I'm working on a project that involves hooking
There's no need to create a thread for each overlapped IO call.
When overlapped operations are used, they either have an associated event (which you can safely ignore), a completion routine, or are associated with an I/O Completion port.
If you need to handle the last, you'll also need to hook
Now, when you get a call to
WSARecv(), for the event case, you do nothing special there (except possibly save some information in relation to the
lpOverlapped, eg. the buffer), and process the data in
WSAGetOverlappedResult() (which the application must call to get the success/error and bytes transferred.)
If a completion routine is present, save the
lpCompletionRoutine, and pass your own completion routine to the real
Your routine should process the data and call the original completion routine.
To handle the I/O completion port case, have
lpOverlapped and buffers etc., in
GetQueuedCompletionStatus(), call the original, and if the returned overlapped structure matches, handle the data.
You should also note that overlapped operations may complete immediately, in which case the event isn't signaled, the completion routine isn't called, and (IIRC) no completion is queued on the IOCP.