Cheat Engine

[Xyal]

So I decided to write a packet sniffer/editor that works by utilizing a system wide hook of the Winsock send/recv functions. I don't plan to support WSA* functions from Winsock 2.

I want to be able to filter packets by process among other things such as src/dest ports, protocol and what not. I'm stumped however, on how to filter by process.

I can only think of doing this by scanning memory or perhaps reading the stack to find out where the api call returns to and checking if its within selected process memory. Any other methods or ideas on how to do this would be appreciated.

P.S. I realize for things like src/dest port filtering and the like I may have to utilize a lower level method of capturing packets to obtain access to the tcp header. A library such as libpcap for the win32 platform for example would probably work.

Regards,
--
Xyal.

[samuri25404]

1) How the hell did you get to post in here?

2) Read the rules--NO REQUESTS

[benlue]

Moved back to the normal section.

[MasterChief]

if your PE is for MS i was thinking to use winpcap over winsock, but i could be wrong.

[atom0s]

KSBunker wrote a wrapper for wsock32.dll which you can find here:
http://www.extalia.com/forums/viewtopic.php?f=56&t=2769

[nog_lorp]

Hook the socket() function to call GetCurrentProcessId and create a system-wide table mapping sockets to their owners. Then in send and recv check if the socket being used belongs to a process for which hooking is desired. A driver to manage the table would probably be needed (to prune it and such).

[hcavolsdsadgadsg]

Wow, noggie

way to bump the worlds oldest post.

[GMZorita]

[nog_lorp]

Well its a cool idea
And 7 months isn't that bad, I remember when Dinosaur was bumping threads from years and years ago.
Plus it was already in the front of a forum - http://forum.cheatengine.org/viewforum.php?f=47