使用detours Hook IE11 中 WSARecv WSASend CreateThreadpoolIo StartThreadpoolIo CancelThreadpoolIo在IE11中
有效另外Hook的其它API 如WSAGetOverlappedResult GetQueuedCompletionStatus WaitForThreadpoolIoCallbacks
GetQueuedCompletionStatusEx 等等在IE11下就沒有作用,在Hook WSARecv 中出現問題了,我做的hook是使用
webbrowser進行的。
在ie11中開始打開網頁時會出現好幾個socket 與closesocket的無資料操作的SOCKET在以前ie8的版本就好像沒出現過,
不知這是什么原因。
先說一下我Hook的程序,IE11內核中socket 的通訊是通過完成埠進行的,首先是呼叫ws2_32.dll 中的 WSASocketA
WSASocketW 有時一個SOCKET 兩個函式都進去了,這個有點不明白,再進入socket呼叫,這里為什么WSASocke
socket 兩個版本在同一個SOCKET上都會呼叫呢?
進入CreateThreadpoolIo中建立SOCKET與IO 的聯系,這是要保存每一對SOCKET 與 IO 的資料還要加一個回呼地址。
PTP_IO __stdcall Mine_CreateThreadpoolIo(HANDLE fl,進入StartThreadpoolIo操作,也就是設備IO與SOCKET的一次資料操作正式建立聯系。
PTP_WIN32_IO_CALLBACK pfnio, PVOID pv, PTP_CALLBACK_ENVIRON pcbe)
{
char szBuf[255];
PTP_IO rv = 0;
__try {//MyPTPFun
rv = Real_CreateThreadpoolIo(fl,MyPTPFun,pv,pcbe);
sprintf(szBuf,"CreateThreadpoolIo: S:0x%08x IO:0x%08x FUN:0x%08x\r\n",fl,rv,pfnio);HuiOutDebug(szBuf,_T("hookApi"));
g_manage.BingSocketToIo(rv,(SOCKET)fl,(void*)pfnio);//這里就是保存操作。
} __finally {
};return rv;
}
VOID __stdcall MyPTPFun(PTP_CALLBACK_INSTANCE Instance,PVOID Context,PVOID Overlapped,
ULONG IoResult,ULONG_PTR NumberOfBytesTransferred,PTP_IO Io)
{
char szBuf[255];
PTP_WIN32_IO_CALLBACK pFun= (PTP_WIN32_IO_CALLBACK)g_manage.GetIoFun(Io);
sprintf(szBuf,"MyPTPFun: IO:0x%08x FUN:0x%08x\r\n",Io,pFun);HuiOutDebug(szBuf,_T("hookApi"));
if( pFun ){
g_manage.ProceIo(Io,Overlapped,Context,IoResult,NumberOfBytesTransferred);//先呼叫自的的回呼函式,就是這里出現漏資料?????
pFun(Instance,Context,Overlapped,IoResult,NumberOfBytesTransferred,Io);//然后是原回呼函式
}
} //g_manage是一個保存資料的全域類,類中使用了CCriticalSection m_sc;對所用操作進行了保護。
連接操作不是WSAConnect與connect,是進入connectEx ,這個函式的Hook 比較麻煩,后面我會說明這個函式是怎么hook的,
在IE8中在hook connect時就會出出兩個握手的操作,send 與recv,發送與接收的只有一個位元組或沒有位元組,但IE11中只進入了recv,那個send沒進入,握手操作的發送資料據不知是怎么操作,這是什么原因呢?
connectEx 之后沒有send 或WSASend 操作,直接進入了回呼函式MyPTPFun ,MyPTPFun之后沒有呼叫StartThreadpoolIo直接進入recv操作,有時recv與沒有操作。
連接建立后,再次進入StartThreadpoolIo進行設備IO與SOCKET的一次資料操作建立聯系。
進入WSASend,好像這個函式的操作能立即完成似的沒進入回呼MyPTPFun中,直接CancelThreadpoolIo取消io完成埠的回呼。
再次進入StartThreadpoolIo進行設備IO與SOCKET的一次資料操作建立聯系。
然后就是WSARecv,這個操作有時能立即完成直接CancelThreadpoolIo取消io完成埠的回呼。有時進入回呼函式MyPTPFun,
int __stdcall Mine_WSARecv(SOCKET a0,LPWSABUF a1,DWORD a2,LPDWORD a3,LPDWORD a4,在上述的程序中,g_manage.BingSocketToIo 對回呼,完成設備IO, 套接字建立了資料聯系,g_manage.SetOp對接識訓發送
LPWSAOVERLAPPED a5,LPWSAOVERLAPPED_COMPLETION_ROUTINE a6)
{ int rv = 0;
DWORD dw;
DWORD dwLen ,dwLen1;
LPWSABUF lp;
char szBuf[500];
__try {
rv = Real_WSARecv(a0, a1, a2, a3, a4, a5, a6);
sprintf(szBuf,"WSARecv:s:0x%08x Len:%d len:%d\r\n",a0,0,a1[0].len);
HuiOutDebug(szBuf,_T("hookApi"));
g_manage.SetOp(a0,2,a1,a2,a5,a1[0].len);//這里進行了保存操作,以便觀察對比;
} __finally {
};
return rv;
}
}
資料的 LPWSAOVERLAPPED LPWSABUF 指標進行了保存,以便取數或觀察。其中在我的回呼中對LPWSABUF進行觀察時出現了原有的資料消失了,這個應該是new 產生的,因為我對原WSARecv LPWSABUF 結構中len進行了保存,發現是1024,可是在MyPTPFun -> g_manage.ProceIo 進行對比時,原LPWSABUF 指標結構中的len 不是1024了是很大的一個數,這是不可能的,結論就是原WSARecv 中new 產生的LPWSABUF 被釋放了,因為呼叫MyPTPFun 回呼就意味著WSARecv回傳時,資料應該沒收到,但在MyPTPFun 時,原LPWSABUF又被釋放了,那IE11在WSARecv 回傳與MyPTPFun 回呼間是用什么來取資料的呢?還有其它的API嗎?在MyPTPFun 中,是我先觀察,再呼叫IE11給的回呼函式的。完成埠CreateThreadpoolIo StartThreadpoolIo 的這套API還有別的能取數嗎?WaitForThreadpoolIoCallbacks這個api沒有進入過,GetQueuedCompletionStatus這個API應該與CreateThreadpoolIo 不是一個體系的吧!
整個hook程序中對進入的API WSASocketW WSASocketA CreateThreadpoolIo StartThreadpoolIo connectex recv WSARecv WSASend socket closesocket 進行了記事本輸出觀察。
下面結出呼叫的程序(整理的)
WSASocketW:s:0x00000448
WSASocketA:s:0x00000448
CreateThreadpoolIo: S:0x00000448 IO:0x0052f7a8 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f7a8
connectex:s:0x00000448
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f7a8
WSASend:s:0x00000448 Len:0 len:770
CancelThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:1024
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
recv:s:0x00000448 Len:-1
recv:s:0x00000448 Len:-1
StartThreadpoolIo:IO:0x0052f7a8
WSASend:s:0x00000448 Len:0 len:867
CancelThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:1024
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
WSASocketW:s:0x0000043c
WSASocketA:s:0x0000043c
CreateThreadpoolIo: S:0x0000043c IO:0x0052f688 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f688
connectex:s:0x0000043c
MyPTPFun: IO:0x0052f688 FUN:0x7601dfb0
recv:s:0x0000043c Len:-1
recv:s:0x0000043c Len:-1
StartThreadpoolIo:IO:0x0052f688
WSASend:s:0x0000043c Len:0 len:708
CancelThreadpoolIo:IO:0x0052f688
StartThreadpoolIo:IO:0x0052f688
WSARecv:s:0x0000043c Len:0 len:1024
MyPTPFun: IO:0x0052f688 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f688
WSARecv:s:0x0000043c Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f688
recv:s:0x0000043c Len:-1
WSASocketW:s:0x00000354
socket:s:0x00000354
closesocket:s:0x00000354
WSASocketW:s:0x00000354
WSASocketA:s:0x00000354
CreateThreadpoolIo: S:0x00000354 IO:0x004d8f48 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x004d8f48
connectex:s:0x00000354
MyPTPFun: IO:0x004d8f48 FUN:0x7601dfb0
recv:s:0x00000354 Len:-1
uj5u.com熱心網友回復:
未整理的:WSASocketW:s:0x00000274
WSASocketW:s:0x000002c8
WSASocketW:s:0x000002dc
WSASocketW:s:0x0000037c
socket:s:0x0000037c
closesocket:s:0x0000037c
WSASocketW:s:0x0000039c
WSASocketW:s:0x000003a8
socket:s:0x000003a8
closesocket:s:0x000003a8
socket:s:0x000002c8
socket:s:0x000002dc
WSASocketW:s:0x00000380
socket:s:0x00000380
WSASocketW:s:0x000003c0
socket:s:0x0000039c
WSASocketW:s:0x000003b4
socket:s:0x00000274
WSASocketW:s:0x000003a8
socket:s:0x000003a8
closesocket:s:0x000003a8
WSASocketW:s:0x00000390
socket:s:0x00000390
closesocket:s:0x000002dc
closesocket:s:0x00000274
WSASocketW:s:0x000002dc
closesocket:s:0x0000039c
socket:s:0x000003c0
closesocket:s:0x000002c8
socket:s:0x000002dc
closesocket:s:0x000002dc
closesocket:s:0x00000390
closesocket:s:0x00000380
WSASocketW:s:0x00000354
WSASocketW:s:0x0000039c
closesocket:s:0x000003c0
socket:s:0x000003b4
WSASocketW:s:0x00000390
WSASocketW:s:0x00000380
socket:s:0x00000354
socket:s:0x0000039c
closesocket:s:0x000003b4
socket:s:0x00000390
closesocket:s:0x00000390
closesocket:s:0x00000354
closesocket:s:0x0000039c
WSASocketW:s:0x000003b4
socket:s:0x000003b4
closesocket:s:0x000003b4
WSASocketW:s:0x00000354
WSASocketW:s:0x00000424
socket:s:0x00000380
WSASocketW:s:0x000003c0
WSASocketW:s:0x0000042c
WSASocketA:s:0x00000354
socket:s:0x00000424
closesocket:s:0x00000424
socket:s:0x000003c0
closesocket:s:0x000003c0
closesocket:s:0x00000380
socket:s:0x0000042c
CreateThreadpoolIo: S:0x00000354 IO:0x004d8f48 FUN:0x7601dfb0
WSASocketW:s:0x0000043c
WSASocketW:s:0x00000440
WSASocketW:s:0x00000448
closesocket:s:0x0000042c
StartThreadpoolIo:IO:0x004d8f48
WSASocketA:s:0x0000043c
WSASocketA:s:0x00000440
WSASocketA:s:0x00000448
WSASocketW:s:0x00000450
WSASocketW:s:0x0000042c
connectex:s:0x00000354
CreateThreadpoolIo: S:0x0000043c IO:0x0052f688 FUN:0x7601dfb0
CreateThreadpoolIo: S:0x00000440 IO:0x0052f718 FUN:0x7601dfb0
CreateThreadpoolIo: S:0x00000448 IO:0x0052f7a8 FUN:0x7601dfb0
socket:s:0x00000450
socket:s:0x0000042c
WSASocketW:s:0x00000458
WSASocketW:s:0x0000045c
StartThreadpoolIo:IO:0x0052f688
StartThreadpoolIo:IO:0x0052f718
closesocket:s:0x00000450
StartThreadpoolIo:IO:0x0052f7a8
closesocket:s:0x0000042c
socket:s:0x00000458
socket:s:0x0000045c
connectex:s:0x0000043c
connectex:s:0x00000440
MyPTPFun: IO:0x0052f688 FUN:0x7601dfb0
MyPTPFun: IO:0x004d8f48 FUN:0x7601dfb0
MyPTPFun: IO:0x0052f718 FUN:0x7601dfb0
recv:s:0x0000043c Len:-1
WSASocketW:s:0x00000468
recv:s:0x00000354 Len:-1
WSASocketW:s:0x0000042c
closesocket:s:0x00000458
closesocket:s:0x0000045c
WSASocketW:s:0x00000450
connectex:s:0x00000448
WSASocketW:s:0x00000464
recv:s:0x00000440 Len:-1
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
socket:s:0x00000468
socket:s:0x0000042c
WSASocketW:s:0x00000458
WSASocketW:s:0x0000045c
socket:s:0x00000450
socket:s:0x00000464
StartThreadpoolIo:IO:0x0052f7a8
closesocket:s:0x00000468
closesocket:s:0x0000042c
socket:s:0x00000458
socket:s:0x0000045c
closesocket:s:0x00000450
closesocket:s:0x00000464
WSASend:s:0x00000448 Len:0 len:770
WSASocketW:s:0x00000468
closesocket:s:0x00000458
closesocket:s:0x0000045c
WSASocketW:s:0x00000450
socket:s:0x00000450
CancelThreadpoolIo:IO:0x0052f7a8
socket:s:0x00000468
WSASocketW:s:0x00000458
WSASocketW:s:0x0000042c
WSASocketW:s:0x0000045c
WSASocketW:s:0x00000464
socket:s:0x00000464
StartThreadpoolIo:IO:0x0052f7a8
closesocket:s:0x00000468
WSARecv:s:0x00000448 Len:0 len:1024
closesocket:s:0x00000464
socket:s:0x0000042c
socket:s:0x00000458
socket:s:0x0000045c
closesocket:s:0x00000450
WSASocketW:s:0x00000468
closesocket:s:0x0000042c
closesocket:s:0x00000458
WSASocketW:s:0x00000458
WSASocketW:s:0x00000450
socket:s:0x00000468
WSASocketW:s:0x0000042c
closesocket:s:0x0000045c
WSASocketA:s:0x00000458
WSASocketW:s:0x00000464
socket:s:0x00000450
closesocket:s:0x00000468
WSASocketA:s:0x0000042c
CreateThreadpoolIo: S:0x00000458 IO:0x0050db40 FUN:0x7601dfb0
socket:s:0x00000464
closesocket:s:0x00000464
WSASocketW:s:0x00000468
WSASocketW:s:0x0000045c
CreateThreadpoolIo: S:0x0000042c IO:0x00533ee0 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0050db40
closesocket:s:0x00000450
WSASocketW:s:0x00000464
socket:s:0x00000468
closesocket:s:0x00000468
StartThreadpoolIo:IO:0x00533ee0
connectex:s:0x00000458
WSASocketW:s:0x00000450
WSASocketA:s:0x00000464
socket:s:0x0000045c
WSASocketW:s:0x00000468
connectex:s:0x0000042c
WSASocketW:s:0x00000480
WSASocketA:s:0x00000450
CreateThreadpoolIo: S:0x00000464 IO:0x00527298 FUN:0x7601dfb0
closesocket:s:0x0000045c
socket:s:0x00000468
MyPTPFun: IO:0x0050db40 FUN:0x7601dfb0
WSASocketW:s:0x00000484
MyPTPFun: IO:0x00533ee0 FUN:0x7601dfb0
socket:s:0x00000480
CreateThreadpoolIo: S:0x00000450 IO:0x00534e38 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x00527298
WSASocketW:s:0x0000045c
closesocket:s:0x00000468
recv:s:0x00000458 Len:-1
socket:s:0x00000484
recv:s:0x0000042c Len:-1
closesocket:s:0x00000480
StartThreadpoolIo:IO:0x00534e38
connectex:s:0x00000464
WSASocketA:s:0x0000045c
WSASocketW:s:0x00000468
closesocket:s:0x00000484
WSASocketW:s:0x00000480
connectex:s:0x00000450
WSASocketW:s:0x00000488
CreateThreadpoolIo: S:0x0000045c IO:0x00535390 FUN:0x7601dfb0
socket:s:0x00000468
WSASocketW:s:0x00000484
socket:s:0x00000480
MyPTPFun: IO:0x00527298 FUN:0x7601dfb0
WSASocketW:s:0x0000048c
MyPTPFun: IO:0x00534e38 FUN:0x7601dfb0
socket:s:0x00000488
StartThreadpoolIo:IO:0x00535390
closesocket:s:0x00000468
socket:s:0x00000484
closesocket:s:0x00000480
recv:s:0x00000464 Len:-1
socket:s:0x0000048c
recv:s:0x00000450 Len:-1
closesocket:s:0x00000488
connectex:s:0x0000045c
WSASocketW:s:0x00000468
WSASocketA:s:0x00000468
WSASocketW:s:0x00000490
closesocket:s:0x0000048c
WSASocketW:s:0x00000488
WSASocketW:s:0x00000480
MyPTPFun: IO:0x00535390 FUN:0x7601dfb0
closesocket:s:0x00000484
CreateThreadpoolIo: S:0x00000468 IO:0x005315f8 FUN:0x7601dfb0
socket:s:0x00000490
WSASocketW:s:0x0000048c
socket:s:0x00000488
socket:s:0x00000480
recv:s:0x0000045c Len:-1
WSASocketW:s:0x00000484
StartThreadpoolIo:IO:0x005315f8
closesocket:s:0x00000490
socket:s:0x0000048c
closesocket:s:0x00000488
closesocket:s:0x00000480
socket:s:0x00000484
connectex:s:0x00000468
WSASocketW:s:0x00000490
closesocket:s:0x0000048c
WSASocketW:s:0x00000488
WSASocketW:s:0x00000480
closesocket:s:0x00000484
WSASocketW:s:0x00000494
WSASocketA:s:0x00000490
WSASocketW:s:0x0000048c
socket:s:0x00000488
socket:s:0x00000480
WSASocketW:s:0x00000484
socket:s:0x00000494
CreateThreadpoolIo: S:0x00000490 IO:0x00534d10 FUN:0x7601dfb0
socket:s:0x0000048c
closesocket:s:0x00000488
closesocket:s:0x00000480
WSASocketA:s:0x00000484
closesocket:s:0x00000494
WSASocketW:s:0x00000494
socket:s:0x00000494
closesocket:s:0x00000494
CreateThreadpoolIo: S:0x00000484 IO:0x00536db8 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x00534d10
closesocket:s:0x0000048c
WSASocketW:s:0x00000488
MyPTPFun: IO:0x005315f8 FUN:0x7601dfb0
WSASocketW:s:0x00000494
socket:s:0x00000494
connectex:s:0x00000490
WSASocketW:s:0x0000048c
WSASocketA:s:0x00000488
recv:s:0x00000468 Len:-1
StartThreadpoolIo:IO:0x00536db8
WSASocketW:s:0x00000480
closesocket:s:0x00000494
MyPTPFun: IO:0x00534d10 FUN:0x7601dfb0
WSASocketW:s:0x00000498
WSASocketA:s:0x0000048c
CreateThreadpoolIo: S:0x00000488 IO:0x00537728 FUN:0x7601dfb0
connectex:s:0x00000484
socket:s:0x00000480
WSASocketW:s:0x00000494
recv:s:0x00000490 Len:-1
socket:s:0x00000498
CreateThreadpoolIo: S:0x0000048c IO:0x00531690 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x00537728
WSASocketW:s:0x0000049c
closesocket:s:0x00000480
WSASocketA:s:0x00000494
closesocket:s:0x00000498
StartThreadpoolIo:IO:0x00531690
connectex:s:0x00000488
socket:s:0x0000049c
WSASocketW:s:0x00000480
CreateThreadpoolIo: S:0x00000494 IO:0x00539168 FUN:0x7601dfb0
WSASocketW:s:0x00000498
connectex:s:0x0000048c
WSASocketW:s:0x000004a0
MyPTPFun: IO:0x00536db8 FUN:0x7601dfb0
closesocket:s:0x0000049c
socket:s:0x00000480
StartThreadpoolIo:IO:0x00539168
socket:s:0x00000498
WSASocketW:s:0x000004a4
socket:s:0x000004a0
recv:s:0x00000484 Len:-1
WSASocketW:s:0x0000049c
closesocket:s:0x00000480
connectex:s:0x00000494
closesocket:s:0x00000498
socket:s:0x000004a4
closesocket:s:0x000004a0
socket:s:0x0000049c
MyPTPFun: IO:0x00531690 FUN:0x7601dfb0
MyPTPFun: IO:0x00537728 FUN:0x7601dfb0
WSASocketW:s:0x00000480
WSASocketW:s:0x000004a8
closesocket:s:0x000004a4
WSASocketW:s:0x000004a0
closesocket:s:0x0000049c
recv:s:0x0000048c Len:-1
recv:s:0x00000488 Len:-1
uj5u.com熱心網友回復:
socket:s:0x00000480socket:s:0x000004a8
WSASocketW:s:0x00000498
WSASocketW:s:0x000004a4
socket:s:0x000004a0
closesocket:s:0x00000480
closesocket:s:0x000004a8
socket:s:0x00000498
WSASocketW:s:0x0000049c
socket:s:0x000004a4
closesocket:s:0x000004a0
WSASocketW:s:0x000004a8
closesocket:s:0x00000498
socket:s:0x0000049c
WSASocketW:s:0x00000480
closesocket:s:0x000004a4
socket:s:0x000004a8
MyPTPFun: IO:0x00539168 FUN:0x7601dfb0
WSASocketW:s:0x00000498
closesocket:s:0x0000049c
socket:s:0x00000480
WSASocketW:s:0x000004a4
closesocket:s:0x000004a8
recv:s:0x00000494 Len:-1
WSASocketA:s:0x00000498
CreateThreadpoolIo: S:0x00000498 IO:0x005383d8 FUN:0x7601dfb0
WSASocketW:s:0x0000049c
closesocket:s:0x00000480
socket:s:0x000004a4
WSASocketW:s:0x000004a0
StartThreadpoolIo:IO:0x005383d8
WSASocketW:s:0x000004a8
WSASocketA:s:0x0000049c
WSASocketW:s:0x00000480
closesocket:s:0x000004a4
socket:s:0x000004a0
connectex:s:0x00000498
socket:s:0x000004a8
CreateThreadpoolIo: S:0x0000049c IO:0x00539040 FUN:0x7601dfb0
WSASocketA:s:0x00000480
WSASocketW:s:0x000004a4
closesocket:s:0x000004a0
recv:s:0x00000488 Len:-1
closesocket:s:0x000004a8
StartThreadpoolIo:IO:0x00539040
CreateThreadpoolIo: S:0x00000480 IO:0x00539eb0 FUN:0x7601dfb0
WSASocketA:s:0x000004a4
WSASocketW:s:0x000004b0
WSASocketW:s:0x000004ac
WSASocketW:s:0x000004a8
connectex:s:0x0000049c
StartThreadpoolIo:IO:0x00539eb0
CreateThreadpoolIo: S:0x000004a4 IO:0x0053c870 FUN:0x7601dfb0
socket:s:0x000004b0
socket:s:0x000004ac
WSASocketA:s:0x000004a8
MyPTPFun: IO:0x00539040 FUN:0x7601dfb0
WSASocketW:s:0x000004b4
CreateThreadpoolIo: S:0x000004a8 IO:0x0053cd80 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0053c870
closesocket:s:0x000004b0
StartThreadpoolIo:IO:0x0053cd80
MyPTPFun: IO:0x00539eb0 FUN:0x7601dfb0
connectex:s:0x000004a8
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
connectex:s:0x00000480
MyPTPFun: IO:0x005383d8 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x00539eb0
recv:s:0x00000498 Len:-1
StartThreadpoolIo:IO:0x00539040
WSASocketW:s:0x000004b0
socket:s:0x000004b0
closesocket:s:0x000004b0
closesocket:s:0x000004ac
WSASocketW:s:0x000004ac
MyPTPFun: IO:0x0053cd80 FUN:0x7601dfb0
MyPTPFun: IO:0x0053c870 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f7a8
socket:s:0x000004b4
connectex:s:0x000004a4
socket:s:0x000004ac
StartThreadpoolIo:IO:0x0053cd80
WSARecv:s:0x00000448 Len:0 len:4096
WSASocketW:s:0x000004b0
closesocket:s:0x000004b4
StartThreadpoolIo:IO:0x0053c870
closesocket:s:0x000004ac
CancelThreadpoolIo:IO:0x0052f7a8
socket:s:0x000004b0
closesocket:s:0x000004b0
WSASocketW:s:0x000004b0
WSASocketA:s:0x000004b0
CreateThreadpoolIo: S:0x000004b0 IO:0x0057c810 FUN:0x7601dfb0
WSASocketW:s:0x000004b4
WSASocketW:s:0x0000057c
socket:s:0x0000057c
socket:s:0x000004b4
StartThreadpoolIo:IO:0x0057c810
closesocket:s:0x0000057c
closesocket:s:0x000004b4
connectex:s:0x000004b0
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
WSASocketW:s:0x00000594
StartThreadpoolIo:IO:0x0052f7a8
socket:s:0x00000594
WSARecv:s:0x00000448 Len:0 len:4096
closesocket:s:0x00000594
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
MyPTPFun: IO:0x0057c810 FUN:0x7601dfb0
WSARecv:s:0x00000448 Len:0 len:4096
StartThreadpoolIo:IO:0x0057c810
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
WSARecv:s:0x00000448 Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f7a8
recv:s:0x00000448 Len:-1
WSASend:s:0x0000049c Len:0 len:171
CancelThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x00539040
WSARecv:s:0x0000049c Len:0 len:1024
WSASend:s:0x000004a8 Len:0 len:170
CancelThreadpoolIo:IO:0x0053cd80
MyPTPFun: IO:0x00539040 FUN:0x7601dfb0
WSASend:s:0x00000480 Len:0 len:171
StartThreadpoolIo:IO:0x0053cd80
StartThreadpoolIo:IO:0x00539040
CancelThreadpoolIo:IO:0x00539eb0
WSARecv:s:0x000004a8 Len:0 len:1024
WSARecv:s:0x0000049c Len:0 len:94
CancelThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x00539eb0
StartThreadpoolIo:IO:0x00539040
WSARecv:s:0x00000480 Len:0 len:1024
WSARecv:s:0x0000049c Len:0 len:1024
CancelThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x00539040
MyPTPFun: IO:0x0053cd80 FUN:0x7601dfb0
WSARecv:s:0x0000049c Len:0 len:1024
CancelThreadpoolIo:IO:0x00539eb0
CancelThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x0053cd80
WSARecv:s:0x000004a8 Len:0 len:90
CancelThreadpoolIo:IO:0x0053cd80
StartThreadpoolIo:IO:0x0053cd80
WSARecv:s:0x000004a8 Len:0 len:1024
WSASend:s:0x000004a4 Len:0 len:171
StartThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x00539eb0
WSASend:s:0x0000049c Len:0 len:166
CancelThreadpoolIo:IO:0x0053cd80
CancelThreadpoolIo:IO:0x00539040
CancelThreadpoolIo:IO:0x0053c870
WSARecv:s:0x00000480 Len:0 len:94
StartThreadpoolIo:IO:0x0053cd80
StartThreadpoolIo:IO:0x00539040
StartThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004a4 Len:0 len:1024
WSARecv:s:0x0000049c Len:0 len:3072
CancelThreadpoolIo:IO:0x00539040
WSARecv:s:0x000004a8 Len:0 len:1024
WSASend:s:0x000004b0 Len:0 len:171
CancelThreadpoolIo:IO:0x0053cd80
CancelThreadpoolIo:IO:0x0053c870
CancelThreadpoolIo:IO:0x00539eb0
StartThreadpoolIo:IO:0x0053c870
StartThreadpoolIo:IO:0x00539eb0
WSARecv:s:0x00000480 Len:0 len:1024
WSARecv:s:0x000004a4 Len:0 len:94
CancelThreadpoolIo:IO:0x0053c870
CancelThreadpoolIo:IO:0x00539eb0
StartThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004a4 Len:0 len:1024
StartThreadpoolIo:IO:0x0053cd80
WSASend:s:0x000004a8 Len:0 len:358
CancelThreadpoolIo:IO:0x0053cd80
StartThreadpoolIo:IO:0x0053cd80
StartThreadpoolIo:IO:0x00539eb0
WSARecv:s:0x00000480 Len:0 len:1024
CancelThreadpoolIo:IO:0x00539eb0
CancelThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004a8 Len:0 len:3072
recv:s:0x0000043c Len:-1
CancelThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004a4 Len:0 len:1024
CancelThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004b0 Len:0 len:1024
CancelThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x0052f688
WSASend:s:0x0000043c Len:0 len:708
CancelThreadpoolIo:IO:0x0052f688
StartThreadpoolIo:IO:0x0057c810
WSARecv:s:0x000004b0 Len:0 len:90
CancelThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x0052f688
MyPTPFun: IO:0x0053cd80 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0057c810
WSARecv:s:0x000004b0 Len:0 len:1024
CancelThreadpoolIo:IO:0x0057c810
WSARecv:s:0x0000043c Len:0 len:1024
StartThreadpoolIo:IO:0x0053c870
WSASend:s:0x000004a4 Len:0 len:166
StartThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x00539eb0
CancelThreadpoolIo:IO:0x0053c870
WSARecv:s:0x000004b0 Len:0 len:1024
WSASend:s:0x00000480 Len:0 len:166
CancelThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x0053c870
StartThreadpoolIo:IO:0x0057c810
WSARecv:s:0x000004a4 Len:0 len:3072
WSASend:s:0x000004b0 Len:0 len:358
CancelThreadpoolIo:IO:0x0053c870
CancelThreadpoolIo:IO:0x0057c810
CancelThreadpoolIo:IO:0x00539eb0
StartThreadpoolIo:IO:0x0057c810
StartThreadpoolIo:IO:0x00539eb0
WSARecv:s:0x00000480 Len:0 len:3072
CancelThreadpoolIo:IO:0x00539eb0
WSARecv:s:0x000004b0 Len:0 len:3072
CancelThreadpoolIo:IO:0x0057c810
recv:s:0x000004b0 Len:-1
recv:s:0x0000049c Len:-1
recv:s:0x000004a4 Len:-1
recv:s:0x00000480 Len:-1
recv:s:0x000004a8 Len:-1
MyPTPFun: IO:0x0052f688 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x0052f688
WSARecv:s:0x0000043c Len:0 len:4096
CancelThreadpoolIo:IO:0x0052f688
recv:s:0x0000043c Len:-1
recv:s:0x00000484 Len:-1
StartThreadpoolIo:IO:0x00536db8
WSASend:s:0x00000484 Len:0 len:721
CancelThreadpoolIo:IO:0x00536db8
StartThreadpoolIo:IO:0x00536db8
recv:s:0x00000464 Len:-1
WSARecv:s:0x00000484 Len:0 len:1024
recv:s:0x00000458 Len:-1
StartThreadpoolIo:IO:0x00527298
StartThreadpoolIo:IO:0x0050db40
recv:s:0x00000448 Len:-1
WSASend:s:0x00000464 Len:0 len:441
StartThreadpoolIo:IO:0x0052f7a8
CancelThreadpoolIo:IO:0x00527298
StartThreadpoolIo:IO:0x00527298
WSASend:s:0x00000448 Len:0 len:867
WSARecv:s:0x00000464 Len:0 len:1024
WSASend:s:0x00000458 Len:0 len:412
CancelThreadpoolIo:IO:0x0052f7a8
StartThreadpoolIo:IO:0x0052f7a8
MyPTPFun: IO:0x00536db8 FUN:0x7601dfb0
WSARecv:s:0x00000448 Len:0 len:1024
CancelThreadpoolIo:IO:0x0050db40
StartThreadpoolIo:IO:0x0050db40
MyPTPFun: IO:0x0052f7a8 FUN:0x7601dfb0
shutdown:s:0x00000484
WSARecv:s:0x00000458 Len:0 len:1024
recv:s:0x00000448 Len:-1
closesocket:s:0x00000484
CancelThreadpoolIo:IO:0x0050db40
CloseThreadpoolIo:IO:0x00536db8
recv:s:0x00000458 Len:-1
MyPTPFun: IO:0x00527298 FUN:0x7601dfb0
StartThreadpoolIo:IO:0x00527298
WSARecv:s:0x00000464 Len:0 len:4096
CancelThreadpoolIo:IO:0x00527298
shutdown:s:0x00000464
closesocket:s:0x00000464
CloseThreadpoolIo:IO:0x00527298
recv:s:0x00000494 Len:-1
StartThreadpoolIo:IO:0x00539168
WSASend:s:0x00000494 Len:0 len:405
CancelThreadpoolIo:IO:0x00539168
StartThreadpoolIo:IO:0x00539168
WSARecv:s:0x00000494 Len:0 len:1024
WSASocketW:s:0x0000047c
socket:s:0x0000047c
closesocket:s:0x0000047c
WSASocketW:s:0x00000478
socket:s:0x00000478
closesocket:s:0x00000478
MyPTPFun: IO:0x00539168 FUN:0x7601dfb0
recv:s:0x00000494 Len:-1
WSASocketW:s:0x00000bb0
WSASocketW:s:0x00000bd4
socket:s:0x00000bb0
socket:s:0x00000bd4
closesocket:s:0x00000bb0
closesocket:s:0x00000bd4
WSASocketW:s:0x00000bd4
socket:s:0x00000bd4
closesocket:s:0x00000bd4
recv:s:0x00000498 Len:-1
StartThreadpoolIo:IO:0x005383d8
WSASend:s:0x00000498 Len:0 len:709
CancelThreadpoolIo:IO:0x005383d8
StartThreadpoolIo:IO:0x005383d8
WSARecv:s:0x00000498 Len:0 len:1024
MyPTPFun: IO:0x005383d8 FUN:0x7601dfb0
shutdown:s:0x00000498
closesocket:s:0x00000498
CloseThreadpoolIo:IO:0x005383d8
WSASocketW:s:0x00000b00
socket:s:0x00000b00
closesocket:s:0x00000b00
WSASocketW:s:0x000006f8
socket:s:0x000006f8
closesocket:s:0x000006f8
uj5u.com熱心網友回復:
hook ntdeviceiocontrolfileuj5u.com熱心網友回復:
hook ntdeviceiocontrolfile 時,設定斷點運行正常,沒設斷點運行是亂碼,uj5u.com熱心網友回復:
亂碼的都是HTTPS資料吧,https資料是加密的,肯定是亂碼uj5u.com熱心網友回復:
亂碼不是加密的原因,是跟本沒有正確的資料, hook ntdeviceiocontrolfile 與hook WSARecv WSASend 效果一樣的,進WSARecv 必定進了ntdeviceiocontrolfile ,WSARecv 回傳時,ntdeviceiocontrolfile已回傳,ntdeviceiocontrolfile與WSARecv 一樣,解決不了完成埠的問題,在WSARecv呼叫之手與MyPTPFun回呼之前,還有什么方法取數呢?使用的是CreateThreadpoolIo這一套完成埠的API,在LPWSAOVERLAPPED的結構中lpOverlapped>hEvent=null, WSARecv 的lpCompletionRoutine引數為null.uj5u.com熱心網友回復:
搜“The Dark Side of Winsock”uj5u.com熱心網友回復:
是不是你沒處理及時哦uj5u.com熱心網友回復:
已自已搞定了,Hook NtDeviceIoControlFile這個解決不了問這個異步問題,最終是資料快取的位置問題,HOOK CancelThreadpoolIo,WSARecv,WSASend,CreateThreadpoolIo,在WSARecv里只能保存WSABUF 結構中的buf,WSABUF會在系統處理資料的程序中被釋放,但結構中的buf在回呼或CancelThreadpoolIo中是有效的。有效的資料長度是LPWSAOVERLAPPED 結構中的InternalHigh,這校就OK了,在CreateThreadpoolIo中關聯SOCKET與IO,還有保存與替換回呼,在WSARecv與WSASend,關聯SOCKET與資料快取,還有LPWSAOVERLAPPED ,在CancelThreadpoolIo或回呼中取資料;CancelThreadpoolIo是用IO取到SOCKET,再取到相關的LPWSAOVERLAPPED 結構中的InternalHigh與WSABUF 結構中的buf,注意一般WSABUF 會釋放了,先前應該只能保存WSABUF 結構中的buf指標,如果在回呼中,回呼會收到IO與LPWSAOVERLAPPED ,用IO關聯的SOCKET就可以取到buf了,如果CancelThreadpoolIo被呼叫就不會再呼叫回呼的,回呼被呼叫就不會呼叫CancelThreadpoolIo,注意回呼取好資料后一定在呼叫原回呼。這校就能完美解決IE7hook socket了uj5u.com熱心網友回復:
先前有人說在WSASend或WSARecv中如果LPWSAOVERLAPPED 結構中的InternalHigh結構中有長度就可以取數,這個不是很穩定,回呼或CancelThreadpoolIo中取數一好像沒漏過資料,注意的是不能直接保存WSABUF 指標,這個結構會在回呼或CancelThreadpoolIo之前釋放,但結構中的buf 沒釋放,可以取數。uj5u.com熱心網友回復:
設定IE6-IE11兼容性問題不會改變內核的網路資料機制,只改變界面展示。網路層的編程結構只與版本有關,IE8沒用完成埠,IE9以上的用了完成埠。IE9與之前的socket機制完全不同的,在建立連接時ie8之前的socket會收到1位元組的握手資料,在ie9完成埠,連接是用了connectEx,有時會收了握手的recv資料,send資料一直沒收到過。這知是什么原因,ie8沒用完成埠與connectex,用的recv\send 或WSARecv與WSASend,都會收到完整的握手呼叫,在ie9之后,能有進收到recv的握手資料。send就沒收到過,不知是什么原因!!!!!!!轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/76855.html
標籤:網絡編程
上一篇:在工程里添加了一個新的類(繼承view),但在類里的ondraw里寫了代碼卻畫不出圖來
下一篇:航空姿態儀表