Winsock2 recv() hook into a remote process.

Question

Hello! I was trying to hook a custom recv() winsock2.0 method to a remote process, so that my function executes instead of the one in the process, i have been googling this and i found some really good example, but they lack description

typedef (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = recv;

Now my question is, what does this mean, or does, is this some sort of a pointer to the real recv() function?

And then the other piece of code for the custom function

int WINAPI Cus_Recv( SOCKET s, char *buf, int len, int flags ) 
{
    printf("Intercepted a packet");

    return WSAREC( s, buf, len, flags ); // <- What is this?
}

Sorry if these questions sound really basic, i only started learning 2 or 3 weeks ago. Thanks.

Answer 1

where did you find such an example ?

the first line tries to define a new type WSAREC, which is a pointer to a function having the same signature as recv(). unfortunately, it is also trying to declare a variable of this type to store the address of the recv() function. the typedef is wrong since the function is lacking a return type. so it does not compile under Visual Studio 2003.

you may have more luck using:

int (WINAPI * WSAREC)( SOCKET s, char *buf, int len, int flags ) = &recv;

which declares only a variable of type "pointer to function", which stores the address of the recv().

now the second snippet is a function which has the same signature as the recv()function, which prints a message, then calls the original recv() through the function pointer declared above.

the code here only shows how to call a function through a pointer: it does not replace anything in the current process.

also, i am not sure you can interfere with another process and replace one function at your will. it would be a great threat to the security of the system. but why would you do that in the first place ??