Re: Civilization 3 Conquest Winsock 2 Interception Idea. (OS:Win64)

Skybuck Flying wrote:
Hello,

In the past I successfully intercept Winsock 1 calls, this is for the gamespy/game setup,phase.

The in-game phase uses Winsock 2 and DirectPlay for communication.

1. Writing and Winsock 2 LSP is way too much work.

2. Reverse enginering and modifieing Winsock 2 is though too.

So I just had a simple idea:

The plan:

1. Inject a dll into the DirectPlay server thingy.

2. Get the module handle for ws2_32.dll.

3. Use GetProcAddress to get the address of sendto, recvfrom produces.

4. Replace the instructions at those locations with a jump to interception routines, which then finally call original instructions.

5. During unload of injectable dll restore everything etc.

The part I haven't figured out yet is how to get the module handle...

Maybe GetModuleHandle will work inside the injected dll ;)

Then I still have to figure the exact details for the instructions etc.

But seems like a good and doable plan.. much better plan then 1 and 2... because this plan should require much less work.

And it's has the adventage that only in memory copies are effected and only the game of civilization and not the rest of the windows system which is a very big plus !!!

The only thing which I haven't figured out is:

How the mix of Windows 32 bit and Windows 64 bit is working. The system is Windows XP x64 Professional Edition.

There are multiple system folders, WOW on WOW folders and god knows what.

I am not sure if ws2_32.dll is a 32 bit dll, a 64 bit dll, or both ?

So maybe the DLL is 64 bit ? Which could create problems. ?

Can a 32 bit application call a 64 bit dll ?

Maybe through WOW translation ?!?!?

Weird stuff...

Bye,
Skybuck.


where have you been.
In process hooking of calls been around for ages.


--
"I'm never wrong, once i thought i was, but was mistaken"
Real Programmers Do things like this.
http://webpages.charter.net/jamie_5

.

Relevant Pages

  • Civilization 3 Conquest Winsock 2 Interception Idea. (OS:Win64)
    ... The in-game phase uses Winsock 2 and DirectPlay for communication. ... During unload of injectable dll restore everything etc. ... How the mix of Windows 32 bit and Windows 64 bit is working. ...
    (alt.comp.lang.borland-delphi)
  • Re: Geocities HELP!
    ... I also dowmoladed Netscape to try to get Yahoo PageBuilder to load and I had ... Tons of peiople are having this problem with Windows XP. ... Uninstall Java Runtime Environment and download ... Removing some spyware can damage the Winsock stack. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: dropping partial connection--cant browse
    ... Assuming Windows XP... ... Winsock corruption *should* also prevent Outlook, ... from connecting, but you might try Winsock XP Fix from ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: Modem Problem
    ... Your first issue seems to be indifferent whether you install the 2 OS on ... these issues may occur if the Winsock registry keys ... The Netdiag tool will return the test results for several network ... To use the Netdiag tool, you must install the Microsoft Windows XP ...
    (microsoft.public.windowsxp.hardware)
  • Re: Internet explorer hangs, processor pegged, cant kill process
    ... know what I might try in order to fix this. ... Removing some spyware can damage the Winsock stack and you may not be able to connect to the Internet. ... Before you try to remove spyware, download a copy of LSP-Fix - a free program to repair damaged Winsock 2 stacks AFTER you remove the software (all Windows versions) ...
    (microsoft.public.windows.inetexplorer.ie6.browser)