wraithdu Posted June 19, 2010 Author Share Posted June 19, 2010 As I said before, you need to write a DLL to inject into the process to make your data modifications. It sounds like you want to be able to write this code in AutoIt... sorry, not gonna happen. Link to comment Share on other sites More sharing options...
Grayhat Posted June 19, 2010 Share Posted June 19, 2010 I see... i wasn't thinkin' abt write in autoit ;] thanks for answers. c ya Link to comment Share on other sites More sharing options...
oceanwaves Posted January 16, 2013 Share Posted January 16, 2013 Thanks for your code and design, it's very helpful to me. But I compiled them to 64bit version and running on the 64bit Windows 7, the ApiHookExample.exe is crash. I read the code but I think the pointer size is enough for 64bit OS. Link to comment Share on other sites More sharing options...
Pipaman Posted January 29, 2013 Share Posted January 29, 2013 (edited) Hi, Why don't you use <snip> It solves all the injection staff since you can hook any Windows API (included in Platform SDK) and receive calls in you own process. Regards, -P Edited January 29, 2013 by Melba23 Advert and link removed Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted January 29, 2013 Moderators Share Posted January 29, 2013 Pipaman, Advertising is not permitted here, sorry. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
zaqimon Posted August 31, 2014 Share Posted August 31, 2014 (edited) Thanks a lot. Really useful. But there seems to be a bug for this method. It seems if the backup instructions happened to have relative call/jmp opcodes, the application will crash if calling back to those backup instructions. For instance, I hooked user32.dll:DdeGetData(), it crashed as soon as I tried to call the original function. It's working fine If I didn't call the original function. Is there any idea how to solve this problem? OK. I use some dirty method in dll to work around this problem. On each call to DdeGetData(), I modify the first 10 byte to the original instructions before calling, and after calling I modify the first 10 byte back to the HOOK instructions. Call VirtualProtect() first before modifying DdeGetData() or applicatoin get crashed. I don't know the performance penalty of this kind of run-time code patching since DdeGetData() may get called frequently. ************ below is the output log while hooking user32.dll:DdeGetData() for reference ----------------- mnemonic: PUSH operands: 0xc instructions: 6a 0c size: 2 offset: 0 ----------------- mnemonic: PUSH operands: 0x75e4fc58 instructions: 68 58fce475 size: 5 offset: 2 ----------------- mnemonic: CALL operands: 0xfffffffffffe6557 instructions: e8 4b65feff size: 5 offset: 7 ------------- HookAddress: 0x75E4FBCE HookBak: 0x6A0C6858FCE475E84B65 Bridge: 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 BridgePtr: 0x01F50000 Status after get: 0 Process: 10536 ------------------- remote bridge: 0x6A0C6858FCE475E84B65FEFFFF251200F501DAFBE475000000000000000000000000000000000000000000000000000000000000000000000000000000000000 remote hook: 0xFF25D4FBE475D0105202 Edited September 3, 2014 by meltice Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now