SergeyB55

Jan 7, 2014 at 6:51 PM
Based FileMon I made ​​the interception function of httpsendrequestW library wininet.dll.
After starting to iexplorer.ehe am connected, but after the interception of one or several calls httpsendrequestW error occurs in the application.
Please help me.

using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
using EasyHook;

namespace Drvnetlogiclibinject
{
public class Main : EasyHook.IEntryPoint
{
    Drvnetlogic.DrvnetlogicInterface Interface;
    LocalHook HttpSendRequestWHook;

    Stack<String> Queue = new Stack<String>();

    public Main(
        RemoteHooking.IContext InContext,
        String InChannelName)
    {
        // connect to host...
        Interface = RemoteHooking.IpcConnectClient<Drvnetlogic.DrvnetlogicInterface>(InChannelName);

        Interface.Ping();  
    }

    public void Run(
        RemoteHooking.IContext InContext,
        String InChannelName)
    {
        // install hook...
        try
        {

            HttpSendRequestWHook = LocalHook.Create(
                LocalHook.GetProcAddress("wininet.dll", "HttpSendRequestW"),
                new DHttpSendRequestW(HttpSendRequestW_Hooked),
                this);



            HttpSendRequestWHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
        }
        catch (Exception ExtInfo)
        {
            Interface.ReportException(ExtInfo);

            return;
        }

        Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

        RemoteHooking.WakeUpProcess();

        // wait for host process termination...
        try
        {
            while (true)
            {
                Thread.Sleep(500);

                // transmit newly monitored file accesses...
                if (Queue.Count > 0)
                {
                    String[] Package = null;

                    lock (Queue)
                    {
                        Package = Queue.ToArray();

                        Queue.Clear();
                    }

                    Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                }
                else
                    Interface.Ping();
            }
        }
        catch
        {
            // Ping() will raise an exception if host is unreachable
        }
    }

    [UnmanagedFunctionPointer(CallingConvention.StdCall,
        CharSet = CharSet.Unicode,
        SetLastError = true)]
    delegate byte DHttpSendRequestW(
        IntPtr hRequest,
        String lpszHeaders,
        UInt32 dwHeadersLength,
        IntPtr lpOptional,
        UInt32 dwOptionalLength);

    // just use a P-Invoke implementation to get native API access from C# (this step is not necessary for C++.NET)
    [DllImport("wininet.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
    static extern byte HttpSendRequestW(
        IntPtr hRequest,
        String lpszHeaders,
        UInt32 dwHeadersLength,
        IntPtr lpOptional,
        UInt32 dwOptionalLength);

    // this is where we are intercepting all file accesses!
    static byte HttpSendRequestW_Hooked(        //тип проверили     ИЗМЕНИЛИ
        IntPtr hRequest,                        //тип проверили
        String lpszHeaders,             //вроде тоже подходит
        UInt32 dwHeadersLength,         //тип проверили
        IntPtr lpOptional,              //тип проверили
        UInt32 dwOptionalLength)        //тип проверили
    {

        try
        {
            Main This = (Main)HookRuntimeInfo.Callback;

            lock (This.Queue)
            {
                This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" + 
                    RemoteHooking.GetCurrentThreadId() +  "]: \"" + lpszHeaders + "\"");
            }
        }
        catch
        {
        }

        // call original API...

        System.Diagnostics.Debugger.Break();        //войти в отладчик

        return HttpSendRequestW(
            hRequest,
            lpszHeaders,
            dwHeadersLength,
            lpOptional,
            dwOptionalLength);
    }
}
}
Coordinator
Feb 7, 2014 at 3:52 AM
What is the error?
Feb 7, 2014 at 10:42 AM
Interceptor fulfills itself, and Internet Explorer does not load the page (apparently the transfer of control to the application code is performed correctly)
Coordinator
Feb 18, 2014 at 8:27 AM
Using the latest I don't get any errors and internet explorer works fine. I also seem to always have an empty lpszHeaders, does this sound correct (Windows 8.1)?