Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get IP-Address from DNS without GetHostByName

I am using GetHostByName to get the IP-Address from a Host/DNS. I also have Kaspersky Internet Security 2013 and noticed that GetHostByName gets picked by it. It seems that that my process tries to create a subkey in hklm\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS. This actually means, that I CAN NOT use this function if the user does NOT have any Administrator rights. Is there any other way to resolve a host/dns?

EDIT: Here a screenshot:

enter image description here

EDIT2: I actually used getaddrinfo and KIS did not "detect anything". I would like to use it, but I would still like have support for Win2K.

EDIT3: Added Debug ScreenShot

enter image description here

EDIT4: That's my "Test" code:

program Project2;

{$APPTYPE CONSOLE}

uses
  Winsock;

var
    DummyWSA : WSADATA;

begin
  if WSAStartup($0202, DummyWSA) = 0 then begin
    GetHostByName ('localhost');
  end;
  readln;
end.

EDIT5: GetAddrInfo Version...

program Project2;

{$APPTYPE CONSOLE}

uses
  Winsock;

type
  PAddrInfo = ^TAddrInfo;
  TAddrInfo = packed record
    ai_flags: Integer;
    ai_family: Integer;
    ai_socktype: Integer;
    ai_protocol: Integer;
    ai_addrlen: LongWord;
    ai_canonname: Array of Char;
    ai_addr: PSOCKADDR;
    ai_next: PAddrInfo;
  end;

function getaddrinfo(const nodename: PChar; const servname : PChar; const hints: PAddrInfo; var res: PAddrInfo): Integer; stdcall; external 'ws2_32.dll' name 'getaddrinfo';
procedure freeaddrinfo(ai: PAddrInfo); stdcall; external 'ws2_32.dll' name 'freeaddrinfo';

var
  DummyWSA      : WSADATA;
  SocketHint    : PAddrInfo;
  SocketResult  : PAddrInfo;

begin
  if WSAStartup($0202, DummyWSA) = 0 then begin
    //GetHostByName ('localhost');
    getaddrinfo ('localhost', '80', SocketHint, SocketResult);
    // getaddrinfo ('localhost', NIL, SocketHint, SocketResult); // Not sure if I can NIL the port...
  end;
  readln;
end.

This version seems to not write anything at all to the registry...

like image 809
Ben Avatar asked Mar 06 '13 18:03

Ben


1 Answers

gethostbyname() is the correct way to query a hostname via DNS (getaddrinfo() is a better choice, especially if you need to support IPv6), and it is definitely NOT restricted to admins only. Lots of applications use gethostbyname() (and/or getaddrinfo()) so it is very unlikely that Kaspersky is going to block it.

Why do you think that gethostbyname() is creating a Registry key? What is actually being created? It shouldn't be creating anything. That might suggest that some external code has hooked into gethostbyname().

like image 177
Remy Lebeau Avatar answered Oct 23 '22 03:10

Remy Lebeau