About Hook InternetConnectA and HttpOpenRequestA modify URLs - C / C++ / MFC Discussion Boards

pix_programmer wrote:
You really told me

to switch to C Programming?

Probably you'll have to.

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.

This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke

[My articles]

Ok. Thanks for the reply. Apart from "C", if I've to learn
fundamental concepts of Embedded Systems(like how memory is allocated and
handled),Can you provide some online reference?

It really depends on the particular embedded system you're dealing with.

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.

This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke

[My articles]

Hi
We have an accounting software (almost 50,000 lines) with MFC7 and our database is MSAccess (using CRecordset).
Now we must use it in network and supprting multi user is important.
We wanna know how we can test MySQL speed with ODBC driver.

Because we have used CRecordset we can move to MySQL with ODBC very easy and it takes a little time.
But we created a test project for using MySQL and it's ODBC driver. Just one time it worked fast (30ms) to read a record from a table and about 20 all other times it took too mush time(500ms).

Can anyone give us an advice or trick or some link to improve or test the MySQL ODBC driver?

Best Regrads

www.logicsims.ir

Hadi Dayvary wrote:
and about 20 all other times it took too mush time(500ms).

First why exactly do you think that is important for your application.
Second when you did this test exactly what controls were in place on the network to insure that other traffic was not interfering with it?

Thanks

It's important because we want to support multi user, and access can not do it.
We test it with a computer that nobody use it (in a local network)

www.logicsims.ir

Hadi Dayvary wrote:
It's important because we want to support multi user, and access can not do
it.

That is why you want to use MySQL.
That is not why you think that a specific performance metric is relevant.

Hadi Dayvary wrote:
We test it with a computer that nobody use it (in a local network)

Naturally when I said "network" in my previous response I meant exactly that.
Your answer suggests that you did not confirm traffic from other sources on the network when you ran your test.

hi, this code can work,
but have some Question:
example:
when i put "www.csdn.net" in the IE brower
IE will go to the "www.51.com/history.php"
the HOOK is work,
but the page have some problem
"www.51.com/history?page=2" change "www.csdn.net/?page=2"
others is normal.

why?

src code http://u.115.com/file/bh5viw1o#src.rar>

click "电信下载" download it

C++

// my_getaddrinfo.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include "hook.h"
#include <Ws2tcpip.h>
#include <stdio.h>





HINSTANCE g_hMod = NULL;
DWORD dwIsHook = 0;


void __stdcall UnHook();

int nCount = 0;

BOOL WINAPI DllMain(
    HINSTANCE hinstDLL,  // handle to DLL module
    DWORD fdwReason,     // reason for calling function
    LPVOID lpReserved )  // reserved
{
    // Perform actions based on the reason for calling.
    switch( fdwReason ) 
    { 
	case DLL_PROCESS_ATTACH:
		// Initialize once for each new process.
		// Return FALSE to fail DLL load.
		{
			g_hMod = hinstDLL;
			HookOn();		 
		}
		break;
		
	case DLL_THREAD_ATTACH:
		// Do thread-specific initialization.
		break;
		
	case DLL_THREAD_DETACH:
		// Do thread-specific cleanup.
		break;
		
	case DLL_PROCESS_DETACH:
		{
			//UnHook();
		}
		// Perform any necessary cleanup.
		break;
    }
    return TRUE;  // Successful DLL_PROCESS_ATTACH.
}

void __stdcall InstallHook()
{
	if ( g_hMod != NULL )
	{
		hHook = SetWindowsHookEx(WH_DEBUG, DebugProc, g_hMod/*GetModuleHandle(NULL)*/, 0);
	}
	else
	{
		MessageBox(NULL,"InstallHook","InstallHook",MB_OK);
	}
	
}

void __stdcall UnHook()
{
	//MessageBox(NULL,"UnHook","UnHook",MB_OK);
	UnhookWindowsHookEx(hHook);
}



char *g_szGlo_A = "www.csdn.net";
char *g_Change_A = "www.51.com";

char *g_argc_A = "/history.php";




/***********************************************************************/
/*             比较两个字符串是否相等                                  */
/**********************************************************************/
bool isEqual_A(const char * str1,const char * str2)
{

// 	if (strlen(str1)!=strlen(str2)){//长度不相等则不相等
// 		return false;
// 	}

	//对上面判断语句的汇编实现
	__asm
	{
		push [ebp+0x8]	//str1地址入栈
		call strlen		//调用c函数获取长度
		add esp,4		//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		mov ebx,eax		//存放比较结果,为了避免后面再次调用strlen函数引起返回值覆盖[函数的返回值规范约定保存在eax里面]
		push [ebp+0xc]	//str2地址入栈
		call strlen		//调用c函数获取长度[函数的返回值规范约定保存在eax里面]
		add esp,4		//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		cmp eax,ebx		//比较两个字符串的长度
		jne exit2		//不相等则跳转到 exit2
	}

// 	for (;str1<str1+strlen(str1);str1++,str2++)//循环比较每个字符是否相等,如果某个字符不相等那么整个也不相等
// 	{
// 		if (*str1!=*str2){
// 			return false;
// 		}
// 	}

	//对上面for循环的汇编实现
	__asm
	{

		push [ebp+8]			//str1地址入栈
		call strlen				//调用c函数获取长度
		add esp,4				//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		mov esi,[ebp+8]			//取str1地址到esi寄存器
		mov edx,esi				//复制到edx寄存器
		mov edi,[ebp+0xc]		//取str2地址到edi寄存器
		imul eax,type char		//计算指针偏移量[eax中存放的是strlen的返回值,str1是字符指针,对指针做算术运算时参与运算的值是它所指向的类型的长度]
		add edx,eax				//计算循环上限[str1+strlen(str1)]
beginfor:
		cmp esi,edx				//比较[str1<str1+strlen(str1)]
		jnl endfor				//如果不小于那么结束循环[当然也可以用"大于等于"跳转指令]
		mov bl,byte ptr [esi]	//取str1的一个字符到bl寄存器
		mov cl,byte ptr [edi]	//取str2的一个字符到cl寄存器
		cmp bl,cl				//比较两个字符大小
		jne exit2				//不相等则结束
		add esi,type char		//str1指针向前移动
		add edi,type char		//str2指针向前移动
		jmp beginfor			//跳转到beginfor继续循环
endfor:
		
	}

	__asm
	{

exit1:
		mov eax,1				//返回相等[return true]
		jmp exit3				//结束
exit2:
		mov eax,0				//返回不相等[return false]		
exit3:							//程序结束
	}

}


/////////////////////////W WWWWWWWWWWW
/***********************************************************************/
/*             比较两个字符串是否相等                                  */
/**********************************************************************/
bool isEqual_W(const wchar_t * str1,const wchar_t * str2)
{
	
	// 	if (strlen(str1)!=strlen(str2)){//长度不相等则不相等
	// 		return false;
	// 	}
	
	//对上面判断语句的汇编实现
	__asm
	{
		push [ebp+0x8]	//str1地址入栈
		call wcslen		//调用c函数获取长度
		add esp,4		//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		mov ebx,eax		//存放比较结果,为了避免后面再次调用strlen函数引起返回值覆盖[函数的返回值规范约定保存在eax里面]
		push [ebp+0xc]	//str2地址入栈
		call wcslen		//调用c函数获取长度[函数的返回值规范约定保存在eax里面]
		add esp,4		//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		cmp eax,ebx		//比较两个字符串的长度
		jne exit2		//不相等则跳转到 exit2
	}
	
	// 	for (;str1<str1+strlen(str1);str1++,str2++)//循环比较每个字符是否相等,如果某个字符不相等那么整个也不相等
	// 	{
	// 		if (*str1!=*str2){
	// 			return false;
	// 		}
	// 	}
	
	//对上面for循环的汇编实现
	__asm
	{
		
		push [ebp+8]			//str1地址入栈
		call wcslen				//调用c函数获取长度
		add esp,4				//堆栈平衡[c调用约定"__cdecl"规定由函数的调用者释放堆栈]
		mov esi,[ebp+8]			//取str1地址到esi寄存器
		mov edx,esi				//复制到edx寄存器
		mov edi,[ebp+0xc]		//取str2地址到edi寄存器
		imul eax,type wchar_t		//计算指针偏移量[eax中存放的是strlen的返回值,str1是字符指针,对指针做算术运算时参与运算的值是它所指向的类型的长度]
		add edx,eax				//计算循环上限[str1+strlen(str1)]
beginfor:
		cmp esi,edx				//比较[str1<str1+strlen(str1)]
		jnl endfor				//如果不小于那么结束循环[当然也可以用"大于等于"跳转指令]
		mov bl,byte ptr [esi]	//取str1的一个字符到bl寄存器
		mov cl,byte ptr [edi]	//取str2的一个字符到cl寄存器
		cmp bl,cl				//比较两个字符大小
		jne exit2				//不相等则结束
		add esi,type wchar_t		//str1指针向前移动
		add edi,type wchar_t		//str2指针向前移动
		jmp beginfor			//跳转到beginfor继续循环
endfor:
		
	}
	
	__asm
	{
		
exit1:
	mov eax,1				//返回相等[return true]
	jmp exit3				//结束
exit2:
	mov eax,0				//返回不相等[return false]		
exit3:							//程序结束
	}
	
}


__declspec(naked) HINTERNET __stdcall my_InternetConnect_A(
						  HINTERNET hInternet,
						  LPCTSTR lpszServerName,
						  INTERNET_PORT nServerPort,
						  LPCTSTR lpszUsername,
						  LPCTSTR lpszPassword,
						  DWORD dwService,
						  DWORD dwFlags,
						  DWORD_PTR dwContext
						  )
{

	__asm
	{
		pushad
		push g_szGlo_A
		push [esp+44]
		call isEqual_A
		add esp,8
		test eax,eax
		jne equal
		popad
		jmp lpAddr_A
	}

equal:
	__asm
	{
		popad
		push eax
		mov eax,g_Change_A
		mov [esp+12],eax

		add dwIsHook,1

		pop eax
		jmp lpAddr_A
	}

}


__declspec(naked) HINTERNET my_HttpOpenRequest_A(
						  HINTERNET hConnect,
						  LPCTSTR lpszVerb,
						  LPCTSTR lpszObjectName,
						  LPCTSTR lpszVersion,
						  LPCTSTR lpszReferer,
						  LPCTSTR *lpszAcceptTypes,
						  DWORD dwFlags,
						  DWORD_PTR dwContext
						  )
{
	__asm
	{
		pushad
		cmp dwIsHook,1
		je one
		popad
		jmp lpHTTPAddr_A
	}
one:
	_asm
	{
		popad
		push eax
		sub dwIsHook,1
		mov eax,g_argc_A
		mov [esp+16],eax
		pop eax
		jmp lpHTTPAddr_A
	}
}






void HookOn()
{
	char szBuf[MAX_PATH] = {0};

	DWORD dwOldProtect = 0;
	HMODULE hModule = LoadLibrary("wininet.dll");
	char chE9 = (char)0xe9;

	if ( !hModule )
	{
		goto Exit0;
	}


	my_internetconnectA = (GETADDR_InternetConnectA)GetProcAddress(/*GetModuleHandle("ws2_32.dll")*/hModule, "InternetConnectA"); //得到InternetConnectA的地址
	my_HttpOpenRequestA = (GETADDR_HttpOpenRequestA)GetProcAddress(/*GetModuleHandle("ws2_32.dll")*/hModule, "HttpOpenRequestA"); //得到InternetConnectA的地址


	if ( !VirtualProtect(my_internetconnectA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
	{
		goto Exit0;
	}





	lpAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	if ( !lpAddr_A )
	{
		goto Exit0;
	}

	

	RtlMoveMemory(lpAddr_A, my_internetconnectA, 5); //把getaddrinfo前个字节保存到申请的内存空间中
	dwJmpMe_A = (DWORD)my_InternetConnect_A -(DWORD)my_internetconnectA - 5;
	dwJmpOther_A = (DWORD)my_internetconnectA - ((DWORD)lpAddr_A+5) - 5;

	//计算自己到对方的距离
	__asm
	{
		pushad
		mov eax,my_internetconnectA
		mov [eax],0xE9
		add eax,1
		mov ebx,dwJmpMe_A
		mov dword ptr[eax],ebx
		popad
	}
	
	//计算自己到对方的距离
	__asm
	{
		pushad
		mov eax,lpAddr_A
		add eax,5
		mov [eax],0xE9
		add eax,1
		mov ebx,dwJmpOther_A
		add ebx,5
		mov dword ptr[eax],ebx
		popad
	}
	VirtualProtect(my_internetconnectA, 5, dwOldProtect, &dwOldProtect);


	
	
	if ( !VirtualProtect(my_HttpOpenRequestA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
	{
		goto Exit0;
	}
	
	
	
	
	
	lpHTTPAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	if ( !lpHTTPAddr_A )
	{
		goto Exit0;
	}
	
	
	
	RtlMoveMemory(lpHTTPAddr_A, my_HttpOpenRequestA, 5); //把getaddrinfo前个字节保存到申请的内存空间中
	dwHTTPJmpMe_A = (DWORD)my_HttpOpenRequest_A -(DWORD)my_HttpOpenRequestA - 5;
	dwHTTPJmpOther_A = (DWORD)my_HttpOpenRequestA - ((DWORD)lpHTTPAddr_A+5) - 5;
	
	//计算自己到对方的距离
	__asm
	{
		pushad
		mov eax,my_HttpOpenRequestA
		mov [eax],0xE9
		add eax,1
		mov ebx,dwHTTPJmpMe_A
		mov dword ptr[eax],ebx
		popad
	}
	
	//计算自己到对方的距离
	__asm
	{
		pushad
		mov eax,lpHTTPAddr_A
		add eax,5
		mov [eax],0xE9
		add eax,1
		mov ebx,dwHTTPJmpOther_A
		add ebx,5
		mov dword ptr[eax],ebx
		popad
	}
	VirtualProtect(my_HttpOpenRequestA, 5, dwOldProtect, &dwOldProtect);


Exit0:

	return;
}

void HookOf()
{

}

i"

This looks like a problem with the website, if I put that address into my browser it says page does not exist.

Unrequited desire is character building. OriginalGriff

which address ?

www.51.com/history?page=2[^]. However, I am still not really sure what your problem is.

Unrequited desire is character building. OriginalGriff

hi,i'm sorry
it's "http://www.51.com/history.php?page=2"

OK, that link works fine, but you still have not explained what your problem is.

Unrequited desire is character building. OriginalGriff

First, I intercept InternetConnectA function to modify its parameters
To make its argument into a "www.51.com"
Next, I modify it to intercept HttpOpenRequestA parameters
To make its argument into a "history.php"

After the success of change can jump www.51.com/history.php www.csdn.net
But
www.51.com/history.php inside page is not correct in some places
I give a picture as an example
http://www.12315sh.com/exa.png

Those are probably <a> href attributes hard coded into the HTML sent by the server. You cannot change hard coded links by simply changing the domain... it will only affect relative links. If you want to change the hard coded links you will need to do something more advanced. A BHO would have access to the document body and you could iterate through an IHTMLElementCollection. Or you could continue your hacktastic approach and directly modify the TCP socket stream.

-Cheongwadae, House of Blues

first, thank you !fine, and like hooking "recv" function?
Or HTTP Sessions Functions?
like

VB

HttpQueryInfo Function

6784746 wrote:
first, thank you !fine, and like hooking "recv" function?

Or HTTP Sessions Functions?

like

None of the above. You could probably hook WSARecv and modify the html. But... keep in mind that some web servers will send a gzip stream. You could also hook WSASend and modify the Accept-Encoding header to remove the compress, gzip content-coding. If you do not remove this header... you will need to implement gzip/compress decoding algorithms.

Cheongwadae

thk,it looks like a big project.
i try.thk again

If I go to that site with http://www.51.com/history.php?page=2[^] it is correct, but if I type http://www.51.com/history.php?page2[^] it only goes to page 1. You need to trace exactly what is being sent as the final URL after the transform in your code.

Unrequited desire is character building. OriginalGriff

yeah,i try ,but i can't find the API what is important.

6784746 wrote:
i try ,but i can't find the API what is important.

I don't understand what this has to do with your problem; what API are you referring to?

Unrequited desire is character building. OriginalGriff

Thank you all
and the i hooking the "GetWindowTextW" functions
Solve this problem hahaha!.......

Here is an application base on a CTabView with 3 CFormView derived class.
I tracked down the size of one of the CFormView derived view (by calling GetWindowRect) and got the following:

CDataView::OnSize cx 938 cy 431 Width 938 Height 431
CDataView::OnSize cx 0 cy 0 Width 0 Height 0
CDataView::OnShowWindow
CDataView::OnShowWindow
CDataView::OnSize cx 972 cy 333 Width 989 Height 333
CDataView::OnSize cx 989 cy 333 Width 989 Height 333
CDataView::OnInitialUpdate Width 989 Height 333
CDataView::OnSize cx 939 cy 333 Width 956 Height 333
CDataView::OnSize cx 955 cy 371 Width 972 Height 371
CDataView::OnSize cx 0 cy 0 Width 0 Height 0
CDataView::OnSize cx 1174 cy 521 Width 1174 Height 521
CDataView::OnSize cx 1157 cy 521 Width 1174 Height 521

Before doing anything with the window, OnSize is called 9 times and the values of cx, cy, width and height changed several times ... How can I get the final and actual values ?

You can only get the current value, since the window size may change at any time, as the user drags the sizing handle, presses minimize, maximize etc.

Unrequited desire is character building. OriginalGriff

I guess I was not precise enough in my question ... The tracking of OnSize class (shown in the initial message) was the tracking at startup, with no user resizing... I need the size at startup after the initialization of the application window (that is, before user change the size of the application window...) So that I can use these informations for dynamic child controls resizing. When I use existing controls-resizing class, the positioning/resizing of the child controls is not accurate for the application I'm working on now (vs2010 - MDI with a CTabView and three CFormView-derived views)