Results 1 to 12 of 12

Thread: How to hook the winsock API "recv" and parse its packet?

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    How to hook the winsock API "recv" and parse its packet?

    Hi all . could any one show me an example on how to hook the winsock API "recv" and parse its packet which contain given value for example "value="?

  2. #2
    Hyperactive Member
    Join Date
    Jul 2009
    Posts
    489

    Re: How to hook the winsock API "recv" and parse its packet?

    Code:
    Public Const AF_INET = 2
    Public Const INVALID_SOCKET = -1
    Public Const SOCKET_ERROR = -1
    Public Const FD_READ = &H1&
    Public Const FD_WRITE = &H2&
    Public Const FD_CONNECT = &H10&
    Public Const FD_CLOSE = &H20&
    Public Const PF_INET = 2
    Public Const SOCK_STREAM = 1
    Public Const IPPROTO_TCP = 6
    Public Const WINSOCKMSG = 1025
    Public Const WSA_DESCRIPTIONLEN = 256
    Public Const WSA_DescriptionSize = WSA_DESCRIPTIONLEN + 1
    Public Const WSA_SYS_STATUS_LEN = 128
    Public Const WSA_SysStatusSize = WSA_SYS_STATUS_LEN + 1
    Public Const INADDR_NONE = &HFFFF
    Public Const SOL_SOCKET = &HFFFF&
    Public Const SO_LINGER = &H80&
    Public Const hostent_size = 16
    Public Const sockaddr_size = 16
    
    
    Declare Function setsockopt Lib "wsock32.dll" (ByVal s As Long, ByVal Level As Long, ByVal optname As Long, optval As Any, ByVal optlen As Long) As Long
    Declare Function getsockopt Lib "wsock32.dll" (ByVal s As Long, ByVal Level As Long, ByVal optname As Long, optval As Any, optlen As Long) As Long
    Declare Function WSAGetLastError Lib "wsock32.dll" () As Long
    Declare Function WSAIsBlocking Lib "wsock32.dll" () As Long
    Declare Function WSACleanup Lib "wsock32.dll" () As Long
    Declare Function Send Lib "wsock32.dll" Alias "send" (ByVal s As Long, buf As Any, ByVal buflen As Long, ByVal flags As Long) As Long
    Declare Function recv Lib "wsock32.dll" (ByVal s As Long, buf As Any, ByVal buflen As Long, ByVal flags As Long) As Long
    Declare Function WSAStartup Lib "wsock32.dll" (ByVal wVR As Long, lpWSAD As WSADataType) As Long
    Declare Function htons Lib "wsock32.dll" (ByVal hostshort As Long) As Integer
    Declare Function ntohs Lib "wsock32.dll" (ByVal netshort As Long) As Integer
    Declare Function socket Lib "wsock32.dll" (ByVal af As Long, ByVal s_type As Long, ByVal protocol As Long) As Long
    Declare Function closesocket Lib "wsock32.dll" (ByVal s As Long) As Long
    Declare Function Connect Lib "wsock32.dll" Alias "connect" (ByVal s As Long, addr As sockaddr, ByVal namelen As Long) As Long
    Declare Function WSAAsyncSelect Lib "wsock32.dll" (ByVal s As Long, ByVal Hwnd As Long, ByVal wMsg As Long, ByVal lEvent As Long) As Long
    Declare Function inet_addr Lib "wsock32.dll" (ByVal cp As String) As Long
    Declare Function gethostbyname Lib "wsock32.dll" (ByVal host_name As String) As Long
    Declare Function inet_ntoa Lib "wsock32.dll" (ByVal inn As Long) As Long
    Declare Function WSACancelBlockingCall Lib "wsock32.dll" () As Long
    
    
    Public saZero As sockaddr
    Public WSAStartedUp As Boolean, Obj As TextBox
    Public PrevProc As Long, lSocket As Long
    
    
    'our Winsock-message handler
    Public Sub ProcessMessage(ByVal lFromSocket As Long, ByVal lParam As Long)
        Dim X As Long, ReadBuffer(1 To 1024) As Byte, strCommand As String
        Select Case lParam
        Case FD_CONNECT 'we are connected to microsoft.com
        Case FD_WRITE 'we can write to our connection
            'this is a part of the HTTP protocol
            'for more information about this protocol, visit http://www.w3c.org/
            strCommand = "GET http://www.microsoft.com/ HTTP/1.0" + vbCrLf
            strCommand = strCommand + "Pragma: no-cache" + vbCrLf
            strCommand = strCommand + "Accept: */*" + vbCrLf
            strCommand = strCommand + "Accept: text/html" + vbCrLf + vbCrLf
            'send the data to our microsoft.com-connection
            SendData lFromSocket, strCommand
        Case FD_READ 'we have data waiting to be processed
            'start reading the data
            Do
                X = recv(lFromSocket, ReadBuffer(1), 1024, 0)
                If X > 0 Then
                    Obj.Text = Obj.Text + Left$(StrConv(ReadBuffer, vbUnicode), X)
                End If
                If X <> 1024 Then Exit Do
            Loop
        Case FD_CLOSE 'the connection with microsoft.com is closed
        End Select
    End Sub
    
    
    Public Sub HookForm(F As Form)
        PrevProc = SetWindowLong(F.hwnd, GWL_WNDPROC, AddressOf WindowProc)
    End Sub
    
    
    Public Sub UnHookForm(F As Form)
        If PrevProc <> 0 Then
            SetWindowLong F.hwnd, GWL_WNDPROC, PrevProc
            PrevProc = 0
        End If
    End Sub
    
    
    Public Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
        If uMsg = WINSOCKMSG Then
            ProcessMessage wParam, lParam
        Else
            WindowProc = CallWindowProc(PrevProc, hwnd, uMsg, wParam, lParam)
        End If
    End Function

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    Re: How to hook the winsock API "recv" and parse its packet?

    Many thanks for your reply. could you tell me what controle i need in my form to run this example. Furthermore , could you tell me how i can connect to an external application process intead of remote website ?

  4. #4
    Hyperactive Member
    Join Date
    Jul 2009
    Posts
    489

    Re: How to hook the winsock API "recv" and parse its packet?

    here is thwhole project
    it's small so it quite easy to learn.
    Attached Files Attached Files

  5. #5
    Hyperactive Member
    Join Date
    Jul 2009
    Posts
    489

    Re: How to hook the winsock API "recv" and parse its packet?

    about your second question i'm not sure i understand it

  6. #6

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    Re: How to hook the winsock API "recv" and parse its packet?

    I try to explain it. There is this external application that i don't have its source code. That application communicates with its server via winsock API and recive some data back from server. So what i want to do hook to the process of that applicaton and read the data that it recives from server and parse it. I don't have any experienc with hook so i came for help here.

  7. #7
    Hyperactive Member
    Join Date
    Jul 2009
    Posts
    489

    Re: How to hook the winsock API "recv" and parse its packet?

    to hook external app is a another task,
    i have an exampe here, but i need to search.
    maybe tommorow.
    it's more complicated, it's involved dll

  8. #8

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    Re: How to hook the winsock API "recv" and parse its packet?

    Many Thanks. I will be waiting for that example as i realy need to learn how to hook to another applications since i need to write few application involving another application.

  9. #9

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    Re: How to hook the winsock API "recv" and parse its packet?

    Quote Originally Posted by whatsup View Post
    to hook external app is a another task,
    i have an exampe here, but i need to search.
    maybe tommorow.
    it's more complicated, it's involved dll
    Did you find that example ?I am still looking for it!

  10. #10
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: How to hook the winsock API "recv" and parse its packet?

    Quote Originally Posted by tony007 View Post
    I try to explain it. There is this external application that i don't have its source code. That application communicates with its server via winsock API and recive some data back from server. So what i want to do hook to the process of that applicaton and read the data that it recives from server and parse it. I don't have any experienc with hook so i came for help here.
    First, you do not read packets at the level you are programming at. Packets are read by the network applications and they in turn send only the data (not the network protocols) to the higher level application using Winsock; like your application.

    Do you have the other applications on your computer? Are they, in essence, your applications. If they are not yours and they reside on another computer then no one here is going to help you do that. That would be considered spying. Even if they are yours (ie, you just don't have the source code) and even at that I don't think you can accompolish that using Winsock. Basically, you would have to be able to listen in on the same port that the other two applications are using. You cannot have two applications running trying to listen on the same port number. What you are attempting to make is a packet sniffer and that requires knowledge way down below code laying underneath Winsock; down at the network level.
    Last edited by jmsrickland; May 22nd, 2011 at 04:30 PM.


    Anything I post is an example only and is not intended to be the only solution, the total solution nor the final solution to your request nor do I claim that it is. If you find it useful then it is entirely up to you to make whatever changes necessary you feel are adequate for your purposes.

  11. #11

    Thread Starter
    Frenzied Member
    Join Date
    Apr 2005
    Posts
    1,907

    Re: How to hook the winsock API "recv" and parse its packet?

    It is not my application but it is running on my own computer . I am just trying to customize the user interface of the application to suite my needs! There are application that do what i want but i want parse the incoming data and ignore the unnecessary data plus make new user interface !

  12. #12
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: How to hook the winsock API "recv" and parse its packet?

    So is the application that runs on your computer communicating with a server also on your computer or is the server somewhere else?

    Usually, in this type of situation, members are asking how to read the HTTP protocol going on between an application on the user's machine and a Website so as to know how the client is sending requests to a Web server and see how the server responds. For this, you need to write your own packet sniffer even if it isn't a Web server but just another application running somewhere else.

    However, even if you can intervene, you cannot change the data and then send the modified data on to the other application. By the time you get the information that is going on between the two applications it has already been transmitted. You can only look.
    Last edited by jmsrickland; May 23rd, 2011 at 01:40 PM.


    Anything I post is an example only and is not intended to be the only solution, the total solution nor the final solution to your request nor do I claim that it is. If you find it useful then it is entirely up to you to make whatever changes necessary you feel are adequate for your purposes.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width