|
|
| UserKInfo array or API Hook question. |
|
| Author |
Message |
JosefMeile
|
 Posted: Thu Apr 21 07:17:50 CDT 2005 |
Top |
PocketPCDev >> UserKInfo array or API Hook question.
Hi
I am working with the CE API hook method and able to hook few coredll
functions.
I am using the API sets from the UserKInfo[KINX_APISETS] array. Some of
the coredll functions are in SH_WIN32 API set.
The API set for HT_SOCKET is empty (number of methods = 0).
I am trying hook the following function AFDConnect in wsock.h(this
header is in kernel code that come with platform builder)
#define AFDConnect WINSOCK_CALL (DWORD, 4, \
(SOCKHAND Socket, \
LPSOCKADDR Address, \
DWORD AddressLength, \
CRITICAL_SECTION *pDllCS))
My guess is the HT_SOCKET API set in UserKInfo[] array probably gets
filled after a SOCKET HANDLE is created thru AFDSocket() call.
Since AFDSocket() is under API set SH_COMM and I am able to hook it.
I tried to dump the UserKInfo[KINX_APISETS] inside the AFDSocket() hook
after the call to original AFDSocket() has returned.
Even then HT_SOCKET set in UserKInfo says the number of methods is 0
(Not filled yet).
So I am unable to hook HT_SOCKET calls.
Can some please let me know when this HT_SOCKET API set gets filled or
is it possible to hook HT_SOCKET calls?
Thanks very much for any help.
Have a good day
Ganesan
Computer69
|
| |
|
| |
|
Michael
|
| Posted: Thu Apr 21 07:17:50 CDT 2005 |
Top |
PocketPCDev >> UserKInfo array or API Hook question.
When the AFD driver loads. See public\common\oak\files\common.reg.
It's a built-in, so should happen at boot time. You can use the Modules
tool in PB to determine if it actually is getting loaded. Maybe something
in your system is causing it to fail to load.
--
Michael Salamone [eMVP]
Entrek Software, Inc.
www.entrek.com
> Hi
>
> I am working with the CE API hook method and able to hook few coredll
> functions.
> I am using the API sets from the UserKInfo[KINX_APISETS] array. Some of
> the coredll functions are in SH_WIN32 API set.
>
> The API set for HT_SOCKET is empty (number of methods = 0).
> I am trying hook the following function AFDConnect in wsock.h(this
> header is in kernel code that come with platform builder)
>
> #define AFDConnect WINSOCK_CALL (DWORD, 4, \
> (SOCKHAND Socket, \
> LPSOCKADDR Address, \
> DWORD AddressLength, \
> CRITICAL_SECTION *pDllCS))
>
>
> My guess is the HT_SOCKET API set in UserKInfo[] array probably gets
> filled after a SOCKET HANDLE is created thru AFDSocket() call.
>
> Since AFDSocket() is under API set SH_COMM and I am able to hook it.
>
> I tried to dump the UserKInfo[KINX_APISETS] inside the AFDSocket() hook
> after the call to original AFDSocket() has returned.
> Even then HT_SOCKET set in UserKInfo says the number of methods is 0
> (Not filled yet).
>
> So I am unable to hook HT_SOCKET calls.
>
> Can some please let me know when this HT_SOCKET API set gets filled or
> is it possible to hook HT_SOCKET calls?
>
> Thanks very much for any help.
>
> Have a good day
>
> Ganesan
>
|
| |
|
| |
|
ganesan
|
| Posted: Thu Apr 21 12:58:08 CDT 2005 |
Top |
PocketPCDev >> UserKInfo array or API Hook question.
Thanks for the reply.
The AFD gets loaded at the boot time as you have mentioned. So my
application should be able to see the tables, if they are loaded. I
checked couple of Pocket PC 2003 Devices, its the same. I am not sure
loading of AFD module could be a problem. If AFD couldn't load, it
should cause some network communication problems. But network is fine
in the devices I tested.
Also I don't know platform builder. So I can't debug. I am using just
logs for check points. I use eVC4 for development.
Hoping for further guidance.
Ganesan
|
| |
|
| |
|
| |
|