Api hooking

[SFSxOI]

You got something for the detour procedure also? Sounds interesting cause I had an interest in looking into that at one point be never did really.

[Thorium]

You got something for the detour procedure also? Sounds interesting cause I had an interest in looking into that at one point be never did really.

Here it is: http://www.purebasic.fr/english/viewtop ... =7&t=39881
Just take a look at the source. But it's not system wide. Only restricted to one process.

[Michael Vogel]

Thank you all,

I'll download this and try to have success :roll: -- I'm already playing around with some other codes from the forum, but could not do what I want:

I wrote a small server for my students who have to control virtual robots on a game board via TCP/IP. Some students have problems at the beginning (when they start with server and client together on a notebook) to communicate with the server, so a network analyzer would be fine for trouble shooting.

But I found no free software (NetMon, SmartSnif, Whireshark) which is able to see the local packets (127.0.0.1) - only commercial products (e.g. CommView) work fine.
Also using a virtual Loopback interface does not work in all cases

I've also prepared some routines for writing a log file for incoming/outgoing packets:

Code: Select all

Procedure WriteHex(LogFile.l,*buf.l,l.l)

	Protected i.l
	Protected h.l
	Protected Text.s
	Protected Hex.s

	If l
		i=0
		
		Repeat
			h=PeekB(*buf+i)&$ff
			If (h<32) Or (h>127)
				Text+"·"
			Else
				Text+Chr(h)
			EndIf

			Hex+" "+RSet(Hex(h),2,"0")

			i+1

			If (i&$F=0) Or (i=l)
				If i>$10
					CompilerIf #LogDate
						WriteString(Logfile,"                      ")
					CompilerElse
						WriteString(Logfile,"   ")
					CompilerEndIf
				EndIf
				WriteStringN(LogFile,"|"+LSet(Text,16)+"|"+Hex)
				Text=""
				Hex=""
			EndIf

		Until i=l
	Else
		WriteStringN(LogFile,"{}")
	EndIf

EndProcedure
Procedure NewSend(s.l,*buf,len.l,flags.l)

	Protected Result.l=CallFunctionFast(Adr_Send,s.l,*buf,len.l,flags.l)

	If LogFile

		CompilerIf #LogDate
			WriteString(LogFile,LogDate+" > ")
		CompilerElse
			WriteString(LogFile,"-> ")
		CompilerEndIf

		WriteHex(LogFile,*buf,result)
		FlushFileBuffers(LogFile)

	EndIf

	ProcedureReturn Result
EndProcedure

After that I tried to hook/unhook to activate/deactivate the procedures seen above for the following addresses...
Lib_Wsock=LoadLibrary_("wsock32.dll")
Adr_Send=GetProcAddress_(Lib_Wsock,"send")
Adr_Receive=GetProcAddress_(Lib_Wsock,"recv")

Now I'll restart and see, if the new link will give me enough hints
Michael

[Thorium]

But I found no free software (NetMon, SmartSnif, Whireshark) which is able to see the local packets (127.0.0.1) - only commercial products (e.g. CommView) work fine.
Also using a virtual Loopback interface does not work in all cases

WPE Pro can do that. But i don't like it very much.

[Michael Vogel]

WPE Pro can do that. But i don't like it very much.

And WPE Pro doesn't like me, Rapid Sh!$.. tells me how many people are just doenloading this file now
But I will try to do get it done by my own -- using your libs