Intercept calls to Winsock functions.
Alexander Arlievsky
I want to "Intercept calls to Winsock functions", and the simpliest
thing to do is, I think to create my own dll with right entry points,
rename original dll, and load it from my one.
I think I saw discussion of this method some time ago, but can't find
it.
If you know free working implementation, or resources, your help will be
appreciated.
--
==============================================================================
Alexander Arlievsky
==============================================================================
Ziv Caspi
<sa...@tochna.technion.ac.il> wrote:
>Hi,
>I want to "Intercept calls to Winsock functions", and the simpliest
>thing to do is, I think to create my own dll with right entry points,
>rename original dll, and load it from my one.
There is a better way. Intercept function calls by fixing
the import table entries. You should look in MSDN for
APISPY32 (I think about 94), buy an updated version
from Matt Pietrek's site, look for a ripoff of this library
in the Internet, or you Microsoft's own "detours" library
(search their research center).
Similar methods have also been mentioned in MSJ by
Richter and John Robbins, which you might want to
look at.
(At my company, what we have working is a mix of
several methods, but I can't give you the library;
Sorry.)
---------------------------------------------
Ziv Caspi
zi...@netvision.net.il
Alexander Arlievsky
I feel next time sending all my questions to you
directly will be much more effective ;)
--
==============================================================================
Alexander Arlievsky
CS, Technion.
sa...@tochnapc.technion.ac.il
http://tochna.technion.ac.il/~sasha
Phone: 054-999948
Visual C++ MFC developer,
ER-Vision Ltd.
Israel.
"The most valuable tool for debugging are brains".
==============================================================================
Alun Jones
> Thanks, I'll try to locate it.
> I feel next time sending all my questions to you
> directly will be much more effective ;)
Just as a quick note here, I find that a portion of my email is from people
who see my responses to questions asked in Usenet groups, and then think
that it might be a great idea to post general questions on that group's
topic to me first.
Many people who post to Usenet groups request specifically - and still more
quietly hope - that you will not be emailing them general questions
unrelated to their day jobs. Answering questions here is somewhat of a
hobby, and at times a marketing exercise, but it's never a guaranteed free
support service. This doesn't stop some people (not necessarily you,
Alexander, but perhaps someone reading your post) from expecting that free
support is all that is provided by the people that answer questions in
Usenet groups.
In addition, those that do answer questions in Usenet groups often have
relatively specific areas of knowledge even within the topics of the group.
As an example, I have a fairly good knowledge of FTP, and (I'd argue) of
TCP/IP - particularly as it pertains to the Windows operating system. So, I
hang out in alt.winsock. But I can't answer a question on Trumpet Winsock's
dialup scripting language, as I've often received. Someone else on
alt.winsock usually can.
Similarly, the person you've chosen to email may be unavailable for a week,
or a month... Whereas everyone else on Usenet is still there, on average.
I'd suggest, in general, that you continue to post questions to Usenet.
Alun.
~~~~
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find it
1602 Harvest Moon Place | at web site http://www.wftpd.com or email
Cedar Park TX 78613 | us at al...@texis.com. VISA / MC accepted.
Fax +1 (512) 378 3246 | NT based ISPs, be sure to read details of
Phone +1 (512) 378 3246 | WFTPD Pro, NT service version - $100.
*WFTPD and WFTPD Pro now available as native Alpha versions for NT*
beardog
> the import table entries. You should look in MSDN for
> APISPY32 (I think about 94), buy an updated version
> from Matt Pietrek's site, look for a ripoff of this library
> in the Internet, or you Microsoft's own "detours" library
> (search their research center).
What and where are import table entries? In the registry?
Thanks
Carlos
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
Alexander Arlievsky
>
>
> Just as a quick note here, I find that a portion of my email is from people
> who see my responses to questions asked in Usenet groups, and then think
> that it might be a great idea to post general questions on that group's
> topic to me first.
>
> Many people who post to Usenet groups request specifically - and still more
> quietly hope - that you will not be emailing them general questions
> unrelated to their day jobs. Answering questions here is somewhat of a
> hobby, and at times a marketing exercise, but it's never a guaranteed free
> support service. This doesn't stop some people (not necessarily you,
> Alexander, but perhaps someone reading your post) from expecting that free
> support is all that is provided by the people that answer questions in
> Usenet groups.
>
met in person many times. So, now he works in another place, but
still maintains his very high expert level. I'd remember many cases when
his advices help me and others in our company, and many times when
he answered my question in Usenet. It's just funny to get reply in
newsgroup from
the guy who you may call by phone anytime, isn't it ?
> In addition, those that do answer questions in Usenet groups often have
> relatively specific areas of knowledge even within the topics of the group.
> As an example, I have a fairly good knowledge of FTP, and (I'd argue) of
> TCP/IP - particularly as it pertains to the Windows operating system. So, I
> hang out in alt.winsock. But I can't answer a question on Trumpet Winsock's
> dialup scripting language, as I've often received. Someone else on
> alt.winsock usually can.
>
Well, from my previous experience, Ziv has wide enough "area of
knowledge"
to solve my problems. May be me and him are just two-complements ?:)
Honestly, he never asked me to help him ... ;)
> Similarly, the person you've chosen to email may be unavailable for a week,
> or a month... Whereas everyone else on Usenet is still there, on average.
>
You are right in general, but see yourself - I get answers from Ziv, not
from
others :)
> I'd suggest, in general, that you continue to post questions to Usenet.
>
If others will answer - gladly.
> Alun.
Alun Jones
<sa...@tochna.technion.ac.il> wrote:
> Alun Jones wrote:
> > I'd suggest, in general, that you continue to post questions to Usenet.
> >
> If others will answer - gladly.
Hey, I was on vacation :-)
Ziv Caspi
beardog <thedogbea...@hotmail.com.invalid> wrote:
> > There is a better way. Intercept function calls by fixing
> > the import table entries. You should look in MSDN for
> > APISPY32 (I think about 94), buy an updated version
> > from Matt Pietrek's site, look for a ripoff of this library
> > in the Internet, or you Microsoft's own "detours" library
> > (search their research center).
>
> What and where are import table entries? In the registry?
No. They are stored as part of the importing EXE or DLL
(in case of load-time dynamic linking, that is). You should
really refer to the articles I mentioned above for a complete
explanation of the way PE (the Windows 9x/NT/2k executable format)
implements dynamic linking.
HTH,
-------------------------------------------------
Ziv Caspi zi...@netvision.net.il
Sent via Deja.com http://www.deja.com/
Before you buy.