I injected a dll into a server because I needed to block some bad packets that the server isn't discarding.
Snippet from my code:
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "Ws2_32.lib")
#pragma comment(lib, "Mswsock.lib")
(...)
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
(...)
AllocConsole();
freopen("CONOUT$", "w", stdout);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
if(DetourTransactionCommit() == NO_ERROR)
cout << "[" << MyRecv << "] successfully detoured." << endl;
and for testing purposes I'm just printing the data out.
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
cout << "[ RECV " << len << " ] ";
for ( int i = 0; i < len; i++ )
{
printf( "%02x ", unsigned char (buf[i]) );
}
printf( "\n" );
return pRecv(s, buf, len, flags);
}
Now I hooked it and it displays [ address ] successfully detoured..
I guess everything is hooked and working.
Now I go to the client and start sending packets.
For example I log in, now this sends a packet to the server.
And I was successful in logging in so the server should've recieved the packet I have sent.
Now I check the console hooked to the server and nothing gets printed.
Which is odd, So I tried hooking WPE_PRO on the server and started communicating to with the client again. Now I found out that even WPE can't log the packets.
How is this possible? Why is this happening?
I'm trying to build a packet logger/filter on the server to keep bad packets out.
Hackers are using packets to crash our servers.
Info on the application I'm trying to hook:
It works like a relay server. It receives info from the client then sends it to the right server inside the internal network.
So Client <-> `Application` <-> Servers
So what I'm trying to hook is the Application .
UPDATE
Tried setting a breakpoint on the recv(), WSArecv() function and it doesn't break.
Address Ordinal Name Library
------- ------- ---- -------
004121A8 23 socket WS2_32
004121A4 20 sendto WS2_32
004121E8 3 closesocket WS2_32
0041219C 9 htons WS2_32
004121A0 17 recvfrom WS2_32
004121E4 111 WSAGetLastError WS2_32
004121E0 115 WSAStartup WS2_32
004121DC 11 inet_addr WS2_32
004121D8 WSAIoctl WS2_32
004121D4 WSAConnect WS2_32
004121D0 22 shutdown WS2_32
004121CC 12 inet_ntoa WS2_32
004121C8 2 bind WS2_32
004121C4 8 htonl WS2_32
004121B4 16 recv WS2_32
004121BC WSASocketA WS2_32
004121B8 19 send WS2_32
004121B0 WSAAccept WS2_32
004121AC 13 listen WS2_32
004121C0 21 setsockopt WS2_32
Only these dll are being imported, when I checked the PE:
pdh.dll
WS2_32.dll
KERNEL32.dll
USER32.dll
GDI32.dll
WINMM.dll
UPDATE
Just to test if my code works, I hooked the DLL to the client and yes the packets got logged/printed. Confirms that my code works. Hmmmm.
UPDATE
Also tried to detour the ff.
int ( WINAPI *pSend )( SOCKET s, const char *buf, int len, int flags ) = send;
int ( WINAPI *pRecv )( SOCKET s, char *buf, int len, int flags ) = recv;
int ( WINAPI *pRecvFrom )( SOCKET s, char *buf, int len, int flags, sockaddr *from, int *fromlen ) = recvfrom;
int ( WINAPI *pWSARecvEx )( SOCKET s, char *buf, int len, int *flags ) = WSARecvEx;
and still nothing.
UPDATE
So I used wireshark and saw the packets passing through.
I've been debugging the program all day setting breakpoints on all winsock calls and still got nothing.
