|
|
This example shows the hook of GetModuleHandleW in target process(process where you injected your dll). It works only in 32-bit windows.
If you injected your dll into multithreaded process you must synchronize execution of this code with other threads or program sometimes may crash.
<br />
#define BYTES_COUNT 0x05<br />
<br />
BYTE firstBytes[BYTES_COUNT];<br />
void *pfnGetModuleHandle;<br />
HANDLE __stdcall Handler(HANDLE hModule);<br />
<br />
BOOL HookGetModuleHandle()<br />
{<br />
HANDLE hKernel32;<br />
DWORD dwOldProtect;<br />
<br />
hKernel32 = LoadLibrary(_T("kernel32.dll"));<br />
pfnGetModuleHandle = GetProcAddress((HMODULE)hKernel32, "GetModuleHandleW");<br />
<br />
if (hKernel32 == NULL || pfnGetModuleHandle == NULL)<br />
{<br />
return FALSE;<br />
}<br />
<br />
memcpy(&firstBytes, pfnGetModuleHandle, BYTES_COUNT);<br />
<br />
if (!VirtualProtect(pfnGetModuleHandle, BYTES_COUNT, PAGE_READWRITE, &dwOldProtect))<br />
{<br />
return FALSE;<br />
}<br />
<br />
*((BYTE*)pfnGetModuleHandle) = 0xE9;<br />
*((DWORD*)(((BYTE*)pfnGetModuleHandle)+1)) = (DWORD)Handler - (DWORD)pfnGetModuleHandle - BYTES_COUNT;<br />
<br />
if (!VirtualProtect(pfnGetModuleHandle, BYTES_COUNT, dwOldProtect, NULL))<br />
{<br />
return FALSE;<br />
}<br />
<br />
return TRUE;<br />
}<br />
<br />
BOOL UnhookGetModuleHandle()<br />
{<br />
DWORD dwOldProtect;<br />
<br />
if (!VirtualProtect(pfnGetModuleHandle, BYTES_COUNT, PAGE_READWRITE, &dwOldProtect))<br />
{<br />
return FALSE;<br />
}<br />
<br />
memcpy(pfnGetModuleHandle, &firstBytes, BYTES_COUNT);<br />
<br />
if (!VirtualProtect(pfnGetModuleHandle, BYTES_COUNT, dwOldProtect, NULL))<br />
{<br />
return FALSE;<br />
}<br />
<br />
return TRUE;<br />
}<br />
<br />
HANDLE __stdcall Handler(HANDLE hModule)<br />
{<br />
HANDLE returned;<br />
printf("GetModuleHandleW call detected\n");<br />
UnhookGetModuleHandle();<br />
__asm {<br />
push hModule<br />
call pfnGetModuleHandle<br />
mov returned, eax<br />
}<br />
HookGetModuleHandle();<br />
}<br />
|
|
|
|
|
your method and modification the Import Table, which will be highness and safe?
|
|
|
|
|
My method is better to use, because it never fail, except when application detected and removed hook(very very rarely), but it creates additional problems with synchronization in mt applications and it doesn't work on windows other than 32 bit(without modification).
IAT modification is also good method, but this hook wouldn't work if application directly calls functions(call GetProcAddress to retrieve address of function...). Second method fails more offen than first.
Also you can create a dll that debugs process in which it injected by inserting int3 instructions into functions you want to hook. If number of functions to hook =< 4 you can use hardware breakpoints, setting hardware breakpoints do not require any code modifications.
|
|
|
|
|
1.Your method if had some call hooked function may be happen some exception, right?
2.How to do like you say
"Also you can create a dll that debugs process in which it injected by inserting int3 instructions into functions you want to hook. If number of functions to hook =< 4 you can use hardware breakpoints, setting hardware breakpoints do not require any code modifications. "
Some time ago, I download codeproject about use debug process to inject dll, but in win98 all application will happen crash.
|
|
|
|
|
HOW WHAT wrote: 1.Your method if had some call hooked function may be happen some exception, right?
Only when application threads are not synchronized and context of current thread(that now hooking function) is switched to other that calls hooked function.
HOW WHAT wrote: 2. How to do like you say
There is an error in code you just downloaded.
Armadillo protector uses the same technique and it works best on Windows 9x\Me
Give me the URL of this example or send it to my mail - sharebyte gmail com
|
|
|
|
|
Hello all!
Problem: I am using SQL frm within my C++ code.
Can anyone tell me HOW to change a name of a column of a table (for a MS Access 2000 database)?
Using "ALTER TABLE table_name RENAME COLUMN old_name TO new_name" seems not to work because of syntax failure !
Thanks
|
|
|
|
|
What's the exact query you're using?
Jeremy Falcon
|
|
|
|
|
The table is: Cars
The column I want to rename: Colour (of type CHARACTER VARYING(255))
ALTER TABLE Cars RENAME COLUMN Colour TO FormerColour CHARACTER VARYING(255)
Thanks
-- modified at 1:44 Sunday 12th March, 2006
|
|
|
|
|
You don't need the the type of the column to rename it. This should do the job...
ALTER TABLE Cars RENAME COLUMN Colour TO FormerColour;
Also, CHARACTER VARYING is just a synonym for TEXT if you'd rather use that to keep your queries smaller.
Jeremy Falcon
|
|
|
|
|
I've already done that. I still get an sql syntax error. It simply does not work with (my) access 2000. Other idea?
|
|
|
|
|
Did you try running it specifically as a DDL query (under the Query/SQL Specific menu)?
If that still doesn't work, then I'm so glad I don't have to use Access anymore. However, if you must use Access then you could always rename the column using ADOX rather than a SQL statement. Or if all else fails, you could still pull off the same thing by using separate queries like this...
ALTER TABLE Table1 ADD COLUMN New_Col TEXT(255);
UPDATE Table1 SET New_Col = Old_Col;
ALTER TABLE Table1 DROP COLUMN Old_Col;
Jeremy Falcon
|
|
|
|
|
HI,
I want my inputs to be BOLD TEXT.
JOHN,K
|
|
|
|
|
|
I am still laughing, at least I told him not to post that again.
INTP
Every thing is relative...
|
|
|
|
|
Create a bold font, and pass it to edit box's SetFont() method...
|
|
|
|
|
|
Why are you telling me this?
|
|
|
|
|
I whish you where kidding, do not asks questions like this agian.
INTP
Every thing is relative...
|
|
|
|
|
Is there any MFC class for path operation? for example, to replace the API
GetCurrentPath,FindFirstFile functions?
Thanks
|
|
|
|
|
|
|
Hi all,
I want to find out how to achive network address translation in visual C++;
|
|
|
|
|
for the below reasons u need to go for NAT?
Why NAT?
• With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (called IPv6), but will take several years to implement because it requires modification of the entire infrastructure of the Internet.
• Shortage of IP addresses is only one reason to use NAT
• For Security and Administration
• This is where NAT comes to the rescue.
How NAT works?
Network Address Translation allows a single device, such as a router to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers.
JAYARAJ
|
|
|
|
|
Hi,
Can you help me with choosing what version of Microsoft IDE I need to use.
I am using this IDE for development of drivers and GUI wrappers for them, based on MFC library, I'm not planning to use .NET platform, only plain C++, no managed code.
Now when Microsoft announced that Express Edition is free for download I want to try it, but it is very lightweight version of IDE and I don't know is there is any reason to download this IDE? I know that it doesn't have resource editor, mfc library, but compiler is more compatible to ISO standarts. Please help me with choise
Currently I am using VS .NET 2003.
|
|
|
|