|
 |
|
|
Hi everyone 
I'm trying to use this library to retrieve text from all kind of windows.
but for some reason i only get only parts of the text.
for example: in notepad i only get the texts in the menu, but not what the user has written.
does anyone knows why?
i hooked these functions:
ExtTextOutW
ExtTextOutA
TextOutW
TextOutA
DrawTextA
DrawTextW
PolyTextOutA
PolyTextOutW
thanks in advance
Roey
Don't believe to what you hear on the news...
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I want to hook the functions HeapAlloc and HeapFree to see if there is a memory problem with my application, but it does not work for me. It worked a few years back, but it seems that Microsoft has released a patch which no longer allows apihijack to work.
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
I want to hook the network functions, but they are not really hooked; "bool RedirectIAT( SDLLHook* DLLHook, PIMAGE_IMPORT_DESCRIPTOR pImportDesc, PVOID pBaseLoadAddr )" is called, but it doesn't hook the dll-functions.
by debugging I found out, that
if(!IMAGE_SNAP_BY_ORDINAL(pINT->u1.Ordinal)) // import by name
is not called, so the function is not imported by name. The "else" case doesn't really do anything, because UseDefault is disabled.
else
{
// If the default function is enabled, store the ordinal for the user.
if ( DLLHook->UseDefault )
pStubs->pszNameOrOrdinal = pINT->u1.Ordinal;
}
SDLLHook WS2Hook =
{
"ws2_32.dll", false, NULL,
{
{ "accept", NEW_accept},
{ "bind", NEW_bind},
{ "connect", NEW_connect},
{ "listen", NEW_listen},
{ "recv", NEW_recv},
{ "recvfrom", NEW_recvfrom},
{ "send", NEW_send},
{ "sendto", NEW_sendto},
{ "WSAAccept", NEW_WSAAccept},
{ "WSAConnect", NEW_WSAConnect},
{ "WSARecv", NEW_WSARecv},
{ "WSARecvFrom", NEW_WSARecvFrom},
{ "WSARecvDisconnect", NEW_WSARecvDisconnect},
{ "WSASend", NEW_WSASend},
{ "WSASendTo", NEW_WSASendTo},
{ "WSASendDisconnect", NEW_WSASendDisconnect},
{ NULL, NULL }
}
};
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
I have a requirement to monitor functions called inside a userdefined DLL.
I coded a win32 DLL and exported a function ("TestFunction") and called LoadLibrary from Dlg based MFC sample
to load the dll dynamically.
I then gave this DLL name as input to Hook structure ,wrote the function pointer and prototype stuff overrides as in the sample in the Hook sample and built the test DLL.
I launched the launchtest app and hooked the dll. But when I execute the MFC sample, i dont see any trace of the function called in the win32 DLL i coded. Why is it so ?
Why only predefined Microsoft DLLs are able to hook and not User Defined ? How else must i link my MFC app to my user defined DLL to get the function hooked..
I place the userdefined win32 DLL in C:\windows\system32 folder.
Plz help me..
-Mahesh
|
| Sign In·View Thread·PermaLink | 2.00/5 (2 votes) |
|
|
|
|
|
|
I need to write an application which will basically monitor function calls in a win32 dll and print the
functions called to debug output. Iam novice to hooking.
Using this article, How can i do it ? can any one give me sample code ?
Thanks in advance..
-Mahesh
|
| Sign In·View Thread·PermaLink | 1.14/5 (4 votes) |
|
|
|
|
|
|
If a program loads an activeX the activeX is not hooked, nor?
and if an program doesn't have an OriginalFirstThunk the function also fails?
So how can I hook functions system wide, so that I get every call of CreateFileA and CreateFileW?
Regards and thanks for your answers
Tobias
either you live or you are consequent
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
TestLauncher.exe and TestDLL.dll
can not hook api DirectDrawCreateEx in bend.exe
why?
APIHijack is outmoded?
Test at WinXP Pro SP2
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi anyone got this to compile cleanly using Visual Studio 2003 ? I'm getting some errors and would appreciate some help.
I've also found a more upto date version of this application on CodeGuru but that also gives errors when using VS 2003.
The API's I'm trying to hook are PrintDlgExA and PrintDlgExW so I require a more upto date environment than VC++ 6.0 and it's header/library files.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Does anyone know how to hook LoadLibraryA. I have tried several times, but it just doesn't work. My hook procedure is not called. The funny thing is that this only applies to KERNEL32.dll functions. I can easily hook any USER32.dll function with my hook procedure being called.
Any ideas?
|
| Sign In·View Thread·PermaLink | 1.67/5 (3 votes) |
|
|
|
|
|
|
|
|
|
I can't figure out how to verify the demo operation. When I start the directx demo and then the launcher program, I get a positive message - as if the hook is activated but I see no change in the demo.
Can someone help please?
Triplebit
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
I can't figure out how to verify the demo operation. When I start the directx demo and then the launcher program, I get a positive message - as if the hook is activated but I see no change in the demo.
Can someone help please?
Menker
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Works like a charm, more than 5 years after the article was published...
Now that has to say something about the quality of this article.
Thank you!
Nick Z.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
Right, I think so. But I don't know when we hooking some proccess of Window system (sample Spooler in Printing system). Do we infringe Window's privacy ?
minhcom
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
thanks too much for this artical, its very helpfull .
plz.. can u tell me how can i hook the windows copy,cat,past operation.
thank u for any think
|
| Sign In·View Thread·PermaLink | 1.67/5 (3 votes) |
|
|
|
|
|
|
is it possiblee to retreive a value of a variable in a process that you hijacked?
1: i hijack a process
2: find a variable by name or type
3: return the variable onfo to the hijack dll
4: free hijack
can that be done??
cheers 
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
Hi,
is there a way to hijack functions of a dll loaded at runtime by the application
via LoadLibrary?
Kalle
|
| Sign In·View Thread·PermaLink | 2.33/5 (3 votes) |
|
|
|
|
|
|
|
|
|
|
|
|
I m hooking Direct3dCreate8() of d3d8.dll. In some cases it is hooked succefully while in other after hooking, hooked function address is somehow replaced with original function address.
// Replace the IAT function pointer if we have a hook.
if ( HookFn )
{
// Cheez-o hack to see if what we're importing is code or data.
// If it's code, we shouldn't be able to write to it
if ( IsBadWritePtr( (PVOID)pIteratingIAT->u1.Function, 1 ) )
{
pIteratingIAT->u1.Function = (PDWORD)HookFn;
}
else if ( osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS )
{
// Special hack for Win9X, which builds stubs for imported
// functions in system DLLs (Loaded above 2GB). These stubs are
// writeable, so we have to explicitly check for this case
if ( pIteratingIAT->u1.Function > (PDWORD)0x80000000 )
pIteratingIAT->u1.Function = (PDWORD)HookFn;
}
}
Here pIteratingIAT->u1.Function = (PDWORD)HookFn;
is succesfully assigned without any exception. but at the end when i recheck the address by
GetProcAddress( GetModuleHandle("d3d8.dll"), "Direct3dCreate8" );
it gives original Function address. Does any body knows abt it?
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
this is because the hooking library is only hooking the IAT and not the dll's EAT.
in plain english this means imported function calls are hooked, but those calls using GetProcAddress are not.
a more complete solution is to modify the loaded dll's Export Address Table function pointer as well.
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
|
|
|
I want to call a function that is in the exe that does the Hook Installation, when certain functions of the windows registry are called. I don't have problems to do that, except that the callback function can't be called from the dll (Access violation writing location 0x00000000). How could I make that work? In case that I can't do it that way, how can I do that??? Thank you.
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
I cannont hijack the function
int WSAAPI connect(...)
can you tell me or send me the source code of the dll modified to hook this funciton
thank you
here is what I wrote:
#define WIN32_LEAN_AND_MEAN
#include
#include
#include
#include "testdll.h"
#include "..\apihijack.h"
#include
// Text buffer for sprintf
char Work[256];
HINSTANCE hDLL;
// Function pointer types.
typedef int (WSAAPI *connect_Type)
(
SOCKET s,
const struct sockaddr FAR * name,
int namelen
);
// Function prototypes.
int WSAAPI Myconnect(
SOCKET s,
const struct sockaddr FAR * name,
int namelen
);
// Hook structure.
enum
{
D3DFN_connect=0
};
SDLLHook D3DHook =
{
"Ws2_32.DLL",
false, NULL, // Default hook disabled, NULL function pointer.
{
{ "connect", Myconnect },
{ NULL, NULL }
}
};
// Hook function.
int WSAAPI Myconnect
(
SOCKET s,
const struct sockaddr FAR * name,
int namelen
)
{
MessageBeep( MB_ICONINFORMATION );
MessageBox(NULL,"safdggsd","",MB_OK|MB_APPLMODAL);
connect_Type OldFn =
(connect_Type)D3DHook.Functions[D3DFN_connect].OrigFn;
return OldFn( s, name, namelen );
}
// CBT Hook-style injection.
BOOL APIENTRY DllMain( HINSTANCE hModule, DWORD fdwReason, LPVOID lpReserved )
{
if ( fdwReason == DLL_PROCESS_ATTACH ) // When initializing....
{
hDLL = hModule;
// We don't need thread notifications for what we're doing. Thus, get
// rid of them, thereby eliminating some of the overhead of this DLL
DisableThreadLibraryCalls( hModule );
// Only hook the APIs if this is the Everquest proess.
HookAPICalls( &D3DHook );
}
return TRUE;
}
// This segment must be defined as SHARED in the .DEF
#pragma data_seg (".HookSection")
// Shared instance for all processes.
HHOOK hHook = NULL;
#pragma data_seg ()
TESTDLL_API LRESULT CALLBACK HookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx( hHook, nCode, wParam, lParam);
}
TESTDLL_API void InstallHook()
{
OutputDebugString( "TESTDLL hook installed.\n" );
hHook = SetWindowsHookEx( WH_CBT, HookProc, hDLL, 0 );
}
TESTDLL_API void RemoveHook()
{
OutputDebugString( "TESTDLL hook removed.\n" );
UnhookWindowsHookEx( hHook );
}
gabby
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Assuming you are using the most common technique of IAT hooking here - since I haven't read this article. You might need to call VirtualProtectEx before your code attempts to write the memory in the target (meaning the remote process/or wherever the IAT(s) you are hooking are)..
Basically what is most likely happening is that in the case which you are attempting the memory protection flags are set to disallow write access (eg: page-gaurd is set, etc.). You should use the VirtualProtect(Ex) immediately
before you perform the write.
Hopefully, that will solve your problem.
Regards,
deejay
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
General 
News 
Question 
Answer 
Joke 
Rant 
Admin