BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Re: Hooking Winsock Functions          BorlandTalk.com Forum Index -> C++ Builder (Native API) View previous topic :: View next topic   Author Message John Smith Guest Posted: Sat Mar 19, 2005 4:50 pm    Post subject: Re: Hooking Winsock Functions Any source code examples available which do NOT rely on thirdparty, compiled, exes, libs or dlls? If not, sounds like a plausable hack... Regards "Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote Quote: "KR" <kr (AT) nospamme (DOT) net> wrote in message news:pan.2004.12.04.14.44.41.939127 (AT) nospamme (DOT) net... No driver needed. Do a google search on "api hooking" and "dll injection". Can be complicated, but not as much as writing a driver (plus there are tools to simplify this). Using API hooking is much more complicated, not to mentio more dangerous, than using a driver. The NDIS architecture is specifically designed for allowing such hooking. API hooking, on the other hand, is a programming hack, it is not the offcial way to approach this issue. Most winsock-intercepting programs (firewalls, etc) use this method I think, and don't resort to installing drivers. That is completely wrong. They do take the driver approach. For one thing, it is much easier to install and uninstall. Just install a single file onto the machine and set up a few official config values so that WinSock loads the driver. Using API hooking, on the other hand, you have to use a global DLL hook that is installed into every process, altering that process's memory in order to redirect the function calls to new memory that the DLL owns. That can be VERY dangerous, not to mention that it triggers anti-virus protections because it is virus-like behavior to alter a program's memory. Second, it is much more accurate and reliable from a programming standpoint to use a driver than hooking API calls anyway. Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sat Mar 19, 2005 10:58 pm    Post subject: Re: Hooking Winsock Functions "John Smith" <assemblywizard (AT) gmail (DOT) com> wrote Quote: Any source code examples available which do NOT rely on thirdparty, compiled, exes, libs or dlls? Source code to do what exactly? Write an NDIS driver? Or write a DLL hook that hacks every running process? Gambit Back to top John Smith Guest Posted: Sun Mar 20, 2005 1:02 am    Post subject: Re: Hooking Winsock Functions I am speaking of the source code for libaries for building a kernel driver for NDIS, and examples... all I have been able to find is 3rd party code which you must purchase, and some you do not even get the source with! Regards "Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote Quote: "John Smith" <assemblywizard (AT) gmail (DOT) com> wrote in message news:423c5867 (AT) newsgroups (DOT) borland.com... Any source code examples available which do NOT rely on thirdparty, compiled, exes, libs or dlls? Source code to do what exactly? Write an NDIS driver? Or write a DLL hook that hacks every running process? Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Mar 20, 2005 1:46 am    Post subject: Re: Hooking Winsock Functions "John Smith" <assemblywizard (AT) gmail (DOT) com> wrote Quote: I am speaking of the source code for libaries for building a kernel driver for NDIS, and examples... You cannot build NDIS drivers with BCB. You need to use Microsoft's DDK for that. Gambit Back to top Mike Harris Guest Posted: Sun Mar 20, 2005 2:46 am    Post subject: Re: Hooking Winsock Functions I am reasonably sure a person can build a kernel mod driver with bcb. Back to top Remy Lebeau (TeamB) Guest Posted: Sun Mar 20, 2005 4:59 am    Post subject: Re: Hooking Winsock Functions "Mike Harris" <nospam (AT) nospam (DOT) com> wrote Quote: I am reasonably sure a person can build a kernel mod driver with bcb. BCB does not support driver development. As I mentioned earlier, you need to use the DDK (Driver Development Kit) for that. To hook the socket API from a BCB project without writing your own driver is to use a third-party ready-made driver, such as the one provided with WinPCap ([url]http://winpcap.polito.it)[/url]. Gambit Back to top Mike Harris Guest Posted: Sun Mar 20, 2005 5:24 am    Post subject: Re: Hooking Winsock Functions Driver development has been discussed in these groups many times. I and several other people have reported success writing drivers such as wmi and other.. "Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote Quote: "Mike Harris" <nospam (AT) nospam (DOT) com> wrote in message news:423ce3e7 (AT) newsgroups (DOT) borland.com... I am reasonably sure a person can build a kernel mod driver with bcb. BCB does not support driver development. As I mentioned earlier, you need to use the DDK (Driver Development Kit) for that. To hook the socket API from a BCB project without writing your own driver is to use a third-party ready-made driver, such as the one provided with WinPCap ([url]http://winpcap.polito.it)[/url]. Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Mar 20, 2005 12:44 pm    Post subject: Re: Hooking Winsock Functions "Mike Harris" <nospam (AT) nospam (DOT) com> wrote Quote: Driver development has been discussed in these groups many times. I and several other people have reported success writing drivers such as wmi and other.. Care to share the details? Gambit Back to top Mike Harris Guest Posted: Sun Mar 20, 2005 4:24 pm    Post subject: Re: Hooking Winsock Functions one of Alex Bakaev [TeamB] replies to same subject. http://tinyurl.com/58nob http://216.101.185.148/scripts/isapi.dll/article?id=11D3DC34&article=1218464 "Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote in message> Quote: Care to share the details? Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Mar 20, 2005 8:03 pm    Post subject: Re: Hooking Winsock Functions "Mike Harris" <nospam (AT) nospam (DOT) com> wrote Quote: http://tinyurl.com/58nob http://216.101.185.148/scripts/isapi.dll/article?id=11D3DC34&article=1218464 Please do not post links to Taramack search results. They are session-based and expire quickly. Linking to Tamarack results never works. Use Google/Deja instead. Gambit Back to top Mike Harris Guest Posted: Sun Mar 20, 2005 11:08 pm    Post subject: Re: Hooking Winsock Functions oops, forgot about the Taramack thing. It would be easier to make a brief description and paste something you can search. one of many indications others have done the same as I. Alex Bakaev [TeamB] wrote. " The compiler is not 100% compatible with the ntddk.h ( and probably few others ) header. This is mostly in the area of inline functions containing inline assembly and some assembly constructs in other functions. This is easy to work around tho. I was able to build WDM drivers without much problem after tweaking the headers. Also, you will need to provide your own startup code (simple jmp DriverEntry ) and some C/C++ RTL functions. HTH, Alex " basics. 1 ) hand build an asm unit. use const.asm for a reference if needed. 2 ) port ddk headers needed. 3 ) compile in a dll project. 4 ) build a small utility to 'adjust' pe header info as needed for device drivers. might want to 'save as' while the file is open. 5 ) install. Michael Harris "Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote Quote: Please do not post links to Taramack search results. They are session-based and expire quickly. Linking to Tamarack results never works. Use Google/Deja instead. Gambit Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> C++ Builder (Native API) All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.