Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't add a detour to winsock's connect #31

Closed
XePeleato opened this issue Apr 22, 2019 · 3 comments
Closed

Can't add a detour to winsock's connect #31

XePeleato opened this issue Apr 22, 2019 · 3 comments

Comments

@XePeleato
Copy link

Recently I've been trying to hook winsock's connect function to mine in order to manipulate a socket's endpoint.

In order to do that I'm using a DLL injected to Firefox's plugin-container process, that imports winsock's connect function. I've tried to run an example with printf instead of connect, and that one works, unfortunately, connect fails with Cannot fixup IP relative data operation, relocation beyond displacement size. Is there any way to fix this or will I have to use EAT hooking?

Here's the code I'm using:

DWORD connect_hook(LPVOID lpParam) {
    PLH::CapstoneDisassembler dis(PLH::Mode::x64);

    auto addr = GetProcAddress(GetModuleHandle("ws2_32.dll"), "connect");

    auto det = new PLH::x64Detour((char *) addr, (char *) &conn, &hookConnectTramp, dis);
    if(det->hook())
        MessageBox(nullptr, reinterpret_cast<LPCSTR>("OK"), reinterpret_cast<LPCSTR>("OK"), MB_OK);
    else {
        PLH::Error err = PLH::ErrorLog::singleton().pop();
        std::string s = "FAIL: " + err.msg;
        MessageBox(nullptr, reinterpret_cast<LPCSTR>(s.c_str()), reinterpret_cast<LPCSTR>("FAIL"), MB_OK);
    }
    return 1;
}
@stevemk14ebr
Copy link
Owner

Please refer to these two threads, where I explain this limitation:

#26

#14

If you post the disassembly output from PolyHook I can tell you why your particular case failed. You could also modify PolyHook to ignore this case, and fix-up that instruction yourself manually.

@XePeleato
Copy link
Author

I see, fixing it up myself is way over my head so I'd discard that option. And EAT hooking doesn't seem to be right for me since the flash dll is loaded early into plugin-container. I'll have to reconsider my options, but I'll close the issue since the original problem is already explained.

Thanks!

@Humminghead
Copy link

Humminghead commented Dec 15, 2020
edited
Loading

Hello. I've read this thread, but I don't understand fully how to solve this problem using asmgit. I'm trying to set a hook, but I always end up on "fasle" at this location:

PolyHook_2_0/sources/ADetour.cpp

Line 167 in fd7badb

return false;

Can you suggest how to do this? Is this even possible?

I found TEST_CASE("Minimal ILCallback", "[AsmJit][ILCallback]") , but i not sure if this is what I need.

Here is my Polyhook log:
https://rextester.com/FSBNWY80478

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stevemk14ebr @XePeleato @Humminghead