Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>It appears with <a href="http://easyhook.codeplex.com" rel="nofollow noreferrer">EasyHook</a> you can hook any subroutine whose address is calculable.</p> <p>In my case hooking static linked SSL_read and SSL_write in <a href="http://www.openssl.org" rel="nofollow noreferrer">OpenSSL</a> was as simple as identifying the offsets with my favourite debugger and then installing the hooks.</p> <pre><code>// delegate for EasyHook: [UnmanagedFunctionPointer(CallingConvention.Cdecl, SetLastError = true, CharSet = CharSet.Ansi)] delegate Int32 SLL_readDelegate(IntPtr SSL_ptr, IntPtr buffer, Int32 length); // import SSL_read (I actually did it manually, but this will work in most cases) /* proto from ssl_lib.c -&gt; int SSL_read(SSL *s,void *buf,int num) */ [DllImport("ssleay32.dll", SetLastError = true)] public static extern Int32 SSL_read(IntPtr ssl, IntPtr buffer, Int32 len); // the new routine static Int32 SSL_readCallback(IntPtr SSL_ptr, IntPtr buffer, Int32 length) { /* call the imported SSL_read */ int ret = SSL_read(SSL_ptr, buffer, length); /* TODO: your code here, e.g: * string log_me = Marshal.PtrToString(buffer, ret); */ return ret; } </code></pre> <p>Now all that's left is to install the hook:</p> <pre><code>private LocalHook sslReadHook; public void Run(RemoteHooking.IContext InContext, String InArg1) { // ... initialization code omitted for brevity /* the value for ssl_read_addr is made up in this example * you'll need to study your target and how it's loaded(?) to * identify the addresses you want to hook */ int ssl_read_addr = 0x12345678; /* made up for examples sake */ sslReadHook = LocalHook.Create(new IntPtr(ssl_read_addr), new SSL_readDelegate(SSL_readCallback), this); // ... } </code></pre> <p>I should mention that in this example you'll need libeay32.dll and ssleay32.dll as the latter depends on the former.</p> <p>Happy hooking!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload