-1

Im making an application to manipulate send and recv, doing it with send was very easy but I can't figure how to fake or replace the recv.

What I'm trying to do is for example, if the program receives "Hello", filter it and make the program believe it received "Bye".

Here is the portion of the code where I try to filter the recv:

int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{  
      int i = 0;
      int ret = pRecv(s, buf, len, flags);
      while (i < ret && buf)
      {
         if (strncmp(buf, "Hello\0", 5) == 0)
         {               
              strcpy(buf,"Bye\0");
         }// End of if

         int len = strlen(buf) +1;
         buf += len;
         i += len;
      }//End of While
      return ret;

}//End of Function

Actually this kind of works, but tries to do it with the next call after it receives "Hello" and that isn't the intention, I want to replace the actual packet that contains "Hello" and change it to "Bye"

32bitsx86
  • 21
  • 5
  • You don't need to put string terminators explicitly in constant string literals, they will be put there automatically by the compilers. – Some programmer dude Oct 11 '16 at 06:57
  • 1
    This is an extremely complex thing to do, and the code you've shown is not even remotely close to how you would do something like this. Throw the code away. Instead, try to flesh out a rational algorithm for how you would do this. Don't code until you have an algorithm. For example, what do you do if `len` is 1? – David Schwartz Oct 11 '16 at 07:04
  • As for your problem, it depends very much on your operating system. It's also something very few people would recommend you to do differently than you're already doing. Can you please enlighten us *why* you want to change it on a lower level? – Some programmer dude Oct 11 '16 at 07:04
  • This is at least the third time this has been posted recently. Why? – user207421 Oct 11 '16 at 07:38

1 Answers1

-1

Hook the function by injecting a DLL and detouring that original function to your hook function. Here's an example of my x86 detour code I use.

const void* DetourFunc(BYTE* const src, const BYTE* dest, const DWORD length)
{
    BYTE* jump = new BYTE[length + 5];
    for (int i = 0; i < sizeof(detourBuffer) / sizeof(void*); ++i)
    {
        if (!detourBuffer[i])
        {
            detourBuffer[i] = jump;
            break;
        }
    }

    DWORD dwVirtualProtectBackup;
    VirtualProtect(src, length, PAGE_READWRITE, &dwVirtualProtectBackup);

    memcpy(jump, src, length);
    jump += length;

    jump[0] = 0xE9;
    *(DWORD*)(jump + 1) = (DWORD)(src + length - jump) - 5;

    src[0] = 0xE9;
    *(DWORD*)(src + 1) = (DWORD)(dest - src) - 5;

    VirtualProtect(src, length, dwVirtualProtectBackup, &dwVirtualProtectBackup);

    return jump - length;
}

If you can't figure it out, better start researching.

nrocboc
  • 11
  • 3