API tools faq
paste
Advertisement
captmicro

Per-Process packet capture

captmicro
Aug 15th, 2010
344
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.10 KB | None | 0 0
raw download clone embed print report
  1. #include "main.h"
  2.  
  3. _send pSend;
  4. _recv pRecv;
  5. char logfile[MAX_PATH];
  6.  
  7. int WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
  8. {
  9.     if (dwReason == DLL_PROCESS_ATTACH)
  10.     {
  11.         GetModuleFileNameA(NULL, logfile, MAX_PATH);
  12.         lstrcatA(logfile, ".txt");
  13.         MessageBoxA(0, logfile, "pp_capture.dll", 0);
  14.  
  15.         LogFile("DLL_PROCESS_ATTACH\n", 0);
  16.  
  17.         pSend = (_send)DetourFindFunction("ws2_32.dll", "send");
  18.         pRecv = (_recv)DetourFindFunction("ws2_32.dll", "recv");
  19.  
  20.         DisableThreadLibraryCalls(hModule);
  21.  
  22.         DetourTransactionBegin();
  23.         DetourUpdateThread(GetCurrentThread());
  24.         DetourAttach(&(PVOID&)pSend, cSend);
  25.         if (DetourTransactionCommit() == NO_ERROR)
  26.             LogFile("send() detoured successfully\n", 0);
  27.  
  28.         DetourTransactionBegin();
  29.         DetourUpdateThread(GetCurrentThread());
  30.         DetourAttach(&(PVOID&)pRecv, cRecv);
  31.         if (DetourTransactionCommit() == NO_ERROR)
  32.             LogFile("recv() detoured successfully\n", 0);
  33.     }
  34.     else if (dwReason == DLL_PROCESS_DETACH)
  35.     {
  36.         LogFile("DLL_PROCESS_DETACH\n", 0);
  37.         DetourTransactionBegin();
  38.         DetourUpdateThread(GetCurrentThread());
  39.         DetourDetach(&(PVOID&)pSend, cSend);
  40.         if (DetourTransactionCommit() == NO_ERROR)
  41.             LogFile("send() un-detoured successfully\n", 0);
  42.        
  43.         DetourTransactionBegin();
  44.         DetourUpdateThread(GetCurrentThread());
  45.         DetourDetach(&(PVOID&)pRecv, cRecv);
  46.         if (DetourTransactionCommit() == NO_ERROR)
  47.             LogFile("recv() un-detoured successfully\n", 0);
  48.     }
  49. }
  50.  
  51. int WINAPI cSend(SOCKET s, const char *buf, int len, int flags)
  52. {
  53.     LogFile("[SEND]", 6);
  54.     LogFile((char*)buf, len);
  55.     LogFile("\n", 1);
  56.     return pSend(s, buf, len, flags);
  57. }
  58.  
  59. int WINAPI cRecv(SOCKET s, char *buf, int len, int flags)
  60. {
  61.     LogFile("[RECV]", 6);
  62.     LogFile(buf, len);
  63.     LogFile("\n", 1);
  64.     return pRecv(s, buf, len, flags);
  65. }
  66.  
  67. void LogFile(char *str, int len)
  68. {
  69.     HANDLE file = CreateFileA(logfile, FILE_APPEND_DATA,
  70.         FILE_SHARE_READ, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
  71.     if (file == INVALID_HANDLE_VALUE) return;
  72.     DWORD dwBytesWritten;
  73.     if (len == 0) len = lstrlenA(str);
  74.     WriteFile(file, str, len, &dwBytesWritten, 0);
  75.     CloseHandle(file);
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!