Originally posted by: Nitin
How can I debug the project in VC++ compiler?
ReplyOriginally posted by: Nitin
Can this be used to hook GDI32.dll?
Originally posted by: Kim Jun-Ho
Hi, I'm studying about API hooking and I think this source is great!!
I tried this on Win2k, it worked fine. But there was some problems on Win98.
I wanna hook some API(like CopyFile, MoveFile, StartDoc etc...) in Windows Explorer(not IE).
So I first tried to hook Explorer process. I edited original ini file as shown below.
[Scope]
UseWindowsHook=Yes
HookAll=No
Hook=Explorer
Protect=MSDEV
[Trace]
Enabled=Yes
When I run HookSvr it seemes ok but any newly launched process crashes.
example) when I double click txt file, notepad crashes while launching. when I double click IE icon, it crashes...
Finally when I close HookSvr from tray, it crashes every running processes so I must reboot my PC.
I think there must be some problem about CreateProcess or something like that, but I can't find it.
Somebody please help me about this.
Thank you.
Originally posted by: Jamie
Does anyone have a VB working version of the hook implementation? I would really appreciate it if someone could either send me or publish a VB example here.
Cheers
Jamie.
ReplyOriginally posted by: Khanh Nguyen
The hookserver crashes if I run it for more than 5 minutes on Win2k. Has anyone experienced this problem before?
Thanks,
Khanh
Originally posted by: Khanh Nguyen
I am trying to use this dll from a vb application. I try to mimic the hook server by calling the InstallHook method in the HookTool dll. And then I try to call the ManageModuleEnlistment. When I do this, I am only able to hook textout calls occuring within my vb application but not in other applications (such as testapp.exe). Any help or pointers will be appreciated!!!
Thanks,
Khanh
Originally posted by: yale zheng
The hook tool.ini:
[Scope]
UseWindowsHook=Yes
HookAll=No
Hook=TestApp
Protect=MSDEV
[Trace]
Enabled=Yes
and when I change the hook tool.ini to
[Scope]
UseWindowsHook=Yes
HookAll=Yes
Hook=TestApp
Protect=MSDEV
[Trace]
Enabled=Yes
My computer shut down when I try to close hooksrv.exe
ReplyOriginally posted by: Khanh Nguyen
Hi,
First I want to say this code was excellent and it pointed me in the correct direction. But here's the problem that I am having...
1. I run the hooksrvr
2. I run the testapp
3. Testapp comes up with the modified text
4. I rerun the testapp - the testapp comes up with the non-modified code.
Any ideas why?
I am trying to adapt this code so that I can scrape labels... Have anyone tried to do this? Is it really possible?
any help on either of these two problems will be greatly appreciated!
thanks,
khanh
Originally posted by: Qfel
My idea: as drivers can modify *all* commited memory, you can use driver to overwrite existing DLL code in memory. So you save first 6 bytes of proc being hooked, then put there jump to your callback. Next, you must do something to map your DLL with hook to calling process address space.. As I see, System Area doesn't have memory protection, so you can write to all commited pages in this range. Nice, but how can it help? It's shared. So you can write your hook code in this area. Just write VxD that uses _PageAllocate and return allocated memory address through DeviceIoControl. Than ring3 app gets Load & Free Library & GetProcAddress functions, generates code that loads main hook DLL, calls it's hook proc and frees it, and finally copies it into system shared buffer.
Sorry for chaotic text - I'm tired:)
Sorry for my English..
It's just theory, if someone tested it please mail me, I haven't time to test it myself.
If someone want to ask me, mail, not add comment, i'm not very often here.
Originally posted by: Nick
It's a great works!
I use this code to intercept text output function, it always succeeds except ExtTextout in "IDA PRO" main window.
Is there anybody could help me.
Thanks!