-
-
[求助]再问 WSARecv函数问题
-
发表于: 2015-5-15 10:48
-
MSDN:
int WSARecv(
_In_ SOCKET s,
_Inout_ LPWSABUF lpBuffers,
_In_ DWORD dwBufferCount,
_Out_ LPDWORD lpNumberOfBytesRecvd,
_Inout_ LPDWORD lpFlags,
_In_ LPWSAOVERLAPPED lpOverlapped,
_In_ LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
typedef struct __WSABUF {
u_long len;
char FAR *buf;
} WSABUF, *LPWSABUF;
问题1:
一个登陆程序。输入账号和密码后。
bp WSARecv后,程序断下来,查看内存lpBuffers,第5个字节( char FAR *buf)开始才是真正的接收数据内存。
可是就是当我先查看lpBuffers,然后查看( char FAR *buf)的内存地址。然后我程序F9继续执行的时候,程序已经跑飞了。
我要关注WSARecv接收的数据,关注它接收到数据后怎么用的。该怎么来调试呢?
问题2:
另外:我用Detours 3.0 Hook WSARecv,接收数据后,我把数据写进文件。也会导致无法登陆。不写文件就可以正常登陆。
int WSARecv(
_In_ SOCKET s,
_Inout_ LPWSABUF lpBuffers,
_In_ DWORD dwBufferCount,
_Out_ LPDWORD lpNumberOfBytesRecvd,
_Inout_ LPDWORD lpFlags,
_In_ LPWSAOVERLAPPED lpOverlapped,
_In_ LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
typedef struct __WSABUF {
u_long len;
char FAR *buf;
} WSABUF, *LPWSABUF;
问题1:
一个登陆程序。输入账号和密码后。
bp WSARecv后,程序断下来,查看内存lpBuffers,第5个字节( char FAR *buf)开始才是真正的接收数据内存。
可是就是当我先查看lpBuffers,然后查看( char FAR *buf)的内存地址。然后我程序F9继续执行的时候,程序已经跑飞了。
我要关注WSARecv接收的数据,关注它接收到数据后怎么用的。该怎么来调试呢?
问题2:
另外:我用Detours 3.0 Hook WSARecv,接收数据后,我把数据写进文件。也会导致无法登陆。不写文件就可以正常登陆。
pWSARECV pMS_WSARecv = WSARecv;//真正的库函数
int WINAPI MyWSARecv( //我的Hook函数
_In_ SOCKET s,
_Inout_ LPWSABUF lpBuffers,
_In_ DWORD dwBufferCount,
_Out_ LPDWORD lpNumberOfBytesRecvd,
_Inout_ LPDWORD lpFlags,
_In_ LPWSAOVERLAPPED lpOverlapped,
_In_ LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
)
{
int iRet = pMS_WSARecv(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
for (int i = 0; i < dwBufferCount; i++)
{
WSABUF *pWSABUF = (lpBuffers + sizeof(WSABUF)*i);
//把接收的数据写文件
//注释词句,登陆程序正常登陆,不注释,被Hook的程序(远程线程注入的方式Hook)就无法正常登陆了
WriteCurrentFile(HookFileName::pHookDataFile, NULL, 0, pWSABUF->buf, pWSABUF->len, 2);
}
return iRet;
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
|
|
|
这次我是看了MSDN。
WSAGetOverlappedResult return value is TRUE. This means that the overlapped operation has completed . returns FALSE, this means that either the overlapped operation has not completed, the overlapped operation completed but with errors 但是还是不清楚该怎么按你说的Hook WSAGetOverlappedResult 或者其他等待的函数,来使我说的,已查看数据就跑飞的情况 
|
|
|
|
|
|
|
|
|
学习了 大神教训的是
|
|
|
尼玛 老子要举报你了 我草~~~~~~
|
|
|
|
