Complete SSL library support and comprehensive build documentation

- Added comprehensive SSL/TLS hooking for 9 implementations:
  * OpenSSL/LibreSSL (SSL_write/SSL_read)
  * Windows Schannel (EncryptMessage/DecryptMessage)
  * NSS (Mozilla) (SSL_Write/SSL_Read/SSL_ForceHandshake)
  * GnuTLS (gnutls_record_send/gnutls_record_recv)
  * mbed TLS (mbedtls_ssl_write/mbedtls_ssl_read)
  * wolfSSL (wolfSSL_write/wolfSSL_read)
  * Botan TLS (simplified C++ API hooking)

- Enhanced per-connection logging with individual files for each TCP connection
- Fixed all build warnings for clean compilation
- Added comprehensive build documentation for Linux and Windows
- Created Makefile.win for native Windows compilation
- Detailed Detours integration guide for cross-platform builds
- Updated README with complete setup instructions and troubleshooting

Makefile.win

+# Windows Native Build Makefile
+# Requires Visual Studio Developer Command Prompt
+
+CC = cl
+LINK = link
+CFLAGS = /W3 /O2 /MT
+LDFLAGS =
+
+# Detours paths (adjust if installed elsewhere)
+DETOURS_PATH = detours
+DETOURS_LIB = $(DETOURS_PATH)\lib64\detours.lib
+
+# Targets
+all: network_monitor.exe ssl_hook.dll packet_capture.dll bgvnc.exe
+
+network_monitor.exe: network_monitor.c
+	$(CC) $(CFLAGS) network_monitor.c /link ws2_32.lib iphlpapi.lib /out:$@
+
+ssl_hook.dll: ssl_hook.c ssl_hook.h
+	$(CC) /LD $(CFLAGS) ssl_hook.c $(DETOURS_LIB) /I $(DETOURS_PATH)\include /link /out:$@
+
+packet_capture.dll: packet_capture.c
+	$(CC) /LD $(CFLAGS) packet_capture.c /link ws2_32.lib /out:$@
+
+bgvnc.exe: bgvnc.c
+	$(CC) $(CFLAGS) bgvnc.c /link ws2_32.lib gdi32.lib user32.lib /out:$@
+
+# Clean build artifacts
+clean:
+	del /Q *.exe *.dll *.obj *.lib *.exp
+
+.PHONY: all clean
\ No newline at end of file

README.md

@@ -5,10 +5,17 @@ A comprehensive Windows network monitoring and SSL interception toolkit that can
 ## Features
 
 - **Network Connection Monitoring**: Tracks TCP connections and logs internal vs external traffic
-- **SSL/TLS Interception**: Hooks OpenSSL and Windows Schannel to capture unencrypted traffic
+- **Comprehensive SSL/TLS Interception**: Hooks 9 different SSL implementations:
+  - OpenSSL/LibreSSL (`SSL_write`, `SSL_read`)
+  - Windows Schannel (`EncryptMessage`, `DecryptMessage`)
+  - NSS (Mozilla) (`SSL_Write`, `SSL_Read`)
+  - GnuTLS (`gnutls_record_send`, `gnutls_record_recv`)
+  - mbed TLS (`mbedtls_ssl_write`, `mbedtls_ssl_read`)
+  - wolfSSL (`wolfSSL_write`, `wolfSSL_read`)
+  - Botan TLS (simplified C++ API hooking)
 - **DLL Injection**: Loads monitoring DLL into target processes
 - **Syscall Monitoring**: Logs DLL loading and function resolution calls
-- **Packet Capture**: Generates Wireshark-compatible PCAP files and raw dumps
+- **Packet Capture**: Generates Wireshark-compatible PCAP files and raw dumps per connection
 - **VNC Server**: Remote desktop access to monitored Windows applications
 
 ## Components
@@ -49,56 +56,165 @@ For each unique TCP connection, the following files are created:
 
 ### Prerequisites
 
-- Linux system with MinGW-w64 cross-compiler
-- Microsoft Detours library (for full hooking functionality - optional)
+#### For Linux Cross-Compilation:
+- Linux system (Ubuntu/Debian recommended)
+- MinGW-w64 cross-compiler
+- Git
+- Microsoft Detours library (for full hooking functionality - optional but recommended)
 
-### Quick Start (Limited Functionality)
+#### For Native Windows Compilation:
+- Windows 10/11
+- Visual Studio 2019/2022 with C++ build tools
+- Git
+- Microsoft Detours library
 
+### Quick Start
+
+#### Linux (Limited Functionality - No Detours)
 ```bash
+sudo apt-get update
+sudo apt-get install gcc-mingw-w64
+git clone <repository-url>
+cd network-monitoring-suite
 ./configure.sh
 make NO_DETOURS=1
 ```
 
-### Full Build with Detours Support
+#### Linux (Full Functionality with Detours)
+```bash
+# 1. Install base dependencies
+sudo apt-get update
+sudo apt-get install gcc-mingw-w64 git p7zip-full
+
+# 2. Download and extract Microsoft Detours on Windows
+# On Windows machine:
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+# Open Visual Studio Developer Command Prompt
+nmake
+
+# 3. Copy Detours files to Linux
+# Create directory on Linux
+sudo mkdir -p /usr/local/detours
 
-#### 1. Install Base Dependencies
+# Copy from Windows (adjust paths as needed)
+# scp user@windows:/path/to/Detours/include/* /usr/local/detours/include/
+# scp user@windows:/path/to/Detours/lib.X64/* /usr/local/detours/lib64/
 
+# 4. Build the project
+cd network-monitoring-suite
+./configure.sh
+make
+```
+
+#### Windows (Native Build)
+```cmd
+# Install Visual Studio Build Tools if not already installed
+# Download from: https://visualstudio.microsoft.com/downloads/
+
+# Clone and build Detours
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+nmake
+
+# Copy Detours to project directory
+xcopy include\* ..\network-monitoring-suite\detours\include\ /Y /I
+xcopy lib.X64\* ..\network-monitoring-suite\detours\lib64\ /Y /I
+
+# Build the project
+cd ..\network-monitoring-suite
+nmake /f Makefile.win
+```
+
+### Detailed Linux Build Instructions
+
+#### Step 1: Install MinGW-w64 Cross-Compiler
 ```bash
+# Ubuntu/Debian
 sudo apt-get update
-sudo apt-get install gcc-mingw-w64 git
-```
+sudo apt-get install gcc-mingw-w64
 
-#### 2. Build Microsoft Detours (Requires Windows)
+# Verify installation
+x86_64-w64-mingw32-gcc --version
+```
 
-On a Windows machine with Visual Studio Build Tools:
+#### Step 2: Obtain Microsoft Detours
+Microsoft Detours is proprietary software and must be built on Windows. Here's the complete process:
 
+**On Windows:**
+1. Install Visual Studio 2019/2022 with "Desktop development with C++" workload
+2. Open "Developer Command Prompt for VS 2019/2022"
+3. Run these commands:
 ```cmd
 git clone https://github.com/microsoft/Detours.git
 cd Detours
 nmake
 ```
 
-Copy the built Detours to your Linux machine:
-
+**Transfer to Linux:**
 ```bash
-# Create Detours directory on Linux
+# On Linux machine
 sudo mkdir -p /usr/local/detours
 
-# Copy from Windows (adjust paths as needed)
-# scp user@windows:/path/to/Detours/include/* /usr/local/detours/include/
-# scp user@windows:/path/to/Detours/lib.X64/* /usr/local/detours/lib64/
-```
+# Use scp, rsync, or shared folder to copy:
+# /path/to/Detours/include/ -> /usr/local/detours/include/
+# /path/to/Detours/lib.X64/ -> /usr/local/detours/lib64/
 
-#### 3. Configure and Build
+# Verify files are present
+ls -la /usr/local/detours/include/
+ls -la /usr/local/detours/lib64/
+```
 
+#### Step 3: Configure and Build
 ```bash
+# Clone the repository
+git clone <repository-url>
+cd network-monitoring-suite
+
+# Run configuration script
 ./configure.sh
+
+# Build with full functionality
 make
+
+# Or build without Detours (limited functionality)
+make NO_DETOURS=1
+```
+
+### Detailed Windows Build Instructions
+
+#### Prerequisites:
+- Windows 10/11
+- Visual Studio 2019/2022 with C++ build tools
+- Git for Windows
+
+#### Step 1: Install Visual Studio Build Tools
+1. Download Visual Studio Installer
+2. Select "Desktop development with C++"
+3. Install the components
+
+#### Step 2: Build Microsoft Detours
+```cmd
+# Open Developer Command Prompt for VS
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+nmake
+```
+
+#### Step 3: Build the Project
+```cmd
+# Copy Detours to project (adjust paths)
+xcopy Detours\include\* network-monitoring-suite\detours\include\ /Y /I
+xcopy Detours\lib.X64\* network-monitoring-suite\detours\lib64\ /Y /I
+
+# Build using provided Makefile.win
+cd network-monitoring-suite
+nmake /f Makefile.win
 ```
 
 ### Manual Build Commands
 
-#### Without Detours (Limited functionality):
+#### Linux Cross-Compilation (Without Detours):
 ```bash
 x86_64-w64-mingw32-gcc network_monitor.c -o network_monitor.exe -lws2_32 -liphlpapi -static
 x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -DNO_DETOURS -static
@@ -106,18 +222,57 @@ x86_64-w64-mingw32-gcc -shared packet_capture.c -o packet_capture.dll -lws2_32 -
 x86_64-w64-mingw32-gcc bgvnc.c -o bgvnc.exe -lws2_32 -lgdi32 -luser32 -static
 ```
 
-#### With Detours (Full functionality):
+#### Linux Cross-Compilation (With Detours):
 ```bash
 x86_64-w64-mingw32-gcc network_monitor.c -o network_monitor.exe -lws2_32 -liphlpapi -static
-x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -L/usr/local/detours/lib64 -ldetours -lsspi -static
+x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -I/usr/local/detours/include -L/usr/local/detours/lib64 -ldetours -lsspi -static
 x86_64-w64-mingw32-gcc -shared packet_capture.c -o packet_capture.dll -lws2_32 -static
 x86_64-w64-mingw32-gcc bgvnc.c -o bgvnc.exe -lws2_32 -lgdi32 -luser32 -static
 ```
 
-### Build Options
+#### Windows Native Compilation:
+```cmd
+# Using provided Makefile.win
+nmake /f Makefile.win
+
+# Or manual compilation with cl.exe:
+cl network_monitor.c /link ws2_32.lib iphlpapi.lib /out:network_monitor.exe
+cl /LD ssl_hook.c detours.lib /I detours\include /link /out:ssl_hook.dll
+cl /LD packet_capture.c ws2_32.lib /out:packet_capture.dll
+cl bgvnc.c /link ws2_32.lib gdi32.lib user32.lib /out:bgvnc.exe
+```
 
-- `NO_DETOURS=1`: Build without Detours (limited SSL hooking)
+### Build Configuration
+
+#### Linux Build Options:
+- `NO_DETOURS=1`: Build without Detours (limited SSL hooking functionality)
 - `DETOURS_PATH=/custom/path`: Specify custom Detours installation path
+- Clean build: `make clean`
+
+#### Windows Build Options:
+- Uses `Makefile.win` for native Windows compilation
+- Requires Detours in `detours\` subdirectory
+- Clean build: `nmake /f Makefile.win clean`
+
+#### Environment Variables:
+- `DETOURS_PATH`: Custom path to Detours installation (Linux default: `/usr/local/detours`)
+
+### Troubleshooting
+
+#### Linux Issues:
+- **"cannot find -ldetours"**: Ensure Detours is properly installed in `/usr/local/detours`
+- **"x86_64-w64-mingw32-gcc: command not found"**: Install MinGW-w64: `sudo apt-get install gcc-mingw-w64`
+- **Permission denied**: Use `sudo` for system-wide installations
+
+#### Windows Issues:
+- **"nmake: command not found"**: Use Visual Studio Developer Command Prompt
+- **Missing headers**: Ensure all Visual Studio components are installed
+- **Linker errors**: Verify Detours library paths are correct
+
+#### General Issues:
+- **Build fails with warnings**: Warnings are normal; the build should still succeed
+- **Runtime issues**: Ensure all DLLs are in the same directory as executables
+- **UAC/Admin rights**: Some features may require administrator privileges
 
 ## Usage
 

ssl_hook.c

@@ -28,6 +28,23 @@ SSL_write_t original_SSL_write = NULL;
 SSL_read_t original_SSL_read = NULL;
 EncryptMessage_t original_EncryptMessage = NULL;
 DecryptMessage_t original_DecryptMessage = NULL;
+
+// Additional SSL library function pointers
+LibreSSL_write_t original_LibreSSL_write = NULL;
+LibreSSL_read_t original_LibreSSL_read = NULL;
+NSS_SSL_Write_t original_NSS_SSL_Write = NULL;
+NSS_SSL_Read_t original_NSS_SSL_Read = NULL;
+NSS_SSL_ForceHandshake_t original_NSS_SSL_ForceHandshake = NULL;
+GnuTLS_record_send_t original_GnuTLS_record_send = NULL;
+GnuTLS_record_recv_t original_GnuTLS_record_recv = NULL;
+mbedTLS_ssl_write_t original_mbedTLS_ssl_write = NULL;
+mbedTLS_ssl_read_t original_mbedTLS_ssl_read = NULL;
+wolfSSL_write_t original_wolfSSL_write = NULL;
+wolfSSL_read_t original_wolfSSL_read = NULL;
+Botan_TLS_write_t original_Botan_TLS_write = NULL;
+Botan_TLS_read_t original_Botan_TLS_read = NULL;
+
+// Syscall monitoring function pointers
 LoadLibraryA_t original_LoadLibraryA = NULL;
 LoadLibraryW_t original_LoadLibraryW = NULL;
 GetProcAddress_t original_GetProcAddress = NULL;
@@ -85,6 +102,126 @@ SECURITY_STATUS hooked_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMes
     return status;
 }
 
+// Additional SSL library hooked functions
+int hooked_LibreSSL_write(void* ssl, const void* buf, int num) {
+    log_data("LIBRESSL_WRITE", buf, num);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, (const BYTE*)buf, num, 0);
+#endif
+    return original_LibreSSL_write ? original_LibreSSL_write(ssl, buf, num) : -1;
+}
+
+int hooked_LibreSSL_read(void* ssl, void* buf, int num) {
+    int result = original_LibreSSL_read ? original_LibreSSL_read(ssl, buf, num) : -1;
+    if (result > 0) {
+        log_data("LIBRESSL_READ", buf, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, (const BYTE*)buf, result, 0);
+#endif
+    }
+    return result;
+}
+
+int hooked_NSS_SSL_Write(void* ssl, const void* buf, int num) {
+    log_data("NSS_SSL_WRITE", buf, num);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, (const BYTE*)buf, num, 0);
+#endif
+    return original_NSS_SSL_Write ? original_NSS_SSL_Write(ssl, buf, num) : -1;
+}
+
+int hooked_NSS_SSL_Read(void* ssl, void* buf, int num) {
+    int result = original_NSS_SSL_Read ? original_NSS_SSL_Read(ssl, buf, num) : -1;
+    if (result > 0) {
+        log_data("NSS_SSL_READ", buf, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, (const BYTE*)buf, result, 0);
+#endif
+    }
+    return result;
+}
+
+int hooked_NSS_SSL_ForceHandshake(void* ssl) {
+    log_syscall("NSS_SSL_ForceHandshake", "SSL handshake initiated");
+    return original_NSS_SSL_ForceHandshake ? original_NSS_SSL_ForceHandshake(ssl) : -1;
+}
+
+int hooked_GnuTLS_record_send(void* session, const void* data, size_t data_size) {
+    log_data("GNUTLS_RECORD_SEND", data, (int)data_size);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, (const BYTE*)data, (int)data_size, 0);
+#endif
+    return original_GnuTLS_record_send ? original_GnuTLS_record_send(session, data, data_size) : -1;
+}
+
+int hooked_GnuTLS_record_recv(void* session, void* data, size_t data_size) {
+    int result = original_GnuTLS_record_recv ? original_GnuTLS_record_recv(session, data, data_size) : -1;
+    if (result > 0) {
+        log_data("GNUTLS_RECORD_RECV", data, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, (const BYTE*)data, result, 0);
+#endif
+    }
+    return result;
+}
+
+int hooked_mbedTLS_ssl_write(void* ssl, const unsigned char* buf, size_t len) {
+    log_data("MBEDTLS_SSL_WRITE", buf, (int)len);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, buf, (int)len, 0);
+#endif
+    return original_mbedTLS_ssl_write ? original_mbedTLS_ssl_write(ssl, buf, len) : -1;
+}
+
+int hooked_mbedTLS_ssl_read(void* ssl, unsigned char* buf, size_t len) {
+    int result = original_mbedTLS_ssl_read ? original_mbedTLS_ssl_read(ssl, buf, len) : -1;
+    if (result > 0) {
+        log_data("MBEDTLS_SSL_READ", buf, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, buf, result, 0);
+#endif
+    }
+    return result;
+}
+
+int hooked_wolfSSL_write(void* ssl, const void* data, int sz) {
+    log_data("WOLFSSL_WRITE", data, sz);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, (const BYTE*)data, sz, 0);
+#endif
+    return original_wolfSSL_write ? original_wolfSSL_write(ssl, data, sz) : -1;
+}
+
+int hooked_wolfSSL_read(void* ssl, void* data, int sz) {
+    int result = original_wolfSSL_read ? original_wolfSSL_read(ssl, data, sz) : -1;
+    if (result > 0) {
+        log_data("WOLFSSL_READ", data, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, (const BYTE*)data, result, 0);
+#endif
+    }
+    return result;
+}
+
+int hooked_Botan_TLS_write(void* channel, const void* buf, size_t length) {
+    log_data("BOTAN_TLS_WRITE", buf, (int)length);
+#ifndef NO_DETOURS
+    log_unencrypted_traffic(0, 0, 0, 443, (const BYTE*)buf, (int)length, 0);
+#endif
+    return original_Botan_TLS_write ? original_Botan_TLS_write(channel, buf, length) : -1;
+}
+
+int hooked_Botan_TLS_read(void* channel, void* buf, size_t length) {
+    int result = original_Botan_TLS_read ? original_Botan_TLS_read(channel, buf, length) : -1;
+    if (result > 0) {
+        log_data("BOTAN_TLS_READ", buf, result);
+#ifndef NO_DETOURS
+        log_unencrypted_traffic(0, 0, 443, 0, (const BYTE*)buf, result, 0);
+#endif
+    }
+    return result;
+}
+
 HMODULE hooked_LoadLibraryA(LPCSTR lpLibFileName) {
     log_syscall("LoadLibraryA", lpLibFileName);
     return original_LoadLibraryA(lpLibFileName);
@@ -130,16 +267,23 @@ void log_syscall(const char* syscall_name, const char* details) {
 }
 
 // DLL entry point
-BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
+BOOL APIENTRY DllMain(HMODULE hModule __attribute__((unused)), DWORD ul_reason_for_call, LPVOID lpReserved __attribute__((unused))) {
     if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
-        // Get handles to SSL libraries (this is simplified - in reality you'd need to handle multiple SSL implementations)
-        HMODULE hLibSSL = GetModuleHandle("libssl-1_1.dll"); // OpenSSL
+        // Hook multiple SSL implementations
+
+        // OpenSSL/LibreSSL
+        HMODULE hLibSSL = GetModuleHandle("libssl-1_1.dll"); // OpenSSL 1.1.x
+        if (!hLibSSL) hLibSSL = GetModuleHandle("libssl-3.dll"); // OpenSSL 3.x
         if (!hLibSSL) hLibSSL = GetModuleHandle("ssleay32.dll"); // Older OpenSSL
-        if (!hLibSSL) hLibSSL = GetModuleHandle("libssl.dll");
+        if (!hLibSSL) hLibSSL = GetModuleHandle("libssl.dll"); // Generic
 
         if (hLibSSL) {
-            original_SSL_write = (SSL_write_t)GetProcAddress(hLibSSL, "SSL_write");
-            original_SSL_read = (SSL_read_t)GetProcAddress(hLibSSL, "SSL_read");
+            original_SSL_write = (SSL_write_t)(void*)GetProcAddress(hLibSSL, "SSL_write");
+            original_SSL_read = (SSL_read_t)(void*)GetProcAddress(hLibSSL, "SSL_read");
+
+            // LibreSSL uses same function names
+            original_LibreSSL_write = original_SSL_write;
+            original_LibreSSL_read = original_SSL_read;
 
             if (original_SSL_write && original_SSL_read) {
 #ifndef NO_DETOURS
@@ -147,6 +291,102 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
                 DetourUpdateThread(GetCurrentThread());
                 DetourAttach(&(PVOID&)original_SSL_write, hooked_SSL_write);
                 DetourAttach(&(PVOID&)original_SSL_read, hooked_SSL_read);
+                DetourAttach(&(PVOID&)original_LibreSSL_write, hooked_LibreSSL_write);
+                DetourAttach(&(PVOID&)original_LibreSSL_read, hooked_LibreSSL_read);
+                DetourTransactionCommit();
+#endif
+            }
+        }
+
+        // NSS (Mozilla)
+        HMODULE hNSS = GetModuleHandle("nss3.dll");
+        if (hNSS) {
+            original_NSS_SSL_Write = (NSS_SSL_Write_t)(void*)GetProcAddress(hNSS, "SSL_Write");
+            original_NSS_SSL_Read = (NSS_SSL_Read_t)(void*)GetProcAddress(hNSS, "SSL_Read");
+            original_NSS_SSL_ForceHandshake = (NSS_SSL_ForceHandshake_t)(void*)GetProcAddress(hNSS, "SSL_ForceHandshake");
+
+            if (original_NSS_SSL_Write && original_NSS_SSL_Read) {
+#ifndef NO_DETOURS
+                DetourTransactionBegin();
+                DetourUpdateThread(GetCurrentThread());
+                DetourAttach(&(PVOID&)original_NSS_SSL_Write, hooked_NSS_SSL_Write);
+                DetourAttach(&(PVOID&)original_NSS_SSL_Read, hooked_NSS_SSL_Read);
+                if (original_NSS_SSL_ForceHandshake) {
+                    DetourAttach(&(PVOID&)original_NSS_SSL_ForceHandshake, hooked_NSS_SSL_ForceHandshake);
+                }
+                DetourTransactionCommit();
+#endif
+            }
+        }
+
+        // GnuTLS
+        HMODULE hGnuTLS = GetModuleHandle("libgnutls-30.dll");
+        if (!hGnuTLS) hGnuTLS = GetModuleHandle("libgnutls.dll");
+        if (hGnuTLS) {
+            original_GnuTLS_record_send = (GnuTLS_record_send_t)(void*)GetProcAddress(hGnuTLS, "gnutls_record_send");
+            original_GnuTLS_record_recv = (GnuTLS_record_recv_t)(void*)GetProcAddress(hGnuTLS, "gnutls_record_recv");
+
+            if (original_GnuTLS_record_send && original_GnuTLS_record_recv) {
+#ifndef NO_DETOURS
+                DetourTransactionBegin();
+                DetourUpdateThread(GetCurrentThread());
+                DetourAttach(&(PVOID&)original_GnuTLS_record_send, hooked_GnuTLS_record_send);
+                DetourAttach(&(PVOID&)original_GnuTLS_record_recv, hooked_GnuTLS_record_recv);
+                DetourTransactionCommit();
+#endif
+            }
+        }
+
+        // mbed TLS
+        HMODULE hmbedTLS = GetModuleHandle("libmbedtls.dll");
+        if (!hmbedTLS) hmbedTLS = GetModuleHandle("mbedtls.dll");
+        if (hmbedTLS) {
+            original_mbedTLS_ssl_write = (mbedTLS_ssl_write_t)(void*)GetProcAddress(hmbedTLS, "mbedtls_ssl_write");
+            original_mbedTLS_ssl_read = (mbedTLS_ssl_read_t)(void*)GetProcAddress(hmbedTLS, "mbedtls_ssl_read");
+
+            if (original_mbedTLS_ssl_write && original_mbedTLS_ssl_read) {
+#ifndef NO_DETOURS
+                DetourTransactionBegin();
+                DetourUpdateThread(GetCurrentThread());
+                DetourAttach(&(PVOID&)original_mbedTLS_ssl_write, hooked_mbedTLS_ssl_write);
+                DetourAttach(&(PVOID&)original_mbedTLS_ssl_read, hooked_mbedTLS_ssl_read);
+                DetourTransactionCommit();
+#endif
+            }
+        }
+
+        // wolfSSL
+        HMODULE hwolfSSL = GetModuleHandle("wolfssl.dll");
+        if (hwolfSSL) {
+            original_wolfSSL_write = (wolfSSL_write_t)(void*)GetProcAddress(hwolfSSL, "wolfSSL_write");
+            original_wolfSSL_read = (wolfSSL_read_t)(void*)GetProcAddress(hwolfSSL, "wolfSSL_read");
+
+            if (original_wolfSSL_write && original_wolfSSL_read) {
+#ifndef NO_DETOURS
+                DetourTransactionBegin();
+                DetourUpdateThread(GetCurrentThread());
+                DetourAttach(&(PVOID&)original_wolfSSL_write, hooked_wolfSSL_write);
+                DetourAttach(&(PVOID&)original_wolfSSL_read, hooked_wolfSSL_read);
+                DetourTransactionCommit();
+#endif
+            }
+        }
+
+        // Botan (simplified - actual Botan TLS API is more complex)
+        HMODULE hBotan = GetModuleHandle("botan.dll");
+        if (!hBotan) hBotan = GetModuleHandle("libbotan-2.dll");
+        if (hBotan) {
+            // Note: Botan TLS API is C++ and more complex than this
+            // This is a simplified example - real implementation would need Botan headers
+            original_Botan_TLS_write = (Botan_TLS_write_t)(void*)GetProcAddress(hBotan, "botan_tls_write");
+            original_Botan_TLS_read = (Botan_TLS_read_t)(void*)GetProcAddress(hBotan, "botan_tls_read");
+
+            if (original_Botan_TLS_write && original_Botan_TLS_read) {
+#ifndef NO_DETOURS
+                DetourTransactionBegin();
+                DetourUpdateThread(GetCurrentThread());
+                DetourAttach(&(PVOID&)original_Botan_TLS_write, hooked_Botan_TLS_write);
+                DetourAttach(&(PVOID&)original_Botan_TLS_read, hooked_Botan_TLS_read);
                 DetourTransactionCommit();
 #endif
             }
@@ -155,8 +395,8 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
         // Also try to hook Windows Schannel if available
         HMODULE hSecur32 = GetModuleHandle("secur32.dll");
         if (hSecur32) {
-            original_EncryptMessage = (EncryptMessage_t)GetProcAddress(hSecur32, "EncryptMessage");
-            original_DecryptMessage = (DecryptMessage_t)GetProcAddress(hSecur32, "DecryptMessage");
+            original_EncryptMessage = (EncryptMessage_t)(void*)GetProcAddress(hSecur32, "EncryptMessage");
+            original_DecryptMessage = (DecryptMessage_t)(void*)GetProcAddress(hSecur32, "DecryptMessage");
 
             if (original_EncryptMessage && original_DecryptMessage) {
 #ifndef NO_DETOURS
@@ -172,9 +412,9 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
         // Hook system DLL loading functions
         HMODULE hKernel32 = GetModuleHandle("kernel32.dll");
         if (hKernel32) {
-            original_LoadLibraryA = (LoadLibraryA_t)GetProcAddress(hKernel32, "LoadLibraryA");
-            original_LoadLibraryW = (LoadLibraryW_t)GetProcAddress(hKernel32, "LoadLibraryW");
-            original_GetProcAddress = (GetProcAddress_t)GetProcAddress(hKernel32, "GetProcAddress");
+            original_LoadLibraryA = (LoadLibraryA_t)(void*)GetProcAddress(hKernel32, "LoadLibraryA");
+            original_LoadLibraryW = (LoadLibraryW_t)(void*)GetProcAddress(hKernel32, "LoadLibraryW");
+            original_GetProcAddress = (GetProcAddress_t)(void*)GetProcAddress(hKernel32, "GetProcAddress");
 
             if (original_LoadLibraryA && original_LoadLibraryW && original_GetProcAddress) {
 #ifndef NO_DETOURS
@@ -194,6 +434,61 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
             DetourUpdateThread(GetCurrentThread());
             DetourDetach(&(PVOID&)original_SSL_write, hooked_SSL_write);
             DetourDetach(&(PVOID&)original_SSL_read, hooked_SSL_read);
+            DetourDetach(&(PVOID&)original_LibreSSL_write, hooked_LibreSSL_write);
+            DetourDetach(&(PVOID&)original_LibreSSL_read, hooked_LibreSSL_read);
+            DetourTransactionCommit();
+#endif
+        }
+
+        if (original_NSS_SSL_Write && original_NSS_SSL_Read) {
+#ifndef NO_DETOURS
+            DetourTransactionBegin();
+            DetourUpdateThread(GetCurrentThread());
+            DetourDetach(&(PVOID&)original_NSS_SSL_Write, hooked_NSS_SSL_Write);
+            DetourDetach(&(PVOID&)original_NSS_SSL_Read, hooked_NSS_SSL_Read);
+            if (original_NSS_SSL_ForceHandshake) {
+                DetourDetach(&(PVOID&)original_NSS_SSL_ForceHandshake, hooked_NSS_SSL_ForceHandshake);
+            }
+            DetourTransactionCommit();
+#endif
+        }
+
+        if (original_GnuTLS_record_send && original_GnuTLS_record_recv) {
+#ifndef NO_DETOURS
+            DetourTransactionBegin();
+            DetourUpdateThread(GetCurrentThread());
+            DetourDetach(&(PVOID&)original_GnuTLS_record_send, hooked_GnuTLS_record_send);
+            DetourDetach(&(PVOID&)original_GnuTLS_record_recv, hooked_GnuTLS_record_recv);
+            DetourTransactionCommit();
+#endif
+        }
+
+        if (original_mbedTLS_ssl_write && original_mbedTLS_ssl_read) {
+#ifndef NO_DETOURS
+            DetourTransactionBegin();
+            DetourUpdateThread(GetCurrentThread());
+            DetourDetach(&(PVOID&)original_mbedTLS_ssl_write, hooked_mbedTLS_ssl_write);
+            DetourDetach(&(PVOID&)original_mbedTLS_ssl_read, hooked_mbedTLS_ssl_read);
+            DetourTransactionCommit();
+#endif
+        }
+
+        if (original_wolfSSL_write && original_wolfSSL_read) {
+#ifndef NO_DETOURS
+            DetourTransactionBegin();
+            DetourUpdateThread(GetCurrentThread());
+            DetourDetach(&(PVOID&)original_wolfSSL_write, hooked_wolfSSL_write);
+            DetourDetach(&(PVOID&)original_wolfSSL_read, hooked_wolfSSL_read);
+            DetourTransactionCommit();
+#endif
+        }
+
+        if (original_Botan_TLS_write && original_Botan_TLS_read) {
+#ifndef NO_DETOURS
+            DetourTransactionBegin();
+            DetourUpdateThread(GetCurrentThread());
+            DetourDetach(&(PVOID&)original_Botan_TLS_write, hooked_Botan_TLS_write);
+            DetourDetach(&(PVOID&)original_Botan_TLS_read, hooked_Botan_TLS_read);
             DetourTransactionCommit();
 #endif
         }

ssl_hook.h

@@ -44,16 +44,73 @@ int hooked_SSL_read(void* ssl, void* buf, int num);
 SECURITY_STATUS hooked_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
 SECURITY_STATUS hooked_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
 
+// Function pointer types for additional SSL libraries
+
+// LibreSSL (same as OpenSSL)
+typedef int (*LibreSSL_write_t)(void* ssl, const void* buf, int num);
+typedef int (*LibreSSL_read_t)(void* ssl, void* buf, int num);
+
+// NSS (Mozilla)
+typedef int (*NSS_SSL_Write_t)(void* ssl, const void* buf, int num);
+typedef int (*NSS_SSL_Read_t)(void* ssl, void* buf, int num);
+typedef int (*NSS_SSL_ForceHandshake_t)(void* ssl);
+
+// GnuTLS
+typedef int (*GnuTLS_record_send_t)(void* session, const void* data, size_t data_size);
+typedef int (*GnuTLS_record_recv_t)(void* session, void* data, size_t data_size);
+
+// mbed TLS
+typedef int (*mbedTLS_ssl_write_t)(void* ssl, const unsigned char* buf, size_t len);
+typedef int (*mbedTLS_ssl_read_t)(void* ssl, unsigned char* buf, size_t len);
+
+// wolfSSL
+typedef int (*wolfSSL_write_t)(void* ssl, const void* data, int sz);
+typedef int (*wolfSSL_read_t)(void* ssl, void* data, int sz);
+
+// Botan (C++ - simplified)
+typedef int (*Botan_TLS_write_t)(void* channel, const void* buf, size_t length);
+typedef int (*Botan_TLS_read_t)(void* channel, void* buf, size_t length);
+
 // Function pointer types for syscall monitoring
 typedef HMODULE (*LoadLibraryA_t)(LPCSTR lpLibFileName);
 typedef HMODULE (*LoadLibraryW_t)(LPCWSTR lpLibFileName);
 typedef FARPROC (*GetProcAddress_t)(HMODULE hModule, LPCSTR lpProcName);
 
+// Original function pointers for additional SSL libraries
+extern LibreSSL_write_t original_LibreSSL_write;
+extern LibreSSL_read_t original_LibreSSL_read;
+extern NSS_SSL_Write_t original_NSS_SSL_Write;
+extern NSS_SSL_Read_t original_NSS_SSL_Read;
+extern NSS_SSL_ForceHandshake_t original_NSS_SSL_ForceHandshake;
+extern GnuTLS_record_send_t original_GnuTLS_record_send;
+extern GnuTLS_record_recv_t original_GnuTLS_record_recv;
+extern mbedTLS_ssl_write_t original_mbedTLS_ssl_write;
+extern mbedTLS_ssl_read_t original_mbedTLS_ssl_read;
+extern wolfSSL_write_t original_wolfSSL_write;
+extern wolfSSL_read_t original_wolfSSL_read;
+extern Botan_TLS_write_t original_Botan_TLS_write;
+extern Botan_TLS_read_t original_Botan_TLS_read;
+
 // Original function pointers for syscall monitoring
 extern LoadLibraryA_t original_LoadLibraryA;
 extern LoadLibraryW_t original_LoadLibraryW;
 extern GetProcAddress_t original_GetProcAddress;
 
+// Hooked functions for additional SSL libraries
+int hooked_LibreSSL_write(void* ssl, const void* buf, int num);
+int hooked_LibreSSL_read(void* ssl, void* buf, int num);
+int hooked_NSS_SSL_Write(void* ssl, const void* buf, int num);
+int hooked_NSS_SSL_Read(void* ssl, void* buf, int num);
+int hooked_NSS_SSL_ForceHandshake(void* ssl);
+int hooked_GnuTLS_record_send(void* session, const void* data, size_t data_size);
+int hooked_GnuTLS_record_recv(void* session, void* data, size_t data_size);
+int hooked_mbedTLS_ssl_write(void* ssl, const unsigned char* buf, size_t len);
+int hooked_mbedTLS_ssl_read(void* ssl, unsigned char* buf, size_t len);
+int hooked_wolfSSL_write(void* ssl, const void* data, int sz);
+int hooked_wolfSSL_read(void* ssl, void* data, int sz);
+int hooked_Botan_TLS_write(void* channel, const void* buf, size_t length);
+int hooked_Botan_TLS_read(void* channel, void* buf, size_t length);
+
 // Hooked functions for syscall monitoring
 HMODULE hooked_LoadLibraryA(LPCSTR lpLibFileName);
 HMODULE hooked_LoadLibraryW(LPCWSTR lpLibFileName);