I am injecting a dll into firefox (browser) and hooking WSARecv. The problem is, that the data-buffer is Gzip-compressed. I already tried hooking the send() function and removing the "Accept-Encoding: gzip,deflate", but many webservers won't understand this.
So I tried to stick with decompressing the buffer, changing some stuff and compressing it again. Therefore I linked the zlib.dll and zlib.lib into my DLL and wrote a small wrapper class:
int CGZip::DecompressString(char* src, int srcLen, char** destination, int* destLen)
{
//Define the source, destination, source length, and destination length
char *dest= new char[(unsigned int)destLen];
//Decompress the string in src and place it in dest
int result=uncompress((unsigned char *)dest,(uLongf*)destLen,(const unsigned char *)src,srcLen);
//Return the results of the decompression
*destination = dest;
return(result);
}
But when I include the decompression into the hooked WSARecv my dll won't get loaded anymore (no DLL_PROCESS_ATTACH is called). When I remove the following 5 lines the dll gets loaded again.
szUncompressed = (char*)malloc((size_t)lpBuffers->len * 100);
CGZip *ziphandler = new CGZip();
ziphandler->DecompressString(lpBuffers->buf, lpBuffers->len, &szUncompressed, &iUncompressedLength);
szUncompressed[iUncompressedLength] = '\0';
Any idea why the DLL isn't loading anymore, or how I can easily decompress and compress the data buffer?
Thanks in advance : )