|
Yes, a DLL written using ApiHijack gets loaded into the address space of every program executed after the Hook is installed, and gets its DllMain function called. You could put a test in DllMain to see if the program is the correct one (see the example code I think) and put up your message box.
-Wade
|
|
|
|
|
Hi, I am trying to hijack the TextOutA without success. According to OutputDebugString, it found the DLL and the function is changed in the IAT table. But MyTextOutA function is never called. Any ideas?
All I did is include your "apihijack.cpp/.h" to my project and changed the hook function name (TextOutA) and dll name (GDI32.DLL) When I ran my app. no beeps.
The main difference between my code and your demo is that I'm not using the Hook stuff. My DLL (a plugin for my app) is already loaded by my application, so I don't see why I need to do the "hook and inject" thingy so that the DLL gets into the process space of my target app.
Bobby
|
|
|
|
|
I have the same problem i tried to hook the CreateProcess API;((
|
|
|
|
|
I am trying to use this code to create an effect
similar to the ICopyHook shell interface, but one
which will also hook files, not just directories.
I have successfully hooked the CopyFileA and
CopyFileW api's. However, when I use 'copy' from
a command line, or from the shell, this api does
not seem to be used. Does anyone know which api
is used in that situation?
ti
|
|
|
|
|
Does this hook calls internal to the DLL, as well as external calls?
It sounds like the hook is implemented by overwriting object code at the function's location in the DLL - in which case, the answer would be yes.
If so, does the change only appear in one processes' copy of the DLL. Or, since only one copy of the DLL actually exists, does this change affect it in all processes?
Tom
|
|
|
|
|
It only hooks functions that are exported by the DLL, since without debug information there is no way to know the name, location or parameters for internal functions..
What it changes is the Import Address Table (IAT), not the object code itself.
-Wad
|
|
|
|
|
Is there a way to extend the RedirectIAT routine to be able
to hook based on an ordinal number (as opposed to an API
name)?
|
|
|
|
|
One of the users has done this, so I'm sure it's possible, however I haven't looked into it myself
|
|
|
|
|
I had to figure this out, too, because the DirectX example
DSSTREAM imports DirectSoundCreate by ordinal.
You need to modify APIHIJACK.CPP and DLLMAIN.CPP
I made the following changes to APIHIJACK.CPP:
if ( !IMAGE_SNAP_BY_ORDINAL( pINT->u1.Ordinal ) ) // import by name
{
...
}
else // added comparison for ordinal
{
SFunctionHook* FHook = DLLHook->Functions;
while ( FHook->Name )
{
if ( (DWORD)FHook->Name == pINT->u1.Ordinal )
{
// Save the old function in the SFunctionHook structure and get the new one.
FHook->OrigFn = pIteratingIAT->u1.Function;
HookFn = FHook->HookFn;
break;
}
FHook++;
}
// If the default function is enabled, store the ordinal for the user.
if ( DLLHook->UseDefault )
pStubs->pszNameOrOrdinal = pINT->u1.Ordinal;
}
and, using DirectSoundCreate() as an example, change DLLMAIN.CPP:
SDLLHook DSHook =
{
"DSOUND.DLL",
false, NULL, // Default hook disabled, NULL function pointer.
{
{ (char*)(0x80000001), MyDirectSoundCreate }, // DirectSoundCreate is ordinal 1
{ NULL, NULL }
}
};
Note that the ordinal 1 should be given as 0x80000001 and not as 0x1.
Hope this helps. -Daniel
|
|
|
|
|
The program works fine, but I have another
problem: I need to store strings as part
of my hook procedure of one of my hooked
api's. However, this does not seem to work.
Is there a limitation of variables in the
global shared area that does not permit
strings, i.e. something like
char buf[100];
?
|
|
|
|
|
I don't recommend using the shared memory area for that. Instead, try creating a memory mapped file or another method of named interprocess communication.
|
|
|
|
|
|
Are you compiling it into a C++ project
|
|
|
|
|
The dll is getting loaded into protected memory I think... For when I try to replace the method calls, it is crashing out for certain dll's. Specifically DirectInput. DirectDraw works just fine. Any suggestions?
Wy
|
|
|
|
|
I have used it for DirectInput w/no problems. Check your hook function to make sure it's correct
|
|
|
|
|
Hi there, great code. I thought you would like
to know that there is a book called 'Programming
Applications for Microsoft Windows' from MS Press
by J.Richter, which has a nother way of doing api
hooking; It is in Chapter 22; Jeffrey calls it
'Dll Injection'. You may want to rewrite this
example in your style, and post it here as 'Lesson 2
|
|
|
|
|
I got a Chinese copy of that, but not all the MessageBox function can be hooked, when I call hWnd->MessageBoxA(...),the hook dosen't work, I don't know why, any help is appreciated....
|
|
|
|
|
It would be very useful if there was a list
of changes that are needed to monitor a different
api with a different argument list in a different
dll. This will make it possible to use this code
without actually understanding it
|
|
|
|
|
It would be very useful if there was a list
of changes that are needed to monitor a different
api with a different argument list in a different
dll. This will make it possible to use this code
without actually understanding it
|
|
|
|
|
Just create a new SDLLHook structure and pass it to HookAPICalls(), it's that simple. Specify the name of the DLL and the function(s) you want to hook in the appropriate members of the structure.
You will of course need the header file/function prototypes for the DLL you are trying to hook so that you can make your own functions with equivalent stack/register usage.
-Wad
|
|
|
|
|
i tried ur method to hook some functions in a test.dll with some function like testfunction, i load this dll at runtime using loadlibrary, but ur method doesnt hook my testfunction function. but same methodworks for standard win32 dlls. plz help me here..
|
|
|
|
|
I think this example does not compile on
win200
|
|
|
|
|
Actually, I developed this under Win2000.
What compiler error are you getting? Perhaps you don't have the DirectX SDK installed.
-Wad
|
|
|
|
|
I have solved the problem. There where about
5 errors due to typing; I have to change your
(DWORD) casts into (unsigned long) and a few
from unsigned long pointer to unsigned long.
I am not sure what is supposed to happen when
the hook in installed, there in no visible
difference with bend.exe. However, I tested on
a different api and a different dll, and it
worked.
p.s. bend.exe doesn't seem to run on win9
|
|
|
|
|
If you look at the hooked DirectDrawCreate, it calls MessageBeep. This causes a sound to play, which tells you that the hook was installed and is working properly.
It's up to you to do something interesting with it.
Is anyone else experiencing the same compiler errors? DWORD is a standard Windows type, it should be available whenever <windows.h> is included. Perhaps I forgot to include a stdafx.h or something.
-Wad
|
|
|
|