ErrorMaker Newbie cheater Reputation: 0
Joined: 25 Jun 2010 Posts: 21
|
Posted: Wed Sep 18, 2013 10:16 am Post subject: C# EasyHook ws2_32.dll WSARecv |
|
|
Hello CEF
I'm trying to get all data from WSARecv function of ws2_32.dll using EasyHook (inject into firefox.exe)
I get the data but they look weird, like this:
Data of the hooked send function are ok.
This is my wsarecv hooked function:
Code: | private static int wsarecv_Hooked(IntPtr socketHandle, ref NativeSocketMethod.WSABuffer buf, int count, IntPtr bytesTransferred, int socketFlags, IntPtr overlapped, IntPtr completionRoutine)
{
if (Interface != null)
{
int bytesCount = 0;
try
{
bytesCount = buf.len;
if (bytesCount > 0)
{
byte[] newBuffer = new byte[bytesCount];
Marshal.Copy(buf.buf, newBuffer, 0, bytesCount);
string s = System.Text.ASCIIEncoding.ASCII.GetString(newBuffer);
File.AppendAllText("C:\\hook.txt", "WSARecv: " + "\r\n" + s + "\r\n");
}
}
catch
{
Interface.LogToScreen("WSARecv error");
}
}
return NativeSocketMethod.WSARecv(socketHandle, ref buf, count, bytesTransferred, socketFlags, overlapped, completionRoutine);
} |
And this is the structure of WSABuffer:
Code: | [StructLayout(LayoutKind.Sequential)]
public struct WSABuffer
{
internal Int32 len;
// Length of Buffer
internal IntPtr buf;
// Pointer to Buffer
} |
What am I doing wrong?
Thanks in advance
- ErrorMaker
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Sep 18, 2013 5:01 pm Post subject: |
|
|
You are reading the buffer before you have received data into that buffer
Also, a secondary problem is that if it's an overlapped recv operation then you must hook(override) the completionroutine, else you will read the buffer before the read is done
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|