InternetOpenUrl
Jump to navigation
Jump to search
Description
Opens a specific URL for a connection using FTP, HTTP, or HTTPS. URLs, if fixed, can often be good network-based signatures.
Syntax
HINTERNET InternetOpenUrl(
_In_ HINTERNET hInternet,
_In_ LPCTSTR lpszUrl,
_In_ LPCTSTR lpszHeaders,
_In_ DWORD dwHeadersLength,
_In_ DWORD dwFlags,
_In_ DWORD_PTR dwContext
);
Parameters
- hInternet [in]
- The handle to the current Internet session. The handle must have been returned by a previous call to InternetOpen.
- lpszUrl [in]
- A pointer to a null-terminated string variable that specifies the URL to begin reading. Only URLs beginning with ftp:, http:, or https: are supported.
- lpszHeaders [in]
- A pointer to a null-terminated string that specifies the headers to be sent to the HTTP server.
- dwHeadersLength [in]
- The size of the additional headers, in TCHARs. If this parameter is -1L and lpszHeaders is not NULL, lpszHeaders is assumed to be zero-terminated (ASCIIZ) and the length is calculated.
- dwFlags [in]
- This parameter can be one of the following values.
| Value | Meaning |
|---|---|
| INTERNET_FLAG_EXISTING_CONNECT 0x20000000 |
Attempts to use an existing InternetConnect object if one exists with the same attributes required to make the request. This is useful only with FTP operations, since FTP is the only protocol that typically performs multiple operations during the same session. The WinINet API caches a single connection handle for each HINTERNET handle generated by InternetOpen. InternetOpenUrl uses this flag for HTTP and FTP connections. |
| INTERNET_FLAG_HYPERLINK 0x00000400 |
Forces a reload if there was no Expires time and no LastModified time returned from the server when determining whether to reload the item from the network. |
| INTERNET_FLAG_IGNORE_CERT_CN_INVALID 0x00001000 |
Disables checking of SSL/PCT-based certificates that are returned from the server against the host name given in the request. WinINet functions use a simple check against certificates by comparing for matching host names and simple wildcarding rules. |
| INTERNET_FLAG_IGNORE_CERT_DATE_INVALID 0x00002000 |
Disables checking of SSL/PCT-based certificates for proper validity dates. |
| INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP 0x00008000 |
Disables detection of this special type of redirect. When this flag is used, WinINet transparently allows redirects from HTTPS to HTTP URLs. |
| INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS 0x00004000 |
Disables the detection of this special type of redirect. When this flag is used, WinINet transparently allows redirects from HTTP to HTTPS URLs. |
| INTERNET_FLAG_KEEP_CONNECTION 0x00400000 |
Uses keep-alive semantics, if available, for the connection. This flag is required for Microsoft Network (MSN), NTLM, and other types of authentication. |
| INTERNET_FLAG_NEED_FILE 0x00000010 |
Causes a temporary file to be created if the file cannot be cached. |
| INTERNET_FLAG_NO_AUTH 0x00040000 |
Does not attempt authentication automatically. |
| INTERNET_FLAG_NO_AUTO_REDIRECT 0x00200000 |
Does not automatically handle redirection in HttpSendRequest. |
| INTERNET_FLAG_NO_CACHE_WRITE 0x04000000 |
Does not add the returned entity to the cache. |
| INTERNET_FLAG_NO_COOKIES 0x00080000 |
Does not automatically add cookie headers to requests, and does not automatically add returned cookies to the cookie database. |
| INTERNET_FLAG_NO_UI 0x00000200 |
Disables the cookie dialog box. |
| INTERNET_FLAG_PASSIVE 0x08000000 |
Uses passive FTP semantics. InternetOpenUrl uses this flag for FTP files and directories. |
| INTERNET_FLAG_PRAGMA_NOCACHE 0x00000100 |
Forces the request to be resolved by the origin server, even if a cached copy exists on the proxy. |
| INTERNET_FLAG_RAW_DATA 0x40000000 |
Returns the data as a WIN32_FIND_DATA structure when retrieving FTP directory information. If this flag is not specified or if the call was made through a CERN proxy, InternetOpenUrl returns the HTML version of the directory. Windows XP and Windows Server 2003 R2 and earlier: Also returns data as a GOPHER_FIND_DATA structure when retrieving Gopher directory information. |
| INTERNET_FLAG_RELOAD 0x80000000 |
Forces a download of the requested file, object, or directory listing from the origin server, not from the cache. |
| INTERNET_FLAG_RESYNCHRONIZE 0x00000800 |
Reloads HTTP resources if the resource has been modified since the last time it was downloaded. All FTP resources are reloaded. Windows XP and Windows Server 2003 R2 and earlier: Gopher resources are also reloaded. |
| INTERNET_FLAG_SECURE 0x00800000 |
Uses secure transaction semantics. This translates to using Secure Sockets Layer/Private Communications Technology (SSL/PCT) and is only meaningful in HTTP requests. |
- dwContext [in]
- A pointer to a variable that specifies the application-defined value that is passed, along with the returned handle, to any callback functions.
Return value
Returns a valid handle to the URL if the connection is successfully established, or NULL if the connection fails. To retrieve a specific error message, call GetLastError. To determine why access to the service was denied, call InternetGetLastResponseInfo.
Example
.text:00401150 StartAddress proc near ; DATA XREF: sub_401040+EC�o
.text:00401150 push esi
.text:00401151 push edi
.text:00401152 push 0 ; dwFlags
.text:00401154 push 0 ; lpszProxyBypass
.text:00401156 push 0 ; lpszProxy
.text:00401158 push 1 ; dwAccessType
.text:0040115A push offset szAgent ; "Internet Explorer 8.0"
.text:0040115F call ds:InternetOpenA
.text:00401165 mov edi, ds:InternetOpenUrlA
.text:0040116B mov esi, eax
.text:0040116D
.text:0040116D loc_40116D: ; CODE XREF: StartAddress+30�j
.text:0040116D push 0 ; dwContext
.text:0040116F push 80000000h ; dwFlags
.text:00401174 push 0 ; dwHeadersLength
.text:00401176 push 0 ; lpszHeaders
.text:00401178 push offset szUrl ; "http://www.malwareanalysisbook.com"
.text:0040117D push esi ; hInternet
.text:0040117E call edi ; InternetOpenUrlA
.text:00401180 jmp short loc_40116D
.text:00401180 StartAddress endp