0

I have an application that shows a WebBrowser component, which contains a flash application that create a XMLSocket with a server. I'm now trying to hook recv ( luckly a LocalHook) for log purpuse, but when I try to read the socket content I get only strange chars, but if i set the hook with SpyStudio I get readable strings. Here is the code I use :

  1. I set the hook with

    CreateRecvHook = LocalHook.Create(
    LocalHook.GetProcAddress("ws2_32.dll", "recv"),
    new Drecv(recv_Hooked),
    this);


CreateRecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });

  2. I set up everything I need with

    [DllImport("ws2_32.dll")]
static extern int recv(
            IntPtr socketHandle,
            IntPtr buf,
            int count,
            int socketFlags
    );


[UnmanagedFunctionPointer(CallingConvention.StdCall,
    CharSet = CharSet.Unicode,
    SetLastError = true)]


delegate int Drecv(
            IntPtr socketHandle,
            IntPtr buf,
            int count,
            int socketFlags
    );


static int recv_Hooked(
            IntPtr socketHandle,
            IntPtr buf,
            int count,
            int socketFlags)
{
    byte[] test = new byte[count];
    Marshal.Copy(buf, test, 0, count);



    IntPtr ptr = IntPtr.Zero;


ptr = Marshal.AllocHGlobal(count);
Marshal.Copy(test, 0, ptr, count);


string s = System.Text.UnicodeEncoding.Unicode.GetString(test);
Debug.WriteLine(s);
System.IO.StreamWriter file = new System.IO.StreamWriter("log.txt");
file.WriteLine(s);


file.Close();
return recv(socketHandle, buf, count, socketFlags);;

    

}

I've already tried using different Encoding without success. As a side note, the WebBrowser doesn't seems to have any problem.

VahidN
  • 18,457
  • 8
  • 73
  • 117
kaharas
  • 597
  • 2
  • 17
  • 39

1 Answers1

1

You're saving the content of the uninitialized buffer, no wonder it's garbage.

There is nothing in that buffer until after recv (the real one) fills it in. You also can't know how many bytes are actually valid except by inspecting the return code from the real recv.

Ben Voigt
  • 277,958
  • 43
  • 419
  • 720
  • I feel a little dumb, but ... then why when I hook the same function with spystudio ( http://www.nektra.com/products/spystudio-api-monitor/ ) i get readable strings? – kaharas Dec 29 '10 at 09:28
  • Presumably because SpyStudio knows about the parameters and reads them at the right time: input parameters are read before calling the real function, and return value and output parameters are captured after calling the real function. Hooking a function is a lot like overriding a method... and a overriding method needs to do part of its work before calling the base class implementation and part after, a tail call isn't always the right thing to do. – Ben Voigt Dec 29 '10 at 14:16