开发者

How do I find out what is sent through ws2_32.dll recv() function

开发者 https://www.devze.com 2023-02-21 07:11 出处:网络
I have that software that hooks himself to recv from ws2_32.dll. I also double checked with spystudio and the data coming is just unreadable for me.

I have that software that hooks himself to recv from ws2_32.dll. I also double checked with spystudio and the data coming is just unreadable for me.

From spy studio I get that kind of output:

PID: 3188 TID: 3280 ws2_32.dll!recv ( SOCKET s: 0x2276, '', int len: 0x29, int flags: 0x0 );

Could anyone help me find a way to learn what kind of datatype/structure is being sent here? It shows the same "image" at every packet received pretty much. How would I proceed to learning such a thing? Any tools to help?

Hey, I have tried with wireshark too, I get similar rubbish. I can get part info though, but nothing much.

This is the kind of stuff I get fr开发者_开发技巧om wireshark

....U...........,. ....S..........U..........,. ....V.......R...E.2K...O......R..........E.7=..8...........p.a.b.-.g.r.a.m.o.s...Jq...............U............ ....S..........U........... ....4..4.R....=.....87H...R.........R...........&......2.....,..........&......2.....&.....E......X..

we can see some stuff, like that guy name gramos, but that's about it?!

Also from wireshark I can get the C Arrays, the data should be some readable text in the end.

char peer1_24[] = { 0x12, 0x00, 0x00, 0x00, 0x55, 0x10, 0x00, 0x01, 0x00, 0x40, 0x00, 0x00, 0x02, 0xcd, 0x40, 0x01, 0x64, 0x0a, 0x0b, 0x00, 0x00, 0x00, 0x53, 0x10, 0x01, 0x01, 0x00, 0x00, 0x07 };

is there anyway to convert those into something a human can read?


WireShark is the de-facto packet sniffing too9l. It has the advantage of being able to be extended with "dissectors", which is processing code you write in C.

http://wireshark.com/

0

精彩评论

暂无评论...
验证码 换一张
取 消