c++ hooking ws2_32.dll recv

Question

I am trying to learn hooking and want to hook only an .exe's send/recv function.

I'm building the project as a .dll and then injecting it to the .exe

Edit: solved

Answer 1

There are 3 ways of hooking an API call as far as I know:

1. Inject a DLL in the application that will rewrite the Import Address Table containing the address of the API call, so that the application calls your function instead;
2. Write a dummy DLL with same name of the DLL with the API call you want to hook and place it in the applications's root directory, so it will load your APIs instead of the system's;
3. Detour the API call by rewriting it's code with a JMP yourfunc or something with similar effect.

Method 1 is pretty popular one, it's even described in the Wikipedia page about Hooking and in various examples if you Google it, like this one , or this one .

Method 2 is a bit tricky, you have to build a DLL with the same name and exports as the one you're mimicking, and bypass all the functions you're not interested in hooking and write custom code for the one you are. I find this method very clean because you don't have to modify memory, you don't have to explicitly inject this DLL using an external program, Windows just does it for you, and with a plus, it generally fly under the radar of anti-debug and anti-hack detection. Here is an example of how to do that (32-bit).

Method 3 is Microsoft's favorite . It has a particularly good advantage: You can hook any and every function, method, or virtual calls. It doesn't depend on the function being called externally to hook it, so it's very popular to hook DirectX methods for instance. This is the method used by FRAPS, Discord Overlay, Overwolf Overlay and pretty much every other software that either places an overlay in games or records gameplay. You don't need to use Microsoft Detours specifically, there's the generic alternative aswell.