C++接收函数
我正在从我的服务器(C++)挂钩一些函数。我想挂钩某些功能,以便能够转储某些客户端发送的数据包(连接/断开连接包)。我已经挂接了函数 recv/recvfrom 和 WSARecv/WSARecvFrom。只有 WSARecvFrom 函数被调用(多次),但仅在服务器启动时调用。我必须挂钩哪些函数才能查找远程计算机的连接/断开连接包?我注意到,在服务器上玩游戏时,4 个接收函数永远不会被调用!为什么?
例子:
typedef int (WINAPI *def_recv)(SOCKET s, char* buf, int len, int flags);
def_recv Real_recv;
int WINAPI custom_recv(SOCKET s, char* buf, int len, int flags) {
Log("recv ...");
return Real_recv(s, buf, len, flags);
}
Real_recv = (def_recv)DetourFunction((PBYTE)(DWORD)GetProcAddress(GetModuleHandleA("ws2_32.dll"), "recv"),(PBYTE)&custom_recv);
I am hooking a few functions from my server(C++). I want to hook certain functions, to be able to dump the packets, some clients send(connect/disconnect packages). I already hooked the functions recv/recvfrom and WSARecv/WSARecvFrom. Only the WSARecvFrom function gets called (many) times, but only on server startup. Which functions do I have to hook, to lookup the connect/disconnect packages of remote machines? I noticed, that the 4 receive functions never get called while playing on the server! Why?
Example:
typedef int (WINAPI *def_recv)(SOCKET s, char* buf, int len, int flags);
def_recv Real_recv;
int WINAPI custom_recv(SOCKET s, char* buf, int len, int flags) {
Log("recv ...");
return Real_recv(s, buf, len, flags);
}
Real_recv = (def_recv)DetourFunction((PBYTE)(DWORD)GetProcAddress(GetModuleHandleA("ws2_32.dll"), "recv"),(PBYTE)&custom_recv);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
来自我的回答:
From an answer of mine:
我的通灵能力告诉我,你的服务器代码正在使用异步或重叠 I/O。
您在启动时观察到的那些对
WSARecvFrom的调用是“发布”的缓冲区。当数据实际到达时,将调用指定为WSARecvFrom最后一个参数的回调函数。您可能想要做的是挂钩
WSARecvFrom并用您自己的回调函数替换lpCompletionRoutine参数。它在您自己的回调函数中,您将在其中记录/喷出您尝试观察的数据(然后调用应用程序期望的真实回调函数)。服务器代码可能对WSARecvFrom的不同调用使用不同的回调函数 - 因此请小心行事。服务器代码也完全有可能没有设置回调函数。可以使用 IOCP 或仅轮询重叠结构。 YMMV。
My psychic powers tell me that your server code is using asynchronous or overlapped I/O.
Those calls to
WSARecvFromyou observe on startup are the buffers getting "posted". When data actually arrives, the callback function specified as the last parameter toWSARecvFromis invoked.What you likely want to do is hook
WSARecvFromand replace thelpCompletionRoutineparameter with your own callback function. It's in your own callback function where you'll log/spew the data you are trying to observe (then call the real callback function the app is expecting). And the server code could be using different callback functions for different calls toWSARecvFrom- so tread carefully.It's also entirely possible the server code isn't setting a callback function. Could be using IOCP or just polling the overlapped structure. YMMV.