关于HOOK浏览器NtDeviceIoControlFile函数，修改POST数据的问题

我HOOK了IE的NtDeviceIoControlFile函数，想修改POST发包的数据，IE做POST数据时，会发送两个包，一个是HTTP头，一个是数据，如果修改的数据长度跟原数据长度相等，则可以直接修改数据，不会有问题，但如果数据长度不相等，则需要先修改HTTP头里的Content-length参数，然后再在第二个数据包发送的时候修改数据Buffer。

我的问题是，在第二种情况下，修改长度不一样的包发送后，服务器可以正确识别修改后的数据，等于是修改成功了，但是浏览器这里却会报一个ERROR_INTERNET_INTERNAL_ERROR错误，导致浏览器认为网络错误，我研究了一整天没有头绪，怀疑是不是HOOK的NtDeviceIoControlFile函数里的返回值或者参数的修改方式不对导致的，请坛子里的各位大牛帮我分析一下。

我的修改方式是这样的：

代码:

int PraLenght;
NTSTATUS WINAPI CWininetHook::_NtDeviceIoControlFile( HANDLE FileHandle,HANDLE Event OPTIONAL,PVOID ApcRoutine OPTIONAL,PVOID ApcContext OPTIONAL,PVOID IoStatusBlock,ULONG IoControlCode,PVOID InputBuffer OPTIONAL,ULONG InputBufferLength,PVOID OutputBuffer OPTIONAL,ULONG OutputBufferLength )
{
LONG stat = -1;

if (IoControlCode != AFD_SEND)
{
__asm
{
push  OutputBufferLength
push  OutputBuffer
push  InputBufferLength
push  InputBuffer
push  IoControlCode
push  IoStatusBlock
push  ApcContext
push  ApcRoutine
push  Event
push  FileHandle
call  s_pfnNtDeviceIoControlFile
mov    stat ,eax
}
return stat ;
}

string text = "";
PAFD_INFO AfdInfo = NULL;
char * Buffer = NULL;
ULONG Len = NULL;
string domain;

if (IoControlCode == AFD_SEND)
{
AfdInfo = (PAFD_INFO)InputBuffer;
Buffer = AfdInfo->BufferArray->buf;
Len = AfdInfo->BufferArray->len;

text = Buffer;
text = text.substr(0,Len);
if(text != "!" && text != "" && text.length() > 0)
{
if(text.substr(0,4) == "POST")
{
//修改HTTP头里的Content-length
if(text.find("SpeSubmit.aspx") != text.npos)
{
domain = GetDomainFromRequest(text.c_str());
if(Ecode.find(domain) != Ecode.end())
Ecode_h[FileHandle] = Ecode[domain];
else
Ecode_h[FileHandle] = -1;

PraLenght = MyRelpaceHeaderLength(text);

TRACE(text.c_str());

AfdInfo->BufferArray->len = text.size();
AfdInfo->BufferArray->buf = (char *)text.c_str();
}
else if(Ecode_h.find(FileHandle) != Ecode_h.end())
{
Ecode_h.erase(FileHandle);
}
}
else if(text.substr(0,3) == "GET" && Ecode_h.find(FileHandle) != Ecode_h.end())
{
Ecode_h.erase(FileHandle);
}
else if(Ecode_h.find(FileHandle) != Ecode_h.end())
{
//修改POST数据
if(Ecode_h[FileHandle] == -1)
{
if(MyConver::is_utf8_code(text)) Ecode_h[FileHandle] = TRUE;
else Ecode_h[FileHandle] = FALSE;
}
if(Ecode_h[FileHandle]) MyConver::UTF8ToGBK(text,text.c_str());
BOOL b = MyHttpSendRequest(FileHandle,text);
if(Ecode_h[FileHandle]) text = MyConver::GBKToUTF8(text);

if(b)
{
int span = PraLenght - text.size();
for (int i = 0; i < span; i++)
{
text += " ";
}

text = text.substr(0,PraLenght);
TRACE(text.c_str());

Ecode_h.erase(FileHandle);
AfdInfo->BufferArray->len = PraLenght;
AfdInfo->BufferArray->buf = (char*)text.c_str();
}
}

__asm
{
push  OutputBufferLength
push  OutputBuffer
push  InputBufferLength
push  InputBuffer
push  IoControlCode
push  IoStatusBlock
push  ApcContext
push  ApcRoutine
push  Event
push  FileHandle
call  s_pfnNtDeviceIoControlFile
mov    stat ,eax
}

AfdInfo->BufferArray->buf = (char*)Buffer;
AfdInfo->BufferArray->len = Len;
return stat;
}
__asm
{
push  OutputBufferLength
push  OutputBuffer
push  InputBufferLength
push  InputBuffer
push  IoControlCode
push  IoStatusBlock
push  ApcContext
push  ApcRoutine
push  Event
push  FileHandle
call  s_pfnNtDeviceIoControlFile
mov    stat ,eax
}
}

return stat ;
}