I want to hook a TCP connection function, third-party applications are theoretically in wsock32. DLL and WS2_32. DLL,
Third party programs is a.e xe, loaded the b.d ll, then b.d ll call the inside wsock32. DLL or WS2_32. Network functions in a DLL,
(1) by IAT list, I unable to sweep out the program contains wsock32. The DLL or WS2_32. DLL module, so also can not find the connect and WSAConnect function,
(2) through the LoadLibrary and GetProcAddress call get function addresses, and rewrite the interface function before 5 bytes, cannot hook to these two functions,
The previous step (1)/(2), can achieve hook to write their own demo program, so there is no question of hook code,
There may be the two problems:
(1) whether the program did not call the connect and WSAConnect function, has carried on the TCP connection communication, but to call some other way to realize the TCP connection,
(2) how to hook into the third party programs IAT table does not contain the function of the module, but again call these two network connection function,