CODEWITHSUNDEEP
windowssocketshookeasyhook
let4be
let4be

Reputation: 1081

Winsock LSP vs API hooking

I need your advices what to use - Layered Service Provider or just load mine DLL in all process and hook necessary functions using, NCodeHook or EasyHook library.

This is needed for inspection of HTTP traffic.

P.S. This need to be done for commercial application

Thanks!

Upvotes: 0

Views: 1357

Answers (2)

Barak Weichselbaum
Barak Weichselbaum

Reputation: 121

Before making a decision you need to consider the following:

Code hooking:

  1. AV doesn't like code hooking, if you're using a library that has external DLLs, run a check with AV total before committing to it.
  2. Make sure the library's license works for you, for example, for LGPL you won't be able to embed the library as static without becoming GPL yourself.
  3. I heard people managed to hook Metro apps, it's something to investigate.
  4. If you have another code hooking app, it may conflict.

LSP:

  1. The default MS sample/installer is broken.
  2. You may get something working on a VM or fresh install, but to get LSP working properly across all OS and browsers, will take 6-12 months.
  3. Will not work with Metro apps.

In Komodia we use a combo of LSP/WFP for our SDK, knowing what I know now, if I'd go back 4 years, I'd use LSP all over again.

Good luck.

Upvotes: 1

Saddam Abu Ghaida
Saddam Abu Ghaida

Reputation: 6759

Using Easyhook will be a nice way to do it check the following http://www.sghaida.com/easyhook-for-systemcall-hooking/

Upvotes: 0

Related Questions