ChangMinYang Posted December 29, 2008 Posted December 29, 2008 (edited) expandcollapse popup; Add the hook and save the "handle" to the hook, we need this to change the hook later on global $regptr = DllCallbackRegister( "_ApiHookLog" , "int" , "ptr" ) global $hook = _ApiHookAdd( "Shell32.dll" , "ShellExecuteExW" , $regptr ) ;; Lets try ShellExecute something ShellExecute( FileOpenDialog( "All files", "" , "All files (*.*)" ) ) ; Change back to the original ShellExecute _ApiHookDel( $hook ) Func _ApiHookLog( $ptr ) ; SHELLEXECUTEINFO struct Local $SHELLEXECUTEINFO = DllStructCreate( "dword;ulong;hwnd;ptr;ptr;ptr;ptr;int;ptr;ptr;ptr;ptr;dword;ptr;ptr;" , $ptr ) Local $wstring = DllStructCreate( "wchar[255]" , DllStructGetData( $SHELLEXECUTEINFO , 5 ) ) Local $confirm = MsgBox( 0x1 , "Shellexecute hook" , "AutoIt tried to shellexecute: " & DllStructGetData( $wstring , 1 ) & @CRLF & "Allow this?" ) If $confirm Then ;Referred <= Dim $return[4] = [ $itd , $callBackReg , $orig , $NewProcAddress ] DllStructSetData( $hook[0] , 1 , $hook[2] ) DllCallbackFree( $regptr ) $regptr = DllCallbackRegister( "_ApiHookLog" , "int" , "ptr" ) $hook[1] = $regptr DllStructSetData( $hook[0] , 1 , $hook[3] ) EndIf $wstring = 0 $SHELLEXECUTEINFO = 0 Return 0 EndFunc How to allow/continue 'stopped Api call by hook'? "DllStructSetData( $hook[0] , 1 , $hook[2] )" nothing happened ... Edited December 29, 2008 by GoodMan
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now