ws_32.dll connect detouring hook no connect fails_问答_开发者

ws_32.dll connect detouring hook no connect fails

开发者 https://www.devze.com 2023-03-21 20:00 出处：网络

I\'m try to detour the connect function from the ws_32.dll. The detouring works, but something goes wrong when calling the orginal function. I use a relatively unknown library to hook the function. It

相关专题：.net

I'm try to detour the connect function from the ws_32.dll. The detouring works, but something goes wrong when calling the orginal function. I use a relatively unknown library to hook the function. It is called WhiteMagic. It works with 开发者_开发百科other functions well, just not this one.

I tried it on Internet Explorer and I can't connect anywhere. If I block with Thread.Sleep 100 ms, it works.

public static UIntPtr ConnectSocketDetoured(UIntPtr s, ref NativeSocks.sockaddr name, int namelen)
{
    Magic.Instance.Detours[DetouredConnectId].Remove();
    var retVal = ((NativeSocks.Dconnect)Magic.Instance.Detours[DetouredConnectId].TargetDelegate).Invoke(s, ref name, namelen);
    //var retVal = NativeSocks.connect(s, ref name, namelen); PINVOKE IMPORT DOESNT WORK TOO. 
    //IF I BLOCK HERE 100 MILLISECONDS THIS WORK.
    Magic.Instance.Detours[DetouredConnectId].Apply();

    return retVal;
}

[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi, SetLastError = false)]
public delegate UIntPtr Dconnect(UIntPtr s, ref sockaddr_in name, int namelen);

sockaddr_in Struct

    [StructLayoutAttribute(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
    public struct sockaddr_in
    {
        public short sin_family;
        public ushort sin_port;
        public in_addr sin_addr;
        [MarshalAsAttribute(UnmanagedType.ByValTStr, SizeConst = 8)]
        public string sin_zero;
    }

    [StructLayoutAttribute(LayoutKind.Sequential)]
    public struct in_addr
    {
        public Anonymous1 S_un;
    }

    [StructLayoutAttribute(LayoutKind.Explicit)]
    public struct Anonymous1
    {
        [FieldOffsetAttribute(0)]
        public Anonymous2 S_un_b;

        [FieldOffsetAttribute(0)]
        public Anonymous3 S_un_w;

        [FieldOffsetAttribute(0)]
        public uint S_addr;
    }

    [StructLayoutAttribute(LayoutKind.Sequential)]
    public struct Anonymous2
    {
        public byte s_b1;
        public byte s_b2;
        public byte s_b3;
        public byte s_b4;
    }

    [StructLayoutAttribute(LayoutKind.Sequential)]
    public struct Anonymous3
    {
        public ushort s_w1;
        public ushort s_w2;
    }

I think by blocking inside the detouring function while the hook is removed will cause a WSAEWOULDBLOCK error. For that reason, the internet explorer calls the connect function again while the hook is removed and calls the original working function.

WSAEWOULDBLOCK Error description :

Resource temporarily unavailable. This error is returned from operations on nonblocking sockets that cannot be completed immediately, for example recv when no data is queued to be read from the socket. It is a nonfatal error, and the operation should be retried later. It is normal for WSAEWOULDBLOCK to be reported as the result from calling connect on a nonblocking SOCK_STREAM socket, since some time must elapse for the connection to be established.

Assuming you're using this WhiteMagic library: http://www.gamedeception.net/threads/17994-C-WhiteMagic-Injected-NET-Helper-Library

There is a method "CallOriginal" for each Detour. Try calling that instead of removing/reapplying your detour.

Now assume you are using some WhiteMagic library.You should try using the method CallOriginal for each detour. You should call that instead of removing your detour.

Hope this helps.