I managed to write a semiworking EasyHook example that hooks recv function. I wrote a form, added a WebBrowser component, and started the application. The problem is, I get the
Problem Solved. The line that created trouble was
CreateRecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
I changed it to
CreateRecvHook.ThreadACL.SetInclusiveACL(new Int32[] { 0 });
and now everything works just fine. Thanks everybody :)
There are a lot of different functions used with sockets. Maybe the plugin is not using the function named recv
. Off the top of my head I can think of recvfrom
, recvmsg
, WSARecv
, WSARecvFrom
, WSARecvMsg
, ReadFile
, ReadFileEx
.
Then, the plugin could be doing requests with overlapped I/O (possibly complicated by completion routines or completion ports), in which case the data isn't stored during the e.g. ReadFile
function call but at some later time. Hooking those would be considerably more challenging.
I wrote a tool dumping http using sharppcs in c#. It uses the winpcap-driver. I think it is more reliable tan apihooks.
HTTPSaver (with sources)
SharpPcap
Winpcap