Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Winsock Hooking

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Xyal
How do I cheat?
Reputation: 0

Joined: 26 Aug 2007
Posts: 3

PostPosted: Sat Feb 16, 2008 10:38 am    Post subject: Winsock Hooking Reply with quote

So I decided to write a packet sniffer/editor that works by utilizing a system wide hook of the Winsock send/recv functions. I don't plan to support WSA* functions from Winsock 2.

I want to be able to filter packets by process among other things such as src/dest ports, protocol and what not. I'm stumped however, on how to filter by process.

I can only think of doing this by scanning memory or perhaps reading the stack to find out where the api call returns to and checking if its within selected process memory. Any other methods or ideas on how to do this would be appreciated.

P.S. I realize for things like src/dest port filtering and the like I may have to utilize a lower level method of capturing packets to obtain access to the tcp header. A library such as libpcap for the win32 platform for example would probably work.

Regards,
--
Xyal.
Back to top
View user's profile Send private message
samuri25404
Grandmaster Cheater
Reputation: 7

Joined: 04 May 2007
Posts: 957
Location: Why do you care?

PostPosted: Sat Feb 16, 2008 1:24 pm    Post subject: Reply with quote

1) How the hell did you get to post in here?

2) Read the rules--NO REQUESTS

_________________
Wiccaan wrote:

Oh jeez, watchout I'm a bias person! Locked.


Auto Assembly Tuts:
In Depth Tutorial on AA
Extended
Back to top
View user's profile Send private message
benlue
Moderator
Reputation: 0

Joined: 09 Oct 2006
Posts: 2142

PostPosted: Sat Feb 16, 2008 8:44 pm    Post subject: Reply with quote

Moved back to the normal section.
Back to top
View user's profile Send private message
MasterChief
Grandmaster Cheater Supreme
Reputation: 0

Joined: 07 Dec 2006
Posts: 1208
Location: Texas

PostPosted: Sat Feb 16, 2008 9:50 pm    Post subject: Reply with quote

if your PE is for MS i was thinking to use winpcap over winsock, but i could be wrong.
_________________
Back to top
View user's profile Send private message Yahoo Messenger
atom0s
Moderator
Reputation: 137

Joined: 25 Jan 2006
Posts: 7290
Location: 127.0.0.1

PostPosted: Sun Feb 17, 2008 1:43 pm    Post subject: Reply with quote

KSBunker wrote a wrapper for wsock32.dll which you can find here:
http://www.extalia.com/forums/viewtopic.php?f=56&t=2769

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Sat Nov 29, 2008 2:53 pm    Post subject: Reply with quote

Hook the socket() function to call GetCurrentProcessId and create a system-wide table mapping sockets to their owners. Then in send and recv check if the socket being used belongs to a process for which hooking is desired. A driver to manage the table would probably be needed (to prune it and such).
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5804

PostPosted: Sat Nov 29, 2008 4:21 pm    Post subject: Reply with quote

Wow, noggie

way to bump the worlds oldest post.
Back to top
View user's profile Send private message
GMZorita
Grandmaster Cheater Supreme
Reputation: 0

Joined: 21 Mar 2007
Posts: 1362

PostPosted: Sat Nov 29, 2008 4:25 pm    Post subject: Reply with quote

slovach wrote:
Wow, noggie

way to bump the worlds oldest post.

Not really =D
http://forum.cheatengine.org/viewtopic.php?t=2

_________________
Gone
Back to top
View user's profile Send private message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Sat Nov 29, 2008 7:09 pm    Post subject: Reply with quote

Well its a cool idea Razz
And 7 months isn't that bad, I remember when Dinosaur was bumping threads from years and years ago.
Plus it was already in the front of a forum - http://forum.cheatengine.org/viewforum.php?f=47

_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites