Hello,
do anyone have a clue how to completly hooks outgoing connections to specific port?
I try to hook connect function in ws2_32.dll but it seems to work with only few applications on my XP system. I try to hook IE outgiong calls but without success. Then i realise that MS doesn't even use ws2_32.dll in their apps like outlook express or IE.
Any ideas?
Tnx
Posted on 2002-05-31 15:35:36 by dJed_mRaz
I think IE/OE uses the internet API instead of winsock directly. About the hooks, at my site is a tool called wshook which hooks the connect/send/recv/close winsock APIs. The C source of it is available as well.. It does use some win2k+ APIs, so it will work on XP too but not on other systems.

Thomas
Posted on 2002-05-31 16:31:34 by Thomas
Something I forgot: not every program uses winsock 2 (ws2_32). Some use winsock 1(.1) instead (wsock32). My tool catches them all except for the programs that don't use winsock directly at all (like IE).

Thomas
Posted on 2002-05-31 16:33:47 by Thomas
I found a lot of texts on hooking and IE v3 uses wininet.dll
for network comunication , but it seems that new versions of MS apps use SHLWAPI.DLL for network comunication but there is very small amount of info on that library. Also a lot of functions are called by their ordinal and have no name.
Posted on 2002-05-31 17:23:58 by dJed_mRaz
The platform SDK/MSDN has info on the 'Internet API' (functions with prefixes like Http and Ftp). Iirc, IE uses that (via other DLLs).
Most other programs do use normal winsock functions. It's also true that many programs import the winsock functions by ordinal instead of by name. My utility can handle both.

Thomas
Posted on 2002-05-31 17:42:26 by Thomas
Your utility doesn't work with most of applications who calls winsock api. Probably it cannot handle calls from other dlls bundled with main app.
Posted on 2002-06-03 11:07:09 by dJed_mRaz
That's true, IIRC it doesn't hook all DLLs. But after all, I only wrote it to debug my own programs, not as a general spy tool.

Thomas
Posted on 2002-06-03 12:15:07 by Thomas