|
Cool, Microsoft releases what is essentially a virus toolkit
-Wade
|
|
|
|
|
If you read the readme file, this library essentially does NOT work on Win9x systems!
(I have been trying to figure out a way to capture the text right beneath the mouse cursor, one way to do this without resorting to OCR is (I guess?), install a mouse hook, get the HWND, post a UpdateWindow message to this HWND, and hook the function calls like TextOut, DrawText etc, and grab the text. BUT I just don't know how to hook these functions! Anyone has a better idea of how to grab the text beneath the cursor (on any window)? )
|
|
|
|
|
Thats an awesome idea actually...I never even thought of that...and here this whole time I thought it was impossible...
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
The source (dllmain.cpp) has these prototypes:
// Function pointer types.
typedef HRESULT (WINAPI *DirectDrawCreateEx_Type)( GUID FAR *lpGUID, LPVOID *lplpDD, REFIID iid, IUnknown FAR *pUnkOuter );
// Function prototypes.
HRESULT WINAPI MyDirectDrawCreateEx( GUID FAR * lpGuid, LPVOID *lplpDD, REFIID iid,IUnknown FAR *pUnkOuter );
How do I write these prototype if the original import library used:
extern "C" unsigned char Foo(parameters);
Thanks...
|
|
|
|
|
Check any reference on C function pointers for the information.
typedef unsigned char (*Foo_Type)(parameters);
unsigned char MyFoo(parameters);
-Wade
|
|
|
|
|
1.execute the TestLauncher.exe and bend.exe,then DirectDrawCreateEx will be hooked
2.remove the hook
3.on the File menu of bend.exe,click Change Device and change the device.it cause the bend.exe executing DirectDrawCreateEx().
then an error has occurred.
why?
|
|
|
|
|
That's because when you hit OK to remove the hook, it unloads the DLL, however the IAT in the EXE that is running is still referencing the DLL.
My suggestion for handling this safely would be to have the TestLauncher project run bend.exe as a child process, so that TestLauncher can't exit until bend.exe has.
-Wade
|
|
|
|
|
yes,but i need a global hook.
for example,i want to monitor the registry,i want to know which applications are accessing the registry.so your suggestion may not do that.
can i change IAT to referencing the original?
thanks
|
|
|
|
|
I think you may need a different method for monitoring access to the registry. Have you checked out regmon from www.sysinternals.com, to see how they do it?
-Wade
|
|
|
|
|
Is there a way to hook a non-imported function?
The function IS exported, but when the exe is dissassembled, the function is not being imported. If I write a wrapper for the dll, the function is getting called.
Is there an easy fix?
Wyvern
|
|
|
|
|
I think i got it...
I hooked the LoadLibrary, and went from there...
|
|
|
|
|
Cool, I was hoping someone would succeed w/this. Somebody should update the library to automatically hook LoadLibrary, I can't cause everything I write now is owned by my employer
-Wade
|
|
|
|
|
|
So after you hooked loadlibrary what did you do? All I can think of doing is forcing the program to load my stubbed dll, and the dll can take it from there.
I heard you can change the exports of the loaded dll before passing it on.. But that seems unnessisarily difficult.
PS I'm aware how old this post is, hoping someone else could throw around some ideas.
|
|
|
|
|
Thanks for 'apihijack'
I'd like to Hook a Process before my hooking invoker.
I think that SDLLHook.DefaultFn is the key. But how do i set the value.
ex. Kernel32.dll , CreateProcess
help me, please.
|
|
|
|
|
must i do it in my source?
|
|
|
|
|
It doesn't hook functions that call from
GetProcAddress,it just hooks functions that they
import by caller (explicitly).
|
|
|
|
|
when i use this lib to winword.exe to highjack ExtTextOutA() function ,My function never called. this happend to wordpad too.notepad has no entries of all textout kind functions(4 or 6 functions,such as textouta(w),exttextouta(w)...).what shoud i do to use this lib on all above applications.thanks for any reply
|
|
|
|
|
When you call TextOutA(hDC,nXStart,nYStart,lpString,cbString), your function will be called,but when you call hDC->TextOutA(nXStart,nYStart,lpString,cbString),your function will never be called, I don't know why,either, if you have some good ideas about that, please Mail me, thanks in advance....
|
|
|
|
|
I have not looked in to this subject but might it have anything to do with function overloading?
Nimr0d -- nimr0d@LNDonline.org -- www.LNDonline.org
|
|
|
|
|
Is there a way to intercept calls made by imported DLLs of an APP?
That would be great.
Example:
Test.exe -> Loads -> Test.dll
|.....................|
|.....................|
|.....................V
|............. No intercepted calls
v
intercepted calls
Any help is appreciated =)
|
|
|
|
|
hook LoadLibrary and then hook any dll loaded via LoadLibrary.
|
|
|
|
|
HMODULE WINAPI myLoadLibraryA(LPCSTR lpLibFileName)
{
LoadLibraryA_Type OldFn =
(LoadLibraryA_Type)D3DHook.Functions[my_LoadLibraryA].OrigFn;
strcpy(lib,lpLibFileName);
return OldFn(lpLibFileName);
}
Ok, how should I modify the function above?
|
|
|
|
|
Hello !
I was reading this and it seems i have the same problem !
Did you got any answer ?
Thanks !
|
|
|
|
|
OK, I get a pointer to a DD class, but how do I use it to intercept let's say calls to DDS-> Flip()? Or if I have a pointer for DirectInput how do I use it to intercept GetDeviceData()?
Thanx in advance, Sasha.
|
|
|
|