Jump to content

Windows API Hooking, Injecting a DLL


wraithdu
 Share

Recommended Posts

  • Replies 45
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

  • 2 years later...
  • 2 weeks later...

Hi,

Why don't you use <snip>

It solves all the injection staff since you can hook any Windows API (included in Platform SDK) and receive calls in you own process.

Regards,

-P

Edited by Melba23
Advert and link removed
Link to comment
Share on other sites

  • Moderators

Pipaman,

Advertising is not permitted here, sorry. :)

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

  • 1 year later...

Thanks a lot. Really useful. But there seems to be a bug for this method.

It seems if the backup instructions happened to have relative call/jmp opcodes, the application will crash if calling back to those backup instructions. For instance, I hooked user32.dll:DdeGetData(), it crashed as soon as I tried to call the original function. It's working fine If I didn't call the original function.

Is there any idea how to solve this problem?

OK. I use some dirty method in dll to work around this problem. On each call to DdeGetData(), I modify the first 10 byte to the original instructions before calling, and after calling I modify the first 10 byte back to the HOOK instructions. Call VirtualProtect() first before modifying DdeGetData() or applicatoin get crashed. I don't know the performance penalty of this kind of run-time code patching since DdeGetData() may get called frequently.

************

below is the output log while hooking user32.dll:DdeGetData() for reference

-----------------
mnemonic: PUSH
operands: 0xc
instructions: 6a 0c
size: 2
offset: 0
-----------------
mnemonic: PUSH
operands: 0x75e4fc58
instructions: 68 58fce475
size: 5
offset: 2
-----------------
mnemonic: CALL
operands: 0xfffffffffffe6557
instructions: e8 4b65feff
size: 5
offset: 7
-------------
HookAddress: 0x75E4FBCE
HookBak: 0x6A0C6858FCE475E84B65
Bridge: 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
BridgePtr: 0x01F50000
Status after get: 0
Process: 10536
-------------------
remote bridge: 0x6A0C6858FCE475E84B65FEFFFF251200F501DAFBE475000000000000000000000000000000000000000000000000000000000000000000000000000000000000
remote hook: 0xFF25D4FBE475D0105202
Edited by meltice
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...