 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DrGamut
Newbie cheater
![]() Reputation: 0
Joined: 14 Feb 2006
Posts: 10
|
 Posted: Mon Mar 01, 2010 3:50 pm Post subject: [C++] Hooking ws2_32.dll's recv() and overwriting the buffer |
 |
|
I have written a DLL for injecting into a target process that uses MS Detours 2.1 library to hook send() and recv() in ws2_32.dll.
The send hook works fine and as expected. The recv() hook however, does not. When I modify the buffer in my replacement function before handing control back to the actual recv() function, it has no effect. The bytes appear to be there in the buffer and I can read them, but changing them doesn't do anything at all.
I've also tried allocating memory for my own buffer, copying the buffer passed to recv() into my allocated buffer, and passing the pointer to my own buffer back to recv() when returning control. But this seems to prevent the process from receiving packets entirely.
What is the correct way to approach this? Thanks.
Here are two examples of my replacement function for recv(), neither work.
This code seems to disable the injected processes's ability to receive packets:
| Code: | int WINAPI Mine_Recv( SOCKET s, char *buf, int len, int flags ) {
int ret, error;
wchar_t dbgmsg[50];
memcpy(mybuf,buf,len); //mybuf is a static char pointer to memory malloc()'d on DLL_PROCESS_ATTACH.
ret = Real_Recv( s, mybuf, len, flags );
if (ret == SOCKET_ERROR)
{
error = WSAGetLastError();
swprintf(dbgmsg,50,L"Socket Error: %d", error);
OutputDebugString(dbgmsg);
}
return ret;
} |
This code does absolutely nothing, despite reinitializing the entire buffer to 0 before passing control back to recv():
| Code: | int WINAPI Mine_Recv( SOCKET s, char *buf, int len, int flags ) {
int ret, error;
wchar_t dbgmsg[50];
memset(buf, 0, len); //Reinitializes the buffer to 0.
ret = Real_Recv( s, buf, len, flags );
if (ret == SOCKET_ERROR)
{
error = WSAGetLastError();
swprintf(dbgmsg,50,L"Socket Error: %d", error);
OutputDebugString(dbgmsg);
}
return ret;
} |
Last edited by DrGamut on Mon Mar 01, 2010 4:36 pm; edited 2 times in total |
|
| Back to top |
|
 |
JuniorBR
How do I cheat?
![]() Reputation: 1
Joined: 12 Jun 2008
Posts: 6
Location: Brazil
|
| Posted: Mon Mar 01, 2010 4:27 pm Post subject: |
|
|
| Quote: | When I modify the buffer in my replacement function before handing control back to the actual recv() function, it has no effect. The bytes appear to be there in the buffer and I can read them, but changing them doesn't do anything at all.
|
and it should not!
you have to modify the buffer in recv after the actual function has done it's work!
_________________
My english is not good! |
|
| Back to top |
|
|
DrGamut
Newbie cheater
![]() Reputation: 0
Joined: 14 Feb 2006
Posts: 10
|
| Posted: Mon Mar 01, 2010 4:42 pm Post subject: |
|
|
| JuniorBR wrote: | | Quote: | When I modify the buffer in my replacement function before handing control back to the actual recv() function, it has no effect. The bytes appear to be there in the buffer and I can read them, but changing them doesn't do anything at all.
|
and it should not!
you have to modify the buffer in recv after the actual function has done it's work! |
hahahahahahahaha.
Oh god you made my day. I love you. Forever and for always.
Moving the buffer modification to after the function call solved it.
THANKS BUDDY.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
