You should do something like the code below does, but don’t forget to recalculate TCP checksum after doing this:
PINTERMEDIATE_BUFFER ParsePacketHeaders ( PINTERMEDIATE_BUFFER pBuffer )
{
ether_header_ptr pEthernet = (ether_header_ptr)&pBuffer->m_IBuffer;
if(ntohs(pEthernet->h_proto) == ETH_P_IP){
iphdr_ptr pIp = NULL;
tcphdr_ptr pTcp = NULL;
pIp = (iphdr_ptr)&pBuffer->m_IBuffer[MHdrSize];
//printf("%i", MHdrSize);
UCHAR IpProto = pIp->ip_p;
if(IpProto == IPPROTO_TCP){
pTcp = (tcphdr_ptr)(((PUCHAR)pIp) + sizeof(DWORD)*pIp->ip_hl);
in_addr IP = pIp->ip_src;
PUCHAR pTcpData = (PUCHAR)pTcp + pTcp->th_off*4;
if(ntohs(pTcp->th_sport) == 80){
string foo = (char *)pTcpData;
while(foo.find("sex") != string::npos){
foo.replace(foo.find(sought), sought.size(), replacement);
}
const char* final = foo.c_str();
memcpy(pTcpData, final, foo.length());
printf("Dest Data: %snAddress of pTcpData: %x", pTcpData, &pTcpData);
}//port 80?
}//tcp??
} //IP Packet?
return pBuffer;
}