|
Hi,
You said you have a sample of creating a toolbar for Outlook Express...in VC++. Could you please send it over, as I have a big need of something like that, or at least give me a hint from where to get it. I would be deeply thankful.
Thanks in advance,
Doru K
|
|
|
|
|
do some googling , you found your self filled with tonnes of such type of application & source code
-----------------------------
"I Think this Will Help"
-----------------------------
Alok Gupta
visit me at http://www.thisisalok.tk
|
|
|
|
|
Hi
I wont be of help to you.
But i feel you will help me.
Can you please send me the source code and/or urls that would be helpfull to create the toolbar for the Outlook Express in VC++ as you said you have got some source code regardin' that in VC++.
I need that badly
Thanks.
|
|
|
|
|
How can I cature the text under mouse in RichText or HTML?
|
|
|
|
|
When I close Launcher program hooked process will crash.
because when we destroy dll handle, hooked process can not call hook
functions.
How can we unhook and restore original functions adresses for each
process
( I hooked all process not only notpad.exe because I want to capture
the word under consor for my dictionary program)
Help me,please!
Thank!
minhvc
|
|
|
|
|
We can unHook use HookAPICalls
bool UnHookAPICalls( SDLLHook* Hook )
{
if ( !Hook )
return false;
SFunctionHook* FHook = Hook->Functions;
while ( FHook->Name ){
FHook->HookFn = FHook->OrigFn;
FHook++;
}
return HookAPICalls(Hook, hModule);
}
|
|
|
|
|
From some reason this doesn't work...
Don't believe to what you hear on the news...
|
|
|
|
|
I had some problems with this code, and needed to impletment this unhook feature.
bool ResetIAT( SDLLHook* DLLHook, PIMAGE_IMPORT_DESCRIPTOR pImportDesc, PVOID pBaseLoadAddr )
{
try{
PIMAGE_THUNK_DATA pIAT; // Ptr to import address table
PIMAGE_THUNK_DATA pINT; // Ptr to import names table
PIMAGE_THUNK_DATA pIteratingIAT;
// Figure out which OS platform we're on
OSVERSIONINFO osvi;
osvi.dwOSVersionInfoSize = sizeof(osvi);
GetVersionEx( &osvi );
// If no import names table, we can't redirect this, so bail
if ( pImportDesc->OriginalFirstThunk == 0 )
return false;
pIAT = MakePtr( PIMAGE_THUNK_DATA, pBaseLoadAddr, pImportDesc->FirstThunk );
pINT = MakePtr( PIMAGE_THUNK_DATA, pBaseLoadAddr, pImportDesc->OriginalFirstThunk );
// Count how many entries there are in this IAT. Array is 0 terminated
pIteratingIAT = pIAT;
unsigned cFuncs = 0;
while ( pIteratingIAT->u1.Function )
{
cFuncs++;
pIteratingIAT++;
}
if ( cFuncs == 0 ) // If no imported functions, we're done!
return false;
// These next few lines ensure that we'll be able to modify the IAT,
// which is often in a read-only section in the EXE.
DWORD flOldProtect, flNewProtect, flDontCare;
MEMORY_BASIC_INFORMATION mbi;
// Get the current protection attributes
VirtualQuery( pIAT, &mbi, sizeof(mbi) );
// remove ReadOnly and ExecuteRead attributes, add on ReadWrite flag
flNewProtect = mbi.Protect;
flNewProtect &= ~(PAGE_READONLY | PAGE_EXECUTE_READ);
flNewProtect |= (PAGE_READWRITE);
if ( !VirtualProtect( pIAT, sizeof(PVOID) * cFuncs,
flNewProtect, &flOldProtect) )
{
return false;
}
// If the Default hook is enabled, build an array of redirection stubs in the processes memory.
DLPD_IAT_STUB * pStubs = 0;
if ( DLLHook->UseDefault )
{
// Allocate memory for the redirection stubs. Make one extra stub at the
// end to be a sentinel
pStubs = new DLPD_IAT_STUB[ cFuncs + 1];
if ( !pStubs )
return false;
}
// Scan through the IAT, completing the stubs and redirecting the IAT
// entries to point to the stubs
pIteratingIAT = pIAT;
while ( pIteratingIAT->u1.Function )
{
void* HookFn = 0; // Set to either the SFunctionHook or pStubs.
if ( !IMAGE_SNAP_BY_ORDINAL( pINT->u1.Ordinal ) ) // import by name
{
PIMAGE_IMPORT_BY_NAME pImportName = MakePtr( PIMAGE_IMPORT_BY_NAME, pBaseLoadAddr, pINT->u1.AddressOfData );
// Iterate through the hook functions, searching for this import.
SFunctionHook* FHook = DLLHook->Functions;
while ( FHook->Name )
{
if ( lstrcmpi( FHook->Name, (char*)pImportName->Name ) == 0 )
{
OutputDebugString( "unhooked function: " );
OutputDebugString( (char*)pImportName->Name );
OutputDebugString( "\n" );
// Save the old function in the SFunctionHook structure and get the new one.
if (FHook->OrigFn != pIteratingIAT->u1.Function){
char szBuf[1025];
sprintf( szBuf, "FHook->OrigFn (0x%p) != (0x%p) pIteratingIAT->u1.Function in %s\n", FHook->OrigFn, pIteratingIAT->u1.Function, FHook->Name);
OutputDebugString(szBuf);
} //else
HookFn = FHook->OrigFn;// wheger
break;
}
FHook++;
}
// If the default function is enabled, store the name for the user.
if ( DLLHook->UseDefault )
pStubs->pszNameOrOrdinal = (DWORD)&pImportName->Name;
}
else
{
// If the default function is enabled, store the ordinal for the user.
if ( DLLHook->UseDefault )
pStubs->pszNameOrOrdinal = pINT->u1.Ordinal;
}
// If the default function is enabled, fill in the fields to the stub code.
if ( DLLHook->UseDefault )
{
pStubs->data_call = (DWORD)(PDWORD)DLLHook->DefaultFn
- (DWORD)(PDWORD)&pStubs->instr_JMP;
pStubs->data_JMP = *(PDWORD)pIteratingIAT - (DWORD)(PDWORD)&pStubs->count;
// If it wasn't manually hooked, use the Stub function.
if ( !HookFn )
HookFn = (void*)pStubs;
}
// Replace the IAT function pointer if we have a hook.
if ( HookFn )
{
// Cheez-o hack to see if what we're importing is code or data.
// If it's code, we shouldn't be able to write to it
if ( IsBadWritePtr( (PVOID)pIteratingIAT->u1.Function, 1 ) )
{
pIteratingIAT->u1.Function = (PDWORD)HookFn;
}
else if ( osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS )
{
// Special hack for Win9X, which builds stubs for imported
// functions in system DLLs (Loaded above 2GB). These stubs are
// writeable, so we have to explicitly check for this case
if ( pIteratingIAT->u1.Function > (PDWORD)0x80000000 )
pIteratingIAT->u1.Function = (PDWORD)HookFn;
}
}
if ( DLLHook->UseDefault )
pStubs++; // Advance to next stub
pIteratingIAT++; // Advance to next IAT entry
pINT++; // Advance to next INT entry
}
if ( DLLHook->UseDefault )
pStubs->pszNameOrOrdinal = 0; // Final stub is a sentinel
// Put the page attributes back the way they were.
VirtualProtect( pIAT, sizeof(PVOID) * cFuncs, flOldProtect, &flDontCare);
} catch(...){
OutputDebugString("Exception caught in ResetIAT\n");
throw;
}
return true;
}
// need to reset the pointers back to their old values
bool UnhookAPICalls( SDLLHook* Hook, HMODULE hModule, int iDepth )
{
try{
iDepth++;
if (iDepth>100){
OutputDebugString("Stuck in infinite recursion");
return false;
}
char *fName = new char[100];
GetModuleFileName(hModule, fName, 100);
SETMODULES::iterator it = setModules.find(fName);
if (it==setModules.end())
return false;
setModules.erase( it);
OutputDebugString("unhooking=");
OutputDebugString(fName);
OutputDebugString("\n");
delete[] fName;
if ( !Hook )
return false;
PIMAGE_NT_HEADERS pExeNTHdr = PEHeaderFromHModule( hModule );
if ( !pExeNTHdr )
return false;
DWORD importRVA = pExeNTHdr->OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
if ( !importRVA )
return false;
// Convert imports RVA to a usable pointer
PIMAGE_IMPORT_DESCRIPTOR pImportDesc = MakePtr( PIMAGE_IMPORT_DESCRIPTOR,
hModule, importRVA );
// Save off imports address in a global for later use
g_pFirstImportDesc = pImportDesc;
// Iterate through each import descriptor, and redirect if appropriate
while ( pImportDesc->FirstThunk )
{
PSTR pszImportModuleName = MakePtr( PSTR, hModule, pImportDesc->Name);
for (int iNameIndex=0; iNameIndex<max_dll_number; inameindex++)
="" {
="" char="" *dllname="Hook-">Name[iNameIndex];
if (!dllName)
break;
if ( lstrcmpi( pszImportModuleName, dllName ) == 0 )
{
OutputDebugString( "Restoring " );
OutputDebugString( dllName );
OutputDebugString( "...\n" );
ResetIAT( Hook, pImportDesc, (PVOID)hModule );
break;
}
}
UnhookAPICalls(Hook, GetModuleHandle(pszImportModuleName), iDepth);
pImportDesc++; // Advance to next import descriptor
}
} catch(...){
OutputDebugString("Exception caught in UnhookAPICalls\n");
throw;
}
return true;
}
|
|
|
|
|
not work 
Don't believe to what you hear on the news...
|
|
|
|
|
i have the exact problem this code is unfinished...
has anyone managed to run the fixes offered here?
Don't believe to what you hear on the news...
modified on Sunday, March 30, 2008 12:51 AM
|
|
|
|
|
|
Use GetKeyNameText() function inside the hook procedure.
|
|
|
|
|
I used APIHijack lib to override TextOut funtion to capture text under point
How can I un override it to calls normal TextOut after I catured the text under consor.
|
|
|
|
|
Hi everybody.
Nice work.
I wander if there is a similar way to dicover function params within an encrypted dll.
I understand now that PE dll format hold all information about the functions, but I have dlls without any string information. I saw all functions using deassempler, but I can't see the params.
Thanks in advance.
|
|
|
|
|
Compiling...
apihijack.cpp
c:\temp\3\apihijack.cpp(158) : error C2440: '=' : cannot convert from 'unsigned long' to 'void *'
Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
c:\temp\3\apihijack.cpp(196) : error C2440: '=' : cannot convert from 'unsigned long *' to 'unsigned long'
This conversion requires a reinterpret_cast, a C-style cast or function-style cast
c:\temp\3\apihijack.cpp(203) : error C2446: '>' : no conversion from 'unsigned long *' to 'unsigned long'
This conversion requires a reinterpret_cast, a C-style cast or function-style cast
c:\temp\3\apihijack.cpp(203) : error C2040: '>' : 'unsigned long' differs in levels of indirection from 'unsigned long *'
c:\temp\3\apihijack.cpp(204) : error C2440: '=' : cannot convert from 'unsigned long *' to 'unsigned long'
This conversion requires a reinterpret_cast, a C-style cast or function-style cast
dllmain.cpp
Error executing cl.exe.
TestDLL.dll - 5 error(s), 0 warning(s)
|
|
|
|
|
Hi,
Be sure that another correct codes/programs run correctly under that MS Visual Studio or cl.exe and then try to compile your current program. If no progress comes then compile the project by removing the "debug" folder from the project directory. Or simply create a new project for compiling the code. I hope solution may come. Thanks.
|
|
|
|
|
Hi- I am trying to use APIHijack to hook calls to TextOut. I've looked into the MFC header and DEF (exported function) files, and understand from these that the TextOut method of the DC (device context) classes end up devolving into TextOut GDI calls. I also see that the latter are mapped to either TextOutW or TextOutA calls depending on whether a program is using Unicode or not.
I'm testing against a program in which I spefically call TextOut and can see its results, but I'm new to DLL function hooking. Does anyone know if I have perhaps had the bad luck to need this feature on a call that, for whatever reason, cannot be hooked in this fashion?
Any other thoughts on this problem are welcome!
Thanks in advance-
Bob
|
|
|
|
|
|
I hook successly the functions CopyFileA,OpenFileW. Why can not hook the function bellow?
(the file:dllmain.cpp)
typedef FILE* (WINAPI *fopen_Type)( const char *filename, const char *mode );
FILE* WINAPI Myfopen( const char *filename, const char *mode );
SDLLHook D3DHook =
{
"MSVCRTD.DLL",
false, NULL,
{
{"fopen", Myfopen},
{ NULL, NULL }
}
};
FILE* WINAPI Myfopen( const char *filename, const char *mode )
{
MessageBox(NULL,filename,"fopen",MB_OK);//Already get the message
//fopen_Type *OldFn=(fopen_Type*)D3DHook.Functions[0].OrigFn;
fopen_Type OldFn=(fopen_Type)D3DHook.Functions[0].OrigFn;
return OldFn(filename,mode); //compiler is ok but error in here when hook
}
The problem is the return value of the function "fopen" is pointer. When hooking happen the compiler says:
Debug Error!
Module:
File: i386\chkesp.c
Line:42
The value of ESP was not properly saved across a function call. This is usualy a result of calling a function declared with one calling convention with a function pointer declared with a different calling convertion
How to fix this error?
Do Xuan Huyen
|
|
|
|
|
fopen is not a standard WINAPI call, so that you must call it as like:
typedef FILE* (*fopen_Type)( const char *filename, const char *mode );
FILE* Myfopen( const char *filename, const char *mode );
FILE* Myfopen( const char *filename, const char *mode )
{
MessageBox(NULL,filename,"fopen",MB_OK);//Already get the message
//fopen_Type *OldFn=(fopen_Type*)D3DHook.Functions[0].OrigFn;
fopen_Type OldFn=(fopen_Type)D3DHook.Functions[0].OrigFn;
return OldFn(filename,mode); //compiler is ok but error in here when hook
}
Why are you use Hook Api? Only to trace the exe's call?
Why didn't use this tool "Auto Debug Tool"?
Get this tool now!
Auto Debug for Windows
|
|
|
|
|
This is exactly what I was looking for. I think it's pretty funny the source code shows you were reverse engineering EverQuest though  .
|
|
|
|
|
|
I just downloaded your source code. But i found out that the dll was infected by PWS-Sincom.dll virus. I'm using Network Associates VirusScan.
Andrew Mosqueda
|
|
|
|
|
Neither freeav (www.freeav.com) or HouseCall (housecall.antivirus.com) showed there being a virus in these files for what it's worth.
|
|
|
|
|
Just rename the DLL and the f#%$ stupid antivirus wont see it as one 
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
