|
I think i got it...
I hooked the LoadLibrary, and went from there...
|
|
|
|
|
Cool, I was hoping someone would succeed w/this. Somebody should update the library to automatically hook LoadLibrary, I can't cause everything I write now is owned by my employer
-Wade
|
|
|
|
|
|
So after you hooked loadlibrary what did you do? All I can think of doing is forcing the program to load my stubbed dll, and the dll can take it from there.
I heard you can change the exports of the loaded dll before passing it on.. But that seems unnessisarily difficult.
PS I'm aware how old this post is, hoping someone else could throw around some ideas.
|
|
|
|
|
Thanks for 'apihijack'
I'd like to Hook a Process before my hooking invoker.
I think that SDLLHook.DefaultFn is the key. But how do i set the value.
ex. Kernel32.dll , CreateProcess
help me, please.
|
|
|
|
|
must i do it in my source?
|
|
|
|
|
It doesn't hook functions that call from
GetProcAddress,it just hooks functions that they
import by caller (explicitly).
|
|
|
|
|
when i use this lib to winword.exe to highjack ExtTextOutA() function ,My function never called. this happend to wordpad too.notepad has no entries of all textout kind functions(4 or 6 functions,such as textouta(w),exttextouta(w)...).what shoud i do to use this lib on all above applications.thanks for any reply
|
|
|
|
|
When you call TextOutA(hDC,nXStart,nYStart,lpString,cbString), your function will be called,but when you call hDC->TextOutA(nXStart,nYStart,lpString,cbString),your function will never be called, I don't know why,either, if you have some good ideas about that, please Mail me, thanks in advance....
|
|
|
|
|
I have not looked in to this subject but might it have anything to do with function overloading?
Nimr0d -- nimr0d@LNDonline.org -- www.LNDonline.org
|
|
|
|
|
Is there a way to intercept calls made by imported DLLs of an APP?
That would be great.
Example:
Test.exe -> Loads -> Test.dll
|.....................|
|.....................|
|.....................V
|............. No intercepted calls
v
intercepted calls
Any help is appreciated =)
|
|
|
|
|
hook LoadLibrary and then hook any dll loaded via LoadLibrary.
|
|
|
|
|
HMODULE WINAPI myLoadLibraryA(LPCSTR lpLibFileName)
{
LoadLibraryA_Type OldFn =
(LoadLibraryA_Type)D3DHook.Functions[my_LoadLibraryA].OrigFn;
strcpy(lib,lpLibFileName);
return OldFn(lpLibFileName);
}
Ok, how should I modify the function above?
|
|
|
|
|
Hello !
I was reading this and it seems i have the same problem !
Did you got any answer ?
Thanks !
|
|
|
|
|
OK, I get a pointer to a DD class, but how do I use it to intercept let's say calls to DDS-> Flip()? Or if I have a pointer for DirectInput how do I use it to intercept GetDeviceData()?
Thanx in advance, Sasha.
|
|
|
|
|
Ah, didn't read very first message in thread, sorry.
|
|
|
|
|
Hi,
does a DLL exist for intercept all the modifications that occur in the system like addition of lines and voices in the register of system? Thank you.
|
|
|
|
|
Hi,
I'm tring to hook Direct3D samples in Directx8 SDK(billboard.exe). However, ApiHijack does not work. It's strange because it works with DirectX7 for 6 samples.(hooking ddraw.dll)
Using process viewer, I know the TestDll.dll is loaded into the target process. However, it just bypasses MyCreateDirect3d8(intercepted version of Direct3DCreate8).
I found that d3d8.dll is not in Shared memory.(while ddraw.dll is in it). Is this a problem? Here is the code for hooking Direct3DCreate8. Please help me.
// Function pointer types.
typedef IDirect3D8* (WINAPI *Direct3DCreate8_Type)( UINT SDKVersion );
// Function prototypes.
IDirect3D8* WINAPI MyDirect3DCreate8( UINT SDKVersion );
SDLLHook D3D8Hook =
{
"D3D8.DLL",
false, NULL, // Default hook disabled, NULL function pointer.
{
{ "Direct3DCreate8", MyDirect3DCreate8 },
{ NULL, NULL }
}
};
// Hook function.
IDirect3D8* WINAPI MyDirect3DCreate8( UINT SDKVersion )
{
// Let the world know we're working.
MessageBeep( MB_ICONINFORMATION );
Direct3DCreate8_Type OldFn =
(Direct3DCreate8_Type)D3D8Hook.Functions[0].OrigFn;
return OldFn( SDKVersion );
}
|
|
|
|
|
Is it possible to list the text content of some other apps
with your technic?
I determine the handle of the window with a windowFromPoint
ans the try to post LVM_GETITEM| TVM_GETITEM that leads in system fail.
althought GetSize, GetRoot works it seems that trying to fill LVITEM
| TVITEM is a major pb due to boundary adress reason in process... >;
Am i wrong or is there a way to overcome this pity lack off?
thanks
|
|
|
|
|
merci benoit
(&bonne chance pour ton site)
oliv-m
http://zz1.freesurf.fr
|
|
|
|
|
Thanks Wade - APIHijack is a very useful example no doubt!
However there is a slight flaw in that it doesn't seem to allow me to intercept an API call if it has been called by an importend DLL or a different thread.
I am trying to trap Kernel32's CreateFile - if I write a simple MFC app which calls CreateFile, APIHijack is able to intercept it. However, if I go into modem control panel and click on the diagnostics button (which invariably opens up the modem com port using CreateFile) the call is not intercepted (I believe rundll32.exe is the process I am supposed to be watching out for). It turns out that APIHijack rarely traps CreateFile, I'm not sure whether this is because it can't handle calls made from another thread, or because the calls are made from a DLL which the process is using... whatever the reason, it really does limit the usefullness in this particular scenario
Any insight you could throw on the subject would be really appreciated.
Matthew
|
|
|
|
|
Hi,
Is it possible to hook GetProcAddress from Kernel32 ???
Let's say that if a programm calls GetProcAddress("somefunction"), I want to return address of my function instead of the original function.
Is that possible?
Thanks
Robert
|
|
|
|
|
Hey,
I haven't tried hooking KERNEL32.DLL, I don't know why it wouldn't be possible. Hooking functions using APIHijack will cause GetProcAddress to return a pointer to your function instead of the original function, however, which is what you want.
-Wade
|
|
|
|
|
I just hooked IsDebuggerPresent() to make it always return 0x00000000, and that's in KERNEL32.DLL, so it looks like APIHijack works for KERNEL32, too!
Great program, by the way!
|
|
|
|
|
is it possible to to hook a system wide event , to show a message box every time if a programm is executed ??? (with this tool???)
|
|
|
|