Winsock2 recv() 挂钩到远程进程
我试图将自定义的recv()winsock2.0方法挂接到远程进程,以便我的函数执行而不是进程中的函数,我一直在谷歌搜索这个,我发现了一些非常好的例子,但它们
typedef (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = recv;
现在 缺乏描述我的问题是,这是什么意思,或者说,这是某种指向真正的 recv() 函数的指针吗?
然后是自定义函数的另一段代码
int WINAPI Cus_Recv( SOCKET s, char *buf, int len, int flags )
{
printf("Intercepted a packet");
return WSAREC( s, buf, len, flags ); // <- What is this?
}
抱歉,如果这些问题听起来真的很基本,我只是在两三周前开始学习。 谢谢。
I was trying to hook a custom recv() winsock2.0 method to a remote process, so that my function executes instead of the one in the process, i have been googling this and i found some really good example, but they lack description
typedef (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = recv;
Now my question is, what does this mean, or does, is this some sort of a pointer to the real recv() function?
And then the other piece of code for the custom function
int WINAPI Cus_Recv( SOCKET s, char *buf, int len, int flags )
{
printf("Intercepted a packet");
return WSAREC( s, buf, len, flags ); // <- What is this?
}
Sorry if these questions sound really basic, i only started learning 2 or 3 weeks ago.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你在哪里找到这样的例子?
第一行尝试定义一个新类型 WSAREC,它是一个指向与
recv()具有相同签名的函数的指针。不幸的是,它还尝试声明一个这种类型的变量来存储recv()函数的地址。 typedef 是错误的,因为该函数缺少返回类型。因此它不能在 Visual Studio 2003 下编译。您可能会更幸运地使用:
它仅声明一个“函数指针”类型的变量,该变量存储
recv()的地址。现在第二个片段是一个与recv()函数具有相同签名的函数,它打印一条消息,然后通过声明的函数指针调用原始的recv()多于。
这里的代码仅显示如何通过指针调用函数:它不会替换当前进程中的任何内容。
另外,我不确定您是否可以干扰另一个进程并随意替换一个功能。这将对系统的安全造成很大的威胁。但你为什么要这样做?
where did you find such an example ?
the first line tries to define a new type WSAREC, which is a pointer to a function having the same signature as
recv(). unfortunately, it is also trying to declare a variable of this type to store the address of therecv()function. the typedef is wrong since the function is lacking a return type. so it does not compile under Visual Studio 2003.you may have more luck using:
which declares only a variable of type "pointer to function", which stores the address of the
recv().now the second snippet is a function which has the same signature as the
recv()function, which prints a message, then calls the originalrecv()through the function pointer declared above.the code here only shows how to call a function through a pointer: it does not replace anything in the current process.
also, i am not sure you can interfere with another process and replace one function at your will. it would be a great threat to the security of the system. but why would you do that in the first place ??