问题描述

我设法写挂钩的recv功能的semiworking EasyHook例子。我写了一个形式，增加了WebBrowser组件，以及启动应用程序。问题是，我得到的HTTP数据包，但如果有一个插座，似乎recv的停止挂钩。
的问题是，与外部应用程序，Spystudio，我可以让他们挂钩的recv。 ？所以，我在想什么。

I managed to write a semiworking EasyHook example that hooks recv function. I wrote a form, added a WebBrowser component, and started the application. The problem is, I get the HTTP packets, but if there's a socket, it seems that recv stops "hooking". The problem is, with an external application, Spystudio, I can get them hooking recv. So, what am I missing?

using System;
using System.Collections.Generic;
using System.Data;
using System.Runtime.InteropServices;
using System.Threading;
using System.Text;
using System.Windows.Forms;
using System.Diagnostics;
using System.IO;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels.Ipc;
using EasyHook;

namespace flashing
{
    public partial class Form1 : Form,EasyHook.IEntryPoint
    {
        public LocalHook CreateRecvHook;

        public Form1()
        {
            InitializeComponent();
        }

        [DllImport("Ws2_32.dll")]
        static extern int recv(
                    IntPtr socketHandle,
                    IntPtr buf,
                    int count,
                    int socketFlags
            );


        [UnmanagedFunctionPointer(CallingConvention.StdCall,
            CharSet = CharSet.Unicode,
            SetLastError = true)]


        delegate int Drecv(
                    IntPtr socketHandle,
                    IntPtr buf,
                    int count,
                    int socketFlags
            );


        static int recv_Hooked(
                    IntPtr socketHandle,
                    IntPtr buf,
                    int count,
                    int socketFlags)
        {
            int bytesCount = recv(socketHandle, buf, count, socketFlags);
            if (bytesCount > 0)
            {
                byte[] newBuffer = new byte[bytesCount];
                Marshal.Copy(buf, newBuffer, 0, bytesCount);
                string s = System.Text.ASCIIEncoding.ASCII.GetString(newBuffer);
                TextWriter tw = new StreamWriter("log.txt");
                tw.Write(s);
                tw.Close();
                Debug.WriteLine("Hooked:>" + s);
            }
            return bytesCount;
        }


        private void bottonHook_Click(object sender, EventArgs e)
        {
            try
            {
                CreateRecvHook = LocalHook.Create(
                    LocalHook.GetProcAddress("Ws2_32.dll", "recv"),
                    new Drecv(recv_Hooked),
                    this);

                CreateRecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            }
            catch (Exception ExtInfo)
            {
                Debug.WriteLine("Error creating the Hook");
                return;
            }
            RemoteHooking.WakeUpProcess();
        }

        private void buttonLoader_Click(object sender, EventArgs e)
        {
            axShockwaveFlash1.LoadMovie(0, "test.swf");
        }
    }    
}

修改：我不怀疑的recv，这里是什么apimonitor告诉我：

edit : I've no doubt about recv, here it is what apimonitor tells me:

# TID Module API Return Error
5 2696 Flash10l.ocx recv ( 1992, 0x07080000, 65536, 0 ) 1

所以，有人可以帮我吗？

So, can somebody help me?

推荐答案

问题解决了。创建故障线路被

Problem Solved. The line that created trouble was

CreateRecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });

我改成了

I changed it to

CreateRecvHook.ThreadACL.SetInclusiveACL(new Int32[] { 0 });

和现在一切都工作得很好。
谢谢大家：）

and now everything works just fine.Thanks everybody :)

这篇关于EasyHook的recv不与QUOT;勾"所有的数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！