hooking recv - buffer issues

Nov 11, 2009 at 3:29 AM

I have recv hooking working fine but have a weird issue.

static int recv_Hooked(
            IntPtr socketHandle,
            IntPtr buf,
            int count,
            int socketFlags)
        {

            byte[] test = new byte[count];
            Marshal.Copy(buf, test, 0, count);

            IntPtr ptr = IntPtr.Zero;
           
            ptr = Marshal.AllocHGlobal(count);
            Marshal.Copy(test, 0, ptr, count);

            return recv(socketHandle, ptr, count, socketFlags);
        }

 

I am simply copying the buffer to an array and then copying that array to memory (i.e. making a copy of the buffer in a different memory location). You would assume the buffer is the same and un-modified, yet its taking on weird values like ":\WINDOWS\system32\ieframe.dll". I am doing this because I want to modify the recv buffer before returning it to the API, however I can't do this yet due to the above issue.

If I remove the extra copying and just do the following it works fine:

static int recv_Hooked(
            IntPtr socketHandle,
            IntPtr buf,
            int count,
            int socketFlags)
        {

            return recv(socketHandle, ptr, count, socketFlags);
        }

Any ideas? Thanks & Cheers Mate

Nov 11, 2009 at 8:05 AM

i have the same issue

Nov 15, 2009 at 4:24 PM

forgive my poor english.

In my option,You should recv first,and then change the buf.