0

I need your advices what to use - Layered Service Provider or just load mine DLL in all process and hook necessary functions using, NCodeHook or EasyHook library.

This is needed for inspection of HTTP traffic.

P.S. This need to be done for commercial application

Thanks!

StayOnTarget
  • 11,743
  • 10
  • 52
  • 81
let4be
  • 1,048
  • 11
  • 30

2 Answers2

1

Before making a decision you need to consider the following:

Code hooking:

  1. AV doesn't like code hooking, if you're using a library that has external DLLs, run a check with AV total before committing to it.
  2. Make sure the library's license works for you, for example, for LGPL you won't be able to embed the library as static without becoming GPL yourself.
  3. I heard people managed to hook Metro apps, it's something to investigate.
  4. If you have another code hooking app, it may conflict.

LSP:

  1. The default MS sample/installer is broken.
  2. You may get something working on a VM or fresh install, but to get LSP working properly across all OS and browsers, will take 6-12 months.
  3. Will not work with Metro apps.

In Komodia we use a combo of LSP/WFP for our SDK, knowing what I know now, if I'd go back 4 years, I'd use LSP all over again.

Good luck.

Muhd
  • 24,305
  • 22
  • 61
  • 78
Barak Weichselbaum
  • 121
  • 2
0

Using Easyhook will be a nice way to do it check the following http://www.sghaida.com/easyhook-for-systemcall-hooking/

Saddam Abu Ghaida
  • 6,381
  • 2
  • 22
  • 29