0

As you know the custom url protocol is a feature that allow us to make a communication between a web page and our application. For example, Y! Messenger uses this protocol when you want to send a pm to another person through a web page:

 <a href="ymsgr:sendim?YahooID">Click to send pm</a>

Now, the question is how can I monitor(hook) all custom url protocol messages in the windows? Is it possible to catch them?

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
Kermia
  • 4,171
  • 13
  • 64
  • 105
  • 3
    This doesn't sound like a very nice thing to do for the every-day application... Why does *your* application need to intercept all *other* applications that use custom protocols? – Andreas Rejbrand Apr 10 '11 at 19:50
  • 1
    I just want to know how it is possible :) – Kermia Apr 10 '11 at 21:54
  • 2
    By the way, I edited you question to fix your use of punctuation. Punctuation marks, e.g. , . ? are written next to the previous character without a space. The first character of a new sentence, e.g. the character following . or ? is a capital. – David Heffernan Apr 11 '11 at 07:54

3 Answers3

7

Iterate over the contents of the registry, looking for registered custom protocols. Those will be children of the HKey_Classes_Root key that have a value named URL Protocol. Each time you find one, record the default value of the shell\open\command key, and then replace it with a command line pointing to your program.

When your program is invoked, do whatever you need to do, and then invoke the original program using the command line you recorded earlier.

Rob Kennedy
  • 161,384
  • 21
  • 275
  • 467
  • It's a good idea. but i can't catch it when i don't know where is it in the registry. i need a more powerful way . – Kermia Apr 10 '11 at 21:53
  • How would you *not* know where it is in the registry? You've iterated over the registry contents and found all the protocol entries already. If you still don't know where they are after doing that, then you need to store the locations you found. – Rob Kennedy Apr 10 '11 at 22:10
  • Actually , I need a way to monitor some of windows system files to catch them . what exactly will be happened when browser calls a `custom url protocol` message ? (i mean in how is it in low level . which messages will be sent to the OS ? is it possible to monitor them ?) – Kermia Apr 10 '11 at 22:18
  • 1
    What do you mean you want to "catch" system files? Files aren't thrown; they're not events. Please describe what you *actually* want to do. You've latched onto URL protocols thinking they'll solve your problem, but I think you're wrong. Describe your real problem, not what you merely *think* the solution might be. – Rob Kennedy Apr 10 '11 at 22:22
  • No , i don't want to catch the windows system files . i said : I want to catch the `custom url protocol` messages through monitoring the windows system files . – Kermia Apr 10 '11 at 22:27
  • 2
    @Kermia Rob has given you a solution which you don't appear to like. Since you are dead set on doing it by "monitoring the windows system files", what's stopping you from doing just that? – David Heffernan Apr 11 '11 at 07:52
  • Applications can restore their protocols during start ("...browser is not default, reassign?") – DiGi Apr 11 '11 at 08:53
1

You can register your own protocol: Can Delphi be used to create and handle a custom protocol handler? Just add few keys in user's registry (protocol name and application to launch). It is similar to register file extension. Simple example is here.

I'm not sure that you can catch every request. Antivirus programs can do that, but at driver-level.

Community
  • 1
  • 1
DiGi
  • 2,528
  • 18
  • 26
  • 4
    What driver are you talking about? – Rob Kennedy Apr 10 '11 at 21:37
  • System services or Device manager - drivers without Plug and play support (hidden key). They don't rewrite all keys (this will be awesome after deleting exe). – DiGi Apr 11 '11 at 07:34
  • 1
    +1; I don't understand the downvotes on this answer: he explains that you can use protocol handlers to catch a particilar prototol, and probably need a driver to catch all protocols. Rob Kennedy explains this in more detail, but basically this is the same answer. – Jeroen Wiert Pluimers Apr 11 '11 at 08:18
  • 2
    @Jeroen, didn't downvote myself, but the downvotes were merited. There's no driver involved, this is all user-space magic. I'm not even sure I've seen Antivirus programs doing that. – Cosmin Prund Apr 11 '11 at 09:41
  • Most antivirus programs I used can monitor http traffic, and depending on the protocol used can do different interceptions. – Jeroen Wiert Pluimers Apr 11 '11 at 12:18
  • 1
    @Jeroen, the custom URL protocol has nothing to do with network traffic, that's why I say I never seen an antivrus doing that. For example one can create a `dial://1234567` protocol handler that dials the `1234567` phone number using TAPI then put such URL's into an intranet phone book: no network access required to implement the protocol! – Cosmin Prund Apr 11 '11 at 12:32
  • 1
    I know that AV software can for instance handle `skype://` differently than `msdn://`, even though they don't need to generate network traffic per se. I'm not sure how they intercept it differently: being it a hook or driver doesn't really matter. What matters is that they do it differently from the protocol handler. That's what DiGi tried to explain using the word 'driver', and got punished for. – Jeroen Wiert Pluimers Apr 11 '11 at 12:37
  • 1
    DiGi didn't said that, so the punishment was merited (DiGi said `Antivirus programs can do that, but at driver-level`). There's a world of difference between driver level and hooks. And I personally haven't even seen that (an Antivirus that handles `skype` and `msdn` protocols differently). Then again I only use 2 brands of AV software, not exactly relevant. – Cosmin Prund Apr 11 '11 at 13:07
  • 3
    Custom URL schemes are configured two different ways. You can register an application to a protocol, which is the topic of this question, or you can register an *asynchronous pluggable protocol*, where the browser loads a COM object for two-way communication in a protocol the browser doesn't know natively. I can't think of any reason an antivirus program would handle *either* of those cases specially since they'd be covered by ordinary process launching and ordinary DLL loading, respectively. I still don't see how drivers are relevant here. – Rob Kennedy Apr 11 '11 at 13:56
  • 2
    My idea was "antivirus can intercept "any" transfer - meaning executing file or TCP communication. Now they are processing HTTP requests, SMTP/POP mails, IM's". Maybe there is a way to catch protocol requests at lower level. That will be MUCH better that rewrite every "URL Protocol" in registry. I hope he will do Restore point before he starts his program :) – DiGi Apr 11 '11 at 15:13
0

You might want to take a look at Fiddler HTTP Web Debugger, which intercepts all HTTP traffic by being a temporary proxy.

It is not written in Delphi, but should give you a good idea on how to approach your problem.

Jeroen Wiert Pluimers
  • 23,965
  • 9
  • 74
  • 154
  • 1
    That's got absolutely nothing to do with "custom protocols". It's a proxy that does some magic to TCP traffic. It just happens to be useful for HTTP protocol, but how can the same logic be applied to other custom protocols? For example, the `sip://` protocol or the `ymsg://` protocol? What TCP port do I hook to get those? How about my `dial://` protocol in the comment to DiGi's answer? – Cosmin Prund Apr 11 '11 at 13:12
  • The reason is that there is another option called "URL moniniker" that works in a different way than Rob describes. It is a COM object that sits in the middle. It is the way that the `bds://` links in the IDE work. If memory serves me right, the go through the INET layer, which is the same layer that you can hook your proxy server in. Since a lot of this can be network traffic, it pays looking how those proxy servers work. – Jeroen Wiert Pluimers Apr 11 '11 at 21:32