Hi all, I am not sure if this is the right forum for this question, but
here goes:

I am trying to hook a third party software which is using the SSLeay32
lib from openssl.org. First I have verified that the program is in fact
using this API, partyl by using APISpy32 from internals. I can see that
the program is using the SSL_read API frequently.

Now I want to see what is in the messages read from the SSL stream, so
I use my API hook frame work (which I have used to hook many API:s in
before, so I know that it works) The problem is that I can only capture
two or three SSL_read:s before the software hangs. As soon as I eject
my hook it goes back to normal. I find it very strange that APISpy32
does not hang the software but my hook does.. I have checked all return
codes in my hook function with SSL_get_error and it never say that
there are any errors..

In APISpy32 I can see that the messages are typically 1 or 2 bytes
(control messages?) and then there are larger ones (50-200byte)
probably containing the messages of interest. The funny thing is that I
can only intercept the 1 and 2 bytes messages (before it hangs) never
the larger ones.

The SSL_read looks like this: SSL_read(SSL *s,void *buf,int len)
where buf is an "out" parameter which should be accessible after the
method returns (and my 1 and 2 bytes messages captured also are).

I am not sure if the problem is that the underlying SSL layer in the
software in blocking and my hook frame work is not (I have not had any
problems with this before..)

Any help with this or suggestions on how to do this differently would
be much apprechiated!

I have also tried to use APISpy32 to spy in the LIBeay32 function
BIO_read, and when I do the software also hangs much like when I try to
hook SSL_read with my own hook