Question about WSA hooking using IAT

[Mecanik]

I am trying to hook recv() or send() on ws_s32.dll using IAT method, although the hook succeeds, the function is not being called...

typedef int(*WINAPI oldrecv)(SOCKET s, const char* buf, int len, int flags);
oldrecv oGetOriginalRecv;

DWORD __stdcall MyRecv2(SOCKET s, char* buf, int len, int flags)
{
    return oGetOriginalRecv(s, buf, len, flags);
}

std::shared_ptr<PLH::IATHook> IATHook_Ex(new PLH::IATHook);

 IATHook_Ex->SetupHook("ws2_32.dll", "recv", (BYTE*)&MyRecv2);
 IATHook_Ex->Hook();

 oGetOriginalRecv = IATHook_Ex->GetOriginal<oldrecv>();

Is the hook being made in the wrong way ? Or is there a bug somewhere ?

Any help is much appreciated :)

[stevemk14ebr]

std::shared_ptr IATHook_Ex(new PLH::IATHook);

make sure you have that global. Unhook is called when the shared_ptr goes out of scope. If that is not your issue you will have to debug and show me what you find.

[Mecanik]

Thank you for this, I will debug. I managed to use the "detour" option, and it worked, but not as I expected. Because what I am trying to "hook" is inside an application, that checks the first original 5 bytes, if you make another hook it will exit the application. So I thought by using IAT method, I could get around that.

[stevemk14ebr]

You can also try a hardware breakpoint hook. That is the next most stable one. Be on the lookout for polyhook 2, i will be releasing it in a few months with serious robustness checking. This version is sort of amateur-ish. Version 2 will be seriously harded and tested and will hopefully have enough debugging so that i can pinpoint exactly what the cause may be when issues like this popup

[Mecanik]

Thank you, I will do more testing and hopefully I can find a "way". Meanwhile, if you are looking to get paid for your work, and not creating open source only do let me know. I am constantly looking for talented people like you.