I want to know when I’m using IE8 open a website(like www.yahoo.com), which API will be called by IE8? so I can hook these API to capture which website that IE8 opening currentlly. thanks.
(a) hooking APIs is evil and should never be done. And in newer versions
of the OS, cannot be done. So forget it.
(b) What makes you think there is “an API”? Get a good introductory text
on network programming and study the huge number of API calls required to
actually connect to a site. Then reconsider (a) above. By the time the
connection API is called, any knowledge of the string “www.yahoo.com” has
disappeared without a trace.
joe
I want to know when I’m using IE8 open a website(like www.yahoo.com),
which API will be called by IE8? so I can hook these API to capture which
website that IE8 opening currentlly. thanks.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Maybe IE send a request to the server will call some routines of NDIS.sys or tcpip.sys?
Sure. Finally, the requests will go through TCPIP and NDIS. However, to fulfill your task you need to understand how networking works. From your question is clear you don’t do and you won’t be able to do anything useful. It really isn’t as simple as hooking some API. Actually, if you understand what you need you wouldn’t ask such a question.
Start with HTTP and TCPIP protocols. Learn how apps use Winsock and make yourself familiar with Netmon tool.
Or you can use another approach. Use an existing firewall which can be configured to do what you need. For example logging which web sites were accessed.
Michal
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-519502-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Friday, November 23, 2012 6:14 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Hook API when IE8 Open a websiteMaybe IE send a request to the server will call some routines of NDIS.sys or
tcpip.sys?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NOTE: The information in this message is intended for the personal and confidential use of the designated recipient(s) named above. To the extent the recipient(s) is/are bound by a non-disclosure agreement, or other agreement that contains an obligation of confidentiality, with AuthenTec, then this message and/or any attachments shall be considered confidential information and subject to the confidentiality terms of that agreement. If the reader of this message is not the intended recipient named above, you are notified that you have received this document in error, and any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this document in error, please delete the original message and notify the sender immediately.
Thank You!
AuthenTec, Inc. http://www.authentec.com/
I think such task should be best accomplished in user mode.
For example, you could create an IE BHO and register a callback for the browser navigate event.
See http://msdn.microsoft.com/en-us/library/bb250436(v=vs.85).aspx for more info
xxxxx@gmail.com wrote:
I want to know when I’m using IE8 open a website(like www.yahoo.com), which API will be called by IE8? so I can hook these API to capture which website that IE8 opening currentlly. thanks.
It might not be an API at all. Web requests are done with socket
calls. I don’t think it does, but it’s quite possible that IE8 makes
its requests using direct socket calls (like read and write).
Note that it’s not terribly hard to write and install a web proxy, so
that all HTTP requests go through your proxy on their way out. That’s a
well-defined, well-tested, and well-documented technology.
You are aware there are other browsers in common use, aren’t you?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
The OP is demonstrating a startling failure to have read anything at all
about network programming, and certainly has failed to heed any advice
that hooking is evil. The question seems to focus on one browser (so if I
find there is some kind of filtering, I could download a free copy of
FireFox or Mozilla) and, apparently, one release of Windows. Win64, in
which hooking is supposed to be impossible, seems to be ignored. The OP
appears to not be interested in a product, but rather on creating a
solution that will run only one one machine, whose 32-bit OS will never be
updated beyond its current level, even by hotfixes.
Your advice about the proxy server seems the best advice thus far, but
again the OP would not be able to tell exactly what Web site is being
connected without expending some serious effort.
joe
xxxxx@gmail.com wrote:
> I want to know when I’m using IE8 open a website(like www.yahoo.com),
> which API will be called by IE8? so I can hook these API to capture
> which website that IE8 opening currentlly. thanks.It might not be an API at all. Web requests are done with socket
calls. I don’t think it does, but it’s quite possible that IE8 makes
its requests using direct socket calls (like read and write).Note that it’s not terribly hard to write and install a web proxy, so
that all HTTP requests go through your proxy on their way out. That’s a
well-defined, well-tested, and well-documented technology.You are aware there are other browsers in common use, aren’t you?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
IE8 is most likely using Wininet.dll (and also possibly WebServices.dll) to perform HTTP-related operations.
I’m not sure what the OP wants to achieve, though.
> Maybe IE send a request to the server will call some routines of NDIS.sys
or tcpip.sys?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
It works like this:
You have a name, www.yahoo.com. You call a network function to resolve
that name to an IP address
You attempt to connect a TCP/IP port on your local machine to port 80 on
the IP address you are given
If the connection succeeds, you send data to it (said data conforming to
the HTTP protocol standard), the receive data from it (which should also
be in conformance to the HTTP protocol standard)
The key here is that there is no one “API” that is involved, and each API
call is an independent entity; just because you got a DNS name resolution
of “www.yahoo.com” does not mean the next connect API will be to yahoo (it
might have been time for your email to check with your email server). You
also have to deal with the fact that some network APIs return /sets/ of IP
addresses, and don’t forget that Real Soon Now, IPv6 will be supported by
most ISPs.
Don’t forget that this is all running asynchronously, and the HTTP
requests will be interlaced with network requests from other programs.
I’m an experienced network programmer, and I used to teach a course on
network programming. I’ve written HTTP clients to handle tasks like
software registration. I’d find this task challenging. For someone who
thinks “hooking the API” even makes sense, I would consider the task
impossible.
Study what really goes on; the books written by Comer et. al. (Comer died,
and several co-authors have kept his books alive). Be sure that if you
buy volume III that you get the Windows version (there’s a Unix version).
Read about proxy severs. THEN use a network spy tool to watch real
network traffic, and from that figure out what your proxy server has to
do. Abandon all ideas about hooking APIs. Abandon any idea of writing
browser extensions, unless you have an absolute guarantee that IE8 is the
only browser that will ever be used (this does require ignoring the
existence of IE9, which might be a bit tricky, and also ignores the
existence of IE6 and IE7, and machines other than Windows machines on the
network. I’m answering this email using Safari on my iPad. So you can’t
allow wifi connections to your network if you want to do content filtering
or site filtering. Note that the proxy server has none of these issues).
You need to first educate yourself on how the Internet works, then how
socket programming works. Then, and only then, will you be prepared to
design a solution to whatever your undefined problem is.
joe
No surprise; it was a classic “I have an undefined problem to solve, and I
think the implementation will be . Tell
me how to make this implementation work” as opposed to “I am trying to
solve . What would the best approach be?”
joe
> IE8 is most likely using Wininet.dll (and also possibly WebServices.dll)
> to perform HTTP-related operations.
>
> I’m not sure what the OP wants to achieve, though.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
What about Chrome, Safari, Firefox and Opera?
What you need is a stateful firewall on outgoing HTTP connections. Hard task but doable. Windows allows you to develop the filtering add-ons to tcpip.sys for this.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
>I want to know when I’m using IE8 open a website(like www.yahoo.com), which API will be called by IE8? so I can hook these API to capture which website that IE8 opening currentlly. thanks.
>
> What about Chrome, Safari, Firefox and Opera?
If the OP’s request for help creating an exploit, then there would be no
need to worry about supporting other browsers.