C++ Detour Trampoline (send/recv)

It’s time for a new code-snippet to be posted. It’s about detouring!

Let’s see what Wikipedia has to say about detouring.

Source: Wikipedia
In computer programming, the term detouring covers a range of techniques used to alter or augment the behavior of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components. Code that handles such intercepted function calls, events or messages is called a “detour”.
Detouring is used for many purposes, including debugging and extending functionality. Examples might include intercepting keyboard or mouse event messages before they reach an application, or intercepting operating system calls in order to monitor behavior or modify the function of an application or other component.
Detouring can also be used by malicious code. For example, rootkits, pieces of software that try to make themselves invisible by faking the output of API calls that would otherwise reveal their existence, often use detouring techniques. A wallhack is another example of malicious behavior that can stem from detouring techniques. It is done by intercepting function calls in a computer game and altering what is shown to the player to allow them to gain an unfair advantage over other players.

In this example the following functions are hooked ‘send’ and ‘recv’. Let’s see what MSDN has to say about these functions.

The send function sends data on a connected socket.
int send(
__in  SOCKET s,
__in  const char *buf,
__in  int len,
__in  int flags
);

The recv function receives data from a connected socket or a bound connectionless socket.
int recv(
__in   SOCKET s,
__out  char *buf,
__in   int len,
__in   int flags
);

The ‘detour trampoline’ function is mainly used to hook regular functions, if you would want to hook addresses then your best option is to use ‘DetourAttach()’. And that’s pretty much everything I have to say about detouring. There is a source and a compiled library available at the bottom at this post. Currently what this ‘hook/detour’ does is that it shows a MessageBox with the information buffer of the function, and then it continues as if nothing happened. You can always modify the source and make it filter/replace specific information, but you can also make it write all the information to a file.
Source: http://skilinium.com/blog/downloads/Win32DetourSocket.CPP
Binary: http://skilinium.com/blog/downloads/Win32DetourSocket.dll