Blizzhackers

So I have WSASend detoured, and of course can call it to have everything work normally, but some packets (after I analyze them) I want to prevent being sent, so I can't call the original function. The calling code seems to know something's gone awry no matter what I return.

WSASend is supposed to return 0 when everything went ok. The ironic thing is if I simply return 0 when attempting to block, everything goes to hell. If I return -1 (which indicates a socket error), everything isn't as bad but after a certain delay the calling code will create a "hey that packet never got sent!" dialog, then continues on as normal.

What am I supposed to do in my detour if I want to completely block a packet from being sent and pretend everything is ok?

int WSASend(
__in SOCKET s,
__in LPWSABUF lpBuffers,
__in DWORD dwBufferCount,
__out LPDWORD lpNumberOfBytesSent,
__in DWORD dwFlags,
__in LPWSAOVERLAPPED lpOverlapped,
__in LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);

lpNumberOfBytesSent [out]
A pointer to the number, in bytes, sent by this call if the I/O operation completes immediately.
Use NULL for this parameter if the lpOverlapped parameter is not NULL to avoid potentially erroneous results. This parameter can be NULL only if the lpOverlapped parameter is not NULL.

Perhaps you're not setting the lpNumberOfBytesSent pointer when you try to return null?

Thanks for the response! I've tried setting the numberofbytesent to either 0 or the full combined len of each WSABUF (to indicate ALL of it was sent) but it seems to have no effect?

I was researching this a bit yesterday and my suspicion is that IOCP (I/O completion ports) is hanging around waiting for a response because of the delayed timeout behavior.

Turns out, after some minor testing, generically blocking a specific wsasend that should have been sent with WPE PRO caused the same delayed error behavior (timed out IOCP request?). If this is the problem, how should I stop this from happening? Should I emulate a fake processed message on the IOCP queue or prevent it from being requested? Also, what specific functions would be of importance in this situation? What does WSASend call internally?