm leave
__asm retn 0x1C00

}

Share this post


Link to post
Share on other sites
Advertisement
The buffer passed to WSARecv() is not a single structure, but an array of buffer structures. You need to look at the number of buffers provided and the size of each one to determine how much data was actually read off the socket.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!